Internet Security

Chia sẻ: đinh Quang Nhật | Ngày: | Loại File: PPT | Số trang:42

lượt xem

Internet Security

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Same key is used by both parties - key is shared symmetric encryption algorithms. Algorithm used for decryption is the inverse of the algorithm used for encryption

Chủ đề:

Nội dung Text: Internet Security

  1. Internet Security
  2. Aspects of Security
  3. Privacy  sender and receiver expect confidentiality  transmitted message must make sense only the intended receiver  to all others, message must be unintelligible  Plaintext: to be encrypted at the sender  Ciphertext: encrypted data and will be decrypted at the receiver  Encryption/decryption methods:  secret-key method  public-key method
  4. Secret-key Encryption/Decryption  Same key is used by both parties -> key is shared symmetric encryption algorithms  Algorithm used for decryption is the inverse of the algorithm used for encryption
  5. Advantages & Disadvantages  Advantages:  Take less time to encrypt a message  Key is small -> used for long messages  Disadvantages:  Each pair of users must have a secret key. N people -> need N(N-1)/2 secret keys.  The distribution of the keys between two parties can be difficult -> Solution: using a third party - KDC (Key Distribution Center) -> shares a key with both users
  6. Public Key Encryption a private key + a public key  Private key:  is kept by receiver (individual)  is used to decrypt ciphertext  Public key:  is announced to the public  is used to encrypt plaintext
  7. Public Key Encryption
  8. Advantages & Disadvantages  Advantages:  Each entity is independent and the pair of keys can be used to communicate with any other entity.  The number of keys needed is reduced tremendously N users -> 2N keys  Disadvantages:  The complexity of algorithm using the long keys takes a lot of time -> just efficient for short messages  The association between an entity and its public key must be verified (certification) -> solution: CA – Certification Authority
  9. CA – Certification Authority  certify the binding between a public key and the owner (by issuing a certificate)  How?  CA combine a public key and information about an entity into one document  then CA encrypts the document with its private key and sends it to everyone registered to that authority  the registered users can use their public key to decrypt the certificate and find the public key of the entity.
  10. Using the Combination  Secret key method: efficiency (long messages)  Public key method: easy distribution of keys  Combination:  Public key is used to encrypt the secret key  Secret key is used to encrypt the message
  11. Using the Combination
  12. Digital Signature  Toachieve authentication, integrity and non-repudiation  Two choices:  Signing the whole document  Signing the Digest
  13. Signing the Whole Document  Sender uses his private key to encrypt (sign) the message his signature  Receiver uses the public key of the sender to decrypt the message
  14. Digital Signature can provide integrity, authentication and non-repudiation -> How?  Integrity:  If an intruder intercepts the message and partially or totally changes it -> the decrypted message would be unreadable  Authentication:  If an intruder (X) sends a message pretending that it is coming from someone else (G)  He must use his own private key for encryption (private X)  Message is then decrypted with the public key of G will therefore be unreadable  Encryption with X’s private key and decryption with G’s public key results in garbage  Non-repudiation:  If sender denies sending the message, his private key corresponding to his public key can be tested on the original plaintext.
  15.  Digital signature does not provide Privacy. If there is a need for privacy, another layer of encryption/decryption must be applied
  16. Signing the Digest  Using public key to sign the entire message is very inefficient if message is very long -> signing a digest of the document instead of the whole document  Operations:  Sender creates a miniature version (digest) of the document and signs it  Receiver then checks the signature on the miniature
  17. Hash Function  To create a digest of the message -> using a hash function  Hash function creates a fixed-size digest from a variable-length message
  18. Hash Function  Two most common hash function:  MD5 (Message Digest 5): 120-bit digest  SHA-1 (Secure Hash Algorithm 1): 160-bit digest  Two properties:  Hashing is one-way: the digest can only be created from the message, not vice versa  One-to-one function: there is little probability that two messages will create the same digest
  19. Signing the Digest – Operations at Sender site  After the digest has been created, it is encrypted (signed) using the sender’s private key  The encrypted digest is attached to the original message and sent to receiver
  20. Signing the Digest – Operations at Receiver site  Receiver receives the original message and the encrypted digest  Using the same hash function to the message to create the second digest  Decrypts the received digest using the public key of the sender, then compares it with the second digest
Đồng bộ tài khoản