Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
236
Views
0
Helpful
0
Comments

CRYPTOGRAPHY -- FOR BEGINNER LEVEL

Gopinath_Pigili
Spotlight
Spotlight

on ‎06-10-2024 06:17 AM

                                                                               Cryptographic Systems

Introduction

Cryptographic Hashes

HMAC/KHMAC

Symmetric Encrypition

Asymmetric Encryption

Digital Signatures

Public Key Infrastructure (PKI)

 

Introduction

  • Network Traffic is protected by “Cryptographic” methods,  when traversing  through the Internet.
  • Cryptology”  is a science of making and breaking secret codes.
    • The Development and use of codes is called as “CRYPTOGRAPHY”
    • Breaking of codes is called “CRYPTANALYSIS”.

                         

                                          Gopinath_Pigili_0-1718003785183.png
  • When we are working with encryption, the readable data is called “Plain-text” and the encrypted data is called  “Cipher text”.
  • The popular methods for making codes are:
    • Transposition Cipher:- In Transposition Cipher no letters are replaced, they are rearranged.
    • Substitution Cipher: - here letters are replaced.
       

      Gopinath_Pigili_23-1718004597966.png

 

CRYPTOGRAPHIC HASHES

  • A  Hash function takes binary data and produced a condensed representation called the Message -Digest.
  • Hashing is based on one-way mathematical function that is relatively easy to compute but significantly hard to reverse.
  • Every time data is changed/altered the hash value also changes.
  • They can be used to detect duplicate  data files, file version changes.
  • There are two Well-known Hash Functions:         
    • Message-Digest 5 (MD-5)
    • Secure Hash Algorithm 1 (SHA-1)

Message-Digest-5 (MD-5)

  • It produces a 128-bit hash from a sequence of simple binary operations.
  • It is collision resistant, which means two messages with the same hash are very unlikely to occur.

 SECURE HASH ALGORITHM (SHA-1)

  • It takes  an input message of less than 2^64 bits and produces a 160-bit Message digest.
  • This algorithm slightly slower than MD-5 but more Secure.
  • Versions available:  SHA-1, SHA-2 & SHA-3

Hashing Example

Gopinath_Pigili_3-1718003785266.png

HMAC/KHMAC

  • HMAC stands for Hash Message Authentication Code and is also known as KHMAC (Keyed-HMAC) is a type message authentication code.
  • An HMAC is calculated using a specific algorithm  that combines a cryptographic hash function with a secret key.
  • Only Sender and Receiver knows the secret key and the output of the hash function now depends on the input data and secret key.

Key Properties

Gopinath_Pigili_4-1718003785280.png

 

Symmetric encryption

  • Same key used for both encryption and decryption

 

Gopinath_Pigili_5-1718003785292.png

 

  • Best known as shared-secret key algorithms.
  • The usual key length is 80 – 256 bits.
  • A sender and receiver must share a secret key.
  • Faster Processing because they use simple mathematical operations.
  • Examples include DES, 3DES, AES, IDEA, RC2/4/5/6 and Blowfish.

Block Cipher Modes

Gopinath_Pigili_6-1718003785298.png

 

Asymmetric encryption

  • Uses different keys for encryption and decryption; one is private key and another is public key.

 

Gopinath_Pigili_7-1718003785311.png
  • Also known as public key algorithms
  • The usual key length is 512-4096 bits
  • A sender and receiver don’t share a secret key
  • Relatively slow because they are based on difficult computational algorithms.
  • Key lengths greater than or equal to 1024 bits can be trusted.
  • Key lengths that are shorter than 1024 bits are considered unreliable for most algorithms.
  • Examples include RSA (RivestShamirAdleman), EIGamal, Elliptic Curves and DH (Diffie Hellman).
Gopinath_Pigili_8-1718003785363.png

Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality

  1. Each system generates a pair of keys
  2. Each system publishes its bublic key keeping its companion key private.
  3. If A wishes to send a message to B then it encrypts the message using B’s public key and sends to B.
  4. When B receives the message, it decrypts the message using its private key. No one else can decrypt the message because only B knows its private key.
Gopinath_Pigili_9-1718003785386.png

Private Key (Encrypt) + Public Key (Decrypt) = Authentication

  1. Each user (for example: Alice and Bob)  generates a pair of keys
  2. Each user publishes its public key keeping their companion key private.
  3. If Alice wishes to send a message to Bob then Alice encrypts the message using Alice’s private key and sends message to the Bob.
  4. When Bob receives the message, Bob decrypts the message using Alice’s Public key. Now, authentication is successful..
Gopinath_Pigili_10-1718003785408.png
  • Each entity in the network, including devices and users must create and maintain its own private and public keys. Key management is a problem in asymmetric encryption because it involves managing a pair of keys. Asymmetric key cryptography is vulnerable to attacks such as man-in-the-middle attacks.

 

Digital Signatures

  • Digital Signatures provide three basic security services: Authentication, Integrity and Non-repudiation.
  • Authenticates a source, proving a certain party has seen, and has signed, the data in question.
  • Signing party can’t repudiate that it signed, the data.
  • Guarantees that the data has not changed from the time it was signed.            
                                                Gopinath_Pigili_11-1718003785426.png

Characteristics of Digital Signatures

  • The Signature is authentic and not forgeable: The signature is proof that the signer and no one else signed the document.
  • The Signature is not reusable: The signature is a part of the document and can’t be moved to a different document.
  • The Signature is unalterable: After a document is signed, it can’t be altered.
  • The Signature is can’t be repudiated: For legal purposes, the signature and the document are considered to be physical things. The signer can’t claim later that they did not sign it.
  • The publisher of the software attaches a digital signature to the executable, signed with the signature key of the publisher.

 The Digital Signature Process

 

Gopinath_Pigili_12-1718003785445.png
  1. The sending device creates a hash of the document.
  2. The sending device encrypts only the hash with privacy key of signer.
  3. The Signature Algorithm generates a digital signature and transmit document.
  4. The receiving device accepts the document with digital signature and obtains Public Key.
  5. The receiving device verifies Signature with verification key (Senders Public key)
  6. Validity of Digital Signature is verified.

Digital Signature Algorithm (DSA)

  • Introduced in 1994
  • Provides Digital Signatures
  • Signature generation is fast
  • Signature verification is slow

Rivest Shamir Adleman (RSA):

  • Introduced in 1977
  • Used as Asymmetric Algorithm  and Digital Signature
  • Signature verification is fast
  • Signature generation is slow

 

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI):  A service framework (hardware, software, people, policies and procedures) needed to support large-scale public key-based technologies.

Certificate:  A document, which binds together the name of the entity and its public key and has been signed by the CA.

Certificate authority (CA): The trusted third party that signs the public keys of entities in PKI-based systems.

CA Vendors and Sample Certificates

Gopinath_Pigili_13-1718003785492.png

X.509v3

Gopinath_Pigili_14-1718003785526.png

PKI Topologies

Gopinath_Pigili_15-1718003785563.png

 Registration Authorities

Gopinath_Pigili_16-1718003785590.png

Submitting Certificate Requests

Gopinath_Pigili_17-1718003785632.png

Authenticating

Gopinath_Pigili_18-1718003785655.png

Thank you very much...!!

------------------------------------------- THE END --------------------------------------------------

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents