400 likes | 828 Views
Cryptography. Chapter 8. Cryptography . Cryptography is the science of keeping information secure in terms of confidentiality and integrity. Cryptography is also referred to as encryption .
E N D
Cryptography Chapter 8
Cryptography • Cryptography is the science of keeping information secure in terms of confidentiality and integrity. • Cryptography is also referred to as encryption. • Encryption is specifically the transformation of unencrypted data (plaintext) into encrypted form (cipher-text). • Decryption is the process of recovering the plaintext message from the cipher-text. • The process used to encrypt the plaintext or decrypt the cipher-text is referred to as cryptography algorithm. • Cryptographic algorithms generally use a key, or multiple keys, in order to encrypt or decrypt the message. Prepared by Saher H. Mohammed
Caesar Cipher • The Caesar cipher involves shifting each letter of the plaintext message by a certain number of letters. • SECURE can be transformed to VHFUHW by using 3 forward shifts. • ROT13 moves each letter 13 places forward. Prepared by Saher H. Mohammed
Modern Cryptographic Mechanisms • Modern cryptographic algorithms can be broadly classified into two types • Symmetric cryptography • Asymmetric cryptography • Each approach has its own pros and cons. • Generally, symmetric cryptography is faster but has some issues with key exchange. Prepared by Saher H. Mohammed
Symmetric Cryptography • Symmetric key cryptography is also called as private key cryptography. • Symmetric key cryptography uses only a single key for both encryption and decryption. • The key is shared between the sender and receiver. • The weakness of symmetric key cryptography lies in the use of one key. If the key is exposed beyond the sender and receiver, it is possible for attacker to intercept the message. • Symmetric key cryptography provides only confidentiality, and not integrity. Prepared by Saher H. Mohammed
Block versus Stream Cipher • Symmetric key cryptography makes use of two types of ciphers: block cipher and stream cipher. • A block cipher takes a predetermined number of bits, known as block, in the plaintext message and encrypts that block. • Blocks are commonly composed of 64 bits, but can be larger or smaller. • Block cipher are slower, but more efficient. They are also very complex to implement on hardware and software. Prepared by Saher H. Mohammed
Block versus Stream Cipher • Block ciphers are also more sensitive to errors in the encryption process. • Block ciphers are used in the situations where the message size is constant or known in advanced. • A stream cipher encrypts each bit in the plaintext message, 1 bit at a time. • Since stream cipher encrypt a single bit at a time, they are slow. • A stream cipher is used when the message size is unknown. • Common example of symmetric key algorithms are DES, 3DES and AES. Prepared by Saher H. Mohammed
Asymmetric Cryptography • Asymmetric cryptography uses two keys; a public key and a private key. • The public key is used to encrypt data sent from the sender to the receiver and is shared with everyone. • The private key are used to decrypt data that arrives at the receiving end and are carefully guarder by the receiver. • Complex mathematical operations are used to create the private and public keys. Prepared by Saher H. Mohammed
Asymmetric Cryptography • The main advantage of asymmetric key cryptography is the loss of the need to distribute the key. • Common example of asymmetric key algorithms are RSA algorithm, ECC and DSS. Prepared by Saher H. Mohammed
Hash Functions • Hash functions are third type of cryptography, also called as keyless cryptography. • Hash functions are also referred to as message digests, they create a large unique and fixed–length hash value (hash). • Hash functions perform one-way encryption. Meaning that once the algorithm is processed, there is no way to take the cipher-text and retrieve the plaintext. • Common examples of hash functions are SHA, MD2, MD4 and MD5. Prepared by Saher H. Mohammed
Digital Signatures • Digital signatures allow us to sign a message in order to enable detection of changes to the message contents. • This ensures that the message was legitimately sent by the expected party. • This also prevents the sender from denying that he or she sent the message, know as non-repudiation. • The sender would generate a hash of the message, then use the private key to encrypt the hash, this is called as digital signature. Digital signature is attached with the message. • The receiver would use the sender’s public key to decrypt the digital signature. Prepared by Saher H. Mohammed
Digital Signatures Sender Receiver Mathematical Hash Function Use public key of the sender to decrypt the digital signature Hash Use private key to encrypt the hash code Digital Signature Original Message + Digital signature Prepared by Saher H. Mohammed
Protecting Data at Rest, In Motion and In Use. • Protecting Data at Rest • Data Security • Physical Security • Protecting Data in Motion • Protecting the data itself • Protecting the connection • Protecting Data in Use • Policies and procedures Prepared by Saher H. Mohammed
Hashing • A hash is a special mathematical function that performs one-way encryption. • One the hashing algorithm is processed, there is no feasible way to take cipher-text and retrieve the plaintext that was used to generate it. • Common use of hashing functions are storing computer passwords and ensuring message integrity. Prepared by Saher H. Mohammed
Hashing • Hashing function can produce a unique value corresponding to the data entered, but the hashing value is also reproducible by everyone else running the same algorithm against the same data. • The hashing algorithm can be attacked with what is called collision attack. Prepared by Saher H. Mohammed
Hashing Hashing Code/ Message Digest/ Message Authentication Code (MAC) Hashing Function/ Hashing Algorithm Plain Text Prepared by Saher H. Mohammed
