1 / 41

SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview

King Fahd University of Petroleum & Minerals College of Computer Science & Engineering. SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview. Cryptography Definition. Comes from Greek word meaning “secret writing”

merilyn
Download Presentation

SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. King Fahd University of Petroleum & Minerals College of Computer Science & Engineering SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview

  2. Cryptography Definition • Comes from Greek word meaning “secret writing” • It refers to the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized users cannot access it

  3. Goals of Cryptography Secure communication

  4. Goals of Cryptography Secure storage

  5. Services Provided by Cryptography

  6. Cryptography Components

  7. Terminology • Plaintext:Original unencrypted information. • Ciphertext: The information after being encrypted by an encryption algorithm. • Encryption: Producing ciphertext from plaintext using cryptosystem (also called encipherment). • Decryption: Reverse process of encryption (also called decipherment). • Algorithm:Process of encrypting and decrypting information based on a mathematical procedure .

  8. Terminology Key: Value used by an algorithm to encrypt or decrypt a message, and should only be known by sender/receiver. Cipher: Encryption or decryption algorithm tool used to create encrypted or decrypted a text.

  9. Categories of Cryptography

  10. Symmetric-Key Cryptography

  11. Symmetric-Key Cryptography In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.

  12. Modes of operation* Figure 8.1 Modes of operation * See: Forouzan, Chapter 8

  13. Electronic Code Book (ECB) Figure 8.2 Electronic codebook (ECB) mode

  14. Cipher Block Chaining (CBC) Figure 8.3 Cipher block chaining (CBC) mode

  15. Cipher Feedback (CFB) Figure 8.4 Encryption in cipher feedback (CFB) mode

  16. CFB as a Stream Cipher Figure 8.5 Cipher feedback (CFB) mode as a stream cipher

  17. Output Feedback (OFB) Each bit in the ciphertext is independent of the previous bit or bits. This avoids error propagation. Figure 8.6 Encryption in output feedback (OFB) mode

  18. OFB as a Stream Cipher Figure 8.7 Output feedback (OFB) mode as a stream cipher

  19. Counter (CTR) In the counter (CTR) mode, there is no feedback. The pseudorandomness in the key stream is achieved using a counter. Figure 8.8 Encryption in counter (CTR) mode

  20. CTR mode as a stream cipher Figure 8.9 Counter (CTR) mode as a stream cipher

  21. Modern Symmetric-key Ciphers • Symmetric-key: A shared secret key is used for both encryption and decryption. • Block Ciphers: • Each block of data is encrypted at once • Examples: DES, AES • Stream Ciphers: • Small unit of data (bit, byte, character) is encrypted individually. • Examples: RC4, A5/1

  22. Data Encryption Standard (DES) • DES: was published by NIST in 1975 • Block size: 64 bits • Key size: 56 bits • Phase-out: NIST adopted 3DES in 1999 • Encryption and decryption with DES:

  23. Advanced Encryption Standard (AES) • AES: adopted by NIST in 2001 to replace 3DES. • Block size: 128 bits • Key sizes: 128/192/256 bits • AES Security: • More secure than DES and 3DES due to larger blocks and keys. • Most of the known attacks on DES were already tested on AES. • AES Implementation: • Can be implemented in software, hardware, and firmware. • Implementation can use table lookup process or routines. • Simplicity and Cost: • AES is design to run efficiently on an 8-bit processor.

  24. Symmetric Vs Asymmetric Cryptography

  25. Asymmetric-Key Cryptography • Asymmetric key cryptosystem: • Uses two separate keys: • Public: for encryption (receiver’s public key) • Private: for decryption (receiver’s private key). • Examples: • RSA • ElGamal • Rabin

  26. Asymmetric-Key Cryptography

  27. Keys Used in Crcyptography

  28. Kerckhoff’s principle • Based on Kerckhoff’s principle, one should always assume that the adversary knows the encryption/decryption algorithm. The resistance of the cipher to attack must be based only on the secrecy of the key. • Claude Shannon (father of Information Theory) reformulated the principle simply: The enemy knows the system • This to contrast to: Security through obscurity

  29. Cryptanalysis As cryptography is the science and art of creating secret codes, cryptanalysisis the science and art of breaking those codes.

  30. Cryptanalysis: Ciphertext-Only Attack • The attacker has only a ciphertext

  31. Cryptanalysis: Known-Plaintext Attack • The attacker has access to a plaintext/ciphertext pair, in addition to the intercepted ciphertext.

  32. Cryptanalysis: Chosen-Plaintext Attack • The attacker chooses the pair plaintext/ciphertext

  33. Cryptanalysis: Chosen-Ciphertext Attack • The attacker chooses the ciphertext and decrypts it.

  34. The Need for Integrity The cryptography systems that we have studied so far provide secrecy, or confidentiality, but not integrity. However, there are occasions where we may not even need secrecy but instead must have integrity. See: Forouzan Chapter 11

  35. Document and Fingerprint One way to preserve the integrity of a document is through the use of a fingerprint. If Alice needs to be sure that the contents of her document will not be changed, she can put her fingerprint at the bottom of the document.

  36. Message and Message Digest The electronic equivalent of the document and fingerprint pair is the message and digest pair.

  37. Checking Integrity

  38. Cryptographic Hash Function • A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string. • The data to be encoded is often called the "message," and the hash value is sometimes called the message digest or simply digest. • The ideal cryptographic hash function has four main or significant properties: • it is easy (but not necessarily quick) to compute the hash value for any given message • it is infeasible to generate a message that has a given hash • it is infeasible to modify a message without changing the hash • it is infeasible to find two different messages with the same hash

  39. Cryptographic Hash Function

  40. Summary • How to guarantee each combination of the following: • Confidentiality • Authentication • Integrity • Non-Repudiation

  41. The end Reading: Forouzan Chapters: 3, 6, 7, 8, 10, and 11

More Related