UNIT3 Complete

download UNIT3 Complete

of 66

Transcript of UNIT3 Complete

  • 8/8/2019 UNIT3 Complete

    1/66

    DEADLOCKS

    UNIT III

  • 8/8/2019 UNIT3 Complete

    2/66

    1/4/2011 MD ISMAIL MJCET EED 2

    The Deadlock Problem

    A set of blocked processes each holding a

    resource and waiting to acquire a resource

    held by another process in the set. Example

    System has 2 tape drives.

    P1 and P2 each hold one tape drive and each

    needs another one.

    Example

    semaphoresA and B, initialized to 1

  • 8/8/2019 UNIT3 Complete

    3/66

    1/4/2011 MD ISMAIL MJCET EED 3

    Bridge Crossing Example

    Traffic only in one direction.

    Each section of a bridge can be viewed as a

    resource.

    If a deadlock occurs, it can be resolved if onecar backs up (preempt resources and rollback).

    Several cars may have to be backed up if a

    deadlock occurs.

    Starvation is possible.

  • 8/8/2019 UNIT3 Complete

    4/66

    1/4/2011 MD ISMAIL MJCET EED 4

    System Model

    Resource types R1, R2, . . ., RmCPU cycles, memory space, I/O devices

    Each resource type Ri has Wi instances. Each process utilizes a resource as follows:

    request

    use

    release

  • 8/8/2019 UNIT3 Complete

    5/66

    1/4/2011 MD ISMAIL MJCET EED 5

    Deadlock Characterization

    Mutual exclusion: only one process at a timecan use a resource.

    Hold and wait: a process holding at least oneresource is waiting to acquire additionalresources held by other processes.

    No preemption: a resource can be releasedonly voluntarily by the process holding it, afterthat process has completed its task.

    Circular wait: there exists a set {P0, P1, , P0}of waiting processes such that P0is waiting for a

    resource that is held by P1, P1 is waiting for aresource that is held by

    P2, , Pn1 is waiting for a resource that is heldbyPn, and P0 is waiting for a resource that is held

    by P0.

    Deadlock can arise if four conditions hold simultaneously.

  • 8/8/2019 UNIT3 Complete

    6/66

    1/4/2011 MD ISMAIL MJCET EED 6

    Resource-Allocation Graph

    V is partitioned into two types:

    P= {P1, P2, , Pn}, the set consisting ofall the processes in the system.

    R= {R1, R2, , Rm}, the set consisting of

    all resource types in the system. request edge directed edge P1p Rj

    assignment edge directed edge Rjp P

    i

    A set of vertices V and a set of edges E.

  • 8/8/2019 UNIT3 Complete

    7/66

    1/4/2011 MD ISMAIL MJCET EED 7

    Resource-Allocation Graph

    (Cont.)

    Process

    Resource Type with 4 instances

    Pirequests instance ofRj

    Pi is holding an instance ofRj

    Pi

    PiRj

    Rj

  • 8/8/2019 UNIT3 Complete

    8/66

    1/4/2011 MD ISMAIL MJCET EED 8

    Example of a Resource Allocation

    Graph

    P1R1,P2 R3,R1 P2, R2 P2,R2

    P1,R3 P3

    NOTE : IF the graph contains no cyclesThen no process in the system is deadlock

  • 8/8/2019 UNIT3 Complete

    9/66

    1/4/2011 MD ISMAIL MJCET EED 9

    Resource Allocation Graph With A

    Deadlock

    P1 R1 P2 R3 P3 R2 P1

    P2 R3 P3 R2 P2

    Two cycles exist

    P1,P2&P3 are Deadlocked

  • 8/8/2019 UNIT3 Complete

    10/66

    1/4/2011 MD ISMAIL MJCET EED 10

    Resource Allocation Graph With ACycle But No

    Deadlock

    P1 R1 P3 R2 P1

    There is cycle but no

    Deadlock

  • 8/8/2019 UNIT3 Complete

    11/66

    1/4/2011 MD ISMAIL MJCET EED 11

    Basic Facts

    If graph contains no cycles no deadlock.

    If graph contains a cycle if only one instance per resource type, then

    deadlock.

    if several instances per resource type, possibility

    of deadlock.

  • 8/8/2019 UNIT3 Complete

    12/66

    1/4/2011 MD ISMAIL MJCET EED 12

    Methods forHandling

    Deadlocks

    Ensure that the system will neverenter a

    deadlock state.

