1 / 52

Cryptography

Cryptography. Basic goal: design procedures to transform messages (plaintext) into cryptograms (ciphertext). withstand intense cryptoanalysis for recovering the original plaintext. Basic approach: code system: text content depending on the size of code book.

vernon
Download Presentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography • Basic goal: • design procedures to transform messages (plaintext) into cryptograms (ciphertext). • withstand intense cryptoanalysis for recovering the original plaintext. • Basic approach: • code system: text content depending on the size of code book. • cipher system: require two basic elements • cryptographic algorithm • a set of variable cryptographic keys. C. Edward Chow Page 1

  2. Cipher Systems Two useful cipher system types: block ciphers and stream ciphers • Block ciphers • Data are encrypted/decrypted in blocks. • Block length is predetermined by the algorithm designer. • Stream ciphers • Users of algorithms decide the lengths to be encrypted or decrypted. • Require additional parameter defined as initializing vector (seed value) C. Edward Chow Page 2

  3. Cryptographic Algorithms Two basic types: • Symmetric key algorithms: same key are used to encrypt and decrypt. In SSL, the symmetric key are encrypted by the public key and sent over at the • Public key algorithms: permit many users to encrypt using the same public key, but only the specific user possessing the secret key to decipher or unlock the data. C. Edward Chow Page 3

  4. RSA: a Public Key Algorithm • Paper appeared on "A Method for obtaining Digital Signatures and Public-Key Cryptosystems," published in CACM vol. 21, No. 2, 120-126 (1978) by MIT Professors, Ronald Rivest, Adi Shamir, and Leonard Adleman. • Based on extension of Euler's theorem af(r) - 1 is divisible by r where a and r are relatively prime, i.e., gcd(a, r) = 1, and • f(r)=r(1-1/p1)(1-1/p2)...(1-1/pn), where p1, p2, ...,pn are the prime factors of r. C. Edward Chow Page 4

  5. Choosing Private Key in RSA Algorithm p and q are primes (chosen, secret) p=47, q=61 r=p.q (publish, public) r=47*61=2867 f(r)=(p-1)(q-1) (derived, secret) f(r)=46*60=2760 SK = private key (chosen, secret) SK=167 Here SK is a chosen prime and it must be a relative prime of f(r). 2760=167*16+88 --> 88 = 2760 - 167*16 167=88*1+79 --> 79 = 167 - 88*1 88=79*1+9 --> 9 = 88 - 79*1 79=9*8+7 --> 7 = 79 - 9*8 9=7*1+2 --> 2 = 9 - 7*1 7=2*3+1 --> 1 = 7 - 2*3 2=1*2 C. Edward Chow Page 5

  6. Choosing Public Key in RSA PK = public key (derived, public) PK=1223 It is derived by reversing the above computation on private key and substituting eq. 1=7-2*3 1=7-(9-7*1)*3=7*4-9*3 1=(79-9*8)*4-9*3=79*4-9*32-9*3=79*4-9*35 1=79*4-(88-79)*35=79*39-88*35 1=(167-88)*39-88*35=167*39-88*74 1=167*39-(2760-167*16)*74=167*1223-2760*74 C. Edward Chow Page 6

  7. Encryption/Decryption using Private/Public keys A message can be encrypted is first divided into blocks, the value of block is less than r-1=2867-1=2866. In real system, r is much bigger. To apply RSA algorithm, we substitute each letter with two digits, e.g., blank = 00, A=01, B=02, ..., Z=26. The plaintext , "RSA ALGORITHM," is encrypted in 7 blocks: 1819 0100 0112 0715 1809 2008 1300 1819, the first block of the plaintext, is encrypted by raising it to the power of PK=1223, dividing by r = 2867, then taking the remainder, 2756 becomes the ciphertext. Note that 18191223 mod 2867 = 2756 but 18191223 is a big number. It can be computed by 18191024*1819128*181964*18194*18192*18191 since 1223=1024+128+64+4+2+1 DecryptionLikewise, 2756SK mod 2867=1819 The ciphertext is 2756 2001 0542 0669 2347 0408 1815 C. Edward Chow Page 7

  8. Message Digest (one-way hash function) • The message digest functions take a file as input, produce a single large number called digest (128-256 bits in length). • They are difficult to invert, mostly unique, widely distributed. • MD5 developed by Ronald Rivest. Here is an example of MD5 results: • [root@viva guest]# cat t1 • There is $1500 in the blue box. • [root@viva guest]# ssleay • SSLeay>md5 t1 • MD5(t1)= 05f8cfc03f4e58cbee731aa4a14b3f03 • SSLeay>[root@viva guest]# • MD5(There is $1500 in the blue box!)=4b36807076169572b804907735accd42 • Just one character differs. The digest values are dramatically different. • Can be attached in email for message authentication. • Instead of signing the whole document, most digital signature standards simply sign a message digest of the document. • Programs such as PGP use message digests to transform a passphrase into an • symmetric encryption key. C. Edward Chow Page 8

  9. Certificate • Signed documents, which match public keys to information, such as a name, organization, and e-mail address. • They are signed by CA authority, organization that accept certificate requests and return the certificate. C. Edward Chow Page 9

  10. Client Certificate • Use for Secure Web Access and Secure Email. • 60 days digital ID free trial from Verisign for Outlook Express • After type in name, email address, pobox, birthday info. • It asks for challenging phrase. • After click to accept the Verisign CPS statement, IE ask for confirm email address. • Then IE indicates it is generate RSA exchnage keys C. Edward Chow Page 10

