An Overview of Cryptography Ying Wang-Suorsa Helsinki University of Technology Objectives " " " " To provide you with an introduction to cryptology Some terms and concepts behind basic cryptographic methods Some basic cryptographic algorithms Trust models Cryptography : the art of providing secure communication over insecure channels. / Encode text and provide a method for decoding / Not hide message! Confidentiality : Ensuring that no one can read the message except intended receiver. Authentication : The process of proving one's identity. Integrity : Ensuring the received messages has not been altered in any way from the original. Non-repudiation : A mechanism to prove that the sender really sent this message. Levels of Cryptographic Action – In today's internet, most Syst. are split between application level and transport level. 7 – Application 6 – Presentation 5 – Session S-HTTP 4 – Transport SSL 3 – Network IPSEC 2 – Data Link PPTP 1 – Physical Importance of Cryptography Military applications : command and control Diplomatic applications : information gathering, spy Economic applications : / Information protection / Banking transaction / Authentication and signatures / Modern e-commerce How can the public use cryptography quickly and safely? Importance of Cryptography Modern methods of communication are inherently insecure " " " Internet is very insecure Ethernet networks liable to having sniffers Cable modems pass through other people's homes Pre-computerized Crypto schemes Transposition Ciphers " Reverse pairs of letters / HELLO WORLD EHLL OOWLRD " Remover every second letter and put it at the end / / HELLO WORLD HLOWRDEL OL " Reverse the letters / / HELLO WORLD DLROW OLLEH " Many trickers... / Pre-computerized Crypto schemes Substitution Ciphers ABCDEFGHIJKLMNOPQRSTUVWXYZ BADCFEHGJILKNMPORQTSVUXWZY HELLO WORLD 1 GFKKPXPQKC Types of Cryptographic Algorithms Why Three Encryption Techniques? The answer lies in that each scheme is optimized for some specific applications Trust Models PGP Web of Trust Kerberos Public Key Certificates and Certificate Authorities Kerberos Architecture