Upload File

cryptography

45
Cryptography Chapter 14

Upload: aurora

Post on 09-Feb-2016

24 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

Cryptography. Chapter 14. Learning Objectives. Understand the basics of algorithms and how they are used in modern cryptography Identify the differences between asymmetric and symmetric algorithms - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Cryptography

Cryptography

Chapter 14

Page 2: Cryptography

Learning Objectives

Understand the basics of algorithms and how they are used in modern cryptography

Identify the differences between asymmetric and symmetric algorithms

Have a basic understanding of the concepts of cryptography and how they relate to network security

continued…

Page 3: Cryptography

Learning Objectives

Discuss characteristics of PKI certificates and the policies and procedures surrounding them

Understand the implications of key management and a certificate’s lifecycle

Page 4: Cryptography

Cryptography

Study of complex mathematical formulas and algorithms used for encryption and decryption

Allows users to transmit sensitive information over unsecured networks

Can be either strong or weak

Page 5: Cryptography

Cryptography Terminology

Plaintext Data that can be read without any manipulation

Encryption Method of disguising plaintext to hide its substance

Ciphertext Plaintext that has been encrypted and is an unreadable

series of symbols and numbers

Page 6: Cryptography

How Encryption and Decryption Work

Page 7: Cryptography

Algorithms

Mathematical functions that work in tandem with a key

Same plaintext data encrypts into different ciphertext with different keys

Security of data relies on: Strength of the algorithm Secrecy of the key

Page 8: Cryptography

Hashing

Method used for verifying data integrity Uses variable-length input that is

converted to a fixed-length output string (hash value)

Page 9: Cryptography

Symmetric versus Asymmetric Algorithms

Type of Algorithm

Advantages Disadvantages

Symmetric Single key Requires sender and receiver to agree on a key before transmission of dataSecurity lies only with the keyHigh cost

Asymmetric Encryption and decryption keys are differentDecryption key cannot be calculated from encryption key

Security of keys can be compromised when malicious users post phony keys

Page 10: Cryptography

Symmetric Algorithms

Usually use same key for encryption and decryption

Encryption key can be calculated from decryption key and vice versa

Require sender and receiver to agree on a key before they communicate securely

Security lies with the key Also called secret key algorithms, single-key

algorithms, or one-key algorithms

Page 11: Cryptography

Encryption Using aSymmetric Algorithm

Page 12: Cryptography

Categories of Algorithms

Stream algorithms Operate on the plaintext one bit at a time

Block algorithms Encrypt and decrypt data in groups of bits,

typically 64 bits in size

Page 13: Cryptography

Asymmetric Algorithms

Use different keys for encryption and decryption

Decryption key cannot be calculated from the encryption key

Anyone can use the key to encrypt data and send it to the host; only the host can decrypt the data

Also known as public key algorithms

Page 14: Cryptography
Page 15: Cryptography

Common Encryption Algorithms

Lucifer (1974) Diffie-Hellman

(1976) RSA (1977) DES (1977)

Triple DES (1998) IDEA (1992) Blowfish (1993) RC5 (1995)

Page 16: Cryptography

Primary Functions of Cryptography

Confidentiality Authentication Integrity Nonrepudiation

Page 17: Cryptography

Digital Signatures

Based on asymmetric algorithms, allow the recipient to verify whether a public key belongs to its owner

Page 18: Cryptography
Page 19: Cryptography

Certificates

Credentials that allow a recipient to verify whether a public key belongs to its owner Verify senders’ information with identity

information that is bound to the public key Components

Public key One or more digital signatures Certificate information (eg, user’s name, ID)

Page 20: Cryptography

Public Key Infrastructure (PKI) Certificates

Certificate storage facility that provides certification management functionality (eg, ability to issue, revoke, store, retrieve, and trust certificates)

Certification authority (CA) Primary feature of PKI Trusted person or group responsible for issuing

certificates to authorized users on a system Creates certificates and digitally signs them using a

private key

Page 21: Cryptography

PKI Policies and Practices

Validity establishes that a public key certificate belongs to its owner

CA issues certificates to users by binding a public key to identification information of the requester

