SlideShare une entreprise Scribd logo
1  sur  42
Télécharger pour lire hors ligne
Cryptography
Cryptography

   The business and security requirements for cryptography
   Cryptographic concepts, methodologies, and practices
   Public/Private Key Algorithms
   Key Distribution/Management
   Digital Signatures
   Vulnerabilities to cryptographic functions
The business and security requirements for
                    cryptography

   Confidentiality - keeping information secret from those who
    are unauthorized to see it
   Integrity - ensuring information has not been altered in
    unexpected ways
   Availability - ensuring information is available to those
    authorized at all times
   Authentication - being able to prove the identity of an
    entity (person, process, etc.)
   Data origin authentication - being able to prove the source
    of information
   Non-repudiation - preventing the denial of previous actions
   Signature: binding information to a specific entity
Cryptography Intro
   Why Encrypt?
    •   Protect stored information
    •   Protect from Unauthorized disclosure
   Encryption - process by which plaintext is converted to
    cipher text using a key
   Decryption - process by which cipher text is converted to
    plaintext (with the appropriate key)
   plaintext (clear text)- intelligible data
Cryptography Terminology
   Cryptography - art/science relating to encrypting,
    decrypting information
   Cryptanalysis - art/science relating to converting cipher
    text to plaintext without the (secret) key
   Link encryption - the individual application of encryption
    to data on each link of a network (nodes are a weak
    link)
   End-to-End encryption - the encryption of data from
    source system to end system (https)
Cryptography Terminology Cont…
   Repudiation - In communication between parties, Denial
    by one party of having participated in communication
    (commonly heard as non-repudiation)
   Traffic analysis - inference of information from analysis
    of traffic (presence, absence, frequency, etc.)
   Traffic padding - generation of spurious data units
   Work Factor - effort/time needed to overcome a
    protective measure
Cryptanalysis Attacks
   Ciphertext-only attack - attacker attempts to decrypt
    ciphertext
   Known-plaintext attack - attacker attempts to decrypt
    ciphertext given knowledge of some plaintext (think
    “Login: “)
   Chosen-plaintext attack - attacker obtains ciphertext
    corresponding to selected plaintext
   Chosen-ciphertext attack - attacker obtains plaintext
    corresponding to selected ciphertext (in a public key system,
    when trying to deduce private key)
One - Time Pad
   Two identical pads (keys), one with sender, one with
    recipient
   The random pads (keys) are the same length as the
    message
   Unbreakable by exhaustive search
   Relies on physical security of the pads
   Pads can only be used once
Crypto System Properties
   Encryption/decryption transformations must be efficient
    for all keys
   System must be easy to use
   The security of the system should depend ONLY on the
    secrecy of the keys and not on the secrecy of the
    encryption/decryption transformations
Secrecy Requirements
   If ciphertext and plaintext are known, it should be
    computationally infeasible to determine the deciphering
    algorithm
   It should be computationally infeasible to systematically
    determine plaintext from intercepted ciphertext (Even if
    you decrypt ciphertext once, it should require the same
    amount of work to do it again.)
   Note: “systematically” allows for a lucky guess
   Note: “Computationally infeasible” means great effort, doesn’t
    account for advances in computing, mathematics
Authenticity Requirements
   If ciphertext and plaintext are known, it should be
    computationally infeasible to determine the enciphering
    algorithm
   It should be computationally infeasible to find valid
    ciphertext (Even if you encrypt plaintext so that it can be
    decrypted once, it should require the same amount of
    work to do it again.)
Public vs. Private Key Encryption
   Private key encryption uses the same key for both
    encryption and decryption (faster) (DES)
   Private key encryption known as symmetric
   Public key encryption uses two different keys, one to
    decrypt and one to encrypt (RSA)
       Thus, one key can be “public”, because the other key is
        still necessary for decryption
       More complex, key management is an issue
   Public key encryption known as asymmetric
Symmetric Key Cryptography
Symmetric Key Cryptography Cont…
   Advantages:
       Speed
       Strength of algorithms
       Availability of algorithms
   Disadvantages:
       Key management and implementation
       Key distribution
       Scalability
       Limited security (provides only limited information security
       services)
Asymmetric Key Cryptography
Asymmetric Key Cryptography Cont…
   Advantages
       Key management and distribution
       Scalability
       Provides five elements of security
            Confidentiality/privacy
            Access control
            Authentication
            Data integrity
            Non-repudiation
   Disadvantages:
       Computationally intensive
       Slow
Hybrid Systems
   Real-world systems
   Use asymmetric key cryptography to do the key
    management
   Use symmetric key cryptography to do the bulk
    encryption/decryption
   Use symmetric key cryptography to encrypt a long
    message, and then use asymmetric key cryptography to
    exchange the symmetric key used in the encryption
    process
Encipherment Modes
   Block Mode ciphers - Message broken into blocks, each
    block encrypted separately
       blocks of identical plaintext have identical ciphertext
       replay and substitution attacks easier (insertion or deletion
        of blocks
   Block chaining - parts of the previous block are inserted
    into the current block
       makes replay and substitution attacks much harder
   DES is a block cipher
Encipherment Modes
   Stream Ciphers - Message broken into characters or bits
    and enciphered with a “key stream”
       key stream - should be random and generated
        independently of the message stream
Data Encryption Standard (DES)
   Developed by IBM in 1972
   Never approved for national security applications
   64-bit plain & cipher text block size
   56-bit true key plus 8 parity bits
   Single chip (hardware) implementation
       Most implementations now software
   16 rounds of transpositions & substitutions
   Standard for unclassified government data
   symmetric, private key
Applications of DES
   Double DES
       Effective key length of 112 bits
       Work factor about the same as single DES
   Triple DES
       Encrypt with first key
       Decrypt with second key
       Encrypt with first key
       Very secure
Public key
   RSA - Rivest, Shamir, and Adleman
       Introduced in 1976
       Relies on factoring of large numbers
   Elliptic Curve Cryptosystem (ECC)
       Highest strength/bit of public key stream
       Big savings over other public key systems
            Computation
            Bandwidth
            Storage
DES Operation Modes
   Electronic codebook (ECB)




