This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Confidentiality EncryptionWho am I dealing with? AuthenticationMessage integrity Message DigestNon-repudiation Digital SignatureThird party evidence of authenticity CertificateTrusted certificate Certification Authorities
Symmetric key encryption system
Same key is used to both encrypt and decrypt data
Examples of encryption systems: DES, 3DES, RC2, RC4, RC5DES: Data Encryption Standard, US Gov 1977, developed at IBM
o Concept introduced in 1976 by Diffie and Hellman
o RSA, the most popular, was invented in 1977 by Rivest, Shamir, and Adleman
o RSA (www.rsa.com) was founded in 1982
o Everyone has a private key and a public keyo Sender uses the receiver’s public key to encrypt
messageo Only receiver’s private key can decrypt messageo Discovering private key kept by one person is
more difficult than discovering shared secret key
Public key encryption system
Each user has 2 keys: what one key encrypts,only the other key in the pair can decrypt.Public key can be sent in the open.Private key is never transmitted or shared.
o Authentication of senderSigner’s public key decrypts digest sent and decrypted digest matches computed digest
o Non-repudiationOnly signer’s private key can encrypt digest that is decrypted by his/her public key and matches the computed digest. Non-repudiation prevents reneging on an agreement by denying a transaction.
o Standard certificate virtually everyone uses.o Includes: serial number, name of individual
or system (X.500 name - e.g., CN=John Smith, OU=Sales,
O=XYZ, C=US), issuer (X.500 name of CA), validity period, public key, cryptographic algorithm used, CA digital signature, etc., plus flexible extensions in Version 3.
o Certificate is signed by the issuer to authenticate the binding between the subject name and the related public key.
o Version 3 standard extensions include subject and issuer attributes, certification policy information, key usage restrictions, e-mail address, DNS name, etc.
o Example of special extensions: account number, postal address, telephone number, photograph (image data), birthday to block users younger than specified age to access certain contents of a Web server, preferred language, etc.