User can manually check certificate’s fingerprint

Page 22: Cryptography

PKI Revocation

Certificates have a restricted lifetime; a validity period is created for all certificates

Certificate revocation list (CRL) Communicates which certificates within a PKI

have been revoked

Page 23: Cryptography

Trust Models

Techniques that establish how users validate certificates Direct trust Hierarchical trust Web of trust

Page 24: Cryptography

Direct Trust Model

User trusts a key because the user knows where it came from

Page 25: Cryptography

Hierarchical Trust Model

Based on a number of root certificates

Page 26: Cryptography
Page 27: Cryptography

Web of Trust

Combines concepts of direct trust and hierarchical trust

Adds the idea that trust is relative to each requester

Central theme: the more information available, the better the decision

Page 28: Cryptography

Key and Certificate Life Cycle Management

Setup or initialization Administration of issued keys and

certificates Certificate cancellation and key history

Page 29: Cryptography

Setup and Initialization

Registration Key pair generation Certificate creation Certificate distribution Certificate dissemination Key backup

Page 30: Cryptography

Registration

User requests certificate from CA CA verifies identity and credentials of user Certificate practice statement

Published document that explains CA structure to users

Certificate policy establishes: Who may serve as CA What types of certificates may be issued How they should be issued and managed

Page 31: Cryptography

Key Pair Generation

Involves creation of one or more key pairs using different algorithms

Dual or multiple keys are often utilized to perform different roles to support distinct services

Key pair can be restricted by policy to certain roles based on usage factors

Multiple key pairs usually require multiple certificates

Page 32: Cryptography

Certificates

Distinguished name (DN) Unique identifier that is bound to a certificate

by a CA Uses a sequence of character(s) that is unique

to each user Appropriate certificate policies govern

creation and issuance of certificates

Page 33: Cryptography

Certificate Dissemination Techniques

Securely make certificate information available to requester without too much difficulty Out-of-band distribution In-band distribution Publication Centralized repositories with controlled access

Page 34: Cryptography

Key Backup

Addresses lost keys Helps recover encrypted data Essential element of business continuity

and disaster recovery planning

Page 35: Cryptography

Key Escrow

Key administration process that utilizes a third party

Initialization phase involves: Certificate retrieval and validation Key recovery and key update

Page 36: Cryptography

Cancellation Procedures

Certificate expiration Certificate revocation Key history Key archive

Page 37: Cryptography

Certificate Expiration

Occurs when validity period of a certificate expires

Options upon expiration Certificate renewal Certificate update

Page 38: Cryptography

Certificate Revocation

Implies cancellation of a certificate prior to its natural expiration

Revocation delay Delay associated with the revocation

requirement and subsequent notification

Page 39: Cryptography

Certificate Revocation

How notification is accomplished Certificate revocation lists (CRLs) CRL distribution points Certificate revocation trees (CRTs) Redirect/Referral CRLs

Notification is unnecessary for: Short certificate lifetimes Single-entity approvals

Page 40: Cryptography

Key History

Deals with secure and reliable storage of expired keys for later retrieval to recover encrypted data

Applies more to encryption keys than signing keys

Page 41: Cryptography

Key Archive

Service undertaken by a CA or third party to store keys and verification certificates

Meets audit requirements and handles resolution of disputes when used with other services (eg, time stamping and notarization)

Page 42: Cryptography

Setting up an Enterprise PKI

Extremely complex task with enormous demands on financial, human, hardware, and software resources

Areas to explore Basic support Training Documentation issues

Page 43: Cryptography

Areas to Explore in Detail When Setting up an Enterprise PKI

Support for standards, protocols, and third-party applications

Issues related to cross-certification, interoperability, and trust models

Multiple key pairs and key pair uses How to PKI-enable applications and client-

side software availability

continued…

Page 44: Cryptography

Areas to Explore in Detail When Setting up an Enterprise PKI

Impact on end user for key backup, key or certificate update, and nonrepudiation services

Performance, scalability, and flexibility issues regarding distribution, retrieval, and revocation systems

