Upload
tigerhats
View
558
Download
0
Embed Size (px)
DESCRIPTION
This is an overview on "Use of Cryptography in Data Security over Computer Networks". In this document we gave an overview of Cryptography such as Symmetric and Asymmetric cryptography and several cryptographic algorithm such as RSA, DES, Digital Signature, MD5, Kerberos, their uses and mechanism.
Citation preview
Use of Cryptography in Data Security over Computer
Networks
Presented by:
Monzur MorshedRezaur Rahman
TigerHATSwww.tigerhats.org
The International Research group dedicated to Theories, Simulation and Modeling, New Approaches, Applications, Experiences, Development, Evaluations, Education, Human, Cultural and Industrial Technology
Homepage: www.tigerhats.orgTwitter: www.twitter.com/tigerhats
TigerHATS - Information is power
Use of Cryptography in Data Security over Computer
Networks
Presented by
Monzur Morshed Rezaur Rahman (TigerHATS)
DefinitionsComputer Security: measures to protect data within acomputer and during its processing.
Network Security: measures to protect data (information)
within the network and during their transmission.
Internet Security: measures to protect data their
transmission over a collection of interconnected networks.
Vulnerability: It is a weakness that can be used to cause loss or harm to an information system. Vulnerable points of a system are used to attack the system to breach its security.
Threat: It can be seen as potential violation of security of a system. Of course violation of security will be done to cause harm or loss. Threats exist because of vulnerabilities in a system.
Preliminaries [Cont..]
• Interception
• Interruption
• Modification
• Fabrication
Types of Threats
Logical Control: It uses software and data tomonitor and control access to data (information) of asystem. As for example, password authenticationschemes, access control schemes, firewalls tonetwork, network intrusion detection systems, andencryption methods are types of logical controls.
Physical Control: It monitors and controls thesurrounding place i.e. the environment of thesystems. For example: doors and locks, cameras,barricades, fencing, security guards etc.
Preliminaries [Cont..]
• Encryption
• Authentication
• Authorization
• Auditing
Security Mechanisms
Focus of Control
Three approaches for protection against security threats
a) Protection against invalid operations
b) Protection against unauthorized invocations
c) Protection against unauthorized users
Basic Terminology of Cryptography
Plaintext: the original message or text that is used in an encryption process is called plaintext.
Cipher text: the coded message or the encrypted form of themessage that is found after encryption process has been completed.
Cipher: algorithm or process for transforming plaintext tocipher text.
Key: data (number) used in cipher known only to sender/ receiver.
Encipher (encrypt): Converting plaintext to cipher text.
Decipher (decrypt): Recovering cipher text from plaintext.
Cryptography: Study of encryption principles/methods.
Cryptanalysis (code breaking) : The study of principles/methods of deciphering cipher text without knowing key.
Cryptology : The field of both cryptography & cryptanalysis.
Terminology [Cont..]
Cryptosystem: The system that contains both encryptionand decryption processes. It includes key generation process, encryption and decryption algorithms.
Key Management: The process of generation, transmission and storage of key or keys.
Key generation process: The process or algorithm that generates the key for a cryptosystem is called key generation process. It may include one or more algorithms.
Terminology [Cont..]
Cryptography
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
K A+
K A−
There two categories of cryptography or cryptosystem.One is symmetric cryptosystem and another isAsymmetric cryptosystem. Cryptography andcryptosystem are synonymous words. In future we shalluse word cryptosystem in case of cryptography.
Symmetric cryptosystem: Same key is used bothin encryption and decryption.
Asymmetric crypto system: One key is used forencryption and another separate key is used fordecryption.
Concept of Cryptography
Symmetric cryptosystem: Here only one key is used in both encryption and decryption processes.
C = EA(K, P) Where C-cipher text, EA- encryption algorithm,
K- key, P- plain text.
Basic Concepts of cryptography
Encryption Algorithm
K
PlaintextCipher text
Encryption Process
P = DA(K, C)Where DA- decryption algorithm.
In symmetric cryptosystem key must be kept secret.
Symmetric cryptosystem
Decryption Algorithm
K
Cipher textPlaintext
Decryption Process
Here two keys are used. One is for encryptionand another different one is for decryption.The key used for encryption is called publickey and published for general use. The keyused for decryption is called private or secretkey. The owner will possess this (private) keyand must be kept secret. In this system everyone who possesses public key can encrypt themessage, but only owner of the private key candecrypt the cipher text.
Asymmetric Cryptosystem
C = EA(Kpub, P)Where Kpub is the public key.
Asymmetric cryptosystem
Encryption Algorithm
Kpub
Plaintext
Cipher text
Encryption Process
P = DA(Kp, C)Where DA- decryption algorithm.
In asymmetric cryptosystem private key must be kept secret.
Asymmetric cryptosystem
Decryption Algorithm
Kp
Cipher textPlaintext
Decryption Process
Cryptography
Intruders and eavesdroppers in communication.
Define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
Caesar Cipher
Write message letters out diagonally over a number of rows
Then read off cipher row by row E.g.,”meet me after the party” write
message out as:m e m a t r h p r y
e t e f e t e a t
Giving ciphertextMEMATRHPRYETEFETEAT
Transposition cipher
RSA CryptosystemThis cryptosystem is invented by Rivest, Shamir and Adleman (RSA) in 1979.
It is a public key cryptosystem, which involves exponentiation modulo a number, n that is a product of two large prime numbers.
The 1024 bits key size is a typical key size for RSA cryptosystem.