   Cipher Block Chaining (CBC)
DES Operation Modes Cont…
Cipher feedback (CFB)




Output Feedback
Strength Comparison




EC Key Size         RSA Key Size    MIPs Year
    160                1,024          1012
    320                5,120          1036
    600                21,000         1079
   1,200              120,000         10168
Key Selection
   Similar to password selection, users are the weak link
   Random number generators may not be random
   Key clustering - two different keys produce equivalent
    ciphertext from equivalent plaintext
Key Management
   Using a public key system, A wants to talk to B
   C is the Key Distribution Center, has A and B’s public key
   A calls B, and the calling protocol contacts C
   C encrypts a session key, “k”, with the public keys and
    sends the encrypted “k” to A and B
   A and B can then communicate
Key Management Issues
   Key storage, recovery
   Key revocation (lost, compromised keys)
   Must be fully automated
   No key in clear outside crypto system
   Choose key randomly from entire key space
   Key-encrypting key must be separate from data keys
   Infrequently use keys with long life
Key Escrow
   Separate agencies maintain components of private
    key, which, when combined, can be used to decrypt
    ciphertext
   Stated reason is to decrypt drug related
    communications
   Clipper chip is an example
      secret algorithm

      Unpopular, unused

   Issues include key storage, Big Brother
Digital Signature
   Used like a written signature, binds a message to an
    individual (Provides non-repudiation):
   S is sender, R is recipient, and M is the Message
       R must be able to validate S’s signature on M
       No one can forge S’s signature
       If S denies signing M, a 3rd party must be able to resolve
        the dispute between S and R
   Easy with public key encryption - S encrypts with
    private key, R can decrypt with public (so can 3rd party)
Digital Signature Cont…
   Previous method results in M in ciphertext, anyone
    without S’s public key cannot view
   An alternative is to compute a digest of the message
    using a public hash function, then encrypt the digest
    using private key. Thus, the only ciphertext is the hash.
   MD2, MD4, and MD5 are public hash functions that
    create message digests. MD5 is strongest, a Rivest
    upgrade of MD4
Hash Function
   Hash function produces a message digest
   message digest also known as fingerprint, imprint
   2 messages with the same digest are extremely unlikely
      Signer can’t claim a different message was signed

