cryptography pki encryption
TRANSCRIPT
-
7/30/2019 Cryptography PKI Encryption
1/23
Cryptography
Your organization's network may consist of intranets,
Internet sites, and extranets -all of which are potentially
susceptible to access by unauthorized individuals who may
maliciously view or alter your digital information assets.
A well-planned Public Key Infrastructure (PKI) can help
you to secure data and distribute and manage identification
credentials across your organization.
-
7/30/2019 Cryptography PKI Encryption
2/23
Public key cryptography is an important technology for e-
commerce, intranets, extranets, and Web-enabled
applications. The two fundamental operations associated
with public key cryptography include encryption and
authentication.
Windows Network uses public key cryptography in areas
such as smart card logon, encryption File System (EFS), and
Internet Protocol Security (IPSec).
Public key cryptography provides privacy through data
encryption, whether the data is in the form of e-mail
messages, credit-card numbers sent over the Internet, ornetwork traffic. Because public keys can be posted freely,
complete strangers can establish private communications
over public networks merely by retrieving each other's
public keys and encrypting the data.
-
7/30/2019 Cryptography PKI Encryption
3/23
Using Public Keys and Private Keys
Public key encryption uses two keys that aremathematically related. A key is a random string-such as a
number, ASCII value, word, or phrase-that is used in
conjunction with an algorithm. For public key encryption,
every user has a pair of mathematically related keys,including:
A private key, which is kept confidential.
A public key, which is freely given out to all potentialcorrespondents.
-
7/30/2019 Cryptography PKI Encryption
4/23
Encrypting and Decrypting Text
The fundamental property of public key encryption is
that the encryption and decryption keys are different
Encryption with a public key is a one-way function.
When you encrypt a document with a public key,plaintext turns into cipher text. A decryption key,
which is related but not identical to the encryption key,
is needed to turn the cipher text back into plaintext. If
someone intercepts an encrypted message in
transmission, the message is in cipher text and isunreadable.
-
7/30/2019 Cryptography PKI Encryption
5/23
Digital Signatures
A digital signature is a means for the originator of a
message, file, or other digitally encoded information to
bind his or her identity to the information. The
signature itself is a sequence of bits appended to a
digital document. A digital signature ensures that:
Only someone possessing the private key could have
created the digital signature.
Anyone with access to the corresponding public keycan verify the digital signature.
-
7/30/2019 Cryptography PKI Encryption
6/23
Digital envelope
A type of security that uses two layers of encryption to protect a message. First,
the message itself is encoded using symmetric encryption, and then the key todecode the message is encrypted using public-key encryption. This technique
overcomes one of the problems of public-key encryption, which is that it is
slower than symmetric encryption. Because only the key is protected with
public-key encryption, there is very little overhead.
Digital envelope means -
(1) An encrypted message that uses both secret key and public key cryptography
methods. A secret key is used to encrypt and decrypt the message, but the public
key method is used to send the secret key to the other party.
(2) A frame, or packet, of data that has been encrypted for transmission over anetwork.
(3) A term occasionally used to describe inserting data into a packet or frame for
transmission over a network. The envelope metaphor implies a container.
-
7/30/2019 Cryptography PKI Encryption
7/23
-
7/30/2019 Cryptography PKI Encryption
8/23
Hash Algorithms
A digital signature uses an algorithm called a hash algorithm.
Hash algorithms are designed to guarantee that if a singlebyte changes, processing the document generates a
completely different hash. When a hash is encrypted by using
a public key, any modification of the signed data invalidates
the digital signature.
A certification authority (CA) is responsible for providing
and assigning the keys for encryption, decryption, and
authentication. A CA distributes keys by issuing certificates,
which contain the public key and a set of attributes. A CAcan issue certificates to a computer, a user account, or a
service.
-
7/30/2019 Cryptography PKI Encryption
9/23
Certificates
Certificates are signed documents that match public keys
to other information, such as a name or an e-mail address.Certificates are signed by CAs that issues certificates. A
CA's signature guarantees that the public key does indeed
belong to the party that presents it.
External and Internal CAsA CA can be an external issuing company, such as a large
commercial CA that issues certificates to millions of users.
Or a CA can be internal, such as department within a
company that has installed its own server for issuing andverifying certificates. Each CA decides what attributes it
includes in a certificate and what mechanism it uses to
verify those attributes before issuing the certificate.
-
7/30/2019 Cryptography PKI Encryption
10/23
The process of rendering a message (or data)unusable to all but the intended recipients, whohave the ability to decrypt it. Cryptography is thescience of creating workable procedures for
encrypting and decrypting messages. The goal isto ensure that a message intercepted by adistrusted user cannot be decrypted in a feasibleamount of time.
It is the process of transforming plain text intounreadable form (called cipher text) usingmathematical process/algorithm.
What is Encryption?
-
7/30/2019 Cryptography PKI Encryption
11/23
Method of Encryption and
Transaction Security -
Secret-Key Encryption / SymmetricEncryption
Public-Key Encryption / AsymmetricEncryption
-
7/30/2019 Cryptography PKI Encryption
12/23
Comparing Secret-Key Encryption and Public-Key
Encryption Methods
Features Secret Key Public Key
Number of
Keys
Single key Pair of keys
Types of Keys Key is secret One key is private, and one key is
public.
Key
Management
Simple but
difficult to manage
Need digital certificates and trusted
third parties
RelativeSpeeds Very fastSlower than Secret Key
Usage Used for bulk data
encryption
Used for less demanding applications
such as encrypting small documents
or to sign messages.
