Tài Liệu - Võ Tấn Dũng (votandung) chapter6-crypto tài liệu, giáo án, bài giảng , luận văn, luận án, đồ án, bài tập lớn...
Chapter Cryptographic System Objectives Explain how cryptology consists of cryptography and cryptanalysis and how these concepts apply to modern day cryptography Explain how securing communications by various cryptographic methods, including encryption, hashing and digital signatures, ensures confidentiality, integrity, authentication and non-repudiation Describe the use and purpose of hashes and digital signatures in providing authentication and integrity Explain how authentication is ensured Explain how integrity is ensured Explain how data confidentiality is ensured using symmetric encryption algorithms and pre-shared keys Explain how data confidentiality is ensured using asymmetric algorithms in a public key infrastructure to provide and guarantee digital certificates Cryptographic Services Securing communication Securing communication Authentication - Guarantees that the message is not a forgery and does actually come from who it states it comes from Integrity - Similar to a checksum function in a frame, guarantees that no one intercepted the message and altered it Confidentiality - Guarantees that if the message is captured, it cannot be deciphered Cryptography Cryptography is both the practice and the study of hiding information A cipher is a series of well-defined steps that can be followed as a procedure when encrypting and decrypting messages Transposition Substitution Vernam Cryptography Transposition Cryptography Subtitution cipher – ceasar cipher Cryptography Subtitution cipher- caesar cipher wheel Subtitution cipher – Vigenere table Digital signature Digital signature Digital signature RSA The RSA algorithm is based on a public key and a private key used widely in digital signature, e-commerce systems and Internet protocols The performance problem is the main reason that RSA is typically used only to protect small amounts of data Public Key Infrastructure (PKI) PKI is a service framework (hardware, software, people, policies and procedures) needed to support large-scale public key-based technologies Certificate - A document, which binds together the name of the entity and its public key and has been signed by the CA Certificate authority (CA) - The trusted third party that signs the public keys of entities in a PKI-based system Public Key Infrastructure (PKI) CA vendors Public Key Infrastructure (PKI) PKI usage key or special key : two key pair per entity One public and private key pair for encryption operations The second pair for digital signature Two certificates PKI Standard Standardization and interoperability of different PKI vendors is still an issue when interconnecting PKIs IETF – X509 Secure web servers: SSL and TLS Web browsers: SSL and TLS Email programs: S/MIME IPsec VPNs: IKE PKI Standard The Public-Key Cryptography Standards (PKCS) by RSA laboratory Certificate Authorities (CA) CA topologies Single-root PKI Topology Hierarchical CA Topology Cross-certified CA Topology Certificate Authorities (CA) CA topologies Certificate Authorities (CA) CA topologies Certificate Authorities (CA) RA Authentication of users when they enroll with the PKI Key generation for users that cannot generate their own keys Distribution of certificates after enrollment Digital Signature and CA PKI as the authentication mechanism Authentication Nonrepudiation Easier key management Long lifetime for the certificates Disadvantages A user certificate is compromised (stolen private key) The certificate of the CA is compromised (stolen private key) The CA administrator makes an error (the human factor) Digital Signature and CA Digital Signature and CA ... access to the shared secret key Brute-force attack Ciphertext-only attack Know-Plaintext attack Chosen-plaintext attack Chosen-ciphertext attack Meet-in-the-middle Cryptanalysis Cryptology Cryptology... well-known hash functions: Message Digest (MD5) with 128-bit digests Secure Hash Algorithm (SHA-1) with 160-bit digests But Vulnerable to man-in-the-middle attacks Does not provide security to transmission... unpublished flaw in the original SHA SHA-224, SHA-256, SHA-384, and SHA-512 are newer and more secure versions of SHA and are collectively known as SHA-2 Authenticity with HMAC HMACs use an