1 / 24

“it is insufficient to protect ourselves with laws; we need to protect ourselves

“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”. Bruce Schneier. Cryptology. Jason Samson Ryan Brander Shawn Greencorn. CS 465 Presentation. November 9,2000. Outline. What is cyrptology? History behind cryptology.

dspence
Télécharger la présentation

“it is insufficient to protect ourselves with laws; we need to protect ourselves

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.” Bruce Schneier

  2. Cryptology Jason Samson Ryan Brander Shawn Greencorn CS 465 Presentation November 9,2000

  3. Outline • What is cyrptology? • History behind cryptology. • Security Threats. • Define convention and public key encryption and compare • the uses of both methods. • Discuss encryption management. • Indicate approaches to incorporating encryption in a network. • Discuss applications of encryption to network security. • Digital Signatures.

  4. What is Cryptology? • the discipline of cryptography and cryptanalysis combined. • Cryptography: encoding of messages into an unintelligible form that can be reversed by mathematical computation. • concerned with 2 aspects: 1. privacy of communication • 2. authenticity of communication • based on problems that are difficult to solve. • ENCRYPTION: fundamental tool at the heart of virtually all • secure mechanisms.

  5. What is Cryptology? (2) Cryptanalysis: the art of breaking or solving code without the key. a.k.a. HACKER • requires study, experience, • perseverance, imagination, • and LUCK!

  6. History • Ancient Greeks 1. Spartans (wound belt around stick) • 2. Caesar (replaced letters with letters 3 places over) • Gabriel Lavinde (1379) - published first manual on cryptography • Cardinal Richelieu (1600’s) - invented the “grille” • Sir Charles Wheatson (1867) - British Scientist • - invented the Wheatson Cipher Device • Etienne Bazaries (1891) - French Cryptologist • - invented the Cylindrical Cipher Device

  7. Security Threats • Passive Attack: • - eavesdropping, monitoring transmissions • - eg. e-mail, file transfers, client/server exchange • Active Attack: • - modification of data • - eg. unauthorized access of computer systems

  8. Methods of Encryption 1. Symmetric (Conventional Encryption) - cryptosystem where encryption/decryption is performed using the same key 2. Assymmetric (Public Key) - cryptosystem where encryption/decryption is performed using 2 keys (public key and private key)

  9. Conventional Encryption 5 step scheme 1. Plaintext: original message 2. Encryption Algorithm: substitutions/transformation 3. Secret Key: shared by sender/recipient 4. Ciphertext:scrambled text 5. Decryption Algorithm: #2 reversed, produces #1 ** see F3.pdf

  10. Conventional Encryption (2) • Approaches for Attacking: • Cryptanalysis: • - exploits characteristics of algorithm attempting to deduce plaintext • or key used. • - EFFECT: all past/future messages using same key are jeopardized. • Brute Force: • - trial & error • - try all possible keys until ciphertext is decrypted. • - avg of 1/2 keys must be tried.

  11. Conventional Encryption (3)

  12. Conventional Encryption (4) DES (Data Encryption Standard) - 1977 - algorithm is referred to as DEA Data Encryption Algorithm - 2 inputs 1. Plaintext (64 bits) 2. Key (56 bits) downfall: potentially vulnerable to brute force attack - July 1998 - EEF (Electronic Frontier Foundation) broke DES using special “DES Cracker” machine - < $250k - 3 days (attack) - decreasing cost of hardware & inc speed made DES worthless

  13. Conventional Encryption (5) Alternative to DEA: TDEA (Triple Data Encryption Algorithm) attractions - 1. 3 distinct keys (168 bits) 2. Algorithm is the same as DEA downfall - sluggish - won’t last long term Alternative to TDEA: AES (Advanced Encryption Standard) - began search in 1997 - must have >= of TDEA more effiecient than TDEA support 128,192,256 bit keys - finalized by Summer 2001

  14. Public Key • First proposed in 1976. • First revolutionary advance in encryption in literally 1000’s of years. • Based on mathematic functions rather than simple ops on bit patterns. • Involves 2 separate keys: Public - for others to use • Private - known only to owner • Advantages in areas of: • - confidentiality • - key distribution • - authentication

  15. Public Key (2) 5 step scheme 1. Plaintext: original message 2. Encryption Algorithm: transformation 3. Public/Private Keys: if one key is used for encryption, the other key is used for decryption 4. Ciphertext:scrambled text 5. Decryption Algorithm: accepts ciphertext & matching key to produce plaintext ** see F5.pdf

  16. Encryption Management • Looks at two issues 1. Where in the communication process encryption Should be carried out. 2. The issues of Key Distribution. • A information network has many locations where security • Threats may occur. • Encryption is one way to counter these threats • Need to decide what to encrypt • Where encryption should be located

  17. Two Alternative’s • Link encryption • each vulnerable communication link is equipped • with an encryption device. • This makes communication links secure. • End To End Encryption • The process is carried out at both the sender • and the receiver ends.

  18. Advantages & Disadvantages Link Encryption: • Advantage • Number of Encryption devices is much smaller • than the number of sender-reciever pairs that use • such a network. • Disadvantage • Part of the message must be decripted each • time it enters the packet switch. • Vunerable at each switch.

  19. Advantages/Disadvantages End-To-End Encrption: • Advantage • Unultered Across The Network To The • Destination Terminal or Host. • Disadvantage • User’s data is secure but the traffic pattern • is not.

  20. Key Distribution • For conventional encryption to work, two parties must have the • the same key and that key must be protected • There are four ways to accomplish this: • 1. Physical delivery • 2. Third party selection and physical delivery • 3. If a party has a current key, transmit the new key encrypted • with the old key • 4. Third party selects a key, encrypts it, then transmits it to the party • Option four leads to KDC (Key Distribution Center)

  21. Key Distribution Center • Two approaches: • One time session key - Used only for the duration of the • of that session. At the conclusion of the session the key is • destroyed • Permanent key - A permanent key is a key used between • entities for the purpose of distributing session keys • Show figure

  22. Digital Signatures What is Digital Signature? • An authentication mechanism that enables the • creator of a message to attach a code that acts • as a signature. • The recipient of the message knows the • message is from the sender.

  23. How Does Digital Signature Work? There are two process: • Digital Signature Creation: • The singner uses a “hash result” derived from, • and unique to, both the signed message and a • given private key. • Digital Signature Verification: • The Reciever references the original message • and a given public Key.

  24. Advantages/Disadvantages of Digital Signatures • Advantages: • More reliable authentication of messages. • Decreases the risk of Hackers. • Decreases the risk of tampering and forgery. • Disadvantages: • Institutional Overhead - High cost to get started. • Subscriber and Relying party costs.

More Related