logging in or signing up pen4security Ubert Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 422 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: January 12, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: kapras71 (16 month(s) ago) GOOD Saving..... Post Reply Close Saving..... Edit Comment Close By: kusum_cs (43 month(s) ago) nice........... Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Security and Encryption: Security and Encryption Pendar Presentation Kiarash Narimani Outline: Outline Why Do We Need Security? Security Attacks and Services Encryption Classical Encryption Techniques Substitution,Transposition What Is Mathematically Secure? Practical Problems Computational SecurityOutline: Outline Conventional Encryption DES, Triple DES, AES Public Key The RSA Algorithm Elliptic Curve Cryptography (ECC)Why Do We Need Security?: Why Do We Need Security? Top Secret Information Governmental Conversations Military Information Critical Orders, Military arrangments Private Information Business Conversations Personal Information Credit Card Number, Bank Account NumberSecurity Attacks: Security AttacksSecurity Services: Security Services Confidentiality Prevents the release of any user data transmitted Authentication Ensures the parties in the communication are really who they say Integrity Detects any change or corruption in the message Non-repudiation Prevents either sender or receiver from denying a transmitted message Security Services (cont’d): Security Services (cont’d) Confidentiality Nobody else knows what you are talking about Encryption is employed to hide the informationSecurity Services (cont’d): Security Services (cont’d) Authentication Ensures the other party is really who she says Authentication algorithms (hash functions, …)Security Services (cont’d): Security Services (cont’d) Integrity The message has not been changed Integrity check (electronic signatures, hash functions)Security Services (cont’d): Security Services (cont’d) Non-repudiation The other party can not deny the massages that he has sent Certificates, electronic signatures You promised that you’d marry me! Wasn’t me!Encryption: Encryption It provides confidentiality It protects the contents of the message from the interception and eavesdroppingPrinciple: Principle It should be very hard (impossible) to find out the message without knowing the key It should be very easy (and fast) to find out the message knowing the keyClassical Encryption Techniques: Classical Encryption Techniques Substitution techniques The letters of the message are replaced by other letters or by numbers or symbols. Transposition techniques Performing some sort of permutation on the messages lettersCaesar Cipher: Caesar Cipher The earliest known use of a substitution cipher was by Julius Caesar. message: meet me after the party cipher: phhw ph diwhu wkh sduwb C= (m+3) mod 26 C= (m+k) mod 26Breaking Caesar Cipher: Breaking Caesar Cipher ibbiks mvmug inbmz uqlvqopb jccjlt nwnvh jocna vrmwrpqc kddkmu oxowi kpdob wsnxsqrd leelnv pypxj lqepc xtoytrse mffmow qzqyk mrfqd yupzustf nggnpx rarzl nsgre zvqavtug ohhoqy sbsam othsf awrbwuvh piiprz tctbn puitg bxscxvwi qjjqsa uduco qvjuh cytdywxj rkkrtb vevdp rwkvi dzuezxyk sllsuc wfweq sxlwj eavfayzl tmmtvd xgxfr tymxk fbwgbzam unnuwe yhygs uznyl gcxhcabn voovxf zizht vaozm hdyidbco wppwyg ajaiu wbpan iezjecdp xqqxzh bkbjv xcqbo jfakfdeq yrryai clckw ydrcp kgblgefr zsszbj dmdlx zesdq lhcmhfgs attack enemy after midnight buubdl fofnz bgufs njeojhiu cvvcem gpgoa chvgt okfpkijv dwwdfn hqhpb diwhu plgqljkw exxego iriqc ejxiv qmhrmklx fyyfhp jsjrd fkyjw rnisnlmy gzzgiq ktkse glzkx sojtomnz haahjr lultf hmaly tpkupnoa Monoalphabetic Cipher: Monoalphabetic Cipher Use any permutation of the 26 alphabetic characters a b c d e f g h i j k l m n o p q r s t u v w x y z q e r y u i o p a s d f g w h j k l z x c v b n m t under attack we need help cwyulqxxqrdbuwuuypufjFrequency of Letters in English: Frequency of Letters in EnglishPolyalphabetic Cipher: Polyalphabetic Cipher Using different monoalphabetic substitution message: wearediscoveredsaveyourself key: deceptivedeceptivedeceptive Ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJTransposition: Transposition Performing sort of permutation on the message letters message: meet me after the toga party m e m a t r h t g p r y e t e f e t e o a a t Ciphertext: MEMATRHTGPRYETEFETEOAAT Rotor Machines: Rotor Machines German Enigma Machine: German Enigma MachineWhat is mathematically secure?: What is mathematically secure? One-pad key Key should be statistically random P(ki=1) = 0.5 P(ki=0) = 0.5 Secure channel Practical Problems: Practical Problems Generating a fully random key is practically very hard (sometimes impossible). To ensure the security of the system, key size should not be less than message size. Sending a not repeated key in same size of the message through a secure channel to the receiver is impossible.Computational Security: Computational Security An encryption scheme is secure if it takes very long time to break the ciphertext “Lifetime” is defined in each application, for example: Military orders = 1 hour to 3 years Check transaction = 1 year Business agreement = 10-15 yearsGood News: Good News With enough number of the substitution and transposition modules we can make a strong encryption schemeData Encryption Standard (DES): Data Encryption Standard (DES) input (2w bits) F w bits round key nonlinear functionDES: DES Block size 64 bits Key size 56 bits Encryption Decryption PermutationTriple DES: Triple DES DES DES DES ka kb ka message cipherAdvanced Encryption Standard (AES): Advanced Encryption Standard (AES) Block size & key size 128, 192 or 256 Number of rounds: 9, 11 or 13Public Key: Public Key Asymmetric key Two keys: Public key (encryption) Private key (decryption) Trapdoor one-way function Having fk(m) it is so hard to find either k or mTrap door one-way functions: Trap door one-way functions m, ke Eke (m) It is computationally impossible to find out what are k and m when knowing Ek(m) Dkd ( Eke (m) ) = m kd = kePrinciple (cont’d): Principle (cont’d) _B_ _A_ m Private kd , D(.) Eke (m) Eke (m) m = Dkd (Eke (m)) Public A: ke , E(.)RSA principle: RSA principle Ee(m) = me mod (pq) (p and q are large prime numbers) Knowing me and e, it is “infeasible” to calculate m without knowing p and q Knowing e, p and q it is easy to find d such that med = m mod (pq) e public key d private key RSA (cont’d): RSA (cont’d) private key: da , p, q receive c m = cda mod pq m c = mea mod pq Public ea , pq A_ B_ Elliptic Curve Cryptography: Elliptic Curve Cryptography y2=x3+ax+b Addition DoublingECC principle: ECC principle If Q = k.P and Q and P are known, it is “infeasible” to find k. We can find ke and kd such that kd ke P = P The message can be represented in form of a point on the Elliptic Curve message MECC (cont’d): ECC (cont’d) private key: kA,d receive (Q, R) Calculate Q - kA,dR private key: kB,d m M (M+ kB,d P, kA,e kB,d P) Public P , kA,e , kB,e A_ B_ Conclusion: Conclusion Security Services and Attacks Historical Approach to Classical cryptography Conventional Encryption DES, 3-DES, AES Public Key RSA, ECCReferences: References “Cryptography and Network Security:Principles and Practice ”, William Stallings (Prentice Hall) “ECC Online tutorial ”, Certicome website, http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html “Cryptography : theory and practice ”, Douglas Robert Stinson (CRC press series)Steganography: Steganography Historical approach Character marking Selected letters of printed or typewritten text are over written in pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright light. Invisible ink A number of substances are used for writing but leave no visible trace until heat or some chemical is applied to the paper. Historical approach Pin puncture Small pin puncture on selected letters are ordinarily not visible unless the paper is held up in front of a light. Typewriter correction ribbon Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light. What Is Secure Communication?: What Is Secure Communication? Ensures transmitter (sender) that only the addressed receiver is able to read the message Ensures receiver that the received message was sent by expected sender and it is not changed during the transmissionECC (cont’d): ECC (cont’d) Example of scalar multiplication Example of finding k Example of mapping an Elliptic curve to GF(2m) You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
