Data Security cryptography

7/29/2019 Data Security cryptography

1/36

Data

Security:Cryprography

Presented By

VARAPRASAD

M.Tech(Software Engineering)


2/36

A Model Of Cryptography

Terms and Definitions

Palintext:

An intelligible message that is tobe converted into an unintelligible form.

Ciphertext:

A message in encrypted form.


3/36

Encryption:

The process of converting aplaintext to a ciphertext.

Decryption:The process of converting a

ciphertext to a plaintext.


4/36

Symmetric:

If key is the same for both encryptionand decryption the system is referred to as

symmetric. Cryptosystem:

Is a system for encryption anddecryption of information.

Cryptology:Is the science for encryption and

decryption of information.

Cryptography:

Refers to the practice of usingcryptosystems to maintain confidentiality ofinformation.


5/36

Classification Of Cryptographic

Systems

Cryptographic Systems classified into

Conventional systems

and

Modern systems

Modern systems

again

classified intopublic key systems

and

Private Key systems


6/36

Classical Encryption Techniques

Substitution techniques

The letters of the message are replaced by

other letters or by numbers or symbols.

Transposition techniques

Performing some sort of permutation on the

messages letters


7/36

Caesar Cipher

The earliest known use of a substitution

cipher was by Julius Caesar.

message: meet me after the partycipher: phhw ph diwhu wkh sduwb

C= (m+3) mod 26

C= (m+k) mod 26


8/36

Monoalphabetic Cipher

Use any permutation of the 26 alphabetic

characters

a b c d e f g h i j k l m n o p q r s t u v w x y zq e r y u i o p a s d f g w h j k l z x c v b n m t

under attack we need helpcwyulqxxqrdbuwuuypufj


9/36

Frequency of Letters in English

3.5

4.25

12.75

3

2

3.5

7.75

0.250.5

3.75

2.75

7.757.5

2.75

0.5

8.5

6

3

0.5

2.25

0.25

9.25

1.25

1.51.5

7.75

0

2

4

6

8

10

12

14

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


10/36

Polyalphabetic Cipher

Using different monoalphabetic

substitution

message: wearediscoveredsaveyourself

key: deceptivedeceptivedeceptive

Ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ


11/36

Transposition

Performing sort of permutation on the

message letters

message: meet me after the toga party

m e m a t r h t g p r y

e t e f e t e o a a t

Ciphertext: MEMATRHTGPRYETEFETEOAAT

G E i M hi


12/36

German Enigma MachineIn the history of cryptography, the Enigma was a portable ciphermachine

used to encrypt and decrypt secret messages. More precisely,

Enigma was a family of related electro-mechanical rotor machines

comprising a variety of different models.
http://en.wikipedia.org/wiki/History_of_cryptographyhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Machinehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Rotor_machinehttp://en.wikipedia.org/wiki/Rotor_machinehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Machinehttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/History_of_cryptography


13/36

Practical Problems

Generating a fully random key ispractically very hard (sometimesimpossible).

To ensure the security of the system, keysize should not be less than messagesize.

Sending a not repeated key in same sizeof the message through a secure channelto the receiver is impossible.


14/36

Computational Security

An encryption scheme is secure if it takes

very long time to break the ciphertext

Lifetime is defined in each application,

for example:

Military orders = 1 hour to 3 years

Check transaction = 1 year

Business agreement = 10-15 years


15/36

Good News

With enough number of the substitution

and transposition modules we can make a

strong encryption scheme


16/36

Data Encryption Standard

(DES)

input (2w bits)

w bits

F

w bitsround key

nonlinear function


17/36

DES

k2

k1

k16

k15

k16

k1

Block size

64 bits

Key size

56 bits

Encryption Decryption

Permutation


18/36

Triple DES

DES

DES

DES

ka

kb

ka

message

cipher


19/36

Applications for Public-Key

Cryptosystems Three categories:

Encryption/decryption: The sender encrypts

a message with the recipients public key.

Digital signature:The sender signs amessage with its private key.

Key echange: Two sides cooperate two

exhange a session key.


20/36

Public-Key Cryptographic

Algorithms RSA and Diffie-Hellman

RSA - Ron Rives, Adi Shamir and Len Adlemanat MIT, in 1977.

RSA is a block cipher The most widely implemented

Diffie-Hellman Echange a secret key securely

Compute discrete logarithms

e gor m ey


21/36

e gor m eyGeneration

1. Selectp,q p and q both prime

2. Calculate n = p x q

3. Calculate4. Select integere

5. Calculate d

6. Public Key KU = {e,n}7. Private key KR = {d,n}

)1)(1()( qpn)(1;1)),(gcd( neen

)(mod1 ned


22/36

Example of RSA Algorithm


23/36

The RSA Algorithm - Encryption

Plaintext: M


24/36

The RSA Algorithm - Decryption

Ciphertext: C

Plaintext: M = Cd

(mod n)


25/36

Digital Signatures

digital signatures provide the ability to:

verify author, date & time of signature

authenticate message contents

be verified by third parties to resolve disputes


26/36

Digital Signature Properties

must depend on the message signed

must use information unique to sender

to prevent both forgery and denial

must be relatively easy to produce

must be relatively easy to recognize & verify

be computationally infeasible to forge

with new message for existing digital signature with fraudulent digital signature for given message

be practical save digital signature in storage


27/36

Authentication Applications

will consider authentication functions

developed to support application-level

authentication & digital signatures

will consider Kerberos a private-key

authentication service

then X.509 directory authentication service


28/36

Kerberos

trusted key server system from MIT

provides centralised private-key third-party

authentication in a distributed network

allows users access to services distributed

through network

without needing to trust all workstations

rather all trust a central authentication server

two versions in use: 4 & 5


29/36

Kerberos Requirements

first published report identified its

requirements as:

security

reliability

transparency

scalability

implemented using an authentication

protocol based on Needham-Schroeder


30/36

Kerberos 4 Overview

a basic third-party authentication scheme

have an Authentication Server (AS)

users initially negotiate with AS to identify self

AS provides a non-corruptible authentication

credential (ticket granting ticket TGT)

have a Ticket Granting server (TGS)

users subsequently request access to other

services from TGS on basis of users TGT


31/36

Kerberos 4 Overview


32/36

Kerberos Realms

a Kerberos environment consists of:

a Kerberos server

a number of clients, all registered with server

application servers, sharing keys with server

this is termed a realm

typically a single administrative domain

if have multiple realms, their Kerberos

servers must share keys and trust


33/36

Kerberos Version 5

developed in mid 1990s

provides improvements over v4

addresses environmental shortcomings

encryption alg, network protocol, byte order, ticket

lifetime, authentication forwarding, interrealm auth

and technical deficiencies

double encryption, non-std mode of use, sessionkeys, password attacks

specified as Internet standard RFC 1510


34/36

References

Cryptography and NetworkSecurity:Principles and Practice ,

William Stallings (Prentice Hall)

Advanced Concepts in OperatingSystems,Mukesh Singhal,Niranjan

ECC Online tutorial, Certicome

website,http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html

Cryptography: theory andpractice ,

Douglas Robert Stinson (CRC press

series)
http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.htmlhttp://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html


35/36

Any Questions?


36/36

Thank you

Documents

Data Security cryptography