Professional Documents
Culture Documents
Cryptography and Security Technologies: Internet and Computer Network
Cryptography and Security Technologies: Internet and Computer Network
Technologies
1. Basic Concepts
2. Introduction to Cryptography
3. Digital Signature
4. Digital Certificate and Certification
Authority
2
Basic Concepts
3
How are things done?
Payment and
other info.
Merchant Customer
5
Examples in Physical World
8
Cryptosystem
Encryption Decryption
Key Key
Encryption Decryption
Cipher text
Plain Plain
Information Information
9
What is Encryption?
10
Symmetric Cryptosystem
Encryption Decryption
Cipher text
Plain Plain
Information Information
11
Symmetric Key Cryptography
The key must be secretly held between
the sender and receiver.
How many keys are needed when we
have a community of n users?
Ans: n(n – 1)/2, or order of n2.
Direct Implication:
Distribution and key management.
Does not support spontaneous transaction.
12
Symmetric Cryptosystems
Normally operates either as block cipher or
stream cipher.
Block cipher: input text is divided into fixed-size
blocks of n-bits. The encryption function is then
applied. The cipher text blocks are also n-bits in
length. Typically, n = 64 bits.
Stream cipher: processes the data as a sequence
of characters.
Common symmetric cryptosystems:
DES, Triple-DES, RC2, RC4, RC5, etc.
13
The Data Encryption Standard
(DES)
Developed by IBM in the 1970s, and was
adopted as a US federal standard in 1977.
Uses 56-bit key on 64-bit blocks of data.
Encryption and decryption involves 16 rounds
of permutations, letter substitutions, and
exclusive-OR operations.
The output displays no correlation to the input.
Every bit of the output depends upon every bit
of the input and the key.
14
How Good is DES?
No general guideline on attack except brute-
force search (i.e., exhaustively search the key
space).
For DES, that means 256 70 million billion
trials.
Using 1994 technology, a US$1 million
investment can crack the key in 3.5 hours.
That’s why we need Triple-DES and others!
15
Other Services…..
Authentication and integrity: uses integrity
check-value.
Transmitted Message
16
Integrity Check Value
Can it check for integrity?
Yes, because the computed value must be consistent
with the transmitted value.
Can it authenticate the sender?
Yes, because only 2 users hold the secret key. The
recipient knows that it is sent by the other key
holder.
Can it prevent repudiation?
NO! What if one user generates the message by
himself and claim that it was done by the other user?
17
Public Key Cryptosystems
Uses a pair of related keys: one for
encryption and one for decryption.
One key, called the private key, is kept only
to the owner.
The other key, called the public key, can be
made publicly known.
Given the public key, one cannot derive the
private key and vice versa.
18
Public Key Cryptosystems
Recipient’s Recipient’s
public key private key
Plaintext A Cipher text A Plaintext A
Plaintext B Cipher text B Plaintext B
19
Alternatively…..
Sender’s
private key
Plaintext Plaintext
Cipher text A
Sender’s
public key
20
Public Key Cryptosystems
22
Modular Arithmetic
23
The RSA Algorithm
Advantages:
Higher security
Easy key distribution
Weaknesses:
Processing costs (e.g., time requirements
for encryption/decryption).
27
How to Make Things Better?
Use a hybrid approach that combines the
strengths of secret-key (symmetric key) and
public-key based encryption techniques.
Encrypt message with secret key, and then
encrypt the secret key using public key.
Transmitted Message = Secret-key(m) +
Public-keyreceiver(Secret-key)
The Second term is called a Digital Envelope.
28
Digital Signature
29
What is Digital Signature?
30
Digital Signature
Sender Transmitted Message Receiver
Sign Verify
Digital Verified?
Signature Yes/No
Sender’s Sender’s
Private Key Public Key
31
But……
32
RSA Digital Signature
34
Digital Signature with Hashing
Sender
Transmitted Message Receiver
Plaintext
Plaintext Plaintext
Hash Hash
Sign Decrypt
Message Digital
digest Signature Expected Computed
digest digest
Sender’s
Sender’s
Public Key Are they equal?
Private Key
35
Digital Certificate and
Certification Authority
36
Distribution of Public Key
37
Digital Certificate
A digital ID card that notarizes the
connection between a public-key and its
owner.
Issued by certification authorities (CA).
Contains a public-key value and information
that uniquely identifies the holder.
Digitally signed by the issuing CA.
Implication?
Must trust the CA for the certificate to be useful.
38
Digital Certificate
Advantage:
Easy distribution without the need to worry about
confidentiality, integrity, and authentication.
User simply needs to trust the CA. No need to store
the keys or certificates of other users.
However, practically, no CA can handle all
users.
Therefore, we need a chain-like model to link
up multiple CAs hierarchically. This is called
a certification path.
39