1 / 14

Encryption: Protecting Your Data While in Transit

Encryption: Protecting Your Data While in Transit. Based on Chapter 18 of William Stallings, Data and Computer Communication, 6 th Ed. Kevin Bolding Electrical Engineering Seattle Pacific University. Living in a Glass House. Public networks are public .

missy
Télécharger la présentation

Encryption: Protecting Your Data While in Transit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption:Protecting Your Data While in Transit Based on Chapter 18 of William Stallings, Data and Computer Communication, 6th Ed. Kevin BoldingElectrical EngineeringSeattle Pacific University

  2. Living in a Glass House • Public networks are public... • Network model is inherently insecure • Passing data to an unreliable third party many times over • Chances for eavesdropping or worse • LANs – may broadcast all packets to all stations within your collision domain • WANs - shared public resources • Service providers • Hackers at every point...

  3. The Need for Encryption • Transmission of sensitive data • Classical use of encryption • Sender encodes data in such a way that only the intended recipient(s) can decipher it • Identity verification • Sender provides a digital signature that cannot be easily produced by any other entity • Receiver can easily verify signature Data encoding and Digital Signatures can be provided using encryption

  4. Goals for an Encryption Scheme • Difficult to break • Probability of breaking the code within any reasonable amount of time should be very small • Fast encoding and decoding • If encoding/decoding is too complex or too slow, users will bypass it • Easy distribution of keys • Secret key distribution can be an issue • Frequent key changes needed for security

  5. Bits in key Time to crack (106 encryptions/s) 32 35.8 min 56 1142 years 128 5.4 x 1024 years 168 5.9 x 1036 years Code Breaking • Assume that the attacker has: • Samples of matched plaintext and ciphertext • Lots of computing power • Knowledge of the plaintext language • Cryptanalysis • Gather information that you can • Size of documents, plaintext/ciphertext pairs, frequency of documents, language • Think really hard • Brute force • Randomly try keys until something works

  6. Sender and all recipients use the same key Plaintext Ciphertext Plaintext Ciphertext Public Network Symmetric Encryption • Sender encrypts plaintext using the common secret key • Encrypted ciphertext is sent over a public channel • Receiver decrypts ciphertext back into plaintext using the common secret key Symmetric Encryption requires that sender and receiver both know the same secret key

  7. DES - Data Encryption Standard • DES – US government standard from 1977-2001 • Symmetric encryption • 56-bit key • Basic idea: Repeatedly XOR and shift XORing - Great for encryption 10001110 plaintext A special DES-cracking machine built by the Electronic Frontier Foundation in 1999 can crack DES in under three days. --> DES is dead xor 01101101key 11100011 ciphertext xor 01101101key 10001110plaintext

  8. Replacing DES • Triple DES (TDEA) • Run DES three times, yielding a key length of 168 bits • Short-term replacement for DES • Advanced Encryption Standard (AES) / Rijndael • US Approved in 2002 • Block algorithm, 128, 192, or 256-bit key • 128-bit approved through US “Secret” • 192+ bits approved for US “Top Secret”

  9. Key Distribution • With symmetric codes, both sender and receiver need to have the secret key • How does the sender safely send the key? • 1. Send it manually via secure courier • Expensive, time-consuming • 2. Send a new key using the previous key • Fine, but what if the old key was compromised? • 3. Use a key distribution center • Sender requests that a session key be sent to both the sender and receiver • Key is used for this session only

  10. Receiver has two matched keys - Public and Private Public key can only encode – private key needed to decode Plaintext Ciphertext Plaintext Ciphertext Public Network Pub Pub Pub Priv Priv Public-Key Encryption • Receiver sends Receiver’s Public Key to the Sender • Sender encrypts plaintext using the Public Key • Encrypted ciphertext is sent over a public channel • Receiver decrypts ciphertext back into plaintext using the Receiver’s Private Key Sender Receiver

  11. RSA Public Key Encryption • Rivest, Shamir, Adleman (1977) • Involves the use of the product of two (large) prime numbers • Public and Private Keys include the above product and some mathematical functions of the prime factors • Cracking the code • Factoring the product will crack the code... • RSA authors (in 1977) predicted a 428-bit code would take 40,000,000,000,000 years to crack • Internet consortium cracked it in 1994 • 1024-bit or more keys are used today...

  12. Public Key Issues • Man-in-the-Middle Imposters • An imposter might send you an encrypted message • Requires sender authentication • RSA is slow • Complicated math, 1024-bit (or more) keys • Symmetric codes are faster • Use a combined public key/symmetric method • Establish a session using public key methods • Send the receiver a session key for a symmetric method • Use the symmetric key for the rest of the session

  13. Plaintext Ciphertextof Hash Plaintext Ciphertextof Hash Public Network Pub Pub Pub Priv Priv Sender Authentication • Sender “encrypts” document using sender’s private key • This document is sent to the receiver • Receiver decrypts signature using sender’s public key • If document is readable, it must have been encrypted using the sender’s private key, which only the sender has access to Sender Receiver

  14. Sender sends document using public key encryption DigitalSignature Ciphertextof DS DigitalSignature Ciphertextof DS Ciphertext Plaintext Ciphertext Plaintext Public Network Pub Pub Pub Pub Priv Priv Public-Key Encryption + Authentication • Sender computes a digital signature of the document using a one-way hash function • Sender sends digital signature of document using authentication methods • Receiver authenticates encrypted message message by confirming that digital signature matches received plaintext Sender Receiver =?

More Related