10 views

Uploaded by RakhmadhanyPrimananda

save

You are on page 1of 20

Principles of Cryptography

Section 8.2 Ali Erkan & John Barr Ithaca College

2

Chapter Outline

8.1: What is network security? 8.2: Principles of cyrptography 8.3: Message Integrity and End-Point Authentication 8.4: Securing e-mail 8.5: Securing TCP connections: SSL 8.6: Network layer security: IPsec and VPNs 8.7: Securing wireless LANs 8.8: Operational Security: Firewalls and Intrusion Detection Systems

3 What Is Network Security? Conventional use: Sender encrypts message. receiver decrypts message Conﬁdentiality: A Authentication: A Message Integrity: A Access and Availability: Services must be accessible and available to users .

4 An Issue That Cuts Across The Protocol Stack Application Layer: A Transport Layer: A Network Layer: A Data-link Layer: A .

5 Who Might Alice And Bob Be? Data Control. data messages Secure sender Channel Secure receiver Data Alice Bob Trudy Web browser/server for electronic transactions On-line banking client/server Surveillance systems DNS servers Routers exchanging routing 02-068 table updates AW/Kurose and Ross Computer Networking KR 07.01 ar1 .

6 What Can Trudy Do? Just Look At That Face...01 ar1 . Data Control. data messages Secure sender Channel Secure receiver Data Alice Bob Trudy Eavesdrop: Inject: Impersonate: Hijack: Intercept messages Actively insert messages into connection Spoof source address (or any ﬁeld in packet) in packet Take over ongoing connection by removing sender or receiver. inserting himself in place Overload: Prevent service from being02-068 used by others (DoS) AW/Kurose and Ross Computer Networking KR 07.

7 Notation And Variables Plaintext Encryption algorithm Ciphertext Channel Decryption algorithm Plaintext KA Alice Bob KB Key: Trudy Key m: KA : KA(m): KB : KB (KA(m)): A A A A A 02-068 AW/Kurose and Ross Computer Networking KR 07.02 ar1 .

8 Notation And Variables Plaintext Encryption algorithm Ciphertext Channel Decryption algorithm Plaintext KA Alice Bob KB Key: Trudy Key Symmetric key systems: • KA = KB . both are private Public key systems: • KA.02 ar1 .priv used to A • KA.public used to A 02-068 AW/Kurose and Ross Computer Networking KR 07.

C1 . C2 . Key Systems: The “Old” Ones Ceaser cipher. much easier to crack Polyalphabetic cipher: plaintext C1(k = 5) C2(k = 19) pattern a b c d e f g h i j k l m n o p q r s t u v w x y z f g h i j k l m n o p q r s t u v w x y z a b c d e t u v w x y z a b c d e f g h i j k l m n o p q r s C1 . it takes 26! tries to ﬁgure out mapping With statistical observations. C2 .9 Sym. C2 . it takes 26 tries to ﬁgure out mapping Monoalphabetic cipher: plaintext ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z m n b v c x z a s d f g h j k l p o i u y t r e w q With brute force. k=3: plaintext ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z d e f g h i j k l m n o p q r s t u v w x y z a b c With brute force.

there should be no correlation between the ciphertext and either the original data or key”. With a good algorithm.. . 64-bit plaintext input N IST S TATEMENT “The goal is completely scramble the data and key so that every bit of the ciphertext depends on every bit of the data and every bit of the key.. Key Systems: Data Encryption Standard DES: • US encryption standard [NIST 1993] • OK for commercial and non-classiﬁed use • 56-bit symmetric key.10 Sym.

XOR-ing with the leftmost 32 bits of the input. How does decryption work? By reversing the steps of the operation.11 Sym. 48-bit K16 L17 R17 permute 64-bit output .R1. Key Systems: Data Encryption Standard 64-bit input permute L1 R1 48-bit K1 56-bit key f(L1.R2. XOR-ing with the expanded 6-bit chunks of the 48-bit key Ki. a substitution.K2) L3 R3 What happens in f ()? The 64-bit input and the 48-bit key for the ith round are taken as input to f () that involves expansion of 4-bit input chunks into 6-bit chunks.K1) L2 R2 48-bit K2 f(L2.

