Beruflich Dokumente
Kultur Dokumente
PUBLIC KEY
CRYPTOSYSTEMS
EMAIL SECURITY
PEM
DIGITAL SIGNATURE
BY :VIJETHA V BHAT K
SECURING NETWORK TRANSACTIONS
CRYPTOLOGY :
Cryptography, or the encrypting and decrypting of
messages, for sharing secret messages among a group
of users or any two persons, has existed for thousands of
years.
One of the earliest uses of cryptography was by Julius
Caesar. He used a simple substitution cipher, now known
as the Caesar Cipher.
Its operation was simple-each letter was rotated by
three. Thus, A became D, B became E, and so on. A
generalization of Caesar Cipher can be done by changing
the rotation by 3, used in original encryption, to k.
The two persons using the systems have to know the
value of k. these rotation based algorithms are not
difficult to solve.
Cryptanalysis:
A cryptosystem or cipher system is a method of
disguising messages so that only certain people can
see through the disguise.
It is usually a whole collection of algorithms.
Cryptanalysis is the art of breaking cryptosystems-
seeing through the disguise even when one is not
supposed to be able to.
cryptanalysis is the process of attempting to discover
the plaintext message P or the key K or both.
The cryptanalyst employs a variety of methods to
break the code.
4/2/2017 3
Conventional Encryption Model:
In the conventional encryption model the original
intelligible message (plaintext) is converted into a
coded message (cipher text).
The encryption process consists of an algorithm and a
key.
The key is a value, which is independent of the
plaintext that controls the algorithm.
The output of the algorithm is dependent on the
specific key being employed at the time of deciphering.
4/2/2017 4
4/2/2017 5
The cipher text generated is transmitted over the network.
As the receiving end the cipher text can be transformed
back to the original plaintext by using a decryption
algorithm, and the same key that was used for encryption.
Mathematically; this model can be explained as follows:
The plaintext P is encrypted by algorithm E and the key K to
cipher text C. The key K is kept secret. C = Ek(P).
The decryption algorithm is used to translate the ciphertext
to plaintext using the same key K. P = Dk(C).
E and D are mathematical functions or algorithms that
encrypt and decrypt for the given key K.
Since the same key is being used to encrypt and decrypt
original messages. It implies that P = Dk (Ek(P)).
the security of the encryption is dependent on the secrecy
of the key, and not on the secrecy of the algorithm.
4/2/2017 6
Some of the problems associated with the use of these
algorithms are:
A large or dynamic group of users can not use them,
because every time a user leaves a group, all others have
to switch to a different key to maintain security.
If the secret key is accidentally revealed by someone in
the group, the rest of the members must change their key.
There is no scope for quality control or standardization.
Every group of users must have their own unique
algorithm and keys.
Such a group cannot buy any off-the-shelf hardware or
software products, which are also equally accessible to
any eavesdropper.
It does not guarantee effective security.
The users themselves have to have a good knowledge of
cryptography to write their own secure algorithm and key
exchange mechanism
4/2/2017 7
Public Key Cryptosystems :
4/2/2017 15
Public Key Signatures
The problem with secret key signatures is that
the Central Authority has access to all messages
and agreements, in addition to the previously
discussed problem with shared secret key based
mechanism.
Public key infrastructure (PKI) has emerged as
the strongest authentication mechanism in
global electronic commerce.
As described earlier, public key encryption and
decryption algorithms have the properties
D(E(P)) = P and E(D(P))=P, where D and E
denote usage of private and public key
respectively.
4/2/2017 16
If
Alice wants to send the plaintext message P to Bob,
by encrypting it with her private key DA and then
encrypting it with Bob's public key EB, the message
generated will be EB( DA(P)), and this is transmitted
over the network to Bob.
Bob, on receiving this message, first decrypts the
message using his private key, DB, to extract DA(P).
This is then decrypted using Alices public key, E A, to
retrieve the original plaintext P.
If Alice subsequently denies having sent the
message, Bob can produce both P and DA(P).
Itcan be easily verified that Bob has a valid message
encrypted by DA, by applying, EA, to it.
The only way Bob could have received a message
encrypted by DA is by Alice sending it.
4/2/2017 17
4/2/2017 18
Electronic Mail Security
Electronic mail, known as e-mail, is the most widely used
network based application on the internet. It is widely used
across all architectures and vendor platforms.
With the explosively growing reliance on e-mail for every
conceivable purpose, the demand for authentication and
confidentiality services has also grown.
Two schemes that are extensively used to ensure the
privacy of e-mails are: (i) Pretty Good Privacy (ii) Privacy
Enhanced Mail.
PGP
Pretty good privacy -is a comprehensive e-mail security
package that addresses privacy, authentication,
confidentiality, digital signatures, and compression issues.
Mechanism of PGP:
Alice intends to send the plaintext message P, to Bob, in a
secure manner.
4/2/2017 19
The public and private keys of Alice are EA and
DA,respectively.
4/2/2017 21
Bob, on receiving the message, reverse the base-64
encoding and decrypts the IDEA key using his private
RSA key, DB' This IDEA key is then used to decrypt
P'.Z.
After decompression, Bob separates the plaintext
from the encrypted hash, decrypts the hash with
Alice's public key, and verifies the integrity of the
hash.
If the plaintext is in agreement with his MD5
computation, it confirms that the message was
correct and was sent by Alice.
4/2/2017 22
4/2/2017 23
PEM
Privacy Enhanced Mail is a draft internet standard that
provides security related services for electronic mail
applications.
Its most common use is in conjunction with the internet
standard Simple Mail Transfer Protocol (SMTP), but can be
used with any electronic mail scheme.
PEM is an end-to-end service that is transparent to
intermediate mail forwarding elements. The underlying
mail system need not be altered to accommodate PEM.
It provides protection in SMTP as well as other mail
transport environments.
PEM also supports the use of advance manual distribution
of keys, centralized key distribution based on symmetric
encryption, and the use of public key certificates.
This requires the communicating end systems to share
the same key distribution mechanism.
4/2/2017 24
Specifically, PEM provides the following capabilities:
Disclosure protection
Originator authenticity
Message integrity
Non-repudiation of origin
4/2/2017 25
Messages sent using PEM are first converted to a
canonical form, so that they have the same
conventions about white spaces (tabs, trailing spaces
etc.) use of carriage returns, and line feeds.
This transformation ensures that message transfer
agents are unable to modify the contents.
A hash message is then computed using MD2 or MD5.
The combination of the hash and the message is
encrypted using DES.
Further encoding is possible with radix-64 coding.
The output is then delivered to the recipient.
Each message is encrypted with a one-time key,
which is enclosed along with the message. At the
receiving end, the reverse process for decryption
takes place.
4/2/2017 26
END OF PRESENTATION
4/2/2017 27