Computer Security. Two main issues are current regarding security for computer communication systems
|
|
- Corey Jordan
- 5 years ago
- Views:
Transcription
1 Computer Security Two main issues are current regarding security for computer communication systems Data encryption User authentication Encryption and authentication between single users can be performed quite simply by ciphers and private keys etc. Once computer networks are involved the task takes on a new set of problems. The number of possible users is huge. Users with whom communication is required are often unknown. The only communication path to the user is often the path that needs to be secured. We will firstly look at a block cipher technique (DES), then a public key algorithm (RSA)
2 Data Encryption Standard (DES) This encryption system is of the conventional block cipher type. It has been certified by the US government and others as secure but not classified communications. It works on 64 bits of data at a time by using a 56 bit key.
3 64 bit Plaintext bit key... Initial Permutation Permuted choice 1 Iteration 1 K1 Permuted choice 2 Left circular shift Iteration 2 K2 Permuted choice 2 Left circular shift Iteration 16 K16 Permuted choice 2 Left circular shift 32 bit swap Inverse initial permutation bit ciphertext
4 64 bit Plaintext bit key... Initial Permutation Permuted choice 1 Iteration 1 K 1 Permuted choice 2 Left circular shift Iteration 2 K 2 Permuted choice 2 Left circular shift Iteration 16 K16 Permuted choice 2 Left circular shift 32 bit swap Inverse initial permutation bit ciphertext The 64 bits of data are first permuted using a function. This data is then permuted 16 times with subkey versions of the key which was also permuted on input. After a 32 bit swap the data is permuted in the reverse of the initial function. The sub keys are produced by a circular shift and a permutation.
5 Li-1 Ri-1 Ci-1 Di-1 Expansion/ permutation (E table) XOR Ki 48 Substitution/choice (S box) 32 Permutation Left shift Left shift Permutation/contraction XOR Li Ri Ci Di Concerns have been raised whether the S boxes are cryptographically strong.
6 Another worry is the fact that there are only 2 56 (7.2 x ) possible keys. If a computer could try one key each microsecond it would take over 1000 years to try half the keys. Lots of money (parallel processing) can crack the key (Assuming you know the data when you see it) Machine cost $100, $1,000, $10,000, Search time 35 hours 3.5 hours 21 minutes Plus development costs
7 An improvement over DES has been developed called Triple DES K1 K2 K1 Plaintext Encrypt Decrypt Encrypt Ciphertext K1 K2 K1 Ciphertext Decrypt Encrypt Decrypt Plaintext This gives the system an effective key length of 112 bits thus improving the security. 5.2 x combinations giving 8.2 x years to break at 1 microsecond per try for half the combinations.
8 Authentication If a message is encrypted then authentication is also performed when the message is correctly decoded. There are often times when we do not wish to encrypt but do need to authenticate the sender. Sending a message to a large number of destinations. They would all have to have the same correct key or individual correct keys. This in itself is a security risk. When high traffic at a destination means the time to decrypt all messages would be excessive.
9 Message Authentication Code (MAC) K Data Encrypt K Encrypt MAC COMPARE A code is produced from a key and the data to be sent The code is appended to the data before sending At the receive end the same procedure is performed The code is compared This is similar to generating and checking a CRC on a data frame where the generating polynomial is kept secret.
10 Hash Functions A hash function is a function that the data is passed through. It produces a code fingerprint identifying the data. H(x) = m H Hash function x data m hash code Apart from being able to handle the size of data passed to it efficiently, it must Have a one way property, ie you can generate the code from the data but not the data from the code. (Given m you can't find x) Alternative messages with the same hash code cannot easily be found. (Can't find y x where H(x) = H(y) Not easy to find two data sets with the same hash code (Can't find x & y where H(x) = H(y))
11 Data HASH HASH K K COMPARE Conventional encryption
12 Data HASH HASH Kprivate Kpublic COMPARE Public Key encryption
13 Data HASH COMPARE HASH Secret value
14 A simple hash function is an XOR of the data arranged into blocks with the number of columns equal to the hash code size b11 b21 b31 b41 b51 b61 b1m b2mb3m b4mb5m b6m bn1 bnm... c1 c2 c3 c4 c5 c6 cn c i = b i1 b i2... b im This type of hash has no cryptographic strength itself.
