16-07-2012, 03:27 PM
CRYPTOGRAPHY
CRYPTOGRAPHY.ppt (Size: 540.5 KB / Downloads: 80)
INTRODUCTION
The internet has revolutionised the way the world communicates and become the primary means for companies to disseminate information.Companies use their websites, e-mail and other internet technologies as a means for communication with their customers, business partners and employees. The most formidable obstacles to the wide acceptance of e-business and e-commerce are the issues of security and trust.This is the time cryptography comes into picture.
BASIC FUNDAMENTALS
PLAIN TEXT
ENCRYPTION
CIPHER TEXT
DECRYPTION
CRYPTOGRAPHY
SCIENCE OF USING MATHEMATICS TO ENCRYPT AND DECRYPT DATA WHICH ENABLES ONE TO STORE SENSITIVE INFORMATION OR TRANSMIT IT ACROSS INSECURE NETWORKS LIKE INTERNET SO THAT IT CAN’T BE READ BY ANYONE EXCEPT THE INTENDED RECIPIENT
Cryptanalysis
Science of analysing and breaking secure communication.
TYPES OF CRYPTOGRAPHY
PRIVATE KEY CRYPTOGRAPHY
PUBLIC KEY CRYPTOGRAPHY
PRIVATE KEY CRYPTOGRAPHY
IN THIS TYPE OF CRYPTOGRAPHY, BOTH THE PARTIES HAD IDENTICAL KEYS SUCH THAT A MESSAGE THAT WAS ENCRYPTED BY ONE KEY COULD ONLY BE DECRYPTED USING THE COPY OF THE SAME KEY PRESENT WITH THE RECIPIENT.
IT REQUIRES A SECURE COMMINICATION MEDIUM TO PREVENT DISCLOSURE OF SECRET KEY DURING TRANSMISSION.
ADVANTAGES
THIS METHOD IS VERY FAST AND ESPECIALLY USEFUL FOR ENCRYPTING DATA THAT IS NOT GOING ANYWHERE.
DISADVANTAGES
IT CAN BE QUITE EXPENSIVE DUE TO THE DIFFICILITY OF SECURE KEY DISTRIBUTION.
A PERSON OR AN ORGANISATION HAS TO TRUST A COURIER OR SOME OTHER SECURE COMMUNICATION MEDIUM TO PREVENT THE DISCLOSURE OF THE KEY.
PUBLIC KEY CRYPTOGRAPHY
THIS TYPE OF CRYPTOGRAPHY IS BASED ON A PAIR OF KEYS,ONE OF WHICH IS MADE PUBLIC AND ACCESIBLE TO ANYONE.THE OTHER REMAINS PRIVATE AND IS KEPT WITH THE RECIPIENT.
THE SENDER USES THE PUBLIC KEY TO ENCRYPT THE MESSAGE AND CAN BE DECRYPTED ONLY BY USING THE PRIVATE KEY OF THE KEY PAIR BY THE RECIPIENT.
SINCE THE PRIVATE KEY EXISTS ONLY WITH THE RECIPIENT THE SENDER IS ASSURED THAT THE MESSAGE CAN BE VIEWED BY THE PERSON FOR WHOM IT IS INTENDED.
ADVANTAGES
IT IS A MECHANISM THAT ENABLES TWO PARTIES TO ESTABLISH A SECRET KEY FOR SECURE COMMUNICATION WITHOUT THE NEED FOR A TRUSTED CHANNEL.
IT PROVIDE A SOLUTION TO KEY DISTRIBUTION AND DATA TRANSMISSION ISSUES.
DISADVANTAGES
IT IS SLOW AS COMPARE TO PRIVATE KEY ENCRYPTION .
PRETTY GOOD PRIVACY(PGP)
IT IS A HYBRID CRYPTOSYSTEM WHICH COMBINES SOME OF THE BEST FEATURES OF BOTH CONVENTIONAL AND PUBLIC KEY CRYPTOGRAPHY.
PGP-ENCRYPTION
WHEN A USER ENCRYPTS PLAIN TEXT WITH PGP, PGP FIRST COMPRESSES THE PLAIN TEXT.
IT THEN CREATES A SESSION KEY,WHICH IS ONE TIME-ONLY SECRET KEY.
IT WORKS WITH A VERY SECURE ,FAST CONVENTIONAL ENCRYPTION ALGORITHM TO ENCRYPT THE PLAIN TEXT.
THE SESSION KEY IS ENCRYPTED TO THE RECIPIENT’S PUBLIC KEY.
THIS PUBLIC KEY ENCRYPTED SESSION KEY IS TRANSMITTED ALONG WITH THE CIPHER TEXT TO THE RECIPIENT.
