Upload
techknowxpress
View
2
Download
0
Embed Size (px)
DESCRIPTION
Cryptography and various types of security threats
Citation preview
CryptographyTechKnowXpress
CRYPTOGRAPHY
CryptographyTechKnowXpress
Cryptography (from Greek kryptós, "hidden", + gráphein, "to write").
Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).
It is about constructing and analyzing protocols that overcome the influence of adversaries.
2
INTRODUCTION
CryptographyTechKnowXpress
HISTORY OF CRYPTOGRAPHY
There are three eras in the history of Cryptography: The Manual era The Mechanical era The Modern era
Manual era refers to Pen and Paper Cryptography and dates back to 2000 B.C.eg : Scytale, Atbash , Caesar, Vigenere.
Mechanical era refers to the invention of cipher machines. E.g.: Japanese Red and Purple Machines , German Enigma.
The modern era of cryptography refers to computers.
There are infinite permutations of cryptography available using computers. E.g.: Lucifer, Rijndael , RSA , ElGamal.
3
CryptographyTechKnowXpress
Cipher: the algorithm that does the encryption.
Ciphertext: the encrypted (scrambled) version of the message. Message altered to be unreadable by anyone except the intended recipients.
Cryptanalysis: the science of breaking cryptographic algorithms.
Cryptanalyst: a person who breaks cryptographic codes; also referred to as “the attacker”.
BASIC TERMS
CryptographyTechKnowXpress
Cryptosystem – The combination of algorithm, key, and key management functions used to perform cryptographic operations.
Decryption: the process of converting ciphertext back to the original plaintext.
Encryption: scrambling a message or data using a specialized cryptographic algorithm.
Initialization Vector – Random values used with ciphers to ensure no patterns are created during encryption.
5
BASIC TERMS(cont.)
CryptographyTechKnowXpress
Key – Sequence that controls the operation and behavior of the cryptographic algorithm.
Keyspace – Total number of possible values of keys in a crypto algorithm.
Plaintext – A message in its natural format readable by an attacker.
6
BASIC TERMS(cont.)
CryptographyTechKnowXpress
Authenticationensures that whoever supplies or
accesses sensitive data is an authorized party.
Confidentiality assures that only authorized parties are
able to understand the data.
GOALS
CryptographyTechKnowXpress
Integrityensures that when a message is sent over
a network, the message that arrives is the same as the message that was originally sent.
Nonrepudiationensuring that the intended recipient
actually received the message & ensuring that the sender actually sent the message.
GOALS(cont.)
CryptographyTechKnowXpress
COMMON TYPES OF ATTACKS
Brute forceTrying all key values in the keyspace.
Chosen CiphertextDecrypt known ciphertext to discover key.
Dictionary AttackFind plaintext based on common words.
Frequency AnalysisGuess values based on frequency of occurrence.
9
CryptographyTechKnowXpress
COMMON TYPES OF ATTACKS(cont.)
Factoring AttacksFind keys through prime factorization.
Replay AttackRepeating previous known values.
Side channel attacks use seemingly incidental information
that can reveal important information about the key being used.
CryptographyTechKnowXpress
COMMON TYPES OF ATTACKS(cont.)
Chosen plaintext attacks The cryptanalyst introduces the plaintext into the
system and then watches for how that plaintext will be encrypted.
The Allies used this approach in WWII by sending out false messages about allied troop movements.
Often the attacker will try to feed a planned sequence of messages that would reveal the most about the way in which the data is being encrypted.
CryptographyTechKnowXpress
Known plaintext attack The attacker has both the ciphertext and
the plaintext.
The attacker knows the algorithm that was used for the encryption.
This is difficult because there are so many keys, but the plaintext information may make experimentation easier than in the previous case.
COMMON TYPES OF ATTACKS(cont.)
CryptographyTechKnowXpress
Differential Power Analysis This is an attack on smart cards.
A DPA attack analyzes the power output from a processor performing an encryption algorithm in order to get information about the key being used by that algorithm.
COMMON TYPES OF ATTACKS(cont.)
CryptographyTechKnowXpress
SIZE OF ENCRYPTION KEY
There are several size of encryption keys:64 bit encryption 128 bit encryption256 bit encryption512 bit encryption1024 bit encryption
Number indicates the size of the key used to encrypt the message.
CryptographyTechKnowXpress
Symmetrico Even if an attacker captures the data, the attacker will not be
able to manipulate it in any meaningful way.o Symmetric algorithms use a single key shared by two
communicating parties.o The same key is used for both encryption and decryption.
Asymmetrico Mathematically related key pairs for encryption and
decryption.o Public and private keys.
Hybrido Combines strengths of both methods.o Asymmetric distributes symmetric key.
15
CRYPTOGRAPHY METHODS
CryptographyTechKnowXpress
Asymmetric Cryptography
Symmetric Cryptography
CryptographyTechKnowXpress
Types of Symmetric Cryptography:Stream-based Ciphers
Mixes plaintext with key stream.Good for real-time services.
Block CiphersSubstitution and transposition.E.g.: DES, AES.
CRYPTOGRAPHY METHODS(cont.)
CryptographyTechKnowXpress
TYPES OF CRYPTOGRAPHY
Public Key Cryptography
In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret and is used for decryption.
Public-key cryptography can be used for implementing digital signature schemes.
CryptographyTechKnowXpress
PUBLIC KEY CRYPTOGRAPHY
CryptographyTechKnowXpress
QUANTUM CRYPTOGRAPHY
Quantum cryptography describes the use of quantum mechanical effects (in particular quantum communication and quantum computation) to perform cryptographic tasks or to break cryptographic systems.
CryptographyTechKnowXpress
QUANTUM CRYPTOGRAPHY
The advantage of quantum cryptography is that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical communication.
For example, quantum mechanics guarantees that measuring quantum data disturbs that data. This can be used to detect eavesdropping in quantum key distribution.
CryptographyTechKnowXpress
DIGITAL SIGNATURE
Digital signatures can be permanently tied to the content of the message being signed. They cannot then be 'moved' from one document to another, for any attempt will be detectable.
RSA and DSA are two of the most popular digital signature schemes.
CryptographyTechKnowXpress
DIGITAL SIGNATURE(cont.)
In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message and one for verification, in which the matching public key is used with the message to check the validity of the signature.
CryptographyTechKnowXpress
WATERMARKS
Traditionally, a watermark has been used to verify the authenticity of a document.
CryptographyTechKnowXpress
WATERMARKS(cont.)
Driver’s Licenses, diplomas, official letterhead were the primary applications of watermarks . More recently, used to track or prevent redistribution of TV logos.
CryptographyTechKnowXpress
WATERMARKS(cont.)
Purpose of using:Ensure authenticity of digital goods.Prevent unauthorized use/ensures
copyright.Prevent copying.
Adding the watermark to the image itself prevents removal by changing the format. E.g. GIF->JPEG.
CryptographyTechKnowXpress
DIGITAL RIGHTS MANAGEMENT(DRM)
DRM is the practice of imposing technological restrictions that control what users can do with digital media.
DRM is a class of controversial technologies that are used by hardware manufacturers, publishers, copyright holders, and individuals with the intent to control the use of digital content and devices after sale.