Click here to load reader
Oct 29, 2014
2. 3. Agenda
4. . Cryptography is a framework of methodologies used to ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity. . The need for cryptographic techs was as old as the need to keep the critical info secure , safe and authentic . the techs were invented in different forms that can be compatible with their current age , while the concept was the same . . Cryptography was known anciently as Encryption which means : Hiding the information from unauthorized entities . Various methods were used to adopt this purpose , it could be implemented manually , mechanically or even electronically .
5. .SCYTALE, is an example for a really old tech that was used to cipher (encrypt) information . The concept of operation is so simple . Get a long strip of leather and wind it over a rode like the picture , write the clear data on the leather over the rod and then unwind it .. HELP ME I AM UNDER ATTACK will be"HENTEIDTLAEAPMRCMUAK ,and it totally depends on the diameter of the rode , which is the key to decipher the message. 6. . Nowadays are a bit different , as we are not talking about only encryption when dealing with cryptography , hashing shares the place with encryption to form the whole framework(cryptographic framework) ; hashing role is to ensure the integrity of the message . So , back to the CIA triad , encryption is used to insure the confidentiality, hashing is for ensuring the integrity and a combination of encryption & hashing for ensuring the authenticity of the message sender .. Encryption and Hashing can be considered now as systems that need an input to deliver an output , this system is controlled by a set of mathematical equations which is known as an algorithm. 7. 8.
. As we stated before , Encryption is considered as a component of the cryptographic framework . Its role is to offer the confidentiality axis of the CIA triad . . Recalling the systematic view of any cryptographic component , Encryption needs an input (Clear message & key) to deliver the cipher form (output) , this cipher form to be decrypted (converted to the clear form ) we shall need a key and the same algorithm . 9. . Encryption can be implemented symmetrically or asymmetrically . . If we are using symmetric encryption, then we will encrypt the clear message with one key and decrypt it with the same key ; encryptor and decryptor should have the same key . 10. . On the other hand , for Asymmetric encryption , the sender will use a key to encrypt the message and the receiver will use a different key to decrypt the message , in case we have a bidirectional communication , each pair will use two keys one of them is public for others and a privatekey for himself. 11. Symmetric Encryption . To wrap the concept let us discuss a case for three entities that need to communicate securely using symmetric encryption .. From the figure , we can conclude that we will use 9 different private keys for achieving bidirectional communication between xyz and abc . . We can conclude also that we need to define a way by which we can exchange these private keys in a secure manner between distant entities . . We will recall these two conclusions a bit later . 12. . DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms . . We will go deeply for DESand AESin the Demos section . 13. Asymmetric Encryption . Back to the same case that was assumed when using symmetric encryption.. ABC and XYZ have their public keys distributed over each other , anyone needs to talk to the other will use the others public key to encrypt the traffic and the other will use his own private key to decrypt the traffic , X will use As public key to encrypt clear traffic A will receive the cipher to decrypt it using his own private key . . Less number of keys and simple key distribution . 14. . RSA is the famous asymmetric key encryption algorithm .RonR ivest ## left AdiS hamir ## Middle LeonardA dleman ## Right . RSA operation will be discussed in the Demos section . 15. . Let us now compare them (symmetric and asymmetric) : 1- Symmetric key encryption suffers from scalability issues ; to achieve a secure communication between N points , we will need to generate (N(N-1))/2 different keys . 3- Symmetric key encryption requires out of band secure exchange of keys , because , both the communicating parties needs to know about the keys before proceeding into the communication . 4- Asymmetric key encryption systems are incredibly complex , and that complexity will surely impact the performance . Asymmetric key encryptionis up to 1000 times slower than symmetric key encryption . . Now how can we deal with that problem ?!!! , Diffie and Hellman will answer this question for us . 16. Diffie-hellman
18. 19. Hashing
24. Digital signature
26. Authentication Protocols