ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and...
-
Upload
maurice-williamson -
Category
Documents
-
view
219 -
download
0
Transcript of ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and...
ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based
Information SystemsInformation Systems
Chapter 50Chapter 50
Cryptography, Privacy, and Digital CertificatesCryptography, Privacy, and Digital Certificates
IntroductionIntroduction
Remember: the Internet is VERY insecureRemember: the Internet is VERY insecure Snoopers can access almost anything you Snoopers can access almost anything you
send/receivesend/receive Most of the time – not a problemMost of the time – not a problem
Big deal if someone knows you went to Big deal if someone knows you went to www.uncc.edu
However, VERY big deal if someone However, VERY big deal if someone knows your credit card numberknows your credit card number
IntroductionIntroduction
How can businesses operate properly?How can businesses operate properly? Exchange dataExchange data Exchange financial informationExchange financial information
How do you know that the “person” on the How do you know that the “person” on the other end of a communication is really who other end of a communication is really who they say they are?they say they are? Verifying identities is crucial to many activitiesVerifying identities is crucial to many activities
Without solutions to these problems the Without solutions to these problems the Internet becomes much less usefulInternet becomes much less useful
CryptographyCryptography
Cryptography – secret writingCryptography – secret writing Altering information so anyone intercepting Altering information so anyone intercepting
it cannot understand itit cannot understand it Three-step processThree-step process
Encrypt (change plain text to Encrypt (change plain text to ciphertextciphertext)) TransmitTransmit
Anyone intercepting sees only nonsenseAnyone intercepting sees only nonsense Decrypt (change ciphertext back into plain Decrypt (change ciphertext back into plain
text)text)
CryptographyCryptography
Key element: only Key element: only recipientrecipient can change can change ciphertext back into plain textciphertext back into plain text
Accomplished via mathematical manipulationAccomplished via mathematical manipulation Treats message as a numerical sequenceTreats message as a numerical sequence Alters message usingAlters message using
AlgorithmAlgorithm KeyKey
Result is a different numerical sequenceResult is a different numerical sequence What gets transmittedWhat gets transmitted
CryptographyCryptography
Algorithms produce different results if Algorithms produce different results if different keys are useddifferent keys are used
Guessing the key means the ciphertext Guessing the key means the ciphertext can be decryptedcan be decrypted Thus, key length is importantThus, key length is important
Example: if every UNCC password was 1 Example: if every UNCC password was 1 alphabetic character long could you alphabetic character long could you eventually guess it?eventually guess it?
CryptographyCryptography
Why is key length important?Why is key length important? Example:Example:
26 Uppercase26 Uppercase
+ 26 Lowercase+ 26 Lowercase + 42+ 42 special characters & numbers special characters & numbers 94 characters in “key space”94 characters in “key space”
8 character password means 948 character password means 9488 combinations combinations6,095,689,385,410,820 possible passwords6,095,689,385,410,820 possible passwordsAt 1 per second would take 193,293,042 years to test allAt 1 per second would take 193,293,042 years to test all
CryptographyCryptography
Common encryption systemsCommon encryption systems SymmetricSymmetric
Sender and receiver use same keySender and receiver use same key
Asymmetric (public key – private key)Asymmetric (public key – private key) Sender and receiver Sender and receiver
Each have two keys: public and privateEach have two keys: public and private Use different keys for specific situationsUse different keys for specific situations
Sender’s key is public – made available to anyoneSender’s key is public – made available to anyone Receiver’s key is privateReceiver’s key is private Sender’s key can only encrypt – it cannot decryptSender’s key can only encrypt – it cannot decrypt
CryptographyCryptography
Messages encrypted with your public keyMessages encrypted with your public key Cannot be decrypted except with your Cannot be decrypted except with your
private keyprivate key Because only you know your private key, Because only you know your private key,
only you can decrypt messages intended only you can decrypt messages intended for youfor you
The public key is a one-way keyThe public key is a one-way key Encryption onlyEncryption only
CryptographyCryptography
Process requires hash functions to workProcess requires hash functions to work Hash functions convert a message into a shorter Hash functions convert a message into a shorter
message that has unique propertiesmessage that has unique properties No collisionsNo collisions No reverse engineeringNo reverse engineering
MD5MD5 Most common algorithmMost common algorithm Ron Rivest MITRon Rivest MIT Mathematical formula translates a file into a 128-bit Mathematical formula translates a file into a 128-bit
hexadecimal “message digest”hexadecimal “message digest”
CryptographyCryptography
Example:Example:
The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog
9e107d9d372bb6826bd81d3542a419d69e107d9d372bb6826bd81d3542a419d6
The quick brown fox jumps over the lazy The quick brown fox jumps over the lazy eeog og
ffd93f16876049265fbaef4da268dd0effd93f16876049265fbaef4da268dd0e
CryptographyCryptography
Secure Hash Algorithm (SHA)Secure Hash Algorithm (SHA) Developed by NISTDeveloped by NIST When a message of any length < 2When a message of any length < 26464 bits is bits is
input, produces a 160-bit message digestinput, produces a 160-bit message digest
CryptographyCryptography
Example:Example:The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog
2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb122fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12
The quick brown fox jumps over the lazy The quick brown fox jumps over the lazy ccog og
de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3
How Cryptosystems WorkHow Cryptosystems WorkMessage converted via hash algorithm to a “message digest”
Message
Hash function
Message digest
Private key encrypts the “message digest”
Private key
Message digest
Digital signature
Original message
Random key
Encrypted message
Digital signature
Random key
Encrypted digital signature
Random key encrypts the message digest and original message
Random key
Mia’s public key
Digital envelope
Random key encrypted with Mia’s public key
Encrypted digital envelope(random key)
Mia’s private key
Gabriel’s random key
Mia decrypts digital envelope with her private key
Gabriel’s random key Encrypted message
Original (decrypted) message
Mia decrypts message using the random keyGabriel’s public key
Encrypted digital signature(message digest)
Decrypted message digest
Mia decrypts the digital signature
Gabriel’s decrypted message
Hash function
Message digest
Mia generates her own message digest
CryptographyCryptography
Gabriel wants to send a secret message Gabriel wants to send a secret message to Miato Mia
Two problems:Two problems: How does Gabriel ensure that no one but Mia How does Gabriel ensure that no one but Mia
can read his message?can read his message? How does Mia know the message came from How does Mia know the message came from
Gabriel?Gabriel?
CryptographyCryptography
Hash function converts Gabriel’s message Hash function converts Gabriel’s message to a “message digest”to a “message digest” A unique digital fingerprint of the original A unique digital fingerprint of the original
messagemessage
Message digest encrypted using Gabriel’s Message digest encrypted using Gabriel’s private keyprivate key Produces a unique digital signature that only Produces a unique digital signature that only
Gabriel could have createdGabriel could have created
CryptographyCryptography
Gabriel generates a new random keyGabriel generates a new random key Using this key he encrypts both his Using this key he encrypts both his
original message and his digital signatureoriginal message and his digital signature The random key is the only key in the world The random key is the only key in the world
that can decrypt the messagethat can decrypt the message And only Gabriel has a copy of this keyAnd only Gabriel has a copy of this key
CryptographyCryptography
Gabriel encrypts the random key using Gabriel encrypts the random key using Mia’s public keyMia’s public key This is called a digital envelopeThis is called a digital envelope Only Mia can decrypt this value using her Only Mia can decrypt this value using her
private keyprivate key Gabriel sends message to MiaGabriel sends message to Mia
Encrypted messageEncrypted message Encrypted digital signatureEncrypted digital signature Encrypted digital envelopeEncrypted digital envelope
CryptographyCryptography
Mia receives message and testsMia receives message and tests It’s contentIt’s content It’s authenticityIt’s authenticity
Mia decrypts the digital envelope using her Mia decrypts the digital envelope using her private keyprivate key This gives her the random key Gabriel used to This gives her the random key Gabriel used to
encrypt the message and his digital signatureencrypt the message and his digital signature
CryptographyCryptography
Using the now decrypted random key, Mia Using the now decrypted random key, Mia decrypts the messagedecrypts the message
However:However: Was it altered enroute?Was it altered enroute? Is this message really from Gabriel?Is this message really from Gabriel?
Using the random key and Gabriel’s public Using the random key and Gabriel’s public key, Mia decrypts the digital signaturekey, Mia decrypts the digital signature The message digest is now revealedThe message digest is now revealed
CryptographyCryptography
The message digest enables Mia to tell if The message digest enables Mia to tell if the information she received matches the the information she received matches the information Gabriel sentinformation Gabriel sent
Mia runs the decrypted message thru the Mia runs the decrypted message thru the same hash function that Gabriel usedsame hash function that Gabriel used This produces a new message digestThis produces a new message digest
CryptographyCryptography
Mia comparesMia compares The message digest she generated withThe message digest she generated with The message digest she decrypted from The message digest she decrypted from
Gabriel’s digital signatureGabriel’s digital signature
If the two match Mia knows:If the two match Mia knows: The message she received was from GabrielThe message she received was from Gabriel It was not altered in transit to herIt was not altered in transit to her
Digital CertificatesDigital Certificates
Method of using encryption to verify the Method of using encryption to verify the identify of an individualidentify of an individual
Each user gets a unique certificateEach user gets a unique certificate Issued by a certificate authorityIssued by a certificate authority Charge users for the certificateCharge users for the certificate
Attached to email or presented to a Web Attached to email or presented to a Web sitesite Verifies their identityVerifies their identity
Digital CertificatesDigital Certificates
How do you get a digital certificate?How do you get a digital certificate? Visit a site that offers them: Visit a site that offers them: VeriSign Provide personally identifying informationProvide personally identifying information
NameName AddressAddress
Certificate downloaded to your PCCertificate downloaded to your PC Includes your own private keyIncludes your own private key
Digital CertificatesDigital Certificates
Certificate containsCertificate contains Your nameYour name Name of the certificate authority (CA)Name of the certificate authority (CA) Digital signature of the CADigital signature of the CA Serial number of your certificateSerial number of your certificate Expiration date of your certificateExpiration date of your certificate Your public keyYour public key
Encrypted in a way that makes it unique to Encrypted in a way that makes it unique to youyou
Digital CertificatesDigital Certificates
How do you use it?How do you use it? Attach certificate to your emailAttach certificate to your email
Causes your message to be signed with your Causes your message to be signed with your private keyprivate key
Recipient getsRecipient gets Email messageEmail message Information from your certificateInformation from your certificate Used to verify that the message actually came Used to verify that the message actually came
from youfrom you
Secure Socket LayerSecure Socket Layer
Secure Socket LayerSecure Socket Layer
Used to encrypt communications between Used to encrypt communications between two computerstwo computers
Padlock lets you know you’re secure:Padlock lets you know you’re secure:
Secure Socket LayerSecure Socket Layer
Computers use combination of public-key, Computers use combination of public-key, private-key encryptionprivate-key encryption
Works like this:Works like this: Computer A generates a symmetric key and Computer A generates a symmetric key and
sends it to computer B using B’s public keysends it to computer B using B’s public key Computer B decrypts it using its private keyComputer B decrypts it using its private key Now both computers have the same keyNow both computers have the same key Communicate securelyCommunicate securely Discard key at end of sessionDiscard key at end of session