to Information Security Brute Force Speed • Openssl speed aes Introduction to Information Security
What are Symmetric Key Public/Asymmetric
cryptography tools Encryption Key Encryption
Symmetric vs Hash Functions Digital Signatures Asymmetric Keys Model of Encryption for Confidentiality Public‐Key Encryption Structure
Asymmetric • Uses two Publicly separate keys Some form of proposed by Based on • Public key and private key protocol is Diffie and mathematical • Public key is needed for Hellman in functions made public for distribution 1976 others to use Public‐Key Encryption Structure
• Two different keys are used interchangeably to encrypt/decrypt the
data
• The keys always come in pairs
• Each user is having two keys (one public and one private) Keys Generation
Source: https://docs.huihoo.com/globus/gt3‐tutorial/ch10s03.html Public and Private Keys
If you encrypted with public key
then decrypt with private key
Source: www.hackernoon.com
If you encrypted with private key
then decrypt with public key No Confidentiality User Authentication Alice's public key ring Joy Ted Mike Bob
public key will be able to decrypt the message User encrypts data using a certain public key
Anyone who knows the corresponding
private key will be able to decrypt the message Assumptions: Public Key Encryption Requirements of Public‐Key Cryptography Asymmetric Encryption Algorithms
RSA (Rivest, Most widely accepted and
Block cipher in which the Shamir, Developed in 1977 implemented approach to public‐key encryption plaintext and ciphertext are integers between 0 and n‐1 for some n. Adleman)
Diffie‐Hellman Enables two users to securely
reach agreement about a key exchange shared secret that can be used as a secret key for Limited to the exchange of the keys subsequent symmetric algorithm encryption of messages
Digital Signature Provides only a digital signature function with SHA‐1 Cannot be used for encryption or key exchange
Standard (DSS)
Elliptic curve cryptography Security like RSA, but with much smaller keys
(ECC) Public Key Encryption Example
User B
User A User C Applications of Public Key Cryptosystems
Algorithm Digital Signature Symmetric Key Encryption of
Distribution Secret Keys RSA Yes Yes Yes Diffie-Hellman No Yes No DSS Yes No No Elliptic Curve Yes Yes Yes Confidentiality with Public Key Crypto Confidentiality with Public Key Crypto Authentication with Public Key Crypto Authentication with Public Key Crypto Public Key Distribution Symmetric vs Asymmetric Advantages/Disadvantages Suppose 10 users need to communicate with each other
How many symmetric keys need to be generated?
How many asymmetric keys need to be generated?
Symmetric vs Asymmetric Advantages/Disadvantages Public key encryption is slower than symmetric key encryption due to the complexity of the algorithm
Based on this, if you want to encrypt GB data then it is better/faster
to use symmetric key encryption Key Management/Exchange
Public key: Trusted entity/organization
Private Key:
Use the public‐key encryption to securely send the symmetric key
o This approach utilizes the advantages of both symmetric and asymmetric encryption mechanisms
o Note that public key crypto algorithms typically much slower than symmetric key algorithms Applications of Public Key Cryptosystems Key exchange, share secret session keys Suppose we have two users (A,B) and A wants to send data to B using symmetric key encryption but still A wants to generate the symmetric key and send it to B securely. Keys Generation How can a user generate symmetric key?
How a user can generate an asymmetric key (private/public)?
• Less public.pem Open SSL OpenSSL is a program and library that supports many different cryptographic operations, including:
Symmetric key encryption
Public/private key pair generation
Public key encryption
Hash functions
Certificate creation
Digital signatures
Random number generation
Hashing Algorithms Hashing Algorithms
Hashing is a mechanism that is used for data integrity assurance
Hashing is based on a one‐way mathematical function that is relatively
easy to compute but significantly difficult to reverse
The result of hashing is having a fixed length hash which is known as
the “digest” or “fingerprint”. Message Authentication Code (MAC)
An authentication technique involves the use of a secret key to generate a small
block of data
The MAC is appended to the original message
MAC assumes that user A and B are sharing a common secret key KAB Message Authentication Code (MAC) MAC Algorithms MAC vs. HASH
The main difference between MAC and Hash is that the MAC is always taking a key as an input to its algorithm which is used to encrypt the data while digesting the message
The Hash function is not taking any key during the hashing process Authentication using Hash Functions Authentication using Hash Functions
Alice Bob
Darth Hash Security Requirements and Attacks Hashing Algorithms
The following are the three most commonly used cryptographic hash functions:
Message Digest 5 (MD5): MD5 produces a 128‐bit hash and is now considered a legacy algorithm that should be avoided
Secure Hash Algorithm 1 (SHA‐1): SHA‐1 takes a message of up to 2^64 bits in length and produces a 160‐bit message digest. The algorithm is slightly slower than MD5, but the larger message digest makes it more secure against brute‐force collision and inversion attacks.
Secure Hash Algorithm 2 (SHA‐2): SHA‐2 algorithms are the secure hash algorithms that the U.S. government requires by law for use in certain applications. The SHA‐2 family includes 224‐bit, 256‐bit, 384‐bit, and 512‐bit functions. When choosing a hashing algorithm, use SHA‐256 or higher, as they are currently the most secure
Secure Hash Algorithm 3 (SHA‐3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA‐3 is internally different from the MD5‐like structure of SHA‐1 and SHA‐2. Hashing Algorithms To be useful for message authentication, a hash function H must have the following properties:
Can be applied to a block of data of any size
Produces a fixed‐length output
H(x) is relatively easy to compute for any given x
One‐way or pre‐image resistant
• Computationally infeasible to find x such that H(x) = h
Computationally infeasible to find y ≠ x such that H(y) = H(x)
Collision resistant or strong collision resistance
• Computationally infeasible to find any pair (x,y) such that H(x) = H(y) Security and Applications of Hash Functions
There are two
approaches to SHA most widely used Additional secure hash attacking a secure hash algorithm function applications: hash function:
Cryptanalysis Passwords • Exploit logical weaknesses • Hash of a password is in the algorithm stored by an operating system
Brute‐force attack Intrusion detection
• Strength of hash function • Store H(F) for each file on depends solely on the a system and secure the length of the hash code hash values produced by the algorithm Hash Functions with Open SSL $ openssl list‐message‐digest‐algorithms
• $Cat plaintext1.txt Installing Cygwin • Go to https://www.cygwin.com/
• Go to: • Install Cygwin by running setup- x86_64.exe
• After running the exe file
• Choose any mirror for download
Cygwin Installation • When you get this screen go to the search bar and write “openSSL” then choose the two packages that are shown below (you will find keep in this screenshot since I already installed them)
