KEMBAR78
Intro to modern cryptography | PPTX
Uploaded byzahid-mian
PPTX, PDF3,109 views

Intro to modern cryptography

The document discusses the history and concepts of encryption, including ancient encryption methods like hieroglyphs and the Caesar cipher. It then covers modern digital encryption, describing how public/private key encryption works using plaintexts, ciphertexts, encryption/decryption keys, and algorithms. The document also discusses hash values, digital signatures, types of attacks against encryption, different cipher implementations like DES and AES, and reasons why attacks can still succeed despite encryption.

Software
In this document
Powered by AI

Presentation by Zahid Mian, part of the Brown-bag Series.

Discusses history, importance of encryption, types of ciphers, implementations, hash values, digital signatures, and causes of attack success.

Covers ancient ciphers like Hieroglyphs and Caesar Cipher, and improvements such as Steganography and Vigenere Coding.

Explains modern, digital encryption methods, focusing on mathematical operations and public/private key uses.

Defines key concepts: plaintext, cipher, encryption key, decryption key, ciphertext, algorithms, and types of keys.

Depicts the overall mechanism of modern cryptographic systems, highlighting its complexity.

Details passive and active attacks on data, including known plaintext, chosen plaintext, brute force, and man-in-the-middle attacks.

Discusses various ciphers, including Caesar, Playfair, Vigenere, and One-Time Pad, along with block/stream processing.

Describes the underlying model and operational steps of block ciphers, including input transformation.

Discusses DES cipher specifications, including block size, key length, and improvements like Triple DES.

Introduces AES, its advantages over Triple DES, and asymmetric ciphers like RSA, ElGamal, and ECC.

Explains how hash functions work, their efficiency, and common types, emphasizing their use in password storage.

Illustrates the importance of digital signatures for authenticity and trust, along with the role of Certifying Authority.

Discusses risks in encryption: user carelessness, stolen credentials, and various attack vectors.

