1 / 35

Management Information Systems

CLARK UNIVERSITY College of Professional and Continuing Education (COPACE). Management Information Systems. Lection 05 Coding and encryption. Plan. Со ding Encryption. Information security.

zudora
Télécharger la présentation

Management Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CLARK UNIVERSITY College of Professional and Continuing Education (COPACE) Management Information Systems Lection 05 Coding and encryption

  2. Plan • Соding • Encryption

  3. Information security • Information security (sometimes InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)

  4. Basic terms • IT Security(sometimes computer security) is information security when applied to technology (most often some form of computer system). • IT security specialists are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.

  5. Basic terms • Information Assurance = The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to; natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. • One of the most common methods of providing information assurance is to have an off-site backup of the data

  6. Basic terms • The CIA triad (confidentiality, integrity and availability) is one of the core principles of information security. • Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems. • Integritymeans that data cannot be modified undetectably. • The information must be available when it is needed (the computing systems used to store the information, the security controls are used to protect it, and the communication channels are used to access it, and it all must be functioning correctly).

  7. Coding and encryption • Are the terms “coding” and “encryption” synonyms?

  8. Coding and encryption Transformation of information Encryption may leave the old form, but changes, masks the contents. In order to read it is not enough to know only the algorithm, we must know the key Coding changes the form, but leaves the same content. For reading we must know the algorithm and coding table

  9. Coding • Codeis a rule of conformity of the characters of a set X to characters of another set Y. • Coding (encoding) is the process of converting characters (words) of the alphabet X to the characters (words) of the alphabet Y.

  10. Coding • If for each character X it corresponds a separate character Y, then it is called coding. • If for each character Y it is uniquely found on some rule his prototype X, then it is called decoding.

  11. Coding • Example If each color is coded: by 2 bits, then we can code not more then 22= 4 colors, by 3bits, then we can code not more then 23= 8 colors, by 8 bits (= 1 byte), then we can code not more then 256 color.

  12. Encryption Open text is a message, the text of which is necessary to make incomprehensible for outsiders. Cipher is a set of invertible transformations of the set of the possible open data into the set of possible ciphertext carried out according to certain rules with the use of keys.

  13. Encryption • Encryption is the process of applying the cipher to the protected information, i.e. the transformation of the protected information in an encrypted message with the help of certain rules contained in the cipher.

  14. Encryption Original message: “A”Encrypted message: “B”Rule for encryption: “f”Encrypting scheme: f(A)=B The encryption rule “f” cannot be arbitrary. It should be such that having the encrypted text “B” we could uniquely recover the open message using the rule “g”.

  15. Encryption • Decryption is the process of reversing the encryption, i.e. the conversion of encrypted messages in the original information with the help of certain rules contained in the cipher.Rule for decryption: “g”Decrypting scheme: g(B)=A

  16. Encryption • Key is a specific secret status of a particular parameter (parameters), providing a choice of one transformation among all possible transformations for the encryption. • Key is an interchangeable element of the cipher.

  17. Encryption If “k” is a key, then f(k(A)) = B For each key “k”, the transformation f(k) should be reversible, that is,g(k(B)) = A

  18. The difference between coding and encryption • There is not a secret key while coding, as the coding aims to only a more concise and compact presentation of the message.

  19. Cryptology is a field of secret communications Cryptology «cryptos» - secret «logos» - word Cryptanalysis The science about the opening of ciphers Cryptography The science about the creation of ciphers

  20. Classification of crypto algorithms The basic scheme of classification:Cryptogram and Cryptography with a keyBy the nature of the key:Symmetric and AsymmetricBy the nature of the impacts on the data:Permutation and SubstitutionDepending on the size of the block of information:Stream and Block

  21. Symmetric cryptography • If in a process of exchanging information we use the same key for the encryption and the decryption of information, then this cryptographic process is called symmetric.

  22. Disadvantages of symmetric encryption • The necessity in a secure communication channel for transferring the key. Example: Let us consider the payment of the client's goods or services by a credit card. The trading company must create one key for each customer and somehow give them the keys. It is very inconvenient.

  23. Asymmetric cryptography • It is used two keys: public and private. • In fact it is like two halves of one whole key associated with each other

  24. Asymmetric cryptography • The keys are working so that a message encrypted by the one half of the key, can be decrypted only by the other half of the key (not by that one, which it was encoded). • Creating a pair of keys, the company widely distributes the public key and securely stores the secret key.

  25. Asymmetric cryptography • Public key and private key constitute a certain sequence. • The public key can be published on the server, from where everyone can get it. If the client wants to make an order in a company, he must take the public key and use it to encrypt the message about his order and his credit card. • After encrypting this message can be read only by the owner of the private key. None of the actors in the chain, in which the information is transferring, can do that. • Even the sender can't read his own message. Only the recipient can read the message, because only he has the secret key, supplementing the used public key.

  26. Asymmetric cryptography Example: • If a company have to send to the client a receipt that the order is accepted for execution, then it encrypts this receipt by the private key. • The client is able to read the receipt, using the public key of that company. • The client can be sure that the receipt was sent by that company, because nobody else has an access to the private key.

  27. The principle of the adequacy of the protection • There is no need to hide the public key for encryption algorithms. Usually it is accessible, often it is widely published. • The knowledge of the algorithm does not yet mean the possibility to reconstruct the key in a reasonable time.

  28. The principle of the adequacy of the protection • The protection of information is considered sufficient if the cost of its overcoming exceeds the expected value of the information itself. • The protection is not absolute and the methods of its overcoming are known, but it is still sufficient to make this event inappropriate. • When the other means to get the encrypted information in a reasonable time appear, then the principle of the algorithm is changing, and the problem is repeated at a higher level.

  29. Cryptanalysis • The search of the secret key is produced not only by the method of simple exhaustive search. • There are special methods for this purpose, they are based on the study of the peculiarities of interaction between the public key and the specific data structures. • The area of science, dedicated to these researches, is called cryptanalysis.

  30. Cryptanalysis • The average time required for the reconstruction of the private key on the published public key, is called crypto resistance of the encryption algorithm.

  31. Cryptanalysis • In Russia for using in state and commercial organizations only those encryption software products are permitted, which have passed the state certification, in particular, in the Federal Agency for government communications and information of the President of Russian Federation.

  32. Electronic signature • The client gives instructions to the bank about the transfer of his money on the accounts of other persons and organizations. However, how can the bank know that the instruction was received by that client, not by some attacker? • This problem is solved with the help of the electronic signature.

  33. Electronic signature • While creating an electronic signature two keys are created: public and private. • The public key is transmitted to the bank. • Now you have to send an order to the Bank for the operation with a current account, it is encrypted with the public key of the Bank, and the signature is encrypted with the secret key. • The Bank does vice versa. • If the signature can be read then it is 100% proof of the authorship of the sender.

  34. The principle of Kirchhoff • All modern cryptosystems are built on the principle Kirchhoff: the secrecy of encrypted messages is determined by the secrecy of the key. • Even if the encryption algorithm is known to a cryptanalyst, nevertheless he won’t be able to decrypt the message without the relevant key.

  35. The principle of Kirchhoff • All classical ciphers correspond to this principle and designed in such a way that there is no way to break them only by the exhaustive search of the whole key space, that is, by the trying all possible key values. • It is clear that the resistance of such codes is determined by the amount of the used key.

More Related