SlideShare une entreprise Scribd logo

Cryptography : The Art of Secured Messaging

Télécharger en tant que DOCX, PDF
Sumit Satam
Sumit Satam

Information about Cryptography. Almost detailed information can be useful for projects.

Formation
1  sur  34
CRYPTOGRAPHY The Art of Secured Messaging
What Is Cryptography ? The art of protecting information by transforming it (encrypting it) into an unreadable format called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free. Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses. It contains two main processes: 1] Encryption 2] Decryption
It can be stated as follows :
Suppose any password to be share, first we have to select it. Then that file is opened in MD5 Hash tool
Data automatically get encrypted in its MD5 value For our password: “IAmBondJamesBond”, Hash value we get: “adb988afda35a81204f37d6852d336e5” The hash value generated is work like a key.
Such hash values can be decrypted using online tools like :
 Introduction  History Of Cryptography  Terms & Definitions related with Cryptography  Symmetric and Asymmetric Algorithms  Hashing  PKI Concepts  Attacks on Cryptosystems
Introduction  “Hidden writing”  Increasingly used to protect information  Can ensure confidentiality  Integrity and Authenticity too Cryptography – Greek for hidden and writing is a means of transforming data in a way that renders it unreadable by anyone except the intended recipient. What was originally used almost exclusively by governments for espionage has become a powerful tool for personal privacy today. Every modern computer system uses modern cryptographic methods to secure passwords stored and provides the trusted backbone for e-commerce (think lock icon). Cryptography fits into the CIA triad, as it can be used to ensure confidentiality and integrity of a message. Some forms also provide for sender authenticity and proof of delivery. But cryptography doesn’t address availability as some other forms of security do. Although forgetting a password for your user account can certainly lead to a denial of service attack. However, cryptography is used in many access control systems. History – The Manual Era  Dates back to at least 2000 B.C.  Pen and Paper Cryptography  Examples • Scytale
• Atbash • Caesar • Vigenère The history of cryptography begins where many stories of history do…. in ancient Egypt with hieroglyphics. Scytale – Spartan method involved wrapping a belt around a rod of a given diameter and length Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The DaVinci Code) Caesar – Shift all letters by a given number of letters in the alphabet Vignère – Use of a key and multiple alphabets to hide repeated characters in an encrypted message History – The Mechanical Era  Invention of cipher machines  Examples • Confederate Army’s Cipher Disk • Japanese Red and Purple Machines • German Enigma The history of cryptography begins where many old tales do…. in ancient Egypt with hieroglyphics. These were not meant to hide messages so much as to give a formal and ceremonial touch to stories of everyday events.
During the industrial age, cryptography was moved from a manual exercise to one done by machines. The invention of cipher disks and rotors for this use allowed for the creation of much more complex algorithms. History – The Modern Era  Computers!  Examples • Lucifer • Rijndael • RSA • ElGamal Modern computing gave cryptographers vast resources for improving the complexity of cryptosystems as well as for attacking them. And with the spread of personal computing, electronic commerce, and personal privacy concerns, use of encryption has spread beyond its traditional uses in military and government applications. Speak Like a Crypto Geek Just like with many technical topics, Cryptography has its own lingo. Learning and using these terms and their definitions are the key to speaking like a crypto geek. Plaintext – A message in its natural format readable by an attacker. Cipher text – Message altered to be unreadable by anyone except the intended recipients. Key – Sequence that controls the operation and behavior of the cryptographic algorithm.
Keyspace – Total number of possible values of keys in a crypto algorithm. Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption. Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operationsssible values of keys in a crypto algorithm. Cryptosystem Services  Confidentiality  Integrity  Authenticity  Nonrepudiation  Access Control So why do care about cryptography? Well, here’s what it can do for us.  Confidentiality – Only authorized entities are allowed to view  Integrity – Ensures the message was not altered by unauthorized individuals  Authenticity – Validates the source of a message, to ensure the sender is properly identified  Nonrepudiation – Establishes sender identity so that the entity cannot deny having sent the message  Access Control – Access to an object requires access to the associated crypto keys in many systems (e.g. login)
Types of Cryptography  Stream-based Ciphers : Stream Ciphers are fast and easy to implement in hardware. • One at a time, please • Mixes plaintext with key stream • Good for real-time services  Block Ciphers : Block ciphers are stronger, but slower and often implemented in hardware. • Amusement Park Ride • Substitution and transposition  Substitution Cipher : Replacing one letter with another. • Convert one letter to another • Cryptoquip  Transposition Cipher : World Jumble. Rearranging or reordering the letters within a message • Change position of letter in text • Word Jumble  Monoalphabetic Cipher : Algorithm that substitutes one letter in the ciphertext alphabet for one in the plaintext alphabet. • Caesar
 Polyalphabetic Cipher : Algorithm that substitutes a letter from two or more ciphertext alphabets for each plaintext alphabet letter based on position in the message. • Vigenère  Modular Mathematics : Sometimes referred to as “clock arithmetic”, computes operations over a given range of values from 0 to N. Referred to as modulo N. • Running Key Cipher  One-time Pads : Offer perfect secrecy if a true source of randomness is used, but is very difficult to use in practice. • Randomly generated keys Steganography  Hiding a message within another medium, such as an image  No key is required  Example : Modify color map of JPEG image Invisible ink, hidden tattoos, and microdots are all examples of steganography. By taking a color digital image and slightly altering the color of each pixel, you can hide a message in the image without noticeably altering the appearance. The receiver can then extract the message if they have the original, unaltered image.
