use of cryptography in data security over computer networks by tigerhats
DESCRIPTION
This is an overview on "Use of Cryptography in Data Security over Computer Networks". In this document we gave an overview of Cryptography such as Symmetric and Asymmetric cryptography and several cryptographic algorithm such as RSA, DES, Digital Signature, MD5, Kerberos, their uses and mechanism.TRANSCRIPT
![Page 1: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/1.jpg)
Use of Cryptography in Data Security over Computer
Networks
Presented by:
Monzur MorshedRezaur Rahman
TigerHATSwww.tigerhats.org
![Page 2: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/2.jpg)
The International Research group dedicated to Theories, Simulation and Modeling, New Approaches, Applications, Experiences, Development, Evaluations, Education, Human, Cultural and Industrial Technology
Homepage: www.tigerhats.orgTwitter: www.twitter.com/tigerhats
TigerHATS - Information is power
![Page 3: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/3.jpg)
Use of Cryptography in Data Security over Computer
Networks
Presented by
Monzur Morshed Rezaur Rahman (TigerHATS)
![Page 4: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/4.jpg)
DefinitionsComputer Security: measures to protect data within acomputer and during its processing.
Network Security: measures to protect data (information)
within the network and during their transmission.
Internet Security: measures to protect data their
transmission over a collection of interconnected networks.
![Page 5: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/5.jpg)
Vulnerability: It is a weakness that can be used to cause loss or harm to an information system. Vulnerable points of a system are used to attack the system to breach its security.
Threat: It can be seen as potential violation of security of a system. Of course violation of security will be done to cause harm or loss. Threats exist because of vulnerabilities in a system.
Preliminaries [Cont..]
![Page 6: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/6.jpg)
• Interception
• Interruption
• Modification
• Fabrication
Types of Threats
![Page 7: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/7.jpg)
Logical Control: It uses software and data tomonitor and control access to data (information) of asystem. As for example, password authenticationschemes, access control schemes, firewalls tonetwork, network intrusion detection systems, andencryption methods are types of logical controls.
Physical Control: It monitors and controls thesurrounding place i.e. the environment of thesystems. For example: doors and locks, cameras,barricades, fencing, security guards etc.
Preliminaries [Cont..]
![Page 8: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/8.jpg)
• Encryption
• Authentication
• Authorization
• Auditing
Security Mechanisms
![Page 9: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/9.jpg)
Focus of Control
Three approaches for protection against security threats
a) Protection against invalid operations
b) Protection against unauthorized invocations
c) Protection against unauthorized users
![Page 10: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/10.jpg)
Basic Terminology of Cryptography
Plaintext: the original message or text that is used in an encryption process is called plaintext.
Cipher text: the coded message or the encrypted form of themessage that is found after encryption process has been completed.
Cipher: algorithm or process for transforming plaintext tocipher text.
Key: data (number) used in cipher known only to sender/ receiver.
![Page 11: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/11.jpg)
Encipher (encrypt): Converting plaintext to cipher text.
Decipher (decrypt): Recovering cipher text from plaintext.
Cryptography: Study of encryption principles/methods.
Cryptanalysis (code breaking) : The study of principles/methods of deciphering cipher text without knowing key.
Cryptology : The field of both cryptography & cryptanalysis.
Terminology [Cont..]
![Page 12: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/12.jpg)
Cryptosystem: The system that contains both encryptionand decryption processes. It includes key generation process, encryption and decryption algorithms.
Key Management: The process of generation, transmission and storage of key or keys.
Key generation process: The process or algorithm that generates the key for a cryptosystem is called key generation process. It may include one or more algorithms.
Terminology [Cont..]
![Page 13: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/13.jpg)
Cryptography
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
K A+
K A−
![Page 14: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/14.jpg)
There two categories of cryptography or cryptosystem.One is symmetric cryptosystem and another isAsymmetric cryptosystem. Cryptography andcryptosystem are synonymous words. In future we shalluse word cryptosystem in case of cryptography.
Symmetric cryptosystem: Same key is used bothin encryption and decryption.
Asymmetric crypto system: One key is used forencryption and another separate key is used fordecryption.
Concept of Cryptography
![Page 15: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/15.jpg)
Symmetric cryptosystem: Here only one key is used in both encryption and decryption processes.
C = EA(K, P) Where C-cipher text, EA- encryption algorithm,
K- key, P- plain text.