    Allow the system to enter a deadlock state

    and then recover.

    Ignore the problem and pretend thatdeadlocks never occur in the system; used by

    most operating systems, including UNIX.

  • 8/8/2019 UNIT3 Complete

    13/66

    1/4/2011 MD ISMAIL MJCET EED 13

    Deadlock Prevention

    Mutual Exclusion not required for sharable

    resources; must hold for nonsharable

    resources.

    Hold and Wait must guarantee that whenever

    a process requests a resource, it does not hold

    any other resources.

    Require process to request and be allocatedall its resources before it begins execution,

    or allow process to request resources only

    when the process has none.

    Low resource utilization; starvation possible.

    Restrain the ways request can be made.

  • 8/8/2019 UNIT3 Complete

    14/66

    1/4/2011 MD ISMAIL MJCET EED 14

    Deadlock Prevention (Cont.)

    No Preemption If a process that is holding some resources requests

    another resource that cannot be immediately

    allocated to it, then all resources currently being held

    are released.

    Preempted resources are added to the list of

    resources for which the process is waiting.

    Process will be restarted only when it can regain its

    old resources, as well as the new ones that it is

    requesting.

    Circular Wait impose a total ordering of all resource

    types, and require that each process requests resources

    in an increasing order of enumeration.

  • 8/8/2019 UNIT3 Complete

    15/66

    1/4/2011 MD ISMAIL MJCET EED 15

    Deadlock Avoidance

    Simplest and most useful model requires that

    each process declare the maximum numberof

    resources of each type that it may need.

    The deadlock-avoidance algorithm dynamically

    examines the resource-allocation state to

    ensure that there can never be a circular-wait

    condition.

    Resource-allocation state is defined by the

    number of available and allocated resources,

    and the maximum demands of the processes.

    Requires that the system has some additional a priori informationavailable.

  • 8/8/2019 UNIT3 Complete

    16/66

    1/4/2011 MD ISMAIL MJCET EED 16

    Safe State

    When a process requests an available

    resource, system must decide if immediateallocation leaves the system in a safe state.

    System is in safe state if there exists a safesequence of all processes.

    Sequence is safe if for each Pi,the resources that Pican still request can besatisfied by currently available resources +resources held by all the P

    j, with j

  • 8/8/2019 UNIT3 Complete

    17/66

    1/4/2011 MD ISMAIL MJCET EED 17

    Safe, Unsafe , Deadlock State

  • 8/8/2019 UNIT3 Complete

    18/66

    1/4/2011 MD ISMAIL MJCET EED 18

    Basic Facts

    If a system is in safe state no deadlocks.

    If a system is in unsafe state possibility ofdeadlock.

    Avoidance ensure that a system will never

    enter an unsafe state.

  • 8/8/2019 UNIT3 Complete

    19/66

    1/4/2011 MD ISMAIL MJCET EED 19

    Resource-Allocation Graph

    Algorithm

    Claim edge Pip Rj indicated

    that process Pj may request

    resource Rj; represented by a

    dashed line.

    Claim edge converts to request

    edge when a process requests

    a resource.

    When a resource is releasedby a process, assignment edge

    reconverts to a claim edge.

    Resources must be claimed a

    prioriin the system.

    Resource-Allocation Graph

    ForDeadlockAvoidance

    Assignment

    edge

    Request

    edge

    Claim

    edge

  • 8/8/2019 UNIT3 Complete

    20/66

    1/4/2011 MD ISMAIL MJCET EED 20

    Unsafe State In Resource-Allocation

    Graph

    In the above fig suppose that

    process p2 requests R2

    ,although R2 is currently

    free,we cannot allocate it to

    P2,since this action will createa cycle in the graph.

    A cycle indicates that the

    system is in an unsafe state. If

    P1 requests R2,and P2requests R1,then a dead lock

    will occur

  • 8/8/2019 UNIT3 Complete

    21/66

    1/4/2011 MD ISMAIL MJCET EED 21

    Bankers Algorithm

    Multiple instances.

    Each process must a priori claim maximum

    use.

    When a process requests a resource it may

    have to wait.

    When a process gets all its resources it must

    return them in a finite amount of time.

  • 8/8/2019 UNIT3 Complete

    22/66

    1/4/2011 MD ISMAIL MJCET EED 22

    Data Structures for the Bankers

    Algorithm

    Available: Vector of length m. If available [j] =k,

    there are k instances of resource type Rjavailable.