pen4security Ubert Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 422 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: January 12, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: kapras71 (16 month(s) ago) GOOD Saving..... Post Reply Close Saving..... Edit Comment Close By: kusum_cs (43 month(s) ago) nice........... Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Security and Encryption: Security and Encryption Pendar Presentation Kiarash Narimani Outline: Outline Why Do We Need Security? Security Attacks and Services Encryption Classical Encryption Techniques Substitution,Transposition What Is Mathematically Secure? Practical Problems Computational SecurityOutline: Outline Conventional Encryption DES, Triple DES, AES Public Key The RSA Algorithm Elliptic Curve Cryptography (ECC)Why Do We Need Security?: Why Do We Need Security? Top Secret Information Governmental Conversations Military Information Critical Orders, Military arrangments Private Information Business Conversations Personal Information Credit Card Number, Bank Account NumberSecurity Attacks: Security AttacksSecurity Services: Security Services Confidentiality Prevents the release of any user data transmitted Authentication Ensures the parties in the communication are really who they say Integrity Detects any change or corruption in the message Non-repudiation Prevents either sender or receiver from denying a transmitted message Security Services (cont’d): Security Services (cont’d) Confidentiality Nobody else knows what you are talking about Encryption is employed to hide the informationSecurity Services (cont’d): Security Services (cont’d) Authentication Ensures the other party is really who she says Authentication algorithms (hash functions, …)Security Services (cont’d): Security Services (cont’d) Integrity The message has not been changed Integrity check (electronic signatures, hash functions)Security Services (cont’d): Security Services (cont’d) Non-repudiation The other party can not deny the massages that he has sent Certificates, electronic signatures You promised that you’d marry me! Wasn’t me!Encryption: Encryption It provides confidentiality It protects the contents of the message from the interception and eavesdroppingPrinciple: Principle It should be very hard (impossible) to find out the message without knowing the key It should be very easy (and fast) to find out the message knowing the keyClassical Encryption Techniques: Classical Encryption Techniques Substitution techniques The letters of the message are replaced by other letters or by numbers or symbols. Transposition techniques Performing some sort of permutation on the messages lettersCaesar Cipher: Caesar Cipher The earliest known use of a substitution cipher was by Julius Caesar. message: meet me after the party cipher: phhw ph diwhu wkh sduwb C= (m+3) mod 26 C= (m+k) mod 26Breaking Caesar Cipher: Breaking Caesar Cipher ibbiks mvmug inbmz uqlvqopb jccjlt nwnvh jocna vrmwrpqc kddkmu oxowi kpdob wsnxsqrd leelnv pypxj lqepc xtoytrse mffmow qzqyk mrfqd yupzustf nggnpx rarzl nsgre zvqavtug ohhoqy sbsam othsf awrbwuvh piiprz tctbn puitg bxscxvwi qjjqsa uduco qvjuh cytdywxj rkkrtb vevdp rwkvi dzuezxyk sllsuc wfweq sxlwj eavfayzl tmmtvd xgxfr tymxk fbwgbzam unnuwe yhygs uznyl gcxhcabn voovxf zizht vaozm hdyidbco wppwyg ajaiu wbpan iezjecdp xqqxzh bkbjv xcqbo jfakfdeq yrryai clckw ydrcp kgblgefr zsszbj dmdlx zesdq lhcmhfgs attack enemy after midnight buubdl fofnz bgufs njeojhiu cvvcem gpgoa chvgt okfpkijv dwwdfn hqhpb diwhu plgqljkw exxego iriqc ejxiv qmhrmklx fyyfhp jsjrd fkyjw rnisnlmy gzzgiq ktkse glzkx sojtomnz haahjr lultf hmaly tpkupnoa Monoalphabetic Cipher: Monoalphabetic Cipher Use any permutation of the 26 alphabetic characters a b c d e f g h i j k l m n o p q r s t u v w x y z q e r y u i o p a s d f g w h j k l z x c v b n m t under attack we need help cwyulqxxqrdbuwuuypufjFrequency of Letters in English: Frequency of Letters in EnglishPolyalphabetic Cipher: Polyalphabetic Cipher Using different monoalphabetic substitution message: wearediscoveredsaveyourself key: deceptivedeceptivedeceptive Ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJTransposition: Transposition Performing sort of permutation on the message