SlideShare uma empresa Scribd logo

Introduction to Cryptography

Transferir como PPTX, PDF
Bharat Kumar Katur
Bharat Kumar Katur
1 de 35
SECURITY CRYPTOGRAPHY Prepared by Katur Bharat Kumar 1
PART - 1 Topics discussed in this section: Basic Concepts Encryption Technique Decryption Technique Introduction to Cryptosystems Symmetric Cryptosystems Asymmetric Cryptosystems Symmetric vs. Asymmetric 2
BAISC CONCEPTS Cryptography – hidden writing Encryption – encode or encipher Decryption – decode or decipher Cryptosystem – a system for encryption and decryption Cryptographer – anyone who invents encryption algorithms Cryptanalyst – anyone who attempts to break encryption algorithms Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis 3
ENCRYPTION TECHNIQUE • Encryption Plaintext – Input: plaintext and key – Output: cipher text Encryption Function Cipher text 4
DECRYPTION TECHNIQUE Cipher text • Decryption – Input: cipher text and a key – Output: original plaintext Decryption Function Plaintext 5
CRYPTOSYSTEMS Plaintext Encryption Ciphertext Decryption Plaintext P Algorithm E C Algorithm D P • Algorithms with a parameter – key K 6
SYMMETRIC CRYTOSYSTEM Plaintext Encryption Ciphertext Decryption Plaintext P Algorithm E C Algorithm D P Secret channel K K • C=E(P,K) • P=D(C,K) 7
ASYMMETRIC CRYPTOSYSTEM Asymmetric key cryptography uses two separate keys: one private and one public. Locking and unlocking in asymmetric-key cryptosystem 8
ASYMMETRIC CRYPTOSYSTEM (Contd.) General idea of asymmetric-key cryptosystem General formulae of asymmetric-key cryptosystem C = f (Kpublic , P) P = g(Kprivate , C) 9
SYMMETRIC vs ASYMMETRIC  Symmetric algorithm 100 to 1000 times faster than asymmetric one.  Symmetric key 10 times shorter than asymmetric key.  In Asymmetric algorithm Public Key must be authenticated by CA.  Asymmetric Key Generator robustness.  Asymmetric algorithm is mainly used for exchange and storage of the secret (symmetric) keys. 10
END OF PART - 1 11
PART - 2 Topics discussed in this section: Certificates and X.509 structure Generating Self-Signed Certificate Certificate Components Why Certificates needs to be signed by CA RSA Cryptosystem Operation Modes for Symmetric Cryptosystems AES Cryptosystem Hybrid Cryptosystem OpenSSL X509 Functions OpenSSL EVP Functions OpenSSL RSA Functions 12
CERTIFICATES and X.509 STRUCTURE What is Certificate? A digitally signed statement from the issuer saying that the public key of the subject has some specific values. Basic Concepts Signed Statement :- The certificate must be signed by the issuer with a digital signature. Issuer :- The person or organization who is issuing this certificate. Public key :- The public key of a key pair selected by the subject. Subject :- The person or organization who owns the public key. 13
CERTIFICATES and X.509 – Contd. What is X.509 Certificate? Certificate written in X.509 standard format is called as X.509 Certificate and X.509 standard was introduction in 1988. It requires a certificate to have the following information: Version :- X.509 standard version number. Serial Number :- A sequence number given to each certificate. Signature Algorithm Identifier :- Name of the algorithm used to sign this certificate by the issuer 14
CERTIFICATES and X.509 – Contd. Issuer Name :- Name of the issuer. Validity Period :- Period during which this certificate is valid. Subject Name :- Name of the owner of the public key. Subject Public Key Information :- The public key and its related information. 15
GENERATING SELF-SIGNED CERTIFICATES Introduction A self-signed certificate is a certificate that the "issuer" is the "subject" himself. In other word, a seft-signed certificate is a certificate where the "issuer" signs his own public key with his private key. Procedure Step-1 :- Enter your own name as the "subject". Step-2 :- Provide your public key. Step-3 :- Sign it with your private key. Step-4 :- Put everything in the X.509 format. 16
CERTIFICATES COMPONENTS openssl x509 –in MCC.crt -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC Validity Not Before: Aug 15 02:19:47 2011 GMT Not After : Sep 14 02:19:47 2011 GMT Subject: C=USA,CN=---,OU=MCC Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:a9:e6:19:c6:ee:88:01:86:d9:72:9e:93:92:db: 57:01:7b:02:84:fc:1e:e3:57:5e:2a:7b:2b:25:9e: bd:ba:c5:95:2c:49:59:28:df:a6:67:86:26:8e:ff: 36:cc:3a:84:5c:28:af:6f:11:c8:0c:b5:c2:c5:b9: 04:d6:0e:5d:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04 X509v3 Authority Key Identifier: keyid:55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04 DirName:/C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=MCC serial:00 X509v3 B asic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27: 0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06: 6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65: 10:3a:6b:0f:b9:ef:6b:64:18:0e 17
VIEWING COMPONENTS OF CERTIFICATES (Contd) This certificate tells us that: The subject is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC" The subject's public key is included in it. The issuer is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC". The issuer is identical to the subject, because this is a self-signed certificate. The certificate is valid for one month. The certificate is signed by the issuer with the signature at the end. 18
WHY CERTIFICATES NEED TO BE SIGNED BY CA? Definition of the Certificate Authority (CA) A Certificate Authority (CA) issues digital certificates that contain a public key and the identity of the owner. The matching private key is not made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying "yes, this person is who they say they are, and we, the CA, verify that". If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate. 19
WHY CERTIFICATES NEED TO BE SIGNED BY CA? (Contd). Certificate Authority (CA) comes into picture when your communication partner does not trust digital signature generated in your certificate. For Certificates to be signed by CA following is the Procedure Step - 1 :- Owner puts its public key into a certificate signing request (CSR) and mails it to the Certificate Authority (CA). Step - 2 :- The Certificate Authority (CA) will verify the request and put owner’s public key in a certificate and sign it with CA's private key. Step - 3 :- Certificate Authority (CA) will share the certificate been signed by the CA back to the owner. When your communication partner receives your public key signed by a CA, communication partner can validate the signature with the Certificate Authority CA's public key. If the validation is ok, communication partner can then trust sender public key. 20
RSA CRYPTOSYSTEM The most common public-key algorithm is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman). 21
RSA CRYPTOSYSTEM – KEY GENERATION ALGORITHM 22
RSA CRYPTOSYSTEM - EXAMPLE Bob chooses 7 and 11 as p and q and calculates n = 77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two exponents, e and d, from Z60∗. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1 (they are inverses of each Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext: 23
OPERTION MODES FOR SYMMETRIC CRYPTOSYSTEM ECB Mode CBC Mode Other Modes are OFB, CFB, CTR Modes 24
ECB: Electronic Codebook Encryption Using ECB Mode Decryption Using ECB Mode 25
CBC: Cipher Block Chaining Encryption Using CBC Mode Decryption Using CBC Mode 26
AES CRYPTOSYSTEM AES stands for Advanced Encryption Standard performs encryption and decryption based on the Block Cipher technique. Block Ciphers could be CBC, EBC etc. Encryption of the Plan Text Decryption of the Plan Text 27
AES CRYPTOSYSTEM  Need for a more efficient and secured algorithm  AES is Rindjael (Rijmen & Daemen) with 128-bit data block only  Key Size: 128, 192, and 256 bits.  Approved as a Federal Standard (FIPS 197).  Five Standard Modes of Operation specified in the NIST Special Publication 800-38A. 28
AES CRYPTOSYSTEM - FEATURES  Need for a more efficient and secured algorithm  AES is Rindjael (Rijmen & Daemen) with 128-bit data block only.  Key Size: 128, 192, and 256 bits.  Approved as a Federal Standard (FIPS 197).  Five Standard Modes of Operation specified in the NIST Special Publication 800-38A. 29
HYBRID CRYPTOSYSTEM User User A Symmetric Encrypted Symmetric B Encryption Message Decryption Message Asymmetric Signed Asymmetric Encryption Encrypted Key Decryption Ksecret Ksecret + Signature Ksecret + Signature KpubB KprivA KpubA KprivB 30
OPENSSL X509 FUNCTIONS X509_set_serialNumber :- Set Serial Number for the X.509 Certificate. X509_get_serialNumber :- Get Serial Number from the given X.509 Certificate. X509_cmp_current_time :- Validates the certificate expiry time. X509_set_pubkey :- Appends the certificate with public key. X509_get_pubkey :- Extracts the public key from the given public certificate. X509_to_X509_REQ :- Converts the given public certificate from X509 format to Certificate Request (PKCS10 ). X509_REQ_sign :- Sign the given Certificate Request (PKCS10 ). PEM_write_X509_REQ :- Write the given Certificate Request (PKCS10 ) to the PEM file. PEM_read_X509:- Reads the given Certificate Request (PKCS10 ) from the PEM file. 31
OPENSSL EVP FUNCTIONS EVP_CIPHER_CTX_init :- initializes cipher context. EVP_EncryptInit_ex :- sets up cipher context for encryption with cipher type from ENGINE. EVP_EncryptUpdate :- encrypts the given data and store it in the out variable . This function could be called multiple times to encrypt the successive blocks of data. EVP_EncryptFinal :- This function is called only when padding is set. The main purpose of this function is encrypts the "final" data, that is any data that remains in a partial block. It uses standard block padding|/NOTES (aka PKCS padding). EVP_MD_CTX_init :- initializes signing context. EVP_SignInit_ex :- sets up signing context with digest type from ENGINE. EVP_SignUpdate :- hashes the given data into the signature context. This function can be called several times on the same context to include additional data . EVP_SignFinal :- signs the data available in the context using the Private/ Shared secret key. 32
OPENSSL EVP FUNCTIONS (Contd.) EVP_MD_CTX_init :- initializes verify context. EVP_VerifyInit_ex :- sets up verification context with digest type from ENGINE. EVP_VerifyUpdate :- hashes the given data into the verification context. This function can be called several times on the same context to include additional data . EVP_VerifyFinal :- verify the data available in the context using Public / Share Secret key against the given signature. EVP_CIPHER_CTX_init :- initializes cipher context. EVP_DecryptInit_ex :- sets up cipher context for decryption with cipher type from ENGINE. EVP_DecryptUpdate :- decrypts the given data and store it in the out variable . This function could be called multiple times to decrypt the successive blocks of data. EVP_DecryptFinal :- The main purpose of this function is decrypt the "final" data, that is any data that remains in a partial block. 33
OPENSSL RSA FUNCTIONS RSA_generate_key_ex :- This function is used to generate RSA key pair. Key size could be 512, 1024, 2048, 4096. RSA_public_encrypt :- This function is used to encrypt a given data, RSA encrypts the given data using Public key. RSA_sign :- This function is used to encrypt a given data using message digest algorithm and generates the signature on the encrypted data (generated by the message digest algorithm). RSA_verify :- This function is used to encrypt a given data using message digest algorithm, generates the signature on the encrypted data (generated by the message digest algorithm) and compares the generated signature with the given signature. RSA_private_decrypt :- This function is used to decrypt a given encrypted data, RSA decrypts the given encrypted data using Private key. PEM_read_RSAPrivateKey :- This function is used to read the Private key from the PEM file. PEM_write_RSAPrivateKey :- This function is used to write the Private key to the PEM file. PEM_read_RSAPublicKey :- This function is used to read the Public key from the PEM file. PEM_write_RSAPublicKey :- This function is used to write the Public key to the PEM file. 34
END OF PART - 2 35

