Академический Документы
Профессиональный Документы
Культура Документы
Basic Problem
Bob
Alice
Authentication
Interception
Spoofing
Integrity
Non-repudiation
Claims
Not sent not received
Modification
Security Services
Integrity Information has not been altered Confidentiality Content hidden during transport Authentication Identity of originator confirmed Non-Repudiation Originator cannot repudiate transaction
Information Security
Confidentiality
Integrity
Availability
Data Confidentiality
Cryptography
Someconfid
entialtext
essage) in clear
Encryption
Cryptography
Someconfid
entialtext
essage) in clear
Decryption
Crypto Transformations
Crypto Transformations
Parameterization
Some confidential text (message) in clear (readable) form Someconfid Someconfid Someconfid entialtext Someconfid entialtext entialtext Someconfi essage) entialtext Entialte essage) essage) essage) in clear essage) in clear in clear in clear in clear
Crypto key
Encryption
Crypto key
Decryption
Design . . . ?
Principles
1. 2. 3. 4. 5. 6.
Simple for users Complicated for intruders Public algorithm Secret key Large number of combinations Special properties
DES Algorithm
Cleartext
DES Key
Ciphertext
DES
Cleartext
Key = Input
1, 2, 3, . .... ... ... ... ... ... ... 64 1, 2, 3, . .... ... ... ... ... ... ... 64
1011
...
11
1011
...
11
Key
Cleartext
DES
Ciphertext
101010
........
10
Avalanche Effect
1, 2, 3, . .... ... ... ... ... ... ... 64 1, 2, 3, . .... ... ... ... ... ... ... 64
1011 ...
1011...
Key
Cleartext
DES
Ciphertext
101010
10
DES Implementations
Encryption
Crypto key
Decryption
Key Exchange
Encryption
Key 2
Some confidential text (message) in clear (readable) form Someconfi entialtext essage) in clear
Key 1
Decryption
Alice
Encryption
tia
Decryption
MSG
Bob Private
Alice Private
Bob Public
Alice Public
Alice
Encryption
tia
Decryption
MSG
Bob Private
Alice Private
Bob Public
Alice Public
Confidentiality
Symmetric and Asymmetric Encryption Symmetric: Faster than asymmetric, hard to break with large key, hard to distribute keys, too many keys required, cannot authenticate or provide nonrepudiation.
Includes: DES, Triple DES, Blowfish, IDEA, RC4, RC5, RC6, AES
Asymmetric cryptography: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation, slow, math intensive
Crypto Applications
Digital Signature
A Digital Signature is a data item
Intranet Extrane t
Bob
Internet
Alice
Digital Signature
Message
Digest Algorithm
Message
Digest Algorithm
Hash Function
Public Key
Private Key
Encryption
Decryption
Expected Digest Actual Digest
Signature
Signer
Channel
Receiver
Digital Certificate
Digital Certificate
CERTIFICATE
Subject Issuer Subject Public Key
Digital Certificate
Questions