Cryptographic Methods  Symmetric • Same key for encryption and decryption • Key distribution problem  Asymmetric • Mathematically related key pairs for encryption and decryption • Public and private keys Cryptographic Algorithms generally fall into one of two different categories, or are a combination of both. Symmetric • Fast • Only provide confidentiality • Need secure channel for key distribution • Key management headaches from large number of key pairs to maintain N(N-1)/2 • That’s over 6.3 million key pairs to let all 3556 Purdue A/P staff members exchange encrypted messages • To do the same for all students would require over half a billion key pairs! • Examples: DES, AES, Blowfish, RC4, RC5 Asymmetric
• Large mathematical operations make it slower than symmetric algorithms • No need for out of band key distribution (public keys are public!) • Scales better since only a single key pair needed per individual • Can provide authentication and nonrepudiation • Examples: RSA, El Gamal, ECC, Diffie-Hellman • Hybrid • Combines strengths of both metods • Asymmetric distributes symmetric key • Also known as a session key • Symmetric provides bulk encryption • Example: • SSL negotiates a hybrid method A hybrid cryptosystem is the best of both worlds. In this case, an asymmetric encryption scheme is used to transmit a generated symmetric key to the other party, then that key is used for all further communications. This combines the scalability and key management features of the asymmetric algorithms with the speed of symmetric ones. The Secure Sockets Layer (SSL) protocol negotiates which asymmetric and symmetric algorithms to use in a hybrid system to protect TCP connections, such as an HTTP connection between a web browser and web server.
Attributes of Strong Encryption  Confusion • Change key values each round • Performed through substitution • Complicates plaintext/key relationship  Diffusion • Change location of plaintext in cipher text • Done through transposition Strong encryption uses a combination of both of these attributes to attain a sufficiently complex algorithm.
Symmetric Algorithms DES (Data Encryption Standard) • 64 bit key that is effectively 56 bits in strength • Actual algorithm is called DEA (Data Encryption Algorithm) • DES Modes • Electronic Code Book • Cipher Block Chaining (most commonly used for general purpose encryption) • Cipher Feedback • Output Feedback • Counter Mode (used in IPSec) 3DES • 112-bit effective key length • Uses either 2 or 3 different smaller keys in one of several modes • Modes • EEE2/3 • EDE2/3 AES • NIST replaced DES in 1997 with this • Uses the Rijndael algorithm • Supports key/block sizes of 128, 192, and 256 bits
• Uses 10/12/14 rounds as block size increases IDEA (International Data Encryption Algorithm) • Operates on 64 bit blocks in 8 rounds with 128 bit key • Considered stronger than DES and is used in PGP Blowfish • 64 bit block cipher with up to 448 bit key and 16 rounds • Designed by Bruce Schneier. RC4 • Stream cipher with variable key size created by Ron Rivest RC5 • Another Rivest cipher • Block cipher with 32/64/128 bit blocks and keys up to 2048 bits RC6 • Beefier version of RC5 submitted as AES candidate CAST • 64 bit block cipher with keys between 40-128 bits with 12- 16 rounds depending on key length • CAST-256 used 128-bit blocks and keys from 128-256 bits using 48 rounds SAFER (Secure and Fast Encryption Routine)
• Set of patent-free algorithms in 64 and 128 bit block variants • Variation used in Bluetooth Twofish • Adapted version of Blowfish with 128 bit blocks, 128-256 bit keys and 16 rounds • AES Finalist
Asymmetric Algorithms Diffie-Hellman (1976) • First widely known public key cryptography algorithm • Computes discrete logarithms over a finite field • Provides means for secure key exchange over insecure channel RSA (1977) • Stands for inventors names, Rivest, Shamir, and Adleman • Relies on difficulty of finding prime factorization of large numbers El Gamal (1984) • Based on Diffie-Hellman method of computing discrete logarithms • Can also be used for message confidentiality and digital signature services Elliptic Curve Cryptography (1985) • Relies on computing discrete logarithms over elliptic curve group • Due to difficulty of problem, key sizes can be much smaller than RSA and still retain strength
Hashing Algorithms  MD5 • Computes 128-bit hash value • Widely used for file integrity checking MD-5 is based on MD-4 and was created to address vulnerabilities found in MD-4. MD5 generates 128-bit hash values over 512-bit blocks in 4 rounds of 16 steps each.  SHA-1 • Computes 160-bit hash value • NIST approved message digest algorithm SHA-1 also operates on 512-bit blocks, but produces a 160-bit hash value in 4 rounds of 20 steps each.  HAVAL • Computes between 128 and 256 bit hash • Between 3 and 5 rounds  RIPEMD-160 • Developed in Europe published in 1996 • Patent-free  HAVAL was developed at the University of Wollongong in Australia. It has a number of different modes of operation based on the chosen output size and number of rounds. HAVAL operates on 1024-bit blocks.
 RIPEMD-160 was developed by the European RACE integrity Primitives Evaluation Project. The output size is 160 bits and operates on 512-bit blocks. RIPEMD-160 performs 5 paired rounds with 16 steps each. Birthday Attack  Collisions • Two messages with the same hash value  Based on the “birthday paradox”  Hash algorithms should be resistant to this attack
Message Authentication Codes  Small block of data generated with a secret key and appended to a message  HMAC (RFC 2104) • Uses hash instead of cipher for speed • Used in SSL/TLS and IPSec Traditional MAC is generated using DES-CBC and is just the last block of ciphertext created when encrypting the message itself. This can be appended to the plaintext to be used as a MAC. Unfortunately, DES and other encryption mechanisms can be somewhat slow compared to a hash function. So the HMAC standard was created which allows using a hash algorithm with a secret key “mixed in” to improve the speed while providing message integrity and authentication.
Digital Signatures  Hash of message encrypted with private key  Digital Signature Standard (DSS) • DSA/RSA/ECD-SA plus SHA  DSS provides • Sender authentication • Verification of message integrity • Nonrepudiation The hash is encrypted instead of the message itself for performance reasons. Encrypting a large document with a private key is a much more time consuming process than taking the hash of the same message and then encrypting that hash. The Digital Signature Standard (DSS) includes the following asymmetric key and message digest algorithms.  Digital Signature Algorithm (DSA)  RSA  Elliptic Curve Distribution (Signature Algorithm)  SHA (Message Digest) DSS is a US government standard and is used in e-commerce, e-mail, and financial transactions on a daily basis.
Encryption Management  Key Distribution Center (KDC) • Uses master keys to issue session keys • Example: Kerberos  ANSI X9.17 • Used by financial institutions • Hierarchical set of keys Higher levels used to distribute lower Encryption Management Features include: • Issuance (CA, KDC, Directory) • Revocation (CRL) • Recovery (Key Escrow) • Distribution (Directory) • History (Archival and Backup) KDC : Master key pairs are generated for each user and the KDC. A session key is generated by the KDC and distributes to each party of the communication, encrypted with their master key. ANSI X9.17 This standard defines up to three levels of keys:
• KKMs : Master key-encrypting keys (distributed manually) • KKs : Key-encrypting keys DKs : Data keys
Public Key Infrastructure (PKI)  All components needed to enable secure communication • Policies and Procedures • Keys and Algorithms • Software and Data Formats  Assures identity to users Provides key management features Policies and Procedures are the most difficult part of implementing a PKI. Key Management Features include: • Issuance (CA) • Revocation (CRL) • Recovery (Key Escrow) • Distribution (Directory) • History (Archival/Escrow)
PKI Components  Digital Certificates • Contains identity and verification info  Certificate Authorities • Trusted entity that issues certificates  Registration Authorities • Verifies identity for certificate requests  Certificate Revocation List (CRL) Digital certificates adhere to the X.509 certificate standard format. Currently in version 3. CRLs are maintained by the CA and list all certificates that have been revoked. Clients are supposed to check if a certificate has been revoked before using it, but this is not always the case in practice. PKI Cross Certification  Process to establish a trust relationship between CAs  Allows each CA to validate certificates issued by the other CA Used in large organizations or business partnerships
Cryptanalysis  The study of methods to break cryptosystems  Often targeted at obtaining a key  Attacks may be passive or active  Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key  Cryptosystem Strength How hard is it to determine the secret associated with the system?  Brute force Trying all key values in the keyspace  Frequency Analysis Guess values based on frequency of occurrence  Dictionary Attack Find plaintext based on common words  Replay Attack Repeating previous known values  Factoring Attacks Find keys through prime factorization  Ciphertext-Only
 Known Plaintext Format or content of plaintext available  Chosen Plaintext Attack can encrypt chosen plaintext  Chosen Ciphertext Decrypt known ciphertext to discover key  Differential Power Analysis Side Channel Attack Identify algorithm and key length  Social Engineering Humans are the weakest link  RNG Attack Predict IV used by an algorithm  Temporary Files May contain plaintext
E-mail Security Protocols  Privacy Enhanced Email (PEM)  Pretty Good Privacy (PGP) • Based on a distributed trust model • Each user generates a key pair  S/MIME • Requires public key infrastructure • Supported by most e-mail clients PEM • First in the field, but never really caught on and was superseded by others such as S/MIME • Generally had too strict of PKI requirements to be feasible for many organizations. PGP • Uses a “web of trust” distributed trust model where each user is an authority • Key revocation is difficult due to the distributed nature of the web • Originally designed by Phil Zimmerman and released in 1991 S/MIME • Secure Multipurpose Internet Mail Extension
• Standard for encrypting and signing electronic mail which extends the MIME standard • Uses X.509 certificates
Network Security  Link Encryption • Encrypt traffic headers + data • Transparent to users  End-to-End Encryption • Encrypts application layer data only • Network devices need not be aware Link Encryption involves performing encryption at the physical or data link layers of the OSI network model to protect confidentiality of information within the communications channel only. The link routing information itself is encrypted and must be decrypted by each device along the channel to determine the next receiver, then re-encrypted when transmitted. Link encryption can thwart attempts at traffic analysis, although it is typically costly due to the need to have specialized routing equipment along the path. The users, however, can be blissfully ignorant of the details of the encryption involved. Satellite TV is an example of a medium that uses link encryption. End-to-end encryption, however, only encrypts the application layer data being transmitted. Network devices can be “dumb” with regard to the encryption used, while users may have more flexibility in selecting the algorithms. Because only the data is protected in transit, E2E encryption doesn’t enjoy the same resistance to traffic analysis as link encryption.  SSL/TLS
• Supports mutual authentication • Secures a number of popular network services  IPSec • Security extensions for TCP/IP protocols • Supports encryption and authentication • Used for VPNs  Thanks For Reading  By: Sumit Sanjay Satam

Recommandé

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesMona Rajput
 
Cryptography
Cryptography Cryptography
Cryptography أحلام انصارى
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric keyRajat Tripathi
 
Security
SecuritySecurity
SecuritySri Manakula Vinayagar Engineering College
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Criptography
CriptographyCriptography
CriptographySajan Sahu
 

Recommandé

Cryptography
CryptographyCryptography
CryptographyJohnsonDaniel JohnsonDaniel
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesMona Rajput
 
Cryptography
Cryptography Cryptography
Cryptography أحلام انصارى
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric keyRajat Tripathi
 
Security
SecuritySecurity
SecuritySri Manakula Vinayagar Engineering College
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Criptography
CriptographyCriptography
CriptographySajan Sahu
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writingtahirilyas92
 
Cryptography
CryptographyCryptography
CryptographySidharth Mohapatra
 
Cryptography using python
Cryptography using pythonCryptography using python
Cryptography using pythonKaushikRamabhotla
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)newbie2019
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 
Asif
AsifAsif
AsifMohammad Asif
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Cryptography
CryptographyCryptography
CryptographyDipti Sakpal
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKIRabei Hassan
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
A Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering TechniqueA Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering Techniqueijsrd.com
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 
Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 

Contenu connexe

Tendances

Cryptography full report
Cryptography full reportCryptography full report
Cryptography full reportharpoo123143
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writingtahirilyas92
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)newbie2019
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKIRabei Hassan
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
A Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering TechniqueA Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering Techniqueijsrd.com
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptographyVaibhav Khanna
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And DecryptionNA
 

Tendances (20)

Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography using python
Cryptography using pythonCryptography using python
Cryptography using python
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab Kumbhakar
 
Asif
AsifAsif
Asif
 
Cryptography
CryptographyCryptography
Cryptography
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography and PKI
Cryptography and PKICryptography and PKI
Cryptography and PKI
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
A Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering TechniqueA Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering Technique
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Encryption And Decryption
Encryption And DecryptionEncryption And Decryption
Encryption And Decryption
 

Similaire à Cryptography : The Art of Secured Messaging

Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdfSetiya Nugroho
 
Lecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxLecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxmustafaenayat
 
Cryptography by manisha jha
Cryptography by manisha jhaCryptography by manisha jha
Cryptography by manisha jhaManishaJha43
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of CryptographyManjarul Hoque
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
Cryptography 1
Cryptography 1Cryptography 1
Cryptography 1bhanu7161
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyGayathridevi120
 
PresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfPresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfVAIBHAVCHAKRAWARTI
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
Cryptography
CryptographyCryptography
Cryptographyprasham95
 

Similaire à Cryptography : The Art of Secured Messaging (20)

Basic Cryptography.pdf
Basic Cryptography.pdfBasic Cryptography.pdf
Basic Cryptography.pdf
 
Network security
Network securityNetwork security
Network security
 
Cryptography
CryptographyCryptography
Cryptography
 
groupWork.pptx
groupWork.pptxgroupWork.pptx
groupWork.pptx
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Lecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptxLecture 5 - Cryptography.pptx
Lecture 5 - Cryptography.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography by manisha jha
Cryptography by manisha jhaCryptography by manisha jha
Cryptography by manisha jha
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
Info security & crypto
Info security & cryptoInfo security & crypto
Info security & crypto
 
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - CryptographyCISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Cryptography 1
Cryptography 1Cryptography 1
Cryptography 1
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
PresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdfPresentationonCRYPTOGRAPHYppt.pdf
PresentationonCRYPTOGRAPHYppt.pdf
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Cryptography
CryptographyCryptography
Cryptography
 

Dernier

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 

Dernier (20)

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 

Cryptography : The Art of Secured Messaging

  • 1. CRYPTOGRAPHY The Art of Secured Messaging
  • 2. What Is Cryptography ? The art of protecting information by transforming it (encrypting it) into an unreadable format called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free. Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses. It contains two main processes: 1] Encryption 2] Decryption
  • 3. It can be stated as follows :
  • 4. Suppose any password to be share, first we have to select it. Then that file is opened in MD5 Hash tool
  • 5. Data automatically get encrypted in its MD5 value For our password: “IAmBondJamesBond”, Hash value we get: “adb988afda35a81204f37d6852d336e5” The hash value generated is work like a key.
  • 6. Such hash values can be decrypted using online tools like :
  • 7.  Introduction  History Of Cryptography  Terms & Definitions related with Cryptography  Symmetric and Asymmetric Algorithms  Hashing  PKI Concepts  Attacks on Cryptosystems
  • 8. Introduction  “Hidden writing”  Increasingly used to protect information  Can ensure confidentiality  Integrity and Authenticity too Cryptography – Greek for hidden and writing is a means of transforming data in a way that renders it unreadable by anyone except the intended recipient. What was originally used almost exclusively by governments for espionage has become a powerful tool for personal privacy today. Every modern computer system uses modern cryptographic methods to secure passwords stored and provides the trusted backbone for e-commerce (think lock icon). Cryptography fits into the CIA triad, as it can be used to ensure confidentiality and integrity of a message. Some forms also provide for sender authenticity and proof of delivery. But cryptography doesn’t address availability as some other forms of security do. Although forgetting a password for your user account can certainly lead to a denial of service attack. However, cryptography is used in many access control systems. History – The Manual Era  Dates back to at least 2000 B.C.  Pen and Paper Cryptography  Examples • Scytale
  • 9. • Atbash • Caesar • Vigenère The history of cryptography begins where many stories of history do…. in ancient Egypt with hieroglyphics. Scytale – Spartan method involved wrapping a belt around a rod of a given diameter and length Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The DaVinci Code) Caesar – Shift all letters by a given number of letters in the alphabet Vignère – Use of a key and multiple alphabets to hide repeated characters in an encrypted message History – The Mechanical Era  Invention of cipher machines  Examples • Confederate Army’s Cipher Disk • Japanese Red and Purple Machines • German Enigma The history of cryptography begins where many old tales do…. in ancient Egypt with hieroglyphics. These were not meant to hide messages so much as to give a formal and ceremonial touch to stories of everyday events.
  • 10. During the industrial age, cryptography was moved from a manual exercise to one done by machines. The invention of cipher disks and rotors for this use allowed for the creation of much more complex algorithms. History – The Modern Era  Computers!  Examples • Lucifer • Rijndael • RSA • ElGamal Modern computing gave cryptographers vast resources for improving the complexity of cryptosystems as well as for attacking them. And with the spread of personal computing, electronic commerce, and personal privacy concerns, use of encryption has spread beyond its traditional uses in military and government applications. Speak Like a Crypto Geek Just like with many technical topics, Cryptography has its own lingo. Learning and using these terms and their definitions are the key to speaking like a crypto geek. Plaintext – A message in its natural format readable by an attacker. Cipher text – Message altered to be unreadable by anyone except the intended recipients. Key – Sequence that controls the operation and behavior of the cryptographic algorithm.
  • 11. Keyspace – Total number of possible values of keys in a crypto algorithm. Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption. Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operationsssible values of keys in a crypto algorithm. Cryptosystem Services  Confidentiality  Integrity  Authenticity  Nonrepudiation  Access Control So why do care about cryptography? Well, here’s what it can do for us.  Confidentiality – Only authorized entities are allowed to view  Integrity – Ensures the message was not altered by unauthorized individuals  Authenticity – Validates the source of a message, to ensure the sender is properly identified  Nonrepudiation – Establishes sender identity so that the entity cannot deny having sent the message  Access Control – Access to an object requires access to the associated crypto keys in many systems (e.g. login)
  • 12. Types of Cryptography  Stream-based Ciphers : Stream Ciphers are fast and easy to implement in hardware. • One at a time, please • Mixes plaintext with key stream • Good for real-time services  Block Ciphers : Block ciphers are stronger, but slower and often implemented in hardware. • Amusement Park Ride • Substitution and transposition  Substitution Cipher : Replacing one letter with another. • Convert one letter to another • Cryptoquip  Transposition Cipher : World Jumble. Rearranging or reordering the letters within a message • Change position of letter in text • Word Jumble  Monoalphabetic Cipher : Algorithm that substitutes one letter in the ciphertext alphabet for one in the plaintext alphabet. • Caesar
  • 13.  Polyalphabetic Cipher : Algorithm that substitutes a letter from two or more ciphertext alphabets for each plaintext alphabet letter based on position in the message. • Vigenère  Modular Mathematics : Sometimes referred to as “clock arithmetic”, computes operations over a given range of values from 0 to N. Referred to as modulo N. • Running Key Cipher  One-time Pads : Offer perfect secrecy if a true source of randomness is used, but is very difficult to use in practice. • Randomly generated keys Steganography  Hiding a message within another medium, such as an image  No key is required  Example : Modify color map of JPEG image Invisible ink, hidden tattoos, and microdots are all examples of steganography. By taking a color digital image and slightly altering the color of each pixel, you can hide a message in the image without noticeably altering the appearance. The receiver can then extract the message if they have the original, unaltered image.
