Cryptography

3/25/2019 1
 Sender Receiver

Encryption Decryption
Key Key

Transmitted
Cleartext Cleartext
Message
Message Message

encryption Encoded decryption

algorithm Message algorithm

3/25/2019 2
40-Bit Key
3 1/2 hours
to break code

56-Bit Key
22 hours 15 minutes
to break code
Less than 1 rotation of the earth

64-Bit Key
33-34 days
to break code
33-34 rotations of the earth
128-Bit Key
more than 2,000 years
to break code

The earth would have to make

3/25/2019 more than 2,000 circles around 3the sun
 Symmetric Key Encryption
Four score and
seven years
DES | RC4 sdfklj98a475$5
6jhgv98456vjnf
DES | RC4 Four score and
seven years
ago, our 84576FGHH78l ago, our
forefathers fkghj- forefathers
brought forth 506#6lkjg4#$5; brought forth
the proposition lkn;t7;lsk%0 the proposition

Cleartext Message Cipher Text Cleartext Message

 Public/Private Key
One half of a key pair is used to encrypt,
the other half is used to decrypt.
Encryption Decryption

Recipient’s Recipient’s
Public Private
Key Key

-Data Integrity, Authentication,Non-repudiation,Replay Protection.

An application of Public/Private Key
Encryption of symmetric key
Avinash

I want to send Ashok an encrypted message

so only he can read it.
Ashok

I have to obtain
Ashok’s public key. Milind
Ashok’s Public
Key
 An application of
Encryption: Public/Private Key

Plaintext

+ =

Symmetric Ciphertext
key

Ashok’s Public
Key
An application of Public/Private Key
Encryption of symmetric key

Ciphertext
=
+
Ashok’s Public Symmetric Wrapped
Key key Symmetric Key
 An application of
Public/Private Key
Digital Envelope

Wrapped
Ciphertext Symmetric Key Ciphertext

Wrapped
Symmetric Key
 An application of
Decryption Public/Private Key

Ashok’s
= Private Key +
Wrapped
Symmetric Wrapped
Ciphertext
Ciphertext Symmetric Key
key Symmetric Key

+ =
Symmetric
Ciphertext
key Plaintext
 How Secure is the Private Key?

Where is it stored? How does the user

authenticate to the store?
Local Store

Smart card
 How does PKI work?
Sender’s
Digital
Hash Code Private Key Signature

Original
Message

Recipient’s
Public Key Symmetric Key

Encrypted
Encrypted
Symmetric
& Signed
Sender Key
3/25/2019 13
 How does PKI work?
Recipient’s Recipient
Private Key

Encrypted Symmetric Key

Symmetric
Key
Hash
Algorithm Message
verified

Original
Message
Digital Sender’s Hash Code
Encrypted Signature Public Key
& Signed
3/25/2019 14
 General PKI Requirements
Certification Authority
Cross-certification Key Histories

Support for
non-repudiation Key Backup
& Recovery

Timestamping
Certificate
Revocation
Certificate
Automatic
Repository Application
Key Update
software
3/25/2019 15
 What is in a certificate?
A Digital Certificate is a digitally signed document
that associates a public key with a user.

Certificate ties a
participant to public key Public Key:

Name: Jonathan Tan

ID Number & Name private
NRIC Number: 1234567A

Expires: 31 December 2000

Validity Period

Signed: CA’s Signature The authenticity of the

certificate is guaranteed
by the digital signature
generated using the
CA’s private key.
3/25/2019 16
 Certificate Authentication
Server decrypts
with Ashok’s
Ashok’s Identity
Public Key+
Ashok’s Public Key
Ashok’s If results match. . . Ashok’s
Private Key Certificate
User is authenticated
Revocation
check
Application
Server
 Key Lifecycle Management
Key Generation

Certificate Issuance
or

Certificate Validation
Key Usage
Key Expiry

Key Update

3/25/2019 18