Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Encryption

advertisement 
Security through Encryption
James P. Skon
1
Encryption
2
Overview
•
•
•
•
•
History
What is encryption/decryption?
Symmetrical encryption
Public-key encryption
Current encryption standards
Encryption
3
Caesar cipher
Encryption
4
German Enigma
Encryption
5
Cryptography
• Is
– A tremendous tool
– The basis for many security mechanisms
• Is not
–
–
–
–
The solution to all security problems
Reliable unless implemented properly
Reliable unless used properly
Something you should try to invent yourself unless
• you spend a lot of time becoming an expert
• you subject your design to outside review
Encryption
6
Basic Cryptographic Concepts
• Encryption scheme:
– functions to encrypt, decrypt data
• Symmetric encryption
– Block, stream ciphers, same key for both sides
• Hash function, MAC
– Map any input to short hash; ideally, no collisions
– MAC (keyed hash) used for message integrity
• Public-key cryptography
– PK encryption: public key does not reveal key-1
– Signatures: sign data, Encryption
verify signature
7
Unsecure message
Dear Sally,
The secret ...
ah-ha!!
Encryption
8
network transactions
• Assume attackers can control the network
• We will talk about how they do this later
• Attackers can intercept packets, tamper with
or suppress them, and inject arbitrary
packets
Encryption
9
Encryption
Ad44fgt6&55tgt
Dear Sally,
Encryption
Algorithm
Ee8e0w8e*
WEdlGlr98&
d(D9ED- ….
The secret ...
Encryption
10
Decryption
Ad44fgt6&55tgt
Ee8e0w8e*
WEdlGlr98&
d(D9ED- ….
Decryption
Algorithm
Encryption
Dear Sally,
The secret ...
11
Secure Message
Ee8e0w8e*WEdl
Glr98&d(D9ED
fssdfsdf sfd sd-
Dear Sally,
Dear Sally,
The secret ...
The secret ...
?????
Encryption
12
Encryption
Source
Destination
insecure
key
Plaintext
Algorithm
Encrypted
message
Algorithm
Plaintext
key
Encryption
13
Cryptanalysis
• breaking the code with brute force
computation attack
• Types
–
–
–
–
–
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Adaptive-chosen-plaintext attack
Others...
Encryption
14
Symmetric Key Encryption
• Both parties must have the same key
• Often encryption and decryption done by
the exact same algorithm
• Typically the algorithm is publicly known
(only the key is secret)
• Called the “secret key” method, since
secrecy of key is essential
Encryption
15
One-time pad
Method
• Each character from the
plaintext is encrypted by a
modular addition with a
character from a secret
random key (or pad) of the
same length as the plaintex
• Key must be length of
message
• Must be random, never
reused
Encryption
16
One Time Pad
• Method
– Message: "THE BRITISH ARE COMING”
– Key: DKJFOISJOGIJPAPDIGN
ABCDEFGHIJK L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
– Encryption
(T(19)+D(03)=22) MOD 26 = 22 = W
(H(07)+K(10)=17) MOD 26 = 17 = R
(E(04)+J(09)=13) MOD 26 = 13 = N
(B(01)+F(05)=06) MOD 26 = 06 = G
Encryption
(R(17)+O(14)=31) MOD
26 = 05 = F
17
One Time Pad
THEBRITISHARECOMING
DKJFOISJOGIJPAPDIGN
Result: WRNGFQLRGNIATCDPQTT
– Decryption
(W(22)-D(03)= 19 +26) MOD 26 = 19 = T
(R(17)-K(10)= 07 +26) MOD 26 = 07 = H
(N(13)-J(09)= 04 +26) MOD 26 = 04 = E
(G(06)-F(05)= 01 +26) MOD 26 = 01 = B
(F(05)-O(14)=-09 +26) MOD 26 = 17 = R
Encryption
18
Stream ciphers
• Generate a long key with a pseudo random
number generator.
Encryption
19
Block Cipher
• DES, AES
• Build a key for each block from the start
key, and the previous block
Encryption
20
Strong Symmetric Key
Encryption
• Weak encryption is vulnerable to
cryptanalysis
• Strong encryption is an algorithm for which
cryptanalysis is intractable (possible, but
takes too long)
• Strength of an algorithm is related to key
length (algorithm complexity)
Encryption
21
Symmetric Key Encryption Algorithms
• DES (Data Encryption Standard)
– 56-bit key
– Adopted in 1977 by the National Bureau of
Standards.
– Originally proposed key length of 128-bits.
– Powerful computers can now break DES.
– Double and Triple DES - use two or three keys
for greater safety
Encryption
22
Major Systems
• Data Encryption Standard (DES) 1978
– 56-bit keys
– very hard to break a key
• requires 255 steps on average
– never been broken in genera, but can be broken
for a specific key given enough CPU power.
– Usually implemented in hardware
Encryption
23
Major Systems
• Advanced Encryption Standard
– adopted by the U.S. government and is now
used worldwide
– Algorithm well known, generally trusted
– Attacks: Brute Force Cryptoanalysis
– In 2011 a key-recovery attack created which is
about 4 times faster then brute force.
Encryption
24
Symmetric Key Problems
• How do we safely exchange keys?
• How do we authenticate the source (I.e.
who really sent this message)
Encryption
25
Encryption
• secret-key
– Sender and receiver must have an identical key
– Key is used for both encryption and decryption
– Problems:
• Secret keys must be exchanged in private.
• Each side must trust each other with their secret key.
• Called the key management problem.
Encryption
26
Encryption
• public-key
– Solution to key management problem.
– Each persons has a pair of keys, a public key
and a private key
– Public key is published in trusted directory
– Private key known only to owner.
Encryption
27
Encryption
• public-key
– Anyone can use public key to encrypt data to
be sent to the owner of the public key.
– ONLY the owner of the private key can
decrypt the message.
– Thus security is assured across unsecure media.
Encryption
28
Public-key Encryption
Source
Destination
insecure
Private key
Plaintext
Algorithm
Encrypted
message
Algorithm
Plaintext
Public key
Encryption
29
Authentication
• process whereby the receiver of a digital
message can be confident of the identity of
– the sender or
– the integrity of the message
Encryption
30
Authentication
• Public-key Encryption provides concept of
digital signature
• General operation: Bob sends to Mary
Mary’s
Public key
Message
Bob’s
Private key
Mary’s
Private key
encryption
algorithm
function
encrypted
message
decryption
algorithm
Bob’s
Public key
Digital
signature
Encryption
function
Message
A mathematical
relationship that
will hold ONLY if
Bob’s private key
was used.
31
Advantages of Public Key
Systems
• Private keys need not be transmitted
• Digital signature possible
• Messages can be proven authentic to a third
party (such as judge) allowing for legal
agreements via network
Encryption
32
Disadvantages of Public Key
Systems
• Speed
– symmetrical (secret) key algorithms much,
much faster
– Public key very computationally intensive
Encryption
33
Disadvantages of Public Key
Systems
• Solution to speed problem:
– For a transfer, generate a random session key
– Send the session key using a public key method
– Use the session key with a symmetrical key
algorithm for actual data transfer.
Encryption
34
Crypto Policy Perspectives
• Issues
– Law Enforcement
– National Security
– Right to Privacy
Encryption
35
Related documents
2_23
2_23
Mobile device
Mobile device
Data Encryption with SQL Server
Data Encryption with SQL Server
Document
Document
ppt - Dave Reed
ppt - Dave Reed
Proposal presentation slides
Proposal presentation slides
DB security
DB security
Download
advertisement