  • 14. Cryptographic Methods  Symmetric • Same key for encryption and decryption • Key distribution problem  Asymmetric • Mathematically related key pairs for encryption and decryption • Public and private keys Cryptographic Algorithms generally fall into one of two different categories, or are a combination of both. Symmetric • Fast • Only provide confidentiality • Need secure channel for key distribution • Key management headaches from large number of key pairs to maintain N(N-1)/2 • That’s over 6.3 million key pairs to let all 3556 Purdue A/P staff members exchange encrypted messages • To do the same for all students would require over half a billion key pairs! • Examples: DES, AES, Blowfish, RC4, RC5 Asymmetric
  • 15. • Large mathematical operations make it slower than symmetric algorithms • No need for out of band key distribution (public keys are public!) • Scales better since only a single key pair needed per individual • Can provide authentication and nonrepudiation • Examples: RSA, El Gamal, ECC, Diffie-Hellman • Hybrid • Combines strengths of both metods • Asymmetric distributes symmetric key • Also known as a session key • Symmetric provides bulk encryption • Example: • SSL negotiates a hybrid method A hybrid cryptosystem is the best of both worlds. In this case, an asymmetric encryption scheme is used to transmit a generated symmetric key to the other party, then that key is used for all further communications. This combines the scalability and key management features of the asymmetric algorithms with the speed of symmetric ones. The Secure Sockets Layer (SSL) protocol negotiates which asymmetric and symmetric algorithms to use in a hybrid system to protect TCP connections, such as an HTTP connection between a web browser and web server.
  • 16. Attributes of Strong Encryption  Confusion • Change key values each round • Performed through substitution • Complicates plaintext/key relationship  Diffusion • Change location of plaintext in cipher text • Done through transposition Strong encryption uses a combination of both of these attributes to attain a sufficiently complex algorithm.
  • 17. Symmetric Algorithms DES (Data Encryption Standard) • 64 bit key that is effectively 56 bits in strength • Actual algorithm is called DEA (Data Encryption Algorithm) • DES Modes • Electronic Code Book • Cipher Block Chaining (most commonly used for general purpose encryption) • Cipher Feedback • Output Feedback • Counter Mode (used in IPSec) 3DES • 112-bit effective key length • Uses either 2 or 3 different smaller keys in one of several modes • Modes • EEE2/3 • EDE2/3 AES • NIST replaced DES in 1997 with this • Uses the Rijndael algorithm • Supports key/block sizes of 128, 192, and 256 bits
  • 18. • Uses 10/12/14 rounds as block size increases IDEA (International Data Encryption Algorithm) • Operates on 64 bit blocks in 8 rounds with 128 bit key • Considered stronger than DES and is used in PGP Blowfish • 64 bit block cipher with up to 448 bit key and 16 rounds • Designed by Bruce Schneier. RC4 • Stream cipher with variable key size created by Ron Rivest RC5 • Another Rivest cipher • Block cipher with 32/64/128 bit blocks and keys up to 2048 bits RC6 • Beefier version of RC5 submitted as AES candidate CAST • 64 bit block cipher with keys between 40-128 bits with 12- 16 rounds depending on key length • CAST-256 used 128-bit blocks and keys from 128-256 bits using 48 rounds SAFER (Secure and Fast Encryption Routine)
  • 19. • Set of patent-free algorithms in 64 and 128 bit block variants • Variation used in Bluetooth Twofish • Adapted version of Blowfish with 128 bit blocks, 128-256 bit keys and 16 rounds • AES Finalist
  • 20. Asymmetric Algorithms Diffie-Hellman (1976) • First widely known public key cryptography algorithm • Computes discrete logarithms over a finite field • Provides means for secure key exchange over insecure channel RSA (1977) • Stands for inventors names, Rivest, Shamir, and Adleman • Relies on difficulty of finding prime factorization of large numbers El Gamal (1984) • Based on Diffie-Hellman method of computing discrete logarithms • Can also be used for message confidentiality and digital signature services Elliptic Curve Cryptography (1985) • Relies on computing discrete logarithms over elliptic curve group • Due to difficulty of problem, key sizes can be much smaller than RSA and still retain strength
  • 21. Hashing Algorithms  MD5 • Computes 128-bit hash value • Widely used for file integrity checking MD-5 is based on MD-4 and was created to address vulnerabilities found in MD-4. MD5 generates 128-bit hash values over 512-bit blocks in 4 rounds of 16 steps each.  SHA-1 • Computes 160-bit hash value • NIST approved message digest algorithm SHA-1 also operates on 512-bit blocks, but produces a 160-bit hash value in 4 rounds of 20 steps each.  HAVAL • Computes between 128 and 256 bit hash • Between 3 and 5 rounds  RIPEMD-160 • Developed in Europe published in 1996 • Patent-free  HAVAL was developed at the University of Wollongong in Australia. It has a number of different modes of operation based on the chosen output size and number of rounds. HAVAL operates on 1024-bit blocks.
  • 22.  RIPEMD-160 was developed by the European RACE integrity Primitives Evaluation Project. The output size is 160 bits and operates on 512-bit blocks. RIPEMD-160 performs 5 paired rounds with 16 steps each. Birthday Attack  Collisions • Two messages with the same hash value  Based on the “birthday paradox”  Hash algorithms should be resistant to this attack
  • 23. Message Authentication Codes  Small block of data generated with a secret key and appended to a message  HMAC (RFC 2104) • Uses hash instead of cipher for speed • Used in SSL/TLS and IPSec Traditional MAC is generated using DES-CBC and is just the last block of ciphertext created when encrypting the message itself. This can be appended to the plaintext to be used as a MAC. Unfortunately, DES and other encryption mechanisms can be somewhat slow compared to a hash function. So the HMAC standard was created which allows using a hash algorithm with a secret key “mixed in” to improve the speed while providing message integrity and authentication.
