Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011Domain AgendaDefinitionsSlide 4Historical Development of CryptographyBasic Goals of CryptographyMaking Secure Cryptographic AlgorithmsBasic Transformation TechniquesProcessWork FactorSlide 11Certificate Authority (CA)Certificate AuthoritySlide 14Slide 15Key ManagementKey ClusteringFunctions of Key ManagementSlide 19Slide 20Initialization VectorSlide 22Slide 23Symmetric Key CryptographyBlock CipherSlide 26Modes of Symmetric Block CiphersExample TechniquesSlide 29DESAES (Rijndael)Other Block CiphersStream CipherStrengths & Weaknesses of Symmetric-Key CryptographySlide 35Asymmetric Key CryptographyAlgorithmsDigital SignaturesDigital Signature UsesDigital SignatureSlide 41Public Key Infrastructure (PKI)Public Key CryptographySlide 44Public Key InfrastructureStrong Cryptographic Solutions for PKIWeb of TrustSlide 48Slide 49Substitution CiphersSlide 51Simple Substitution CipersSimple Transposition/ Permutation CiphersPolyalphabetic CiphersRunning Key CiphersOne-Time Pads (OTP)Message Integrity Controls (MIC)Slide 58Message Authentication CodesChecksumHash FunctionCommon Hash FunctionsHash Functions CharacteristicsSlide 64SteganographySlide 66Slide 67Digital WatermarkingSlide 69Slide 70AttacksCryptanalysisBrute ForcePlaintext AttacksCiphertext AttacksAttacks Against CiphersAttacks Against Hash FunctionsOther Common AttacksDr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011CryptographyDomain Agenda•Definitions•History•Goals and Process•Certificate Authority•Key Management•Initialization Vector•Symmetric Key Cryptography•Asymmetric Key Cryptography•Substitution Ciphers•Message Authentication Code•Steganography and Watermarking•Cryptanalysis and attacksDefinitions•Cryptography–Mathematical manipulation of information that prevents the information being disclosed or altered•Cryptanalysis–Defeating the protected mechanisms of cryptography•Cryptology–Study of Cryptography and CryptanalysisDomain Agenda•Definitions•History•Goals and Process•Certificate Authority•Key Management•Initialization Vector•Symmetric Key Cryptography•Asymmetric Key Cryptography•Substitution Ciphers•Message Authentication Code•Steganography and Watermarking•Cryptanalysis and attacksHistorical Developmentof Cryptography•Cryptographic Techniques–Manual–Mechanical–Electro-mechanical–Electronic–Quantum CryptographyBasic Goals of Cryptography•Confidentiality•Integrity•Authenticity•Non-repudiation•Access control•Make compromise difficultMaking Secure Cryptographic Algorithms•Problems–Discernible–Redundancies–Statistical Patterns•Solutions–Confusion–Diffusion–AvalancheBasic Transformation Techniques•Substitution•Transposition or permutation•Compression•Expansion•Padding•Key mixing•Initialization vector (IV)Process•Input (also called Plaintext or Clear Text)•Cryptosystem (device that performs encryption/decryption)•Cryptographic Algorithms (Mathematical functions)•Output (Cipher text or Cryptogram)•Key (Crypto variable)Work Factor•Work Factor is defined as the amount of effort (usually measured in units of time) needed to break a cryptosystem.•The Work Factor of a cryptosystem is related to its key-length and the working mechanism used (encryption and decryption algorithms). For example, if the brute force attack method is used to break the system (trying all possible combinations of the key), then the work factor is directly proportional to the length of the key. For every addition of one bit to the key length, the time needed (work factor) is doubled.Domain Agenda•Definitions•History•Goals and Process•Certificate Authority•Key Management•Initialization Vector•Symmetric Key Cryptography•Asymmetric Key Cryptography•Substitution Ciphers•Message Authentication Code•Steganography and Watermarking•Cryptanalysis and attacksCertificate Authority (CA)•Manages certificate lifecycle•Trusted third party•Registration authorityCertificate Authority•In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.•Commercial CAs charge to issue certificates that will automatically be trusted by most web browsers (Mozilla maintains a list of at least 36 trusted root CAs, though multiple commercial CAs or their resellers may share the same trusted root ).•The number of web browsers and other devices and applications that trust a particular certificate authority is referred to as ubiquity.•Aside from commercial CAs, some providers issue digital certificates to the public at no cost. Large institutions or government entities may have their own CAs.Certificate Authority•Certificate-based encryption is a system in which a certificate authority uses ID-based cryptography to produce a certificate. This system gives the users both implicit and explicit certification, the certificate can be used as a conventional certificate (for signatures, etc.), but also implicitly for the purpose of encryption. •A user Alice can doubly encrypt a message using another user's (Bob) public key and his (Bob's) identity.•This means that the user (Bob) cannot decrypt it without a currently valid certificate and also that the certificate authority cannot decrypt the message as they don't have the user's private key (i.e., there is no implicit escrow as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).Domain Agenda•Definitions•History•Goals and Process•Certificate Authority•Key Management•Initialization Vector•Symmetric Key Cryptography•Asymmetric Key Cryptography•Substitution Ciphers•Message Authentication Code•Steganography and Watermarking•Cryptanalysis and attacksKey Management•Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.•Key management concerns keys at the user level,
View Full Document
Unlocking...