-
7/30/2019 Cryptography PKI Encryption
13/23
Encrypt with
secret key
Anne
(Sender)
Bob
(Receiver)
Secret-Key Encryption
Inte
rnet
Plain Text
Cipher Text
Plain Text
Cipher Text
Decrypt with
Same secret
key
Encryption Key = Decryption Key
-
7/30/2019 Cryptography PKI Encryption
14/23
Public Key and Private Key are mathematically related.
A key is a random string such as a number, ASCII value, Word or Phrase that is used
in conjunction with an algorithm. Cryptographic security depends on three broad parameters viz:
- Secrecy of the Key
- Key Length
- Strength of the cipher
Encrypt withSellers Public key
Sender/
Buyer
Receiver /
Seller
Public-Key Encryption
Internet
Plain Text
Cipher Text
Plain Text
Cipher Text
Decrypt with SellersPrivate key
-
7/30/2019 Cryptography PKI Encryption
15/23
The process of creating a digital signature using a hash function
Figure => Send Message with Encryption at Transmitting End.
-
7/30/2019 Cryptography PKI Encryption
16/23
The process of verifying a digital signature created with a hashfunction
Figure => Receive Message with Decryption at Receiving End.
-
7/30/2019 Cryptography PKI Encryption
17/23
SenderS
ide
Receiv
erSide
-
7/30/2019 Cryptography PKI Encryption
18/23
Key Length
Key length is the third guarantor of cipher
security. If the parties successfully protect keys
and the cipher is strong, then it falls to key length
to provide adequate security.
In contemporary cryptography the key is a
numerical value that is input to the cipher to cause
it to encrypt the data in a unique way.
For a strong cipher and a secure key, an opponent
is forced to resort to trying all possible keys.
If the key is long, it has many possible values, andthe miscreant is faced with the difficult task of
trying large number of combinations.
Thus, security is closely related to the length of
the key. Key length is usually given in bits. A key
of n bits has 2n possible values.
Depending on the cipher, today's commercial
computers are able to try roughly a few trillion
keys per second or0.4583 * 1020keys per year.
The table below lists the number of keys and theestimate time it takes to break a key for various
key lengths using conventional computers and
contemporary ciphers.
Key length in bits Number of keys Time to break Keys
24 0
32 4.3 billion 2.9 millisecond
40-DES 1.1 trillion 0.75 seconds
56 - Current US export
limit
7.2 thousand trillion1.37hours
64 1.8 million trillion 14.33 days
128 - Advanced
Encryption Standard
(AES)
3.4* 10 38
[34 followed by 37
zeros]
7.2 million trillion
years
256
1.1 * 1077
[11 followed by 76
zeros]
2.4* 1057 years
[24 followed by 56
zeros]
5121.3* 10 154
[13 followed by 153
zeros]
2.8 * 10133 years
[28 followed by 132
zeros]
Key size, number of keys and time to break:
1024 1.8 * 10308 4 * 10285 years
-
7/30/2019 Cryptography PKI Encryption
19/23
Hacking (Key Breaking) Speed of a standard
powerful computerDuration No. of Keys
Generated / Recognize
Per Second 14.5 * 1011
Per Hour 52.32 * 1014
Per Day 1.256 * 1017
Per Year (11/24) * 1020
= 0.4583 * 1020
-
7/30/2019 Cryptography PKI Encryption
20/23
Encryption Algorithm/Protocol
Public-Key Algorithm:
RSA (Rivest-Shamir-Adelman)
Diffie-Hellman Algorithm
PGP (Pretty Good Privacy)
ECC (Elliptic Curve Cryptography)
Private-Key Algorithm:
DES (Data Encryption Standard) /
3DES
RC4
IDEA (International Data
Encryption Algorithm)
Encryption Protocol:
SSL (Secure Socket Layer) Developed by Netscape Communication Ltd.
SET (Secure Electronic Transaction) Developed by Visa and Master Card
Corp.
** Different Algorithm uses diff. length of Keys ranges 40 1024 / 2048. The
longer the key string digits, the more time requires and the more difficult the
encrypted data is to break. But the transaction speed will be slower.
* 3DES is more secure than DES because it uses DES algorithm 3 times and
follows an enc-dec-enc sequence with 3 different unrelated keys.
-
7/30/2019 Cryptography PKI Encryption
21/23
security for e-payments
types of encryption systems
symmetric (private key)
same key used to encrypt and decrypt plain text
shared by sender and receiver
asymmetric (public key)
different keys used public key to encrypt message
private key to decrypt it
public key encryption systems
have needed long keys (512-1024 bits) to ensure security but long keys slow down encryption and decryption
RSA algorithm most common PK encryption algorithm
Rijndael algorithm uncrackable with 128-bit key
-
7/30/2019 Cryptography PKI Encryption
22/23
digital signatures and certificates
digital signatures needed for authenticity and nonrepudiation
analogous to handwritten signature
based on public keys
used to:
authenticate the identity of the sender of a message or
document ensure the original content of the electronic message or
document is unchanged
portable and can be time stamped
not easily imitated or repudiated
digital certificates identifying the holder of a public key (key-exchange)
issued by a trusted certificate authority (CA)
-
7/30/2019 Cryptography PKI Encryption
23/23
public key encryption and digital signatures
E Turban et al.,Electronic Commerce- a Managerial Perspective (Prentice Hall, 2nd ed, 2002), Ch. 14.