Chapter 16Security

Introduction to CS

1st Semester, 2012 Sanghyun Park

Outline Introduction Aspects of Security Privacy Digital Signature

Introduction With the growth of the ______, more and more data are

being exchanged, and those data need to be _______

For example, when we shop on the Internet, we expect that the information we send to the vendor is kept secret

Also, when we receive a message, we sometimes need to ___________ the sender

In this chapter, we touch on the subject of security

There are four aspects of security

Aspects of Security (1/2)

Security

Privacy Authentication Integrity Nonrepudiation

Aspects of Security (2/2) Privacy: Only the ______ and the ________ are able to

understand the contents of the message

Authentication: The receiver needs to be sure of the sender’s _______

Integrity: The contents of the message need to be _________ during transmission

Nonrepudiation: A system needs to prove that the sender _______ sent the message

Privacy Privacy can be achieved using ________________

methods

The data are encrypted at the sender site and decrypted at the receiver site

Two categories of encryption/decryption methods in use today are _______ key and _______ key

Privacy with Secret Key Encryption The simplest way to encrypt data is to use a _____ key The sender uses this key and an ________ algorithm to

encrypt data; the receiver uses the _____ key and the corresponding algorithm to decrypt the data

The _____ key is used in encryption and decryption However, the encryption and decryption algorithms are

the _______ of each other

Data Encryption Standard (DES) (1/2)

We use very sophisticated encryption algorithm; the most common is called data encryption standard (DES)

DES encrypts and decrypts at the ___ level The data are first transformed into a string of ___, and

then broken into _______ of 64 bits Each segment is then encrypted using a 56-bit key

Data Encryption Standard (DES) (2/2)

The secret key algorithms are very _______;they take less time to encrypt or decrypt compared with the ______ key algorithms

Therefore they are very good candidates for ____ messages

Each pair of users must have a secret key

The _________ of the keys between two parties can be difficult

Privacy with Public Key Encryption There are two keys: a private key and a public key The private key is kept by the _______ The public key is announced to the ______ When user A wants to send a message to user B,A uses the _____ key of B to encrypt the message;When the message is received by B,B uses its _______ key to decrypt the message

RSA: Basic Idea The most common public-key algorithm is named after its

inventors, Rivest-Shamir-Adleman (RSA) encryption The private key is a pair of numbers (N, d);

the public key is also a pair of numbers (N, e) The sender uses the following algorithm to encrypt the

message: C = _________ The receiver uses the following algorithm to decrypt the

message: P = _________ A major concept of the RSA algorithm is the use of very

______ numbers for d and e In practice, the trial-and-error approach to breaking the

code takes a _____ time (e.g. several months) even with the fastest computers available today

RSA: Example

RSA: Choosing Public and Private Keys

One question is how to choose the three numbers N, d, and e for encryption and decryption to work

The inventors of the RSA algorithm mathematically proved that using the following procedure guarantees that the algorithm will work Choose two large ______ numbers, p and q Compute N = p x q Choose e (less than N) such that e and (p-1)(q-1) are relative

_______ (having no common factor other than 1) Choose d such that (e x d) mod [(p-1)(q-1)] is equal to ___

Privacy Using The Combination (1/2)

We can combine the advantage of the secret key algorithm (_________) and the advantage of the public key algorithm (easy ___________ of keys)

The procedure is as follows: The sender chooses a ______ key; this secret key is called the

one-session key; it is used only _____ The sender uses the ______ key of the receiver to encrypt the

secret key and sends the encrypted secret key to the receiver The receiver uses the _______ key to decrypt the secret key The sender uses the ______ key to encrypt the actual message

Privacy Using The Combination (2/2)

Digital Signature The other three aspects of security

(integrity, authentication, and nonrepudiation) can be achieved using the ______ of a document by its ______

Digital signature is a digital code that can be attached to an electronically transmitted message and that uniquely _______ the sender

Digital signature must be _________

Digital signature can be done in two ways: signing the ______ document or signing a ______ of the document

Signing The Whole Document (1/3) We can use _____ key encryption to sign the whole

document

The sender uses his ______ key (not the public key of the receiver) to encrypt the message

The receiver uses the _____ key of the sender (not his private key) to decrypt the message

The private key is used for encryption and the public key is used for decryption

Signing The Whole Document (2/3)

This method does not provide ______; anybody can use the ______ key of the sender to read the message.We need another level of encryption

Signing The Whole Document (3/3) The integrity of the message is preserved because,

if an intruder intercepts and changes the message,the decrypted message would be _________

The message can be authenticated because,if an intruder sends a message encrypted by his own private key, the message is then not decrypted correctlyby the public key of the _____ author

Although the sender can deny sending the message,he must reveal (in court) his private key.If we encrypt and decrypt the ________ message,we get the _____ message

Signing The Digest It is very ________ to use public key encryption to sign

the whole document

To make the process more efficient,we can let the sender sign a _______ of the document

The sender makes a _________ of the documentand signs it (encrypts it with his private key)

The receiver then checks the signature of the miniature (decrypts it with the sender’s _______ key)

Creating a Digest of The Message

Use a _____ function to create a digest of the message The digest is of fixed size (usually 128 bits) The two most common hash functions are Message

Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) The hash function has two properties to succeed

Hashing should be _________ Hashing should be _________

Sender Site After the digest has been created,

it is encrypted (signed) using the sender’s ______ key The encrypted digest is ______ to the original message

and sent to the receiver

Receiver Site (1/2) ________ the message and the encrypted digest

Apply the same hash function to the message to create a ______ digest

Decrypt the _______ digest using the public key of the sender

It the two digests are the _____, it is obvious that all three aspects of security are _________

Receiver Site (2/2)

Three Aspects of Security UnderThe Method of Signing The Digest

If the received message creates a ______ of the digest,the message has not been changed

The digest comes from the true sender,so the message also comes from the true sender

The sender cannot deny the message because he cannot deny the digest; the only message that can create that digest is the received message

This method does not provide ______;We need another level of encryption