Downloaded 55 times
Zahid Mian Part of the Brown-bag Series
 History andTerms  WhyWe Need Encryption  How is Encryption Used In Systems  Difference in Ciphers  Various Implementations  HashValues  Digital Signatures  Why Attacks Are Successful
 Hieroglyphs  4000 years ago  Use pictures to represent words/messages  Caesar ShiftCipher  Replace characters by an offset (or shifting)  Offset = 2, then “hello” -> “jgnnq”  Improvements over time  Steganography,Vigenere Coding
 Modern really means digital  Much more mathematically oriented  Operating on bit values  Use of public key and secret key  Even though algorithm are public, it’s nearly impossible to obtain original information
 Plaintext –The original information  Cipher – A secret way of writing (an algorithm)  Encryption Key – A value that is used to encrypt plaintext (aka, public key)  Decryption Key – A value that is used to decrypt Ciphertext (aka, private key)  Ciphertext -The encrypted information  Algorithm – (Often) Public algorithm that uses keys to encrypt or decrypt information  Interceptor/Attacker – unauthorized entity that tries to determine the cipher text (aka, hacker)  Symmetric – single key used for encryption and decryption  Asymmetric – uses public key and private key
http://www.infosectoday.com/Articles/Intro_to_Cryptography/CryptoFig05a.jpg This is how things generally work today, but there are a lot of pieces that make this happen.
 Passive – Simply gaining unauthorized access to information.  Most common password is 123456  Active – A hacker attempts to make changes to data on the target or data en route  Masquerading: hacker pretends to be someone  Denial of Service (DoS): deny access to legitimate users by overwhelming the system (common)  Using technical information to steal user id (e.g., using session id)
 Known Plaintext Attack (KPA)  Attacker knows plaintext of some part of the ciphertext; attempts to decrypt the rest  Chosen Plaintext Attack (CPA)  Attacker has ciphertext and plaintext; attempts to determine key  Brute Force Attack (BFA)  Attacker tries to determine key by attempting all possible values  Man in the Middle (MIM)  Simple, but technically challenging method of duping both the sender and the receiver into thinking keys came from correct source  Side Channel Attacks (SCA)  Data Remanence (reading data that should have been deleted)  Row Hammer (low-level memory hack)  Fault Analysis (forcing errors and reading outputs for clues)
 Traditionally Ciphers were single character  Caesar Cipher: shift a single character  Two-character Cipher (Playfair)  Use two characters as key  String Cipher (Vigenere)  Use a string (word) as key  One-Time Pad  Key length equals length of plaintext  Block/Stream (DES,AES)  Plaintext is processed in blocks/streams of bits at a time
Simple Feedback
 Underlying model for many block ciphers  Same algorithm for encryption/decryption  Steps  Input is split into two halves  RHS input is transformed by function f which receives a subkey  LHS combined with transformed input from RHS using XOR operation  RHS and LHS are switched to obtain the input for next round  Repeat
32 bit 32 bit f 32 bit 32 bit 32 bit 32 bit Ki LHSi-1 RHSi-1 LHSi-1 = RHSi-1 RHSi-1 = LHSi-1
 Block size is 64 bits  Key length is 64 bits (though only 56 are used)  Round-key generator creates 48-bit Key • Very Strong Cipher • Fallen out of favor because small key value • Can be hacked with exhaustive search
 Don’t abandon original DES; change usage  Effectively use 3 Keys (3X56 = 168)  Problem of short key solved  Kind of slow  Process  Encrypt plaintext using K1  Decrypt output of Step1 using K2  Encrypt output of Step2 using K3  Output of Step3 is ciphertext  Decrypt in reverse order
 The more popular algorithm today  Much faster thanTriple DES  128-bit data; 128/192/256-bit keys  Key size depends on the number of rounds  A “bit” more complex algorithm (pun intended)  For details see online resources  To-Date no attacks againstAES have been successful
 Asymmetric Cipher (diff keys)  Necessary due to growth of Internet  Used for smaller pieces of data  ThreeTypes  RSA (widely used)  ElGamal  Elliptic Curve Cryptography (ECC)
http://etutorials.org/Programming/Programming+.net+security/Part+III+.NET+Cryptography/Chapter+15.+Asymmetric+Encryption/15.1+ Asymmetric+Encryption+Explained/
 Function that converts arbitrarily long numeric input into a fixed numeric output called a hash  Very Efficient  Hard to reverse value  Hard to produce same hash for diff inputs  Some well known Hash Functions  Message Digest (MD), Secure Hash Function (SHA), RIPEMD  Most Common Use: Password Storage  Secure Apps will not save your password in plaintext
 How can we be sure a message is authentic?  In the old days, a signature on a letter proved authenticity  Digital Signatures do the same thing-they ensure that the message is from the original sender with the original message  Adds trust when exchanging data  Using Encryption with Digital Signatures is important  Certifying Authority (CA) responsible for management of certificates  Generating, issuing, publishing, verifying, revoking
Encryption of Email Decryption of Email
 User Carelessness / Stolen Credentials  Stolen equipment (laptops, phones, etc.)  Incorrect Implementation / Backdoor  Broken Processes / InsiderThreats  PhishingAttacks  Sending sensitive data over plaintext  Zero-day threats / Maintenance  Application vulnerabilities
Intro to modern cryptography
Intro to modern cryptography

More Related Content

PPT
Cipher techniques
byMohd Arif
 
PPTX
Block ciphers & public key cryptography
byRAMPRAKASHT1
 
PPS
Itt project
byHarish Kumar
 
PPT
Message authentication and hash function
byomarShiekh1
 
PPTX
Cryptography and applications
bythai
 
PDF
Introduction to Cryptography
bySeema Goel
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPT
Classical cryptography
byAravindharamanan S
 
Cipher techniques
byMohd Arif
 
Block ciphers & public key cryptography
byRAMPRAKASHT1
 
Itt project
byHarish Kumar
 
Message authentication and hash function
byomarShiekh1
 
Cryptography and applications
bythai
 
Introduction to Cryptography
bySeema Goel
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Classical cryptography
byAravindharamanan S
 

What's hot

PPTX
Cryptography - Block cipher & stream cipher
byNiloy Biswas
 
PPTX
Cryptography
byDarshini Parikh
 
PPTX
Cryptography
bysubodh pawar
 
PPTX
Cryptography.ppt
byUday Meena
 
PPTX
Cryptography and Network Security
byPa Van Tanku
 
PPTX
Cryptography.ppt
bykusum sharma
 
PPTX
ElGamal Encryption Algoritham.pptx
byIndian Institute of information technology Una
 
PPT
block ciphers
byAsad Ali
 
PDF
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
PPTX
Cryptography - 101
byn|u - The Open Security Community
 
PDF
Classical encryption techniques
byDr.Florence Dayana
 
PDF
2. public key cryptography and RSA
byDr.Florence Dayana
 
PPTX
El Gamal Cryptosystem
byAdri Jovin
 
PDF
symmetric key encryption algorithms
byRashmi Burugupalli
 
PDF
Aes
byMuhammad Asif
 
PPTX
Introduction to Cryptography
byMd. Afif Al Mamun
 
PPT
PUBLIC KEY ENCRYPTION
byraf_slide
 
PPTX
Double DES & Triple DES
byHemant Sharma
 
PPTX
Public Key Cryptosystem
byDevakumar Kp
 
PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
Cryptography - Block cipher & stream cipher
byNiloy Biswas
 
Cryptography
byDarshini Parikh
 
Cryptography
bysubodh pawar
 
Cryptography.ppt
byUday Meena
 
Cryptography and Network Security
byPa Van Tanku
 
Cryptography.ppt
bykusum sharma
 
ElGamal Encryption Algoritham.pptx
byIndian Institute of information technology Una
 
block ciphers
byAsad Ali
 
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
Cryptography - 101
byn|u - The Open Security Community
 
Classical encryption techniques
byDr.Florence Dayana
 
2. public key cryptography and RSA
byDr.Florence Dayana
 
El Gamal Cryptosystem
byAdri Jovin
 
symmetric key encryption algorithms
byRashmi Burugupalli
 
Aes
byMuhammad Asif
 
Introduction to Cryptography
byMd. Afif Al Mamun
 
PUBLIC KEY ENCRYPTION
byraf_slide
 
Double DES & Triple DES
byHemant Sharma
 
Public Key Cryptosystem
byDevakumar Kp
 
MAC-Message Authentication Codes
byDarshanPatil82
 

Viewers also liked

PPT
Ch31
bybitistu
 
PDF
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
PPTX
Cryptography using rsa cryptosystem
bySamdish Arora
 
PDF
Modern Cryptography
byJames McGivern
 
PPTX
Apprenticeship artifact
byShooter24
 
PDF
Data Encryption and Decryption using Hill Cipher
byAashirwad Kashyap
 
PDF
Cryptography by Epul
byAgate Studio
 
PPTX
Rsa algorithm key generation
byswarnapatil
 
PPTX
Cryptography
bypravin pandey
 
PPTX
Message digest & digital signature
byDinesh Kodam
 
PPT
Forouzan isdn
byMahesh Kumar Chelimilla
 
PPT
PSTN
byaminpathan11
 
PPT
Basic ISDN
byChris McAndrew
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
POT
ISDN & DSL
byUmair Arain
 
PPT
Diffiehellman
bychenlahero
 
PPT
13 asymmetric key cryptography
bydrewz lin
 
PPT
Lesson 1 the pstn
bykongara
 
PPTX
Presentation on DSL & ADSL
byrewa_monami
 
PPTX
DSL - ADSL
bytucho
 
Ch31
bybitistu
 
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
Cryptography using rsa cryptosystem
bySamdish Arora
 
Modern Cryptography
byJames McGivern
 
Apprenticeship artifact
byShooter24
 
Data Encryption and Decryption using Hill Cipher
byAashirwad Kashyap
 
Cryptography by Epul
byAgate Studio
 
Rsa algorithm key generation
byswarnapatil
 
Cryptography
bypravin pandey
 
Message digest & digital signature
byDinesh Kodam
 
Forouzan isdn
byMahesh Kumar Chelimilla
 
PSTN
byaminpathan11
 
Basic ISDN
byChris McAndrew
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
ISDN & DSL
byUmair Arain
 