      Recipient can’t claim a different message was signed
Digital Signature Standard (DSS)

   Uses secure hash algorithm
   Condenses message to 160 bits
   Key size 512 - 1024 bits
   Proposed by NIST in 1991
   Adopted???
Message Authentication Code
   An authentication tag (also called a checksum) derived
    by applying an authentication scheme, together with a
    secret key, to a message
   Unlike digital signatures, MACs are computed and
    verified with the same key, so that they can only be
    verified by the intended recipient
Cryptographic Attacks
   Brute force attack
       Attempt to use all keys
            expensive
            time consuming
       But, processing speed doubles every 18 months,
       Clustered workstations, etc.
Cryptographic Attacks Cont…
   Analytic
       Use algorithm and algebraic manipulation to reduce
        complexity
   Statistical
       Use statistical weaknesses in design (more 1’s than 0s in
        keystream on average, for example)
   Symmetric Block Cipher Attacks
       Differential cryptanalysis - basically a chosen-plaintext attack
       Linear cryptanalysis - A known-plaintext attack
       Weak keys -
       Algebraic attacks - block cipher might exhibit a group structure
Cryptographic Attacks Cont…
   Stream Cipher Attacks
       It is imperative that a keystream generated by the stream
        cipher have no structural weaknesses
   Hash Function Attacks
       If Hash function produce the same hash value from two
        different inputs, known as a collision
   Message Authentication Code (MAC) Attacks
       Birthday paradox
            The probability that two or more people in a group of 23
             share the same birthday is greater than 50%
   Man-in-the-Middle Attacks
Kerberos
   Authentication and encryption system designed at MIT
   Assigns a unique key, called a “ticket”, to each user on
    the network
   “Ticket” embedded in user’s messages to identify sender
Certificate Authority
   Trusted, 3rd party organization
   CA (Certificate Authority) guarantees that the individual
    granted a certificate is who he/she claims to be
   CA usually has arrangement with financial institution to
    confirm identity
   Critical to data security and electronic commerce
Public Key Infrastructure
   Known as PKI
   Necessary for widespread electronic commerce
   No absolute definition or standard
   A system of digital certificates, Certificate Authorities,
    and other registration authorities that verify and
    authenticate the validity of parties in Internet
    transactions
Steganography
   Art of hiding communications
       Why? Deny message exists
       Hide data transmissions (remember the microdot?)
   Common implementations hide information in graphic
    files, sound files, or slack space
?

Contenu connexe

Tendances (20)

cryptography
cryptographycryptography
cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Steganography
SteganographySteganography
Steganography
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Encryption
EncryptionEncryption
Encryption
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 

En vedette

Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2Ankita Dave
 
Digital signature
Digital  signatureDigital  signature
Digital signatureAJAL A J
 
Digital signature introduction
Digital signature introductionDigital signature introduction
Digital signature introductionAsim Neupane
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Digital signature
Digital  signatureDigital  signature
Digital signatureAJAL A J
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 
Quality Assurance and Software Testing
Quality Assurance and Software TestingQuality Assurance and Software Testing
Quality Assurance and Software Testingpingkapil
 

En vedette (16)

Cryptography
CryptographyCryptography
Cryptography
 
Cryptoparty v1
Cryptoparty v1Cryptoparty v1
Cryptoparty v1
 
Quan nguyen symmetric versus asymmetric cryptography
Quan nguyen   symmetric versus asymmetric cryptographyQuan nguyen   symmetric versus asymmetric cryptography
Quan nguyen symmetric versus asymmetric cryptography
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
Digital signature
Digital  signatureDigital  signature
Digital signature
 
Cryptography
CryptographyCryptography
Cryptography
 
Digital signature introduction
Digital signature introductionDigital signature introduction
Digital signature introduction
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signature
Digital  signatureDigital  signature
Digital signature
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Agile QA Process
Agile QA ProcessAgile QA Process
Agile QA Process
 