    Max: n x m matrix. IfMax[i,j] =k, then process

    Pimay request at most kinstances of resource

    type Rj.

    Allocation: nx m matrix. IfAllocation[i,j] =k

    then Pi is currently allocated k instances ofRj.

    Need: n x m matrix. IfNeed[i,j] = k, then Pimayneed kmore instances ofRjto complete its

    task.

    Need[i,j]=Max[i,j] Allocation [i,j].

    Let n = number of processes, and m = number of resources types.

  • 8/8/2019 UNIT3 Complete

    23/66

    1/4/2011 MD ISMAIL MJCET EED 23

    SafetyAlgorithm

    1. Let Workand Finish be vectors of length m andn, respectively. Initialize:

    Work=Available

    Finish [i] = false fori- 1,3, , n.

    2. Find and isuch that both:

    (a) Finish [i] =false

    (b) NeedieWork

    If no such iexists, go to step 4.

    3. Work=Work+AllocationiFinish[i] = truego to step 2.

    4. IfFinish [i] == true for all i, then the system is ina safe state.

    This algorithm is used to find whether the system is safe or not

  • 8/8/2019 UNIT3 Complete

    24/66

    1/4/2011 MD ISMAIL MJCET EED 24

    Resource-Request Algorithm for

    Process Pi

    Request= request vector for processPi. IfRequesti

    [j] = kthen processPi wants kinstances of resourcetype Rj.1. IfRequesti e Needi go to step 2. Otherwise, raise

    error condition, since process has exceeded itsmaximum claim.

    2. IfRequesti e Available, go to step 3. OtherwisePi must wait, since resources are not available.

    3. Pretend to allocate requested resources to Piby

    modifying the state as follows:Available = Available = Requesti;

    Allocationi = Allocationi + Requesti;

    Needi = Needi Requesti If safe the resources are allocated to Pi If unsafe Pi must wait, and the old resource-

    allocation state is restored

  • 8/8/2019 UNIT3 Complete

    25/66

    1/4/2011 MD ISMAIL MJCET EED 25

    Example ofBankers Algorithm

    5 processes P0through P4; 3 resource typesA (10 instances), B (5instances, and C(7

    instances).

    Snapshot at time T0:

    Allocation Max Available

    A B C A B C A B C

    P0 010 753 332

    P1 200 322P2 302 902

    P3 211 222

    P4 002 433

  • 8/8/2019 UNIT3 Complete

    26/66

    1/4/2011 MD ISMAIL MJCET EED 26

    Example (Cont.) The content of the matrix. Need is defined to be

    Max Allocation.

    Need

    A B C

    P0 743

    P1 122

    P2 600

    P3 011

    P4 431

    The system is in a safe state since the sequence

    < P1, P3, P4, P2, P0> satisfies safety criteria.

  • 8/8/2019 UNIT3 Complete

    27/66

    1/4/2011 MD ISMAIL MJCET EED 27

    Example P1Request (1,0,2) (Cont.)

    Check that Request e Available (that is, (1,0,2) e

    (3,3,2) true.

    Allocation Need Available

    A B C A B C A B C

    P0 010 743 230

    P1 302 020

    P2 301 600

    P3 211 011

    P4 002 431

    Executing safety algorithm shows that sequence

    satisfies safety requirement. request for (3,3,0) by P4 Cannot be granted,since the resources are

    not available

    request for (0,2,0) by P0Cannotbe granted,even though the

    resources are available, since the resulting state is unsafe

  • 8/8/2019 UNIT3 Complete

    28/66

    1/4/2011 MD ISMAIL MJCET EED 28

    Deadlock Detection

    Allow system to enter deadlock state

    Detection algorithm

    Recovery scheme

  • 8/8/2019 UNIT3 Complete

    29/66

    1/4/2011 MD ISMAIL MJCET EED 29

    ng e ns ance o ac

    Resource Type

    Maintain wait-forgraph

    Nodes are processes.

    Pip

    PjifPi is waiting forPj.

    Periodically invoke an algorithm that

    searches for a cycle in the graph.

    An algorithm to detect a cycle in a graph

    requires an order ofn2 operations, where n is

    the number of vertices in the graph.

  • 8/8/2019 UNIT3 Complete

    30/66

    1/4/2011 MD ISMAIL MJCET EED 30

    Resource-Allocation Graph and Wait-

    for Graph

    Resource-Allocation Graph Corresponding wait-for graph

  • 8/8/2019 UNIT3 Complete

    31/66

    1/4/2011 MD ISMAIL MJCET EED 31

    Several Instances of a

    Resource Type

    Available: A vector of length m indicates the

    number of available resources of each type.

