APNIC elearning: Cryptography Basics

Similar documents
Cryptography. Cryptography is everywhere. German Lorenz cipher machine

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography MIS

Cryptographic Concepts

Computer Security: Principles and Practice

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

CSC 474/574 Information Systems Security

Cryptography and Network Security

Ref:

Introduction to Cryptography. Vasil Slavov William Jewell College

PROTECTING CONVERSATIONS

Symmetric, Asymmetric, and One Way Technologies

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptography (Overview)

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Introduction to information Security

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

CSC 774 Network Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Threat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Encryption. INST 346, Section 0201 April 3, 2018

CCNA Security 1.1 Instructional Resource

Network Security Essentials

KALASALINGAM UNIVERSITY

Cryptographic Systems

(2½ hours) Total Marks: 75

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CIS 4360 Secure Computer Systems Symmetric Cryptography

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Lecture 1 Applied Cryptography (Part 1)

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Winter 2011 Josh Benaloh Brian LaMacchia

Cryptography Functions

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography Introduction

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

1.264 Lecture 28. Cryptography: Asymmetric keys

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CSC/ECE 774 Advanced Network Security

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Symmetric Encryption. Thierry Sans

Authentication CHAPTER 17

Public Key Cryptography

EEC-484/584 Computer Networks

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Presented by: Kevin Hieb May 2, 2005

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Public Key Algorithms

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Delineation of Trivial PGP Security

Stream Ciphers and Block Ciphers

Crypto: Symmetric-Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

EEC-682/782 Computer Networks I

UNIT - IV Cryptographic Hash Function 31.1

Jaap van Ginkel Security of Systems and Networks

Classical Cryptography. Thierry Sans

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Introduction to Symmetric Cryptography

Security. Communication security. System Security

Basics of Cryptography

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

Computer Security CS 526

Computer Security 3/23/18

10EC832: NETWORK SECURITY

CSCE 813 Internet Security Symmetric Cryptography

Network Security. Chapter 8. MYcsvtu Notes.

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Introduction and Overview. Why CSCI 454/554?

Encryption Algorithms

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Scanned by CamScanner

Introduction to Cyber Security Week 2: Cryptography. Ming Chow

CRYPTOGRAPHY. BY, Ayesha Farhin

Garantía y Seguridad en Sistemas y Redes

Stream Ciphers and Block Ciphers

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

CS61A Lecture #39: Cryptography

Transcription:

APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6 DNS/DNSSEC Internet Resource Mgmt Reminder: Please take time to fill-up the survey 2 1

Overview What is Cryptography? Symmetric Key Algorithm Asymmetric Key Algorithm Block and Stream Cipher Hash Functions Digital Signature 3 Cryptography Has evolved into a complex science in the field of information security German Lorenz cipher machine 4 2

Cryptography Cryptography deals with creating documents that can be shared secretly over public communication channels Other terms closely associated Cryptanalysis (breaking an encoded data without the knowledge of the key) Cryptology (combination of cryptography and cryptanalysis) Cryptography is a function of plaintext and a cryptographic key C = F(P, k) Notation: Plaintext (P) Ciphertext (C) Cryptographic Key (k) 5 Typical Scenario Alice wants to send a secret message to Bob What are the possible problems? Data can be intercepted What are the ways to intercept this message? How to conceal the message? Old algorithms such as the substitution cipher 6 3

History: Ciphers Substitution cipher involves replacing an alphabet with another character of the same alphabet set Can be mono-alphabetic (single set for substitution) or polyalphabetic system (multiple alphabetic sets) Example: Caesar cipher, a mono-alphabetic system in which each character is replaced by the third character in succession Vigenere cipher, a poly-alphabetic cipher that uses a 26x26 table of characters 7 Transposition Cipher No letters are replaced, they are just rearranged. Rail Fence Cipher another kind of transposition cipher in which the words are spelled out as if they were a rail fence. 8 4

History: Rotor Machines (1870-1943) Hebern machine single rotor Enigma - 3-5 rotors Source: Wikipedia (image) 9 Modern Crypto Algorithm specifies the mathematical transformation that is performed on data to encrypt/decrypt Crypto algorithm is NOT proprietary Analyzed by public community to show that there are no serious weaknesses Explicitly designed for encryption 10 5

Encryption process of transforming plaintext to ciphertext using a cryptographic key Used all around us In Application Layer used in secure email, database sessions, and messaging In session layer using Secure Socket Layer (SSL) or Transport Layer Security (TLS) In the Network Layer using protocols such as IPSec Benefits of good encryption algorithm: Resistant to cryptographic attack They support variable and long key lengths and scalability They create an avalanche effect No export or import restrictions 11 Encryption and Decryption Plaintext ENCRYPTION ALGORITHM Ciphertext DECRYPTION ALGORITHM Plaintext Encryption Key Decryption Key 12 6

Symmetric Key Algorithm Uses a single key to both encrypt and decrypt information Also known as a secret-key algorithm The key must be kept a secret to maintain security This key is also known as a private key Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits. Examples of symmetric key algorithms: DES, 3DES, AES, IDEA, RC5, RC6, Blowfish 13 Symmetric Encryption Plaintext ENCRYPTION ALGORITHM Ciphertext DECRYPTION ALGORITHM Plaintext Encryption Key Decryption Key Shared Key Shared Key Symmetric Key Cryptography Same shared secret key 14 7

