Submitted by :Ashish Harkare Chetan Bhardwaj Gaurav Wadhwa Kartikya Pande Samridhi Singla

(08020541124) (08020541129) (08020541127) (08020541128) (08020541126)

What is Cryptography?

Cryptography is the science of using mathematics to encrypt and decrypt data. It enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended receiver. It is used in applications present in technological advanced societies e.g. Security of ATM cards, computer passwords and e-commerce.

Encryption and Decryption

Plaintext or clear text. Cipher Key Encryption Cipher text Decryption

How does Cryptography work?

Netprog: Cryptgraphy

Why Cryptography?
The main use of cryptography is to provide the following :

(1) Privacy or confidentiality

(2) Data integrity (3) Authentication (4) Non-repudiation.
6

Secret Key Cryptography

( Symmetric cryptography)

Single key used to encrypt and decrypt.

Key must be known by both parties. Assuming we live in a hostile environment , it may be hard to share a secret key.

Secret Key Cryptography ( Symmetric cryptography)

Advantage of Symmetric Cryptography

The encryption process is simple

Each trading partner can use the same publicly known encryption algorithm - no need to develop and exchange secret algorithms Security is dependent on the length of the key

Disadvantage

If a user has n trading partners, then n secret keys must be maintained, one for each trading partner Authenticity of origin or receipt cannot be proved because the secret key is shared Management of the symmetric keys becomes problematic

Problems with Management of Symmetric Keys

Partners must always use the exact same key to decrypt the encrypted message key exchange is difficult because the exchange itself must be secure with no intervening compromise of the key management of keys is difficult as numbers of trading partners increases, especially when multiple keys exist for each trading partner

Public Key Cryptography Solution for Managing Symmetric Keys

public key cryptography simplifies the management of symmetric keys to the point whereby a symmetric key can be used not only for each trading partner, but for each exchange between trading partners additionally, public key cryptography can be used to unambiguously establish non-repudiation of origin and receipt

Public Key Cryptography

( Asymmetric cryptography)

Relatively new field - 1975 Each entity has 2 keys:

private key (a secret) public key (well known).

13

Using Keys

Private keys are used for decrypting. Public keys are used for encrypting. plaintext encryption public key ciphertext decryption plaintext ciphertext

private key

14

Asymmetric Key Uses

confidentiality digital signatures both uses depend on the association of a key pair with one, and only one owner of the keys both uses depend on one of the keys in the key pair being secret from everyone but the owner of the key

Real World Usage of Asymmetric Encryption

public key encryption algorithms are considerably slower than symmetric key algorithms rarely used as encryption methodology for bulk messages or parts of messages normally used in conjunction with a Message Integrity Check (MIC) or to encrypt a symmetric key, where the MIC or symmetric key is what is encrypted using public key encryption algorithms

disadvantage

software encryption using DES (symmetric key algorithm) is 100 times faster than software encryption using RSA (asymmetric key algorithm) - estimate provided by RSA Data Securities hardware encryption using DES (symmetric key algorithm) is anywhere from 1,000 to 10,000 times faster than hardware encryption using RSA (asymmetric key algorithm)

Digital Signature

Public key cryptography is also used to provide digital signatures. signing signed message

plaintext

private key
signed message verification plaintext

public key

18

Transmitting over an insecure channel.

Alice wants to send Bob a private message.

Apublic is Alices public key. Aprivate is Alices private key. Bpublic is Bobs public key. Bprivate is Bobs private key.

19

Hello Bob, Wanna get together?

Alice Bob

encrypt using Bpublic

decrypt using Bprivate

20

OK Alice, Your place or mine?

Alice Bob

decrypt using Aprivate

encrypt using Apublic

21

Revised Scheme
Alice Bob

Sign with Aprivate

check signature using Apublic

encrypt using Bpublic

decrypt using Bprivate

22

Speed

Secret key encryption/decryption algorithms are much faster than public key algorithms. Many times a combination is used:
use public key cryptography to share a

secret key. use the secret key to encrypt the bulk of the communication.

23

Secure Protocols

There are a growing number of applications for secure protocols:

email electronic commerce

electronic voting
homework submission

24

Secure Protocols

Many application protocols include the use of cryptography as part of the application level protocol.
The cryptographic scheme employed is part

of the protocol. If stronger cryptographic tools become available we need to change the protocol.

25

SSL and TLS

Secure Sockets Layer (SSL) is a different approach - a new layer is added that provides a secure channel over a TCP only link. TLS is Transport Layer Security (IETF standard based on SSL).

26

SSL and TLS

Transport Layer Security (TLS) Protocol and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks such as the Internet

27

SSL layer
Application SSL TCP IP Application SSL TCP IP

28

Advantages of SSL/TLS

Independent of application layer Includes support for negotiated encryption techniques.
easy to add new techniques.

applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP

29

HTTPS Usage

HTTPS is HTTP running over SSL.

used for most secure web transactions.
HTTPS server usually runs on port 443. Include notion of verification of server via a

certificate. Central trusted source of certificates.

30

Common Symmetric Key Algorithms

Data Encryption Standard - DES Triple DES RC2 and RC5 IDEA

Todays latest used cryptographic techniques

Netprog: Cryptgraphy

32

Different types of threats to network

Application backdoors SMTP session hijacking Operating system bugs Denial of service E-mail bombs Macros Viruses Spam Redirect bombs

Netprog: Cryptgraphy

34

Netprog: Cryptgraphy

35

Netprog: Cryptgraphy

36