Cryptography Network Security
description
Transcript of Cryptography Network Security
-
Cryptography Network Security
-
Security
Passive Attacks- corrupt the content of information
Active Attacks- Interrupt of halt file transfer between both parties
Cryptography- Art of writing secret code that protects data from theft or alteration
-
Internet Security Holes
Person A
Person B
Active Intruder
Person A
Person B
Passive Eaves Dropper
Active Attack
Passive Attack
-
Internet Security Holes
Masquerade is a technique in which one entity pretends that is not the orginal entity but a different entity -
Why Cryptography
Authentication- proof of identity
- Privacy/confidentiality
- Integrity
- no data alteration
- Non-repudiation
- message was actually send by sender & no one else
-
Cryptography - Terminologies
IntruderEncryptionDecryptionPlaintextCypher textAlgorithm- mathematical functions
Key- String of digits
-
Cryptography
Data Encryption Standard (DES)- Private Key (Secret Key difficult to break)
-
Cryptographic Protocols
Kerberos- network authentication system for insecure networks
IP SecSET ProtocolPGP- File storage applications and Email services
- Supports digital signature and encryption
Cryptographic protocol analyzer tool (CryPA)
-
Methods of Encryption
Secret Key or Symmetric Key CryptographyPublic key or Asymmetric key cryptographyHash Function -
Secret Key Cryptography
Orginal Message
Encrypted Message
Secret Key
Internet
Encrypted Message
Orginal Message
Encrypt
Decrypt
Secret Key
-
Example Data Encryption standard
Developed by IBMEncrypts 64 bit data block using a 56 bit key -
Draw Backs secret key cryptography
Both has shared secret keyKeep track of all key for all correspondents to avoid duplicationSince both have same key, identity cannot be published -
Public Key Cryptography
Orginal Message
Encrypted Message
Public Key
Internet
Encrypted Message
Orginal Message
Encrypt
Decrypt
Private Key
(Cipher Text)
-
Advantages of Public Key Cryptography
Message confidentiality can be provedAuthenticity of the message orginator can be provedEasy to distribute public key -
Hash Function
Formula that converts a message of a given length into a string of digits called as a message digest -
Codes and Ciphers
Encryption- encryption algorithm
PGP Encryption- Combination of data compression,public key cryptography,hashing and symmetric key cryptography
- used only once, this is called session key
- Identity Certificate
- Web of trust software
- protect data not only during transit but storage as well
-
Types of Encryption Systems
Classification of Encryption Systems- Private Key Encryption
- Public Key Encryption (Eg:- Ecommerce)
- Private Key with the sender
- Public key (to many number of consumers)
-
Encryption Algorithm
RSA Algorithm- Public Key encryption
- use in Outlook,windows,firefox,IBM lotus notes
- Its a freeware
Popular encryption softwares- PGP
- SSL (Secured Socket Layer Banks, (VISA,Master card)
- SET (Secure Electronic Transactions MS)
- DES (IBM)
-
Public Key encryption system - Example
Hello Alice
Encrypt
6EB69570
08E03CE4
Alices Public Key
Hello Alice
Bob
Decrypt
Alices Private Key
Alice
-
Regulations of Encryption
http://www.bis.doc.gov/encryption/default.htm -
Breaking Encryption Schemes
E-Commerce Application
Secure Hypertext Transfer Protocol (S-HTTP)
TCP-Based Application Protocol HTTP, SMTP,NNTP
Secure Socket Layer
Internet Protocol (IP)
Web Security Layers
-
Working of SSL (SSL Certificate)
Allows Sensitive information to be encrypted during online transactionsAuthenticated info about the owner of the certificateIdentity of the certificate owner is verified by the certificate authority at the same time of issue -
SSL is required for..
An online storeOnline orders and payment through credit cardsA site that offers login or sign inAnyone processing sensitive data like address,date of birth etcAnyone who values privacy and expects others to trust him -
Verisign verifies (Authentication)
Owner ship of domain name, that business existsThat business has the authority to apply for the certificateEV SSL Certificate (Verisign extended validation)- Highest kind of authentication
-
Standard Data Encryption
DES is a block cypher (a form of shared key encryption)National Bureau of standards Federal Information Processing Standard (FIPS) for USNot secure (56 bit key size)Research of cryptographyCryptanalysts -
Trusted Key Distribution & Verification
Creation,broadcast and storage of keys is known as key management.Private key cryptography is not convenient in providing key managementPublic key cryptography can be used for sender authentication or verification known as Digital Signature -
Cryptographic Application
Digital signature provide authentication for online transactionsSSL protocol for internet securityPGP security standard for EmailProvide Network securitySteganography (a method of hiding messages in innocent artifacts)Issuing Digital CertificateBiometric System -
Digital Signature
Used for authenticating E-commerce business transactionsTwo parts- Signer Authentication
- Document Authentication
- sender cannot remove content after signing it
- Receiver cannot make any changes in the message
-
Digital Signature
Hash Function: Formula that converts message of a given length into string of digits called a message digest -
Digital Signatures working
Sender generates a messageSender creates a message digest using hashSender attaches Digital Signature to end of the messageSender encrypts both messages and signatures with receivers public keyReceiver decrypts entire message with own private keyReceiver calculates the message digest using the hash function -
Validity of Digital Signature
Digital Time Stamping Service (DTS)Certificates Authority (CA)Digital Certificate- Certificate holders name,organization and address
- name of certificate authority
- Public key of the holders for cryptographic use
- Time limit (six months to 1 year)
- Digital Certificate Identification Number
-
Non-Repudiation and Message Integrity
User and recipient cannot dispute the contents once sent.Message Integrity : - important to validate the authenticity of the credentials to be sure of their orginalityNRO (Non-repudation of Origin)NRR (Non-repudiation of receipt)