Upload
vijay-kumar
View
232
Download
0
Embed Size (px)
Citation preview
7/29/2019 Data Security cryptography
1/36
Data
Security:Cryprography
Presented By
VARAPRASAD
M.Tech(Software Engineering)
7/29/2019 Data Security cryptography
2/36
A Model Of Cryptography
Terms and Definitions
Palintext:
An intelligible message that is tobe converted into an unintelligible form.
Ciphertext:
A message in encrypted form.
7/29/2019 Data Security cryptography
3/36
Encryption:
The process of converting aplaintext to a ciphertext.
Decryption:The process of converting a
ciphertext to a plaintext.
7/29/2019 Data Security cryptography
4/36
Symmetric:
If key is the same for both encryptionand decryption the system is referred to as
symmetric. Cryptosystem:
Is a system for encryption anddecryption of information.
Cryptology:Is the science for encryption and
decryption of information.
Cryptography:
Refers to the practice of usingcryptosystems to maintain confidentiality ofinformation.
7/29/2019 Data Security cryptography
5/36
Classification Of Cryptographic
Systems
Cryptographic Systems classified into
Conventional systems
and
Modern systems
Modern systems
again
classified intopublic key systems
and
Private Key systems
7/29/2019 Data Security cryptography
6/36
Classical Encryption Techniques
Substitution techniques
The letters of the message are replaced by
other letters or by numbers or symbols.
Transposition techniques
Performing some sort of permutation on the
messages letters
7/29/2019 Data Security cryptography
7/36
Caesar Cipher
The earliest known use of a substitution
cipher was by Julius Caesar.
message: meet me after the partycipher: phhw ph diwhu wkh sduwb
C= (m+3) mod 26
C= (m+k) mod 26
7/29/2019 Data Security cryptography
8/36
Monoalphabetic Cipher
Use any permutation of the 26 alphabetic
characters
a b c d e f g h i j k l m n o p q r s t u v w x y zq e r y u i o p a s d f g w h j k l z x c v b n m t
under attack we need helpcwyulqxxqrdbuwuuypufj
7/29/2019 Data Security cryptography
9/36
Frequency of Letters in English
3.5
4.25
12.75
3
2
3.5
7.75
0.250.5
3.75
2.75
7.757.5
2.75
0.5
8.5
6
3
0.5
2.25
0.25
9.25
1.25
1.51.5
7.75
0
2
4
6
8
10
12
14
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
7/29/2019 Data Security cryptography
10/36
Polyalphabetic Cipher
Using different monoalphabetic
substitution
message: wearediscoveredsaveyourself
key: deceptivedeceptivedeceptive
Ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
7/29/2019 Data Security cryptography
11/36
Transposition
Performing sort of permutation on the
message letters
message: meet me after the toga party
m e m a t r h t g p r y
e t e f e t e o a a t
Ciphertext: MEMATRHTGPRYETEFETEOAAT
G E i M hi
7/29/2019 Data Security cryptography
12/36
German Enigma MachineIn the history of cryptography, the Enigma was a portable ciphermachine
used to encrypt and decrypt secret messages. More precisely,
Enigma was a family of related electro-mechanical rotor machines
comprising a variety of different models.
http://en.wikipedia.org/wiki/History_of_cryptographyhttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/Machinehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Rotor_machinehttp://en.wikipedia.org/wiki/Rotor_machinehttp://en.wikipedia.org/wiki/Encryptionhttp://en.wikipedia.org/wiki/Machinehttp://en.wikipedia.org/wiki/Cipherhttp://en.wikipedia.org/wiki/History_of_cryptography7/29/2019 Data Security cryptography
13/36
Practical Problems
Generating a fully random key ispractically very hard (sometimesimpossible).
To ensure the security of the system, keysize should not be less than messagesize.
Sending a not repeated key in same sizeof the message through a secure channelto the receiver is impossible.
7/29/2019 Data Security cryptography
14/36
Computational Security
An encryption scheme is secure if it takes
very long time to break the ciphertext
Lifetime is defined in each application,
for example:
Military orders = 1 hour to 3 years
Check transaction = 1 year
Business agreement = 10-15 years
7/29/2019 Data Security cryptography
15/36
Good News
With enough number of the substitution
and transposition modules we can make a
strong encryption scheme
7/29/2019 Data Security cryptography
16/36
Data Encryption Standard
(DES)
input (2w bits)
w bits
F
w bitsround key
nonlinear function
7/29/2019 Data Security cryptography
17/36
DES
k2
k1
k16
k15
k16
k1
Block size
64 bits
Key size
56 bits
Encryption Decryption
Permutation
7/29/2019 Data Security cryptography
18/36
Triple DES
DES
DES
DES
ka
kb
ka
message
cipher
7/29/2019 Data Security cryptography
19/36
Applications for Public-Key
Cryptosystems Three categories:
Encryption/decryption: The sender encrypts
a message with the recipients public key.
Digital signature:The sender signs amessage with its private key.
Key echange: Two sides cooperate two
exhange a session key.
7/29/2019 Data Security cryptography
20/36
Public-Key Cryptographic
Algorithms RSA and Diffie-Hellman
RSA - Ron Rives, Adi Shamir and Len Adlemanat MIT, in 1977.
RSA is a block cipher The most widely implemented
Diffie-Hellman Echange a secret key securely
Compute discrete logarithms
e gor m ey
7/29/2019 Data Security cryptography
21/36
e gor m eyGeneration
1. Selectp,q p and q both prime
2. Calculate n = p x q
3. Calculate4. Select integere
5. Calculate d
6. Public Key KU = {e,n}7. Private key KR = {d,n}
)1)(1()( qpn)(1;1)),(gcd( neen
)(mod1 ned
7/29/2019 Data Security cryptography
22/36
Example of RSA Algorithm
7/29/2019 Data Security cryptography
23/36
The RSA Algorithm - Encryption
Plaintext: M
7/29/2019 Data Security cryptography
24/36
The RSA Algorithm - Decryption
Ciphertext: C
Plaintext: M = Cd
(mod n)
7/29/2019 Data Security cryptography
25/36
Digital Signatures
digital signatures provide the ability to:
verify author, date & time of signature
authenticate message contents
be verified by third parties to resolve disputes
7/29/2019 Data Security cryptography
26/36
Digital Signature Properties
must depend on the message signed
must use information unique to sender
to prevent both forgery and denial
must be relatively easy to produce
must be relatively easy to recognize & verify
be computationally infeasible to forge
with new message for existing digital signature with fraudulent digital signature for given message
be practical save digital signature in storage
7/29/2019 Data Security cryptography
27/36
Authentication Applications
will consider authentication functions
developed to support application-level
authentication & digital signatures
will consider Kerberos a private-key
authentication service
then X.509 directory authentication service
7/29/2019 Data Security cryptography
28/36
Kerberos
trusted key server system from MIT
provides centralised private-key third-party
authentication in a distributed network
allows users access to services distributed
through network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
7/29/2019 Data Security cryptography
29/36
Kerberos Requirements
first published report identified its
requirements as:
security
reliability
transparency
scalability
implemented using an authentication
protocol based on Needham-Schroeder
7/29/2019 Data Security cryptography
30/36
Kerberos 4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other
services from TGS on basis of users TGT
7/29/2019 Data Security cryptography
31/36
Kerberos 4 Overview
7/29/2019 Data Security cryptography
32/36
Kerberos Realms
a Kerberos environment consists of:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
this is termed a realm
typically a single administrative domain
if have multiple realms, their Kerberos
servers must share keys and trust
7/29/2019 Data Security cryptography
33/36
Kerberos Version 5
developed in mid 1990s
provides improvements over v4
addresses environmental shortcomings
encryption alg, network protocol, byte order, ticket
lifetime, authentication forwarding, interrealm auth
and technical deficiencies
double encryption, non-std mode of use, sessionkeys, password attacks
specified as Internet standard RFC 1510
7/29/2019 Data Security cryptography
34/36
References
Cryptography and NetworkSecurity:Principles and Practice ,
William Stallings (Prentice Hall)
Advanced Concepts in OperatingSystems,Mukesh Singhal,Niranjan
ECC Online tutorial, Certicome
website,http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html
Cryptography: theory andpractice ,
Douglas Robert Stinson (CRC press
series)
http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.htmlhttp://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html7/29/2019 Data Security cryptography
35/36
Any Questions?
7/29/2019 Data Security cryptography
36/36
Thank you