Upload
api-3706009
View
125
Download
2
Tags:
Embed Size (px)
Citation preview
Encryption Techniques
Keerthana.J
(060341039)
Topics Covered
Types of Attacks Cryptography Traditional methods Symmetric and Public-Key Algorithms Digital Signatures Certificates Cryptography with PHP
Types of Threat in Internet
Threat is a set of circumstances that has the potential of causing loss and harm
Interception Interruption Modification Fabrication
Cryptography
Encryption is the process of translating information from its original form (called plaintext) into an encoded, incomprehensible form (called ciphertext).
Decryption refers to the process of taking ciphertext and translating it back into plaintext.
What does it provide ?
Important aspects of computer security Confidentiality Integrity Availability Authenticity of data
Traditional Methods
1) Substitution Ciphers
a b c d e fghi j k l mno pqr s t u vwx y z
KEY: QWERTYUIOPASDFGHJKLZXCVBNM
Plaintext : attack
Ciphertext : QZZQEA
2)Transposition Cipher
M E G A B U C K (KEY)
7 4 5 1 2 8 3 6
t r a n s f e r
o n e m i l l I
o n t o a c c o
u n t s i x t w
w o t w o Plaintext : transferonemilliontoaccountsixtwotwo Ciphertext : nmoswsiaioelctrnnnoaetttrlowtoouwflcx
Symmetric-Key Algorithms
Traditional Vs Symmetric-Key It uses the same key for encryption and
decryption The key is called the secret key. Drawback of Symmetric-key algorithms Examples : Data Encryption Standard
Advanced Encryption Standard
Public-Key Algorithms
New kind of cryptosystem where the encryption and the decryption keys are different.
Public Keys used by the entire world for encrypting messages to send it to the user.
Private Keys which the user needs for decrypting messages.
Examples : RSA, Knapsack algorithm
Working of Public-Key Algorithms
Drawbacks in Public-Key Algorithm
There were some drawbacks in Public-Key Algorithms which led to Digital Signatures.
The receiver could not verify the identity of the sender.
The sender cannot later repudiate the contents of the message.
The receiver could possibly have concocted the message himself.
Digital Signatures
Symmetric-Key SignaturesIt has a central authority that knows everything and whom everyone trusts.Drawback is everyone has to believe in the third party and he gets to read all the signed messages.
Public-Key Signatures These drawbacks are solved in this kind of signatures. Any public-key algorithm can be used for digital signatures.
Working of Public-Key Signatures
Certificates
Public key cryptography makes it possible for people who do not share a common key to communicate securely.
It also makes signing messages possible without the presence of a trusted third party.
An organization that certifies public keys is now called a (Certification Authority) CA.
Used in Credit card payments
Example of Certificate
The fundamental job of a certificate is to bind a public key to the name of a principal (individual, company)
Encryption in PHP
One Way EncryptionThe algorithms for one-way encryption are called hash algorithms. PHP uses the Message Digest (MD) hash algorithm, MD5, for one-way encryption.Examples: Used for storing user passwords.
<?php $msg = " Password "; $encrypted_text = md5 ($msg); echo("<b>Plain Text : </b>"); echo($msg); echo("<p><b>Encrypted Text : </b><br>"); echo($encrypted_text); ?>
Output
PlainText : Password
Encrypted Text : 3f13fa96ed14d842519897db6810aa7
Symmetric Encryption
PHP provides several algorithms for symmetric encryption in the mcrypt library. It also provides the mcrypt_ecb function to implement the algorithms of the mcrypt library.
Asymmetric Encryption
Complex to implement but very efficient.
<?php echo("<h3> Symmetric Encryption </h3>"); $key_value = "KEYVALUE";
$plain_text = "PLAINTEXT"; $encrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value,
$plain_text, MCRYPT_ENCRYPT); echo ("<p><b> Text after encryption : </b>"); echo ( $encrypted_text ); $decrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value,
$encrypted_text, MCRYPT_DECRYPT); echo ("<p><b> Text after decryption : </b>"); echo ( $decrypted_text ); ?>
Conclusion
The various algorithms are selected as per the security levels required for the data.
It is the responsibility of the developer to include proper encryption of the data.
These basic cryptographic algorithms are used to implement SSL (Secure Socket Layer) for web security.
Thank You