4. Cryptography is the practiceand study oftechniques for secure
communication in the presence of third parties
Authentication, Authorization, Data integrity, Confidentiality andnon-
repudiation are central to modern cryptography.
Applications of cryptography include ATM cards, computer passwords, electronic
commerce,cloud and mobile platforms
Dell Confidential -Internal UseOnly4
5. Overview Cont..
Cryptographyis theart/scienceofkeeping asecret.
In twentiethcentury,cryptographytobe rigorouslydefined andusefulto awideraudience,andit
waslargely doneso in threeseminal papers:
Communication Theory of Secret Systems by ClaudeShannon
New Directions In CryptographybyWhitfield Diffie andMartinHellman
AMethod for Obtaining Digital Signatures andPublic-Key Cryptosystems by Ronald Rivest, Adi Shamir and Leanard
Adleman
Steganographydealswithcomposing hiddenmessages sothatonlythe sender andthereceiver
knowthatthemessage even exists.
Ex:Stampsin olden days
mostpredictionsaboutthe futurearewrong
At&tprediction
Dell Confidential -Internal UseOnly5
6. Ciphers:
A cipheris analgorithm for performingencryption or decryption
Incryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a
cipher.
Caesar Cipher : It is one of the simplest and most widely known encryptiontechniques. It is a type of
substitution cipher .
Transposition cipher, simple data encryption scheme inwhich plaintext characters areshifted insome
regularpattern to form ciphertext .
Vigenere cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphersbased
on theletters of a keyword.
It is a simple form of polyalphabetic substitution
Ex:HRU
Dell Confidential -Internal UseOnly6
10. Cryptography,the useof codes and ciphers to protect secrets, began thousands of years ago.
Inthe early20th century,the inventionof complex mechanical and electromechanical machines, suchas
the Enigma rotor machine,provided more sophisticated and efficient means of encryption
Thedevelopment of cryptographyhas been paralleled by thedevelopment of cryptanalysis — the
"breaking"of codes and ciphers.
ZimmermannTelegram triggered the UnitedStates' entryinto World War I; and Allied reading of Nazi
Germany'sciphers shortened World War II
Dell Confidential -Internal UseOnly10
11. Classical cryptography
Theearliestknown useof cryptographyisfoundfrom theOld Kingdom of Egypt circa 1900BC.
Some claytabletsfrom Mesopotamiasomewhatlater areclearlymeantto protect information—onedatednear1500BCE wasfoundto encrypt
Ex:Tonsure
Medieval cryptography
Al-Kindi,an Arabmathematician,sometimearoundAD 800
Examplesof the latterincludeCharlesBabbage'sCrimeanWar era work onmathematicalcryptanalysisof polyalphabeticciphers,redevelopedandpublished
somewhatlater bythe PrussianFriedrichKasiski
Howeveritsmost importantcontributionwasprobablyin decryptingtheZimmermannTelegram, a cablefrom the GermanForeignOffice sentvia Washingtonto
itsambassadorHeinrichvon Eckardt in Mexico which playeda majorpartin bringing the UnitedStatesintothe war.
WWII:
TheGermansmadeheavyuse, in severalvariants,of an electromechanicalrotormachineknown asEnigma
AlanTuring
A Turing machineis a hypotheticaldevicethat manipulatessymbolsona stripof tapeaccording to a tableof rules.Despite its simplicity,a Turingmachine can be
adaptedto simulatethelogic of anycomputer algorithm,andis particularlyusefulin explainingthefunctionsof a CPU insidea computer.
The"machine"was inventedin 1936 byAlan Turing whocalledit an "a-machine"(automaticmachine).The Turingmachineis not intendedaspracticalcomputing
technology,but ratherasa hypotheticaldevicerepresentinga computing machine. Turing machineshelpcomputer scientistsunderstandthelimitsof mechanical
computation.
Dell Confidential -Internal UseOnly11
13. Dell Confidential -Internal UseOnly13
Types of Cryptography
Symmetric
Same key for encryption and decryption
Key distribution problem
Asymmetric
Mathematically related key pairs for encryption and
decryption
Public and private keys
Hashing
Hashing is a common technique used in cryptography to
encode information quickly using typical algorithms.
Generally, an algorithm is applied to a string of text, and
the resulting string becomes the “hash value”.