Diffiehellman
bychenlahero
 
13 asymmetric key cryptography
bydrewz lin
 
Lesson 1 the pstn
bykongara
 
Presentation on DSL & ADSL
byrewa_monami
 
DSL - ADSL
bytucho
 

Similar to Intro to modern cryptography

PPTX
CH02-CompSec4e.pptx
byams1ams11
 
PPT
introduction to cryptography (basics of it)
byneonaveen
 
PPT
crypto.ppt
byGanesh Chavan
 
PPT
needed.ppt
byfaizalkhan673954
 
PPT
crypto1.ppt
bytommychauhan
 
PPTX
NS UNIT 1 Advanced Encryption Standard& RSA
byAntonySuresh13
 
PPTX
Encryption algorithms
bytrilokchandra prakash
 
PPT
introduction to cryptography
byPriyamvada Singh
 
PDF
CNIT 125 Ch 4. Security Engineering (Part 2)
bySam Bowne
 
PDF
CISSP Prep: Ch 4. Security Engineering (Part 2)
bySam Bowne
 
PPT
CISSP EXAM PREPARATION FOR A PASSED SCORE
byrinelaam
 
PPTX
Cryptography-101
byVishal Punjabi
 
PPTX
CISSP - Chapter 3 - Cryptography
byKarthikeyan Dhayalan
 
PPTX
Cryptography
byPratiksha Patil
 
PPTX
Security - ch3.pptx
byGebrehanaAlemaw
 
PPTX
Security - ch3.pptx
byHabtamuHaileMichael2
 
PPTX
Chapter-Three Part One.pptxghgjhhjghjhjhhj
byShemse Shukre
 
PDF
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
PPT
Introduction to cryptography and Network Security
byDhanapalM8
 
PPT
Cryptography cse,ru
byHossain Md Shakhawat
 
CH02-CompSec4e.pptx
byams1ams11
 
introduction to cryptography (basics of it)
byneonaveen
 
crypto.ppt
byGanesh Chavan
 
needed.ppt
byfaizalkhan673954
 
crypto1.ppt
bytommychauhan
 
NS UNIT 1 Advanced Encryption Standard& RSA
byAntonySuresh13
 
Encryption algorithms
bytrilokchandra prakash
 
introduction to cryptography
byPriyamvada Singh
 
CNIT 125 Ch 4. Security Engineering (Part 2)
bySam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
bySam Bowne
 
CISSP EXAM PREPARATION FOR A PASSED SCORE
byrinelaam
 
Cryptography-101
byVishal Punjabi
 
CISSP - Chapter 3 - Cryptography
byKarthikeyan Dhayalan
 
Cryptography
byPratiksha Patil
 
Security - ch3.pptx
byGebrehanaAlemaw
 
Security - ch3.pptx
byHabtamuHaileMichael2
 
Chapter-Three Part One.pptxghgjhhjghjhjhhj
byShemse Shukre
 
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
Introduction to cryptography and Network Security
byDhanapalM8
 
Cryptography cse,ru
byHossain Md Shakhawat
 

More from zahid-mian

PDF
Mongodb Aggregation Pipeline
byzahid-mian
 
PDF
MongoD Essentials
byzahid-mian
 
PDF
Hadoop Technologies
byzahid-mian
 
PDF
Hadoop M/R Pig Hive
byzahid-mian
 
PDF
NoSQL Databases
byzahid-mian
 
PDF
Statistics101: Numerical Measures
byzahid-mian
 
PDF
Amazon SimpleDB
byzahid-mian
 
PDF
C# 6 New Features
byzahid-mian
 
PDF
Introduction to d3js (and SVG)
byzahid-mian
 
Mongodb Aggregation Pipeline
byzahid-mian
 
MongoD Essentials
byzahid-mian
 
Hadoop Technologies
byzahid-mian
 
Hadoop M/R Pig Hive
byzahid-mian
 
NoSQL Databases
byzahid-mian
 
Statistics101: Numerical Measures
byzahid-mian
 
Amazon SimpleDB
byzahid-mian
 
C# 6 New Features
byzahid-mian
 
Introduction to d3js (and SVG)
byzahid-mian
 

Recently uploaded

PPTX
Financial Literacy for Software Developers
byBalanathanVirupasan
 
PDF
ASTC Conference 2025 - Bridging the Gap!
byGareth Oakes
 
PPSX
Domain Centered Architecture for complex business domains
byRob Vens
 
PPTX
Moving Plone Blob Storage to S3 Object Storage - Plone Conference 2025
byAlin Voinea
 
PDF
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
PDF
VADY Data Analytics Solutions – Effortless AI-Powered Decision-Making for Eve...
byNewFangledVision
 
PDF
Ensuring Regulatory Excellence with Insurance Compliance Software
byInsurance Tech Services
 
PPTX
Oracle_AWS_Azure_GCP_Comparison_ModernTech.pptx
byVITS184D1
 
PDF
How QuickHR Helps SMEs Control Expense Claims
byParker adam
 
PDF
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
DOCX
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
PDF
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
PDF
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
PPTX
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
PDF
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
PDF
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
DOCX
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
PPT
preliminaries, concepts of programming languages
bymjmansoori54
 
PPTX
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
PDF
The new Volto Form Block, Plone Conference 2025
byRob Gietema
 
Financial Literacy for Software Developers
byBalanathanVirupasan
 
ASTC Conference 2025 - Bridging the Gap!
byGareth Oakes
 
Domain Centered Architecture for complex business domains
byRob Vens
 
Moving Plone Blob Storage to S3 Object Storage - Plone Conference 2025
byAlin Voinea
 
898975372-Leaving-Legacy-Software-Behind-a-Modern-Migration-Roadmap.pdf
byKsoft Technologies
 
VADY Data Analytics Solutions – Effortless AI-Powered Decision-Making for Eve...
byNewFangledVision
 
Ensuring Regulatory Excellence with Insurance Compliance Software
byInsurance Tech Services
 
Oracle_AWS_Azure_GCP_Comparison_ModernTech.pptx
byVITS184D1
 
How QuickHR Helps SMEs Control Expense Claims
byParker adam
 
Dreamforce 2025: Welcome to the Agentic Enterprise
byDele Amefo
 
What Is the Best BI Software Other Than Tableau.docx
byVarsha Nayak
 
The 50+ First-Timer: My OpenTelemetry Contribution and How Your CNCF Journey...
byImma Valls Bernaus
 
Security Architecture Views the FDA Expects — And How to Get Them Right
byICS
 
Cyber-Security-Essentials (21AK1A0217).pptx
byGaganGagan44
 
Practical Performance Tuning for Serverless Java on AWS- InfoQ Dev Summit
byVadym Kazulkin
 
Driving Stress Detection Using Multimodal CNN with Nonlinear Representation o...
byPranjal Kumar
 
Comprehensive Guide to SharePoint Consulting Services – Benefits, Process, an...
bySharepoint Designs
 
preliminaries, concepts of programming languages
bymjmansoori54
 
Standardization of open-source software ISO/IEC 5230:2020 and ISO/IEC 18974:2...
byShane Coughlan
 
The new Volto Form Block, Plone Conference 2025
byRob Gietema
 

Intro to modern cryptography

  • 1.
    Zahid Mian Part ofthe Brown-bag Series
  • 2.
     History andTerms WhyWe Need Encryption  How is Encryption Used In Systems  Difference in Ciphers  Various Implementations  HashValues  Digital Signatures  Why Attacks Are Successful
  • 3.
     Hieroglyphs  4000years ago  Use pictures to represent words/messages  Caesar ShiftCipher  Replace characters by an offset (or shifting)  Offset = 2, then “hello” -> “jgnnq”  Improvements over time  Steganography,Vigenere Coding
  • 4.
     Modern reallymeans digital  Much more mathematically oriented  Operating on bit values  Use of public key and secret key  Even though algorithm are public, it’s nearly impossible to obtain original information
  • 5.
     Plaintext –Theoriginal information  Cipher – A secret way of writing (an algorithm)  Encryption Key – A value that is used to encrypt plaintext (aka, public key)  Decryption Key – A value that is used to decrypt Ciphertext (aka, private key)  Ciphertext -The encrypted information  Algorithm – (Often) Public algorithm that uses keys to encrypt or decrypt information  Interceptor/Attacker – unauthorized entity that tries to determine the cipher text (aka, hacker)  Symmetric – single key used for encryption and decryption  Asymmetric – uses public key and private key
  • 6.
    http://www.infosectoday.com/Articles/Intro_to_Cryptography/CryptoFig05a.jpg This is howthings generally work today, but there are a lot of pieces that make this happen.
  • 7.
     Passive –Simply gaining unauthorized access to information.  Most common password is 123456  Active – A hacker attempts to make changes to data on the target or data en route  Masquerading: hacker pretends to be someone  Denial of Service (DoS): deny access to legitimate users by overwhelming the system (common)  Using technical information to steal user id (e.g., using session id)
  • 8.
     Known PlaintextAttack (KPA)  Attacker knows plaintext of some part of the ciphertext; attempts to decrypt the rest  Chosen Plaintext Attack (CPA)  Attacker has ciphertext and plaintext; attempts to determine key  Brute Force Attack (BFA)  Attacker tries to determine key by attempting all possible values  Man in the Middle (MIM)  Simple, but technically challenging method of duping both the sender and the receiver into thinking keys came from correct source  Side Channel Attacks (SCA)  Data Remanence (reading data that should have been deleted)  Row Hammer (low-level memory hack)  Fault Analysis (forcing errors and reading outputs for clues)
  • 9.
     Traditionally Cipherswere single character  Caesar Cipher: shift a single character  Two-character Cipher (Playfair)  Use two characters as key  String Cipher (Vigenere)  Use a string (word) as key  One-Time Pad  Key length equals length of plaintext  Block/Stream (DES,AES)  Plaintext is processed in blocks/streams of bits at a time
  • 10.
  • 11.
     Underlying modelfor many block ciphers  Same algorithm for encryption/decryption  Steps  Input is split into two halves  RHS input is transformed by function f which receives a subkey  LHS combined with transformed input from RHS using XOR operation  RHS and LHS are switched to obtain the input for next round  Repeat
  • 12.
    32 bit 32bit f 32 bit 32 bit 32 bit 32 bit Ki LHSi-1 RHSi-1 LHSi-1 = RHSi-1 RHSi-1 = LHSi-1
  • 13.
     Block sizeis 64 bits  Key length is 64 bits (though only 56 are used)  Round-key generator creates 48-bit Key • Very Strong Cipher • Fallen out of favor because small key value • Can be hacked with exhaustive search
  • 14.
     Don’t abandonoriginal DES; change usage  Effectively use 3 Keys (3X56 = 168)  Problem of short key solved  Kind of slow  Process  Encrypt plaintext using K1  Decrypt output of Step1 using K2  Encrypt output of Step2 using K3  Output of Step3 is ciphertext  Decrypt in reverse order
  • 15.
     The morepopular algorithm today  Much faster thanTriple DES  128-bit data; 128/192/256-bit keys  Key size depends on the number of rounds  A “bit” more complex algorithm (pun intended)  For details see online resources  To-Date no attacks againstAES have been successful
  • 16.
     Asymmetric Cipher(diff keys)  Necessary due to growth of Internet  Used for smaller pieces of data  ThreeTypes  RSA (widely used)  ElGamal  Elliptic Curve Cryptography (ECC)
  • 17.
  • 18.
     Function thatconverts arbitrarily long numeric input into a fixed numeric output called a hash  Very Efficient  Hard to reverse value  Hard to produce same hash for diff inputs  Some well known Hash Functions  Message Digest (MD), Secure Hash Function (SHA), RIPEMD  Most Common Use: Password Storage  Secure Apps will not save your password in plaintext
  • 19.
     How canwe be sure a message is authentic?  In the old days, a signature on a letter proved authenticity  Digital Signatures do the same thing-they ensure that the message is from the original sender with the original message  Adds trust when exchanging data  Using Encryption with Digital Signatures is important  Certifying Authority (CA) responsible for management of certificates  Generating, issuing, publishing, verifying, revoking
  • 20.
  • 21.
     User Carelessness/ Stolen Credentials  Stolen equipment (laptops, phones, etc.)  Incorrect Implementation / Backdoor  Broken Processes / InsiderThreats  PhishingAttacks  Sending sensitive data over plaintext  Zero-day threats / Maintenance  Application vulnerabilities

Editor's Notes

  • #9 Which of these are likely to happen? Some are more theoretical than practical.
  • #11 In feedback cipher, the encrypted text of the previous step is used to encrypt the next block
  • #13 Right side image shows the all 16 rounds of encryption. Number of rounds is configurable Left side shows a single round of encryption. LHS = Left Hand Side RHS = Right Hand Side
  • #21 Each person adopting this scheme has a public-private key pair. the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. Signer feeds data to the hash function and generates hash of data. Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. Verifier also runs same hash function on received data to generate hash value. For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.