Making DES more secure: • Use three keys sequentially (3-DES) on each datum Advanced Encryption Standard: • New (Nov. or 256 bit keys • Brute force decryption (try each key) taking 1 sec on DES. 192. replacing DES • Processes data in 128 bit blocks • 128. takes 149 trillion years for AES 1 “Strong cryptography makes the world a safer place” . 2001) symmetric-key NIST standard. Key Systems: Data Encryption Standard How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase1 brute forcely decrypted 4 months (Google ‘des challange’) • No known “backdoor” decryption approach.12 Sym.

and sends it to Grifﬁn • Grifﬁn receives the box and opens it with his copy of the key • Grifﬁn puts the money in the box and locks it with the padlock • Matt receives the box. locks its with the padlock. each keeping one of the two identical keys to open it • Matt puts the exam questions in a box. opens it with his copy of the key .13 Symmetric Key Cryptography Matt and Grifﬁn need to exchange a number of secret messages: • Matt and Grifﬁn buy a padlock.

14 Public Key Cryptography Matt and Grifﬁn need to exchange a number of secret messages: • Grifﬁn and Matt buy separate padlocks • Matt asks Grifﬁn to send his open padlock through regular mail • Matt uses the received padlock to lock the box that will deliver the message to Grifﬁn • Grifﬁn receives the box and opens it with the key which only he has • Grifﬁn asks Matt to send Matt’s open padlock through the regular mail • Grifﬁn uses the received padlock to lock the box that will deliver the message to Matt • Matt receives the box and opens it with the key which only he has .

15 Public Key Encryption KB+ Public encryption key KB– Private decryption key Plaintext message.06 ar2 28p2 Wide x 12p10 Deep 2/c 05/15/02SC 6/04/02GM . m Ciphertext KB+ (m) Plaintext message. m Encryption algorithm Decryption algorithm m = KB– (KB+ (m)) 02-068 AW/Kurose and Ross Computer Networking KR 07.

. it should be impossible to compute KB . Why? A + − • KB (KB (m)) = m. Adelson) does exactly that. Why? A + − Given public key KB . • How is this possible? A The RSA algorithm (Rivest.16 Public Key Encryption Requirements + − Need KB and KB such that − + • KB (KB (m)) = m. Shamir.

z = (p − 1)(q − 1). Each might be 1024 bits. Choose e (e < n) that has no common factors with z . That is. e) − Private key KB is (n. d) What? . Compute d such that ed − 1 is exactly divisible by z .17 RSA Choice of Keys Choose two large prime numbers p and q . Compute n = pq . This means e and z are relatively prime. + Public key KB is (n. ed mod z = 1.

To decrypt received bit pattern c. Decryption To encrypt bit pattern m.18 RSA Encryption. compute m = cd mod n This is the remainder when cd is divided by n. somehow. compute c = me mod n This is the remainder when me is divided by n. This means that. m = (me mod n) mod n d .

Therefore. therefore e and z are relatively prime.19 RSA Example Bob chooses p = 5. Choose d so that ed − 1 is exactly divisible by z : ed − 1 = kz ed = kz + 1 kz + 1 d= e Let k = 6 6 × 24 + 1 d= = 29 5 . q = 7. n = 5 × 7 = 35 Therefore z = (5 − 1) × (7 − 1) = 24 Let e be 5.

e.20 RSA Example Transmit letter ‘l’ (i. lower case ‘L’): m = 12 me = 125 = 248832 me mod n = 125 mod 35 = 17 Receive 17: c = 17 cd = 1729 = 481968572106750915091411825223071697 cd mod n = 1729 mod 35 = 12 .

- RSA DocUploaded byXerus Anatas
- Fibonacci Series.pdfUploaded byNinad Samel
- A Symmetric Key Cryptographic Algorithm.pdfUploaded byperhacker
- Data Encryption DecryptionUploaded byMohit Sharma
- IJERA(www.ijera.com)International Journal of Engineering Research and ApplicationsUploaded byAnonymous 7VPPkWS8O
- RSA-2.pptUploaded byshahad
- Public KeyUploaded bytayel
- digital certificate and signature.pptUploaded byChandni Bathla
- 14Uploaded byadmin2146
- cns unit I two marksUploaded byBharathi
- IJCSN-2013-2-6-153.pdfUploaded byijcsn
- Enhanced Key Protection in Private Key CryptographyUploaded byIJRASETPublications
- RsaUploaded byMahadev Karad
- PublickeyEncryption FinalUploaded byJonnasQuinn
- Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud StorageUploaded byNarendra Babu
- An Enhanced Text to Image Encryption Technique using RGB Substitution and AESUploaded byseventhsensegroup
- Protocols iiUploaded byIoana Tiriac
- Document(10)Uploaded byCao Minh Trí
- Message in a Sealed BottleUploaded bylogu_thalir
- Comparison and Evaluation of DigitalUploaded byijesajournal
- Chapter 11 : Infrastructure For E-CommerceUploaded byKamran Shabbir
- Electronic VotingUploaded bySundar Rajan S
- KeyArchivalandManagementinLonghornBeta3 Pub (1)Uploaded bysabeelshakir
- Apache SSLUploaded bybedorlehacker
- Public-Key Encryption in the Bounded-Retrieval ModelUploaded byP
- Modified RsaUploaded byAnkit Bhangdia
- IJIRIS:: Advanced Data Protection and Key Organization Framework for Mobile Ad-Hoc NetworksUploaded byIJIRIS - INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH IN INFORMATION SECURITY
- Simplified Aes ExampleUploaded byOmkar Nagare
- Security and Confidentiality in Healthcare InformaticsUploaded byEdwin Aguilar
- cryptography-HardeepUploaded byvandana_pasricha5627

