Slide 1Basic CryptographyCryptographyThe concept of a cipherSlide 5Slide 6Slide 7Slide 8Desired Properties of an Encryption AlgorithmDetailsSlide 11Slide 12Public-key CryptographyThe concept of a 1-way functionThe Concept of Public-key CryptographyThe Concept of Public Key EncryptionSlide 17Slide 18A key exchange protocolDigital SignaturesSlide 21Slide 22Slide 23CertificatesCertificate AuthorityCopyright 1999 S.D. Personick. All Rights Reserved.Telecommunications Networking IILecture 41bCryptography and Its ApplicationsCopyright 1999 S.D. Personick. All Rights Reserved.Basic CryptographyCopyright 1999 S.D. Personick. All Rights Reserved.Cryptography•Using mathematically-based methods to protect information from being read and/or modified by unauthorized personsCopyright 1999 S.D. Personick. All Rights Reserved.The concept of a cipherFour score and seven years ago …Gpvs tdpsf boe tfwfo zfbst bhp ...Copyright 1999 S.D. Personick. All Rights Reserved.Cryptography•The simple substitution cipher is easy to “break”•We need a much more secure approach for real-world applicationsCopyright 1999 S.D. Personick. All Rights Reserved.Cryptography•The most secure approach to cryptography is to use a “one time pad”…•However, in most applications it is not practical to use the “one time pad” methodCopyright 1999 S.D. Personick. All Rights Reserved.Cryptography•Most cryptographic methods are based on-A cryptographic algorithm that is assumed to be widely known (the algorithm itself is not secret)-A secret cryptographic “key” that is known only to those who are authorized to have the secret keyCopyright 1999 S.D. Personick. All Rights Reserved.CryptographyEncrpyt DecrpytSecretKeySecretKeyCopyright 1999 S.D. Personick. All Rights Reserved.Desired Properties of an Encryption Algorithm •It should be very difficult (computationally) to decrypt a message without having the secret key•It should be reasonably easy to encrypt and decrypt a message, if you have the secret keyCopyright 1999 S.D. Personick. All Rights Reserved.Details•The secret key is usually a binary sequence (1s and 0s) that is at least 56 bits long, and preferably 128 bits long (or longer)•Key management ... E.g., distributing secret keys to people who are authorized to have them, without making them accessible to unauthorized persons … is always a challengeCopyright 1999 S.D. Personick. All Rights Reserved.Details•Nobody knows for sure how “hard” it is to “break” modern encryption methods … however mathematicians are able to make statements about the comparative difficulty of breaking one method vs. another•Increasing computing power makes brute force methods feasible… leading to the need for longer keysCopyright 1999 S.D. Personick. All Rights Reserved.Details•The ability to break many encryption methods is closely related to the ability to “factor” a large number … thus you may read about competitions among people working in the field of cryptography to come up with efficient computational schemes for factoring large numbersCopyright 1999 S.D. Personick. All Rights Reserved.Public-key Cryptography•In the 1970’s cryptographic researchers came up with some amazing results/concepts that have had a remarkable impact on the ability to build practical cryptographic systems•These results/concepts helped address the key management problemCopyright 1999 S.D. Personick. All Rights Reserved.The concept of a 1-way function•A one-way function is one for which it is easy to compute y = f(x), where y and x are sequences of binary digits (1s and 0s) …… but it is very “hard” to compute what x is, given that you have access to y•A one way function is analogous to a padlock: I can easily snap it shut, but I can’t open it (without a key or a combination)Copyright 1999 S.D. Personick. All Rights Reserved.The Concept of Public-key Cryptography•Public key encryptionEncrpyt DecrpytPublicKeyPrivate (secret) KeyCopyright 1999 S.D. Personick. All Rights Reserved.The Concept of Public Key Encryption•A public key is a sequence of binary digits (1s and 0s) that is accessible to anyone who wishes to know what it is (I.e., its published in a publicly accessible directory)•The corresponding private (secret) key is only known to authorized personsCopyright 1999 S.D. Personick. All Rights Reserved.The Concept of Public Key Encryption•A public key is used to apply a one-way function, I.e. to encrypt the red information. Anyone with a message to send to a particular recipient, or set of recipients can use the recipient’s public key to do this•The corresponding private (secret) key is used by the authorized recipient(s) to decrypt messages that have been sent to themCopyright 1999 S.D. Personick. All Rights Reserved.Details•It is computationally difficult (and correspondingly slow) to utilize public key cryptography•Therefore, in practice, public key cryptography is often used as a secure method for exchanging private keys; and then private key cryptography is used to exchange informationCopyright 1999 S.D. Personick. All Rights Reserved.A key exchange protocolClientServerObtain server’s public keyUse server’s public key to send ID info to serverReceive/decrypt session keyUse session key-----Receive/decrypt messageObtain client’s public keySend session key to client-Use session keyCopyright 1999 S.D. Personick. All Rights Reserved.Digital Signatures•Problem-How can I be sure that a message with your name associated with it: really came from you hasn’t been altered since you sent itCopyright 1999 S.D. Personick. All Rights Reserved.Digital SignaturesMessageHash SignatureEncryptSender’s private keyCopyright 1999 S.D. Personick. All Rights Reserved.Digital Signatures•The hash is a summary of my message•Given the message, anyone can compute the hash•When I encrypt the hash and my signature, using my secret key, anyone can decrypt it using my public keyCopyright 1999 S.D. Personick. All Rights Reserved.Digital Signatures•However, no one can change the message without producing a mismatch between the hash derived from the changed message, and the hash that I sent in my encrypted hash/signature file•Furthermore, no one can create a fake hash/ signature file that will decrypt properly with my public keyCopyright 1999 S.D. Personick. All Rights Reserved.Certificates•When I send you a message claiming to be Prof. Stewart