scsc 455 computer security chapter 2 secure data dr. frank li
TRANSCRIPT
![Page 1: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/1.jpg)
SCSC 455 Computer Security
Chapter 2 Secure Data
Dr. Frank Li
![Page 2: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/2.jpg)
Index
Basics of cryptography Kerckhoff’s Principle The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 3: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/3.jpg)
Cryptography
Cryptography the science of encoding data so that it cannot be read
without special knowledge or tools; Is a crucial part of network applications
Q: Why cryptography is a crucial part in network applications?
![Page 4: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/4.jpg)
Cryptography and Computer SecurityAns: Network connections can be tapped, - sniffing the network
Sniffers are used by many system administrators to troubleshoot networking problems.
Encryption can provide security in insecure communication channels
Q: What exactly does “security” mean?
![Page 5: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/5.jpg)
History of cryptography: Caesar cipher Julius Caesar (100–44 B.C.) developed a simpleencryption method -- shifted the alphabet by threepositions
Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZCryptographic Alphabet:DEFGHIJKLMNOPQRSTUVWXYZABC
e.g.1 Encypt “caesar” ?e.g.2 Decrpt “vhfxulwb” ?
Caesar cipher is substitution cipher a different letter of the alphabet is substituted for each letter in
the message
![Page 6: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/6.jpg)
History of cryptography: Transposition Cipher
Transposition Cipher: rearrange letters in plaintext
to produce cipher text
Rail-Fence cipher Plaintext is HELLO WORLD Encryption: HLOOL
ELWRD
HLOOLELWRD
Q: How to decrypt the ciphertext?
![Page 7: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/7.jpg)
History of cryptography: Enigma machine in WWII
By the twentieth century it became possible to carry out substitutions by using electrical connections to mechanize the difficult work of looking up tables in a handbook.
The basic Enigma was invented in 1918 by Arthur Scherbius in Berlin. It enciphers a message by performing a
number of substitutions one after the other. Scherbius's idea was to achieve these
substitutions by electrical connections.
![Page 8: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/8.jpg)
One-Time Pad
A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly
Is made up of random bits. Is as simple as letter substitution This encryption process uses a binary mathematic
function XOR.
Message stream 1001010111
Keystream 0011101010
Ciphertext stream 1010111101
![Page 9: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/9.jpg)
![Page 10: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/10.jpg)
OTP in action
One-time pads have been used throughout history to protect different types of sensitive data. Today, they are still in place for many types of militaries as
a backup encryption option if current encryption processes are unavailable for reasons of war or attacks.
A Russian One-time pad, captured by MI5
The history of cryptography
(reading assignment -- article 1)
![Page 11: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/11.jpg)
Modern cryptography: DES
The Data Encryption Standard (DES) was developed in the 1970s uses a 56-bit key to encrypt data using various
algorithms (substitution + Transposition Cipher) 56 bits provide for 256 possible key combinations.
was a widely implemented U.S. standard However, it takes 20 hours to break a DES key in 1998
DES is being phased out, but it is still widely used relatively few people have the equipment to break the
key 20 hours is still a relatively long time in the Internet age
![Page 12: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/12.jpg)
Modern cryptography: Skipjack and Triple DES
There were several responses to the cracking of DES: DES keys were increased to 1024 bits Creation of a new and more secure algorithm called
Skipjack, which uses an 80 bit key Triple DES relies on DES, but encodes each message
three times using three different keys An new encryption algorithm Advanced Encryption
Standard (AES)
![Page 13: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/13.jpg)
Modern cryptography: Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) NIST sponsored a competition in 1997 to create a
replacement for DES. The winner is the Rijndael algorithm by two Belgians
Use three different key lengths: 128 bits, 192 bits, 256 bits
was approved for use by U.S. government agencies in May 2002
![Page 14: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/14.jpg)
Another way to hide data: Steganography Steganography is a method of hiding data in another media type so that
the very existence of the data is concealed. does not use algorithms or keys to encrypt information. A message can be hidden in a WAV file, in a graphic, or in unused spaces
on a hard drive or sectors that are marked as unusable.
E.g.1 the least significant bit of each byte of the image can be replaced with bits of the secret message. This practice does not affect the graphic enough to be detected.
E.g. 2 can also be used to insert a digital watermark on digital images so that illegal copies of the images can be detected.
(This technique will be covered in lab.)
![Page 15: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/15.jpg)
Index
Basics of cryptography Kerckhoff’s Principle The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 16: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/16.jpg)
The anatomy of cryptography
M: plaintext, the message to transmit
C: ciphertext, encrypted message
E: encryption
D: decryption
Cipher, a.k.a. rules or algorithms of encryption and decryption E.g. allow letter-substitution to convert plaintext to ciphertext The level of complexity of an algorithm can be increased by using
a key Key is a code necessary to encrypt or decrypt a message
correctly using the algorithm
![Page 17: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/17.jpg)
Kerckhoff’s Principle
Kerckhoff’s Principle (1883) the only secrecy involved with a cryptography system
should be the key; the algorithm should be publicly known;
Good security assumes an eavesdropper knows the cipher, but the key must be kept secret
![Page 18: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/18.jpg)
Index
Basics of cryptography The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 19: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/19.jpg)
The big picture of cryptography
Symmetric encryption algorithms Use the same key and algorithm to encrypt and decrypt a
message The key used is called a private key, because it must be kept
secret for the message to be secure A.a.k. classical cryptography, classical cipher
(Every encryption algorithm covered so far belongs to symmetric
encryption algorithm.)
Asymmetric encryption algorithms Use one key to encrypt and another key to decrypt The key you can reveal to everyone is called a public key
![Page 20: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/20.jpg)
Symmetric Algorithms
The sender and receiver use two instances of the same key for encryption and decryption If an intruder were to get this key, the intruder could decrypt any
intercepted message encrypted with this key.
![Page 21: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/21.jpg)
Symmetric Algorithms
The security of the symmetric encryption method is completely dependent on how well users protect the key
Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key.
Q 1: How many keys are required if 50 people want to communicate using symmetric algorithm?
Q 2: How symmetric keys are actually shared and updated?
![Page 22: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/22.jpg)
Symmetric Algorithms
It is not safe to just send it in an e-mail message the key is not protected and can be easily intercepted
and used by attackers The out-of-band method
Other implications of symmetric algorithms Both users have the same key to encrypt and decrypt
messages Symmetric cryptosystems can provide confidentiality
but they cannot directly provide authentication or non-repudiation. Why?
![Page 23: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/23.jpg)
Symmetric Algorithms
Advantages of symmetric algorithms Symmetric algorithms are very fast, comparing to asymmetric
algorithms Symmetric algorithms are hard to break if a large key size is used.
Examples of symmetric algorithms : Data Encryption Standard (DES) Triple-DES (3DES) Blowfish IDEA RC4, RC5, and RC6 Advanced Encryption Standard (AES)
![Page 24: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/24.jpg)
Asymmetric Cryptography
In public key systems, each entity has a pair of different keys, or asymmetric keys. The two different asymmetric keys are mathematically
related. The public key can be known to everyone The private key must be known and used only by the
owner. It must be computationally infeasible to derive the
private key from the public key.
![Page 25: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/25.jpg)
Asymmetric Cryptography
In different scenarios, we can choose to use either public key or
private key to encrypt and decrypt. Scenario 1: C = E_a(M) M = D_a(C) Scenario 2: C = D_a(M) M = E_a(C)
![Page 26: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/26.jpg)
Scenario 1
Q: Is there any problem in scenario 1?
![Page 27: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/27.jpg)
Scenario 2
Q: Is there any problem in scenario 2?
![Page 28: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/28.jpg)
Scenario 3
Q: Is this any problem in scenario 3?
![Page 29: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/29.jpg)
Asymmetric Cryptography
Common asymmetric algorithms Diffie-Hellman RSA Elliptic curve cryptosystem (ECC) El Gamal Digital Signature Algorithm (DSA) Knapsack
RSA is the most popular public-key encryption Developed by Ronald Rivest, Adi Shamir, and Len Adleman RSA is used in a number of products from many vendors
Web browsers, Virtual private networks (VPN)
![Page 30: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/30.jpg)
Asymmetric vs. Symmetric Cryptography
Pro: Asymmetric algorithms Can provide authentication and non-repudiation. also provide for easier and more manageable key
distribution
Cons: Asymmetric algorithm works much more slowly than a symmetric algorithm Symmetric algorithms carry out relatively simplistic mathematical
functions – substitution and transposition Asymmetric algorithm uses much more complex mathematics to
carry out their functions.
![Page 31: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/31.jpg)
Hybrid cryptosystem
In a hybrid system, asymmetric algorithm and a a symmetricalgorithm are used in a complementary manner A hybrid cryptosystem = symmetrical key cipher + public-key
cipher An asymmetric algorithm creates keys that are used for
automated key distribution. A symmetric algorithm creates keys that are used for encrypting
bulk data
![Page 32: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/32.jpg)
Index
Basics of cryptography The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 33: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/33.jpg)
Authentication the public key
A potential weakness of public-key cryptographyQ: How do you know that the pubic key you have for an individual is really for that individual?
The solution is authentication public key Authentication is the process of proving that you are in
fact the person you say you are. E.g., A phone ID is commonly used to authenticate a
person.
Q: How to authenticate a public key?
![Page 34: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/34.jpg)
One way to authenticate public key:Signatures
Signatures let you authenticate a public key How the signature works?
You verify that another person’s key really belongs to that person. And then sign that public key with your own private key.
Others get that public key can see your signature and know you trust that key, so they may decide to trust it OR may decide to verify that key themselves.
Form a web of trust -- a peer to peer trust relationship Example …
Q: How to verify another person’s public key?
![Page 35: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/35.jpg)
Verify public key
Verify the public key in person or call the owner of the public key and check the key A key usually has hundred of digital Check bit by bit is not very efficient
A fingerprint is a smaller number that is derived from a very lengthy public key Fingerprints are created by hashing the public key,
Hashing is a process by which a mathematical function is used that converts larger numbers into smaller numbers
![Page 36: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/36.jpg)
Hash function
A hash function is a function that takes a variable-length string, and produces a fixed-length hash value.
The hash value is also called fingerprint, checksum, or message digest A fingerprint is changed the contents have been altered Example …
Two commonly used hash functions Message digest hash (MD5) provides 128 bits fingerprint Secure hash algorithm (SHA-1) provides 160 bits fingerprint
![Page 37: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/37.jpg)
The second way to authenticate public key:CertificateUsing digital certificate -- with PKI
A certificate is a numeric code that is used to identify an organization
Certificate authority (CA) verifies the credential of an organization of individual.
Then CA issues a client’s public key and sign it with CA’s private key
E.g. VeriSign is an well-known CA
![Page 38: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/38.jpg)
Index
Basics of cryptography The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 39: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/39.jpg)
Using Cryptography in a Browser
A small lock or key in the lower left corner of the browser window When visiting a web page that has been transmitted to
your computer using encryption, Most encrypted Web pages, such as shopping carts,
appear with a URL that starts with https https indicates the web server used an encrypted
protocol Secure Socket Layer (SSL) to transmit web page.
![Page 40: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/40.jpg)
![Page 41: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/41.jpg)
SSL and TLS
Secure Sockets Layer (SSL) Developed by Netscape for transmitting private
documents via the Internet Uses a public key to encrypt data that is transferred
over the SSL connection URLs that require an SSL connection start with “https:”
instead of “http:”
Transport Layer Security (TLS) Is the latest version of SSL Not widely available in browsers yet.
![Page 42: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/42.jpg)
SSL/TLS Protocol Runs on top of the TCP and below higher-level protocols
Uses TCP/IP on behalf of higher-level protocols Allows both machines to establish an encrypted connection
Allows SSL-enabled server to authenticate itself to SSL-enabled client
Allows client to authenticate itself to server
![Page 43: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/43.jpg)
Secure Hypertext Transfer Protocol (Https) Https is communications protocol designed to transfer
encrypted information between computers over the World Wide Web
Online purchasing or exchange of private information over insecure networks
Https set up steps:1. Client accesses a URL with https2. Server sends back its certificate (public key encrypted by CA)3. Client validates certificate, generates a symmetric session key,
encrypts by server’s public key and sends back4. Server gets session key, communication begins…
![Page 44: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/44.jpg)
Demo of Https
Tools: Ethereal Http vs. Https (www.Netbank.com)
What will we look for? Three-way TCP/IP handshake Clear text packets of Http SSL setup procedure Encrypted packets Https
![Page 45: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/45.jpg)
![Page 46: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/46.jpg)
![Page 47: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/47.jpg)
![Page 48: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/48.jpg)
![Page 49: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/49.jpg)
![Page 50: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/50.jpg)
![Page 51: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/51.jpg)
![Page 52: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/52.jpg)
![Page 53: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/53.jpg)
![Page 54: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/54.jpg)
Index
Basics of cryptography The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 55: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/55.jpg)
Using Encryption Utilities
Pretty Good Privacy (PGP) is the first utility to provide public-key encryption to the public although PGP software was formerly included in Linux, it has
been replaced with GPG
Gnu Privacy Guard (GPG) is a public-key encryption utility and uses non-patented algorithms is the GNU project's complete and free implementation of the
OpenPGP standard as defined by RFC2440 . allows to encrypt and sign your data and communication,
features a versatile key management system
![Page 56: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/56.jpg)
GPG operation
Create a key pair for yourselfgpg –gen-key Choose which algorithm GPG will use
DSA: Digital signature algorithm El Gamal: an asymmetric key encryption algorithm or both (the default)
Decide a key size for the DSA (1024-bit by default) Select an expiration time or key does not expire Define a user ID (real name, email address, organization,
brief comment) for the key pair Assign a passphase to protect the key pair
A long password Move mouse around or play with keyboard to generate the
random data in the OS that GPG needs to create a key pair
![Page 57: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/57.jpg)
GPG operation View your public key
gpg –list-keys
Export your public keygpg –o frank.key –export [email protected]
create a binary file of public keygpg –a –o frank.key –export [email protected]
create the text of public key, so that it can be pasted into message
Import other’s public keygpg –import thomas.keykeyring – a file on your system that contains all the public keys
Q: How to ensure the authenticity of public keys?
![Page 58: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/58.jpg)
GPG operation
Bogus public key causes man-in-the-middle attack
Review: two ways to provide the authenticity of public key Using digital certificate -- with CA Using singed public key -- web of trust
A peer to peer trust relationship E.g. 1, Your friend Alice handed you a copy of her public
key on a disk. You believe this key is real and sign it with your private key. Others can access Alice’s public key from you (with your signature)
gpg –eidt-key [email protected]
![Page 59: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/59.jpg)
GPG operation
E.g. 2, Your friend Bob emailed you a copy of his public key. You are not sure whether this key is real, since it came in email through insecure Internet. To verify the key, you print out the fingerprint of Bob’s key
gpg –fingerprint [email protected]
Fingerprint – hash value, message digest MD5, SHA-1
You call Bob. You know where he works, as well as his voice. You recite the fingerprint over the phone and Bob verifies that it is correct. You believe this public key indeed belongs to Bob. Now you can sign Bob’s public key with your private key
![Page 60: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/60.jpg)
GPG operation
The sender encrypts a file with GPG Encrypt a file with a recipient’s public key Sign the encrypted file with your private key Store the cipher file in a named file
gpg –o report.gpg –encrypt [email protected] report.doc
The recipient decrypts a encrypted file
gpg –o report.doc –decrypt report.gpg
![Page 61: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/61.jpg)
Graphical utilities for GPG
Two graphical utilities for GPG:
Seahorse is a Gnome front end for GnuPG. http://seahorse.sourceforge.net/ Data encryption and digital signature creation can
easily be performed through a GUI Key Management operations can easily be carried out
through an intuitive interface.
The Gnu Privacy Assistanthttp://www.gnupg.org/related_software/gpa/
![Page 62: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/62.jpg)
The Seahorse GUI to GPG
![Page 63: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/63.jpg)
The Gnu Privacy Assistant
![Page 64: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/64.jpg)
Index
Basics of cryptography The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications
![Page 65: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/65.jpg)
SSH and VPN
Secure Shell (SSH) is an encrypted version of Telnet provides secure remote access SSH allows other protocols to ride on top of it
A Virtual Private Network (VPN) is a secure organizational network that uses an insecure public network (Internet) for communications VPNs are often created with specially designed software that
integrates many networking functions with cryptographic protocols and system management software
(SSH and VPN will be covered in details in later chapter.)
![Page 66: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/66.jpg)
Virtual Private Network (VPN)
![Page 67: SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li](https://reader036.vdocuments.us/reader036/viewer/2022062518/56649e445503460f94b37d3c/html5/thumbnails/67.jpg)
Other Security Applications
Red hat package manager (RPM) security can check a public-key signature on any package to verify that it came from its stated creator
Cryptographic File System (CFS) enforces cryptographic authentication on all users who want to share files across the network
Transparent Cryptographic File System (TCFS) operates transparently to users
IPSec and CIPE provide for IP packet encryption