1 / 25

Cryptography and the Web

Cryptography and the Web. Lincoln Stein Whitehead Institute/MIT Center for Genome Research. Cryptography. The art of secret message writing. Creating texts that can only be read by authorized individuals only. Simple Cryptography. Ciphertext. the romans are coming today. Plaintext. Key.

shaquille-charles
Download Presentation

Cryptography and the Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography and the Web Lincoln Stein Whitehead Institute/MIT Center for Genome Research

  2. Cryptography • The art of secret message writing. • Creating texts that can only be read by authorized individuals only.

  3. Simple Cryptography Ciphertext the romans are coming today Plaintext Key

  4. Caesar Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM rotate 13 positions Plaintext THE GOTHS COMETH Key 13 Ciphertext FUR TAFUE PAYRFU

  5. Rotating Key Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCD... plaintext SOUND THE RETREAT key DEADFED ciphertext VSUPC XKG UEWWEX

  6. General Principles • Longer keys make better ciphers • Random keys make better ciphers • Good ciphers produce “random” ciphertext • Best keys are used once and thrown away

  7. 8 Symmetric (Private Key) Cryptography • Examples: DES, RC4, RC5, IDEA, Skipjack • Advantages: fast, ciphertext secure • Disadvantages: must distribute key in advance, key must not be divulged

  8. DES: Data Encryption Standard • Widely published & used - federal standard • Complex series of bit substitutions, permutations and recombinations • Basic DES: 56-bit keys • Crackable in about a day using specialized hardware • Triple DES: effective 112-bit key • Uncrackable by known techniques

  9. 8 8 Asymmetric (Public Key) Cryptography • Examples: RSA, Diffie-Hellman, ElGamal • Advantages: public key widely distributable, does digital signatures • Disadvantages: slow, key distribution

  10. RSA • Algorithm patented by RSA Data Security • Uses special properties of modular arithmetic • C = Pe (mod n) • P = Cd (mod n) • e, d, and n all hundreds of digits long and derived from a pair of large prime numbers • Keys lengths from 512 to 1024 bits

  11. Public Key Encryption: The Frills FrillTechnique Fast encryption/decryption Digital envelopes Authentication of sender Digital signature Verification of message integrity Message digests Safe distribution of public keys Certifying authorities

  12. 8 8 Digital Envelopes

  13. Digital Signatures 8 8

  14. Message Digests

  15. Certifying Authorities

  16. Hierarchy of Trust

  17. 8 Secure, Verifiable Transmission

  18. Public Key Cryptography on the Web • Secure Socket Layer (SSL) • Netscape Communications Corporation • Secure HTTP (SHTTP) • Commerce Net

  19. SSL and SHTTP, similarities • RSA public key cryptography • MD5 message digests • Variety of private key systems • Strong cryptography for use in U.S. • Weakened cryptography for export.

  20. SSL and SHTTP, differences HTTP FTP SHTTP TELNET NNTP Application SSL Transport Internet Network interface Physical Layer

  21. Using SSL

  22. Signed Certificate

  23. Applying for a Server Certificate

  24. Filling out Certificate Request

  25. URLs • SSL Protocol • http://home.netscape.com/newsref/std/SSL.html • SHTTP Protocol • http://www.eit.com/projects/s-http/ • Verisign • http://www.verisign.com/ • RSA Data Security • http://www.rsa.com/

More Related