To Previous ChapterTo Table of ContentsTo Bottom of PageTo Next Chapter

CS459/559 - Network Security - Chapter 5: Encryption

  • Data Encryption - uses an algorithm which hides the meaning of the text
    plaintext _______ ciphertext ________ original
    ---------------> |_______| -------------->|________| ----------->
    plaintext

    Why do we need encryption? ---- TRUST

    A good cryptographic algorithm:

    1. Should be simple to use by authorized users
    2. Should be difficult and time consuming for non-authorized users to decrypt.
    3. The security of the data should not depend on the secrecy of the algorithm.
    4. The efficiency and security of the algorithm should not be data dependent.

    Encryption Algorithms:

    1. substitution
      • Caesar Cipher - monoalphabetic translation
      • Vernam Cipher - uses one-time pad developed using random numbers
    2. transpositions (permutations)
      • Columnar Transpositions
      • Double Transpositons
    3. Public Key Systems - anyone can send a secret message to a user, but only the intended receiver would know how to decrypt the message.
    4. Merkle-Hellman Knapsacks - encodes a binary message as a solution to the knapsack problem (contains a trapdoor)
    5. Rivest-Shamir-Adelman(RSA) Encryption - uses number theory and factors of large numbers to encypt the data. (key should be at least 512 bits)
    6. Data Encryption Standard (DES) - uses 16 cycles of substitution and transposition of 64 bit blocks (uses a 56-bit key) [can be broken by brute force)
    7. Diffie-Hellman - public key algorithm used in Sun Microsystems RPCs and NFS (raises a constant to a power of a key generating a 192 bit key)
    8. IDEA (Intenational Data Encryption Algorithm) uses a 128-bit key.
    1. Public and Private Keys
      • authentication - security method that uses digital signatures (provides for nonrepudiation)
      • Private Key (symmetric) - sender & recipient must know same secret key (e.g. Kerebos) [DES, IDEA]
      • Public Key (asymmetric) - public key is published and private key is kept secret by holder [RSA]
    2. Encryption Mechanisms
      • RSA & DES
        • encrypt message with random DES key (fast)
        • encrypt DES key with RSA
        • transmit DES-encrypted message and RSA-encrypted DES key (RSA digital envelope)
      • PGP (Pretty Good Privacy) - public-key system for encrypting e-mail using IDEA & RSA. Encrypts message with a randomly generated IDEA key and then encrypts the key using the recipient's public key.
    3. IBM's Common Cryptographic Architecture (CCA) - supports DES, RSA, & Commercial Data Masking Facility (CDMF) algorithms across all IBM platforms
    4. Digital Certificates (digital ID) is a password-protected and encrypted file that contains identification information about its holder, including a public key to verify the sender's digital signature and a unique private key. Requires a third-party sign the key. [ex. Verisign]

      X.509 digital signature

      • subject's distinguished name(DN) used to identify certficate owner
      • issuer's distinguished name (DN) identifies Certificate Authority
      • subject's public key
      • issuer's digital signature
      • validity period
      • serial number issued by the C.A.

      • Using Verisign for e-commerce using SSL(Secure Sockets Layer)
        server sends a digital ID when requested by the client which verifies the ID and the client returns a session key encrypted with the server's public key
      • Verisign Class Structure (IDs for individuals, organizations, & software publishers
    5. Internet Content Certification
      • Microsoft's Authenticode
      • Netscape Communications' Object Signing
      • Sun Microsystems' JavaSecurity
    6. Digital Postmarks (electronic postmark from U.S. Postal Service)
    7. Legal Aspects
    To Previous ChapterTo Table of ContentsTo top of pageTo Next Chapter