Cryptography – Network Security
Sep 06, 2015
Cryptography Network Security
Security
Passive Attacks- corrupt the content of information
Active Attacks- Interrupt of halt file transfer between both parties
Cryptography- Art of writing secret code that protects data from theft or alteration
Internet Security Holes
Person A
Person B
Active Intruder
Person A
Person B
Passive Eaves Dropper
Active Attack
Passive Attack
Internet Security Holes
Masquerade is a technique in which one entity pretends that is not the orginal entity but a different entityWhy Cryptography
Authentication- proof of identity
- Privacy/confidentiality
- Integrity
- no data alteration
- Non-repudiation
- message was actually send by sender & no one else
Cryptography - Terminologies
IntruderEncryptionDecryptionPlaintextCypher textAlgorithm- mathematical functions
Key- String of digits
Cryptography
Data Encryption Standard (DES)- Private Key (Secret Key difficult to break)
Cryptographic Protocols
Kerberos- network authentication system for insecure networks
IP SecSET ProtocolPGP- File storage applications and Email services
- Supports digital signature and encryption
Cryptographic protocol analyzer tool (CryPA)
Methods of Encryption
Secret Key or Symmetric Key CryptographyPublic key or Asymmetric key cryptographyHash FunctionSecret Key Cryptography
Orginal Message
Encrypted Message
Secret Key
Internet
Encrypted Message
Orginal Message
Encrypt
Decrypt
Secret Key
Example Data Encryption standard
Developed by IBMEncrypts 64 bit data block using a 56 bit keyDraw Backs secret key cryptography
Both has shared secret keyKeep track of all key for all correspondents to avoid duplicationSince both have same key, identity cannot be publishedPublic Key Cryptography
Orginal Message
Encrypted Message
Public Key
Internet
Encrypted Message
Orginal Message
Encrypt
Decrypt
Private Key
(Cipher Text)
Advantages of Public Key Cryptography
Message confidentiality can be provedAuthenticity of the message orginator can be provedEasy to distribute public keyHash Function
Formula that converts a message of a given length into a string of digits called as a message digestCodes and Ciphers
Encryption- encryption algorithm
PGP Encryption- Combination of data compression,public key cryptography,hashing and symmetric key cryptography
- used only once, this is called session key
- Identity Certificate
- Web of trust software
- protect data not only during transit but storage as well
Types of Encryption Systems
Classification of Encryption Systems- Private Key Encryption
- Public Key Encryption (Eg:- Ecommerce)
- Private Key with the sender
- Public key (to many number of consumers)
Encryption Algorithm
RSA Algorithm- Public Key encryption
- use in Outlook,windows,firefox,IBM lotus notes
- Its a freeware
Popular encryption softwares- PGP
- SSL (Secured Socket Layer Banks, (VISA,Master card)
- SET (Secure Electronic Transactions MS)
- DES (IBM)
Public Key encryption system - Example
Hello Alice
Encrypt
6EB69570
08E03CE4
Alices Public Key
Hello Alice
Bob
Decrypt
Alices Private Key
Alice
Regulations of Encryption
http://www.bis.doc.gov/encryption/default.htmBreaking Encryption Schemes
E-Commerce Application
Secure Hypertext Transfer Protocol (S-HTTP)
TCP-Based Application Protocol HTTP, SMTP,NNTP
Secure Socket Layer
Internet Protocol (IP)
Web Security Layers
Working of SSL (SSL Certificate)
Allows Sensitive information to be encrypted during online transactionsAuthenticated info about the owner of the certificateIdentity of the certificate owner is verified by the certificate authority at the same time of issueSSL is required for..
An online storeOnline orders and payment through credit cardsA site that offers login or sign inAnyone processing sensitive data like address,date of birth etcAnyone who values privacy and expects others to trust himVerisign verifies (Authentication)
Owner ship of domain name, that business existsThat business has the authority to apply for the certificateEV SSL Certificate (Verisign extended validation)- Highest kind of authentication
Standard Data Encryption
DES is a block cypher (a form of shared key encryption)National Bureau of standards Federal Information Processing Standard (FIPS) for USNot secure (56 bit key size)Research of cryptographyCryptanalystsTrusted Key Distribution & Verification
Creation,broadcast and storage of keys is known as key management.Private key cryptography is not convenient in providing key managementPublic key cryptography can be used for sender authentication or verification known as Digital SignatureCryptographic Application
Digital signature provide authentication for online transactionsSSL protocol for internet securityPGP security standard for EmailProvide Network securitySteganography (a method of hiding messages in innocent artifacts)Issuing Digital CertificateBiometric SystemDigital Signature
Used for authenticating E-commerce business transactionsTwo parts- Signer Authentication
- Document Authentication
- sender cannot remove content after signing it
- Receiver cannot make any changes in the message
Digital Signature
Hash Function: Formula that converts message of a given length into string of digits called a message digestDigital Signatures working
Sender generates a messageSender creates a message digest using hashSender attaches Digital Signature to end of the messageSender encrypts both messages and signatures with receivers public keyReceiver decrypts entire message with own private keyReceiver calculates the message digest using the hash functionValidity of Digital Signature
Digital Time Stamping Service (DTS)Certificates Authority (CA)Digital Certificate- Certificate holders name,organization and address
- name of certificate authority
- Public key of the holders for cryptographic use
- Time limit (six months to 1 year)
- Digital Certificate Identification Number
Non-Repudiation and Message Integrity
User and recipient cannot dispute the contents once sent.Message Integrity : - important to validate the authenticity of the credentials to be sure of their orginalityNRO (Non-repudation of Origin)NRR (Non-repudiation of receipt)