cryptography pki encryption

7/30/2019 Cryptography PKI Encryption

1/23

Cryptography

Your organization's network may consist of intranets,

Internet sites, and extranets -all of which are potentially

susceptible to access by unauthorized individuals who may

maliciously view or alter your digital information assets.

A well-planned Public Key Infrastructure (PKI) can help

you to secure data and distribute and manage identification

credentials across your organization.


2/23

Public key cryptography is an important technology for e-

commerce, intranets, extranets, and Web-enabled

applications. The two fundamental operations associated

with public key cryptography include encryption and

authentication.

Windows Network uses public key cryptography in areas

such as smart card logon, encryption File System (EFS), and

Internet Protocol Security (IPSec).

Public key cryptography provides privacy through data

encryption, whether the data is in the form of e-mail

messages, credit-card numbers sent over the Internet, ornetwork traffic. Because public keys can be posted freely,

complete strangers can establish private communications

over public networks merely by retrieving each other's

public keys and encrypting the data.


3/23

Using Public Keys and Private Keys

Public key encryption uses two keys that aremathematically related. A key is a random string-such as a

number, ASCII value, word, or phrase-that is used in

conjunction with an algorithm. For public key encryption,

every user has a pair of mathematically related keys,including:

A private key, which is kept confidential.

A public key, which is freely given out to all potentialcorrespondents.


4/23

Encrypting and Decrypting Text

The fundamental property of public key encryption is

that the encryption and decryption keys are different

Encryption with a public key is a one-way function.

When you encrypt a document with a public key,plaintext turns into cipher text. A decryption key,

which is related but not identical to the encryption key,

is needed to turn the cipher text back into plaintext. If

someone intercepts an encrypted message in

transmission, the message is in cipher text and isunreadable.


5/23

Digital Signatures

A digital signature is a means for the originator of a

message, file, or other digitally encoded information to

bind his or her identity to the information. The

signature itself is a sequence of bits appended to a

digital document. A digital signature ensures that:

Only someone possessing the private key could have

created the digital signature.

Anyone with access to the corresponding public keycan verify the digital signature.


6/23

Digital envelope

A type of security that uses two layers of encryption to protect a message. First,

the message itself is encoded using symmetric encryption, and then the key todecode the message is encrypted using public-key encryption. This technique

overcomes one of the problems of public-key encryption, which is that it is

slower than symmetric encryption. Because only the key is protected with

public-key encryption, there is very little overhead.

Digital envelope means -

(1) An encrypted message that uses both secret key and public key cryptography

methods. A secret key is used to encrypt and decrypt the message, but the public

key method is used to send the secret key to the other party.

(2) A frame, or packet, of data that has been encrypted for transmission over anetwork.

(3) A term occasionally used to describe inserting data into a packet or frame for

transmission over a network. The envelope metaphor implies a container.


7/23


8/23

Hash Algorithms

A digital signature uses an algorithm called a hash algorithm.

Hash algorithms are designed to guarantee that if a singlebyte changes, processing the document generates a

completely different hash. When a hash is encrypted by using

a public key, any modification of the signed data invalidates

the digital signature.

A certification authority (CA) is responsible for providing

and assigning the keys for encryption, decryption, and

authentication. A CA distributes keys by issuing certificates,

which contain the public key and a set of attributes. A CAcan issue certificates to a computer, a user account, or a

service.


9/23

Certificates

Certificates are signed documents that match public keys

to other information, such as a name or an e-mail address.Certificates are signed by CAs that issues certificates. A

CA's signature guarantees that the public key does indeed

belong to the party that presents it.

External and Internal CAsA CA can be an external issuing company, such as a large

commercial CA that issues certificates to millions of users.

Or a CA can be internal, such as department within a

company that has installed its own server for issuing andverifying certificates. Each CA decides what attributes it

includes in a certificate and what mechanism it uses to

verify those attributes before issuing the certificate.


10/23

The process of rendering a message (or data)unusable to all but the intended recipients, whohave the ability to decrypt it. Cryptography is thescience of creating workable procedures for

encrypting and decrypting messages. The goal isto ensure that a message intercepted by adistrusted user cannot be decrypted in a feasibleamount of time.

It is the process of transforming plain text intounreadable form (called cipher text) usingmathematical process/algorithm.

What is Encryption?


11/23

Method of Encryption and

Transaction Security -

Secret-Key Encryption / SymmetricEncryption

Public-Key Encryption / AsymmetricEncryption


12/23

Comparing Secret-Key Encryption and Public-Key

Encryption Methods

Features Secret Key Public Key

Number of

Keys

Single key Pair of keys

Types of Keys Key is secret One key is private, and one key is

public.

Key

Management

Simple but

difficult to manage

Need digital certificates and trusted

third parties

RelativeSpeeds Very fastSlower than Secret Key

Usage Used for bulk data

encryption

Used for less demanding applications

such as encrypting small documents

or to sign messages.


13/23

Encrypt with

secret key

Anne

(Sender)

Bob

(Receiver)

Secret-Key Encryption

Inte

rnet

Plain Text

Cipher Text

Plain Text

Cipher Text

Decrypt with

Same secret

key

Encryption Key = Decryption Key


14/23

Public Key and Private Key are mathematically related.

A key is a random string such as a number, ASCII value, Word or Phrase that is used

in conjunction with an algorithm. Cryptographic security depends on three broad parameters viz:

- Secrecy of the Key

- Key Length

- Strength of the cipher

Encrypt withSellers Public key

Sender/

Buyer

Receiver /

Seller

Public-Key Encryption

Internet

Plain Text

Cipher Text

Plain Text

Cipher Text

Decrypt with SellersPrivate key


15/23

The process of creating a digital signature using a hash function

Figure => Send Message with Encryption at Transmitting End.


16/23

The process of verifying a digital signature created with a hashfunction

Figure => Receive Message with Decryption at Receiving End.


17/23

SenderS

ide

Receiv

erSide


18/23

Key Length

Key length is the third guarantor of cipher

security. If the parties successfully protect keys

and the cipher is strong, then it falls to key length

to provide adequate security.

In contemporary cryptography the key is a

numerical value that is input to the cipher to cause

it to encrypt the data in a unique way.

For a strong cipher and a secure key, an opponent

is forced to resort to trying all possible keys.

If the key is long, it has many possible values, andthe miscreant is faced with the difficult task of

trying large number of combinations.

Thus, security is closely related to the length of

the key. Key length is usually given in bits. A key

of n bits has 2n possible values.

Depending on the cipher, today's commercial

computers are able to try roughly a few trillion

keys per second or0.4583 * 1020keys per year.

The table below lists the number of keys and theestimate time it takes to break a key for various

key lengths using conventional computers and

contemporary ciphers.

Key length in bits Number of keys Time to break Keys

24 0

32 4.3 billion 2.9 millisecond

40-DES 1.1 trillion 0.75 seconds

56 - Current US export

limit

7.2 thousand trillion1.37hours

64 1.8 million trillion 14.33 days

128 - Advanced

Encryption Standard

(AES)

3.4* 10 38

[34 followed by 37

zeros]

7.2 million trillion

years

256

1.1 * 1077

[11 followed by 76

zeros]

2.4* 1057 years

[24 followed by 56

zeros]

5121.3* 10 154

[13 followed by 153

zeros]

2.8 * 10133 years

[28 followed by 132

zeros]

Key size, number of keys and time to break:

1024 1.8 * 10308 4 * 10285 years


19/23

Hacking (Key Breaking) Speed of a standard

powerful computerDuration No. of Keys

Generated / Recognize

Per Second 14.5 * 1011

Per Hour 52.32 * 1014

Per Day 1.256 * 1017

Per Year (11/24) * 1020

= 0.4583 * 1020


20/23

Encryption Algorithm/Protocol

Public-Key Algorithm:

RSA (Rivest-Shamir-Adelman)

Diffie-Hellman Algorithm

PGP (Pretty Good Privacy)

ECC (Elliptic Curve Cryptography)

Private-Key Algorithm:

DES (Data Encryption Standard) /

3DES

RC4

IDEA (International Data

Encryption Algorithm)

Encryption Protocol:

SSL (Secure Socket Layer) Developed by Netscape Communication Ltd.

SET (Secure Electronic Transaction) Developed by Visa and Master Card

Corp.

** Different Algorithm uses diff. length of Keys ranges 40 1024 / 2048. The

longer the key string digits, the more time requires and the more difficult the

encrypted data is to break. But the transaction speed will be slower.

* 3DES is more secure than DES because it uses DES algorithm 3 times and

follows an enc-dec-enc sequence with 3 different unrelated keys.


21/23

security for e-payments

types of encryption systems

symmetric (private key)

same key used to encrypt and decrypt plain text

shared by sender and receiver

asymmetric (public key)

different keys used public key to encrypt message

private key to decrypt it

public key encryption systems

have needed long keys (512-1024 bits) to ensure security but long keys slow down encryption and decryption

RSA algorithm most common PK encryption algorithm

Rijndael algorithm uncrackable with 128-bit key


22/23

digital signatures and certificates

digital signatures needed for authenticity and nonrepudiation

analogous to handwritten signature

based on public keys

used to:

authenticate the identity of the sender of a message or

document ensure the original content of the electronic message or

document is unchanged

portable and can be time stamped

not easily imitated or repudiated

digital certificates identifying the holder of a public key (key-exchange)

issued by a trusted certificate authority (CA)


23/23

public key encryption and digital signatures

E Turban et al.,Electronic Commerce- a Managerial Perspective (Prentice Hall, 2nd ed, 2002), Ch. 14.

cryptography pki encryption

Documents