Cryptography

June 3, 2016 | Author: PrasadColleges | Category: Types, Presentations
Share Embed Donate


Short Description

"Secret code" redirects here. For the Aya Kamiki album, see Secret Code. "Cryptology" redirects her...

Description

Cryptographic  Algorithms 14th May 2012

P.R.Lakshmi Eswari e-Security Team C-DAC Hyderabad

Network Security



What is it ?



Why do we need it ?



How is it provided ?

Network Security



What is it ?



Why do we need it ?



How is it provided ?

Network Security Issues

 Normal Flow

Network Security Issues

 Normal Flow

Interruption

Network Security Issues

 Normal Flow

Modification

Interruption

Network Security Issues

 Normal Flow

Modification

Interruption

Interception

Network Security Issues

 Normal Flow

Modification

Fabrication

Interruption

Interception

Network Security Issues

 Normal Flow

Interruption

Modification

Interception  No!

Get it?

Sent it?

 No! Fabrication

Repudiation

Network Security Services

Availability Requirement

Modification

Interception  No!

Get it?

Sent it?

 No! Fabrication

Repudiation

Network Security Services

Availability Requirement

Integrity Interception  No!

Get it?

Sent it?

 No! Fabrication

Repudiation

Network Security Services

Availability Requirement

Integrity

Confidentiality  No!

Get it?

Sent it?

 No! Fabrication

Repudiation

Network Security Services

Availability Requirement

Integrity

Confidentiality  No!

Get it?

Authenticity

Sent it?

 No! Repudiation

Network Security Services

Availability Requirement

Integrity

Confidentiality

Authenticity

Non Repudiation

Security Mechanisms



Confidentiality

- Encryption



Integrity

- Hashing

 Authentication

- Digital Certificates

 

Non-Repudiation - Digital Signatures

Cryptographic Algorithms

Types of Cryptographic algorithms Secret key cryptography or Symmetric Key Public key cryptography or Asymmetric Key Hash functions

Symmetric Cryptography

Asymmetric Cryptography

Types of Cryptosystems 

Secret Key or Symmetric Cryptography DES, IDEA, AES etc

Advantages: fast, cipher text secure

Disadvantages: must distribute key in advance, key must not be divulged 

Public-key or Asymmetric Cryptography RSA, Diffie-Hellman key agreement protocol etc

Advantages: public key widely distributable, does digital signatures

Disadvantages: slow

Secret Key Algorithms Shared Secret Key

Decryption algorithm

Encryption algorithm

Plain text input

Transmitted Cipher text

Confidentiality

Plain text output

Secret Key Encryption Types



Block Cipher: Operates on a block of message or plaintext at a time Ex: DES, IDEA)

Data Encryption Standard (DES) 56-bit Key

64-bit 48-bitInput K1

Generate keys Permutation Round 1 Round 2 …...

Round 16 Swap Permutation 64-bit Output

Initial Permutation 48-bit K1 48-bit K2 48-bit K16

Swap 32-bit halves Final Permutation

Secret Key Encryption Triple DES 

Uses 3 keys and 3 executions of DES algorithm. Key1 Encrypt

Plain text

Decrypt

Key3 Encrypt

Encryption Key3

Cipher text

Key2

Decrypt

Key2 Encrypt

Decryption

Cipher text

Key1 Decrypt

Plain text

Secret Key Encryption Other Secret key algorithms IDEA (International Data Encryption  Algorithm) 

128 bit key, 8 rounds

Blowfish 



Variable key length. (up to 448 bits). Generally 128 bit key used. 16 rounds. Easy to implement and high execution speed.

Secret Key Encryption Other Secret key algorithms 



CAST 128 

Key size between 40 and 128 bits.



F varies from round to round.

 AES (Advanced Encryption Standard) 

Variable block length (128, 192, 256 bits)



Variable key length (128, 192, 256 bits)



Ease of implementation in software and hardware.

Secret Key Encryption Stream Cipher 





 A pseudo random no. generator continuously generates bits known as running key or keystream. xoring the keystream to the plain text produces the cipher text. e.g. RC4, SEAL, A5/1 (used in GSM)

Secret Key Encryption Stream Cipher key

Keystream generator

Encryption

key

Keystream generator

plaintext

+

ciphertext

ciphertext

+

plaintext

Decryption Keystream Generator is a pseudo random generator like linear feedback shift register

Key Distribution 

 

Symmetric schemes require both parties to share a common secret key Issue is how to securely distribute this key Often secure system failure due to a break in the key distribution scheme

Public Key Cryptography



Uses two keys: private & public



Used for  

Confidentiality



 Authentication



Key distribution

Public Key Cryptography

Confidentiality 



The sender encrypts using public key of receiver Only the receiver can decrypt the cipher message with his private key

Public Key Algorithms

Public key ring Private Key

Decryption algorithm

Encryption algorithm

Plain text input

Transmitted Cipher text

Confidentiality

Plain text output

Public Key Cryptography

RSA 

Key Generation 

Select prime no.’s p & q



Calculate n = p x q



Calculate





(n) = (p-1)(q-1)

Select integer e such that e is relatively prime to (n) Calculate d = e-1mod

(n)

(d = multiplicative inverse of e) 

Public Key = {e, n} Private Key = {d, n}

Public Key Cryptography RSA Encryption 

Plaintext M < n



Cipher text C = Me(mod n)

Decryption  – 

 – 

Cipher text C Plaintext M = Cd(mod n)

Cryptography Strength of Cryptographic Algorithms Identify the weakest links 

Key length: key can be broken by brute force attack. For a 32 bit key max. possible combinations is 232. Hence size of key is crucial.  

