Академический Документы
Профессиональный Документы
Культура Документы
By
Amit Kumar Bhardwaj
Agenda
• Pros and cons of data encryption
• Single key encryption
• Two-key encryption
• Combining single and two-key
encryption
• Message integrity
• Digital certificates
• PKI
Encryption is a method of changing a message so
that its content isn’t intelligible to a casual viewer.
Using something that only the sender and receiver
know, the message is turned from readable to
nonsense before it is sent and restored to readable
form when it is received. Encryption is the primary
technique for protecting the content of a data
communications message while it is traveling outside
the local network on which it originated. Encryption
can also be used to protect data stored on a hard
disk.
Pros and cons of data
•
encryption
Encrypting and decrypting messages
consumes a lot of computing power,
slowing down data communications.
• Negotiating the type of encryption to be
used during a communications session
lengthens the time needed to set up the
session.
• Using encryption and digital certificates
for authentication requires the
development and maintenance of a PKI,
which can be costly for a small
organization.
Cont ..
• You can’t process data in encrypted form; it must be
decrypted. If you use encryption to protect data stored
on your servers, for example, it must be decrypted
every time a user needs to search for or display data.
This can significantly increase processing time.
• The secret keys for many well-known encryption
algorithms can be cracked by today’s high-end
computers. Therefore, no encryption method should be
considered totally uncrackable, especially when the
problem is distributed among Internet users whose
computers run a brute force attack during idle periods.
Single Key Encryption
Schemes
• The algorithmically simplest type of encryption uses a
single shared key to encrypt and decrypt a message.
Because there is only one key, it must be known to both
the sender and receiver. The result is encryption that is
conceptually simple, but possibly difficult to manage.
• Because the key used by both sender and receiver is
the same, single key encryption keys are also commonly
known as symmetric keys.
Substitution Cyphers
• Single key encryption methods are essentially
• substitution cyphers , where one character is
substituted for another based on a transformation
that process is used to decrypt the message. When
one character is substituted for another, we call it a
stream cypher ; when a longer key is applied to a
group of characters, we call it a block cypher . Most
of the substitution cyphers in use today are block
cyphers because they are more secure than
stream cyphers.
Data Encryption Standard
(DES)
The Data Encryption Standard (DES) was the U.S.
•
government’s first successful attempt at
standardizing the encryption used to communicate
with government agencies. It was formally adopted
as a Federal Information Processing Standard
(FIPS) in 1976.
• However, its short key length has made it
relatively easy to crack with today’s computing
power (less than 24 hours), and although you may
find it still in use commercially,
• It has been replaced for government use by AES
• DES works much like the second version of the
sample substitution cypher
Cont ..
• The DES key is 64 bits in length, although only 56 bits actually are
used in the encryption; the remainder are parity bits used for error
checking.
• The plaintext is modified in 64-bit chunks. Each time a key is used, it
is exclusive-ORd (XORd) with the plaintext. Encrypting a single 64-
bit block of plaintext with DES is not as simple as our example,
however. It involves 16 rounds of plaintext transformations,
including breaking the plaintext into two 32-bit chunks that are
swapped repeatedly during the rounds. Each round also expands the
32- bit block to 48 bits, which are then XORd with a 48-bit subkey.
The subkey has been generated by a “key schedule,” an algorithm
that creates the 48-bit subkeys based on the original 56-bit key.
After XORing with the subkey, the 48-bit plaintext block is divided
into 6-bit chunks (S-boxes), which then output 4-bit blocks, reducing
the overall plaintext block back to its original 32-bits. (The security
of DES rests with the transformation that occurs in the S-blocks.)
Decryption is similar to encryption with the exception that the key
transformations must be generated and applied in the reverse order.
Because of its computational complexity, DES was often
implemented in hardware.
Triple DES
The vulnerabilities in DES became very well known.
Therefore, cryptographers developed an interim
version, for use until another encryption method was
adopted, called Triple DES . Triple DES uses a 192-
bit key, three times the length of the 64-bit DES key.
The algorithm repeats the DES encryption process
three times, each time using a different 64 bits of
the 192-bit key.