Top Banner

Click here to load reader

Cryptography. Terminology Algorithm Mathematical rules used for encryption and decryption Mathematical rules used for encryption and decryptionCiphertext

Dec 19, 2015

ReportDownload

Documents

  • Slide 1
  • Cryptography
  • Slide 2
  • Terminology Algorithm Mathematical rules used for encryption and decryption Mathematical rules used for encryption and decryptionCiphertext Data in encrypted format Data in encrypted format Plaintext or cleartext Data in readable format Data in readable formatNonrepudiation Sender cannot deny sending the message, receiver cannot deny receiving it Sender cannot deny sending the message, receiver cannot deny receiving it
  • Slide 3
  • Cryptosystem Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext Cryptanalysis Hardware or software implementation of cryptography that transforms a message to ciphertext and back to plaintext Cryptanalysis Practice of obtaining plaintext from ciphertext without a key Practice of obtaining plaintext from ciphertext without a keyEncipher Act of converting plaintext to ciphertext Act of converting plaintext to ciphertextDecipher Act of converting ciphertext to plaintext Act of converting ciphertext to plaintext
  • Slide 4
  • Key Sequence of bits and instructions that governs the act of encryption and decryption Sequence of bits and instructions that governs the act of encryption and decryption Key Clustering Instance when two different keys generate the same ciphertext from the same plaintext Instance when two different keys generate the same ciphertext from the same plaintextKeyspace Possible values used to construct keys Possible values used to construct keys Work factor Estimated time, effort, and resources necessary to break a cryptosystem Estimated time, effort, and resources necessary to break a cryptosystem
  • Slide 5
  • Strength of Cryptosystems Strength refers to the work factor to break an encryption algorithm or key Strength increases by: Using a large keyspace Using a large keyspace Using a large key length Using a large key length Making sure the key is not predictable (truly random) Making sure the key is not predictable (truly random) Using a mathematically thorough and complex algorithm Using a mathematically thorough and complex algorithm
  • Slide 6
  • Cipher Types Substitution cipher Replaces bit, bytes, or blocks of characters with different values Replaces bit, bytes, or blocks of characters with different values Transposition cipher Rearranges bits, bytes, or blocks of characters Rearranges bits, bytes, or blocks of characters Both are vulnerable to frequency analysis Certain words occur more frequently than others (the, a, and) so there will be patterns in the ciphertext Certain words occur more frequently than others (the, a, and) so there will be patterns in the ciphertext
  • Slide 7
  • Concealment cipher Ciphertext is hidden in another message or file Ciphertext is hidden in another message or file Steganography Steganography Act of hiding messages in graphic images Least significant bit in each byte is replaced with message without degrading the image enough to be detected Messages can also be hidden in sound files and in media slack space, free space, or clusters marked bad Messages can also be hidden in sound files and in media slack space, free space, or clusters marked bad
  • Slide 8
  • U.S. Government & Crypto National Security Agency (NSA) conducts research and regulates encryption algorithms NSA funded research has yielded most of the encryption techniques we use today NSA supports key escrows, where private key is held by a separate entity and available to law enforcement Fair cryptosystems go one step further and break the private key into 2 or more pieces that are held by multiple entities Fair cryptosystems go one step further and break the private key into 2 or more pieces that are held by multiple entities
  • Slide 9
  • Encryption Methods Symmetric cryptography Both parties use the same secret key for encryption and decryption Both parties use the same secret key for encryption and decryption Strengths Strengths Very fast Hard to break with large key size Weaknesses Weaknesses Secure exchange of secret keys is difficult Difficulty of managing many keys limits scalability Provides confidentiality, but not authenticity or nonrepudiation
  • Slide 10
