2. Overview Understand basic encryption concepts. Understand
private key encryption. Understand public key encryption.
Understand digital signatures. Understand key management.
Understand trust in the system.
3. Understand Basic Encryption Concepts Encryption is simply
the obfuscation of information in such a way so as to allow
authorized individuals to see it, but to hide it from unauthorized
individuals. Individuals having the appropriate key to decrypt the
information are defined as authorized.
4. Understand Basic Encryption Concepts Security Services with
encryption: Confidentiality: Used to hide information from
unauthorized individuals, either in transit or in storage.
Integrity: Used to identify changes to information either in
transit or in storage. Accountability: Used to authenticate the
origin of information and prevent the origin of information from
repudiating the fact that the information came from that
origin.
7. Understand Basic Encryption Concepts Encryption systems can
be attacked in three ways: Through weaknesses in the algorithm.
Through brute force against the key. Through weaknesses in the
surrounding system.
8. Understand Private Key Encryption Private key encryption:
Requires all parties who are authorized to read the information to
have the same key. Reduces the overall problem of protecting the
information to one of protecting the key. Is the most widely used
encryption.
9. Understand Private Key Encryption What is private key
encryption? Substitution ciphers. One-time pads. Triple DES. Data
encryption standard. Password encryption.
10. What is Private Key Encryption? Private key encryption is
also known as symmetric key encryption because it uses the same key
to encrypt information as is needed to decrypt. Private key
encryption provides for the confidentiality of the information
while it is encrypted. Only those who know the key can decrypt the
message.
11. What is Private Key Encryption? Private key algorithm
12. Substitution Ciphers Julius Caesar used a K is the key to
the cipher. substitution cipher called the Ex. K = 3 Caesar cipher.
UNIVERSITY This cipher consists of replacing XQLYHUVLWB each letter
with the letter three positions later in the alphabet.
13. Substitution Ciphers Substitution ciphers suffer from one
primary weaknessthe frequency of the letters in the original
alphabet does not change. Further development of frequency analysis
also shows that certain two- and three-letter combinations show up
frequently.
14. One Time Pads The One Time Pads (OTPs) system is the only
theoretically unbreakable encryption system. An OTP is a list of
numbers, in a completely random order. It is used to encode a
message. As its name implies, the OTP is only used once. OTPs are
used (but only for short messages) in very high- security
environments.
15. Data Encryption Standard The algorithm for the Data
Encryption Standard (DES) was developed by IBM in the early 1970s.
DES uses a 56-bit key. The key uses 7 bits of eight 8-bit bytes
(the 8th bit of each byte is used for parity). DES is a block
cipher that operates on one 64-bit block of plaintext at a time.
There are 16 rounds of encryption in DES, where each round uses a
different subkey.
16. Data Encryption Standard DES Block Diagram
17. Data Encryption Standard There are four modes of operation
for DES: 1. Electronic code book. 2. Cipher block chaining. 3.
Cipher feedback. 4. Output feedback.
18. ECB
19. CBC
20. CFB Encryption
21. CFB Decryption
22. OFB Encryption
23. OFB Decryption
24. Triple DES Triple DES functional Diagram
25. Password Encryption The standard Unix password encryption
scheme is a variation of DES. The password encryption function is
actually a one-way function. Each user chooses a password. The
algorithm uses the first eight characters of the password. The
system then chooses a 12-bit number based on the system time. This
is called the salt. Most Unix systems now offer the option of using
shadow password files for just this reason.
26. The Advanced Encryption Standard: Rijndael At the end of
2000, NIST announced that Joan Daemen and Vincent Rijmen,
cryptographers from Belgium, had won the competition with their
algorithm Rijndael. Rijndael is a block cipher that uses keys and
blocks of 128, 192, or 256 bits. These key lengths make brute-force
attacks computationally infeasible at this time. The algorithm
consists of 10 to 14 rounds, depending on the size of the plaintext
block and the size of the key.
27. Other Private Key Algorithms There are several other
private key algorithms available in various security systems. Among
them are the following: The International Data Encryption Algorithm
(IDEA) was developed in Switzerland. IDEA uses a 128-bit key and is
also used in Pretty Good Privacy (PGP). RC5 was developed by Ron
Rivest at MIT. It allows for variable length keys.
28. Other Private Key Algorithms Private key algorithms
(continued): Skipjack was developed by the United States government
for use with the Clipper Chip. It uses an 80-bit key, which may be
marginal in the near future. Blowfish allows for variable length
keys up to 448 bits and was optimized for execution on 32-bit
processors.
29. Understand Public Key Encryption Public Key encryption is a
more recent invention than private key encryption. The primary
difference between the two types of encryption is the number of
keys used in the operation. The private key encryption uses a
single key to both, encrypt and decrypt information. The public key
encryption uses two keys. One key is used to encrypt information
and a different key, to decrypt it.
30. Understand Public Key Encryption What is public key
encryption? Diffe-Hellman key exchange. RSA.
31. What is Public Key Encryption The public key is published
with information as to who is the owner. Another property of public
key encryption is that if you have one of the keys of a pair, you
cannot compute the other key. If confidentiality is desired,
encryption is performed with the public key.
32. What is Public Key Encryption Public key encryption
33. Diffe-Hellman Key Exchange The Diffe-Hellman key exchange
was developed to solve the problem of key distribution for private
key encryption systems. The idea was to allow a secure method of
agreeing on a private key without the expense of sending the key
through another method.
34. Diffie-Hellman Protocol 1. A and B g n, g < n 2. A x R =
g x mod n 3. B y , S = g y mod n 4. ABR ,S 5. A K = Sx mod n =(gy
mod n)x mod n 6. B K = Ry mod n =(gx mod n)y mod n K=K'
R,S,x,yK
35. RSA In 1978, Ron Rivest, Adi Shamir, and Len Adleman
released the Rivest- Shamir-Adleman (RSA) public key algorithm.
Unlike the Diffe-Hellman algorithm, RSA can be used for encryption
and decryption. Also unlike Diffe-Hellman, the security of RSA is
based on the difficulty of factoring large numbers.
36. -RSA Algorithm a block cipher in which the plaintext and
ciphertext are integers between 0 and n-1 for some n. Given: public
key= (e,n) private key= (d,n) C= M e mod n M= Cd mod n =(Me)d mod n
=Med mod n n=p*q, p,q edegcd((n), e)=1, (n)nn dd=e-1 mod(n) e*d
mod(n) = 1 2002 ACM Turing Award
37. RSA Algorithm 1. p=7, q=17 2. n=p q=7*17=119 3.
(n)=(p-1)(q-1)=96 4. e=5d=77 (5*77 mod 96 =1) =(5,119), =(77,119)
M=19 C=195 mod 119 == 66 mod 119 M=6677 mod 119 = 19 mod 119
39. RSA The basic algorithm for confidentiality is very simple:
ciphertext = (plaintext)e mod n plaintext = (ciphertext)d mod n
private key = {d, n} public key = {e, n} The difficulty in
calculating d given e and n provides the security.
40. Generating RSA keys To generate an RSA key pair, follow
these steps: Choose two prime numbers p and q and keep them secret.
Calculate n = pq. Calculate (n) = (p 1)(q 1). Select e such that e
is relatively prime to (n). Determine d such that (d)(e) = 1 mod
(n) and that d < (n).
41. Understand Digital Signatures Digital signature is a method
of authenticating electronic information using encryption. Digital
signatures protect information from modification after it has been
received and decrypted. Digital signatures put information through
a hash function to create a checksum that is encrypted with a
private key and travels with the information. This checksum can be
used to verify that the information was not modified.
42. Understand Digital Signatures The security and usefulness
of a digital signature depend on the protection of the users
private key and a secure hash function. A hash function is secure
if: the function is one-way, and it is difficult to construct two
pieces of information that provide the same checksum when run
through the function.
43. Understand Digital Signatures Secure hash functions should
create a checksum of at least 128 bits. The two most common hash
functions are MD5 and SHA.
44. Understand Digital Signatures Digital Signature
operation
45. Understand Key Management Key management is one of the most
critical aspects of an encryption system. It includes creating
strong keys, distributing them securely, certifying them correct,
protecting while in use, and revoking them when they are
compromised or expired. Most encryption systems have a method for
users to generate keysin many cases, the user chooses a
password.
46. Understand Key Management Keys must be transported securely
to ensure the integrity of the keys. If keys are transmitted, they
must be checked on arrival to ensure they have not been manipulated
(usually done manually or by digital signatures).
47. Understand Key Management Certificate Authorities (CAs)
ensure the integrity of the keys and prevent an attacker from
introducing their own keys. Public keys require integrity
protection (provided by certification), but they do not require
confidentiality protection. However, all copies of the private key
of a public key system must be protected at all times.
48. Understand Key Management Session keys may only exist for a
given session and may be deleted after the session. Public key
pairs are generally certified for one or two years. If a key is
lost or compromised, the owner of the key should inform users that
it is not to be used. In the case of a public key encryption
system, the owner must post the revocation to all of the potential
key servers.
49. Understand trust in the System Trust is the underlying
concept of all security and encryption. There are two primary
models that are used for trust: Hierarchical trust Web of
trust
50. Understand trust in the System The Hierarchical Trust model
is based on a chain of authority, in which you trust someone if
someone higher up in the chain certifies it. The Hierarchical Trust
model is complicated to put into practice because there is no real
root-level CA. Establishing an internal CA and public key
infrastructure for a business is a challenging task that demands a
lot of resources.
51. Understand trust in the System The Web of Trust model was
first used by Pretty Good Privacy (PGP). It is based on the concept
that each user certifies their own certificate and passes that
certificate off to known associates. The primary advantage is that
there is no large investment in infrastructure. The primary
disadvantage is a lack of scalability.
52. Summary Encryption is simply the obfuscation of information
in such a way so as to allow authorized individuals to see it, but
to hide it from unauthorized individuals. The Private Key
encryption requires all parties authorized to read the information
to have the same key. The Public Key encryption uses two keys. One
key is used to encrypt information and another key is used to
decrypt it.
53. Summary A digital signature is a method of authenticating
electronic information using encryption. Key Management includes
creating strong keys, distributing them securely, certifying that
they are correct, protecting them while they are in use, and
revoking them when they are compromised or expired. There are two
primary models that are used for trust: Hierarchical Trust and Web
of Trust.