Recomendados

Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Cryptography
CryptographyCryptography
Cryptographygueste4c97e
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Cryptography
CryptographyCryptography
CryptographyDeepak Kumar
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 

Recomendados

Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Cryptography
CryptographyCryptography
Cryptographygueste4c97e
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Cryptography
CryptographyCryptography
CryptographyDeepak Kumar
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmSrinadh Muvva
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Le chiffrement
Le chiffrementLe chiffrement
Le chiffrementHanen Gazel
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Mohamed Loey
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Hash Function
Hash Function Hash Function
Hash Function ssuserdfb2da
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101n|u - The Open Security Community
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMSathish Kumar
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
5967073.ppt
5967073.ppt5967073.ppt
5967073.pptMuhammadFahadNaeem1
 

Mais conteúdo relacionado

Mais procurados

DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Mohamed Loey
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 

Mais procurados (20)

RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Le chiffrement
Le chiffrementLe chiffrement
Le chiffrement
 
DES
DESDES
DES
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Hash Function
Hash Function Hash Function
Hash Function
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 

Semelhante a Introduction to Cryptography

Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Phan Minh
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptxams1ams11
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 

Semelhante a Introduction to Cryptography (20)

Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
5967073.ppt
5967073.ppt5967073.ppt
5967073.ppt
 
Cryptography
Cryptography Cryptography
Cryptography
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
 
