Basics of Cryptography and Cybersecurity Protecting Against Harm - - PowerPoint PPT Presentation

Basics of Cryptography and Cybersecurity

Protecting Against Harm That May Come via Network Access

Security Goal: Confidentiality

q Suppose you are a customer using a credit card to

• rder an item from a website

q Threat:

• An adversary may eavesdrop on your network

communication, reading your messages to obtain your credit card information

q Solution:

• Encrypt your message to keep the content secret
• A protocol that does so is said to provide confidentiality

Security Goal: Data Integrity

q Confidentiality is not enough q Threat:

• An adversary cannot read the contents of your encrypted

message, but is still able to change a few bits in it

• This may result in a valid order for, say, a completely

different item or perhaps 100 units of the item

q Solution:

• Enable the receiver to detect message tempering
• A protocol that does so is said to provide data integrity

Security Goal: Authentication

q Another threat to the customer is unknowingly being

directed to a false website

q Threat:

• This can result from a Domain Name System attack, in which

false information is entered to locate a server

• This leads to translating a correct URL into the address of a

false website

q Solution:

• Ensure that you really talk to whom you think you’re talking
• A protocol that does so is said to provide authentication

Background:

Symmetric (private) Key Cryptography Asymmetric (public) Key Cryptography

Modern Cryptography

q

Encryption uses encryption key Ke

q

Decryption uses decryption key Kd

encrypt 0110111010010001 key Ke decrypt 1001001100111010 key Kd The quick brown fox

plaintext

4f60ce544b43c13f1d

ciphertext

q

Encryption and decryption keys are mathematically related:

Decrypt(Encrypt (plaintext, Ke), Kd) = plaintext The quick brown fox

plaintext

4f60ce544b43c13f1d

ciphertext

Principles of Cryptography

q Cipher:

• should be public (inspires trust that the algorithm works)

q Key:

• should be secret (at least part of it)
• should be long enough to prevent breaking of the encryption
• should be short enough to keep algorithm efficient

q Symmetric key ciphers:

• sender, receiver keys are identical and private

q Public-key ciphers:

• encryption key public, decryption key secret (private)

Symmetric (Private) Key Cryptography

q Same (symmetric) key used for encryption / decryption

encrypt 0110111010010001 key K The quick brown fox 4f60ce544b43c13f1d decrypt

Symmetric (Private) Key Cryptography

q Same (symmetric) key used for encryption / decryption

encrypt 0110111010010001 key K The quick brown fox 4f60ce544b43c13f1d same key K The quick brown fox 4f60ce544b43c13f1d decrypt

Asymmetric (Public) Key Cryptography

q

Sender, receiver do not share secret key

q

Each uses a pair of related keys (private, public)

q

Private decryption key known only to receiver

q

Public encryption key known to all

The quick brown fox encrypt 0110111010010001 key Kpublic 4f60ce544b43c13f1d 4f60ce544b43c13f1d decrypt 1001001100111010 key Kprivate The quick brown fox

q

Any text encrypted with Kpublic can be decrypted with Kprivate

q

Any text encrypted with Kprivate can be decrypted with Kpublic

Review: Hash Functions

hash function H The quick brown fox... 85d013f4 hash function H The quick red fox... ad917c7f

q H(m) has fixed-length, regardless of the length of m q H is a one-way function that produces a message digest

• One-way property: can’t recover m from H(m)
• Small change in m induces a big change in H(m)

Message m Message Digest H(m) q Map data of arbitrary size to data of fixed size

Confidentiality Example

q

Alice wants to send a confidential message M to Bob (that no

• ne else could read). What should Alice send Bob?

q

Solution using a symmetric key cryptography:

q

Solution using a public key cryptography:

Authenticity Example

q

Alice wants to send a message M to Bob. Bob wants to check that the message comes from Alice, not an impostor. What should Alice send Bob?

q

Solution using public key cryptography:

Data Integrity Example

q

Alice wants to send a message M to Bob. Bob wants to check that the message from Alice hasn’t changed while in transit. What should Alice send Bob?

Digital Signatures

q

Digital signatures are used to validate the authenticity and integrity of a message, software or digital document

q

To create a digital signature:

• Create a one-way hash of the electronic data to be signed
• Encrypt the hash with the private key

How Do Digital Signatures Work?

Hey, can you send me my banking information, please sign it so I know someone isn’t lying to me! Alice Trudy

What Does Trudy Do?

Alice’s Bank Statement

Now Trudy has two things to send Alice, a message and a digital signature.

Alice’s Bank Statement

01101101 10110101 10110100 11010110

Hash Function H D i g e s t Encrypt with bank’s private key

01101101 10110101

S i g n a t u r e A digest encrypted with a private key is called a digital signature.

How Do Digital Signatures Work?

Hey, can you send me my banking information, please sign it so I know someone isn’t lying to me! Alice Trudy Alice’s Bank Statement

01101101 10110101

How Does Alice Verify?

Alice’s Bank Statement

01101101 10110101

They match! So someone who knew the bank’s private key must have signed the document! S i g n a t u r e Decrypt with bank’s public key

10110100 11010110

D i g e s t

10110100 11010110

Hash Function H D i g e s t q Issue:

• How does Alice know the bank’s public key?
• What if Trudy generates his own (private, public) key, then sends

the public key to Alice claiming to be the bank’s public key?

Authentication of Public Keys

q Algorithms to generate a matched pair of public and private

keys are publicly known

q How can Alice guarantee that the public key really belongs to

the bank?

q Solution is the public key certificate

• Statement specifying the key and identity
• Signed by a Certification Authority

Certification Authority (CA)

q Trusted entity that issues public-key certificates

• A public-key certificate, or simply a certificate, is a signed

statement binding a public key to an identify

q Certification Authority

• Binds a public key to an entity and issues a certificate
• The CA itself has a well-known public key
• The CA signs the certificate with its private key

Public Key Infrastructure and Certificates

Authenticity of public keys depends on the authenticity of CA’s public key, PKverisign

Verisign’s private key

amazon.com (subject ID) and public key Hash function Signature function Sent to

• nline

customer CA: Verisign CA’s certificates are installed by Microsoft, Apple, Firefox, etc.

Verify Amazon’s certificate using PKverisign

q

To be able to do business, amazon gets a public key certificate from Verisign

q

If Alice wants to shop on amazon, amazon sends its certificate to Alice

q

Verisign’s public key is already preinstalled in Alice’s browser

Click here for Security Info

Unencrypted Connection

Encrypted Connection

Signed by Symantec

The quick brown fox... hash function 85d013f4 85d013f4 encrypt 0110111010010001 key Kprivate a3ff369b The quick brown fox... a3ff369b a3ff369b decrypt 0110111010010001 key Kpublic 85d013f4 The quick brown fox... hash function 85d013f4

OK

The quick red fox... The quick red fox... ad917c7f

Bad!

digest signature signature digest

Review: Digital Signature