Presentation by….

Donald David

Prabhu Baptist

Rajesh Baranwal
CRYTOGRAPHY
 Cryptography (kryptós and gráphein) is the study
of the principles and techniques by which
information could be concealed in ciphers.

 It was initially only concerned with providing

secrecy for written messages, especially in times of
war.

 It is used in securing data flowing between

computers or data stored in them.

 Because of this broadened interpretation of

cryptography, the field of cryptanalysis has also
been enlarged.
Key Based Algorithm
 Encryption

o A key-based algorithm uses an encryption key to

encrypt the message.

o This means that the encrypted message is generated

using not only the message, but also using a key.

o These kind of algorithms, based on the substitution of

letters, are easily broken.
 Diagrammatic Representation
 Decryption

 The receiver can then use a decryption key to

decrypt the message.

 Again, this means that the decryption algorithm

doesn't rely only on the encrypted message. It also
needs a 'key‘

 Some algorithms use the same key to encrypt and

decrypt, and some do not
 Diagrammatic Representation
 Symmetric and Asymmetric key-based
algorithms
 Symmetric algorithm

 These type of algorithm uses the same key for

encryption and decryption.

 Although this type of algorithms are generally very

fast and simple to implement.

 Secure systems nowadays tend to use asymmetric

algorithms, where a different key is used to encrypt
and decrypt the message.
 Diagrammatic Representation
 Asymmetric algorithm

 The sender encrypts the message using the receiver's public

key.

 The encrypted message is sent to the receiving end, who will

decrypt the message with his private key.

 What is encrypted with one key is decrypted with the other key
using the same algorithm.

 The encryption algorithm is the same at both ends, only the

receiver can decrypt the message because no one else has the
private key.
 Diagrammatic Representation
Single-Key Cryptography

o Not suitable for most business and private

organizations.

 They are physically separated such a system would

require 499,500 different keys in all, with each user
having to protect 999 keys.

 Protection of all of the keys in the network is shifted

to the central authority.
 Only a single key is needed for secure
communication between two parties.

 Every potential pair of participants in a larger group

needs a unique key.
Two-Key Cryptography
 Public-key cryptography
 Public-key systems have a clear advantage over
symmetric algorithms: there is no need to agree on a
common key for both the sender and the receiver.

 If someone wants to receive an encrypted message,

the sender only needs to know the receiver's public
key .

 As long as the receiver keeps the private key secret,

no one but the receiver will be able to decrypt the
messages encrypted with the corresponding public
key.

 This is due to the fact that, in public-key systems, it is

relatively easy to compute the public key from the
private key, but very hard to compute the private key
from the public key.
 Public-key cryptography
How it works?
 Picks a pair and publishes the public key.

 Public key-encryption key,Private key-decryption

key.

 Key generation is automated with a user selected

password fed into the algorithm.

 To send a secret message to a user,a correspondent

encrypts the message with the receiver’s public key.

 Only the receiver can decrypt the message.

Digital Signature

 A digital signature or digital signature scheme is a

type of asymmetric cryptography.

 Digital signatures can also provide non-repudiation.

 Digital signatures are often used to implement

electronic signatures.

 Digitally signed messages may be anything

representable as a bitstring.
 A digital signature scheme typically consists of
three algorithms:

 A key generation algorithm that selects a private key

uniformly at random from a set of possible private
keys. The algorithm outputs the private key and a
corresponding public key.

 A signing algorithm which, given a message and a

private key, produces a signature.

 A signature verifying algorithm which given a

message, public key and a signature, either accepts
or rejects.
 Two main properties are required.

 First, a signature generated from a fixed message

and fixed private key should verify on that message
and the corresponding public key.

 Secondly, it should be computationally infeasible to

generate a valid signature for a party who does not
possess the private key.
Benefits of Digital Signatures
 Authentication

 Digital signatures can be used to authenticate the

source of messages.

 When ownership of a digital signature secret key is

bound to a specific user, a valid signature shows
that the message was sent by the user.
 Integrity

 However, if a message is digitally signed, any

change in the message will invalidate the signature.

 It may be possible to change an encrypted message

without understanding it.
Drawbacks of Digital Signatures
 Non-repudiation

 The word repudiation refers to any act of disclaiming

responsibility for a message.

 A user cannot repudiate a signed message without

repudiating their signature key.

