Encrypton-RSA, PGP

Presented by

Aine Reynolds

Eric Hopkins

Rosanna Madera

Susanti Kusmiantoro

Overview of Encryption

The issue of security and privacy is not a new one, however the old-age science of cryptography has been in use since people had information they wished to hide.

Cryptography has naturally been extended into the realm of computers, and provides a solution to electronic security and privacy issues

Encryption Encryption and decryption typically occur

using complex mathematical algorithms with the use of a key

There are two types of key-based encryption algorithms,– Symmetric (private key)– Asymmetric (public key)

Symmetric encryption Typically use 128-bit length keys The Same key is used to encrypt and

decrypt the message– Message encrypted using a key– Message sent to receiver– Encryption key communicated separately, to

allow the message to be decrypted by receiver

An Example is the use of a password, to encrypt and decrypt

Symmetric Encryption ..cont…

Simplicity is a source of its problem, along with how many keys needed for each message

N*(N-1)/2 Number of private keys that need to exist

As the number of N increases, the management of the private key becomes costly and cumbersome.

Asymmetric(Public Key) Encryption

Asymmetric Encryption

Uses a pair of keys instead of a singular key One key is kept private while one is public Encryption by one can only be decrypted by

using the other The property of the key-pair can be used to

perform two functions, encryption and digital signatures

The public key of the recipient is used to encrypt the message

Asymmetric Encryption…cont.. Message encrypted using a one-use private key

(randomly generated for the specific message) This message specific key is then encrypted using

the recipient’s public key Both are sent together On receipt the recipient used his private key to

decrypt the message specific key, thus giving him access to the message

This combined approach provides speed of private key along with the manageability of public key encryption

Digital Signatures

PKI- The implementation of Public Key Cryptography

History of Encrytion 1900 BC: carvings that incorporate simple forms of coding

inside tombs in Egypt 1500 B.C.: cyphered pottery glaze formula 400 BC: A physical method of disguising the meaning of

messages called "Skytale" was devised by the Spartans. The Greeks described several substitution ciphers Julius Caesar is known to have used a cryptographic system to

keep his orders secret 400 AC: The "art of secret writing" is even included in the Kama

Sutra as a skill that women should learn and practice One of the most popular pastimes of the vikings was to devise

riddles which were suitable to encrypt message content

History of Encryption Cont. In the turbulent medieval times, the renaissance, and later

through the French revolution, mathematicians of all countries devised more and more sophisticated encryption algorythms

Invention of Telegraph 1945 World War II, Cracking the German Enigma 1960 IBM creates “Lucifer” 1973 NIST standarized encryption with DES 1976 DES was authorized for public use 1977 RSA was developed 1986 PGP was developed The next breakthrough in cryptography will probably happen

with the arrival of quantum computers

Who Uses Encryption?• Bank records and other financial data - to protect privacy

and to protect against theft of funds. • Protecting Ones Identity Against Theft• Passwords and personal identification numbers used for

electronic funds transfers, automated teller machines, and so on.

• Any sensitive data stored in databases, such as medical records.

• Research and product development files - to protect trade secrets.

• Viruses using encryption

Who Uses Encryption? Cont.

• Sensitive business communications. • Email and telephone communications - to protect privacy. • Personal files on home computers. • Cable/Satellite television signals - to prevent reception by

people who have not paid. • Tests and student grade files kept by teachers• Military• Firewalls (VPN)• Multimedia

RSA Is the most trusted name in e-security to

help organizations build a secure, trusted foundation for e-business through their RSA Web Security Portfolio.– SecurID - two-factor authentication – BSAFE – encryption– Keon - public key infrastructure solution

All are based on the RSA algorithm. RSA security is the market leader.

RSA SecurID

Two-factor user authentication service for enterprise networks, operating systems, e-commerce Web sites and other IT infrastructures.

Function like an ATM card for a network, requiring users to identify themselves using a PIN number (public key) of some kind.

RSA BSAFE

BSAFE products provide a family of platform-independent encryption development tools, which enable corporate and commercial software developers to reliably incorporate security into a wide variety of applications.

Embedded in over 450 copies of Internet applications, including, Web browsers, commerce servers, email systems and virtual private network products.

RSA Keon

Interoperable product that are standard-based to work with PKI-enabled applications for managing digital certificates

Provides an environment for authenticated, private and legally binding electronic communications and transactions.

RSA Algorithm Consist of a public key, private key and a very complicated

factorial computation1. p and q, two large prime numbers and compute their

product(modulus)

n = (p)(q).

2. Choose e (public key), less than n and relatively prime to (p-1)(q-1).

3. Compute d (private key) such that (ed-1) is divisible by (p-1)(q-1).

Example: http://world.std.com/!franl/crypto/rsa-example.html

Breaking the RSA system

– Attackers discover the private key corresponding to the given public key

– Attackers aim not on the cryptosystem, but on the insecure implementation of the system or bad key management.

Market Leader

Web Security Portfolio allow organizations to work with a single vendor to provide quality security services.

Most widely used public-key cryptosystem Interoperability Strategic relationships and partnership

programs Global e-security provider

PGP – Pretty Good Privacy

PGP is a computer program that encrypts and decrypts data that enables email and files protections.

PGP uses RSA public key encryption system.

Philip Zimmermann is the creator.

PGP – How does it work?

PGP generates two keys; public and private.

PGP – How safe it is?

Nobody has publicly demonstrated the skill to outsmart PGP.

PGP uses the strongest encryption available outside the government.

Weak point = encryption schemes are totally open for peer review, algorithms are open to whoever interested, and vulnerability with the algorithm.

PGP – Why uses it?

Security – like envelopes with paper mail. Flexibility - plugin to the email software Free Worldwide Strength and Compatibility

- Full Strenght over US and Canada

- Security packages are not yet available outside US and Canada