Java Crypto
Java CryptoJava Crypto
Java Crypto
 
Encryption
EncryptionEncryption
Encryption
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Cryptography
CryptographyCryptography
Cryptography
 
CH02-CompSec4e.pptx
CH02-CompSec4e.pptxCH02-CompSec4e.pptx
CH02-CompSec4e.pptx
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography&Security
Cryptography&SecurityCryptography&Security
Cryptography&Security
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 

Introduction to Cryptography

  • 1. SECURITY CRYPTOGRAPHY Prepared by Katur Bharat Kumar 1
  • 2. PART - 1 Topics discussed in this section: Basic Concepts Encryption Technique Decryption Technique Introduction to Cryptosystems Symmetric Cryptosystems Asymmetric Cryptosystems Symmetric vs. Asymmetric 2
  • 3. BAISC CONCEPTS Cryptography – hidden writing Encryption – encode or encipher Decryption – decode or decipher Cryptosystem – a system for encryption and decryption Cryptographer – anyone who invents encryption algorithms Cryptanalyst – anyone who attempts to break encryption algorithms Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis 3
  • 4. ENCRYPTION TECHNIQUE • Encryption Plaintext – Input: plaintext and key – Output: cipher text Encryption Function Cipher text 4
  • 5. DECRYPTION TECHNIQUE Cipher text • Decryption – Input: cipher text and a key – Output: original plaintext Decryption Function Plaintext 5
  • 6. CRYPTOSYSTEMS Plaintext Encryption Ciphertext Decryption Plaintext P Algorithm E C Algorithm D P • Algorithms with a parameter – key K 6
  • 7. SYMMETRIC CRYTOSYSTEM Plaintext Encryption Ciphertext Decryption Plaintext P Algorithm E C Algorithm D P Secret channel K K • C=E(P,K) • P=D(C,K) 7
  • 8. ASYMMETRIC CRYPTOSYSTEM Asymmetric key cryptography uses two separate keys: one private and one public. Locking and unlocking in asymmetric-key cryptosystem 8
  • 9. ASYMMETRIC CRYPTOSYSTEM (Contd.) General idea of asymmetric-key cryptosystem General formulae of asymmetric-key cryptosystem C = f (Kpublic , P) P = g(Kprivate , C) 9
  • 10. SYMMETRIC vs ASYMMETRIC  Symmetric algorithm 100 to 1000 times faster than asymmetric one.  Symmetric key 10 times shorter than asymmetric key.  In Asymmetric algorithm Public Key must be authenticated by CA.  Asymmetric Key Generator robustness.  Asymmetric algorithm is mainly used for exchange and storage of the secret (symmetric) keys. 10
  • 11. END OF PART - 1 11
  • 12. PART - 2 Topics discussed in this section: Certificates and X.509 structure Generating Self-Signed Certificate Certificate Components Why Certificates needs to be signed by CA RSA Cryptosystem Operation Modes for Symmetric Cryptosystems AES Cryptosystem Hybrid Cryptosystem OpenSSL X509 Functions OpenSSL EVP Functions OpenSSL RSA Functions 12
  • 13. CERTIFICATES and X.509 STRUCTURE What is Certificate? A digitally signed statement from the issuer saying that the public key of the subject has some specific values. Basic Concepts Signed Statement :- The certificate must be signed by the issuer with a digital signature. Issuer :- The person or organization who is issuing this certificate. Public key :- The public key of a key pair selected by the subject. Subject :- The person or organization who owns the public key. 13
  • 14. CERTIFICATES and X.509 – Contd. What is X.509 Certificate? Certificate written in X.509 standard format is called as X.509 Certificate and X.509 standard was introduction in 1988. It requires a certificate to have the following information: Version :- X.509 standard version number. Serial Number :- A sequence number given to each certificate. Signature Algorithm Identifier :- Name of the algorithm used to sign this certificate by the issuer 14
  • 15. CERTIFICATES and X.509 – Contd. Issuer Name :- Name of the issuer. Validity Period :- Period during which this certificate is valid. Subject Name :- Name of the owner of the public key. Subject Public Key Information :- The public key and its related information. 15
  • 16. GENERATING SELF-SIGNED CERTIFICATES Introduction A self-signed certificate is a certificate that the "issuer" is the "subject" himself. In other word, a seft-signed certificate is a certificate where the "issuer" signs his own public key with his private key. Procedure Step-1 :- Enter your own name as the "subject". Step-2 :- Provide your public key. Step-3 :- Sign it with your private key. Step-4 :- Put everything in the X.509 format. 16