Physical access control to facilities

Page 45: Cryptography

Chapter Summary

Ways that algorithms and certificate mechanisms are used to encrypt data flows

Concepts of cryptography Key and certificate life cycle management


Applied Cryptography Spring 2015 GSM and cryptography

Slide #8-1 Chapter 8: Basic Cryptography Classical Cryptography Public Key Cryptography Cryptographic Checksums

Notes on cryptography · Notes on cryptography ... 5 Public-key cryptography: RSA and El-Gamal 83 ... 1.2 Steganography and cryptography

Post-Quantum Cryptography: Lattice-Based Cryptography and

Chapter 3 Cryptography - Reading & Learning...Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication

Cryptography -

(Continue) Cryptography - University of Washington · 2013-02-05 · Cryptography: Now on to asymmetric cryptography HW2 out soon (on cryptography) (Reminder:) Symmetric Cryptography

Cryptography and Network Security, part I: Basic cryptography

Beginning Cryptography With Java - Symmetric Key Cryptography

Part I Quantum cryptography - Masaryk University · 2019-09-05 · Part I Quantum cryptography. QUANTUM CRYPTOGRAPHY ... As an introduction to quantum cryptography the very basic

Chapter 8 - Cryptography. Cryptography General Concepts

CS 4770: Cryptography CS 6750: Cryptography and ... · ... Introduction to Modern Cryptography. J. Katz and Y. Lindell 2. ... •Modern cryptography ... We have also used materials

Cryptography Gerard Klonarides. What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography

Quantum computing, teleportation, cryptography Computing Teleportation Cryptography

Cryptography - A Reviewweb.cse.msstate.edu/~ramkumar/review1.pdfSymmetric Cryptography Asymmetric Cryptography Key Management Network Security Symmetric Cryptography Overview Block

Cryptography and Security in Wireless Sensor …Cryptography Cryptography De nition Cryptography is the study of mathematical techniques related to aspects of information security

Cryptography or Smalltalkers 2 Public Key Cryptography

ECE578 Cryptography 5: Hash Functions, Asymmetric Cryptography

CS 4770: Cryptography CS 6750: Cryptography and

Quantum cryptography CS415 Biometrics and Cryptography UTC/CSE

Elliptic Curve Cryptography based Threshold Cryptography (ECC- TC)

1 Lecture 2: Introduction to Cryptography Outline uses of cryptography secret key cryptography public key cryptography message digests

Bronson Jastrow. Outline What is cryptography? Symmetric Key Cryptography Public Key Cryptography How Public Key Cryptography Works Authenticating

Cryptography - Number Theory an Related Alghoritm in Cryptography

Basic Cryptography - Sapienzaparisi/Risorse/CryptographicPrimitives.pdf · Basic Cryptography Introduction ... The Java Cryptography Architecure (JCA) The Java Cryptography Extensions

introduction to Cryptography(FINAL) - WordPress.com · Introduction to Cryptography 1. Objectives •Define cryptography and differentiate it with steganography. •Introduce cryptography

Palladium Cryptography Palladium Cryptography Next ... · Palladium Cryptography Palladium Cryptography Next Generation Security Computation Base Harshwardhan Rathore, Asst. Prof

Overview of Cryptography What is Cryptography? Cryptography is a collection of mathematical techniques for protecting information. Cryptography is

Information Security Cryptography ( L02- Types Cryptography)

Cryptography 2017 - Chalmers · Cryptography 2017 Introduction ... J. Katz, Y. Lindell, Introduction to Modern Cryptography, ... Introduction Why study cryptography?

Advanced Cryptography Isogeny-based Cryptography

Cryptography - A Revie · Outline Trust Symmetric Cryptography Asymmetric Cryptography Key Management Network Security 1 Trust Need for Trust Trust = Shared Secret 2 Symmetric Cryptography

Cryptography - Report Advanced Cryptography Standard AES.pdf

Lattice-based Cryptography · Cryptography Post-Quantum CryptographyResults and Perspectives Outline 1 Cryptography Fundamental Goals Techniques and Limitations 2 Post-Quantum Cryptography

Cryptography - Coding and Cryptography