  11. Private Key Container • Select the High Security Level which will ask for password each time private key is accessed. C. Edward Chow Page 11

  12. Select the Password C. Edward Chow Page 12

  13. Certificate Request Sent • After the password is confirmed, a certificated will be sent to Verisign. • They will send an email to the address you specified in the request with instruction on how to install the digital ID. Hit the continue button. C. Edward Chow Page 13

  14. Pickup Digital ID • You can also go to https://digitalid.verisign.com/client/outlook/outlookpickup.htm • And enter the PIN included in the email to pickup the digital ID. C. Edward Chow Page 14

  15. Setup Digital ID for Secure Email Associate a Digital ID With Your E-mail Account Microsoft Outlook Express: • Select Accounts from the Tools menu, then the Mail tab. • Select your Mail account, click the Properties button, select the Security tab. • Check the box "Use a digital ID when sending secure messages from", then click the Digital ID button. • Select the certificate you want to use to digitally sign your e-mail. Outlook 98: • In the Tools menu select Options, then the Security tab • Click "Add digital signature to outgoing messages", click the "Change Settings" button • On the next screen click the "Choose..." button. Select the Digital ID you want to use for signing e-mail in Outlook. C. Edward Chow Page 15

  16. Find Other’s Digital ID • https://digitalid.verisign.com/services/client/index.html C. Edward Chow Page 16

  17. Digital ID Search Result C. Edward Chow Page 17

  18. Digital ID Search Result C. Edward Chow Page 18

  19. Receive Signed Email Indicate a signed email C. Edward Chow Page 19

  20. Examine the Signature • Click on the signature symbol. C. Edward Chow Page 20

  21. View the Certificate C. Edward Chow Page 21

  22. Certificate Detail C. Edward Chow Page 22

  23. Setup Option for Signed Encrypted Email • Go to outlook (not the email window), tools | options select security tab. C. Edward Chow Page 23

  24. Receive Signed and Encrypted Email C. Edward Chow Page 24

  25. On Windows 2000 C. Edward Chow Page 25

  26. C. Edward Chow Page 26

  27. C. Edward Chow Page 27

  28. C. Edward Chow Page 28

  29. C. Edward Chow Page 29

  30. C. Edward Chow Page 30

  31. C. Edward Chow Page 31

  32. C. Edward Chow Page 32

  33. Import Certificate to Outlook 2000 C. Edward Chow Page 33

  34. Specify path and password for the certificate C. Edward Chow Page 34

  35. Change the Hash Algorithm or Encryption Algorithm C. Edward Chow Page 35

  36. Make sure your email account has the same email Address as that in the certificate!! C. Edward Chow Page 36

  37. Reply Secure Email on Outlook2000 • To send an encrypted e-mail message to someone, you must have a copy of that person's digital ID in your contact list. Just have the person send you a digitally signed message. When you receive the message, you copy the person's address in the From field of the message into your contacts. • If you had old entry in contacts without certificate, you need to click on the From field to update entry with the certificate. C. Edward Chow Page 37

  38. Netscape Communicator 4.51 • Go to home.netscape.com and select download netcape communicator 4.51. • After download, click on cc32e451.exe to install. • Accept default settings, except that do choose the netscape communicator as default browser, netcenter as default web page on frodo.uccs.edu. • After restart, click on the netscape messager. • It will go through a series of dialog to help set up your incoming and outgoing mail server on cs.uccs.edu. C. Edward Chow Page 38

  39. Setup Netscape Messenger • Create a New Profile. C. Edward Chow Page 39

  40. Enter Name and Email Address C. Edward Chow Page 40

  41. Choose Name and Directory for the Profile • This name will show up on main messenger mail window C. Edward Chow Page 41

  42. Setup Outgoing Mail Server • Use cs.uccs.edu C. Edward Chow Page 42

  43. Setup Incoming Mail Server • Enter your loginname • Select cs.uccs.edu as incoming mail server (make sure you forward your email to cs.uccs.edu.) • Choose IMAP instead of POP. • IMAP leaves mails in the mail server.Down load the header first. • POP download the mails and remove mails on mail servers as default. C. Edward Chow Page 43

  44. Setup News Group Server • Enter harpo.uccs.edu as news server. C. Edward Chow Page 44

  45. Setup Different User Profile • After netscape communicator is stalled, the next login user will find the netscape messenger using the profile of the user who installs the software. • Actually, even if you can read some of the headers of the email (a bad design), you can not download the content since you will be prompt for the password. • Each time you have the encrypted email, you will be prompted for the password of the certificate in order to obtain private key to decrypt the email. • The following describes how you set up your own netscape profile (especially for email). C. Edward Chow Page 45

  46. Netscape User Profile Manager • Select start | programs| netscape|utilities|user profile manager. Click new and enter your loginname C. Edward Chow Page 46

  47. Setup Different User Profile(2) • The rest of the steps follows that of page 18 of this handout. C. Edward Chow Page 47

  48. Using Communicator with Different User Profiles • After the profile is set up, when you invoke communicator, you will be asked to select the specific profile. C. Edward Chow Page 48

  49. Download Other’s Certificate From Verisign • On navigator, select security | people • Select search directory C. Edward Chow Page 49

  50. Search Verisign Directory • Select verisign directory in pull down menu • Enter the email address of the person you would like to request the certificate. Then click search button. C. Edward Chow Page 50

More Related