Tài Liệu - Võ Tấn Dũng (votandung) chapter6-crypto
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.69 MB, 66 trang )
Chapter 6
Cryptographic System
Objectives
Explain how cryptology consists of cryptography and cryptanalysis and
how these concepts apply to modern day cryptography.
Explain how securing communications by various cryptographic
methods, including encryption, hashing and digital signatures, ensures
confidentiality, integrity, authentication and non-repudiation.
Describe the use and purpose of hashes and digital signatures in
providing authentication and integrity.
Explain how authentication is ensured.
Explain how integrity is ensured.
Explain how data confidentiality is ensured using symmetric encryption
algorithms and pre-shared keys.
Explain how data confidentiality is ensured using asymmetric
algorithms in a public key infrastructure to provide and guarantee
digital certificates.
Cryptographic Services
Securing communication
Securing communication
Authentication - Guarantees that the message is not a forgery and does
actually come from who it states it comes from.
Integrity - Similar to a checksum function in a frame, guarantees that
no one intercepted the message and altered it.
Confidentiality - Guarantees that if the message is captured, it cannot
be deciphered.
Cryptography
Cryptography is both the practice and the study of hiding information
A cipher is a series of well-defined steps that can be followed as a
procedure when encrypting and decrypting messages.
Transposition
Substitution
Vernam
Cryptography
Transposition
Cryptography
Subtitution cipher – ceasar cipher
Cryptography
Subtitution cipher- caesar cipher wheel
Subtitution cipher – Vigenere table
Cryptography
Vernam - Teletype Cipher
Invented by the Norwegian Army Signal Corps in 1950, the ETCRRM
machine uses the Vernam stream cipher method.
It was used by the US and Russian governments to exchange
information.
Plaintext message is exclusively ORed with a key tape containing a
random stream of data of the same length to generate the cipher
text.
After a message was encrypted, the key tape was destroyed.
At the receiving end, the process was reversed using an identical key
tape to decode the message.
Cryptanalysis
Cryptanalysis is the practice and study of determining the meaning of
encrypted information (cracking the code), without access to the shared
secret key
Brute-force attack
Ciphertext-only attack
Know-Plaintext attack
Chosen-plaintext attack
Chosen-ciphertext attack
Meet-in-the-middle
Cryptanalysis
Cryptology
Cryptology is the science of making and breaking secret codes.
Basic Integrity and Authenticity
Cryptographic hashes
Hashes are used for integrity
assurance.
Hashes are based on one-way
functions.
The hash function hashes
arbitrary data into a fixedlength digest known as the
hash value, message digest,
digest, or fingerprint.
Cryptographic hashes
2 well-known hash functions:
Message Digest 5 (MD5) with 128-bit digests
Secure Hash Algorithm 1 (SHA-1) with 160-bit digests.
But
Vulnerable to man-in-the-middle attacks.
Does not provide security to transmission.
Integrity with MD5 and SHA1
MD5 Algorithm
Is used in a variety of internet applications.
Uses a one-way hashing function - easy to compute hash and
infeasible to compute data given a hash.
Produces a 128-bit hash from a complex sequence of simple
binary operations.
Integrity with MD5 and SHA1
SHA1- Secure Hash Algorithm
Takes an input message of less than 2^64 bits and produces a
160-bit message digest.
The algorithm is slightly slower than MD5.
SHA-1 is a revision that corrected an unpublished flaw in the
original SHA.
SHA-224, SHA-256, SHA-384, and SHA-512 are newer and more
secure versions of SHA and are collectively known as SHA-2.
Authenticity with HMAC
HMACs use an additional secret key
as input to the hash function
adding authentication to integrity
assurance.
The secret key is known to the
sender and receiver and defeats
man-in-the-middle attacks.
HMAC is based on existing hash
functions, such as MD5 and SHA-1
Cisco products use hashing for
entity authentication, data integrity,
and data authenticity purposes
Authenticity with HMAC
Key Management
Key length is the measure in bits
Shorter key : less secure, but faster procesing
Longer key: more secure, but slower processing
Keyspace is the number of possibilities that can be generated by a
specific key length.
Key Management
Key Management
Confidentiality