Quality Assurance and Software Testing
Quality Assurance and Software TestingQuality Assurance and Software Testing
Quality Assurance and Software Testing
 

Similaire à 6. cryptography

Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comphanleson
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneSecurityTube.Net
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...ams1ams11
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfKailasS9
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysIJORCS
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysIJORCS
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyGayathridevi120
 
Cryptography /Sankar jayam
Cryptography /Sankar jayamCryptography /Sankar jayam
Cryptography /Sankar jayamtasankar14
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingSumit Satam
 

Similaire à 6. cryptography (20)

Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Ch12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.comCh12 Cryptography it-slideshares.blogspot.com
Ch12 Cryptography it-slideshares.blogspot.com
 
Cryptography Lecture by Sam Bowne
Cryptography Lecture by Sam BowneCryptography Lecture by Sam Bowne
Cryptography Lecture by Sam Bowne
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
Data encryption
Data encryptionData encryption
Data encryption
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Day5
Day5Day5
Day5
 
IS-cryptograpy algorithms.pptx
IS-cryptograpy algorithms.pptxIS-cryptograpy algorithms.pptx
IS-cryptograpy algorithms.pptx
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated Keys
 
A Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated KeysA Robust Cryptographic System using Neighborhood-Generated Keys
A Robust Cryptographic System using Neighborhood-Generated Keys
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Cryptography /Sankar jayam
Cryptography /Sankar jayamCryptography /Sankar jayam
Cryptography /Sankar jayam
 
Sankar jayam
Sankar jayamSankar jayam
Sankar jayam
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured Messaging
 
82 86
82 8682 86
82 86
 

Plus de 7wounders

10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security7wounders
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
2. access control
2. access control2. access control
2. access control7wounders
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 

Plus de 7wounders (8)

Cissp why
Cissp whyCissp why
Cissp why
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
8. operations security
8. operations security8. operations security
8. operations security
 
7. physical sec
7. physical sec7. physical sec
7. physical sec
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
2. access control
2. access control2. access control
2. access control
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 

Dernier

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Alexander Turgeon
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Dernier (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