Symmetric algorithms: key sizes currently used is 128 bits Public key algorithms: require much larger key sizes since an extra structure i.e. public key is available to cryptanalyst. Hence keys with 1024 bits and more are safer.

Public Key Algorithms Public key ring

Private Key

Decryption algorithm

Encryption algorithm

Plain text input

Transmitted Cipher text

Authentication

Plain text output

Public Key Algorithms

Public key ring

Private Key

Session key

Encryption algorithm

encrypted key

Decryption algorithm

Key Exchange

Shared session key

Key Management Diffie-Hellman Key Exchange 



Enables 2 users to exchange a secret key securely that can be used for subsequent encryption of messages. If p is prime no., its primitive root a is such that a mod p, a2 mod p, …ap-1 mod p are distinct integers from 1 to p-1 in some permutation.

Public Key Cryptography Diffie Hellman key exchange

User A

prime p primitive root random no. x

prime p primitive root random no. y

Public key pk1 = xmod p

Public key pk2 = ymod p

Secret Key pk2xmod p K = pk 2 = xymod p

Secret Key ymod 1 K = pk1pk p = xymod p

User B

Symmetric vs. Asymmetric



 Asymmetric 

Fastest implementation of RSA (asymmetric) can encrypt kilobits/sec 



2048-bit key

Symmetric 

Fastest implementation of DES (symmetric) can encrypt megabits/sec 

56-bit key

The Hybrid Model Very common practice: hybrid symmetric and asymmetric 



 Asymmetric encryption is used to share a secret key, which is then used for symmetric encryption  Advantages 

Speed of symmetric, flexibility of asymmetric

Integrity 



Encryption protects only against passive attack. Integrity 

 A message digest is computed which is appended to message using hash functions.

Hash Functions  A public function that maps a plaintext message of any length into a fixed length hash value used as the authenticator 

Pros 

One way transformation



Offers integrity without the cost of encryption





Message can be read when authentication is unnecessary

Cons 

No Confidentiality



Can be altered by attackers to match altered message

Integrity Secure Hash Algorithm (SHA-1) 

Takes input as 512 bit blocks and produces 160 bit message digest.

Original message

zero padding

512 x m bits

message length

64 bits

Authentication Digital Signatures 







 An authentication mechanism which enables the creator of a message to attach a code that acts as a signature Encrypt a small block of bits that is a function of the document (authenticator), using sender’s private key. This serves as signature that verifies origin and content. SHA-1 can be used as this function.

Digital Certificates 



 An answer to Internet trust problem Trusted 3rd parties issue certificates to people or companies who prove their ID

Digital Certificates  – Manage key  



Used for distribution of public keys. Public key certificate consisting of public key and user ID of key owner is signed by a trusted third party. The third party is called Certificate  Authority(CA).

Digital Certificates 

 A Digital Certificate typically contains    

  

Owner’s public key Owner’s name Expiration date of the public key Name of the issuer (CA that issued the Digital ID) Serial number of the Digital ID Digital signature of the issuer X.509

X.509 Authentication Service 

Part of CCITT X.500 directory service standards 



Defines framework for authentication services   

 

distributed servers maintaining some info database directory may store public-key certificates  with public key of user signed by certification authority

 Also defines authentication protocols Uses public-key crypto & digital signatures 

algorithms not standardised, but RSA recommended

X.509 Certificates 



Issued by a Certification Authority (CA), containing:   version (1, 2, or 3) serial number (unique within CA) identifying certificate  signature algorithm identifier  issuer X.500 name (CA)  period of validity (from - to dates)  subject X.500 name (name of owner)  subject public-key info (algorithm, parameters, key)  issuer unique identifier (v2+)  subject unique identifier (v2+)  extension fields (v3)  signature (of hash of all fields in certificate)  Notation CA denotes certificate for A signed by CA

X.509 Certificates

Network Security Protocols



What is a protocol ?



Why do we need a network security protocol ? 

 Authentication



Data integrity



Confidentiality



Key exchange



Cipher Suite Negotiation

Protocol Layers Where to Implement Security? 

TCP/IP protocol stack 

 Application Layer



Transport Layer



Network Layer



Link Layer

Deployment of Cryptography Application-Layer Encryption Application Layers (5-7)

Network-Layer Encryption Transport/Network Layers (3-4)

Link/Physical Layers (1-2)

Link-Layer Encryption

Link-Layer Encryption

Evolution of Security Protocols

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF