Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy.
-
Upload
madeline-goodwin -
Category
Documents
-
view
228 -
download
3
Transcript of Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy.
CryptographyCryptography(One Day Cryptography Tutorial)(One Day Cryptography Tutorial)
ByBy
Dr. Mohsen M. TantawyDr. Mohsen M. Tantawy
DefinitionsDefinitions
PlaintextPlaintext: easy to understand form: easy to understand form(original message)(original message)
CiphertextCiphertext: difficult to understand form: difficult to understand form EncryptionEncryption: encoding : encoding
(plaintext -> ciphertext)(plaintext -> ciphertext) DecryptionDecryption: decoding: decoding
(ciphertext -> plaintext)(ciphertext -> plaintext) CryptologyCryptology: study of encryption: study of encryption CryptographyCryptography: use of encryption: use of encryption CryptanalysisCryptanalysis: breaking encryption: breaking encryption
DefinitionsDefinitions
DefinitionsDefinitions AliceAlice—She is an end user/computer without malicious intentions, —She is an end user/computer without malicious intentions,
one of the main users of cryptography.one of the main users of cryptography. BobBob—He is Alice’s friend and is also a main user of cryptography, —He is Alice’s friend and is also a main user of cryptography,
without malicious intentions.without malicious intentions. CathyCathy—Another user of cryptography; she does not usually have a —Another user of cryptography; she does not usually have a
large roll nor malicious intentions.large roll nor malicious intentions. EveEve—A malicious user that does not interfere with communications. —A malicious user that does not interfere with communications.
She simply wants to eavesdrop on the conversation between two She simply wants to eavesdrop on the conversation between two other characters, typically Alice and Bob, but does not actively try to other characters, typically Alice and Bob, but does not actively try to attack the communication.attack the communication.
MalloryMallory—The malicious user. Always trying to thwart attempts by —The malicious user. Always trying to thwart attempts by other characters to communicate securely.other characters to communicate securely.
TrentTrent—He is a trusted third party. He only communicates with Alice, —He is a trusted third party. He only communicates with Alice, Bob, or Cathy when they ask for his help. He can always be trusted Bob, or Cathy when they ask for his help. He can always be trusted to do what he says he will do.to do what he says he will do.
Group of individualsGroup of individuals
Group of individualsGroup of individuals HackerHacker – is a general term that has historically – is a general term that has historically
been used to describe a computer programming been used to describe a computer programming expert. More recently, this term is commonly expert. More recently, this term is commonly used in a negative way to describe an individual used in a negative way to describe an individual that attempts to gain unauthorized access to that attempts to gain unauthorized access to network resources with malicious intent.network resources with malicious intent.
CrackerCracker – is the term that is generally regarded – is the term that is generally regarded
as the more accurate word that is used to as the more accurate word that is used to describe an individual that attempts to gain describe an individual that attempts to gain unauthorized access to network resources with unauthorized access to network resources with malicious intent. malicious intent.
Group of individualsGroup of individuals PhreakerPhreaker – is an individual that manipulates the phone – is an individual that manipulates the phone
network in order to cause it to perform a function that is network in order to cause it to perform a function that is normally not allowed. A common goal of phreaking is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a breaking into the phone network, usually through a payphone, to make free long distance calls.payphone, to make free long distance calls.
SpammerSpammer – is an individual that sends large quantities of – is an individual that sends large quantities of unsolicited email messages. Spammers often use unsolicited email messages. Spammers often use viruses to take control of home computers in order to use viruses to take control of home computers in order to use these computers to send out their bulk messages. these computers to send out their bulk messages.
FisherFisher – uses email or other means in an attempt to trick – uses email or other means in an attempt to trick others into providing sensitive information, such as credit others into providing sensitive information, such as credit card numbers or passwords. The Phisher will card numbers or passwords. The Phisher will masquerade as a trusted party that would have a masquerade as a trusted party that would have a legitimate need for the sensitive information. legitimate need for the sensitive information.
Group of individualsGroup of individuals White hatWhite hat – is a term used to describe – is a term used to describe
individuals that use their abilities to find individuals that use their abilities to find vulnerabilities in systems or networks, and then vulnerabilities in systems or networks, and then report these vulnerabilities to the owners of the report these vulnerabilities to the owners of the system so that they can be fixed.system so that they can be fixed.
Black hatBlack hat – is another term for individuals that – is another term for individuals that
use their knowledge of computer systems to use their knowledge of computer systems to break into systems or networks that they are not break into systems or networks that they are not authorized to use. authorized to use.
KeyKey—A random piece of data used with —A random piece of data used with encryption and decryption. Encryption and encryption and decryption. Encryption and decryption algorithms require a key and decryption algorithms require a key and plain text or cipher text to produce cipher plain text or cipher text to produce cipher text or plain text, respectively.text or plain text, respectively.
Security AssociationSecurity Association— A— A set of set of information that describes how the information that describes how the communicating entities will utilize communicating entities will utilize security. security.
DefinitionsDefinitions
Modern CryptographyModern Cryptography
Types of Cryptographic SystemsTypes of Cryptographic Systems
SymmetricSymmetric-key cryptosystems-key cryptosystems Asymmetric-Asymmetric-key or Public-key cryptosystemskey or Public-key cryptosystems Hybrid Hybrid (Symmetric-key and Asymmetric-key) (Symmetric-key and Asymmetric-key)
cryptosystemscryptosystems
Symmetric EncryptionSymmetric Encryption
Uses conventional / secretUses conventional / secret-key-key / single-key / single-key Sender and recipient share a common keySender and recipient share a common key All classical encryption algorithms are private-All classical encryption algorithms are private-
keykey The only type prior to invention of public-key in The only type prior to invention of public-key in
1970’s1970’s
Symmetric Cipher ModelSymmetric Cipher Model
RequirementsRequirements
Two requirements for secure use of Two requirements for secure use of symmetric encryption:symmetric encryption: Strong encryption algorithmStrong encryption algorithm Secret key known only to sender / receiverSecret key known only to sender / receiver
Y Y = E= EKK((XX))
X X = D= DKK((YY))
Assume encryption algorithm is knownAssume encryption algorithm is known Implies a secure channel to distribute keyImplies a secure channel to distribute key
Block ciphers and Stream ciphersBlock ciphers and Stream ciphers
Each secret-key cryptography algorithm or Each secret-key cryptography algorithm or cipher typically works in two phases: cipher typically works in two phases:
key set-up phase key set-up phase ciphering or encrypt and decrypt phase. ciphering or encrypt and decrypt phase.
There are two major classes of these algorithms: There are two major classes of these algorithms: block ciphers and stream ciphers. block ciphers and stream ciphers.
Block ciphers encrypt plaintext in units of blocks Block ciphers encrypt plaintext in units of blocks and likewise decrypt cipher text in units of and likewise decrypt cipher text in units of
blocks.blocks. Stream ciphers encrypt plaintext in one stream Stream ciphers encrypt plaintext in one stream
and decrypt cipher text likewise.and decrypt cipher text likewise.
Block cipher operationBlock cipher operation
Stream cipher operationStream cipher operation
Mode of OperationMode of Operation
There are three important block cipher There are three important block cipher modes:modes:
Electronic Code Book (ECB)Electronic Code Book (ECB) Cipher Block Chaining (CBC)Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB)Cipher Feedback Mode (CFB)
Electronic Codebook Book (ECB)Electronic Codebook Book (ECB)
Cipher Block Chaining (CBC)Cipher Block Chaining (CBC)
Cipher FeedBack (CFB)Cipher FeedBack (CFB)
Output FeedBack (OFB)Output FeedBack (OFB)
Symmetric-key cryptosystemsSymmetric-key cryptosystems
Examples of symmetric key algorithms are as follows:Examples of symmetric key algorithms are as follows:
Data Encryption Standard (Data Encryption Standard (DESDES) (56bits)) (56bits)
Triple DES (Triple DES (3DES3DES) (168 bits)) (168 bits)
Advanced Encryption Standard (Advanced Encryption Standard (AESAES) )
International Data Encryption Algorithm (International Data Encryption Algorithm (IDEAIDEA) (128 bits)) (128 bits)
Rivets Cipher 4 (Rivets Cipher 4 (RC4RC4)) (variable length key) (variable length key)
DES EncryptionDES Encryption
Initial Permutation IPInitial Permutation IP
first step of the data computation first step of the data computation IP reorders the input data bits IP reorders the input data bits even bits to LH half, odd bits to RH half even bits to LH half, odd bits to RH half quite regular in structure (easy in h/w)quite regular in structure (easy in h/w)
DES Round StructureDES Round Structure
uses two 32-bit L & R halvesuses two 32-bit L & R halves as for any Feistel cipher can describe as:as for any Feistel cipher can describe as:
LLii = = RRii–1–1
RRii = = LLii–1–1 xor F( xor F(RRii–1–1, , KKii)) takes 32-bit R half and 48-bit subkey and:takes 32-bit R half and 48-bit subkey and:
expands R to 48-bits using perm Eexpands R to 48-bits using perm E adds to subkeyadds to subkey passes through 8 S-boxes to get 32-bit resultpasses through 8 S-boxes to get 32-bit result finally permutes this using 32-bit perm Pfinally permutes this using 32-bit perm P
DES Round StructureDES Round Structure
Substitution Boxes SSubstitution Boxes S
have eight S-boxes which map 6 to 4 bits have eight S-boxes which map 6 to 4 bits each S-box is actually 4 little 4 bit boxes each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (outer bits 1 & 6 (rowrow bits) select one rows bits) select one rows inner bits 2-5 (inner bits 2-5 (colcol bits) are substituted bits) are substituted result is 8 lots of 4 bits, or 32 bitsresult is 8 lots of 4 bits, or 32 bits
row selection depends on both data & keyrow selection depends on both data & key feature known as autokeyingfeature known as autokeying
Triple DESTriple DES
clear a replacement for DES was neededclear a replacement for DES was needed theoretical attacks that can break ittheoretical attacks that can break it demonstrated exhaustive key search attacksdemonstrated exhaustive key search attacks
AES is a new cipher alternativeAES is a new cipher alternative prior to this alternative was to use multiple prior to this alternative was to use multiple
encryption with DES implementationsencryption with DES implementations Triple-DES is the chosen formTriple-DES is the chosen form
Triple-DES with Two-KeysTriple-DES with Two-Keys
hence must use 3 encryptionshence must use 3 encryptions would seem to need 3 distinct keyswould seem to need 3 distinct keys
but can use 2 keys with E-D-E sequencebut can use 2 keys with E-D-E sequence C = EC = EK1K1[D[DK2K2[E[EK1K1[P]]][P]]] if if K1=K2K1=K2 then can work with single DES then can work with single DES
standardized in ANSI X9.17 & ISO8732standardized in ANSI X9.17 & ISO8732 no current known practical attacksno current known practical attacks
Triple-DES with Three-KeysTriple-DES with Three-Keys
although are no practical attacks on two-although are no practical attacks on two-key Triple-DES have some indicationskey Triple-DES have some indications
can use Triple-DES with Three-Keys to can use Triple-DES with Three-Keys to avoid even theseavoid even these C = EC = EK3K3[D[DK2K2[E[EK1K1[P]]][P]]]
has been adopted by some Internet has been adopted by some Internet applications, eg PGP, S/MIMEapplications, eg PGP, S/MIME
Triple DES (3DES)Triple DES (3DES)
The technique used by 3DES is known as EDE The technique used by 3DES is known as EDE (Encrypt-Decrypt-Encrypt). (Encrypt-Decrypt-Encrypt).
The plaintext message is The plaintext message is encrypted encrypted using the first 8 using the first 8 bytes of the 3DES.bytes of the 3DES.
Then the message is Then the message is decrypteddecrypted using the middle 8 using the middle 8 bytes of the key.bytes of the key.
Finally, the message is Finally, the message is encryptedencrypted using the last 8 using the last 8 bytes of the key to produce an 8-byte block.bytes of the key to produce an 8-byte block.
Triple DES (3DESTriple DES (3DES))
AES RequirementsAES Requirements
private key symmetric block cipher private key symmetric block cipher 128-bit data, 128/192/256-bit keys 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES stronger & faster than Triple-DES active life of 20-30 years (+ archival use) active life of 20-30 years (+ archival use) provide full specification & design details provide full specification & design details both C & Java implementationsboth C & Java implementations
RijndaelRijndael data block of data block of 4 columns of 4 bytes is state4 columns of 4 bytes is state key is expanded to array of wordskey is expanded to array of words has 9/11/13 rounds in which state undergoes: has 9/11/13 rounds in which state undergoes:
byte substitution (1 S-box used on every byte) byte substitution (1 S-box used on every byte) shift rows (permute bytes between groups/columns) shift rows (permute bytes between groups/columns) mix columns (subs using matrix multipy of groups) mix columns (subs using matrix multipy of groups) add round key (XOR state with key material)add round key (XOR state with key material) view as alternating XOR key & scramble data bytesview as alternating XOR key & scramble data bytes
initial XOR key material & incomplete last roundinitial XOR key material & incomplete last round with fast XOR & table lookup implementationwith fast XOR & table lookup implementation
RijndaelRijndael
Byte SubstitutionByte Substitution
Shift RowsShift Rows
Mix ColumnsMix Columns
Add Round KeyAdd Round Key
AES DecryptionAES Decryption
Asymmetric-key or Public Key Asymmetric-key or Public Key EncryptionEncryption
Based on mathematical algorithmsBased on mathematical algorithms AsymmetricAsymmetric
Use two separate keysUse two separate keys Public Key issuesPublic Key issues
Plain textPlain text Encryption algorithmEncryption algorithm Public and private keyPublic and private key Cipher textCipher text Decryption algorithmDecryption algorithm
Public Key Encryption Public Key Encryption – – EncryptionEncryption
Public Key Encryption Public Key Encryption – Authentication– Authentication
Public Key Encryption - OperationPublic Key Encryption - Operation
One key made publicOne key made public Used for encryptionUsed for encryption
Other kept privateOther kept private Used for decryptionUsed for decryption
Infeasible to determine decryption key Infeasible to determine decryption key given encryption key and algorithmgiven encryption key and algorithm
Either key can be used for encryption, the Either key can be used for encryption, the other for decryptionother for decryption
StepsSteps
User generates pair of keysUser generates pair of keys User places one key in public domainUser places one key in public domain To send a message to this user, encrypt To send a message to this user, encrypt
using public keyusing public key User decrypts using private keyUser decrypts using private key
Digital SignatureDigital Signature
Sender encrypts message with their private keySender encrypts message with their private key
Receiver can decrypt using senders public keyReceiver can decrypt using senders public key
This authenticates sender, who is only person This authenticates sender, who is only person
who has the matching keywho has the matching key
Does not give privacy of dataDoes not give privacy of data
Decrypt key is publicDecrypt key is public
Asymmetric-key or Public-key Asymmetric-key or Public-key CryptosystemsCryptosystems
There are many examples of commonly used There are many examples of commonly used public-key systems including:public-key systems including:
Diffie-HellmanDiffie-Hellman Rivest, Rivest, ShamirShamir, , AdlemanAdleman (RSA)(RSA) Digital Signature Algorithm Digital Signature Algorithm (DSA)(DSA) / / Al GamalAl Gamal Elliptic Curve Cryptosystem (Elliptic Curve Cryptosystem (ECCECC))
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
first public-key type scheme proposed first public-key type scheme proposed by Diffie & Hellman in 1976 along with the by Diffie & Hellman in 1976 along with the
exposition of public key conceptsexposition of public key concepts note: now know that James Ellis (UK CESG) note: now know that James Ellis (UK CESG)
secretly proposed the concept in 1970 secretly proposed the concept in 1970 is a practical method for public exchange is a practical method for public exchange
of a secret keyof a secret key
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
RSA AlgorithmRSA AlgorithmWe’re using Big Integers here:We’re using Big Integers here: Choose large secret prime numbers p Choose large secret prime numbers p
and qand q Calculate N = p * qCalculate N = p * q Choose exponent e such thatChoose exponent e such that
gcd(e, (p-1)(q-1)) = 1gcd(e, (p-1)(q-1)) = 1 Normally choose 3, 17 or Normally choose 3, 17 or
6553765537 Public key is pair N and ePublic key is pair N and e Choose d so thatChoose d so that
e * d = 1 (mod (p-1)(q-1))e * d = 1 (mod (p-1)(q-1)) Private key is d (for efficiency d, p, q)Private key is d (for efficiency d, p, q)
Encryption: c = mEncryption: c = mee (mod N) (mod N) Decryption: m = cDecryption: m = cdd (mod N) (mod N)
Baby exampleBaby examplep=7, q=11p=7, q=11
N=77N=773737gcd (37,(7-1)(11-1)) = 1gcd (37,(7-1)(11-1)) = 1
77, 3777, 371313
37*13=481=1(mod 60)37*13=481=1(mod 60)1313
223737 mod 77 = mod 77 = 5151
51511313 mod 77 = mod 77 = 22
Public Key Certificate UsePublic Key Certificate Use
Digital certificatesDigital certificates
Digital certificatesDigital certificates
Digital certificates include:Digital certificates include: A public keyA public key An individual or organisation’s detailsAn individual or organisation’s details A digital signature from a certifying authority A digital signature from a certifying authority
(CA)(CA)• This states that the CA has seen proof of identityThis states that the CA has seen proof of identity
Common certifying authorities:Common certifying authorities: VeriSign, Thawte, Equifax Secure, British VeriSign, Thawte, Equifax Secure, British
TelecomTelecom CAs are themselves certified by other CAsCAs are themselves certified by other CAs A few “root” CAs are usually trustedA few “root” CAs are usually trusted
Message AuthenticationMessage Authentication
Message Authentication CodeMessage Authentication Code
Generate authentication code based on Generate authentication code based on shared key and messageshared key and message
Common key shared between A and BCommon key shared between A and B If only sender and receiver know key and If only sender and receiver know key and
code matches:code matches: Receiver assured message has not alteredReceiver assured message has not altered Receiver assured message is from alleged senderReceiver assured message is from alleged sender If message has sequence number, receiver If message has sequence number, receiver
assured of proper sequenceassured of proper sequence
Hash Functions vs. MACHash Functions vs. MAC
Hash FunctionGenerate a fixed length “Fingerprint” for an arbitrary
length messageNo Key involvedMust be at least One-way to be useful
Constructions Iterated hash functions (MD4-family hash functions):
MD5, SHA1, …Hash functions based on block ciphers:
MDC(Manipulation Detection Code)
Hash Functions
H
Message M
Message Digest D
D = H(M)
MAC Generate a fixed length MAC for an
arbitrary length message A keyed hash function Message origin authentication Message integrity Entity authentication Transaction authentication
Message Authentication Codes (MACs)
MAC
SE
ND
MAC
MAC
Shared Secret Key
Comparison of Hash Function & MAC
Hash function
Arbitrary length
message
Hash
fixed length
MACfunction
Arbitrary length
message
MAC
fixed length
Secret key
Easy to compute Compression: arbitrary length input to fixed length output Unkeyed function vs. Keyed function
Symmetric Authentication (MAC)
Secret keyalgorithm
KAB
Shared Secret key
betweenAlice and Bob
Secret keyalgorithm
KAB
yes no
Message MAC transmitMessage MAC
MAC
Alice Bob
Shared Secret key
betweenAlice and Bob
Digital Signature
Hashfunction
Alice’s Public keyyes no
Message Signature transmit Message Signature
Alice Bob
Public keyalgorithm
Alice’s Private key
Hash value
Hashfunction
Hash value 1
Public keyalgorithm
Hash value 2
HashingHashing
A hashing algorithm refers to a mathematical function A hashing algorithm refers to a mathematical function that takes a variable- size string as input and transforms that takes a variable- size string as input and transforms (hashes) it into a fixed-size string, which is called the (hashes) it into a fixed-size string, which is called the hash value. hash value.
One of the most common uses of hashing in network One of the most common uses of hashing in network security is to produce condensed representations of security is to produce condensed representations of messages or “fingerprints,” often known as “message messages or “fingerprints,” often known as “message digests,” by applying a hashing algorithm to an arbitrary digests,” by applying a hashing algorithm to an arbitrary amount of data — the message.amount of data — the message.
The two most commonly used hashing algorithms are The two most commonly used hashing algorithms are MD5 and SHA 1 (part of the secure hash standard MD5 and SHA 1 (part of the secure hash standard [SHS]).[SHS]).
Using Using One One Way Way HashHash
Secure Hash FunctionsSecure Hash Functions
Hash function must have following Hash function must have following properties:properties: Can be applied to any size data blockCan be applied to any size data block Produce fixed length outputProduce fixed length output Easy to computeEasy to compute Not feasible to reverseNot feasible to reverse Not feasible to find two message that give the Not feasible to find two message that give the
same hashsame hash
SHA-1SHA-1
Secure Hash Algorithm 1Secure Hash Algorithm 1 Input message less than 2Input message less than 264 64 bitsbits
Processed in 512 bit blocksProcessed in 512 bit blocks Output 160 bit digestOutput 160 bit digest
Message Digest GenerationMessage Digest GenerationUsing SHA-1Using SHA-1
Key ManagementKey Management
ISAKMPISAKMP
The Internet Security Association and Key The Internet Security Association and Key Manage ment Protocol (ISAKMP) is defined Manage ment Protocol (ISAKMP) is defined primarily as a very comprehensive framework for primarily as a very comprehensive framework for key management offering maximum flexibilitykey management offering maximum flexibility
OAKLEY is defined based on the Diffie–Hellman OAKLEY is defined based on the Diffie–Hellman key-exchange algorithm. key-exchange algorithm.
IKE, on the other hand, is defined primarily to be IKE, on the other hand, is defined primarily to be the key management for the IPSec Architecture the key management for the IPSec Architecture and makes use of parts of the ISAKMP and and makes use of parts of the ISAKMP and OAKLEY definitions.OAKLEY definitions.
ISAKMPISAKMP
ISAKMP defines procedures and packet ISAKMP defines procedures and packet formats to establish, negotiate, modify, formats to establish, negotiate, modify, and delete SAs.and delete SAs.
ISAKMP only describes the procedures, ISAKMP only describes the procedures, i.e., how something is done. i.e., how something is done.
ISAKMP is independent of the security ISAKMP is independent of the security protocols, cryptographic algorithms, and protocols, cryptographic algorithms, and key-generation and key-exchange key-generation and key-exchange techniques that are actually used. techniques that are actually used.
ISAKMP phasesISAKMP phases
ISAKMP offers two phases of negotiation. ISAKMP offers two phases of negotiation. In the first phase, the two entities agree on how In the first phase, the two entities agree on how
to protect further negotiation traffic between to protect further negotiation traffic between themselves, establishing an ISAKMP SA. themselves, establishing an ISAKMP SA.
The second phase of negotiation is used to The second phase of negotiation is used to establish security associations for other security establish security associations for other security protocols. The security associations established protocols. The security associations established by ISAKMP during this phase can be used by a by ISAKMP during this phase can be used by a security protocol to protect many message or security protocol to protect many message or data exchanges.data exchanges.
ISAKMP and TCP/IPISAKMP and TCP/IP
OAKLEYOAKLEY
The OAKLEY protocol allows two authenticated The OAKLEY protocol allows two authenticated entities to exchange and establish secret keying entities to exchange and establish secret keying material. material.
It is designed to be a compatible component of It is designed to be a compatible component of ISAKMP. ISAKMP.
The two communicating entities negotiate The two communicating entities negotiate methods for encryption, key derivation, and methods for encryption, key derivation, and authentication. authentication.
The basic mechanism of OAKLEY is the Diffie–The basic mechanism of OAKLEY is the Diffie–Hellman key-exchange algorithm, which estab Hellman key-exchange algorithm, which estab lishes a shared key without transmitting this key. lishes a shared key without transmitting this key.
OAKLEY Key ExchangeOAKLEY Key Exchange
An OAKLEY key exchange is made up of a An OAKLEY key exchange is made up of a sequence of message exchanges. sequence of message exchanges.
The goal of key-exchange processing is the The goal of key-exchange processing is the secure establishment of a common keying secure establishment of a common keying information state in the two communicating information state in the two communicating entities. entities.
This state information consists of a key name, This state information consists of a key name, secret keying material, the identities of the two secret keying material, the identities of the two parties, and three algorithms for use during parties, and three algorithms for use during authentication: authentication: encryptionencryption hashing, and hashing, and authenticationauthentication
IKEIKE
IKE is the protocol that performs mutual IKE is the protocol that performs mutual authentication and establishes SAs authentication and establishes SAs between two parties for IPSec.between two parties for IPSec.
IKE uses parts of ISAKMP, OAKLEY, and IKE uses parts of ISAKMP, OAKLEY, and SKEME to provide management of keys SKEME to provide management of keys and security associations. and security associations.
Key ISAKMP, OAKLEY, AND Key ISAKMP, OAKLEY, AND SKEME concept in IKESKEME concept in IKE
Digital CertificatesDigital CertificatesDigital Signatures: (Data Origin Authentication, Data Integrity, and Non-Digital Signatures: (Data Origin Authentication, Data Integrity, and Non-
repudiation)repudiation)
Digital Signature
Digital Signature with Hash Digital Signature with Hash FunctionFunction
Pretty good privacy (PGP)Pretty good privacy (PGP)
PGP EncryptionPGP Encryption ( (Pretty Good PrivacyPretty Good Privacy) is a computer ) is a computer program that provides cryptographic privacy and program that provides cryptographic privacy and authentication.authentication.
Public key cryptographyPublic key cryptography, also known as , also known as asymmetric asymmetric cryptographycryptography, is a form of cryptography in which a user , is a form of cryptography in which a user has a pair of cryptographic keys - a has a pair of cryptographic keys - a public keypublic key and a and a private keyprivate key
It was originally created by Philip Zimmermann in 1991. It was originally created by Philip Zimmermann in 1991.
Pretty Good PrivacyPretty Good Privacy
PGP encryption
Pretty Good PrivacyPretty Good Privacy
PGP decryption
Applications of CryptosystemsApplications of Cryptosystems
Automatic Teller MachinesAutomatic Teller Machines Phone CardsPhone Cards Cellular Phone NetworksCellular Phone Networks Remote System AccessRemote System Access Credit CardsCredit Cards Electronic CashElectronic Cash Medical RecordsMedical Records