17. 17
Encryption Management
Dell Confidential -Internal UseOnly17
Key Distribution Center (KDC)
Uses master keys to issue
session keys
Example: Kerberos
ANSI X9.17
Used by financial institutions
Hierarchical set of keys
Higher levels used to distribute
lower
18. 18
PublicKey Infrastructure
Dell Confidential -Internal UseOnly18
All components needed to enable
secure communication
Policies and Procedures
Keys and Algorithms
Software and Data Formats
Assures identity to users
Provides key management features
19. 19
PKI Components
Dell Confidential -Internal UseOnly19
Digital Certificates
Contains identity and verification info
Certificate Authorities
Trusted entity that issues certificates
Registration Authorities
Verifies identity for certificate requests
Certificate Revocation List (CRL)
20. 20
Cryptanalysis
Dell Confidential -Internal UseOnly20
The study of methods to break cryptosystems
Often targeted at obtaining a key
Attacks may be passive or active
Kerckhoff’s Principle
The only secrecy involved with a
cryptosystem should be the key
Cryptosystem Strength
How hard is it to determine the secret
associated with the system?
21. 21
Cryptanalysis Attacks
Dell Confidential -Internal UseOnly21
Brute force
Trying all key values in the keyspace
Frequency Analysis
Guess values based on frequency of occurrence
Dictionary Attack
Find plaintext based on common words
Replay Attack
Repeating previous known values
Factoring Attacks
Find keys through prime factorization
22. 22
Network Security
Dell Confidential -Internal UseOnly22
Link Encryption
Encrypt traffic headers + data
Transparent to users
End-to-End Encryption
Encrypts application layer data only
Network devices need not be aware
SSL/TLS
•Supports mutual authentication
•Secures a number of popular network services
IPSec
•Security extensions for TCP/IP protocols
•Supports encryption and authentication
•Used for VPNs
24. RSAis an algorithm used by modern computers toencrypt anddecrypt messages.
Itis an asymmetric cryptographic algorithm.
Asymmetric means that there are two different keys. This is also called public key cryptography, because one ofthem can
be given toeveryone. The other key must be kept private.
RSAis made ofthe initial letters ofthe surnames of Ron Rivest, Adi ShamirandLeonard Adleman
RSAisactually aset oftwoalgorithms:
KeyGeneration: Akey generation algorithm.
RSAFunction Evaluation:Afunction F,thattakes asinputapointxandakey kandproduces either anencrypted resultor
plaintext,depending ontheinputandthekey.
Dell Confidential -Internal UseOnly24
28. The Diffie-Hellman key exchange:
Thequestion of keyexchangewas one of the first problems addressed by a cryptographicprotocol.
This was prior to the invention of public keycryptography. The Diffie-Hellman keyagreementprotocol
(1976)was the first practical method for establishing a sharedsecret over an unsecuredcommunication
channel.
Thepoint is to agreeon a keythat two parties can usefor a symmetricencryption,in sucha way that an
eavesdropper cannot obtain the key.
Discovering the shared secret given g, p, g a mod p and g b
mod p would take longer thanthe lifetime of the universe, using
the best known algorithm. This is calledthediscrete logarithm
problem.
Dell Confidential -Internal UseOnly28
30. Theimportance of web security will continue to increase as companies and individuals
alike arepaying moreattention to ensuring that their resourcesare protected and
their interactions are private. TheServlet specification provides methods and guidelines
for implementing security in web applications.
Below things areto be considered whenwe write secure program.
Authentication
Authorization
Data integrity
Confidentiality and non-repudiation
Auditing
Malicious code
Web attacks
Dell Confidential -Internal UseOnly30
31. Theimportance of web security will continue to increase as companies and individuals
alike arepaying moreattention to ensuring that their resourcesare protected and
their interactions are private. TheServlet specification provides methods and guidelines
for implementing security in web applications.
Below things areto be considered whenwe write secure program.
Authentication
Authorization
Data integrity
Confidentiality and non-repudiation
Auditing
Malicious code
Web attacks
Dell Confidential -Internal UseOnly31
The BLI is a global database of data breaches as they happen and provides a methodology for security professionals to score the severity of breaches and see where they rank among publicly disclosed breaches. The BLI calculates the severity of data breaches across multiple dimensions based on breach disclosure information
Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
Key Management Interoperability Protocol (KMIP) to the Organization for the Advancement of Structured Information Standards (OASIS)
Public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption
Euler's totient function (or Euler's phi function), denoted as φ(n) or ϕ(n), is an arithmetic function that counts the positive integers less than or equal to n that are relatively prime to n.
for any real number x.
e^{ix}=cos x+isin x
where e is the base of the natural logarithm, i is the imaginary unit, and cos and sin are the trigonometric functions cosine and sine respectively
Alice and Bob agree on
p = 23 and
g = 5.
2 Alice chooses
a = 6 and sends 5
6 mod 23 = 8.
3 Bob chooses
b = 15 and sends 515 mod 23 = 19.
4 Alice computes 19
6 mod 23 = 2.
5 Bob computes 815 mod 23 = 2.
Then 2 is the shared secret.
How are you identifying, collecting, and responding to malicious security events occurring across the critical assets and systems on your network?
What areas of risk would you be most concerned with if a breach occurred? Why?
Has your network ever been hacked/breached? How would you know if it had been?