PGP - DECRYPTION
THE RECIPIENT ‘S COPY OF PGP USES HIS PRIVATE KEY TO RECOVER THE TEMPORARY SESSION KEY WHICH PGP THEN USES TO DECRYPT THE CONVENTIONALLY ENCRYPTED CIPHER TEXT.
PUBLIC KEY INFRASTRUCTURE
IT IS A COMBINATION OF SOFTWARE,ENCRYPTION TECHNOLOGIES AND SERVICES THAT ENABLES ENTERPRISES TO PROTECT THE SECURITY OF THEIR COMMUNICATIONS AND BUSINESS TRANSACTIONS ON THE INTERNET.
IT MAKES USE OF PUBLIC KEY CRYPTOGRAPHY FOR AUTHENTICATING A MESSAGE SENDER OR ENCRYPTING OR DECRYPTING A MESSAGE.
COMPONENTS OF PKI
CERTIFICATE AUTHORITY
REGISTRATION AUTHORITY
DIRECTORIES
CERTIFICATE MANAGEMENT SYSTEM
CERTIFICATES
CERTIFICATE REVOCATION LIST
CERTFICATE AUTHORITY
ENTITY THAT ACTS AS A TRUSTED THIRD PARTY CONFIRMING THE IDENTIES OF ORGANISATIONS
AND INDIVIDUALS.
AUTHORITY IN A NETWORK THAT ISSUES AND MANGES SECURITY CREDENTIALS AND PUBLIC KEYS FOR MESSAGE ENCRYPTION AND DECRYPTION
REGISTRATION AUTHORITY
VERIFY THE VALIDITY OF THE DETAILS
COMMON NAME
COUNTRY
ORGANISATION
STATE
LOCATION
E-MAIL.
AND PASS ON THE REQUEST TO THE CA
DIRECTORIES
ELECTRONIC DIRECTORY THAT CONTAINS ADDRESS AND SUBSCRIBERS CERTIFICATES
UPDATED TIME TO TIME
CERTIFICATE MANAGEMENT SYSTEM
SOFTWARE THAT HELPS IN ISSUING, VALIDATING AND MANAGING THE CERTIFICATES.
CERTIFICATES
USED TO IDENTIFY A PERSON OR ORGANISATION AND ESTABLISHES THEIR CREDENTIALS WHEN DOING BUSINESS OR CONDUCTING OTHER TRANSACTIONS ON THE WEB.
Uses of PKI
Secure e-business
Integration of supply chain
Identity authentication
Integrity verification
Privacy
Access authourisation
Transaction authourisation
Non repudiation
Digital signature
Enable the recipient to verify the authencity of the information’s origin and also that the information is intact.
Serves the same purpose as handwritten signature but is much superior to it.
Limitation: Slow and produces enormous volume of data.
Hash function
It takes variable length input and produces a fixed length output.
Uses of digital signature
Signer authentication
Message authentication
Affirmative act
Efficiency
Digital Certificates
It is the information included with a person’s public key that help others verify that a key is genuine or valid.
It consists of:-
1)public key
2)certificate information
3)one or more digital signature
Uses of DC’s
Employs a strategy to reliably assosciate a particular person or entity to the key pair
Provides a secure channel for communication over insecure networks like internet where one can authenticate oneself or others.
Provides non repudiation
Difference between two formats
PGP certification format
One can create by himself
Support lot of ways for identifying key’s owner
Other people can attest their assurance
X.509 certification format
Can be issued by only certification authority
Support only single means for identifying key’s owner
Supply only a single signature
Validity and Trust
Validity is the confidence that a public key certificate belongs to its purported owner . it is essential in a public key environment where you must constantly establish whether or not a particular certificate is authentic.
Checking the validity
By physically handing one a copy of public key.
Manually checking certificate’s fingerprint
By calling the key owner and asking him to read his key’s certificate and verifying
By trusting the third individual
Meta and trusted introducers
Authority that enables others to act as
trusted authority is called meta introducer and the one that gets the authority are called trusted authorities.
In X.509 environment, meta introducer is called root certification authority and trusted introducers are called subordinate certificates.
Trust models
Direct trust: in this model, a user validates key himself and never sets another certificate to be a trusted introducer
Hierarchical trust: in this system, there are number of root certificates from which trust extends.
Web of trust: encompasses both of the above models, but also adds the notion that trust is in the eyes of the beholder and the idea that more information is better.
Certification revocation
The process of eradicating/deleting the certificate due to its expiration or any other valid reason by the certification authority is called certificate revocation.
In PGP, only the certificate’s owner or someone whom the certificate’s owner has designated as a revoker can revoke the certificate where as in X.509,only the certificate’s issuer can revoke it.