Basic Cryptography - Introduction to Cryptography - Lecture Slides, Slides of Network security

The major points in the database are given as: Basic Cryptography, Kerckhoffs’ Principle, Symmetric Key, Asymmetric Key, Encryption, Authentication, Pki, Various Types of Attacks, Securely to Bob, Alice and Bob

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathiamoorthy
sathiamoorthy 🇮🇳

4.4

(24)

106 documents

1 / 35

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Basic Cryptography
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23

Partial preview of the text

Download Basic Cryptography - Introduction to Cryptography - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

Basic Cryptography

2

Topics

  • Encryption
    • Kerckhoffs’ principle
    • Symmetric key
    • Asymmetric key
  • Authentication
  • PKI
  • Various types of attacks

4

Encryption

  • We use m to denote plain text (or

message)

  • C = E(K (^) e , m) is the cipher text of m using

key K e

When Alice sends C, Eve copies C before

Bob gets it

Alice

Eve

Bob

5

  • Eve will not know what the message is, as

she does not have the key K e to decrypt

  • Eve has the option of trying several

possible keys to decrypt

  • Bob must know the decryption algorithm

as well as the key K e to decrypt

  • Kerckhoffs’ principle: encryption must

depend on the secrecy of the key and not

the algorithm

Encryption

7

Authentication

  • Bob may expect a message from Alice
  • Eve could intercept the message and change it before forwarding it to Bob
  • In order for Bob to be sure that the message came from Alice, Bob needs some form of authentication
  • Authentication is similar to encryption, in that it uses a different key to produce a special value called Message Authentication Code (MAC)
  • MAC is obtained using a hash function
  • Alice and Bob agree on a hash function when they agree on the key K (^) e

8

Authentication

  • Assume that the authentication key is K (^) a
  • Alice sends both the cipher text C and the

MAC value “a”

  • Bob calculates the plain text m first using

K e. Bob calculates “a” using the agreed

upon hash function. If calculated MAC

matches the received MAC, Bob assumes

that Alice sent the message

  • a = h(K (^) a , m), MAC value

10

Authentication

  • In the above scenario, Bob must recognize

that the message has come out of

sequence

  • Using message numbers Bob will know

that the message is out of sequence and

discard message

  • For secure communication, Alice and Bob

need a key, a hash function, and message

numbering

11

Authentication

  • Common mistake: Encryption ensures

secure communication

13

Public key encryption

  • Alice and Bob register with a trusted third party (TTP)
  • TTP provides a public, private key pair for each individual
  • Any message m encrypted with the public key Kp can be decrypted using only the corresponding private key Ks
  • C = E(Kp , m) and m = D(Ks , C)
  • Public key can be used with any number of users

14

Public key encryption

  • Is public key then the preferred solution?
  • Answer is ‘No’ in general because public key is:
    • Complex
    • Slow
    • Expensive
  • Preferred solution is the ‘best of both methods’ scenario: - Use a symmetric key but communicate the symmetric key using the public key encryption - Untrustworthy partners could still compromise the key but in such cases the symmetric key could be changed quickly

16

Digital Signatures

  • Digital signature works in theory to authenticate a user
  • Digital signature is a legal entity in U.S. and many other countries
  • Usually digital signatures are computed by complex algorithms by the sender’s computer
  • This opens up the potential excuse that some one hacked the system to generate the digital signature without the knowledge of the secret key owner

17

PKI

  • Public Key Infrastructure (PKI) is a government initiative to protect computer systems
  • Developed in the 1970s but has not been widely accepted. However, parts of the system are in extensive use today. These are Digital Certificates and Digital Signatures.
  • Digital Certificates are given by trusted third parties, known as Certificate Authorities (CAs). Verisign (an offshoot of RSA) is a CA. Any organization can be a CA as long as there are people willing to believe their assessment of authenticity.

19

PKI

  • Secure Socket Layer (SSL) uses PKI
  • Verisign provides most of the certificates
  • Verisign backs its certificates only up to a

$100 liability

20

Digital Certificates

  • Issued by trusted third parties known as Certificate Authorities (CAs)
  • Verisign is a trusted third party (TTP)
  • Used to authenticate an individual or an organization
  • Digital Certificates are usually given for a period of one year
  • They can be revoked
  • It is given at various security levels. Higher the security level, the CA verifies the authenticity of the certificate seeker more.