    Allocation: An n x m matrix defines the numberof resources of each type currently allocated to

    each process.

    Request: An n x m matrix indicates the current

    request of each process. IfRequest[ij] =k,then process Pi is requesting kmore instances

    of resource type. Rj.

  • 8/8/2019 UNIT3 Complete

    32/66

    1/4/2011 MD ISMAIL MJCET EED 32

    Detection Algorithm

    1.Let Workand Finish be vectors of length m

    and n, respectively Initialize:

    (a) Work=Available

    (b) Fori=1,2, , n, ifAllocationi{ 0, then

    Finish[i] = false;otherwise, Finish[i] =true.

    2.Find an indexisuch that both:

    (a) Finish[i] ==false(b)RequestieWork

    If no such iexists, go to step 4.

  • 8/8/2019 UNIT3 Complete

    33/66

    1/4/2011 MD ISMAIL MJCET EED 33

    Detection Algorithm (Cont.)

    3. Work=Work+AllocationiFinish[i] =truego to step 2.

    4. IfFinish[i] == false, for some i, 1e ie n, then thesystem is in deadlock state. Moreover, ifFinish[i] ==false, then Pi is deadlocked.

    Algorithm requires an order of O(m x n2)

    operations to detect whether the systemis in deadlocked state.

  • 8/8/2019 UNIT3 Complete

    34/66

    1/4/2011 MD ISMAIL MJCET EED 34

    Example ofDetection

    Algorithm Five processes P0 through P4; three resource types

    A (7 instances), B (2 instances), and C(6 instances).

    Snapshot at time T0:

    Allocation Request Available

    A B C A B C A B C

    P0 010 000 000

    P1 200 202

    P2 303 000

    P3 211 100P4 002 002

    Sequence will result in Finish[i] =

    true for all i.

  • 8/8/2019 UNIT3 Complete

    35/66

    1/4/2011 MD ISMAIL MJCET EED 35

    Example (Cont.)

    P2 requests an additional instance of type C.Request

    A B C

    P0 000

    P1 201

    P2 001

    P3 100

    P4 002

    State of system?

    Can reclaim resources held by process P0, butinsufficient resources to fulfill other processes;

    requests.

    Deadlock exists, consisting of processes P1, P2, P3,

    and P4.

  • 8/8/2019 UNIT3 Complete

    36/66

    1/4/2011 MD ISMAIL MJCET EED 36

  • 8/8/2019 UNIT3 Complete

    37/66

    1/4/2011 MD ISMAIL MJCET EED 37

    Safe sequence: Safe sequence is calculated as follows:

    1) Need of each process is compared with available. If needi < = availablej, then

    the resources are allocated to that process and process will release resource.

    2) If need is greater than available, next process need is taken for comparison.

    3) In the above example, need of process PI is (7, 4, 3) and available is (3, 3, 2).

    Need > = Available ie False

    So system will move for next process.

    4) Need for process P2 is (1, 2, 2) and available (3, 3, 2), soNeed < = Available (Work)

    (1, 2, 2) < = (3, 3, 2) = True

    Then Finish [i] = True

    Request ofP2 is granted and processes P2 is release the resource to thesystem.

    Work: =Work + Allocation

    Work: = (3, 3, 2) + (2, 0, 0) = (5, 3, 2)

    This procedure is continued for all processes.

  • 8/8/2019 UNIT3 Complete

    38/66

    1/4/2011 MD ISMAIL MJCET EED 38

  • 8/8/2019 UNIT3 Complete

    39/66

    1/4/2011 MD ISMAIL MJCET EED 39

  • 8/8/2019 UNIT3 Complete

    40/66

    1/4/2011 MD ISMAIL MJCET EED 40

  • 8/8/2019 UNIT3 Complete

    41/66

    1/4/2011 MD ISMAIL MJCET EED 41

  • 8/8/2019 UNIT3 Complete

    42/66

    1/4/2011 MD ISMAIL MJCET EED 42

    i) Is the current allocation in a safe state?

    ii) can the request made by process P1(1,1,0)be granted?

    R f D dl k P

  • 8/8/2019 UNIT3 Complete

    43/66

    1/4/2011 MD ISMAIL MJCET EED 43

    Recovery from Deadlock: Process

    Termination

    Abort all deadlocked processes.