1. Select at random two large prime numbers p and q. ( The primes p and q might be, say, 100 decimal digits each. )
2. Compute n by the equation n = pq.
3. Select a small odd integer e that is relatively prime to ϕ (n), where ϕ (n) = (p - 1) (q - 1).
4. Compute d as the multiplicative inverse of e, modulo ϕ (n), i.e., e*d mod ϕ (n) = 1 d = minv (e, ϕ (n))
5. Publish the pair p = (e, n) as RSA public key.
6. Keep secret the pair s = (d, n) as RSA secret key.
RSA Key Generation Process
The Data Encryption Standard (DES) was published in 1977. It is the primary standard and defines the Data Encryption Algorithm (DEA).
Original message is divided into block of 64 bits.
Each 64 bits block is encrypted using private or secret key.
Modern Symmetric Ciphers (DES)
Published in 1977, standardized in 1979. Key: Take 64 bit and drop the bits from
the positions 8, 16, 24, 32, 40, 48, 56, 64. So key= 64 – 8 = 56-bit.
64 bit input, 64 bit output.
DES (Data Encryption Standard)
DESEncryption
64 bit M 64 bit C
56 bits
DES Top View
27
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keysInitial Permutation48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K164-bit Input56-bit Key
…...
Symmetric Cryptosystems: DES (2)
Details of per-round key generation in DES.
1. Each block of message will be 64 bits. Do initial permutation on 64 bits data and divide it in to two halves.
2. Left half 32 bits and Right half 32 bits.3. Expand right half up to 48 bits by expansion.4. Take 64 bits key (reduced to 56 bits by dropping bits at
positions 8, 16, 24, …, 64) and select 48 bits by permuted choice.
5. Do XOR of 48 bits right half and 48 bits key.6. Select 32 bits from step 5 by S-box substitution choice.
Steps of DES
7. Do P-box permutation (on 32-bits of step 6).8. Do XOR of 32 bits left half and 32 bits right half (from
step-7)9. Result from step 8 will be new right half.10. Old right half from step 2 will be the new left half.The above 10 steps make a cycle of DES.Step 1 to 10 is for one cycle. There will be 16 such cycles. After completion of 16 cycles, we have to do final permutation on data bits to get decrypted data.
Steps of DES [cont..]
MD5: Message Digest Version 5
input Message
Output 128 bits Digest
• Until recently the most widely used hash algorithm
Hash Functions : MD5
The structure of MD5
# Like a handwritten signature.# Cryptographic technique.# Public key cryptosystem is used in digital
signature method.# unforgivable: means only the originator
should be able to produce/ compute the signature value.
# Verifiable: means others should be able to check that the signature has come from the originator.
Digital signature
Message is encrypted using private key (Kp) of the creator or originator.
Simple digital signature
Messagem
Encryption algorithm
Digital signature
S
Kp
Signature creation process
Signature is decrypted using public key (Kpub) of the originator.
Signature verification
SignatureS
Decryption algorithm
Messagem
Kpub
Verification process
Digital signature at a glance
Encryption
Algorithm
Decryption
algorithm
m Kp, A Kpub, A
S S m
For A: For B:
Sending end: Receiving end:Signature creation Signature verification
Suppose that A sends message and B receives it.
1) A produces signature S:S = E(Kp, A, m).
2) Now A enciphers (encrypts) S using B’s public key:C = E(Kpub, B, S).
3) B receives C and deciphers it:S = D(Kp, B, C).
4) B verifies that A signed m:m = D(Kpub, A, S).
Encrypted signature
Encrypted signature at a glance
Encryption algorithm
Encryption algorithm
Decryption algorithm
Decryption algorithm
Sending endReceiving end
C
m Kp, A
S
For A:
Kpub,B
C
Kp, B
SKpub,A
For B:
m
In a secure networking system when a user on a client wants to get service from a server he or she must be authenticated.
A network with Kerberos authentication service grants access to the server if the user is authenticated by Kerberos.
That is, before getting service from a service server, the user must go through Kerberos.
39
Kerberos
It’s first report identified requirements as:• secure• reliable• transparent• Scalable
Implemented using an authentication protocol based on Needham-Schroeder
Kerberos Requirements
A basic third-party authentication scheme It has an Authentication Server (AS)
• users initially negotiate with AS to identify self • AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
It has a Ticket Granting server (TGS)• users subsequently request access to other
services from TGS on basis of users TGT
Kerberos v4 Overview
42
Kerberos
AS
TGS
KerberosAS –Authentication Server
TGS – Ticket Granting Server
43
Dialogue of Client and AS
Client (CL)
AS
Request (m1)
E-TGT
E-TGT: encrypted ticket granting ticket
44
Dialogue of Client and TGS
Client (CL)
TGS
Request (m2)
E-SGT
E-SGT: encrypted service granting ticket
m3 = idcl + SGTssSGTss = E (Kss, [adcl + idcl + TS2 + LT2])
45
Dialogue of Client and SS
Client (CL)
SS
Request (m3)
Accept or reject
Kerberos 4 Overview
Firewalls
A common implementation of a firewall.
Firewall is a program or hardware device that protects the resources of a private network from users of other networks.
Firewall blocks open ports through which an intruder can gain access to your system and the valuable data you have stored in it.
Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network.
As all information passes through firewall, user can know what is happening in the network.
Firewall allows to create rules or set privileges for the type of traffic that can pass through the firewall in both directions.
Firewall blocks malicious viruses from entering your system.
What does a firewall do?
Thank you
TigerHATSwww.tigerhats.org