Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network Access
Security Goal: Confidentiality q Suppose you are a customer using a credit card to order an item from a website q Threat: - An adversary may eavesdrop on your network communication, reading your messages to obtain your credit card information q Solution: - Encrypt your message to keep the content secret - A protocol that does so is said to provide confidentiality
Security Goal: Data Integrity q Confidentiality is not enough q Threat: - An adversary cannot read the contents of your encrypted message, but is still able to change a few bits in it - This may result in a valid order for, say, a completely different item or perhaps 100 units of the item q Solution: - Enable the receiver to detect message tempering - A protocol that does so is said to provide data integrity
Security Goal: Authentication q Another threat to the customer is unknowingly being directed to a false website q Threat: - This can result from a Domain Name System attack, in which false information is entered to locate a server - This leads to translating a correct URL into the address of a false website q Solution: - Ensure that you really talk to whom you think you’re talking - A protocol that does so is said to provide authentication
Background: Symmetric (private) Key Cryptography Asymmetric (public) Key Cryptography
Modern Cryptography Encryption uses encryption key K e q 0110111010010001 key K e plaintext ciphertext encrypt The quick brown fox 4f60ce544b43c13f1d Decryption uses decryption key K d q plaintext ciphertext decrypt 4f60ce544b43c13f1d The quick brown fox 1001001100111010 key K d Encryption and decryption keys are mathematically related: q Decrypt(Encrypt (plaintext, K e ), K d ) = plaintext
Principles of Cryptography q Cipher: - should be public (inspires trust that the algorithm works) q Key: - should be secret (at least part of it) - should be long enough to prevent breaking of the encryption - should be short enough to keep algorithm efficient q Symmetric key ciphers: - sender, receiver keys are identical and private q Public-key ciphers: - encryption key public , decryption key secret ( private)
Symmetric (Private) Key Cryptography q Same (symmetric) key used for encryption / decryption 0110111010010001 key K The quick brown fox 4f60ce544b43c13f1d decrypt encrypt
Symmetric (Private) Key Cryptography q Same (symmetric) key used for encryption / decryption 0110111010010001 key K The quick brown fox 4f60ce544b43c13f1d encrypt same key K The quick brown fox 4f60ce544b43c13f1d decrypt
Asymmetric (Public) Key Cryptography Sender, receiver do not share secret key q Each uses a pair of related keys (private, public) q Private decryption key known only to receiver q Public encryption key known to all q 0110111010010001 key K public encrypt The quick brown fox 4f60ce544b43c13f1d 4f60ce544b43c13f1d decrypt The quick brown fox 1001001100111010 key K private Any text encrypted with K public can be decrypted with K private q Any text encrypted with K private can be decrypted with K public q
Review: Hash Functions q Map data of arbitrary size to data of fixed size Message m Message Digest H(m) The quick brown fox... hash function H 85d013f4 The quick red fox... hash function H ad917c7f q H(m) has fixed-length, regardless of the length of m q H is a one-way function that produces a message digest - One-way property: can’t recover m from H( m ) - Small change in m induces a big change in H( m )
Confidentiality Example Alice wants to send a confidential message M to Bob (that no q one else could read). What should Alice send Bob? Solution using a symmetric key cryptography: q Solution using a public key cryptography: q
Authenticity Example Alice wants to send a message M to Bob. Bob wants to check q that the message comes from Alice, not an impostor. What should Alice send Bob? Solution using public key cryptography: q
Data Integrity Example Alice wants to send a message M to Bob. Bob wants to check q that the message from Alice hasn’t changed while in transit. What should Alice send Bob?
Digital Signatures Digital signatures are used to validate the authenticity and q integrity of a message, software or digital document To create a digital signature: q - Create a one-way hash of the electronic data to be signed - Encrypt the hash with the private key
How Do Digital Signatures Work? Hey, can you send me my banking information, please sign it so I know someone isn’t lying to me! Trudy Alice
What Does Trudy Do? e r u t a n t s Encrypt with Hash g e i g S i D Alice’s bank’s private key Function H 01101101 10110100 Bank 10110101 11010110 Statement A digest encrypted with a private key is called a digital signature. Alice’s Now Trudy has two things to Bank send Alice, a message and a Statement digital signature. 01101101 10110101
How Do Digital Signatures Work? Trudy Alice Hey, can you send me my banking information, please sign it so I know someone isn’t lying to me! Alice’s Bank Statement 01101101 10110101
How Does Alice Verify? t s Hash e g i D Alice’s Function H 10110100 Bank 11010110 Statement They match! So someone who knew the bank’s private key must have e t r s u Decrypt with e t g a i n D g signed the document! i S bank’s public key 10110100 01101101 11010110 10110101 q Issue: - How does Alice know the bank’s public key? - What if Trudy generates his own (private, public) key, then sends the public key to Alice claiming to be the bank’s public key?
Authentication of Public Keys q Algorithms to generate a matched pair of public and private keys are publicly known q How can Alice guarantee that the public key really belongs to the bank? q Solution is the public key certificate - Statement specifying the key and identity - Signed by a Certification Authority
Certification Authority (CA) q Trusted entity that issues public-key certificates - A public-key certificate, or simply a certificate , is a signed statement binding a public key to an identify q Certification Authority - Binds a public key to an entity and issues a certificate - The CA itself has a well-known public key - The CA signs the certificate with its private key
Public Key Infrastructure and Certificates amazon.com (subject ID) and public key Authenticity of public CA: Verisign keys depends on the Hash function authenticity of CA’s public key, PK verisign Verisign’s private key Signature CA’s function certificates are installed by Microsoft, Apple, Sent to Firefox, etc. To be able to do business, amazon gets online q customer a public key certificate from Verisign Verify Amazon’s If Alice wants to shop on amazon, certificate using PK verisign q amazon sends its certificate to Alice Verisign’s public key is already q preinstalled in Alice’s browser
Click here for Security Info
Unencrypted Connection
Encrypted Connection
Signed by Symantec
Review: Digital Signature digest The quick brown fox... hash function 85d013f4 0110111010010001 key K private signature encrypt 85d013f4 a3ff369b The quick brown fox... The quick red fox... a3ff369b 0110111010010001 key K public signature digest decrypt a3ff369b 85d013f4 Bad! OK The quick brown fox... The quick red fox... hash function 85d013f4 ad917c7f
Recommend
More recommend