Scribd
Upload
16 views28 pages

Week 7 - Crypto-Graphic Tools

Uploaded by

Sajawal Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
16 views28 pages

Week 7 - Crypto-Graphic Tools

Uploaded by

Sajawal Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

Cryptographic Tools

Lecture 8
Message Authentication
protects against active attacks
verifies received message is authentic
contents unaltered
from authentic source
timely and in correct sequence
can use conventional encryption
only sender & receiver have key needed
or separate authentication mechanisms
append authentication tag to cleartext message
Message Authentication Codes
Secure Hash Functions
Message
Authentication
Hash Function Requirements
 applied to any size data
 H produces a fixed-length output.
 H(x) is relatively easy to compute for any given x
 one-way property
 computationally infeasible to find x such that H(x) = h
 weak collision resistance
 computationally infeasible to find y ≠ x such tha H(y) = H(x)
 strong collision resistance
 computationally infeasible to find any pair (x, y) such that H(x)
= H(y)
Examples of Crypto Hash
Functions
 MD4 = Message Digest 4 [RFC 1320] - 32b
operations
 MD5 = Message Digest 5 [RFC 1321] - 32b
operations
SHA = Secure hash algorithm [NIST]
 SHA-1 = Updated SHA
 SHA-2 = SHA-224, SHA-256, SHA-384, SHA-512
SHA-512 uses 64-bit operations
Public Key Authentication
Authentication and/or data integrity
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI): integrated
system of software, encryption methodologies,
protocols, legal agreements, and third-party
services enabling users to communicate
securely
PKI systems based on public key
cryptosystems; include digital certificates and
certificate authorities (CAs)
Public Key Infrastructure
PKIX Management
 functions:
registration
initialization
certification
key pair recovery
key pair update
revocation request
cross certification
 protocols:
 CMP(certificate management protocols ),
 CMC(certificate management messages )
PKI services
PKI protects information assets in several ways:
 Authentication – Digital Certificate
 To identify a user who claim who he/she is, in order to access the
resource.
 Non-repudiation – Digital Signature
 To make the user becomes unable to deny that he/she has sent the
message, signed the document or participated in a transaction.
 Confidentiality - Encryption
 To make the transaction secure, no one else is able to read/retrieve
the ongoing transaction unless the communicating parties.
 Integrity - Encryption
 To ensure the information has not been tampered during transmission.
 Authorization. Digital certificates issued in a PKI environment
can replace user IDs and passwords, enhance security, and reduce
some of the overhead required for authorization processes and
controlling access privileges
Digital Signatures
Encrypted messages that can be
mathematically proven to be authentic
Created in response to rising need to verify
information transferred using electronic
systems
Asymmetric encryption processes used to
create digital signatures
Digital Signature
Digital signature can be used in all electronic
communications
Web, e-mail, e-commerce
It is an electronic stamp or seal that append to
the document.
Ensure the document being unchanged during
transmission.

All copyrights reserved by C.C. Cheung 2003.


How digital Signature works?

User A Transmit via the Internet

Use A’s private key to sign the document

User B received
Verify the signature the document with
by A’s public key stored signature attached
at the directory
User B

All copyrights reserved by C.C. Cheung 2003.


Digital Signature Generation and
Verification

Message Sender Message Receiver

Message Message

Hash function Hash function


Public
Digest Key

Private Encryption Decryption


Key
Signature Expected Digest Digest
All copyrights reserved by C.C. Cheung 2003.
Digital Certificates
Electronic document containing key value and
identifying information about entity that
controls key

Digital signature attached to certificate’s


container file to certify file is from entity it
claims to be from
Figure 8-5 Digital Signatures
Digital Certificate

 Reference

All copyrights reserved by C.C. Cheung 2003.


Protocols for Secure
Communications
Secure Socket Layer (SSL) protocol: uses public
key encryption to secure channel over public
Internet

Secure Hypertext Transfer Protocol (S-HTTP):


extended version of Hypertext Transfer Protocol;
provides for encryption of individual messages
between client and server across Internet
S-HTTP is the application of SSL over HTTP; allows
encryption of information passing between
computers through protected and secure virtual
connection
Principles of Information Security, 2nd edition
Protocols for Secure Communications (continued)

Securing E-mail with S/MIME, PEM, and PGP

Secure Multipurpose Internet Mail Extensions


(S/MIME): builds on Multipurpose Internet Mail
Extensions (MIME) encoding format by adding
encryption and authentication
Privacy Enhanced Mail (PEM): proposed as
standard to function with public key
cryptosystems; uses 3DES symmetric key
encryption
Pretty Good Privacy (PGP): uses IDEA Cipher for
message encoding
Principles of Information Security, 2nd edition
Protocols for Secure Communications (continued)
Securing Web transactions with SET, SSL, and S-
HTTP
Secure Electronic Transactions (SET): developed by
MasterCard and VISA in 1997 to provide protection
from electronic payment fraud

Uses DES to encrypt credit card information


transfers

Provides security for both Internet-based credit


card transactions and credit card swipe systems in
retail stores
Principles of Information Security, 2nd edition
References & further readings
Computer Security: Principles and
Practice :Chapter 2 – Cryptographic Tools by
William Stallings and Lawrie Brown
Cryptography and network security by
William stalling chapters :11,12,13,14
Understanding Public Key Infrastructure (PKI)
An RSA Data Security White Paper

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy