Internet Security

Four Issues of Internet Security

• Authenticity: Is the sender of a message who they claim to be?

• Privacy: Are the contents of a message secret and only known to the sender and receiver?

• Integrity: Have the contents of a message been modified during transmission?

• Nonrepudiation: Can the sender of a message deny that they actually sent the message?

Encryption (Cryptography)

• Plain text: the original message in human-readable form.

• Ciphertext:the encrypted message

• Encryption/Decryption algorithm: the mathematical formula used to encrypt the plain text.

• Key: the secret key used to encrypt and decrypt a message.

Encryption Example

• Digits: 0-9, • Encryptor:

– Replace each digit by Mod(Digit + Key, 10)• Key’s value is from 0 to 9

– If Key = 7, then:• 0 -> 7, 1->8, 2->9, 3->0, 4->1, 5->2

• Decryptor:– Replace each digit byMod(Digit + (10-Key),

10)– If key=7, then

• 7->0, 8->1, 9->2, 0->3

Encryption Algorithms

• Private key encryption– symmetric cryptography

• Public key encryption– asymmetric cryptography

• Digital signature

Private Key (secret Key) Encryption

• The same key is used by a sender (for encryption) and a receiver (for decryption)

• The key must be transmitted to the receiver.

• Example: – DES (Data Encryption Standard) algorithm

with 56-bit key

Public Key Encryption

• Uses two different keys: a public and a private key.• Receiver’s public key must be delivered in advance.• Sender uses receiver’s public key to encrypt the

message and receiver uses private key to decrypt the message (Sender can be sure the receiver is the true receiver)

• Example:– RSA (Rivest, Shamir, and Adelman) algorithm with 512-bit to

1024-bit key.

• Note: Although the two keys are mathematically related, deriving one from the other is “computationally infeasible”.

Pretty Good Privacy

Digital Signature

• A digital signature is a mathematical scheme for demonstrating the authenticity of a digital document. It gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity).

• Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

Tech heavyweights join OpenID Foundation board

• IBM, Google, Microsoft, Yahoo and VeriSign have joined the board of the OpenID Foundation, which puts consumers a little closer to being able to use a single sign-on when they surf the Web.

• It is simpler: People no longer have to remember multiple passwords or re-enter their personal information every time they visit a new site.

• It is also more secure because it protects against certain types of online attacks.

• http://openid.net/