This action might not be possible to undo. Are you sure you want to continue?
Introduction to Cryptography Cryptography is "the art of writing in secret characters". Encrypting is the act of translating a 'normal message' to a message written with 'secret characters' (also known as the encrypted message). Decrypting is the act of translating a message written with 'secret characters' into a readable message (the unencrypted message). It is, by far, one of the most important areas in computer security, since modern encryption algorithms can ensure all three pillars of a secure conversation: privacy, integrity, and authentication
Key-based algorithms In the previous page we saw a rather simple encryption algorithm which simply substituted each letter in a message by the next one in the alphabet. The decryption algorithm was, of course, substituting each letter in the encrypted message with the previous letter in the alphabet. These kind of algorithms, based on the substitution of letters, are easily broken. Most modern algorithms, however, are key-based. A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a 'key':
The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key':
Some algorithms use the same key to encrypt and decrypt, and some do not. However, we'll look into this in more detail in the next page. Let's take a look at a simple example. To make things simpler, let's suppose we're not transmitting alphanumerical characters, only numerical characters. For example, we might be interested in transmitting the following message: 1 2 3 4 5 6 5 4 3 2 1 We will now choose a key which will be used to encrypt the message. Let's suppose the key is "4232". To encrypt the message, we'll repeat the key as many times as necessary to 'cover' the whole message: 1 2 3 4 5 6 5 4 3 2 1 4 2 3 2 4 2 3 2 4 2 3
Now, we arrive at the encrypted message by adding both numbers: 1 2 3 4 5 6 5 4 3 2 1 + 4 2 3 2 4 2 3 2 4 2 3 --------------------5 4 6 6 9 8 8 6 7 4 4 The resulting message (54669886744) is the encrypted message. We can decrypt following the inverse process: Repeating the key as many time as necessary to cover the message, and then subtract the key character by character: 5 4 6 6 9 8 8 6 7 4 4 - 4 2 3 2 4 2 3 2 4 2 3 --------------------1 2 3 4 5 6 5 4 3 2 1 Voilà! We're back at the unencrypted message! Notice how it is absolutely necessary to have the decryption key (in this case, the same as the encryption key) to be able to decrypt the message. This means that a malicious user would need both the message and the key to eavesdrop on our conversation. Please note that this is a very trivial example. Current keybased algorithms are much more sophisticated (for starters, keys are much longer, and the encryption process is not as simple as 'adding the message and the key').
Symmetric and asymmetric key-based algorithms The example algorithm we've just seen falls into the category of symmetric algorithms. These type of algorithm uses the same key for encryption and decryption: Key-based symmetric algorithm
Although this type of algorithms are generally very fast and simple to implement, they also have several drawbacks. The main drawback is that they only guarantee privacy (integrity and authentication would have the be done some other way). Another drawback is that both the sender and the receiver need to agree on the key they will use throughout the secure conversation (this is not a trivial problem)..
Key-based asymmetric algorithm
Secure systems nowadays tend to use asymmetric algorithms, where a different key is used to encrypt and decrypt the message. Public-key algorithms, which are introduced in the next section, are the most commonly used type of asymmetric algorithms
Single-key Cryptography Single-key cryptography is limited in practice by what is known as the key distribution problem. Since all participants must possess the same secret key, if they are physically separated—as is usually the case—there is the problem of how they get the key in the first place. Diplomatic and military organizations traditionally use couriers to distribute keys for the highest-level communications systems, which are then used to superencrypt and distribute keys for lower-level systems. This is impractical, though, for most business and private needs. In addition, key holders are compelled to trust each other unconditionally to protect the keys in their possession and not to misuse them. Again, while this may be a tolerable condition in diplomatic and military organizations, it is almost never acceptable in the commercial realm. Another key distribution problem is the sheer number of keys required for flexible, secure communications among even a modest number of users. While only a single key is needed for secure communication between two parties, every potential pair of participants in a larger group needs a unique key. To illustrate this point, consider an organization with only 1,000 users: each individual would need a different private key for each of the other 999 users. Such a system would require 499,500 different keys in all, with each user having to protect 999 keys.
The number of different keys increases in proportion to the square of the number of users. Secure distribution for so many keys is simply insolvable, as are the demands on the users for the secure storage of their keys. In other words, symmetric key cryptography is impractical in a network in which all participants are equals in all respects. One “solution” is to create a trusted authority—unconditionally trusted by all users—with whom each user can communicate securely to generate and distribute temporary session keys as needed. Each user then has only to protect one key, while the burden for the protection of all of the keys in the network is shifted to the central authority.
Public-key cryptography In 1976, in one of the most inspired insights in the history of cryptology, Sun Microsystems, Inc., computer engineer Whitfield Diffie and Stanford University electrical engineer Martin Hellman realized that the key distribution problem could be almost completely solved if a cryptosystemIn this system, ciphers created with a secret key can be decrypted by anyone using the corresponding public key—thereby providing a means to identify the originator at the expense of completely giving up secrecy. Ciphers generated using the public key can only be decrypted by users holding the secret key, not by others holding the public key—however, the secret-key holder receives no information concerning the sender. In other words, the system provides secrecy at the expense of completely giving up any capability of authentication. What Diffie and Hellman had done was to separate the secrecy channel from the authentication channel—a striking example of the sum of the parts being greater than the whole. Single-key cryptography is called symmetric for obvious reasons. A cryptosystem satisfying conditions 1–4 above is called asymmetric for equally obvious reasons. There are symmetric cryptosystems in which the encryption and decryption keys are not the same —for example, matrix transforms of the text in which one key is a nonsingular (invertible) matrix and the other its inverse. Even though this is a two-key cryptosystem, since it is easy to calculate the inverse to a non-singular matrix
Digital signature A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, and in the European Union, electronic signatures have legal significance.
A digital signature scheme typically consists of three algorithms:
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm which, given a message and a private key, produces a signature. A signature verifying algorithm which given a message, public key and a signature, either accepts or rejects.
Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.
Benefits of digital signatures Below are some common reasons for applying a digital signature to communications: Authentication Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. For example, suppose a bank's branch office sends instructions to the central office requesting a change in the balance of an account. If the central office is not convinced that such a message is truly sent from an authorized source, acting on such a request could be a grave mistake. Integrity In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. However, if a message is digitally signed, any change in the message will invalidate the signature.
Drawbacks of digital signatures Despite their usefulness, digital signatures alone do not solve the following problems: Association of digital signatures and trusted time stamping Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might have included a time stamp with the signature, or the document itself might have a date mentioned on it. Regardless of the document's contents, a reader cannot be certain the signer did not, for example, backdate the date or time of the signature. Such misuse can be made impracticable by using trusted time stamping in addition to digital signatures.
Non-repudiation In a cryptographic context, the word repudiation refers to any act of disclaiming responsibility for a message. A message's recipient may insist the sender attach a signature in order to make later repudiation more difficult, since the recipient can show the signed message to a third party (e.g., a court) to reinforce a claim as to its signatories and integrity. However, loss of control over a user's private key will mean that all digital signatures using that key, and so ostensibly 'from' that user, are suspect.
Nonetheless, a user cannot repudiate a signed message without repudiating their signature key. This is aggravated by the fact there is no trusted time stamp, so new documents (after the key compromise) cannot be separated from old ones, further complicating signature key invalidation. A non-repudiation service requires the existence of a public key infrastructure (PKI) which is complex to establish and operate. The Certificate authorities in a PKI usually maintain a public repository of public keys so the associated private key is certified and signatures cannot be repudiated. Expired certificates are normally removed from the repository. It is a matter for the security policy and the responsibility of the authority to keep old certificates for a period of time if non-repudiation of data service is provided. WYSIWYS Technically speaking, a digital signature applies to a string of bits, whereas humans and applications "believe" that they sign the semantic interpretation of those bits. In order to be semantically interpreted the bit string must be transformed into a form that is meaningful for humans and applications, and this is done through a combination of hardware and software based processes on a computer system. The problem is that the semantic interpretation of bits can change as a function of the processes used to transform the bits into semantic content.
It is relatively easy to change the interpretation of a digital document by implementing changes on the computer system where the document is being processed. From a semantic perspective this creates uncertainty about what exactly has been signed. WYSIWYS (What You See Is What You Sign)  means that the semantic interpretation of a signed message can not be changed. In particular this also means that a message can not contain hidden info that the signer is unaware of, and that can be revealed after the signature has been applied. WYSIWYS is a desirable property of digital signatures that is difficult to guarantee because of the increasing complexity of modern computer systems. Additional security precautions Putting the private key on a smart card All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by a local password, but this has two disadvantages:
the user can only sign documents on that particular computer the security of the private key depends entirely on the security of the computer
A more secure alternative is to store the private key on a smart card. Many smart cards are designed to be tamperresistant (although some designs have been broken, notably by Ross Anderson and his students). In a typical digital signature implementation, the hash calculated from the document is sent to the smart card, whose CPU encrypts the hash using the stored private key of the user, and then returns the encrypted hash. Typically, a user must activate his smart card by entering a personal identification number or PIN code (thus providing two-factor authentication). It can be arranged that the private key never leaves the smart card, although this is not always implemented. If the smart card is stolen, the thief will still need the PIN code to generate a digital signature. This reduces the security of the scheme to that of the PIN system, although it still requires an attacker to possess the card. A mitigating factor is that private keys, if generated and stored on smart cards, are usually regarded as difficult to copy, and are assumed to exist in exactly one copy. Thus, the loss of the smart card may be detected by the owner and the corresponding certificate can be immediately revoked. Private keys that are protected by software only may be easier to copy, and such compromises are far more difficult to detect.
Using smart card readers with a separate keyboard Entering a PIN code to activate the smart card commonly requires a numeric keypad. Some card readers have their own numeric keypad. This is safer than using a card reader integrated into a PC, and then entering the PIN using that computer's keyboard. Readers with a numeric keypad are meant to circumvent the eavesdropping threat where the computer might be running a keystroke logger, potentially compromising the PIN code. Specialized card readers are also less vulnerable to tampering with their software or hardware and are often EAL3 certified. Other smart card designs Smart card design is an active field, and there are smart card schemes which are intended to avoid these particular problems, though so far with little security proofs. Using digital signatures only with trusted applications One of the main differences between a digital signature and a written signature is that the user does not "see" what he signs. The user application presents a hash code to be encrypted by the digital signing algorithm using the private key. An attacker who gains control of the user's PC can possibly replace the user application with a foreign substitute, in effect replacing the user's own communications with those of the attacker. This could allow a malicious application to trick a user into signing any document by displaying the user's original on-screen.
To protect against this scenario, an authentication system can be set up between the user's application (word processor, email client, etc.) and the signing application. The general idea is to provide some means for both the user app and signing app to verify each other's integrity. For example, the signing application may require all requests to come from digitally-signed binaries. Hashing Digitally signing a message is a more complex operation and requires a cryptosecure “hashing” function. This is a publicly known function that maps any message into a smaller message—called a digest—in which each bit of the digest is dependent on every bit of the message in such a way that changing even one bit in the message is apt to change, in a cryptosecure way, half of the bits in the digest. By cryptosecure is meant that it is computationally infeasible for anyone to find a message that will produce a preassigned digest and equally hard to find another message with the same digest as a known one. To sign a message—which may not even need to be kept secret—A encrypts the digest with the secret e, which he appends to the message. Anyone can then decrypt the message using the public key d to recover the digest, which he can also compute independently from the message. If the two agree, he must conclude that A originated the cipher, since only A knew e and hence could have encrypted the message.
Thus far, all proposed two-key cryptosystems exact a very high price for the separation of the privacy or secrecy channel from the authentication or signature channel. The greatly increased amount of computation involved in the asymmetric encryption/decryption process significantly cuts the channel capacity (bits per second of message information communicated). For roughly 20 years, for comparably secure systems, it has been possible to achieve a throughput 1,000 to 10,000 times higher for single-key than for two-key algorithms. As a result, the main application of two-key cryptography is in hybrid systems. In such a system a two-key algorithm is used for authentication and digital signatures or to exchange a randomly generated session key to be used with a singlekey algorithm at high speed for the main communication. At the end of the session this key is discarded.
What is a message digest? Message digest, also known as the hash of a message, is a small piece of data that results from performing a particular mathematical calculation (hashing function) on the message during encryption. Two properties of message digests to note: (i) a small alteration in the original message would cause a big change in the message digest; (ii) derivation of the original message is not possible from the message digest. It acts as a "fingerprint" of the message and is used to ensure data integrity. In cryptography, RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-todate
FIREWALL Controlling access to information systems became profoundly more difficult with the spread of wide area networks (WANs) and the Internet. Users, as well as interlopers, may access systems from any unattended computer within an organization or from virtually anywhere over the Internet. One security measure is to require some form of physical authentication, such as an object (a key or a smart card) or a personal characteristic (fingerprint, retinal pattern, hand geometry, or signature). Another common security measure is to assign a unique password to each legitimate user. Many systems combine these types of measures—such as automatic teller machines, which rely on a combination of a personal identification number (PIN) and a magnetic-strip identification card. Security measures placed between an organization's internal network and the Internet are known as firewalls.
Types of Firewall Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-
defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
Hardware Firewall Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a
minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available. A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. Software Firewall The most popular firewall choice is a software firewall.A software firewall will protect your computer from outside attempts to control or gain access your computer.The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it.A good software firewall will run in the background on your system and use only a small amount of system resources.
Single Firewall Single Network Firewall is a comprehensive proxy
firewall suite that ensures the security of vital information entering and leaving a network. "Snort" and "Prelude" Intrusion Detection Systems alert you to network attacks and take action against hostile intruders. Bastille is a powerful "hardening" system that provides extra protection against IP Spoofing attacks.Filtering rules can be created at the user level or by department to control information entering and leaving a network or network subgroup.
Distributed Firewalls A distributed firewall is a mechanism that enforces a centralized rule policy but pushes the enforcement of it toward the edges [Ioannidis et al., 2000]. In current implementations of the distributed firewall, access is controlled by machine identification. It is up to the host machine to fetch the security policy from a repository when an alarm is triggered. There is no way to automatically propagate the policy through the system or even to guarantee that a host has to update its policy on a regular basis. Machines are identified a via cryptographic certificate and are allowed to join the network based on this identification [Bellovin, 1999]. Local hosts download the security policy. When a connection is established, the policy daemon will screen the incoming traffic. If it is approved, the policy daemon will inform the kernel to proceed with the connection. If the daemon will try to establish validity through outside sources before, if needed, ultimately denying the connection.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.