15 MD5 MD5 is a very common function algorithm 1. Data is padded to be 64 bits less than an integer multiple of 512 bits 2. The 64 bits at the end are used to contain the length of the data (LSBs of it). 3. Four buffers contain 128 bit, used to hold the hash code are initialised A = B = 89ABCDEF C = FEDCBA98 D =
16 4. The data is then processed 512 bits at a time Data Length ABCD Y 0 Y H MD5 H MD Y q Pad 512 Y L H MD5 H MD bit digest The data is broken up into 512 bit chunks and the MD5 algorithm applied
17 Y q 512 MD q A B C D ABCD <-f F (ABCD, Y q, T[1..16]) A B C D ABCD <-f G (ABCD, Y q, T[17..32]) A B C D ABCD <-f H (ABCD, Y q, T[33..48]) A B C D ABCD <-f I (ABCD, Y q, T[49..64]) MDq+1 128
18 The functions in the MD5 are F(X, Y,Z) = (X Y)+ ( X Z) G(X,Y, Z) = (X Y) + (Y Z ) H(X,Y, Z) = X Y Z I(X,Y, Z) = Y (X + Z ) 5. The output from this is the 128 bit digest The data is very well represented in the hash which produces a digest which satisfies the criteria for the hash. Before we look at public key encryption we should examine one more technique that is used very commonly. This is another algorithm for fast encryption of data for privacy.
19 RC4 (Rivest's Cipher 4) RC4 is a symmetric key algorithm, but instead of operating on a block of bits at a time, it operates on a bitstream. It operates with a variable-length key up to 256 bits. This cipher has a 256-entry substitution-box, the entries are permutations of the numbers 0 through 255, and the particular permutation is a function of the key. To initialise the box first fill it linearly so that S 0 =0, S 1 =1,, S 255 =255. Then fill another 256-byte array with the key, repeating the key as often as necessary to fill the whole array (K 0, K 1,, K 255 ). Set the index j = 0, then: For i = 0 to 255 j = (j + S i + K i ) mod 256 swap S i and S j
20 To generate a byte for encryption, first take two counters (i and j) initialized to zero, then: i = ( i + 1) mod 256 j = (j + S i ) mod 256 swap S i and S j t = (S i + S j ) mod 256 K = St The byte K is then XORed with the plaintext to produce ciphertext, or XORed with the ciphertext to produce the plaintext. Encryption is about 10 times faster than DES in software.
21 Public Key Encryption The system entails the generation of 2 keys for each participant A public key which is placed in a register where anyone may get a copy of it A private key that only the participant has access to Either key can be used to encrypt the data. The other key will then be used to decrypt it. The heart of the system is the mathematical algorithm that generates the related key pair. The cryptographic strength is related to the algorithm and the key length. The system can be used for privacy and/or authentication
22 Cryptanalyst X K Bpriv A B Message source X Encrypt Y Decrypt X Message dest K Bpub Key pair K Bpriv Public key system for privacy
23 Cryptanalyst K Apriv A B Message source X Encrypt Y Decrypt X Message dest K Apriv Key pair K Apub Public key system for authentication
24 RSA Public-Key Algorithm (Rivest, Shamir & Adleman) The system uses a block cipher for values < n For Plaintext M and Ciphertext C C = M e modulo n M = C d modulo n = (M e ) d modulo n = M ed modulo n Both sender and receiver know n, the sender knows e and the receiver knows d. Thus K pub = K{e,n} K priv = K{d,n}
25 It is possible to find e, d & n such that M=M ed modulo n for all M < n It is possible to calculate M e and C d for all M < n It is not easy to find d given e and n when e and n are large The values for e, d and n need to be carefully chosen.
26 Key generation Select n as the product of two prime numbers p & q We choose p = 11, q = 7 ( p and q might normally have 100's of digits) n = p x q = 11 x 7 = 77 Now choose e where e is relatively prime to (p-1) x (q-1) (relatively prime means they have no common factors except 1) (p-1) x (q-1) = (11-1) x (7-1) = 10 x 6 = 60 let us choose e = 7 For d we must find a number where (e x d) -1 = 0 modulo (p-1) x (q-1) This means (e x d) -1 is evenly divisible by (p-1) x (q-1) = 60 Choose d = 43 (e x d) -1 = (7 x 43)-1 = 300 (300 is divisible by 60) K pub = K{7,77} K priv = K{43,77}
27 Encrypt a message Lets send a simple message containing the letters of the alphabet number HELLO = 8, 5, 12, 12, 15 (In real life we would send messages containing much more than one letter.) To encrypt we multiply out the message 8 7 modulo 77, 5 7 modulo 77, 12 7 modulo 77, 12 7 modulo 77, 15 7 modulo 77 = 57, 47, 12, 12, 71
28 Decrypt a message 57, 47, 12, 12, 71 is received Remember our keys were K pub = K{7,77} K priv = K{43,77} We now raise these received numbers to 43rd power modulo modulo 77, 4743modulo 77, 1243modulo 77, 1243modulo 77, 7143modulo 77 = 8, 5, 12, 12, 15 = HELLO The original message!!
