Xem mẫu
- Internet Security
- Aspects of Security
- Privacy
sender and receiver expect confidentiality
transmitted message must make sense only the
intended receiver
to all others, message must be unintelligible
Plaintext: to be encrypted at the sender
Ciphertext: encrypted data and will be decrypted at
the receiver
Encryption/decryption methods:
secret-key method
public-key method
- Secret-key
Encryption/Decryption
Same key is used by both parties -> key is
shared symmetric encryption algorithms
Algorithm used for decryption is the inverse of
the algorithm used for encryption
- Advantages & Disadvantages
Advantages:
Take less time to encrypt a message
Key is small -> used for long messages
Disadvantages:
Each pair of users must have a secret key. N
people -> need N(N-1)/2 secret keys.
The distribution of the keys between two parties
can be difficult -> Solution: using a third party -
KDC (Key Distribution Center) -> shares a key
with both users
- Public Key Encryption
a private key + a public key
Private key:
is kept by receiver (individual)
is used to decrypt ciphertext
Public key:
is announced to the public
is used to encrypt plaintext
- Public Key Encryption
- Advantages & Disadvantages
Advantages:
Each entity is independent and the pair of keys can be used
to communicate with any other entity.
The number of keys needed is reduced tremendously N
users -> 2N keys
Disadvantages:
The complexity of algorithm using the long keys takes a
lot of time -> just efficient for short messages
The association between an entity and its public key must
be verified (certification) -> solution: CA – Certification
Authority
- CA – Certification Authority
certify the binding between a public key and the
owner (by issuing a certificate)
How?
CA combine a public key and information about an entity
into one document
then CA encrypts the document with its private key and
sends it to everyone registered to that authority
the registered users can use their public key to decrypt the
certificate and find the public key of the entity.
- Using the Combination
Secret key method: efficiency (long messages)
Public key method: easy distribution of keys
Combination:
Public key is used to encrypt the secret key
Secret key is used to encrypt the message
- Using the Combination
- Digital Signature
Toachieve authentication, integrity and
non-repudiation
Two choices:
Signing the whole document
Signing the Digest
- Signing the Whole Document
Sender uses his private key to encrypt (sign) the
message his signature
Receiver uses the public key of the sender to
decrypt the message
- Digital Signature can provide integrity,
authentication and non-repudiation -> How?
Integrity:
If an intruder intercepts the message and partially or totally
changes it -> the decrypted message would be unreadable
Authentication:
If an intruder (X) sends a message pretending that it is coming
from someone else (G)
He must use his own private key for encryption (private X)
Message is then decrypted with the public key of G will therefore
be unreadable
Encryption with X’s private key and decryption with G’s public
key results in garbage
Non-repudiation:
If sender denies sending the message, his private key
corresponding to his public key can be tested on the original
plaintext.
- Digital signature does not provide Privacy.
If there is a need for privacy, another layer of
encryption/decryption must be applied
- Signing the Digest
Using public key to sign the entire message
is very inefficient if message is very long ->
signing a digest of the document instead of
the whole document
Operations:
Sender creates a miniature version (digest) of the
document and signs it
Receiver then checks the signature on the
miniature
- Hash Function
To create a digest of the message -> using a
hash function
Hash function creates a fixed-size digest from a
variable-length message
- Hash Function
Two most common hash function:
MD5 (Message Digest 5): 120-bit digest
SHA-1 (Secure Hash Algorithm 1): 160-bit digest
Two properties:
Hashing is one-way: the digest can only be
created from the message, not vice versa
One-to-one function: there is little probability that
two messages will create the same digest
- Signing the Digest –
Operations at Sender site
After the digest has been created, it is encrypted
(signed) using the sender’s private key
The encrypted digest is attached to the original
message and sent to receiver
- Signing the Digest –
Operations at Receiver site
Receiver receives the original message and the
encrypted digest
Using the same hash function to the message to create
the second digest
Decrypts the received digest using the public key of the
sender, then compares it with the second digest
nguon tai.lieu . vn