Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

cis0-cyptography-mini

advertisement 
CIS0
Cryptography – “Scrambling Information”
Background
Summary: The objective of cryptography is to scramble a message
(also called plaintext) so that only the intended recipient is able to
recover the original plaintext. As illustrated in Figure 1, Bob (the
sender) wishes to send a secret message to Alice (the recipient). He
encrypts the plaintext using an encryption algorithm. The encryption
process scrambles the plaintext to produce what is known as
ciphertext. Alice recovers the plaintext using the process of
decryption. The encryption/decryption algorithm is usually not secret.
What makes the ciphertext difficult to decipher is the use of one or more keys
in the encryption/decryption process. In private key (or symmetric)
encryption, one key is used and is known only to Bob and Alice. In public
key (or asymmetric) encryption both Bob and Alice own a pair of unique
keys. The pair consists of a private key and a public key. The public key is
known by the public, but only Bob and Alice know their respective private
keys. Figure 1 shows public key encryption.
Figure 1
Description: The word cryptography is derived from the Greek words, krypto, meaning hidden,
and graphein, meaning to write. Thus, cryptography is the process of making and using codes
(or ciphertext) to secure transmission of information. The codes are obtained by converting
plaintext (words, or phrases) into encrypted data.
Risk: When private information is sent over a network (like the Internet) in plaintext, the
message can be intercepted and stolen. When you store unencrypted information on a hard
drive, or on removable media; others are able to read that information should they get access to
it through theft or other means. The consequences for these unfortunate mishaps could range
from identity theft to loss of money and other assets.
Example of Occurrence. The following excerpt is from the New York times, dated August 17, 2009:
The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit
card numbers in history was charged on Monday with an even larger set of digital break-ins.
In an indictment, the Justice Department said that Albert Gonzalez, 28, of Miami and two unnamed
Russian conspirators made off with more than 130 million credit and debit card numbers from late 2006 to
early 2008.
Prosecutors called it the largest case of computer crime and identity theft ever prosecuted. According
to the government, the culprits infiltrated the computer networks of Heartland Payment Systems, a
payment processor in Princeton, N.J.; 7-Eleven Inc.; Hannaford Brothers, a regional supermarket chain;
and two unnamed national retailers.
An unspecified portion of the stolen credit and debit card numbers were then sold online, and some
were used to make unauthorized purchases and withdrawals from banks, according to the indictment,
which was filed in United States District Court in Newark…
Richard Wang, manager of SophosLabs, a security company, said the case provided more evidence
that retailers and banks needed to strengthen industry standards and encrypt credit card numbers when
they are transmitted between computers. Currently, major banks agree to encrypt such data only when it
is stored.http://www.nytimes.com/2009/08/18/technology/18card.html?_r=2&ref=business
1
CIS0
How to Protect Yourself with Cryptography
Figure 2: Encryption with Word
1. Encrypt your personal files: Encrypt important files on your
hard drive and removable media.
2. Encrypt wireless network data: To protect the data that
travels through your wireless network against eavesdropping,
you should encrypt it. The available encryption choices in
increasing order of security are: none (no data encryption is
performed), Wired Equivalent Privacy (WEP), Temporal Key
Integrity Protocol (TKIP) and Advanced Encryption Standard
(AES).
3. Encrypt sensitive email: If the software which you use to
send e-mail allows it, you should encrypt sensitive e-mail so
that only the recipient of the e-mail is able to read it.
4. Check that businesses encrypt your personal data: You
should ensure that companies and other organization with whom you do business encrypt
your personal data, such as credit card numbers and social security numbers, before they
are stored or transmitted over a network.
5. Use secure transaction over the Internet: Ensure that personal transaction over the
Internet are secure.
Example 1: You can encrypt a file in MS Word 2007 using the steps shown in the Figure 2.
Example 2: Encrypting with Encrypted File System (EFS) on Windows Vista
 How to use it: To encrypt a file using EFS, right click on the file or folder, select properties
and follow the direction in Figure 3.
 Encryption: EFS automatically creates a public key pair. (This is done only once. It is not
repeated for encryption of future files.) However, a unique key called the file encryption key
(FEK) is automatically generated every time the user needs to encrypt a file. After encrypting
a file, EFS uses the user’s public key to encrypt the FEK. It also encrypts the FEK using the
recovery agent’s public key.
 Decryption: When you log into your account and try to open an encrypted file, Windows
retrieves your private key, decrypts the FEK, and uses it to decrypt the contents of the file as
it is read from the hard disk.
 EFS is a feature of the NTFS file
system. Files encrypted with EFS
remain encrypted only while they
reside on the NTFS volume. Vista
Home Basic, Home Premium (and
Starter Edition) do not support it.
 Only the original owner and the
computer’s designated recovery
agent can access encrypted files.
Figure 3: Encryption with EFS
2
CIS0
Laboratory/Homework Assignment
Checklist: Complete the following checklist:
Vulnerability
Security checklist
Course
Unprotected Sensitive Data
Check:
Yes/No - describe
CIS0
N/A
1. Are your personal files encrypted?
2. Is your wireless data encrypted?
3. Are your sensitive e-mail messages
encrypted?
4. Do the companies and other organization
you do business with encrypt sensitive data
about you that they store on their systems
or communicate over networks?
5. Are the e-transactions you conduct over the
Internet secure?
If you answered no to any of the above questions, then your data is vulnerable to theft and
misuse.
Discussion:
1. What is the difference between private key encryption and public key encryption?
2. How many public/private key pairs does the EFS system automatically generate if a user
encrypts 10 files—one at a time? How many file encryption keys (FEKs) are generated in
this case? Explain.
3. Discuss how you would use public key encryption to encrypt a symmetric private key which
you used to encrypt a message to be sent to Alice. Describe how Alice would recover the
message? (Note: The encrypted symmetric key accompanies the message to Alice.)
4. Which key does EFS use to encrypt the FEK?
5. If a file encrypted with EFS is e-mailed to another user, does that file remain encrypted?
Explain?
6. If a file encrypted with EFS on your hard disk is copied to a removable drive, does it remain
encrypted?
Exercises:
Figure 4
1. Encrypt a document using Microsoft Word 2007.
2. Encrypt a file and a folder using EFS.
3
Related documents
Generic encryption
Generic encryption
26. Cryptology WS
26. Cryptology WS
Test 2
Test 2
Electronic Data Encryption Policy 2015
Electronic Data Encryption Policy 2015
Lesson 4: Managing Applications, Services, Folders, and Libraries
Lesson 4: Managing Applications, Services, Folders, and Libraries
Acc. Math 2—Encryption Task Acc. Math 2 Name Cryptology TASK
Acc. Math 2—Encryption Task Acc. Math 2 Name Cryptology TASK
Asymmetric-Key (Public-Key) Algorithms
Asymmetric-Key (Public-Key) Algorithms
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
QUIZ CMPE-553 15.04.2013 (90 min, 2 points)
ICS 103!!
ICS 103!!
Cipher_Command
Cipher_Command
Download
advertisement