1 / 28

System Security: Cryptography Technologies

System Security: Cryptography Technologies. CPE 261403 - Operating Systems http://www.e-cpe.org/moodle. What does the fish mean?. Ichthys. User name / Password. Threat Ex: Wifi Packet Sniffers. Protection with Cryptography. Encryption and Decryption. Symmetric – Uses a shared key

vicki
Download Presentation

System Security: Cryptography Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System Security:Cryptography Technologies CPE 261403 - Operating Systems http://www.e-cpe.org/moodle

  2. What does the fish mean?

  3. Ichthys

  4. User name / Password

  5. Threat Ex: Wifi Packet Sniffers

  6. Protection with Cryptography

  7. Encryption and Decryption • Symmetric – Uses a shared key • Asymmetric – Added security with Public and Private keys

  8. Symmetric Encryption Simple example: Add a constant to the ASCII value I LOVE YOU J MPWF ZPV Key = 1

  9. The EnigmaMachine German Encryption Machine For WWI

  10. Enigma was cracked by the Allies in WWII Some say this helped shortened WWII by two years

  11. Some Examples • Data Encryption Standard (DES) • 56 bit key for every 64 bit value • Advanced Encryption Standard (AES) • 256 bit key for every 128 bit value • RC4 • As used in WEP (Wired Equivalent Privacy) • WPA, WPA2 (Wi-Fi Protected Access) • 256 bit key

  12. Asymmetric Encryption

  13. Algorithm Example Public Key = (kd, N) Private Key = (ke, N) • N = p.q (where p, q are prime numbers) • Pick kd that is < N • Calculate ke where • ke.kd mod (p-1)(q-1) = 1

  14. Example • If p = 7 and q = 13 • N = 7.13 = 91 • Pick Kd = 5 • Find Ke • Ke.5 mod (7-1)(13-1) = 1 • Ke = 29 Public Key = (5, 91) Private Key = (29, 91)

  15. Encrypting and Decrypting • Encrypt message = (input ^ ke ) mod N • Decrypt message = (input ^ kd) mod N • If we want to send the number 69 • Encrypted message = 69 ^ 5 mod 91 = 62 • Decrypted message = 62 ^ 29 mod 91 = 69 • *Note: number must < N

  16. Notes • In reality p and q can be 512 bits each

  17. Case Study:SSL (Secure Socket Layer Protocol)

  18. An Online Bank Example Request Secure Connection (HTTPS) Sends a Public Key Browser Encrypt & Send Login/Password SCB Server Is there a problem with this method? Yes. A fake web site can also send a public key

  19. SSL Certificate Verification Request SSL Sends key + Certificate Verify Browser SCB Server

  20. SSL Protocol Request SSL Sends key + Certificate Verify Encrypt + send user/password Browser SCB Server Ok. Now the client can send secure info to the server. But how can the bank send secure information to the client?

  21. SSL Protocol Request SSL Sends key + Certificate Verify Sends client’s public key Browser SCB Server Data encrypted with client’s public key Do we need to verify the Server’s second response? Yes. But now it is easier.

  22. SSL Protocol Request SSL Sends key + Certificate Verify Sends client’s public key Browser SCB Server Encrypt with server’s private key Data encrypted with client’s public key If the client can de-crypt the data with the server’s public key It verifies that data is sent from the server.

  23. SSL Protocol Encrypt with server’s private key Data encrypted with client’s public key Browser SCB Server Double encryption is too much work. Can we optimize?

  24. SSL Protocol Encrypt with server’s private key Encrypt with the client’s public key Send a new public key Encrypt with the new public key Secure Data Encrypt with the new private key Secure Data Browser with New (pub/pri) keys Server with New (pub/pri) keys Yes. The server can send a new set of keys for future use

  25. Summary Request SSL Sends key + Certificate Verify Sends client’s public key Browser Send new pub key SCB Server Secure Data Secure Data

  26. Encryption is a cat & mouse game • Encryption is becoming more complex (64bits, 128bits, …, 512bits, …, ?) • Relies on Mathematical Models. Can be cracked. • Never fully trust that your data is safe with encryption

More Related