  • 17. CERTIFICATES COMPONENTS openssl x509 –in MCC.crt -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC Validity Not Before: Aug 15 02:19:47 2011 GMT Not After : Sep 14 02:19:47 2011 GMT Subject: C=USA,CN=---,OU=MCC Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:a9:e6:19:c6:ee:88:01:86:d9:72:9e:93:92:db: 57:01:7b:02:84:fc:1e:e3:57:5e:2a:7b:2b:25:9e: bd:ba:c5:95:2c:49:59:28:df:a6:67:86:26:8e:ff: 36:cc:3a:84:5c:28:af:6f:11:c8:0c:b5:c2:c5:b9: 04:d6:0e:5d:d1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04 X509v3 Authority Key Identifier: keyid:55:C8:EF:49:2B:5D:E4:03:C5:98:1B:68:24:28:47:88:D4:0E:77:04 DirName:/C=CN/ST=PN/L=LN/O=ON/OU=UN/CN=MCC serial:00 X509v3 B asic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 3f:ba:0c:c1:ae:38:ca:f6:37:16:9c:35:5f:18:79:64:de:27: 0d:46:ad:28:57:b4:62:df:6c:ff:f8:74:17:eb:b6:91:7e:06: 6e:ec:a5:9d:23:e2:6e:5a:6e:c3:09:fa:cf:34:65:70:15:65: 10:3a:6b:0f:b9:ef:6b:64:18:0e 17
  • 18. VIEWING COMPONENTS OF CERTIFICATES (Contd) This certificate tells us that: The subject is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC" The subject's public key is included in it. The issuer is "C=CN, ST=PN, L=LN, O=ON, OU=UN, CN=MCC". The issuer is identical to the subject, because this is a self-signed certificate. The certificate is valid for one month. The certificate is signed by the issuer with the signature at the end. 18
  • 19. WHY CERTIFICATES NEED TO BE SIGNED BY CA? Definition of the Certificate Authority (CA) A Certificate Authority (CA) issues digital certificates that contain a public key and the identity of the owner. The matching private key is not made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying "yes, this person is who they say they are, and we, the CA, verify that". If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate. 19
  • 20. WHY CERTIFICATES NEED TO BE SIGNED BY CA? (Contd). Certificate Authority (CA) comes into picture when your communication partner does not trust digital signature generated in your certificate. For Certificates to be signed by CA following is the Procedure Step - 1 :- Owner puts its public key into a certificate signing request (CSR) and mails it to the Certificate Authority (CA). Step - 2 :- The Certificate Authority (CA) will verify the request and put owner’s public key in a certificate and sign it with CA's private key. Step - 3 :- Certificate Authority (CA) will share the certificate been signed by the CA back to the owner. When your communication partner receives your public key signed by a CA, communication partner can validate the signature with the Certificate Authority CA's public key. If the validation is ok, communication partner can then trust sender public key. 20
  • 21. RSA CRYPTOSYSTEM The most common public-key algorithm is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman). 21
  • 22. RSA CRYPTOSYSTEM – KEY GENERATION ALGORITHM 22
  • 23. RSA CRYPTOSYSTEM - EXAMPLE Bob chooses 7 and 11 as p and q and calculates n = 77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two exponents, e and d, from Z60∗. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1 (they are inverses of each Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext: 23
  • 24. OPERTION MODES FOR SYMMETRIC CRYPTOSYSTEM ECB Mode CBC Mode Other Modes are OFB, CFB, CTR Modes 24
  • 25. ECB: Electronic Codebook Encryption Using ECB Mode Decryption Using ECB Mode 25
  • 26. CBC: Cipher Block Chaining Encryption Using CBC Mode Decryption Using CBC Mode 26
  • 27. AES CRYPTOSYSTEM AES stands for Advanced Encryption Standard performs encryption and decryption based on the Block Cipher technique. Block Ciphers could be CBC, EBC etc. Encryption of the Plan Text Decryption of the Plan Text 27
  • 28. AES CRYPTOSYSTEM  Need for a more efficient and secured algorithm  AES is Rindjael (Rijmen & Daemen) with 128-bit data block only  Key Size: 128, 192, and 256 bits.  Approved as a Federal Standard (FIPS 197).  Five Standard Modes of Operation specified in the NIST Special Publication 800-38A. 28
