Scribd
Upload
1 views

Ch2 Cryptographic Tools

Chapter 2 discusses various cryptographic tools essential for security services, including symmetric and public-key encryption, digital signatures, and secure hash functions. It covers the mechanisms of symmetric encryption, the importance of message authentication, and the requirements and algorithms for public key encryption. Additionally, it addresses the generation of random numbers and practical applications for encrypting stored data.

Uploaded by

osamaabuhammad28
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
1 views

Ch2 Cryptographic Tools

Chapter 2 discusses various cryptographic tools essential for security services, including symmetric and public-key encryption, digital signatures, and secure hash functions. It covers the mechanisms of symmetric encryption, the importance of message authentication, and the requirements and algorithms for public key encryption. Additionally, it addresses the generation of random numbers and practical applications for encrypting stored data.

Uploaded by

osamaabuhammad28
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Chapter 2

Cryptographic Tools
2

Cryptographic Tools

• cryptographic algorithms important el-


ement in security services
• review various types of elements
 symmetric encryption
 public-key (asymmetric) encryption
 digital signatures and key management
 secure hash functions
• example is use to encrypt stored data
3

Symmetric Encryption
4

Attacking Symmetric Encryption

• Cryptanalysis
 rely on nature of the algorithm
 plus some knowledge of plaintext
characteristics
 even some sample plaintext-ciphertext pairs
 exploits characteristics of algorithm to
deduce specific plaintext or key
• Brute-force attack
 try all possible keys on some ciphertext until
get an intelligible translation into plaintext
5

Exhaustive Key Search


6

Symmetric Encryption Algorithms


7

DES and Triple-DES

• Data Encryption Standard (DES) is the


most widely used encryption scheme
 uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
 concerns about algorithm & use of 56-bit
key
• Triple-DES
 repeats basic DES algorithm three times
 using either two or three unique keys
 much more secure but also much slower
8

Advanced Encryption Standard (AES)

• Needed a better replacement for DES


• NIST called for proposals in 1997
 efficiency, security, HW/SW suitability,
128, 192, 256 keys
• selected Rijndael in Nov 2001
• symmetric block cipher
• uses 128 bit data & 128/192/256 bit keys
• now widely available commercially
9

Block
Verses
Stream
Ciphers
10

Message Authentication

• protects against active attacks


• verifies received message is authentic
 contents unaltered
 from authentic source
 timely and in correct sequence
• can use conventional encryption
 only sender & receiver have key needed
• or separate authentication mechanisms
 append authentication tag to cleartext
message
11

Message Authentication Codes


12

Secure Hash Functions


Message Authentication
13
14

Hash Function Requirements

• applied to any size data


• H produces a fixed-length output.
• H(x) is relatively easy to compute for any
given x
• one-way property
 computationally infeasible to find x such that
H(x) = h
• weak collision resistance
 computationally infeasible to find y ≠ x such
that H(y) = H(x)
• strong collision resistance
 computationally infeasible to find any pair (x, y)
such that H(x) = H(y)
15

Hash Functions

• two attack approaches


 cryptanalysis
• exploit logical weakness in algorithm
 brute-force attack
• trial many inputs
• strength proportional to size of hash code
(2n/2)
• SHA most widely used hash algo-
rithm
 SHA-1 gives 160-bit hash
 more recent SHA-256, SHA-384, SHA-
512 provide improved size and security
16

Public Key Encryption


17

Public Key Authentication


Authentication and/or data integrity
18

Public Key Requirements

1. Computationally easy to create key pairs


2. Computationally easy for sender know-
ing public key to encrypt messages
3. Computationally easy for receiver know-
ing private key to decrypt ciphertext
4. Computationally infeasible for opponent
to determine private key from public key
5. Computationally infeasible for opponent
to otherwise recover original message
6. Useful if either key can be used for each
role
19

Public Key Algorithms

• RSA (Rivest, Shamir, Adleman)


 developed in 1977
 only widely accepted public-key encryption alg
 given tech advances need 1024+ bit keys
• Diffie-Hellman key exchange algorithm
 only allows exchange of a secret key
• Digital Signature Standard (DSS)
 provides only a digital signature function with
SHA-1
• Elliptic curve cryptography (ECC)
 new, security like RSA, but with much smaller
keys
20
Public Key
Certificates

(See textbook figure p.63)


21
Digital Envelopes

Another application of public key algorithm


22

Random Numbers

• random numbers have a range of


uses
• requirements:
• randomness
 based on statistical tests for uniform dis-
tribution and independence
• unpredictability
 successive values not related to previ-
ous
 clearly true for truly random numbers
 but more commonly use generator
23
Pseudorandom verses Random
Numbers
• often use algorithmic technique to
create pseudorandom numbers
 which satisfy statistical randomness
tests
 but likely to be predictable
• true random number generators use
a nondeterministic source
 e.g. radiation, gas discharge, leaky ca-
pacitors
 increasingly provided on modern pro-
cessors
24
Practical Application:
Encryption of Stored Data

• common to encrypt transmitted data


• much less common for stored data
 which can be copied, backed up, recov-
ered
• approaches to encrypt stored data:
 back-end appliance (hardware device close
to data storage; encrypt close to wire speed)
 library based tape encryption (co-proces-
sor board embedded in tape drive)
 background laptop/PC data encryption
25

Summary

• introduced cryptographic algorithms


• symmetric encryption algorithms for
confidentiality
• message authentication & hash
functions
• public-key encryption
• digital signatures and key manage-
ment
• random numbers
End of Chapter 2

You might also like