Professional Documents
Culture Documents
13.4.2 Security and Encryption
13.4.2 Security and Encryption
13.4.2 Security and Encryption
com 30-Sep-23
1
(c) razmi.zahir@gmail.com 30-Sep-23
Cryptography
• Cryptography involves creating written or generated codes that allow
information to be kept secret.
• Cryptography converts data into a format that is unreadable for an
unauthorized user, allowing it to be transmitted without unauthorized
entities decoding it back into a readable format, thus compromising the data.
• Information security uses cryptography on several levels.
• The information cannot be read without a key to decrypt it.
• The information maintains its integrity during transit and while being stored.
• Cryptography also aids in non-repudiation. This means that the sender and the
delivery of a message can be verified.
• Cryptography is also known as cryptology.
Encryption
• Encryption is the process of encoding data, making it unintelligible and scrambled.
• In a lot of cases, encrypted data is also paired with an encryption key, and only those that possess
the key will be able to open it.
• An encryption key is a collection of algorithms designed to be totally unique.
• These are able to scramble and unscramble data, essentially unlocking the information and
turning it back to readable data.
• Encryption does not itself prevent interference, but denies the intelligible content to a would-be
interceptor.
• With end-to-end encryption, only the sender and recipient are able to unlock and read the
information. For example with WhatsApp, the messages are passed through a server, but it is not
able to read the messages.
• There are two main types of encryption
• Symmetric encryption
• Asymmetric encryption (public-key cryptography)
2
(c) razmi.zahir@gmail.com 30-Sep-23
Symmetric encryption
• Symmetric encryption is the process of using the same key for both encrypting and
decrypting data.
• This will mean two or more parties will have access to the same key, which for some is
a big drawback, even though the mathematical algorithm to protect the data is pretty
much impossible to crack.
3
(c) razmi.zahir@gmail.com 30-Sep-23
4
(c) razmi.zahir@gmail.com 30-Sep-23
5
(c) razmi.zahir@gmail.com 30-Sep-23
6
(c) razmi.zahir@gmail.com 30-Sep-23
7
(c) razmi.zahir@gmail.com 30-Sep-23
End-to-end encryption
• End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true
sender and recipient(s).
• The messages are encrypted by the sender but the third party does not have a means to decrypt them, and
stores them encrypted.
• It uses an asymmetric encryption algorithm.
• Text messaging applications frequently use end-to-end encryption
Non-repudiation
• Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the
private key can only be decrypted with the public key.
• Alice, Bob and Janice.
• Bob got a message to meet at 5. How can he be sure its from Alice and not from someone else?
• Alice must encrypt the message first using her private key.
• The encrypted message will then be encrypted again using Bob’s public key and sent out…
• How can Alice be sure only Bob can read it?
• As only Bob has his private key, only he can read it..
• How can Bob be sure the message is from Alice?
• Only Alice has access to her private key..
• So the 2nd decryption using Alice’s public key means the message was indeed sent by Alice.
8
(c) razmi.zahir@gmail.com 30-Sep-23
9
(c) razmi.zahir@gmail.com 30-Sep-23
Digital certificate
• A digital certificate is an electronic document used to prove the validity of a public key.
• Digital certificate authentication helps organizations ensure that only trusted devices and users can
connect to their networks.
• A digital certificate certifies the ownership of a public key by the named subject of the certificate.
• A certificate authority (CA) stores, signs, and issues digital certificates.
• These certificates are data files used to cryptographically link an entity with a public key.
• Web browsers use them to authenticate content sent from web servers, ensuring trust in content
delivered online
• The certificate includes information about
• the key,
• information about the identity of its owner (called the subject),
• and the digital signature of an entity that has verified the certificate's contents (called the issuer).
• If the signature is valid, and the software examining the certificate trusts the issuer, then it can use
that key to communicate securely with the certificate's subject
10
(c) razmi.zahir@gmail.com 30-Sep-23
11
(c) razmi.zahir@gmail.com 30-Sep-23
12
(c) razmi.zahir@gmail.com 30-Sep-23
Password protection
• Password protection allows only those with an authorized password to gain access to certain
information
• All modern secure computer systems store users' passwords in an encrypted format.
• Whenever a user logs in, the password entered is encrypted initially, then compared to the
stored encryption of the password associated with the user's login name.
• A match succeeds and a mismatch fails -- it's that simple!
• Password encryption is usually a one-way process.
• This process uses a hashing algorithm, which always produces the same result for a given
password, but a very different one if even one character is mis-typed.
• Passwords could be stored as
• Plaintext
• hash, • Password: abc4
Encryption: e47e4f3a015b2bf63c3411fd87ab3579
• salted hash,
• Password: ABC4
• reversibly encrypted Encryption: ac3053745f6e1c8299a62d8732793fe6
What is the difference between logon/authentication passwords and passwords on files/ compressed files?
• A login credential is a set of unique identifiers–such as a username and password–that enables a user to verify
identity in order to log in to an account.
• Password protecting a file prevents immediate access to your document, but the file is still in plain view behind the
fence. The valid password will unlock its contents.
13
(c) razmi.zahir@gmail.com 30-Sep-23
Hashing algorithm
• A hashing algorithm is a mathematical function that garbles data and makes it unreadable.
• Hashing algorithms are one-way programs, so the text can't be unscrambled & decoded by anyone else.
• Once a password is stored as a hashed text, you cannot unscramble it. You can only authenticate by
entering your password and checking whether the hashed value generated matches what is stored
• The hash will not have the same length as the plaintext. It would be longer.
• Salted hashing is essentially an additional step to keep passwords out of the hands of malicious hackers.
• It works rather simply, when a password is collected, salt (random data) is added to the password. This
password is then hashed.
Reversible encryption
• Storing encrypted passwords in a way that is reversible means that the encrypted passwords
can be decrypted.
• Reversible encryption is not commonly used for passwords because the specific requirements
and parameters of password authentication are incompatible with the weakness of
reversible encryption.
• The primary weakness of reversible encryption is simple: if the key is compromised, the
encrypted data is compromised.
• Encryption is generally reversible. If not reversible, the encrypted data are considered
unreadable and unusable. This reversal process is referred to as decryption.
14