Scribd Logo
Importer

Bienvenue sur Scribd !

  • Cryptographic Security: CS5204 - Operating Systems

    Transféré par

    sjmpak
    26 vues13 pages
    This document discusses cryptographic security. It describes security considerations for privacy, integrity, authentication, and non-repudiation. It also discusses threats like replay and corruption of messages. The document introduces symmetric key cryptography where one key is used for encryption and decryption, and public key cryptography where there is a public key for encryption and private key for decryption. It describes how public key cryptography can be combined with symmetric key cryptography for efficiency. The document explains RSA public key cryptography and digital signatures which provide message integrity and authentication.

    Description originale:

    cissp

    Titre original

    Cryptography

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses cryptographic security. It describes security considerations for privacy, integrity, authentication, and non-repudiation. It also discusses threats like replay and corruption of messages. The document introduces symmetric key cryptography where one key is used for encryption and decryption, and public key cryptography where there is a public key for encryption and private key for decryption. It describes how public key cryptography can be combined with symmetric key cryptography for efficiency. The document explains RSA public key cryptography and digital signatures which provide message integrity and authentication.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    26 vues13 pages

    Cryptographic Security: CS5204 - Operating Systems

    Transféré par

    sjmpak
    This document discusses cryptographic security. It describes security considerations for privacy, integrity, authentication, and non-repudiation. It also discusses threats like replay and corruption of messages. The document introduces symmetric key cryptography where one key is used for encryption and decryption, and public key cryptography where there is a public key for encryption and private key for decryption. It describes how public key cryptography can be combined with symmetric key cryptography for efficiency. The document explains RSA public key cryptography and digital signatures which provide message integrity and authentication.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 13

    Cryptographic Security

    CS5204 Operating Systems

    Cryptographic Security

    Security Considerations
    Factors: reliance on unknown, vulnerable intermediaries (e.g., Internet routers) parties may have no personal or organizational relationship (e.g., e-commerce) use of automated surrogates (e.g., agents) Goals: privacy/confidentiality - information not disclosed to unauthorized entities integrity - information not altered deliberately or accidentally authentication - validation of identity of source of information non-repudiation - source of information can be objectively established Threats: replay of messages interference (inserting bogus messages) corrupting messages
    CS 5204 Operating Systems 2

    Cryptographic Security

    Cryptography
    public information
    CA M

    C D

    Encryption key

    Ke Forms of attack: ciphertextonly knownplaintext chosenplaintext


    CS 5204 Operating Systems

    Kd

    Decryption key

    Cryptographic Security

    Forms of Cryptosystems
    Private Key (symmetric) : A single key is used for both encryption and decryption.

    Key distribution problem a secure channel is needed to transmit the key before secure communication can take place over an unsecure channel. Public Key (asymmetric): The encryption procedure (key) is public while the decryption procedure (key) is private. Requirements: 1. For every message M, D(E(M)) = M 2. E and D can be efficiently applied to M 3. It is impractical to derive D from E.
    CS 5204 Operating Systems 4

    Cryptographic Security

    Combining Public/Private Key Systems


    Public key encryption is more expensive than symmetric key encryption For efficiency, combine the two approaches

    (1)

    A
    (2)

    (1) Use public key encryption for authentication; once authenticated, transfer a shared secret symmetric key (2) Use symmetric key for encrypting subsequent data transmissions

    CS 5204 Operating Systems

    Cryptographic Security

    Secure Communication - Public Key System

    User X

    EY(M)

    DY(C)

    User Y

    EY is the public key for user Y DY is the secret key for user Y
    CS 5204 Operating Systems

    User Z
    6

    Cryptographic Security

    RivestShamirAdelman (RSA) Method

    User X

    Me mod n

    Cd mod n

    User Y

    (e, n) Encryption Key for user Y

    (d, n) Decryption Key for user Y

    CS 5204 Operating Systems

    Cryptographic Security

    RSA Method
    1. Choose two large (100 digit) prime numbers, p and q,and set n = p x q

    2. Choose any large integer, d, so that: GCD( d, ((p1)x(q1)) = 1


    3. Find e so that: e x d = 1 (modulo (p1)x(q1)) Example: 1. p = 5, q = 11 and n = 55. (p1)x(q1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1
    CS 5204 Operating Systems 8

    Cryptographic Security

    (Large) Document Integrity


    Digest properties:
    File/ message

    hash process

    fixed-length, condensation of the source efficient to compute irreversible - computationally infeasible for the original source to be reconstructed from the digest unique - difficult to find two different sources that map to the same digest (collision resistance) Also know as: fingerprint

    digest

    Examples: MD5 (128 bits), SHA-1 (160 bits)

    CS 5204 Operating Systems

    Cryptographic Security

    (Large)Document Integrity

    file

    file

    hash process

    encrypt with senders private key

    digest

    digital envelope

    CS 5204 Operating Systems

    10

    Cryptographic Security

    Guaranteeing Integrity

    digital envelope

    file

    file

    hash process

    decrypt with senders public key

    compare digest digest

    CS 5204 Operating Systems

    11

    Cryptographic Security

    Digital Signatures (Public Key)


    Requirements: unforgable and unique
    receiver: knows that a message came from the sender (authenticity) sender: cannot deny authorship( non-repudiation)

    message integrity
    sender & receiver: message contents preserved (integrity) (e.g., cannot cutandpaste a signature into a message)

    Public Key System:

    sender, A: (EA : public, DA : private) receiver, B: (EB : public, DB : private)


    sender(A) C= EB (DA (M)) > receiver(B) receiver(B) M = EA (DB (C)) > M
    CS 5204 Operating Systems 12

    Cryptographic Security

    Secure Communication (Public Key)

    Handshaking EPKB, (IA, A) EPKA (IA, IB) A EPKB (IB) IA, IB are nonces nonces can be included in each subsequent message PKB: public key of B; PKA: public key of A;
    CS 5204 Operating Systems 13

    Vous aimerez peut-être aussi