KEMBAR78
Cryptographic Tools Overview | PDF | Cryptography | Public Key Cryptography
Scribd
Upload
113 views25 pages

Cryptographic Tools Overview

This chapter discusses cryptographic tools including symmetric encryption algorithms like DES and AES for encrypting data, hash functions like SHA for message authentication, public key encryption for confidentiality and digital signatures, and the importance of random numbers. It covers attacking methods like cryptanalysis and brute force attacks. An example is given of encrypting stored data for confidentiality.

Uploaded by

krishnakumar velapan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
113 views25 pages

Cryptographic Tools Overview

This chapter discusses cryptographic tools including symmetric encryption algorithms like DES and AES for encrypting data, hash functions like SHA for message authentication, public key encryption for confidentiality and digital signatures, and the importance of random numbers. It covers attacking methods like cryptanalysis and brute force attacks. An example is given of encrypting stored data for confidentiality.

Uploaded by

krishnakumar velapan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Computer Security:

Principles and Practice


Chapter 2 – Cryptographic Tools

First Edition
by William Stallings and Lawrie Brown

Lecture slides by Lawrie Brown


Cryptographic Tools

 cryptographic algorithms important


element in security services
 review various types of elements
 symmetric encryption
 public-key (asymmetric) encryption
 digital signatures and key management
 secure hash functions
 example is use to encrypt stored data
Symmetric Encryption
Attacking Symmetric
Encryption
 cryptanalysis
 rely on nature of the algorithm
 plus some knowledge of plaintext
characteristics
 even some sample plaintext-ciphertext pairs
 exploits characteristics of algorithm to deduce
specific plaintext or key
 brute-force attack
 try all possible keys on some ciphertext until
get an intelligible translation into plaintext
Exhaustive Key Search
Symmetric Encryption
Algorithms
DES and Triple-DES
 Data Encryption Standard (DES) is the
most widely used encryption scheme
 uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
 concerns about algorithm & use of 56-bit key
 Triple-DES
 repeats basic DES algorithm three times
 using either two or three unique keys
 much more secure but also much slower
Advanced Encryption
Standard (AES)
 needed a better replacement for DES
 NIST called for proposals in 1997
 selected Rijndael in Nov 2001
 published as FIPS 197
 symmetric block cipher
 uses 128 bit data & 128/192/256 bit keys
 now widely available commercially
Block
verses
Stream
Ciphers
Message Authentication
 protects against active attacks
 verifies received message is authentic
 contents unaltered
 from authentic source
 timely and in correct sequence
 can use conventional encryption
 only sender & receiver have key needed
 or separate authentication mechanisms
 append authentication tag to cleartext message
Message Authentication Codes
Secure Hash Functions
Message
Auth
Hash Function Requirements
 applied to any size data
 H produces a fixed-length output.
 H(x) is relatively easy to compute for any given x
 one-way property
 computationally infeasible to find x such that H(x) = h
 weak collision resistance
 computationally infeasible to find y ≠ x such that
H(y) = H(x)
 strong collision resistance
 computationally infeasible to find any pair (x, y) such
that H(x) = H(y)
Hash Functions
 two attack approaches
 cryptanalysis
• exploit logical weakness in alg
 brute-force attack
• trial many inputs
• strength proportional to size of hash code (2n/2)
 SHA most widely used hash algorithm
 SHA-1 gives 160-bit hash
 more recent SHA-256, SHA-384, SHA-512
provide improved size and security
Public Key Encryption
Public Key Authentication
Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public
key to encrypt messages
3. computationally easy for receiver knowing private
key to decrypt ciphertext
4. computationally infeasible for opponent to
determine private key from public key
5. computationally infeasible for opponent to
otherwise recover original message
6. useful if either key can be used for each role
Public Key Algorithms
 RSA (Rivest, Shamir, Adleman)
 developed in 1977
 only widely accepted public-key encryption alg
 given tech advances need 1024+ bit keys
 Diffie-Hellman key exchange algorithm
 only allows exchange of a secret key
 Digital Signature Standard (DSS)
 provides only a digital signature function with SHA-1
 Elliptic curve cryptography (ECC)
 new, security like RSA, but with much smaller keys
Public Key Certificates
Digital
Envelopes
Random Numbers
 random numbers have a range of uses
 requirements:
 randomness
 based on statistical tests for uniform distribution
and independence
 unpredictability
 successive values not related to previous
 clearly true for truly random numbers
 but more commonly use generator
Pseudorandom verses
Random Numbers
 often use algorithmic technique to create
pseudorandom numbers
 which satisfy statistical randomness tests
 but likely to be predictable
 true random number generators use a
nondeterministic source
 e.g. radiation, gas discharge, leaky capacitors
 increasingly provided on modern processors
Practical Application:
Encryption of Stored Data
 common to encrypt transmitted data
 much less common for stored data
 which can be copied, backed up, recovered
 approaches to encrypt stored data:
 back-end appliance
 library based tape encryption
 background laptop/PC data encryption
Summary
 introduced cryptographic algorithms
 symmetric encryption algorithms for
confidentiality
 message authentication & hash functions
 public-key encryption
 digital signatures and key management
 random numbers

You might also like