Symmetric Key Algorithms DES block cipher using shared key encryption, 56-bit 3DES (Triple DES) a block cipher that applies DES three times to each data block AES replacement for DES; it is the current standard RC4 variable-length key, stream cipher (generate stream from key, XOR with data) RC6 IDEA, Blowfish, etc 15 Symmetric Key Algorithms Symmetric Algorithm DES Triple DES (3DES) AES IDEA RC2 RC4 RC5 RC6 Blowfish Key Size 56-bit keys 112-bit and 168-bit keys 128, 192, and 256-bit keys 128-bit keys 40 and 64-bit keys 1 to 256-bit keys 0 to 2040-bit keys 128, 192, and 256-bit keys 32 to 448-bit keys Note: Longer keys are more difficult to crack, but more computationally expensive. 16 8

Data Encryption Standard (DES) Developed by IBM for the US government in 1973-1974, and approved in Nov 1976. Based on Horst Feistel s Lucifer cipher block cipher using shared key encryption, 56-bit key length Block size: 64 bits 17 Triple DES 3DES (Triple DES) a block cipher that applies DES three times to each data block Uses a key bundle comprising of three DES keys (K1, K2, K3), each with 56 bits excluding parity. DES encrypts with K1, decrypts with K2, then encrypts with K3 Disadvantage: very slow C i = E K 3 (D K 2 (E K1 (P i ))) 18 9

3DES: Illustration Plaintext ENCRYPT DECRYPT ENCRYPT Ciphertext Key 1 Key 2 Key 3 Note: If Key1 = Key2 = Key3, this is similar to DES Usually, Key1 = Key3 19 Advanced Encryption Standard (AES) Published in November 2001 Symmetric block cipher Has a fixed block size of 128 bits Has a key size of 128, 192, or 256 bits Based on Rijndael cipher which was developed by Joan Daemen and Vincent Rijmen Better suited for high-througput, low latency environments 20 10

Rivest Cipher RC Algorithm RC2 RC4 RC5 RC6 Description Variable key-sized cipher used as a drop in replacement for DES Variable key sized stream cipher; Often used in file encryption and secure communications (SSL) Variable block size and variable key length; uses 64-bit block size; Fast, replacement for DES Block cipher based on RC5, meets AES requirement 21 RC4 Most widely used stream cipher Popularly used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP) protocols Although simple and fast, it is vulnerable and can lead to insecure systems 22 11

Asymmetric Key Algorithm Also called public-key cryptography Keep private key private Anyone can see public key separate keys for encryption and decryption (public and private key pairs) Examples of asymmetric key algorithms: RSA, DSA, Diffie-Hellman, El Gamal, Elliptic Curve and PKCS 23 Asymmetric Encryption Plaintext ENCRYPTION ALGORITHM Ciphertext DECRYPTION ALGORITHM Plaintext Encryption Key Decryption Key Public Key Private Key Asymmetric Key Cryptography Different keys 24 12

Asymmetric Key Algorithm RSA the first and still most common implementation DSA specified in NIST s Digital Signature Standard (DSS), provides digital signature capability for authentication of messages Diffie-Hellman used for secret key exchange only, and not for authentication or digital signature ElGamal similar to Diffie-Hellman and used for key exchange PKCS set of interoperable standards and guidelines 25 Symmetric vs. Asymmetric Key Symmetric generally fast Same key for both encryption and decryption Asymmetric Can be 1000 times slower Uses two different keys (public and private) Decryption key cannot be calculated from the encryption key Key lengths: 512 to 4096 bits Used in low-volume 26 13

Hash Functions produces a condensed representation of a message (hashing) The fixed-length output is called the hash or message digest A hash function takes an input message of arbitrary length and outputs fixed-length code. Given x, we can compute the value f(x). Given f(x), it is hard to get the value of x. A form of signature that uniquely represents the data Collision-free Uses: Verifying file integrity - if the hash changes, it means the data is either compromised or altered in transit. Digitally signing documents Hashing passwords 27 Hash Functions Message Digest (MD) Algorithm Outputs a 128-bit fingerprint of an arbitrary-length input MD4 is obsolete, MD5 is widely-used Secure Hash Algorithm (SHA) SHA-1 produces a 160-bit message digest similar to MD5 Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec) SHA-256, SHA-384, SHA-512 are also commonly used, which can produce hash values that are 256, 384, and 512-bits respectively RIPEMD Derived from MD4, but performs like SHA RIPEMD-160 is the most popular version 28 14

Digital Signature A digital signature is a message appended to a packet The sender encrypts message with own private key instead of encrypting with intended receiver s public key The receiver of the packet uses the sender s public key to verify the signature. Used to prove the identity of the sender and the integrity of the packet 29 Digital Signature Process 1. Hash the data using one of the supported hashing algorithms (MD5, SHA-1, SHA-256) 2. Encrypt the hashed data using the sender s private key 3. Append the signature (and a copy of the sender s public key) to the end of the data that was signed) DATA MD5/SHA-1 HASH (DATA) PRIVATE KEY DIGITAL SIGNATURE 30 15

Signature Verification Process 1. Hash the original data using the same hashing algorithm 2. Decrypt the digital signature using the sender s public key. All digital signatures contain a copy of the signer s public key 3. Compare the results of the hashing and the decryption. If the values match then the signature is verified. If the values do not match, then the data or signature was probably modified. DATA MD5/SHA-1 HASH (DATA) MATCH? HASH (DIGITAL SIG) 31 APNIC Helpdesk Chat 32 16

Survey Link: http://surveymonkey.com/ s/apnic-20150513-el3 Slides are available for download from APNIC FTP. 33 Thank You! END OF SESSION 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback