lesson 12-encryption
DESCRIPTION
Lesson 12-Encryption. Overview. Understand basic encryption concepts. Understand private key encryption. Understand public key encryption. Understand digital signatures. Understand key management. Understand trust in the system. Understand Basic Encryption Concepts. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/1.jpg)
Lesson 12-Encryption
![Page 2: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/2.jpg)
Overview
Understand basic encryption concepts.
Understand private key encryption.
Understand public key encryption.
Understand digital signatures.
Understand key management.
Understand trust in the system.
![Page 3: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/3.jpg)
Understand Basic Encryption Concepts
Encryption is simply the obfuscation of information in such
a way so as to allow authorized individuals to see it, but to
hide it from unauthorized individuals.
Individuals having the appropriate key to decrypt the
information are defined as authorized.
![Page 4: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/4.jpg)
Understand Basic Encryption Concepts
Security Services with encryption:
Confidentiality: Used to hide information from unauthorized
individuals, either in transit or in storage.
Integrity: Used to identify changes to information either in
transit or in storage.
Accountability: Used to authenticate the origin of information
and prevent the origin of information from repudiating the fact
that the information came from that origin.
![Page 5: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/5.jpg)
Understand Basic Encryption Concepts
Encryption terms:
Plaintex
Ciphertex
Algorithm
Key
Encryption
![Page 6: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/6.jpg)
Understand Basic Encryption Concepts
Encryption terms (continued):
Decryption
Cryptography
Cryptographer
Cryptanalysis
Cryptanalyst
![Page 7: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/7.jpg)
Understand Basic Encryption Concepts
Encryption systems can be attacked in three ways:
Through weaknesses in the algorithm.
Through brute force against the key.
Through weaknesses in the surrounding system.
![Page 8: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/8.jpg)
Understand Private Key Encryption
Private key encryption:
Requires all parties who are authorized to read the information
to have the same key.
Reduces the overall problem of protecting the information to
one of protecting the key.
Is the most widely used encryption.
![Page 9: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/9.jpg)
Understand Private Key Encryption
What is private key encryption?
Substitution ciphers.
One-time pads.
Triple DES.
Data encryption standard.
Password encryption.
![Page 10: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/10.jpg)
What is Private Key Encryption?
Private key encryption is also known as symmetric key
encryption because it uses the same key to encrypt
information as is needed to decrypt.
Private key encryption provides for the confidentiality of the
information while it is encrypted.
Only those who know the key can decrypt the message.
![Page 11: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/11.jpg)
What is Private Key Encryption?
Private key algorithm
![Page 12: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/12.jpg)
Substitution Ciphers
Julius Caesar used a substitution cipher called the Caesar
cipher.
This cipher consists of replacing each letter with the letter
three positions later in the alphabet.
![Page 13: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/13.jpg)
Substitution Ciphers
Substitution ciphers suffer from one primary weakness—the
frequency of the letters in the original alphabet does not
change.
Further development of frequency analysis also shows that
certain two- and three-letter combinations show up
frequently.
![Page 14: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/14.jpg)
One Time Pads
The One Time Pads (OTPs) system is the only theoretically
unbreakable encryption system.
An OTP is a list of numbers, in a completely random order.
It is used to encode a message.
As its name implies, the OTP is only used once.
OTPs are used (but only for short messages) in very high-
security environments.
![Page 15: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/15.jpg)
Data Encryption Standard
The algorithm for the Data Encryption Standard (DES) was
developed by IBM in the early 1970s.
DES uses a 56-bit key. The key uses 7 bits of eight 8-bit bytes
(the 8th bit of each byte is used for parity).
DES is a block cipher that operates on one 64-bit block of
plaintext at a time.
There are 16 rounds of encryption in DES, where each round
uses a different subkey.
![Page 16: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/16.jpg)
Data Encryption Standard
DES Block Diagram
![Page 17: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/17.jpg)
Data Encryption Standard
There are four modes of operation for DES:
Electronic code book.
Cipher block chaining.
Cipher feedback.
Output feedback.
![Page 18: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/18.jpg)
Triple DES
Triple DES functional Diagram
![Page 19: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/19.jpg)
Password Encryption
The standard Unix password encryption scheme is a
variation of DES. The password encryption function is
actually a one-way function.
Each user chooses a password. The algorithm uses the first
eight characters of the password.
![Page 20: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/20.jpg)
Password Encryption
The system then chooses a 12-bit number based on the
system time. This is called the salt.
Most Unix systems now offer the option of using shadow
password files for just this reason.
![Page 21: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/21.jpg)
The Advanced Encryption Standard: Rijndael
At the end of 2000, NIST announced that Joan Daemen and
Vincent Rijmen, cryptographers from Belgium, had won the
competition with their algorithm Rijndael.
Rijndael is a block cipher that uses keys and blocks of 128,
192, or 256 bits. These key lengths make brute-force attacks
computationally infeasible at this time.
The algorithm consists of 10 to 14 rounds, depending on the
size of the plaintext block and the size of the key.
![Page 22: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/22.jpg)
Other Private Key Algorithms
There are several other private key algorithms available in
various security systems. Among them are the following:
The International Data Encryption Algorithm (IDEA) was
developed in Switzerland. IDEA uses a 128-bit key and is also
used in Pretty Good Privacy (PGP).
RC5 was developed by Ron Rivest at MIT. It allows for variable
length keys.
![Page 23: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/23.jpg)
Other Private Key Algorithms
Private key algorithms (continued):
Skipjack was developed by the United States government for
use with the Clipper Chip. It uses an 80-bit key, which may be
marginal in the near future.
Blowfish allows for variable length keys up to 448 bits and was
optimized for execution on 32-bit processors.
![Page 24: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/24.jpg)
Understand Public Key Encryption
Public Key encryption is a more recent invention than
private key encryption.
The primary difference between the two types of encryption
is the number of keys used in the operation.
The private key encryption uses a single key to both,
encrypt and decrypt information.
The public key encryption uses two keys. One key is used to
encrypt information and a different key, to decrypt it.
![Page 25: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/25.jpg)
Understand Public Key Encryption
What is public key encryption?
Diffe-Hellman key exchange.
RSA.
![Page 26: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/26.jpg)
What is Public Key Encryption
The public key is published with information as to who is
the owner.
Another property of public key encryption is that if you
have one of the keys of a pair, you cannot compute the
other key.
If confidentiality is desired, encryption is performed with
the public key.
![Page 27: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/27.jpg)
What is Public Key Encryption
Public key encryption
![Page 28: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/28.jpg)
Diffe-Hellman Key Exchange
The Diffe-Hellman key exchange was developed to solve
the problem of key distribution for private key encryption
systems.
The idea was to allow a secure method of agreeing on a
private key without the expense of sending the key through
another method.
![Page 29: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/29.jpg)
Diffe-Hellman Key Exchange
Functioning of Diffe-Hellman algorithm:
Assume we have two people who need to communicate securely
and thus need to agree on an encryption key.
P1 and P2 agree on two large integers a and b such that 1 < a <
b.
P1 then chooses a random number i and computes I = ai mod b.
P1 sends I to P2.
![Page 30: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/30.jpg)
Diffe-Hellman Key Exchange
Functioning of Diffe-Hellman algorithm (continued):
P2 then chooses a random number j and computes J = aj
mod b. P2 sends J to P1.
P1 computes k1 = Ji mod b.
P2 computes k2 = Ij mod b.
We have k1 = k2 = aij mod b and thus k1 and k2 are the
secret keys to use for the other transmission.
![Page 31: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/31.jpg)
RSA
In 1978, Ron Rivest, Adi Shamir, and Len Adleman released
the Rivest-Shamir-Adleman (RSA) public key algorithm.
Unlike the Diffe-Hellman algorithm, RSA can be used for
encryption and decryption.
Also unlike Diffe-Hellman, the security of RSA is based on
the difficulty of factoring large numbers.
![Page 32: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/32.jpg)
RSA
The basic algorithm for confidentiality is very simple:
ciphertext = (plaintext)e mod n
plaintext = (ciphertext)d mod n
private key = {d, n}
public key = {e, n}
The difficulty in calculating d given e and n provides the
security.
![Page 33: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/33.jpg)
Generating RSA keys
To generate an RSA key pair, follow these steps:
Choose two prime numbers p and q and keep them secret.
Calculate n = pq.
Calculate φ(n) = (p – 1)(q – 1).
Select e such that e is relatively prime to φ(n).
Determine d such that (d)(e) = 1 mod φ(n) and that d < φ(n).
![Page 34: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/34.jpg)
Understand Digital Signatures
Digital signature is a method of authenticating electronic
information using encryption.
Digital signatures protect information from modification
after it has been received and decrypted.
![Page 35: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/35.jpg)
Understand Digital Signatures
Digital signatures put information through a hash function
to create a checksum that is encrypted with a private key
and travels with the information.
This checksum can be used to verify that the information
was not modified.
![Page 36: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/36.jpg)
Understand Digital Signatures
The security and usefulness of a digital signature depend
on the protection of the user’s private key and a secure
hash function.
A hash function is secure if:
the function is one-way, and
it is difficult to construct two pieces of information that provide
the same checksum when run through the function.
![Page 37: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/37.jpg)
Understand Digital Signatures
Secure hash functions should create a checksum of at least
128 bits.
The two most common hash functions are MD5 and SHA.
![Page 38: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/38.jpg)
Understand Digital Signatures
Digital Signature operation
![Page 39: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/39.jpg)
Understand Key Management
Key management is one of the most critical aspects of an
encryption system.
It includes creating strong keys, distributing them securely,
certifying them correct, protecting while in use, and revoking
them when they are compromised or expired.
Most encryption systems have a method for users to
generate keys—in many cases, the user chooses a password.
![Page 40: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/40.jpg)
Understand Key Management
Keys must be transported securely to ensure the integrity
of the keys.
If keys are transmitted, they must be checked on arrival to
ensure they have not been manipulated (usually done
manually or by digital signatures).
![Page 41: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/41.jpg)
Understand Key Management
Certificate Authorities (CAs) ensure the integrity of the keys
and prevent an attacker from introducing their own keys.
Public keys require integrity protection (provided by
certification), but they do not require confidentiality
protection. However, all copies of the private key of a public
key system must be protected at all times.
![Page 42: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/42.jpg)
Understand Key Management
Session keys may only exist for a given session and may be
deleted after the session.
Public key pairs are generally certified for one or two years.
If a key is lost or compromised, the owner of the key should
inform users that it is not to be used.
In the case of a public key encryption system, the owner
must post the revocation to all of the potential key servers.
![Page 43: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/43.jpg)
Understand trust in the System
Trust is the underlying concept of all security and
encryption.
There are two primary models that are used for trust:
Hierarchical trust
Web of trust
![Page 44: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/44.jpg)
Understand trust in the System
The Hierarchical Trust model is based on a chain of authority, in
which you trust someone if someone higher up in the chain
certifies it.
The Hierarchical Trust model is complicated to put into practice
because there is no real root-level CA.
Establishing an internal CA and public key infrastructure for a
business is a challenging task that demands a lot of resources.
![Page 45: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/45.jpg)
Understand trust in the System
The Web of Trust model was first used by Pretty Good Privacy
(PGP).
It is based on the concept that each user certifies their own
certificate and passes that certificate off to known associates.
The primary advantage is that there is no large investment in
infrastructure.
The primary disadvantage is a lack of scalability.
![Page 46: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/46.jpg)
Summary
Encryption is simply the obfuscation of information in such a
way so as to allow authorized individuals to see it, but to hide
it from unauthorized individuals.
The Private Key encryption requires all parties authorized to
read the information to have the same key.
The Public Key encryption uses two keys. One key is used to
encrypt information and another key is used to decrypt it.
![Page 47: Lesson 12-Encryption](https://reader033.vdocuments.mx/reader033/viewer/2022061511/5681471b550346895db45065/html5/thumbnails/47.jpg)
Summary
A digital signature is a method of authenticating electronic
information using encryption.
Key Management includes creating strong keys, distributing
them securely, certifying that they are correct, protecting
them while they are in use, and revoking them when they are
compromised or expired.
There are two primary models that are used for trust:
Hierarchical Trust and Web of Trust.