  • Asymmetric cryptography Message is encrypted using one key and decrypted using a different key (one way function) Message is encrypted using one key and decrypted using a different key (one way function) Used in public key cryptography, one key held by a person is called the private key, one widely known key is called the public key Used in public key cryptography, one key held by a person is called the private key, one widely known key is called the public key Can insure confidentiality Can insure confidentiality Sender encrypts message using receivers public key (Secure Message Format) Can provide authentication (digital signature) Can provide authentication (digital signature) Sender encrypts message using their own private key (Open Message Format) Can provide confidentiality and authentication Can provide confidentiality and authentication Sender encrypts message using their own private key then encrypts the ciphertext using the receivers public key (Secure and Signed Format) Weaknesses Weaknesses Much slower than symmetrical systems
  • Slide 11
  • Symmetric Cipher Types Block cipher Message is divided into blocks of bits Message is divided into blocks of bits Blocks go through mathematical substitution and/or transposition algorithms Blocks go through mathematical substitution and/or transposition algorithms Stream cipher Each bit or byte is transformed individually using keystream data Each bit or byte is transformed individually using keystream data The same plaintext bit or byte will yield a different cyphertext bit or byte The same plaintext bit or byte will yield a different cyphertext bit or byte
  • Slide 12
  • Symmetric Cryptosystems Data Encryption Standard (DES) 56-bit key 56-bit key Considered weak Considered weak Triple-DES (3DES) 168-bit key 168-bit key 2 56 time stronger than DES 2 56 time stronger than DESModes Electronic Code Book (ECB) Mode Electronic Code Book (ECB) Mode Block cipher method where a given plaintext block will always yield the same ciphertext Incorporates padding to make sure blocks are of a specific size Cipher Block Chaining (CBC) Mode Cipher Block Chaining (CBC) Mode Block cipher method algorithm utilizes a value from the previous block so that different ciphertext is produced for an identical plaintext block Cipher Feedback (CFB) Mode Cipher Feedback (CFB) Mode Block cipher where previous data block is combined with the next block Output Feedback (OFB) Mode Output Feedback (OFB) Mode Similar to CFB mode except It is working as a stream cipher
  • Slide 13
  • Advanced Encryption Standard (AES) NSA replacement for 3DES to protect sensitive unclassified data NSA replacement for 3DES to protect sensitive unclassified data Rijndael Algorithm (developed by Daemon & Rijmen) Rijndael Algorithm (developed by Daemon & Rijmen) 128-bit, 192-bit, 256-bit keys 128-bit, 192-bit, 256-bit keys International Data Encryption Algorithm (IDEA) 128-bit key 128-bit key Similar to DES but much stronger Similar to DES but much stronger Not an open standard (costs $ to use) Not an open standard (costs $ to use)Blowfish Variable key length to 448-bit Variable key length to 448-bitRC5 Variable key length to 2048-bit Variable key length to 2048-bit
  • Slide 14
  • Asymmetric Cryptosystems RSA Most popular asymmetric system Most popular asymmetric system Used in SSL and PGP Used in SSL and PGP El Gamal Elliptical Curve Cryptosystem (ECC) Similar to RSA, but takes less computing power for encryption Similar to RSA, but takes less computing power for encryption
  • Slide 15
  • Hybrid Cryptosystem - PKI Public Key Infrastructure (PKI) All crypto components necessary to support confidentiality, nonrepudiation, and integrity among dispersed groups of users All crypto components necessary to support confidentiality, nonrepudiation, and integrity among dispersed groups of users Defined by the X.509 ISO Standard Defined by the X.509 ISO Standard SSL uses PKI SSL uses PKI Random session key is created by sender (by browser in SSL protocol) Sender encrypts message with session key (with SSL, session key will be used to encrypt all traffic between the server and the browser) Sender encrypts session key with receivers public key Public key is provided to sender by a trusted Certificate Authority (CA) The CA has verified the identity of the key holder and has bound an identifying certificate to the key The CA has verified the identity of the key holder and has bound an identifying certificate to the key Sender transmits message ciphertext and session key ciphertext Receiver decrypts session key ciphertext using private key (nonrepudiation, integrity) Receiver decrypts message using session key (confidentiality)
  • Slide 16
  • Hashes Known one-way function that takes a variable length string and creates a fixed length hash value Identical string yields exactly the same hash value No other string will yield an identical hash value Hash value is also called a message digest Used to create a fingerprint of a message or file MD2, MD4, MD5 128-bit hash value 128-bit hash value Secure Hash Algorithm (SHA) 160-bit hash value 160-bit hash value
  • Slide 17
  • Digital Signatures An encrypted hash value Message has a one-way hash run on it Hash value is encrypted using senders private key Message and encrypted hash value