SYMMETRIC ENCRYPTION

1
SYMMETRIC ENCRYPTION

• Shared Keys known both to sender and receiver.
• Encryption and decryption with a single key.
• Ciphers are fast - encryption of large data
  with little performance penalty.
• Create key and IV
• Modes indicate granularity of message
• Electronic Code Book (ECB) divides data into
  fixed block size
• Cipher Block Chaining (CBC) each block size is
  XORed and encrypted
• Cipher Feedback Model (CFB) suited to encrypt a
  single bit or byte
• Padding
• None no padding
• PKCS7 empty bytes filled with a value equal to
  number of bytes required
• Zeros zero is padded

2
.net SYMMETRIC ENCRYPTION
DESCrpytoServiceProvider
DES 56 bit
TripleDES 3 X 356 keys
TripleDESCrpytoServiceProvider
SymmetricAlgorithm
Rijndael Variable(1-2,048)
RijndaelManaged
RC2 128-, 192-, 256-
RC2CryptoServiceProvider
3
ASYMMETRIC ENCRYPTION

• Public and Private key generation.
• 1000 X slower than symmetric encryption.
• Most popular asymmetric encryption algorithms
• RSA (Rivest, Shamir Adelman)
• DSA (Digital Signature Standard)

4
.net ASYMMETRIC ENCRYPTION
RSA 3 X 356 keys
RSACrpytoServiceProvider
AsymmetricAlgorithm
DSA Variable(1-2,048)
DSACryptoServiceProvider
5
HYBRID ENCRYPTION

• Use both symmetric and asymmetric encryption for
  large data.
• Generate a symmetric key i.e. session key.
• Symmetrically Encrypt the content with a session
  key
• Use an asymmetric public key to encrypt the
  session key.
• Send both the data and encrypted session key.
• Recipient decrypts the session key with the
  asymmetric private key.
• Recipient decrypts the message with decrypted
  session key.

6
HASHING

• Deals with data consistency i.e. integrity.
• Calculates a one-way cryptographic hash of the
  message i.e. message digest
• Message digest is one-way, fixed length, unique
  ands relatively small.
• One way so it cant be re-engineered.
• Hashed content is sent with the hash
• Hash algorithms
• Message Digest (MD5) 128 bit
• Secure Hash Algorithm (SHA) 160, 384, 512
  variants

7
.net HASHING
SHA256
SHA384
SHA1
HashAlgorithm
SHA512
HMACSHA1
KeyHashedAlgorithm
MACTripleDES
MD5
8
DIGITAL SIGNING

• Authentication, Integrity and Non-Repudiation
• Authentication and non-repudiation with
  asymmetric algorithm.
• Integrity with hashing algorithm.
• Only private key owner can sign the message.
• Signature can be verified by anyone with public
  key.
• Only the hash value is encrypted. The message is
  in original format. Proper security entails
  encrypted message as well.
• Process
• Compute digest (hash value) of content
• Encrypt hash value with private key to create
  digital signature
• Send content and digital signature to recipient
• Recipient calculates hash value of the message
  using same hash algorithm as sender.
• Digital signature is decrypted using public
  asymmetric key. If decryption is successful
  message is from sender.
• Decrypted hash is verified with newly computed
  hash no tempering.

9
.net SECURITY FRAMEWORK

• Salient features
• Provides the ability to create a security profile
  that captures cryptographic level details
• Associates the data with the security profile
• Hides algorithm level details inside a security
  profile so that change of implementation is
  flexible.
• Binding between security profiles and data with
  daclarative programming
• Provides a unified API
• Steps
• Agree on a profile
• Bind the profile to the business object
• Identify extent of security required
• Implement the security attributes with providers
  i.e. code that performs the cryptography based on
  profile and attributes
• Output a sectioned secured envelope from the
  provider which contained secured payload
• Send the envelope with its payload to receiver

10
FRAMEWORK OVERVIEW
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)