1 / 23

Data Encryption Techniques

Data Encryption Techniques. Pepperdine Inc. Authored by: David Leonard 02 Feb 2012. Purpose and Basic Terminology Algorithms (General)  Algorithms (Most Popular) Symmetric and Asymmetric Encryption Ciphers  Hashing Digital Signatures Trust Models Conclusion. Basic Terminology.

ghita
Télécharger la présentation

Data Encryption Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Encryption Techniques Pepperdine Inc. Authored by: David Leonard 02 Feb 2012

  2. Purpose and Basic Terminology • Algorithms (General)  • Algorithms (Most Popular) • Symmetric and Asymmetric Encryption • Ciphers  • Hashing • Digital Signatures • Trust Models • Conclusion

  3. Basic Terminology The Purpose of Cryptography: • Confidentiality • Authentication • Integrity • Non-Repudiation Plaintext is the data or message as it exists prior to encryption (ordinary email or readable data). Ciphertextthe same data after it has been encrypted and made unreadable. Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people1. Decryption is the process of converting encrypted data back into its original form, so it can be understood1. Algorithm is a set of instructions that is used with a key to encrypt / decrypt data 1. http://searchsecurity.techtarget.com/definition/encryption

  4. Algorithms (General) • One of the cornerstones to all modern Cryptography • An algorithm is a set of data manipulation instructions that works with a key to produce encrypted information (Cyphertext). • The Security of the data relies on 2 factors • The strength of the Algorithm • The secrecy of the Key

  5. Algorithms (Types) Two Types: • Symmetric – Single Key also known as secret key, One key, shared key, or private key. Normally used to quickly encrypt large block of data. • Both sender and receiver have a common secret key agreed upon through a key exchange agreement • Asymmetric – Two Keys (Public ) • Sender encrypts with a Public Key and the Receiver Decrypts with a Private key. The private Key cannot be compromised by knowing the Public Key, therefore the message cannot be decrypted with the public key.

  6. Symmetric Key Encryption Step 1: Both sender and receiver agree on a shared secret Step 2: Sender Encrypts the message using the shared key and a known algorithm . Step 3: The message is sent to the recipient, who decodes it with the same key. Graphic from: http://msdn.microsoft.com/en-us/library/ff650720.aspx

  7. Asymmetric Key Encryption Step 1: Recipient sends the Sender the Public Key Step 2: Sender Encrypts the message using the Public key. Step 3: The message is sent to the recipient. Step 4: The recipient decodes it with the Private key (Public Key = ½ of a key pair and Private Key = the other ½ of the pair) Graphic from: http://msdn.microsoft.com/en-us/library/ff650720.aspx

  8. Common Symmetric Algorithms

  9. Common Asymmetric Algorithms

  10. Ciphers Block Cipher: This method encrypts plaintext in segments which range in length from 8 to 16 bytes (64 – 128 bits). These segments are called blocks and the standard encryption size is the 64 bit variety. However, these blocks can be augmented to include larger segments called superblocks. • Padding: A technique of supplementing a message entry that does not meet the block-size requirement. Example: If a message of 100 bits in length were encrypted using a 128 bit block cipher format, then an additional 28 bits of dummy information would be added to the message to fulfill the 128 bit requirement. Stream Cipher: A method which encrypts each component (character or digit) of a Key-stream of incoming data individually.

  11. Hash Function • The Hash Function is not normally used to encrypt data for transmission. • Used for data verification. • The hash function takes inputs of variable length and outputs a standard fixed length output • It is a one-way encryption. Once data has been encrypted, it is not meant to be decrypted and the original text is unrecoverable. • The output is called Message Digest or Hash Value • Hashing is subject to the Birthday Paradox where it is mathematically possible generate erroneous random Hash value matches called Collisions • The most popular Hash Functions are the Secure Hash Algorithm (SHA) series and the Message Digest (MD) series. • SHA & MD mitigate the birthday problem and are therefore referred to as Collision Resistant

  12. Hash Function Uses • Message authentication and Integrity Check • They can be used as One-time Passwords • Ensure the uniformity of Software • Used as a Digital signature or Time Stamping

  13. Digital Signatures Digital Signatures are a functional option of Asymmetric Encryption. They perform the following jobs: • Indentify the sender • Provide for Non-Repudiation • Demonstrates the integrity of the message They are usually custom created by hashing the Private Key of the sender.