6. cryptography

  • 2. Cryptography  The business and security requirements for cryptography  Cryptographic concepts, methodologies, and practices  Public/Private Key Algorithms  Key Distribution/Management  Digital Signatures  Vulnerabilities to cryptographic functions
  • 3. The business and security requirements for cryptography  Confidentiality - keeping information secret from those who are unauthorized to see it  Integrity - ensuring information has not been altered in unexpected ways  Availability - ensuring information is available to those authorized at all times  Authentication - being able to prove the identity of an entity (person, process, etc.)  Data origin authentication - being able to prove the source of information  Non-repudiation - preventing the denial of previous actions  Signature: binding information to a specific entity
  • 4. Cryptography Intro  Why Encrypt? • Protect stored information • Protect from Unauthorized disclosure  Encryption - process by which plaintext is converted to cipher text using a key  Decryption - process by which cipher text is converted to plaintext (with the appropriate key)  plaintext (clear text)- intelligible data
  • 5. Cryptography Terminology  Cryptography - art/science relating to encrypting, decrypting information  Cryptanalysis - art/science relating to converting cipher text to plaintext without the (secret) key  Link encryption - the individual application of encryption to data on each link of a network (nodes are a weak link)  End-to-End encryption - the encryption of data from source system to end system (https)
  • 6. Cryptography Terminology Cont…  Repudiation - In communication between parties, Denial by one party of having participated in communication (commonly heard as non-repudiation)  Traffic analysis - inference of information from analysis of traffic (presence, absence, frequency, etc.)  Traffic padding - generation of spurious data units  Work Factor - effort/time needed to overcome a protective measure
  • 7. Cryptanalysis Attacks  Ciphertext-only attack - attacker attempts to decrypt ciphertext  Known-plaintext attack - attacker attempts to decrypt ciphertext given knowledge of some plaintext (think “Login: “)  Chosen-plaintext attack - attacker obtains ciphertext corresponding to selected plaintext  Chosen-ciphertext attack - attacker obtains plaintext corresponding to selected ciphertext (in a public key system, when trying to deduce private key)
  • 8. One - Time Pad  Two identical pads (keys), one with sender, one with recipient  The random pads (keys) are the same length as the message  Unbreakable by exhaustive search  Relies on physical security of the pads  Pads can only be used once
  • 9. Crypto System Properties  Encryption/decryption transformations must be efficient for all keys  System must be easy to use  The security of the system should depend ONLY on the secrecy of the keys and not on the secrecy of the encryption/decryption transformations
  • 10. Secrecy Requirements  If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm  It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.)  Note: “systematically” allows for a lucky guess  Note: “Computationally infeasible” means great effort, doesn’t account for advances in computing, mathematics
  • 11. Authenticity Requirements  If ciphertext and plaintext are known, it should be computationally infeasible to determine the enciphering algorithm  It should be computationally infeasible to find valid ciphertext (Even if you encrypt plaintext so that it can be decrypted once, it should require the same amount of work to do it again.)
  • 12. Public vs. Private Key Encryption  Private key encryption uses the same key for both encryption and decryption (faster) (DES)  Private key encryption known as symmetric  Public key encryption uses two different keys, one to decrypt and one to encrypt (RSA)  Thus, one key can be “public”, because the other key is still necessary for decryption  More complex, key management is an issue  Public key encryption known as asymmetric
  • 14. Symmetric Key Cryptography Cont…  Advantages:  Speed  Strength of algorithms  Availability of algorithms  Disadvantages:  Key management and implementation  Key distribution  Scalability  Limited security (provides only limited information security  services)
  • 16. Asymmetric Key Cryptography Cont…  Advantages  Key management and distribution  Scalability  Provides five elements of security  Confidentiality/privacy  Access control  Authentication  Data integrity  Non-repudiation  Disadvantages:  Computationally intensive  Slow
  • 17. Hybrid Systems  Real-world systems  Use asymmetric key cryptography to do the key management  Use symmetric key cryptography to do the bulk encryption/decryption  Use symmetric key cryptography to encrypt a long message, and then use asymmetric key cryptography to exchange the symmetric key used in the encryption process
  • 18. Encipherment Modes  Block Mode ciphers - Message broken into blocks, each block encrypted separately  blocks of identical plaintext have identical ciphertext  replay and substitution attacks easier (insertion or deletion of blocks  Block chaining - parts of the previous block are inserted into the current block  makes replay and substitution attacks much harder  DES is a block cipher
  • 19. Encipherment Modes  Stream Ciphers - Message broken into characters or bits and enciphered with a “key stream”  key stream - should be random and generated independently of the message stream
  • 20. Data Encryption Standard (DES)  Developed by IBM in 1972  Never approved for national security applications  64-bit plain & cipher text block size  56-bit true key plus 8 parity bits  Single chip (hardware) implementation  Most implementations now software  16 rounds of transpositions & substitutions  Standard for unclassified government data  symmetric, private key
  • 21. Applications of DES  Double DES  Effective key length of 112 bits  Work factor about the same as single DES  Triple DES  Encrypt with first key  Decrypt with second key  Encrypt with first key  Very secure
  • 22. Public key  RSA - Rivest, Shamir, and Adleman  Introduced in 1976  Relies on factoring of large numbers  Elliptic Curve Cryptosystem (ECC)  Highest strength/bit of public key stream  Big savings over other public key systems  Computation  Bandwidth  Storage
  • 23. DES Operation Modes  Electronic codebook (ECB)  Cipher Block Chaining (CBC)
  • 24. DES Operation Modes Cont… Cipher feedback (CFB) Output Feedback
  • 25. Strength Comparison EC Key Size RSA Key Size MIPs Year 160 1,024 1012 320 5,120 1036 600 21,000 1079 1,200 120,000 10168
  • 26. Key Selection  Similar to password selection, users are the weak link  Random number generators may not be random  Key clustering - two different keys produce equivalent ciphertext from equivalent plaintext
  • 27. Key Management  Using a public key system, A wants to talk to B  C is the Key Distribution Center, has A and B’s public key  A calls B, and the calling protocol contacts C  C encrypts a session key, “k”, with the public keys and sends the encrypted “k” to A and B  A and B can then communicate
  • 28. Key Management Issues  Key storage, recovery  Key revocation (lost, compromised keys)  Must be fully automated  No key in clear outside crypto system  Choose key randomly from entire key space  Key-encrypting key must be separate from data keys  Infrequently use keys with long life
  • 29. Key Escrow  Separate agencies maintain components of private key, which, when combined, can be used to decrypt ciphertext  Stated reason is to decrypt drug related communications  Clipper chip is an example  secret algorithm  Unpopular, unused  Issues include key storage, Big Brother
  • 30. Digital Signature  Used like a written signature, binds a message to an individual (Provides non-repudiation):  S is sender, R is recipient, and M is the Message  R must be able to validate S’s signature on M  No one can forge S’s signature  If S denies signing M, a 3rd party must be able to resolve the dispute between S and R  Easy with public key encryption - S encrypts with private key, R can decrypt with public (so can 3rd party)
  • 31. Digital Signature Cont…  Previous method results in M in ciphertext, anyone without S’s public key cannot view  An alternative is to compute a digest of the message using a public hash function, then encrypt the digest using private key. Thus, the only ciphertext is the hash.  MD2, MD4, and MD5 are public hash functions that create message digests. MD5 is strongest, a Rivest upgrade of MD4
  • 32. Hash Function  Hash function produces a message digest  message digest also known as fingerprint, imprint  2 messages with the same digest are extremely unlikely  Signer can’t claim a different message was signed  Recipient can’t claim a different message was signed
  • 33. Digital Signature Standard (DSS)  Uses secure hash algorithm  Condenses message to 160 bits  Key size 512 - 1024 bits  Proposed by NIST in 1991  Adopted???
  • 34. Message Authentication Code  An authentication tag (also called a checksum) derived by applying an authentication scheme, together with a secret key, to a message  Unlike digital signatures, MACs are computed and verified with the same key, so that they can only be verified by the intended recipient
  • 35. Cryptographic Attacks  Brute force attack  Attempt to use all keys  expensive  time consuming  But, processing speed doubles every 18 months,  Clustered workstations, etc.
  • 36. Cryptographic Attacks Cont…  Analytic  Use algorithm and algebraic manipulation to reduce complexity  Statistical  Use statistical weaknesses in design (more 1’s than 0s in keystream on average, for example)  Symmetric Block Cipher Attacks  Differential cryptanalysis - basically a chosen-plaintext attack  Linear cryptanalysis - A known-plaintext attack  Weak keys -  Algebraic attacks - block cipher might exhibit a group structure
  • 37. Cryptographic Attacks Cont…  Stream Cipher Attacks  It is imperative that a keystream generated by the stream cipher have no structural weaknesses  Hash Function Attacks  If Hash function produce the same hash value from two different inputs, known as a collision  Message Authentication Code (MAC) Attacks  Birthday paradox  The probability that two or more people in a group of 23 share the same birthday is greater than 50%  Man-in-the-Middle Attacks
  • 38. Kerberos  Authentication and encryption system designed at MIT  Assigns a unique key, called a “ticket”, to each user on the network  “Ticket” embedded in user’s messages to identify sender
  • 39. Certificate Authority  Trusted, 3rd party organization  CA (Certificate Authority) guarantees that the individual granted a certificate is who he/she claims to be  CA usually has arrangement with financial institution to confirm identity  Critical to data security and electronic commerce
  • 40. Public Key Infrastructure  Known as PKI  Necessary for widespread electronic commerce  No absolute definition or standard  A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of parties in Internet transactions
  • 41. Steganography  Art of hiding communications  Why? Deny message exists  Hide data transmissions (remember the microdot?)  Common implementations hide information in graphic files, sound files, or slack space
  • 42. ?