• No results found

lec 8 Crypto-graphic Tools

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "lec 8 Crypto-graphic Tools"

Copied!
25
0
0

Loading.... (view fulltext now)

Download now ( 25 Page )

Full text

(1)

Lecture 8

(2)

Message Authentication

protects against active attacks

verifies received message is authentic

 contents unaltered

 from authentic source

 timely and in correct sequence

can use conventional encryption

 only sender & receiver have key needed

or separate authentication mechanisms

(3)
(4)
(5)

Message

(6)

Hash Function Requirements

 applied to any size data

 H produces a fixed-length output.

 H(x) is relatively easy to compute for any given x  one-way property

computationally infeasible to find x such that H(x) = h

 weak collision resistance

 computationally infeasible to find yx such tha H(y) = H(x)

 strong collision resistance

 computationally infeasible to find any pair (x, y) such that H(x)

(7)

Hash Functions

two attack approaches

 cryptanalysis

 exploit logical weakness in alg

 brute-force attack

 trial many inputs

 strength proportional to size of hash code (2n/2)

SHA most widely used hash algorithm

 SHA-1 gives 160-bit hash

 more recent SHA-256, SHA-384, SHA-512 provide

(8)

Public Key Authentication

(9)

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

:

integrated

system of software, encryption methodologies,

protocols, legal agreements, and third-party

services enabling users to communicate

securely

PKI systems based on public key

(10)
(11)

PKIX Management

functions:

registrationinitializationcertification

key pair recoverykey pair update

revocation requestcross certification

protocols:

(12)

PKI services

PKI protects information assets in several ways:

Authentication – Digital Certificate

To identify a user who claim who he/she is, in order to access the

resource.

Non-repudiation – Digital Signature

 To make the user becomes unable to deny that he/she has sent the

message, signed the document or participated in a transaction.

Confidentiality - Encryption

 To make the transaction secure, no one else is able to read/retrieve

the ongoing transaction unless the communicating parties.

Integrity - Encryption

 To ensure the information has not been tampered during transmission.

Authorization. Digital certificates issued in a PKI environment can

(13)

Digital Signatures

Encrypted messages that can be

mathematically proven to be authentic

Created in response to rising need to verify

information transferred using electronic

systems

(14)

All copyrights reserved by C.C. Cheung 2003.

Digital Signature

Digital signature can be used in all electronic

communications

 Web, e-mail, e-commerce

It is an electronic stamp or seal that append to

the document.

Ensure the document being unchanged during

(15)

All copyrights reserved by C.C. Cheung 2003.

How digital Signature works?

User A

User B Use A’s private key to sign the document

Transmit via the Internet

User B received the document with signature attached Verify the signature

(16)

All copyrights reserved by C.C. Cheung 2003.

Digital Signature Generation and

Verification

Message Sender Message Receiver

(17)

All copyrights reserved by C.C. Cheung 2003.

Digital Certificates

Digital Certificate is a data with digital

signature from one trusted Certification

Authority (CA).

This data contains:

 Who owns this certificate  Who signed this certificate  The expired date

(18)

Digital Certificates

Electronic document containing key value and

identifying information about entity that

controls key

(19)
(20)

All copyrights reserved by C.C. Cheung 2003.

Digital Certificate

(21)

All copyrights reserved by C.C. Cheung 2003.

Certification Authority (CA)

 A trusted agent who certifies public keys for

general use (Corporation or Bank).

 User has to decide which CAs can be trusted.

 The model for key certification based on friends

and friends of friends is called “Web of Trust”.

 The public key is passing from friend to friend.

 Works well in small or high connected worlds.

 What if you receive a public key from someone you don’t

know?

A Certificate Authority is an agency that

manages the issuance of certificates and serves as the electronic notary public to verify their

(22)

Principles of Information Security, 2nd edition

Protocols for Secure

Communications

Secure Socket Layer (SSL) protocol: uses public

key encryption to secure channel over public

Internet

Secure Hypertext Transfer Protocol (S-HTTP):

extended version of Hypertext Transfer Protocol;

provides for encryption of individual messages

between client and server across Internet

 S-HTTP is the application of SSL over HTTP; allows

encryption of information passing between

(23)

Principles of Information Security, 2nd edition

Protocols for Secure Communications (continued)

Securing E-mail with S/MIME, PEM, and PGP

 Secure Multipurpose Internet Mail Extensions

(S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication

 Privacy Enhanced Mail (PEM): proposed as

standard to function with public key

cryptosystems; uses 3DES symmetric key encryption

Pretty Good Privacy (PGP): uses IDEA Cipher for

(24)

Principles of Information Security, 2nd edition

Protocols for Secure Communications (continued)

Securing Web transactions with SET, SSL, and

S-HTTP

 Secure Electronic Transactions (SET): developed by

MasterCard and VISA in 1997 to provide protection from electronic payment fraud

 Uses DES to encrypt credit card information

transfers

 Provides security for both Internet-based credit

(25)

References & further readings

Computer Security: Principles and

Practice :

Chapter 2 – Cryptographic Tools

by

William Stallings and Lawrie Brown

Reference

Figure

Figure 8-5 Digital Signatures

References

Download now ( PPTX - 25 Page - 542.48 KB )

Related documents

Download Download PDF

I will begin with a detailed description of two rival projects of mate- rialist philosophy. For the analysis of the contemporary materialist dialec- tic , I will turn to the

Biobank integration of large-scale clinical and histopathology melanoma studies within the European Cancer Moonshot Lund Center

In our Cancer Moonshot R&D activities, samples in the biobanks and the data derived from these samples are being used to build an understanding of disease presentation and

Capsicum and Chilli Information Kit. Agrilink, your growing guide to better farming guide.

The strong plant produces high yields of medium to large, four-lobed, three-quarter long fruit with very firm thick walls, glossy red and good uniformity.. Good leaf cover

Cancer Insurance Program

In Oregon rider, for Specified Disease diagnosed during the first 30 days of coverage, Express Payment Benefit is not payable, and benefits will only be paid for hospital

GLOBAL PRIVACY POLICY TREASURE BAY CASINOS

We may share all of the information we collect (including Sensitive Information) with any successor to all or part of our business in connection with a transaction involving a

This is a translation. In the event of disputes the Estonian terms and conditions are valid.

In the case of cancellation of the trip we will indemnify expenses directly related to the trip and irrecoverable costs of travel services incurred before the occurrence of the

Noongar Radio100.9fm SPONSORSHIP KIT. a strong, positive voice for Indigenous People

Although program content is designed to appeal to Aboriginal and Torres Strait Islander people, it has been found that Noongar Radio also has a significant number of