  14. Digital Signatures Original Message is sent with the Asymmetric Key protocol During the process the message and the Private Key is hashed and sent as well. On the receiving end, the message is hashed and verified against the signature using the Public Key. If there is a match then the message is verified.

  15. Public Key Infrastructure (PKI) PKI is the blueprint for the management of Digital Certificates. This includes the creating, distributing, expiration, escrowing, and revoking of those certificates. Digital Certificates is a technology that is used to authenticate a user’s identity by associating it with a Public Key that has been signed by a third party. They are usually issued by a Certificate Authority (CA) which is an established third party that can authenticate the identities of its members. Thereby entities who are unknown to each other can develop a trust relationship based on the exchange of these certificates.

  16. PKI A Digital Certificate is normally composed of: • The holder’s Public Key • Certificate Serial Number • The holder’s Distinguished Name (DN) • Certificates Validity Period • Unique name of the issuer (CA) • Digital Signature of the issuer • Signature algorithm identifier • Version of the certificate standard

  17. Trust Models (Types) Trust Model: A Trust Model defines the relationship between two or more entities and attempts to ensure a level of confidence in the information passed between those entities. Two Basic Types: • Direct • Third Party There are three types of Third Party verifications examined in this brief. • Single Authority • Hierarchical • Web of Trust Third party trust relationships are normally established by exchanging certificates.

  18. Single Authority Trust Model This the simplest trust arrangement possible. This system has one Certificate Authority which issues Certificates directly to the Users.

  19. Hierarchical Trust Model This model is composed of one main or Root CA that distributes certificates to secondary (intermediate) and possibly tertiary (Leaf) CA’s before they are dispensed to the Users

  20. Web of Trust Model In the Web of Trust model there is no common CA. Individual entities verify and sign the certificates of the other participants and in effect vouch for each other. It is also known as the Mesh or Peer to Peer Model. http://www.youtube.com/watch?v=0VhMiipj3I4

  21. PKI (Terminology) Certificate Authority (CA) – Person or group (trusted third party) that is responsible for issuing certificates to authorized users. Certificate Repository List (CR) – public database of digital certificates that can establish the status / validity of a given cert Certificate Revocation List – public database of all certificates that have been voided. Certificate Expiration – Occurs when a cert’s end of authorization date has been reached signifying that it is no longer valid. It applies to both Private and Public Keys. Certificate Revocation – The cancellation of a cert prior to its expiration date. It is the easiest and most efficient way to deactivate a key. It applies to both Private and Public Keys. Certificate Suspension – Technique used by cert owner who to extend the life of a cert. By suspending it, they avoid revocation based on the cert’s lack of use.

  22. Conclusion: ?

  23. Works Cited: Ciampa, Mark. Security+ Guide to Network Security Fundamentals. Boston: Course Technology Cengage Learning, 2012. Print. Comptia Network+ Certification Vol 1 & 2. Rochester: Element K Press LLC, 2009 Print Frisch, Æleen. Essential SystemAdministration 3rd Edition. Sebastopol: O’Reilly & Associates Publishing, 2002. Print. Garfinkel, Simpson, Gene Spafford, and Alan Schwartz. Practical UNIX and Internet Security 3rd Edition, Sebastopol: O’Reilly & Associates Publishing, 2003. Print. Houseman, Kirk, Diane Barrett, and Martin Weiss. Comptia Security+. Indianapolis: Que Publishing, 2003. Print. Springer, Michael, et al. Comptia Security+ Certification. Boston: Thomson Learning Course Division, 2006.Print.

More Related