  • 24. Digital Signatures  Hash of message encrypted with private key  Digital Signature Standard (DSS) • DSA/RSA/ECD-SA plus SHA  DSS provides • Sender authentication • Verification of message integrity • Nonrepudiation The hash is encrypted instead of the message itself for performance reasons. Encrypting a large document with a private key is a much more time consuming process than taking the hash of the same message and then encrypting that hash. The Digital Signature Standard (DSS) includes the following asymmetric key and message digest algorithms.  Digital Signature Algorithm (DSA)  RSA  Elliptic Curve Distribution (Signature Algorithm)  SHA (Message Digest) DSS is a US government standard and is used in e-commerce, e-mail, and financial transactions on a daily basis.
  • 25. Encryption Management  Key Distribution Center (KDC) • Uses master keys to issue session keys • Example: Kerberos  ANSI X9.17 • Used by financial institutions • Hierarchical set of keys Higher levels used to distribute lower Encryption Management Features include: • Issuance (CA, KDC, Directory) • Revocation (CRL) • Recovery (Key Escrow) • Distribution (Directory) • History (Archival and Backup) KDC : Master key pairs are generated for each user and the KDC. A session key is generated by the KDC and distributes to each party of the communication, encrypted with their master key. ANSI X9.17 This standard defines up to three levels of keys:
  • 26. • KKMs : Master key-encrypting keys (distributed manually) • KKs : Key-encrypting keys DKs : Data keys
  • 27. Public Key Infrastructure (PKI)  All components needed to enable secure communication • Policies and Procedures • Keys and Algorithms • Software and Data Formats  Assures identity to users Provides key management features Policies and Procedures are the most difficult part of implementing a PKI. Key Management Features include: • Issuance (CA) • Revocation (CRL) • Recovery (Key Escrow) • Distribution (Directory) • History (Archival/Escrow)
  • 28. PKI Components  Digital Certificates • Contains identity and verification info  Certificate Authorities • Trusted entity that issues certificates  Registration Authorities • Verifies identity for certificate requests  Certificate Revocation List (CRL) Digital certificates adhere to the X.509 certificate standard format. Currently in version 3. CRLs are maintained by the CA and list all certificates that have been revoked. Clients are supposed to check if a certificate has been revoked before using it, but this is not always the case in practice. PKI Cross Certification  Process to establish a trust relationship between CAs  Allows each CA to validate certificates issued by the other CA Used in large organizations or business partnerships
  • 29. Cryptanalysis  The study of methods to break cryptosystems  Often targeted at obtaining a key  Attacks may be passive or active  Kerckhoff’s Principle The only secrecy involved with a cryptosystem should be the key  Cryptosystem Strength How hard is it to determine the secret associated with the system?  Brute force Trying all key values in the keyspace  Frequency Analysis Guess values based on frequency of occurrence  Dictionary Attack Find plaintext based on common words  Replay Attack Repeating previous known values  Factoring Attacks Find keys through prime factorization  Ciphertext-Only
  • 30.  Known Plaintext Format or content of plaintext available  Chosen Plaintext Attack can encrypt chosen plaintext  Chosen Ciphertext Decrypt known ciphertext to discover key  Differential Power Analysis Side Channel Attack Identify algorithm and key length  Social Engineering Humans are the weakest link  RNG Attack Predict IV used by an algorithm  Temporary Files May contain plaintext
  • 31. E-mail Security Protocols  Privacy Enhanced Email (PEM)  Pretty Good Privacy (PGP) • Based on a distributed trust model • Each user generates a key pair  S/MIME • Requires public key infrastructure • Supported by most e-mail clients PEM • First in the field, but never really caught on and was superseded by others such as S/MIME • Generally had too strict of PKI requirements to be feasible for many organizations. PGP • Uses a “web of trust” distributed trust model where each user is an authority • Key revocation is difficult due to the distributed nature of the web • Originally designed by Phil Zimmerman and released in 1991 S/MIME • Secure Multipurpose Internet Mail Extension
  • 32. • Standard for encrypting and signing electronic mail which extends the MIME standard • Uses X.509 certificates
  • 33. Network Security  Link Encryption • Encrypt traffic headers + data • Transparent to users  End-to-End Encryption • Encrypts application layer data only • Network devices need not be aware Link Encryption involves performing encryption at the physical or data link layers of the OSI network model to protect confidentiality of information within the communications channel only. The link routing information itself is encrypted and must be decrypted by each device along the channel to determine the next receiver, then re-encrypted when transmitted. Link encryption can thwart attempts at traffic analysis, although it is typically costly due to the need to have specialized routing equipment along the path. The users, however, can be blissfully ignorant of the details of the encryption involved. Satellite TV is an example of a medium that uses link encryption. End-to-end encryption, however, only encrypts the application layer data being transmitted. Network devices can be “dumb” with regard to the encryption used, while users may have more flexibility in selecting the algorithms. Because only the data is protected in transit, E2E encryption doesn’t enjoy the same resistance to traffic analysis as link encryption.  SSL/TLS
  • 34. • Supports mutual authentication • Secures a number of popular network services  IPSec • Security extensions for TCP/IP protocols • Supports encryption and authentication • Used for VPNs  Thanks For Reading  By: Sumit Sanjay Satam