Understanding Cryptography: Key Distribution, Public Key Encryption, and Message Integrity, Slides of Computer Networks

An overview of cryptography, focusing on the concepts of symmetric and asymmetric key encryption, block and stream ciphers, public key encryption algorithms like rsa, digital signatures, and key distribution and certification. It also covers the importance of message integrity and the role of digital signatures in ensuring it.

Typology: Slides

2012/2013

Uploaded on 04/27/2013

jogy
jogy 🇮🇳

4.7

(10)

54 documents

1 / 126

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Computer Networking Technology II
Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Understanding Cryptography: Key Distribution, Public Key Encryption, and Message Integrity and more Slides Computer Networks in PDF only on Docsity!

Computer Networking Technology II

Security

Security in Networks

  • Any two nodes (hosts, routers, etc.) might

need to exchange data securely

  • Secure email, transfer routing tables, military secrets, private data (SSN, Visa), DNS servers, etc. all need secure communication
  • Security has many aspects
  • End-point Authentication : If Bob and Carol are communicating, how do they know it’s really Bob and Carol?

Basic Defense Strategy

  • In any kind of security approach, we need

to consider three aspects in our strategy

  • Prevent : Protect the network to make it harder for an attack to take place
  • Detect : How do you know if you’ve been attacked? - Often very difficult in networking
  • Mitigate : As or after an attack happens, how do you minimize the damage it did?

Non-network Example

  • Consider the problem of a bomb on a plane
    • Prevent: might prevent the problem by 1) scanning luggage and passengers, 2) requiring security checks for airport employees, and 3) controlling access to planes on the ground
    • Detect: detect the problem by 1) a bomb going off, or 2) someone identifying they have a bomb
    • Mitigate: Reduce damage by 1) reducing altitude before the bomb goes off, 2) design the plane to avoid duplicate systems next to each other

Security vs classification

  • In discussing security, the notion of

classification (e.g. Confidential, Secret, Top

Secret, etc.) can emerge

  • Systems to handle classified material are

known as ‘trusted’ systems – look for that

keyword

  • Often based on old standards such as the Rainbow Series’ Orange Book

Passive Intruder

  • Going back to Bob and Carol, what happens if someone is listening to their exchange?
  • A passive intruder could
    • Eavesdrop – listen to and record the secure exchange
    • Modify, insert, or delete messages that Bob and Carol were trying to exchange
    • Could lead to stealing data, impersonating another user, hijacking a session or causing DoS

Cryptography

  • At the receiving end, the cipher text is turned

back into plain text using a decryption

algorithm , K B )

Keys

  • A key is a string of characters, numbers, and other ASCII symbols that feeds into the encryption and decryption algorithms
  • The longer the key (in bits), the harder it is to break - DES uses a 56-bit key - RC5-64 is a 64-bit key, RC5-72 is 72-bit - RSA and AES use up to 128-bit keys - PGP uses up to 4096-bit keys (great crypto paper)

Block vs Stream

  • Another is whether each character is coded

individually ( stream cipher ), or a group of

characters are coded together ( block cipher )

  • Stream cipher examples include Caesar’s code, the WWII Enigma machine, and WEP (Wired Equivalent Privacy)
  • Block ciphers are very common (AES, RSA, etc.)
    • Block sizes are typically 64 or 128 bits

Cipher-Block Chaining (CBC)

  • Repeated phrases, like ‘HTTP/1.1’ produce the

same string when encrypted, making it easier

to guess their meaning

  • Send a 64-bit Initialization Vector (IV) first
  • Encrypt and send (first block of text XOR IV)
  • For each subsequent block, encrypt and send (previous block XOR current clear text)
  • This keeps duplicate blocks from appearing

that way

Symmetric Key Crypto

  • The Caesar cipher was very simple
  • Just move the alphabet down some number of

characters, ‘k’

  • A  G (for k = 6)
  • Then B  H, C  I, D  J, etc.
  • Wrap around when you get to T  Z, U  A
  • If you know this is the type of cipher, there

are only 25 different possible keys!

Symmetric Key Crypto

  • Improve on this with a monoalphabetic cipher
  • Each letter corresponds to some other letter,

but they aren’t in order

  • A  V, B  L, C  R, or whatever
  • This makes 26! (= 4.03E26 or 4.03x10 26 ) key

combinations in theory, but patterns of

common words make it a lot easier to

break than that would suggest

DES

  • The Data Encryption Standard (DES) was invented in 1977, and updated in 1993 - It is symmetric, uses 64-bit blocks, and nominally a 64-bit key - Ok, only 56 bits of the key are usable – the rest is for parity checks 2^56 = 72E15 possible keys
  • How DES works is very messy
    • The 64 bits in a block are permuted, go through 16 cycles of math operations, and get permuted again at the end

DES

  • Each of the 48-bit

keys (K1 to K16)

are different parts

of the overall

56-bit key