29 These calculations results in large numbers (especially if you try it on your calculator) Eg But it can be made simpler (computers can use this technique as well). Write it as a sum of powers of = = x 71 8 x 71 2 x 71 1 Now 71 2 = 5041 = 36 modulo 77 Similarly 71 8 = (71 2 ) 4 = = (71 2 ) 16 = So = x 36 4 x 36 x 71 modulo 77
30 71 43 = x 36 4 x 36 x 71 modulo 77 We can continue further 36 2 = 1296 = 64 modulo 77 and so 36 4 = (36 2 ) 2 = 64 2 modulo = (36 2 ) 8 = 64 8 modulo 77 so = 64 8 x 64 2 x 36 x 71 modulo 77 continuing we get = 64 8 x 64 2 x 36 x 71 modulo 77 = 15 4 x 15 x 36 x 71 modulo 77 = 71 2 x 15 x 36 x 71 modulo 77 = 36 x 15 x 36 x 71 modulo 77 = 15 modulo 77 = 15 the correct answer.
31 This encryption and authentication process works well when each partner has the appropriate keys. I can verify that it is you sending me data by using your public key. But how do I know the key that I am using is really YOUR public key and not the key of an imposter. If you send me a copy of it (a) I don't know it is you sending it (b) Someone may intercept it on the way and tamper with it To solve these problems protocols have been developed. We will examine the most popular which is used for secure internet communications.
32 SSL (Secure Socket Layer) This protocol was developed by Netscape for use in their WWW browser. It has since found use in many applications and is the present standard for secure WWW commerce (ecommerce) for all browsers (even IE4). HTTP LDAP IMAP Application layer SSL Network layer TCP/IP HTTP LDAP IMAP HyperText Transport Protocol Lightweight DirectoryAccess Protocol Internet Messaging Access Protocol It can Authenticate the server to the client. Allow the client and server to select the cryptographic algorithms that they both support. Optionally authenticate the client to the server. Use public-key encryption techniques to generate shared secrets. Establish an encrypted SSL connection.
33 Data from Netscape - another good site is Strength category and recommended use Cipher suites Strongest cipher suite. Permitted for deployment within the United States only. This cipher suite is appropriate for banks and other institutions that handle highly sensitive data. Cipher Suites Triple DES, which supports 168-bit encryption,with SHA-1 message authentication. Triple DES is the strongest cipher supported by SSL, but it is not as fast as RC4. Triple DES uses a key three times as long as the key for standard DES. Because the key size is so large, there are more possible keys than for any other cipher-- approximately 3.7 * Both SSL 2.0 and SSL 3.0 support this cipher suite. SHA-1 is a Secure Hash Algorithm similar to MD5
34 Strong cipher suites. Permitted for deployments within the United States only (now released to the world). These cipher suites support encryption that is strong enough for most business or government needs. RC4 with 128-bit encryption and MD5 message authentication. Because the RC4 and RC2 ciphers have 128-bit encryption, they are the second strongest next to Triple DES (Data Encryption Standard), with 168-bit encryption. RC4 and RC2 128-bit encryption permits approximately 3.4 * 1038 possible keys, making them very difficult to crack. RC4 ciphers are the fastest of the supported ciphers. Both SSL 2.0 and SSL 3.0 support this cipher suite. RC2 with 128-bit encryption. RC2 ciphers are slower than RC4 ciphers. This cipher suite is supported by SSL 2.0 but not by SSL 3.0. DES, which supports 56-bit encryption, with SHA-1 message authentication. DES is stronger than 40-bit encryption, but not as strong as 128- bit encryption. DES 56-bit encryption permits approximately 7.2 * 1016 possible keys. Both SSL 2.0 and SSL 3.0 support this cipher suite, except that SSL 2.0 uses MD5 rather than SHA-1 for message authentication.
35 Exportable(old) (from US)cipher suites. These cipher suites are not as strong as those listed above, but may be exported to most countries (note that France permits them for SSL but not for S/MIME). They provide the strongest encryption available for exportable products. RC4 with 40-bit encryption and MD5 message authentication. RC4 40-bit encryption permits approximately 1.1 * (a trillion) possible keys. RC4 ciphers are the fastest of the supported ciphers. Both SSL 2.0 and SSL 3.0 support this cipher. RC2 with 40-bit encryption and MD5 message authentication. RC2 40-bit encryption permits approximately 1.1 * (a trillion) possible keys. RC2 ciphers are slower than the RC4 ciphers. Both SSL 2.0 and SSL 3.0 support this cipher.
36 Weakest cipher suite. This cipher suite provides authentication and tamper detection but no encryption. Server administrators must be careful about enabling it, however, because data sent using this cipher suite is not encrypted and may be accessed by eavesdroppers. No encryption, MD5 message authentication only. This cipher suite uses MD5 message authentication to detect tampering. It is typically supported in case a client and server have none of the other ciphers in common. This cipher suite is supported by SSL 3.0 but not by SSL 2.0.
37 The heart of SSL is the "handshake" Client Server 1. The client contacts a secure web server (HTTPS) with SSL version, cipher settings, etc Server Client 2. The server responds with its certificate and information about itself (SSL version, cipher settings etc) The client attempts to authenticate the server from the certificate it was sent. We need to see the contents of the certificate first.
38 Server s public key Certificate serial # Certificate expiry Server s DN Issuer s DN Issuer s digital signature The certificate contains the servers public key plus information about the certificate including the distinguished name (DN) of the server. It also has the DN of an issueing Certifying Authority (CA) and a digital signature from this CA. A CA is a respected company or authority that deals in accrediting the identity of web server sites.
39 Server s public key Certificate serial # Certificate expiry Server s DN Issuer s DN Issuer s digital signature Your web browser will already have certificates (containing public keys) from these CAs and more may be added. The correct public key for the CA who signed the server's certificate is used to authenticate the digital signature (which was encrypted using the CA's private key). If the expected DN of the server is revealed then the certificate must be authentic. This therefore forms a letter of introduction, for the server, from the CA.
40 For full authentication the client must verify Is the date of the certificate valid Is the CA a trusted CA Does the CA's public key validate the digital signature Does the domain name in the server's DN match the domain name the certificate was sent from. (This is to prevent a "man-in-the-middle" attack)
41 Client Server 3. The client now uses the public key of the server to encrypt a "premaster secret" which it sends to the server. If the server has requested client authentication the client will also send its certificate containing its public key to the server. The server will perform authentication on the clients certificate. 4. The server takes the premaster secret from the client and performs a number of steps with it to create a "master secret". The client also does the same thing. Now both server and client have the same shared master secret. 5. Server and client both create a session key from the master secret
42 6. Both server and client send messages to each other saying that the handshake is complete. Further communication is now conducted using a symetric key cipher (RC4 for example, 40 bits or 128 bits, or another supported cipher.) Symetric key ciphers are much faster than public key encryption. Public key encryption must use a very large key to achieve crytpographic strength. (Typically more than 500 bits) This makes it slow for general data encryption.
