Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Chapter 12 Study Outline

advertisement 
Encryption
12
10/31/2003
Chapter 12 Study Outline
I.
Basic Encryption Concepts
A. Encryption
1.
Encryption is the obfuscation of information so as to allow only authorized
users to see it.
2.
Encryption provides three security services:
a)
Confidentiality – Unauthorized individuals cannot access encrypted
information.
b) Integrity – Any changes to information in storage or transit are
identified.
c)
Accountability – Encryption enables the user to authenticate the origin
of information and prevents repudiation of the fact that the information
came from the origin.
B. Attacks against encryption
1.
Encryption systems are attacked in three ways:
a)
Attackers look for weaknesses in algorithms that change plaintext to
ciphertext.
b) Attackers may use brute force methods in which every possible key is
tried on the ciphertext.
c)
Attackers exploit the surrounding system and gain access to the key.
II. Types of Encryption
A. Private key encryption
093-2
1.
It uses the same key to encrypt information as well as decrypt information.
2.
It does not provide authentication.
3.
This type of encryption is fast and easy to implement.
12-1
Encryption
4.
12
10/31/2003
Substitution ciphers.
a)
They operate on plaintext one character at a time.
b) They can be broken by analysis of the frequency of the letters.
5.
One-time pads (OTPs)
a)
OTPs are unbreakable and use a list of random numbers to encode
messages.
b) OTPs can be used only once.
6.
Data encryption standard.
a)
DES is a block cipher that operates on one 64-bit block of plaintext at a
time.
b) It uses a 56-bit key.
c)
The key uses 7 bits of eight 8-but bytes where the eighth bit is used for
parity.
d) The four modes used by DES are:
(1) Electronic code book – The text and the key are combined to
form the ciphertext.
(2) Cipher block chaining – Each block is encrypted as in electronic
code book.
(3) Cipher feedback – This mode uses previously generated
ciphertext as input to DES.
(4) Output feedback – Similar to cipher feedback but uses DES
output and does not chain ciphertext.
7.
Triple DES (TDES)
a)
TDES can be used with either three keys or two keys.
b) It is a fast algorithm as it can be implemented in hardware.
8.
093-2
Password encryption
12-2
Encryption
12
a)
10/31/2003
The users choose the password.
b) The password is transformed into a 56-bit number by taking the first 7
bits of each character.
c)
The system chooses a 12-bit number based on the system time known
as the salt.
9.
The advanced encryption standard: Rijndael.
a)
It is a block cipher that uses 128-, 192-, and 256-bits.
b) The key lengths make brute-force attacks infeasible.
10. Other private key algorithms
a)
The International Data Encryption Algorithm (IDEA) – IDEA uses a
128-bit key and is also used in Pretty Good Privacy (PGP).
b) RC5 – It allows for variable length keys.
c)
Skipjack – It uses an 80-bit key.
d) Blowfish – It allows for variable length keys up to 448 bits.
e)
Twofish – Uses 128-bit blocks and can use 128-, 192-, or 256-bit keys.
f)
CAST-128 – Uses a 128-bit key.
g) GOST – It uses a 256-bit key.
B. Public Key Encryption
1.
It uses a key pair. It uses one key to encrypt the data and another key to
decrypt the data.
2.
The private key is kept secret by the owner while the public key is
published identifying who the owner is.
3.
A single key from another key cannot be computed.
4.
Proper use of public key encryption can provide confidentiality,
authentication, and integrity of information.
093-2
12-3
Encryption
5.
12
10/31/2003
Public key encryption is computationally intensive and slower than the
private key encryption.
6.
Diffie-Hellman Key Exchange
a)
It was developed to solve the problem of key distribution for private
key encryption systems.
b) It cannot be used to encrypt or decrypt information, but is used to
exchange secret keys.
7.
RSA
a)
Riverst-Shamir-Adleman (RSA) can be used for both encryption and
decryption.
b) It is based on the difficulty of factoring large numbers.
8.
Other public key algorithms
a)
Elgamal – The security of the information is based on the difficulty in
calculating discrete logarithms.
b) Digital signature algorithm – It provides authentication and not
confidentiality.
c)
Elliptic curve encryption – They are based on a different hard
mathematical problem than either factoring or discrete logarithms.
III. Digital Signatures
A. A digital signature is a method of authenticating electronic information using
encryption.
B. Information is put through the hash function to create a checksum that is
encrypted with a private key and travels with the information.
C. The checksum verifies whether the information was modified or not.
D. The secure hash function.
1.
The security and usefulness of digital signatures are dependent on the
protection of the user’s private key and a secure hash function.
093-2
12-4
Encryption
12
10/31/2003
2.
A hash function is secure if the function is one-way.
3.
Secure hash functions should create a checksum of at least 128-bits.
4.
The two most common hash functions are MD5 and SHA.
IV. Key Management
A. Key creation
1.
Most encryption systems have a method for users to generate keys. In many
cases, the user chooses the password.
2.
The longer the key, the better the security.
B. Key distribution
1.
Keys must be transported securely to ensure the integrity of the keys.
2.
Once the keys are transmitted, they must be checked on arrival to ensure
they have not been tampered with.
C. Key certification
1.
Certificate authorities (CAs) ensure the integrity of the keys and prevent an
attacker from introducing their own keys.
D. Key protection
1.
Public keys require integrity protection, but not confidentiality protection.
2.
All copies of the private key of a public key system must be protected at all
times.
E. Key revocation
1.
Session keys may only exist for a given session.
2.
Public key pairs are generally certified for one or two years.
3.
In case a key is lost, the owner should inform users that it should not be
used.
4.
For public key encryption system, the owner must post the revocation to all
of the potential key servers.
093-2
12-5
Encryption
12
10/31/2003
V. System Trust
A. There are two primary models that are used for trust. They are:
1.
Hierarchy
a)
The hierarchical trust model is based on a chain of authority.
b) It is complicated and has no real root-level CAs.
2.
The Web
a)
In the Web trust model each user certifies his or her certificate and
passes that certificate off to known associates.
b) The Web model does not include large investment in infrastructure.
c)
093-2
The Web model lacks scalability.
12-6
Related documents
Hwk #11
Hwk #11
VideoCase08:_Security
VideoCase08:_Security
Description
Description
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Word
Word
17.1 Case Study Worksheet1
17.1 Case Study Worksheet1
Download
advertisement