    Abort one process at a time until the deadlock cycle iseliminated.In which order should we choose to abort?

    Priority of the process.

    How long process has computed, and how muchlonger to completion.

    Resources the process has used. Resources process needs to complete.

    How many processes will need to be terminated.

    Is process interactive or batch?

  • 8/8/2019 UNIT3 Complete

    44/66

    1/4/2011 MD ISMAIL MJCET EED 44

    Recovery from Deadlock: Resource

    Preemption

    Selecting a victim minimize cost.

    Rollback return to some safe state, restartprocess for that state.

    Starvation same process may always be

    picked as victim, include number of rollbackin cost factor.

  • 8/8/2019 UNIT3 Complete

    45/66

    1/4/2011 MD ISMAIL MJCET EED 45

    Combined Approach to Deadlock

    Handling

    Combine the three basic approaches prevention

    avoidance

    detectionallowing the use of the optimal approach for

    each of resources in the system.

    Partition resources into hierarchically ordered

    classes.

    Use most appropriate technique for handling

    deadlocks within each class.

  • 8/8/2019 UNIT3 Complete

    46/66

    1/4/2011 MD ISMAIL MJCET EED 46

    Protection

    Goals ofProtection

    Domain ofProtection

    Access Matrix Implementation ofAccess Matrix

  • 8/8/2019 UNIT3 Complete

    47/66

    1/4/2011 MD ISMAIL MJCET EED 47

    Protection

    Operating system consists of a collection ofobjects, hardware or software

    Each object has a unique name and can be

    accessed through a well-defined set of

    operations.

    Protection problem - ensure that each objectis accessed correctly and only by thoseprocesses that are allowed to do so.

  • 8/8/2019 UNIT3 Complete

    48/66

    1/4/2011 MD ISMAIL MJCET EED 48

    Domain Structure

    Access-right =

    where rights-setis a subset of all valid

    operations that can be performed on the

    object.

    Domain = set of access-rights

  • 8/8/2019 UNIT3 Complete

    49/66

    1/4/2011 MD ISMAIL MJCET EED 49

    Access Matrix

    View protection as a matrix (access matrix)

    Rows represent domains

    Columns represent objects

    Access(i, j) is the set of operations that a

    process executing in Domaini can invoke on

    Objectj

  • 8/8/2019 UNIT3 Complete

    50/66

    1/4/2011 MD ISMAIL MJCET EED 50

    Access Matrix

    FigureA

  • 8/8/2019 UNIT3 Complete

    51/66

    1/4/2011 MD ISMAIL MJCET EED 51

    Use ofAccess Matrix If a process in Domain Di tries to do op on

    object Oj, then op must be in the access

    matrix.

    Can be expanded to dynamic protection.

    Operations to add, delete access rights.

    Special access rights:

    owner of Oi

    copy op from Oi to Oj

    control Dican modifyDj access rights

    transfer switch from domain Di to Dj

  • 8/8/2019 UNIT3 Complete

    52/66

    1/4/2011 MD ISMAIL MJCET EED 52

    Use ofAccess Matrix (Cont.)

    Access matrix design separates mechanism

    from policy.

    Mechanism

    Operating system provides access-matrix + rules.

    If ensures that the matrix is only manipulated by

    authorized agents and that rules are strictly enforced.

    Policy

    User dictates policy.

    Who can access what object and in what mode.

  • 8/8/2019 UNIT3 Complete

    53/66

    1/4/2011 MD ISMAIL MJCET EED 53

    Implementation ofAccess Matrix

    Each column =Access-control list for

    one objectDefines who can perform what

    operation.

    Domain 1=Read, Write

    Domain 2=Read

    Domain 3=Read

    Each Row =Capability List (like a key)

    Fore each domain, what operationsallowed on what objects.

    Object 1 Read

    Object 4 Read,Write, Execute

    Object 5 Read,Write, Delete, Copy

    f

  • 8/8/2019 UNIT3 Complete

    54/66

    1/4/2011 MD ISMAIL MJCET EED 54

    Access Matrix of Figure A With Domains

    as Objects

    Figure B

  • 8/8/2019 UNIT3 Complete

    55/66

  • 8/8/2019 UNIT3 Complete

    56/66

    1/4/2011 MD ISMAIL MJCET EED 56

    Access Matrix With Owner

    Rights

  • 8/8/2019 UNIT3 Complete

    57/66

    1/4/2011 MD ISMAIL MJCET EED 57

    Security

    The Security Problem

    Authentication

    Program Threats System Threats

    Encryption

  • 8/8/2019 UNIT3 Complete

    58/66

    1/4/2011 MD ISMAIL MJCET EED 58

    The Security Problem

    Security must consider external environment

    of the system, and protect it from:

    unauthorized access.

    malicious modification or destruction

    accidental introduction of inconsistency.

