Escolar Documentos
Profissional Documentos
Cultura Documentos
Presented by:
Monzur Morshed
Rezaur Rahman
TigerHATS
www.tigerhats.org
TigerHATS - Information is power
Homepage: www.tigerhats.org
Twitter: www.twitter.com/tigerhats
Use of Cryptography in Data
Security over Computer
Networks
Presented
by
Monzur Morshed
Rezaur Rahman
(TigerHATS)
Definitions
Computer Security: measures to protect data within a
computer and during its processing.
• Fabrication
Preliminaries [Cont..]
Logical Control: It uses software and data to
monitor and control access to data (information) of a
system. As for example, password authentication
schemes, access control schemes, firewalls to
network, network intrusion detection systems, and
encryption methods are types of logical controls.
Notation Description
K +A Public key of A
K −A Private key of A
Concept of Cryptography
There two categories of cryptography or cryptosystem.
One is symmetric cryptosystem and another is
Asymmetric cryptosystem. Cryptography and
cryptosystem are synonymous words. In future we shall
use word cryptosystem in case of cryptography.
C = EA(K, P)
Where C-cipher text, EA- encryption algorithm,
K- key, P- plain text.
K
Encryption Cipher
Plaintext Algorithm text
Encryption Process
Symmetric cryptosystem
P = DA(K, C)
Where DA- decryption algorithm.
K
Decryption Plaintext
Cipher text Algorithm
Decryption Process
C = EA(Kpub, P)
Where Kpub is the public key.
Kpub Cipher
Encryption text
Plaintext Algorithm
Encryption Process
Asymmetric cryptosystem
P = DA(Kp, C)
Where DA- decryption algorithm.
Kp
Decryption Plaintext
Cipher text Algorithm
Decryption Process
Giving ciphertext
MEMATRHPRYETEFETEAT
RSA Cryptosystem
This cryptosystem is invented by Rivest, Shamir
and Adleman (RSA) in 1979.
The 1024 bits key size is a typical key size for RSA
cryptosystem.
RSA Key Generation Process
1. Select at random two large prime numbers p and q.
( The primes p and q might be, say, 100 decimal digits each. )
64 bit M 64 bit C
DES
Encryption
56 bits
DES Top View
56-bit Key
64-bit
48-bitInput
K1
Generate keys
Permutation Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
…... 48-bit K16
Round 16
64-bit Output
27
Symmetric Cryptosystems: DES (2)
Digital
Message Encryption
signature
m algorithm
S
Verification process
For A: For B:
m Kp, A Kpub, A
Encryptio S Decryptio m
S
n n
Algorithm algorithm
1) A produces signature S:
S = E(Kp, A, m).
m Kp, A Kp, B
Encryption C Decryption
algorithm algorithm
Kpub,B Kpub,A S
S
Decryption
Encryption algorithm
algorithm
m
C
Receiving end
Sending end
Kerberos
In a secure networking system when a
user on a client wants to get service from a
server he or she must be authenticated.
A network with Kerberos authentication
service grants access to the server if the
user is authenticated by Kerberos.
That is, before getting service from a
service server, the user must go through
Kerberos.
39
Kerberos Requirements
It’s first report identified requirements as:
• secure
• reliable
• transparent
• Scalable
Implemented using an authentication
protocol based on Needham-Schroeder
Kerberos v4 Overview
A basic third-party authentication scheme
It has an Authentication Server (AS)
• users initially negotiate with AS to identify self
• AS provides a non-corruptible authentication
credential (ticket granting ticket TGT)
It has a Ticket Granting server (TGS)
• users subsequently request access to other
services from TGS on basis of users TGT
Kerberos
AS –
Kerberos
Authenticatio
n Server
AS
TGS – Ticket
Granting
Server
TGS
42
Dialogue of Client and AS
Request (m1)
Client
(CL)
E-TGT
AS
43
Dialogue of Client and TGS
Request (m2)
Client
(CL)
E-SGT
TGS
44
Dialogue of Client and SS
(CL)
Accept
or reject
SS
m3 = idcl + SGTss
SGTss = E (Kss, [adcl + idcl + TS2 + LT2])
45
Kerberos 4 Overview
Firewalls
Firewall blocks open ports through which an intruder can gain access to your
system and the valuable data you have stored in it.
Firewalls limit access between networks to prevent intrusion and do not signal an
attack from inside the network.
As all information passes through firewall, user can know what is happening
in the network.
Firewall allows to create rules or set privileges for the type of traffic that can pass
through the firewall in both directions.
TigerHATS
www.tigerhats.org