Mort AnvariMort Anvari

Introduction toIntroduction toEncryption TechnologyEncryption Technology

2

EncryptionEncryption

What is it?- The conversion of data into a form that cannot

be easily understood by unauthorized people

- The opposite is decryption, that is, changing the difficult to read form back into the original

- It’s usually software, but can be hardware

3

CryptographyCryptography

- What does it do for me?

- Symmetric Encryption

- Asymmetric Encryption

- One Way Hash

- Example: An Encrypted E-Mail

4

What does it do for me?What does it do for me?

Confidentiality: The data can only be read by the intended recipients

Non-Repudiation: The data cannot be forged. If data is “signed” by a person, the data could only have come from them. No more “I didn’t send that!”

Data Integrity: The data cannot be modified without detection

5

Symmetric EncryptionSymmetric Encryption

- Data is encrypted and decrypted

with the same key

- Fast

- Key must be kept secret

- Key must be sent Out of Band

- DES and IDEA are symmetric

6

Asymmetric EncryptionAsymmetric Encryption

- Uses 2 keys

- Data encrypted with one key can

only be decrypted with the other

- Public key is shared with all

- Public key can be sent In Band

- Private key must be kept secret

- RSA is asymmetric

7

One Way HashOne Way Hash

- A “fingerprint” of data

- Any size data = same size hash

- Tiny changes in data produce

a very different hash

8

Example: Encrypted E-MailExample: Encrypted E-Mail

Anne wants to send e-mail to Bob. The plaintext message compressed to make it smaller and the ciphertext stronger.

Plaintext CompressionSmall

Plaintext

9

Example: Encrypted E-MailExample: Encrypted E-Mail

The plaintext message is run through a hash algorithm to generate a “fingerprint”.

Small

PlaintextHash Function Fingerprint

10

Example: Encrypted E-MailExample: Encrypted E-Mail

The fingerprint is encrypted using Anne’s private key. This makes it into a digital signature. It is then appended to the plaintext.

Anne’s PrivateKey

Small

Plaintext

Signature

Fingerprint

11

Example: Encrypted E-MailExample: Encrypted E-Mail

A Random key is generated and the e-mail is symmetrically encrypted using that.

Small

Plaintext Random Key

CiphertextEncrypted

withRandom

KeySignature

12

Example: Encrypted E-MailExample: Encrypted E-Mail

The Random Key is Encrypted using Bob’s public key. The result is called a “Strong Box”. Remember that only Bob can read the contents of the Box.

Bob’s PublicKey

Random KeyRandom Key

A Box for Bob

13

Random Key

A Box for Bob

Example: Encrypted E-MailExample: Encrypted E-Mail

The Box is attached to the ciphertext and they are sent over e-mail to Bob.

CiphertextEncrypted

withRandom

Key

To Bob Internet

14

Example: Encrypted E-MailExample: Encrypted E-Mail

Bob decrypts his Strong Box to get the Random Key. Only Bob’s private key can open the Box which was encrypted with his public key.

Bob’s PrivateKey

Random KeyRandom Key

A Box for Bob

15

Example: Encrypted E-MailExample: Encrypted E-Mail

Bob decrypts the ciphertext using the random key which he got from his Strong Box.

Random Key

CiphertextEncrypted

withRandom

Key

Small

Plaintext

Signature

16

Example: Encrypted E-MailExample: Encrypted E-Mail

Bob decrypts Anne’s signature using her public key. Since only Anne could have encrypted it with her private key, Bob knows the message had to come from her.

Anne’s PublicKeySignature Fingerprint

17

Example: Encrypted E-MailExample: Encrypted E-Mail

Bob runs the unencrypted message through the hash function. If this fingerprint is the same as the one from the signature, the message was not changed in transit.

Small

PlaintextHash Function

CalculatedFingerprint

ReceivedFingerprint

or

18

Example: Encrypted E-MailExample: Encrypted E-Mail

Finally, the message is uncompressed. Bob can read the message knowing for certain that it’s from Anne, it’s what Anne wrote and only the two of them could have read it.

Plaintext CompressionSmall

Plaintext