2. Data Encryption
Encryption Definition:
The action of disguising information so that it can be recovered
easily by the persons who have the key, but is highly resistant to
recovery by persons who do not have the key.
encryption is the process of transforming information (referred to
as plaintext) using an algorithm (called cipher) to make it
unreadable to anyone except those possessing special knowledge,
usually referred to as a key
3. Data Encryption
The encryption key may be changed from time to time
to make an intruder’s task more difficult.
Restoration of a ciphertext to cleartext is achieved by the
action of decryption using a decryption key.
4. Data Encryption
A message is cleartext (plaintext) is encrypted
(disguised) through the use of an encryption key to
create a Ciphertext.
5. Data Encryption
In symmetric (Single key):
The encryption and decryption keys are the same.
In asymmetric (two keys):
The encryption and decryption keys are different.
7. Data Encryption
Encryption Methods:
Encryption is accomplished by scrambling the bits,
characters, words, or phrases in the original message.
Scrambling involves two activities:
Transposition
Substitution
8. Data Encryption
Transposition:
In which the order of the bits patterns, characters, words
or phrases is rearranged.
The word “hello” can be written backwards as “OLLEH”.
Substitution:
In which new bit patterns, characters, words, or phrases
are substituted for the originals without changing their
order.
9.
10. Data Encryption
Data Encryption Standard (DES):
Most widely used algorithm
Pioneered by IBM
It is symmetric cryptosystem
Developed to protect sensitive, unclassified, US
government, Computer data.
Used to provide authentication of electronic funds
transfer messages.
11.
12.
13. Why encrypt?
Protect data even in the event of a security breach
Safeguard patient information
HIPAA compliance, and
TO AVOID
Financial loss (large fines, lost patients & revenue)
Legal ramifications (regulatory or civil prosecution)
Damage to professional image (negative publicity & media
fallout)
14. Data Encryption
DES Algorithm:
The algorithm accepts plaintext, P, and performs an
initial permutation, IP, on P producing P0, The block is
then broken into left and right halves, the Left (L0)
being the first 32 bits of P0 and the right (R0) being the
last 32 bits of P0.
With L0 and R0, 16 rounds are performed until L16 and
R16 are generated.
The inverse permutation, IP-1, is applied to L16R16 to
produce ciphertext C.
15. Data Encryption
Public Key Cryptosystem
It is an asymmetric cryptosystem.
First announced in 1976.
Offer a radically different approach to encryption.
The idea depends on the use of a pair of keys that differ
in a complementary way.
Several algorithms are proposed
RSA algorithm is considered to be highly secure.
18. MEANING
A digital signature is an electronic signature that can be
used to authenticate the identity of the sender of a message
or the signer of a document, and possibly to ensure that the
original content of the message or document that has been
sent is unchanged.
Digital signatures are easily transportable, cannot be
imitated by someone else, and can be automatically time-
stamped. The ability to ensure that the original signed
message arrived means that the sender cannot easily
repudiate it later.
19. A digital signature can be used with any kind of
message, whether it is encrypted or not, simply so
that the receiver can be sure of the sender's identity
and that the message arrived intact. A digital
certificate contains the digital signature of the
certificate-issuing authority so that anyone can verify
that the certificate is real.
20. HOW IT WORKS Original
message
Hash function
Sender’s
private key
Cipher
text(including
hash digest)
Sender’s
public key
Recipient’s
private key
Hash
receiver
21. Creating a Digital Signature
Hash
Function
Jrf843kjfgf*£$&Hdi
f*7oUsd*&@:<CH
DFHSD(**
Py75c%bn&*)9|fDe^b
DFaq#xzjFr@g5=&nm
dFg$5knvMd’rkvegMs”
This is a really long
message about Bill’s…
Asymmetric
Encryption
Message or File Digital Signature
128 bits Message Digest
Calculate a short
message digest from even
a long input using a one-
way message digest
function (hash)
Signatory’s
private key
private
22. Verifying a Digital Signature
Jrf843kjf
gf*£$&Hd
if*7oUsd
*&@:<CHD
FHSD(**
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
Asymmetric
decryption
(e.g. RSA)
Everyone has
access to trusted
public key of the
signatory
Signatory’s
public key
Digital Signature
This is a
really long
message
about Bill’s…
Same hash function
(e.g. MD5, SHA…)
Original Message
Py75c%bn&*)
9|fDe^bDFaq
#xzjFr@g5=
&nmdFg$5kn
vMd’rkvegMs”
? == ?
Are They Same?
23. 23
Certificate:
body of data placed in a message to serve as
Proof of the sender’s authenticity.
consists of encrypted information that associates
a public key with the true identity of an individual
Includes the identification and electronic signature of
Certificate Authority (CA).
Includes serial number and period of time when the
certificate is Valid
24. 24
Certificate Authority :
trusted organization that issues certificates for
both servers and clients.
create digital certificates that
securely bind the names of users to
their public keys.
Two types of CA:
* Commercial CA
* Self-certified private CA
25. Typ es of cer t ificat es
Root
CERT
eeeee
SERVER
CERT
CLIENT
CERT
OBJECT
SIGNING
CERT
OBJECT
CERT