Professional Documents
Culture Documents
DATA SECURITY
Security in the .Net Technology
Security in the Dot Net
2
Technology
When we are talking about .Net framework, and security specifically, then
we have to talk about:
Security in assemblies
Run time security
Role-Based Security.
Code-Access Security.
Isolated Storage.
Evidence and code identity
Permission
Security policy
Cryptography
Hashing Algorithms
Symmetric Encryption
A symmetric Encryption
Digital Signature
ASP.NET application security
COM+ security
Event log servicess.
What we are concern to:
3
Cryptography
Hashing Algorithms ‘we might take it if we have
a time’
Symmetric Encryption
A symmetric Encryption
Digital Signature
Block Cipher Modes of
4
Operation
A block cipher algorithm is a basic
building block for providing data security
Five "modes of operation" have been
defined in table 1
These modes are intended for use with
any symmetric block cipher, including
triple DES and AES
Table 1. Block Cipher Modes of Operation
Mode Description Typical Application
Electronic Each block of 64 plaintext bits is encoded • Secure transmission of single
Codebook independently using the same key. values (e.g., an encryption key)
(ECB)
Cipher Block The input to the encryption algorithm is the • General-purpose block-oriented
Chaining (CBC) XOR of the next 64 bits of plaintext and the transmission
preceding 64 bits of ciphertext. • Authentication
Cipher Input is processed j bits at a time. Preceding • General-purpose stream-oriented
Feedback (CFB) ciphertext is used as input to the encryption transmission
algorithm to produce pseudorandom output, • Authentication
which is XORed with plaintext to produce
next unit of ciphertext.
Output Similar to CFB, except that the input to the • Stream-oriented transmission over
Feedback encryption algorithm is the preceding DES noisy channel (e.g., satellite
(OFB) output. communication)
LegalKeySizes
Mode Gets and sets the cipher mode used to prepare data.
Padding Gets or sets the padding mode that will fill out partial blocks of data.
Methods
Create Creates a new instance of the SymmetricAlgorithm class by name. See the
following section for further details.
CreateEncryptor Create instances of the classes used to encrypt and decrypt data.
CreateDecryptor
GenerateIV Generate random secret keys and initialization vectors.
GenerateKey
ValidKeySize Determines if a key of a given length is valid for the algorithm.
14 Table 3
Instantiating the
15
Algorithm
You can instantiate the implementation classes
for symmetric algorithm using Create method of
the SymmetricAlgorithm class
# C#
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("RC2");
3DES TripleDESCryptoServiceProvider
TripleDES TripleDESCryptoServiceProvider
System.Security.Cryptography.TripleDES TripleDESCryptoServiceProvider
RC2 RC2CryptoServiceProvider
System.Security.Cryptography.RC2 RC2CryptoServiceProvider
Rijndael RijndaelManaged
System.Security.Cryptography.Rijndael RijndaelManaged
Configuring the
17
Algorithm
1. Block
# C#
and key sizes
SymmetricAlgorithm x_alg = SymmetricAlgorithm.Create("Rijndael");
Member Description
ECB These members represent the modes
described in Section 14.2.2 of this chapter.
CBC
CFB
CTS This member represents the "Cipher Text
Stealing" mode, which is a variation of the
CBC mode that computes the last block of
ciphertext in such a way as to ensure that the
plaintext and the ciphertext are the same size.
25
26