SYMMETRIC ENCRYPTION - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

SYMMETRIC ENCRYPTION

Description:

Encryption and decryption with a ... Padding. None: no padding ... Zeros: zero is padded .net SYMMETRIC ENCRYPTION. SymmetricAlgorithm. TripleDES. 3 X 356 keys ... – PowerPoint PPT presentation

Number of Views:412
Avg rating:3.0/5.0
Slides: 14
Provided by: lillians
Category:

less

Transcript and Presenter's Notes

Title: SYMMETRIC ENCRYPTION


1
SYMMETRIC ENCRYPTION
  • Shared Keys known both to sender and receiver.
  • Encryption and decryption with a single key.
  • Ciphers are fast - encryption of large data
    with little performance penalty.
  • Create key and IV
  • Modes indicate granularity of message
  • Electronic Code Book (ECB) divides data into
    fixed block size
  • Cipher Block Chaining (CBC) each block size is
    XORed and encrypted
  • Cipher Feedback Model (CFB) suited to encrypt a
    single bit or byte
  • Padding
  • None no padding
  • PKCS7 empty bytes filled with a value equal to
    number of bytes required
  • Zeros zero is padded

2
.net SYMMETRIC ENCRYPTION
DESCrpytoServiceProvider
DES 56 bit
TripleDES 3 X 356 keys
TripleDESCrpytoServiceProvider
SymmetricAlgorithm
Rijndael Variable(1-2,048)
RijndaelManaged
RC2 128-, 192-, 256-
RC2CryptoServiceProvider
3
ASYMMETRIC ENCRYPTION
  • Public and Private key generation.
  • 1000 X slower than symmetric encryption.
  • Most popular asymmetric encryption algorithms
  • RSA (Rivest, Shamir Adelman)
  • DSA (Digital Signature Standard)

4
.net ASYMMETRIC ENCRYPTION
RSA 3 X 356 keys
RSACrpytoServiceProvider
AsymmetricAlgorithm
DSA Variable(1-2,048)
DSACryptoServiceProvider
5
HYBRID ENCRYPTION
  • Use both symmetric and asymmetric encryption for
    large data.
  • Generate a symmetric key i.e. session key.
  • Symmetrically Encrypt the content with a session
    key
  • Use an asymmetric public key to encrypt the
    session key.
  • Send both the data and encrypted session key.
  • Recipient decrypts the session key with the
    asymmetric private key.
  • Recipient decrypts the message with decrypted
    session key.

6
HASHING
  • Deals with data consistency i.e. integrity.
  • Calculates a one-way cryptographic hash of the
    message i.e. message digest
  • Message digest is one-way, fixed length, unique
    ands relatively small.
  • One way so it cant be re-engineered.
  • Hashed content is sent with the hash
  • Hash algorithms
  • Message Digest (MD5) 128 bit
  • Secure Hash Algorithm (SHA) 160, 384, 512
    variants

7
.net HASHING
SHA256
SHA384
SHA1
HashAlgorithm
SHA512
HMACSHA1
KeyHashedAlgorithm
MACTripleDES
MD5
8
DIGITAL SIGNING
  • Authentication, Integrity and Non-Repudiation
  • Authentication and non-repudiation with
    asymmetric algorithm.
  • Integrity with hashing algorithm.
  • Only private key owner can sign the message.
  • Signature can be verified by anyone with public
    key.
  • Only the hash value is encrypted. The message is
    in original format. Proper security entails
    encrypted message as well.
  • Process
  • Compute digest (hash value) of content
  • Encrypt hash value with private key to create
    digital signature
  • Send content and digital signature to recipient
  • Recipient calculates hash value of the message
    using same hash algorithm as sender.
  • Digital signature is decrypted using public
    asymmetric key. If decryption is successful
    message is from sender.
  • Decrypted hash is verified with newly computed
    hash no tempering.

9
.net SECURITY FRAMEWORK
  • Salient features
  • Provides the ability to create a security profile
    that captures cryptographic level details
  • Associates the data with the security profile
  • Hides algorithm level details inside a security
    profile so that change of implementation is
    flexible.
  • Binding between security profiles and data with
    daclarative programming
  • Provides a unified API
  • Steps
  • Agree on a profile
  • Bind the profile to the business object
  • Identify extent of security required
  • Implement the security attributes with providers
    i.e. code that performs the cryptography based on
    profile and attributes
  • Output a sectioned secured envelope from the
    provider which contained secured payload
  • Send the envelope with its payload to receiver

10
FRAMEWORK OVERVIEW
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com