letters message: meet me after the toga party m e m a t r h t g p r y e t e f e t e o a a t Ciphertext: MEMATRHTGPRYETEFETEOAAT Rotor Machines: Rotor Machines German Enigma Machine: German Enigma MachineWhat is mathematically secure?: What is mathematically secure? One-pad key Key should be statistically random P(ki=1) = 0.5 P(ki=0) = 0.5 Secure channel Practical Problems: Practical Problems Generating a fully random key is practically very hard (sometimes impossible). To ensure the security of the system, key size should not be less than message size. Sending a not repeated key in same size of the message through a secure channel to the receiver is impossible.Computational Security: Computational Security An encryption scheme is secure if it takes very long time to break the ciphertext “Lifetime” is defined in each application, for example: Military orders = 1 hour to 3 years Check transaction = 1 year Business agreement = 10-15 yearsGood News: Good News With enough number of the substitution and transposition modules we can make a strong encryption schemeData Encryption Standard (DES): Data Encryption Standard (DES) input (2w bits) F w bits round key nonlinear functionDES: DES Block size 64 bits Key size 56 bits Encryption Decryption PermutationTriple DES: Triple DES DES DES DES ka kb ka message cipherAdvanced Encryption Standard (AES): Advanced Encryption Standard (AES) Block size & key size 128, 192 or 256 Number of rounds: 9, 11 or 13Public Key: Public Key Asymmetric key Two keys: Public key (encryption) Private key (decryption) Trapdoor one-way function Having fk(m) it is so hard to find either k or mTrap door one-way functions: Trap door one-way functions m, ke Eke (m) It is computationally impossible to find out what are k and m when knowing Ek(m) Dkd ( Eke (m) ) = m kd = kePrinciple (cont’d): Principle (cont’d) _B_ _A_ m Private kd , D(.) Eke (m) Eke (m) m = Dkd (Eke (m)) Public A: ke , E(.)RSA principle: RSA principle Ee(m) = me mod (pq) (p and q are large prime numbers) Knowing me and e, it is “infeasible” to calculate m without knowing p and q Knowing e, p and q it is easy to find d such that med = m mod (pq) e public key d private key RSA (cont’d): RSA (cont’d) private key: da , p, q receive c m = cda mod pq m c = mea mod pq Public ea , pq A_ B_ Elliptic Curve Cryptography: Elliptic Curve Cryptography y2=x3+ax+b Addition DoublingECC principle: ECC principle If Q = k.P and Q and P are known, it is “infeasible” to find k. We can find ke and kd such that kd ke P = P The message can be represented in form of a point on the Elliptic Curve message MECC (cont’d): ECC (cont’d) private key: kA,d receive (Q, R) Calculate Q - kA,dR private key: kB,d m M (M+ kB,d P, kA,e kB,d P) Public P , kA,e , kB,e A_ B_ Conclusion: Conclusion Security Services and Attacks Historical Approach to Classical cryptography Conventional Encryption DES, 3-DES, AES Public Key RSA, ECCReferences: References “Cryptography and Network Security:Principles and Practice ”, William Stallings (Prentice Hall) “ECC Online tutorial ”, Certicome website, http://www.certicom.com/resources/ecc_tutorial/ecc_tutorial.html “Cryptography : theory and practice ”, Douglas Robert Stinson (CRC press series)Steganography: Steganography Historical approach Character marking Selected letters of printed or typewritten text are over written in pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright light. Invisible ink A number of substances are used for writing but leave no visible trace until heat or some chemical is applied to the paper. Historical approach Pin puncture Small pin puncture on selected letters are ordinarily not visible unless the paper is held up in front of a light. Typewriter correction ribbon Used between lines typed with a black ribbon, the results of typing with the correction tape are visible only under a strong light. What Is Secure Communication?: What Is Secure Communication? Ensures transmitter (sender) that only the addressed receiver is able to read the message Ensures receiver that the received message was sent by expected sender and it is not changed during the transmissionECC (cont’d): ECC (cont’d) Example of scalar multiplication Example of finding k Example of mapping an Elliptic curve to GF(2m)