- Final Report ENSC835Uploaded byRakhmadhanyPrimananda
- Final Report ENSC835Uploaded byRakhmadhanyPrimananda
- 100313 (TAC,IMO,PSO)Uploaded byRakhmadhanyPrimananda
- Link Referensi Fault Tolerant.txtUploaded byRakhmadhanyPrimananda
- Modeler Day2 (reupload)Uploaded byRakhmadhanyPrimananda
- Rapat 27072017Uploaded byRakhmadhanyPrimananda
- lecture9-4.pdfUploaded byRakhmadhanyPrimananda
- lecture9-4.pdfUploaded byRakhmadhanyPrimananda
- GOOD Tut Hemant Ns2Uploaded byshan_jay
- BeaconUploaded byRakhmadhanyPrimananda
- Wireless cellular technology.pdfUploaded byRakhmadhanyPrimananda
- Tcl FundamentalsUploaded byapi-3705261
- rr0710Uploaded byRakhmadhanyPrimananda
- Survey of Wireless Communications Applications in the R Ailway IndustryUploaded byRakhmadhanyPrimananda
- Buku Twitter MalangkeretaUploaded byRakhmadhanyPrimananda
- 100313 (TAC,IMO,PSO)Uploaded byRakhmadhanyPrimananda
- BrochureTelco2.0Uploaded byRakhmadhanyPrimananda
- ITGuru_NetworkPlannerUploaded byRakhmadhanyPrimananda
- 3-Network Simulation Tools SurveyUploaded byRakhmadhanyPrimananda
- Paper_2-Color_Radiomap_Interpolation_for_Efficient_Fingerprint_WiFi-based_Indoor_Location_Estimation.pdfUploaded byRakhmadhanyPrimananda

- +networksUploaded bySuresh Medtiya
- 133780041-Feb2010-9471-MME-R2-0-CPlUploaded bysud_mishra
- SAES-K-011Uploaded byEthicalhacker Cracker
- Erouting Sba Ospf InUploaded byAhmed Img
- From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future DirectionsUploaded byBokolo Tonny
- Technology Evaluation PlanUploaded byAaronT.Cleveland
- Solar PV Bankability Best Practice Checklists EPCUploaded byAnonymous DFbSHXr0
- Schneider MCCB NSXUploaded byLinh Hua
- ipj_6-2Uploaded byaqua01
- eaton mccUploaded bychoiruddin
- assignment 4Uploaded byapi-272700783
- SAN MCQsUploaded byPUNEETH KUMAR T P
- Aquisition Assessment PolicyUploaded byConstantin Toma
- Vsphere Esxi Vcenter Server 60 Installation Setup GuideUploaded bysorachut1989
- entendiendo y simulando el protocolo iec61850.pdfUploaded byGerman Mauricio Neira Vargas
- The Performance of VoIP Over IEEE 802.11Uploaded byRobby Nuron Gustav
- PosterDigital AMX Tutorial: How to connect your AMX playerUploaded byPosterDigital
- v5.1 CCNA 1 Final Exam Answers 2016Uploaded bySammuel Joseph Alcantara
- Unify Pabx SystemsUploaded byUcpartners.com.au
- WC NOTS Final Unit New -3Uploaded byvsuresha
- Arp PoisonUploaded byManya Sundar
- BSM9.01_RealUserMonitorAdminUploaded bygsoche
- Jacques Tchazou Resume PfizerUploaded bydommarajuuu1
- Riverbed TroubleshootigUploaded bylcguy229
- BISDNUploaded byArvind Singh Rajpurohit
- Bitrix Intranet Portal BrochureUploaded byFatimah Aliyah
- Understanding SQL Server Configuration Manager - CodeProjectUploaded byhinder00
- Broad BandUploaded byKrishna Kanth
- jrs-eduroam-peap_win-7Uploaded byhellorangi
- Broadband Technologies 4 AirtelUploaded byAnamika Sengupta