Basic Concepts of cryptography
Encryption Algorithm
K
PlaintextCipher text
Encryption Process
![Page 16: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/16.jpg)
P = DA(K, C)Where DA- decryption algorithm.
In symmetric cryptosystem key must be kept secret.
Symmetric cryptosystem
Decryption Algorithm
K
Cipher textPlaintext
Decryption Process
![Page 17: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/17.jpg)
Here two keys are used. One is for encryptionand another different one is for decryption.The key used for encryption is called publickey and published for general use. The keyused for decryption is called private or secretkey. The owner will possess this (private) keyand must be kept secret. In this system everyone who possesses public key can encrypt themessage, but only owner of the private key candecrypt the cipher text.
Asymmetric Cryptosystem
![Page 18: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/18.jpg)
C = EA(Kpub, P)Where Kpub is the public key.
Asymmetric cryptosystem
Encryption Algorithm
Kpub
Plaintext
Cipher text
Encryption Process
![Page 19: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/19.jpg)
P = DA(Kp, C)Where DA- decryption algorithm.
In asymmetric cryptosystem private key must be kept secret.
Asymmetric cryptosystem
Decryption Algorithm
Kp
Cipher textPlaintext
Decryption Process
![Page 20: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/20.jpg)
Cryptography
Intruders and eavesdroppers in communication.
![Page 21: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/21.jpg)
Define transformation as:a b c d e f g h i j k l m n o p q r s t u v w x y zD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
Caesar Cipher
![Page 22: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/22.jpg)
Write message letters out diagonally over a number of rows
Then read off cipher row by row E.g.,”meet me after the party” write
message out as:m e m a t r h p r y
e t e f e t e a t
Giving ciphertextMEMATRHPRYETEFETEAT
Transposition cipher
![Page 23: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/23.jpg)
RSA CryptosystemThis cryptosystem is invented by Rivest, Shamir and Adleman (RSA) in 1979.
It is a public key cryptosystem, which involves exponentiation modulo a number, n that is a product of two large prime numbers.
The 1024 bits key size is a typical key size for RSA cryptosystem.
![Page 24: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/24.jpg)
1. Select at random two large prime numbers p and q. ( The primes p and q might be, say, 100 decimal digits each. )
2. Compute n by the equation n = pq.
3. Select a small odd integer e that is relatively prime to ϕ (n), where ϕ (n) = (p - 1) (q - 1).
4. Compute d as the multiplicative inverse of e, modulo ϕ (n), i.e., e*d mod ϕ (n) = 1 d = minv (e, ϕ (n))
5. Publish the pair p = (e, n) as RSA public key.
6. Keep secret the pair s = (d, n) as RSA secret key.
RSA Key Generation Process
![Page 25: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/25.jpg)
The Data Encryption Standard (DES) was published in 1977. It is the primary standard and defines the Data Encryption Algorithm (DEA).
Original message is divided into block of 64 bits.
Each 64 bits block is encrypted using private or secret key.
Modern Symmetric Ciphers (DES)
![Page 26: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/26.jpg)
Published in 1977, standardized in 1979. Key: Take 64 bit and drop the bits from
the positions 8, 16, 24, 32, 40, 48, 56, 64. So key= 64 – 8 = 56-bit.
64 bit input, 64 bit output.
DES (Data Encryption Standard)
DESEncryption
64 bit M 64 bit C
56 bits
![Page 27: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/27.jpg)
DES Top View
27
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keysInitial Permutation48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K164-bit Input56-bit Key
…...
![Page 28: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/28.jpg)
Symmetric Cryptosystems: DES (2)
Details of per-round key generation in DES.
![Page 29: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/29.jpg)
1. Each block of message will be 64 bits. Do initial permutation on 64 bits data and divide it in to two halves.
2. Left half 32 bits and Right half 32 bits.3. Expand right half up to 48 bits by expansion.4. Take 64 bits key (reduced to 56 bits by dropping bits at
positions 8, 16, 24, …, 64) and select 48 bits by permuted choice.
5. Do XOR of 48 bits right half and 48 bits key.6. Select 32 bits from step 5 by S-box substitution choice.
Steps of DES
![Page 30: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/30.jpg)
7. Do P-box permutation (on 32-bits of step 6).8. Do XOR of 32 bits left half and 32 bits right half (from
step-7)9. Result from step 8 will be new right half.10. Old right half from step 2 will be the new left half.The above 10 steps make a cycle of DES.Step 1 to 10 is for one cycle. There will be 16 such cycles. After completion of 16 cycles, we have to do final permutation on data bits to get decrypted data.