 A non-repudiation service requires the existence of

a public key infrastructure (PKI) which is complex to
establish and operate.
 Association of digital signatures and trusted
time stamping

o Digital signature algorithms and protocols do not

inherently provide certainty about the date and time
at which the underlying document was signed.

o The signer might have included a time stamp with

the signature, or the document itself might have a
date mentioned on it
 WYSIWYS (What You See Is What You Sign)

 It means that the semantic interpretation of a

signed message can not be changed.

 In particular this also means that a message can not

contain hidden info that the signer is unaware of,
and that can be revealed after the signature has
been applied.

 WYSIWYS is a desirable property of digital

signatures that is difficult to guarantee because of
the increasing complexity of modern computer
systems.
 Additional security precautions

 A more secure alternative is to store the private key

on a smart card.

 The user can only sign documents on that particular

computer.

 The security of the private key depends entirely on

the security of the computer.
Creating a Digital Signature
 Using the sender's public key, decrypts the digital signature to
obtain the message digest generated by the sender.

 Uses the same message digest algorithm used by the sender

to generate a message digest of the received message.

 Compares both message digests (the one sent by the sender

as a digital signature, and the one generated by the receiver).
Hashing
 Hashing is the transformation of a string of
characters into a usually shorter fixed-length value
or key that represents the original string.

 Hashing is used to index and retrieve items in a

database because it is faster to find the item using
the shorter hashed key than to find it using the
original value.

 It is also used in many encryption algorithms.

 As a simple example of the using of hashing in

databases, a group of people could be arranged in a
database.
 Diagrammatic Representation
Message Digest
 A message digest is a 'summary' of the message we are
going to transmit.

 It is always smaller than the message itself.

 Even the slightest change in the message produces a

different digest. The message digest is generated using
a set of hashing algorithms.

 The message digest is encrypted using the sender's

private key. The resulting encrypted message digest is
the digital signature.
RSA Algorithm

 In cryptography, RSA is an algorithm for

public-key cryptography.

 It is the first algorithm known to be suitable for

signing as well as encryption, and one of the first
great advances in public key cryptography.

 RSA is widely used in electronic commerce

protocols, and is believed to be secure given
sufficiently long keys and the use of up-to-date.
FIREWALL
 A firewall is an integrated collection of security
measures designed to prevent unauthorized
electronic access to a networked computer system.

 It is also a device or set of devices configured to

permit, deny, encrypt, decrypt, or proxy all
computer traffic between different security domains
based upon a set of rules and other criteria.

 A system designed to prevent unauthorized access

to or from a private network
Types of Firewall Techniques

 Packet filter: Looks at each packet entering or

leaving the network and accepts or rejects it based
on user-defined rules. Packet filtering is fairly
effective and transparent to users, but it is difficult
to configure.

 Application gateway: Applies security

mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can
impose a performance degradation.
 Circuit-level gateway: Applies security
mechanisms when a TCP or UDP connection is
established. Once the connection has been made,
packets can flow between the hosts without further
checking.

 Proxy server: Intercepts all messages entering and

leaving the network. The proxy server effectively
hides the true network addresses.
Hardware Firewall
 Hardware firewalls can be effective with little or no
configuration, and they can protect every machine
on a local network.

 Most hardware firewalls will have a minimum of four

network ports to connect other computers, but for
larger networks, business networking firewall
solutions are available.

 A hardware firewall uses packet filtering to examine

the header of a packet to determine its source and
destination
Software Firewall
 The most popular firewall choice is a software firewall.

 A software firewall will protect your computer from outside attempts to

control or gain access your computer.

 The downside to software firewalls is that they will only protect the
computer they are installed on, not a network, so each computer will
need to have a software firewall installed on it.

 A good software firewall will run in the background on your system and
use only a small amount of system resources
Single Firewall
 Single Network Firewall is a comprehensive proxy-firewall suite that
ensures the security of vital information entering and leaving a network.

 "Snort" and "Prelude" Intrusion Detection Systems alert you to

network attacks and take action against hostile intruders.

 Bastille is a powerful "hardening" system that provides extra protection

against IP Spoofing attacks.

 Filtering rules can be created at the user level or by department to

control information entering and leaving a network or network subgroup
 Diagrammatic Representation
Distributed Firewall
 A distributed firewall is a mechanismthat enforces a
centralized rule policy but pushes the enforcement
of it toward the edges

 It is up tothe host machine to fetch the security

policy froma repository when an alarm is triggered.
 Diagrammatic Representation
THANK YOU