43 Certificates Certificates used in SSL conform to the X.509 certificate standard. Certificate: Data: Version: v3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: PKCS #1 MD5 With RSA Encryption Issuer: OU=Ace Certificate Authority, O=Ace Industry, C=US Validity: Not Before: Fri Oct 17 18:36: Not After: Sun Oct 17 18:36: Subject: CN=Jane Doe, OU=Finance, O=Ace Industry, C=US Subject Public Key Info: Algorithm: PKCS #1 RSA Encryption Public Key: Modulus: 00:ca:fa:79:98:8f:19:f8:d7:de:e4:49:80:48: e6:2a:2a:86:ed:27:40:4d:86:b3:05:c0:01:bb: 50:15:c9:de:dc:85:19:22:43:7d:45:6d:71:4e: 17:3d:f0:36:4b:5b:7f:a8:51:a3:a1:00:98:ce: 7f:47:50:2c:93:36:7c:01:6e:cb:89:06:41:72: b5:e9:73:49:38:76:ef:b6:8f:ac:49:bb:63:0f: 9b:ff:16:2a:e3:0e:9d:3b:af:ce:9a:3e:48:65: de:96:61:d5:0a:11:2a:a2:80:b0:7d:d8:99:cb: 0c:99:34:c9:ab:25:06:a8:31:ad:8c:4b:aa:54: 91:f4:15 Public Exponent: (0x10001) Extensions: Identifier: Certificate Type Critical: no Certified Usage: SSL Client Identifier: Authority Key Identifier Critical: no Key Identifier: f2:f2:06:59:90:18:47:51:f5:89:33:5a:31:7a: e6:5c:fb:36:26:c9 Signature: Algorithm: PKCS #1 MD5 With RSA Encryption Signature: 6d:23:af:f3:d3:b6:7a:df:90:df:cd:7e:18:6c: 01:69:8e:54:65:fc:06:30:43:34:d1:63:1f:06: 7d:c3:40:a8:2a:82:c1:a4:83:2a:fb:2e:8f:fb: f0:6d:ff:75:a3:78:f7:52:47:46:62:97:1d:d9: c6:11:0a:02:a2:e0:cc:2a:75:6c:8b:b6:9b:87: 00:7d:7c:84:76:79:ba:f8:b4:d2:62:58:c3:c5: b6:c1:43:ac:63:44:42:fd:af:c8:0f:2f:38:85: 6d:d6:59:e8:41:42:a5:4a:e5:26:38:ff:32:78: a1:38:f1:ed:dc:0d:31:d1:b0:6d:67:e9:46:a8: dd:c4
44 CA verification is often performed in a hierarchical chain Root CA Ozzy CA Check signed by Root CA Honest Bob s CA My Cert Check signed by Ozzy CA Check signed by Honest Bob s CA The chain must be authenticated until a trusted CA is found in the browser certificate database.
CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More information6 Cryptographic Techniques A Brief Introduction
6 Cryptographic Techniques A Brief Introduction 6.1 Introduction to Cryptography 6.2 Symmetric Encryption 6.3 Asymmetric (Public-Key) Encryption 6.4 Digital Signatures 6.5 Public Key Infrastructures Literature:
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationCRYPTOGRAPHY & DIGITAL SIGNATURE
UNIT V CRYPTOGRAPHY & DIGITAL SIGNATURE What happens in real life? We have universal electronic connectivity via networks of our computers so allowing viruses and hackers to do eavesdropping. So both the
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationGarantía y Seguridad en Sistemas y Redes
Garantía y Seguridad en Sistemas y Redes Tema 2. Cryptographic Tools Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationIntroduction to Cryptography and Security Mechanisms. Abdul Hameed
Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationCSC 8560 Computer Networks: Network Security
CSC 8560 Computer Networks: Network Security Professor Henry Carter Fall 2017 Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationPublic Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA
Public Key Cryptography, OpenPGP, and Enigmail Cryptography is the art and science of transforming (encrypting) a message so only the intended recipient can read it Symmetric Cryptography shared secret
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationEncryption I. An Introduction
Encryption I An Introduction Reading List ADO and SQL Server Security A Simple Guide to Cryptography Protecting Private Data with the Cryptography Namespaces Using MD5 to Encrypt Passwords in a Database
More informationPublic Key Cryptography
Public Key Cryptography Giuseppe F. Italiano Universita` di Roma Tor Vergata italiano@disp.uniroma2.it Motivation Until early 70s, cryptography was mostly owned by government and military Symmetric cryptography
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity WHAT IS NETWORK SECURITY? Con dentiality: only
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationASYMMETRIC CRYPTOGRAPHY
ASYMMETRIC CRYPTOGRAPHY CONTENT: 1. Number Theory 2. One Way Function 3. Hash Function 4. Digital Signature 5. RSA (Rivest-Shamir Adleman) References: 1. Applied Cryptography, Bruce Schneier 2. Cryptography
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationSECURITY IN NETWORKS 1
SECURITY IN NETWORKS 1 GOALS Understand principles of network security: Cryptography and its many uses beyond con dentiality Authentication Message integrity 2. 1 WHAT IS NETWORK SECURITY? Con dentiality:
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationChapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads
Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationCS61A Lecture #39: Cryptography
Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More information