Steps of DES [cont..]
![Page 31: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/31.jpg)
MD5: Message Digest Version 5
input Message
Output 128 bits Digest
• Until recently the most widely used hash algorithm
![Page 32: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/32.jpg)
Hash Functions : MD5
The structure of MD5
![Page 33: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/33.jpg)
# Like a handwritten signature.# Cryptographic technique.# Public key cryptosystem is used in digital
signature method.# unforgivable: means only the originator
should be able to produce/ compute the signature value.
# Verifiable: means others should be able to check that the signature has come from the originator.
Digital signature
![Page 34: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/34.jpg)
Message is encrypted using private key (Kp) of the creator or originator.
Simple digital signature
Messagem
Encryption algorithm
Digital signature
S
Kp
Signature creation process
![Page 35: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/35.jpg)
Signature is decrypted using public key (Kpub) of the originator.
Signature verification
SignatureS
Decryption algorithm
Messagem
Kpub
Verification process
![Page 36: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/36.jpg)
Digital signature at a glance
Encryption
Algorithm
Decryption
algorithm
m Kp, A Kpub, A
S S m
For A: For B:
Sending end: Receiving end:Signature creation Signature verification
![Page 37: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/37.jpg)
Suppose that A sends message and B receives it.
1) A produces signature S:S = E(Kp, A, m).
2) Now A enciphers (encrypts) S using B’s public key:C = E(Kpub, B, S).
3) B receives C and deciphers it:S = D(Kp, B, C).
4) B verifies that A signed m:m = D(Kpub, A, S).
Encrypted signature
![Page 38: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/38.jpg)
Encrypted signature at a glance
Encryption algorithm
Encryption algorithm
Decryption algorithm
Decryption algorithm
Sending endReceiving end
C
m Kp, A
S
For A:
Kpub,B
C
Kp, B
SKpub,A
For B:
m
![Page 39: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/39.jpg)
In a secure networking system when a user on a client wants to get service from a server he or she must be authenticated.
A network with Kerberos authentication service grants access to the server if the user is authenticated by Kerberos.
That is, before getting service from a service server, the user must go through Kerberos.
39
Kerberos
![Page 40: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/40.jpg)
It’s first report identified requirements as:• secure• reliable• transparent• Scalable
Implemented using an authentication protocol based on Needham-Schroeder
Kerberos Requirements
![Page 41: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/41.jpg)
A basic third-party authentication scheme It has an Authentication Server (AS)
• users initially negotiate with AS to identify self • AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
It has a Ticket Granting server (TGS)• users subsequently request access to other
services from TGS on basis of users TGT
Kerberos v4 Overview
![Page 42: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/42.jpg)
42
Kerberos
AS
TGS
KerberosAS –Authentication Server
TGS – Ticket Granting Server
![Page 43: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/43.jpg)
43
Dialogue of Client and AS
Client (CL)
AS
Request (m1)
E-TGT
E-TGT: encrypted ticket granting ticket
![Page 44: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/44.jpg)
44
Dialogue of Client and TGS
Client (CL)
TGS
Request (m2)
E-SGT
E-SGT: encrypted service granting ticket
![Page 45: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/45.jpg)
m3 = idcl + SGTssSGTss = E (Kss, [adcl + idcl + TS2 + LT2])
45
Dialogue of Client and SS
Client (CL)
SS
Request (m3)
Accept or reject
![Page 46: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/46.jpg)
Kerberos 4 Overview
![Page 47: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/47.jpg)
Firewalls
A common implementation of a firewall.
![Page 48: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/48.jpg)
Firewall is a program or hardware device that protects the resources of a private network from users of other networks.
Firewall blocks open ports through which an intruder can gain access to your system and the valuable data you have stored in it.
Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network.
As all information passes through firewall, user can know what is happening in the network.
Firewall allows to create rules or set privileges for the type of traffic that can pass through the firewall in both directions.
Firewall blocks malicious viruses from entering your system.
What does a firewall do?
![Page 49: Use of Cryptography in Data Security over Computer Networks by TigerHATS](https://reader033.vdocument.in/reader033/viewer/2022052522/547805d45806b524198b46e9/html5/thumbnails/49.jpg)
Thank you
TigerHATSwww.tigerhats.org