    Easier to protect against accidental thanmalicious misuse.

  • 8/8/2019 UNIT3 Complete

    59/66

    1/4/2011 MD ISMAIL MJCET EED 59

    Authentication User identity most often established through

    passwords, can be considered a special caseof either keys or capabilities.

    Passwords must be kept secret. Frequent change of passwords.

    Use of non-guessable passwords.

    Log all invalid access attempts.

    Passwords may also either be encrypted or

    allowed to be used only once.

  • 8/8/2019 UNIT3 Complete

    60/66

    1/4/2011 MD ISMAIL MJCET EED 60

    Program Threats Trojan Horse

    Code segment that misuses its environment. Exploits mechanisms for allowing programs

    written by users to be executed by other users.

    Trap Door Specific user identifier or password that

    circumvents normal security procedures.

    Could be included in a compiler.

    Stack and BufferOverflow Exploits a bug in a program (overflow either the

    stack or memory buffers.)

  • 8/8/2019 UNIT3 Complete

    61/66

    1/4/2011 MD ISMAIL MJCET EED 61

    System Threats Worms use spawn mechanism; standalone program

    Internet worm Exploited UNIX networking features (remote access) and

    bugs in fingerand sendmailprograms.

    Grappling hook program uploaded main worm program.

    Viruses fragment of code embedded in alegitimate program.

    Mainly effect microcomputer systems.

    Downloading viral programs from public bulletin boards or

    exchanging floppy disks containing an infection. Safe computing.

    Denial of Service

    Overload the targeted computer preventing it from doing

    any useful work.

  • 8/8/2019 UNIT3 Complete

    62/66

    1/4/2011 MD ISMAIL MJCET EED 62

    Threat Monitoring

    Check for suspicious patterns of activity i.e., several incorrect password attempts may

    signal password guessing.

    Audit log records the time, user, and type of

    all accesses to an object; useful for recovery

    from a violation and developing better

    security measures.

    Scan the system periodically for securityholes; done when the computer is relatively

    unused.

  • 8/8/2019 UNIT3 Complete

    63/66

    1/4/2011 MD ISMAIL MJCET EED 63

    Threat Monitoring (Cont.)

    Check for:

    Short or easy-to-guess passwords

    Unauthorized set-uid programs

    Unauthorized programs in system directories

    Unexpected long-running processes Improper directory protections

    Improper protections on system data files

    Dangerous entries in the program search path

    (Trojan horse)

    Changes to system programs: monitor checksum

    values

    Encryption

  • 8/8/2019 UNIT3 Complete

    64/66

    1/4/2011 MD ISMAIL MJCET EED 64

    Encryption

    Encrypt clear text into cipher text.

    Properties of good encryption technique: Relatively simple for authorized users to incrypt and

    decrypt data.

    Encryption scheme depends not on the secrecy of the

    algorithm but on a parameter of the algorithm calledthe encryption key.

    Extremely difficult for an intruder to determine the

    encryption key.

    Data Encryption Standardsubstitutes charactersand rearranges their order on the basis of an encryption

    key provided to authorized users via a secure

    mechanism. Scheme only as secure as the mechanism.

    Encryption (Cont )

  • 8/8/2019 UNIT3 Complete

    65/66

    1/4/2011 MD ISMAIL MJCET EED 65

    Encryption (Cont.) Public-key encryption based on each user

    having two keys:

    public key published key used to encrypt data.

    private key key known only to individual user

    used to decrypt data.

    Must be an encryption scheme that can bemade public without making it easy to figure

    out the decryption scheme.

    Efficient algorithm for testing whether or not a

    number is prime.

    No efficient algorithm is know for finding the

    prime factors of a number.

    Encryption Example SSL

  • 8/8/2019 UNIT3 Complete

    66/66

    1/4/2011 MD ISMAIL MJCET EED 66

    Encryption Example - SSL

    SSL Secure Socket Layer

    Cryptographic protocol that limits two

    computers to only exchange messages with

    each other.

    Used between web servers and browsers for secure

    communication (credit card numbers)

    The server is verified with a certificate.

    Communication between each computers uses

    symmetric key cryptography.