  • 29. AES CRYPTOSYSTEM - FEATURES  Need for a more efficient and secured algorithm  AES is Rindjael (Rijmen & Daemen) with 128-bit data block only.  Key Size: 128, 192, and 256 bits.  Approved as a Federal Standard (FIPS 197).  Five Standard Modes of Operation specified in the NIST Special Publication 800-38A. 29
  • 30. HYBRID CRYPTOSYSTEM User User A Symmetric Encrypted Symmetric B Encryption Message Decryption Message Asymmetric Signed Asymmetric Encryption Encrypted Key Decryption Ksecret Ksecret + Signature Ksecret + Signature KpubB KprivA KpubA KprivB 30
  • 31. OPENSSL X509 FUNCTIONS X509_set_serialNumber :- Set Serial Number for the X.509 Certificate. X509_get_serialNumber :- Get Serial Number from the given X.509 Certificate. X509_cmp_current_time :- Validates the certificate expiry time. X509_set_pubkey :- Appends the certificate with public key. X509_get_pubkey :- Extracts the public key from the given public certificate. X509_to_X509_REQ :- Converts the given public certificate from X509 format to Certificate Request (PKCS10 ). X509_REQ_sign :- Sign the given Certificate Request (PKCS10 ). PEM_write_X509_REQ :- Write the given Certificate Request (PKCS10 ) to the PEM file. PEM_read_X509:- Reads the given Certificate Request (PKCS10 ) from the PEM file. 31
  • 32. OPENSSL EVP FUNCTIONS EVP_CIPHER_CTX_init :- initializes cipher context. EVP_EncryptInit_ex :- sets up cipher context for encryption with cipher type from ENGINE. EVP_EncryptUpdate :- encrypts the given data and store it in the out variable . This function could be called multiple times to encrypt the successive blocks of data. EVP_EncryptFinal :- This function is called only when padding is set. The main purpose of this function is encrypts the "final" data, that is any data that remains in a partial block. It uses standard block padding|/NOTES (aka PKCS padding). EVP_MD_CTX_init :- initializes signing context. EVP_SignInit_ex :- sets up signing context with digest type from ENGINE. EVP_SignUpdate :- hashes the given data into the signature context. This function can be called several times on the same context to include additional data . EVP_SignFinal :- signs the data available in the context using the Private/ Shared secret key. 32
  • 33. OPENSSL EVP FUNCTIONS (Contd.) EVP_MD_CTX_init :- initializes verify context. EVP_VerifyInit_ex :- sets up verification context with digest type from ENGINE. EVP_VerifyUpdate :- hashes the given data into the verification context. This function can be called several times on the same context to include additional data . EVP_VerifyFinal :- verify the data available in the context using Public / Share Secret key against the given signature. EVP_CIPHER_CTX_init :- initializes cipher context. EVP_DecryptInit_ex :- sets up cipher context for decryption with cipher type from ENGINE. EVP_DecryptUpdate :- decrypts the given data and store it in the out variable . This function could be called multiple times to decrypt the successive blocks of data. EVP_DecryptFinal :- The main purpose of this function is decrypt the "final" data, that is any data that remains in a partial block. 33
  • 34. OPENSSL RSA FUNCTIONS RSA_generate_key_ex :- This function is used to generate RSA key pair. Key size could be 512, 1024, 2048, 4096. RSA_public_encrypt :- This function is used to encrypt a given data, RSA encrypts the given data using Public key. RSA_sign :- This function is used to encrypt a given data using message digest algorithm and generates the signature on the encrypted data (generated by the message digest algorithm). RSA_verify :- This function is used to encrypt a given data using message digest algorithm, generates the signature on the encrypted data (generated by the message digest algorithm) and compares the generated signature with the given signature. RSA_private_decrypt :- This function is used to decrypt a given encrypted data, RSA decrypts the given encrypted data using Private key. PEM_read_RSAPrivateKey :- This function is used to read the Private key from the PEM file. PEM_write_RSAPrivateKey :- This function is used to write the Private key to the PEM file. PEM_read_RSAPublicKey :- This function is used to read the Public key from the PEM file. PEM_write_RSAPublicKey :- This function is used to write the Public key to the PEM file. 34
  • 35. END OF PART - 2 35