25-07-2012, 03:12 PM
Cryptography Basics
cryptography.ppt (Size: 201 KB / Downloads: 29)
Basic Terminologies
Cryptography deals with creating documents that can be shared secretly over public communication channels
Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor
The word cryptography comes from the Greek words: Krypto (secret) and graphein (write)
Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor
Cryptology deals with cryptography and cryptanalysis
Cryptosystems are computer systems used to encrypt data for secure transmission and storage
Keys are rules used in algorithms to convert a document into a secret document
Keys are of two types:
Symmetric
Asymmetric
A key is symmetric if the same key is used both for encryption and decryption
A key is asymmetric if different keys are used for encryption and decryption
Examples:
Symmetric key methods
DES 56-bit
Triple DES 128-bit
AES 128-bit and higher
Blowfish 128-bit and higher
Asymmetric key methods
RSA (Rivest-Shamir-Adleman of MIT)
PGP (Phil Zimmerman of MIT)
Plaintext is text that is in readable form
Ciphertext results from plaintext by applying the encryption key
Notations:
M message, C ciphertext, E encryption, D decryption, k key
E(M) = C
E(M, k) = C
Fact: D© = M, D(C, k) = M
Steganography is the method of hiding secret messages in an ordinary document
Steganography does not use encryption
Steganography does not increase file size for hidden messages
Example: select the bit patterns in pixel colors to hide the message
Hash functions generate a digest of the message
Substitution cipher involves replacing an alphabet with another character of the same alphabet set
Mono-alphabetic system uses a single alphabetic set for substitutions
Poly-alphabetic system uses multiple alphabetic sets for substitutions
Caesar cipher is a mono-alphabetic system in which each character is replaced by the third character in succession. Julius Caesar used this method of encryption.
Vigenere cipher is an example of a poly-alphabetic cipher
Vigenere cipher uses a 26 x 26 table of characters
Vigenere method uses a keyword. Keyword repeated to fill length of plaintext. Each ciphertext character corresponds to the cell at the intersection of plaintext row and keyword column
Vigenere method does not use repeated characters unlike Caesar cipher
Example of Vigenere cipher:
ABCDEFGHIJ …
BCDEFGHIJK …
CDEFGHIJKL …
DEFGHIJKLM …
EFGHIJKLMN …
Plaintext: BEAD
Keyword: CABC
Ciphertext: DABF
Hash algorithms take an arbitrary length message and create a fixed length digest known as Message Digest
Well-known hash algorithms are MD-4 and MD-5
Ron Rivest created the MD-x hash algorithms for NIST
Block ciphers use blocks of text instead of single characters
Electronic code book (ECB) uses plaintext blocks
ECB raises the possibility that identical blocks could generate identical ciphertext
Cipher block chaining (CBC) uses a feedback loop
In CBC, each plaintext block is XORed with the previous ciphertext block
CBC eliminates identical blocks generating identical ciphertext
PKI
Public Key Infrastructure (PKI) is a government initiative to protect computer systems
Developed in the 1970s but has not been widely accepted. However, parts of the system are in extensive use today. These are Digital Certificates and Digital Signatures.
Digital Certificates are given by trusted third parties, known as Certificate Authorities (CAs). Verisign (an offshoot of RSA) is a CA. Any organization can be a CA as long as there are people willing to believe their assessment of authenticity.
Digital Certificates
Issued by trusted third parties known as Certificate Authorities (CAs)
Verisign is a trusted third party
Used to authenticate an individual or an organization
Digital Certificates are usually given for a period of one year
They can be revoked
It is given at various security levels. Higher the security level, the CA verifies the authenticity of the certificate seeker more.
Digital Certificates can be issued by any one as long as there are people willing to believe them
Major CAs are:
Verisign
GeoTrust
BeTrusted
Thawte
Digital Certificates are part of the authentication mechanism. The other part is Digital Signature.
When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message
In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key
Additional authentication means used by CAs are:
Security token
Passive token
Active token
One time password
Security token is usually a hardware device such as a Smart Card
If the security token is a software token, it is usually associated with a particular workstation
Security tokens use two-factor authentication using a password and a device (or an appropriate hardware identifier)
Passive token is a storage device that holds multiple keys. Appropriate key is transmitted using the transmission device used.
Inexpensive to manufacture
Sometimes an extra PIN is required to use the passive token
Examples:
Garage door opener
ATM card
An Active token does not transmit any data, unlike a passive token
Active tokens create another form of the base key (such as one-time password) or an encrypted form of the base key
Smart cards are commonly used for active tokens
A One-time password has a limited duration validity on a single use
Generated using a counter-based token or a clock-based token
Counter-based token is an active token that generates a one-time password based on a counter in the server and the secret key of the user
Clock-based token is an active token that generates one-time passwords based on the server clock
PGP
Developed by Phil Zimmerman at MIT
Provides 256-bit encryption key
Widely used for encrypting files such as email
Message is first compressed
A session key is created
The compressed message is encrypted using the session key
Session key alone is encrypted using the recipient’s public key
The encrypted message and the encrypted session key are then sent to the receiver
Receiver uses the private key to decrypt the session key first. Then the message is decrypted in a symmetric key way.
S/MIME
Secure/Multipurpose Internet Mail Extension’s goal is to provide integrity for email
S/MIME is in version 3 and it is an IETF standard
S/MIME follows a hierarchical trust scheme in which a trusted party passes on the trust to the next level below. For example, a trusted CA’s Digital Certificate can be used for authentication
S/MIME certificates follow X.509 standard