Hashing Hashing Function/ Hashing Algorithm Hashing Code Plain Text Hashing Function/ Hashing Algorithm Plain Text Hashing Code Prepared by Saher H. Mohammed
Hashing – Collision Attack Plain Text 1 Hashing Function/ Hashing Algorithm Hashing Code Plain Text 2 Prepared by Saher H. Mohammed
SHA Hashing Algorithm • SHA accepts an input of up to 264 bits or less and then compresses the input plain text to a hash of 160 bits. • SHA works in block mode, separating the data into words first, and then grouping the words into blocks. • The words are 32 bit strings converted to hex; grouped together as 16 words. This makes up a 512 bit block. • If the plain text data input to SHA is not a multiple of 512 bits, the message is padded with 0’s and an integer describing the original length of the message. Prepared by Saher H. Mohammed
SHA Hashing Algorithm Original message-plaintext Padding (If required) Message Digest Hashing Function Prepared by Saher H. Mohammed
SHA Hashing Algorithm • SHA is one of the most secure hashing algorithms, with no known successful attacks against it. • The cipher code of 160 bits in SHA is very long compared to other common 128 bit cipher codes. • This added security and resistance to attacks in SHA requires more processing power. Prepared by Saher H. Mohammed
Message Digest (MD) • Message Digest (MD) is the generic version of one of the three algorithms, all designed to create a MD or hash from the data input by using algorithms. • All these algorithms were developed by Ronald L. Rivers of MIT. • Various version of MD algorithms are • MD 2 • MD 4 • MD 5 Prepared by Saher H. Mohammed
MD 2 • MD 2 takes a data input of 16 bytes and produces a hash or MD of 128 bits. • MD 2 is optimized for 8 bit machines. • If the data input is less than16 bytes, then the input is padded. • After padding, a 16 byte checksum is appended to the message. • The message is processed in 16 byte blocks. After the entire message is processed in 16 bytes blocks, a 128 bit message digest or hash is produced. Prepared by Saher H. Mohammed
MD 2 • The success of MD 2 depends on the addition of checksum to the message. • If the checksum is not appended to the original message, then MD 2 is vulnerable to collision attack. Prepared by Saher H. Mohammed
MD 4 • MD 4 is optimized for 32 bit computers. • MD 4 accepts an input of 512 bits or multiple of 512 bits. • If the input is less than 512 bits, extra bits are padded to make the input 512 bits. • After this input block of 512 bits is processed, MD 4 produces a hash or MD of 128 bits. • MD 4 is fast algorithm, but not secure. MD 4 is very vulnerable to collision attacks. Prepared by Saher H. Mohammed
MD 5 • MD 5 is similar to MD 4, but with some addition security. • MD 5 slower, and secure compared to MD 4. • MD 5 accepts an input of 512 bit blocks. • MD 5 produces a 128 bit hash or message digest. Prepared by Saher H. Mohammed
Symmetric Encryption Ciphertext (C) Plaintext (P) E(P,K) D(C,K) Plaintext (P) Secret Key (K) Secret Key (K) Prepared by Saher H. Mohammed
Symmetric Encryption • Symmetric cryptographic algorithms are also called as secret key cryptography. • Symmetric cryptographic algorithms rely on only one key, called as secret key. • Encryption and decryption are carried out with the help of the same key. • Symmetric cryptographic algorithms uses block cipher. • DES, 3DES and AES are some common examples of symmetric cryptographic algorithms Prepared by Saher H. Mohammed
Symmetric Encryption • To accomplish encryption and decryption, most of the secret key algorithms uses two main techniques known as substitution and permutation. • Substitution is simply a mapping of one value to another value. • Permutation is a reordering of the bit positions for each of the inputs. • There techniques are used a number of times in iterations called rounds. • In general, the more rounds there are, the more secure the algorithm. Prepared by Saher H. Mohammed
Symmetric Encryption-DES • DES-Data Encryption Standard. • DES uses a block size of 64 bits; that means it accepts an input of 64 bits and produces an out of 64 bits. • DES uses the key of 56 bits. • The plain text is divided in block size of 64 bits. If the last block is less than 64 bits, extra pits are added. Prepared by Saher H. Mohammed
Symmetric Encryption-DES • DES performs permutation and substitution on each block for 16 times. It works in three stages. • The algorithm accepts plaintext P, and performs initial permutation, IP, on P producing P0.The block is then broken into left and right halves, the left (L0) begin first 32 bits of P0 and the right begin the last 32 bits of P0. • With L0 and R0, 16 rounds are performed until L16and R16are generated. • The inverse permutation IP-1, is applied to L16R16 to produce ciphertextC. Prepared by Saher H. Mohammed
Symmetric Encryption-DES Prepared by Saher H. Mohammed
Symmetric Encryption-DES • The effectiveness of DES depends on some key factors • The secret key must be distributed over a secure channel. • If weak keys are chosen, then the DES is vulnerable to attacks. • If less than 16 rounds of permutations are substitution are used, then DES is vulnerable to attacks. Prepared by Saher H. Mohammed
Symmetric Encryption-AES • AES - Advance Encryption Standard. • AES can have key size of 128, 192, 256 bits. • Based on the size of the key, multiple rounds are performed. • 128 bit key will require 9 rounds • 192 bit key will require 11 rounds • 256 bit key will require 13 rounds • AES requires an input plaintext of 128 bits, and produces a 128 bit block of ciphertext. Prepared by Saher H. Mohammed
Symmetric Encryption-AES • The following 4 steps are performed in every round. • Byte sub: Each byte is replaced by its substitute. • Shift row: Bytes are shifted are arranged. • Mix column: Matrix multiplication is performed based upon the arrangement. • Add round key: This round's sub-key is cored in. Prepared by Saher H. Mohammed