Cryptographic Security
Cryptographic Mechanisms
Mesbah Islam– Operating Systems
1
Cryptographic Security
Presentation Outline








Introduction
Security goals
Symmetric algorithm
Asymmetric algorithm
Hashing algorithm
Digital signature
Summary and conclusions
Q/A?
Mesbah Islam– Operating Systems
2
Cryptographic Security
Introduction



Cryptography is a branch of applied mathematics concerned
with transformations of data for security.
In cryptography, a sender transforms unprotected information
(plaintext) into coded text (ciphertext).
A receiver uses cryptography to either (a) transform the
ciphertext back into plaintext, (b) verify the sender’s identity,
(c) verify the data’s integrity, or some combination.
Mesbah Islam– Operating Systems
3
Cryptographic Security
Internet Security Issues





Eavesdropping. Information remains intact, but its privacy is
compromised.
Tampering. Information in transit is changed or replaced and
then sent on to the recipient.
Impersonation. Information passes to a person who poses as
the intended recipient. Impersonation can take two forms:
Spoofing. A person can pretend to be someone else.
Misrepresentation. A person or organization can
misrepresent itself.
Mesbah Islam– CS5204 – Operating Systems
4
Cryptographic Security
Goals

Applicability of cryptography to support the basic security
services




privacy/confidentiality -information not disclosed to unauthorized
entities
integrity -information not altered deliberately or accidentally
authentication -validation of identity of source of information
non-repudiation -source of information can be objectively established
Mesbah Islam– CS5204 – Operating Systems
5
Cryptographic Security
Symmetric Key Encryption for Confidentiality
Ciphertext
M
A
EA
01011
Sender
DB
B
M
Receiver
Eavesdropper
cannot read
o Sender encrypts the plaintext using public key
o Receiver decrypts the ciphertext using private key
Mesbah Islam– CS5204 – Operating Systems
6
Cryptographic Security
Asymmetric Key Encryption



Asymmetric (also called Public-key encryption) involves a
pair of keys-a public key and a private key-associated with an
entity that needs to authenticate its identity electronically or to
sign or encrypt data.
Each public key is published, and the corresponding private
key is kept secret.
The sender encrypts the data with the receiver’s public key,
and the receiver decrypts the ciphertext message with its own
private key.
Mesbah Islam– CS5204 – Operating Systems
7
Cryptographic Security
Asymmetric Key Encryption (contd.)
Ciphertext
M
A
EB
01011
Sender
DB
B
M
Receiver
Eavesdropper
cannot read
o Sender encrypts the plaintext using receiver’s public key
o Receiver decrypts the ciphertext using receiver’s
private key
Mesbah Islam– CS5204 – Operating Systems
8
Cryptographic Security
Asymmetric Key Encryption (contd.)

Compared with symmetric-key encryption, public-key
encryption requires more computation and is therefore not
always appropriate for large amounts of data.

However, it's possible to use public-key encryption to send a
symmetric key.
Mesbah Islam– CS5204 – Operating Systems
9
Cryptographic Security
Secure Hashing Algorithm




The secure hash function takes a stream of data and reduces it
to a fixed size through a one-way mathematical function.
The result is called a message digest and can be thought of as a
fingerprint of the data.
The message digest can be reproduced by any party with the
same stream of data, but it is virtually impossible to create a
different stream of data that produces the same message digest.
A message digest can be used to provide integrity.
Mesbah Islam– CS5204 – Operating Systems
10
Cryptographic Security
Secure Hashing Algorithm (contd.)
Mesbah Islam– CS5204 – Operating Systems
11
Cryptographic Security
Secure Hashing Algorithm (contd.)
Mesbah Islam– CS5204 – Operating Systems
12
Cryptographic Security
Secure Hashing Algorithm (contd.)

Digests are



Fixed length
Irreversible
Unique
Mesbah Islam– CS5204 – Operating Systems
13
Cryptographic Security
Digital Signature




Digital signatures employ a type of asymmetric cryptography.
For messages sent through a non-secure channel, a properly
implemented digital signature gives the receiver reason to
believe the message was sent by the claimed sender.
Digital signatures are equivalent to traditional handwritten
signatures in many respects; properly implemented digital
signatures are more difficult to forge than the handwritten
type.
Digital signatures can also provide non-repudiating, meaning
that the signer cannot successfully claim they did not sign a
message, while also claiming their private key remains secret.
Mesbah Islam– CS5204 – Operating Systems
14
Cryptographic Security
Digital Signature (contd.)
M
A
Enc(Bpub(Apriv(M)))
Dec(Apub(Bpriv(C)))
B
M
Receiver
Sender
Mesbah Islam– CS5204 – Operating Systems
15
Cryptographic Security
Summary and Conclusions
Mechanism
Confidentiality
Integrity
Authentication Nonrepudiation
Symmetric Key
Cryptography
yes
no
no
no
Asymmetric
Key
Cryptography
yes
no
no
no
Secure Hashing
yes
yes
no
no
yes
yes
yes
yes
Digital
Signature with
Asymmetric
Key
Mesbah Islam– CS5204 – Operating Systems
16
Cryptographic Security
??
Mesbah Islam– CS5204 – Operating Systems
17