1 / 13

Security Through Encryption

Security Through Encryption. Different ways to achieve security of communication data. Keep things under lock and key Physical Encryption Through password protection. Sender, Listener, Eavesdropper. Encryption, Authentication, Non-repudiation. Encryption

yoland
Télécharger la présentation

Security Through Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Through Encryption

  2. Different ways to achieve security of communication data • Keep things under lock and key • Physical • Encryption • Through password protection

  3. Sender, Listener, Eavesdropper

  4. Encryption, Authentication, Non-repudiation • Encryption • Make sure that a message, once encrypted, cannot be read by anyone. Perhaps your grades are mailed to you in this way, and accessible only with a password. • Without a password, message is visible, but looks like junk.

  5. Encryption, Authentication, Non-Repudiation • Authentication • Ensure that a message is sent by authentic person. • For example, ensure that www.bofa.com is actually Bank of America’s website. • Ensure that email is indeed from your friend.

  6. Encryption, Authentication, Non-Repudiation • Non-repudiation • Ensure that the sender cannot claim not to have sent a message that he/she sent. • For example, if you signed an agreement or tax return online, later you cannot claim that it was sent by someone else pretending to be you. • Like if you put your thumbprint on a document.

  7. What is https? • Secure way of browsing • Ensures authenticity of web server that ‘serves’ the web page to the user, or ‘client’. • Encrypts the data so that the data transmissions, in both directions, cannot be read by eavesdropping.

  8. Public Key Cryptography • Symmetric key algorithm • Both sender and receiver have the same key • If I send you my email password by text, and you use it to access my email password, that is the equivalent of a symmetric key algorithm

  9. Asymmetric Key and Encryption Encryption: Anyone can encrypt a message using a public key. Only Alice can retrieve it. Like a mailbox whose location is the public key. Anyone can drop stuff in, but only the owner can retrieve the message. Security depends on the secrecy of the private key. Knowing the public key is not enough to compute the private key.

  10. Diffie_Hellman Key Exchange Can be used for authentication Can be used for a digital signature. Digital signature is like a wax seal on an envelop. Anyone can open the envelop, but the seal means that the sender was the original person – authentication and non-repudiation.

  11. How to ensure that the public key does belong to Alice? • Certificate authority • When you go to a website, the browser has built-in software to check the public key supplied by the site against the key in a registry. • Registry maintained by Symantec etc. (Used to be Verisign) • Once you have a public key of the website, you can create a private key, and generate a shared secret key. Each private key is valid only for one session.

  12. Example of how it works • http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29

More Related