...Public-key Encryption Saint Leo University Network Theory & Design COM-309 Dr. Eduardo Bautista August 01, 2014 Public-key Encryption Intent The intent of this paper is to present the reader with an explanation of Public-key encryption without delving too deeply into the math behind encryption schemes to better facilitate understanding for the layperson. Introduction Cryptography is a fascinating world that predates computers. Beginning in ancient times through the revolutionary period and into modern times, there have been many schemes to protect sensitive data. Notable technics are George Washington's book-key ciphers, Thomas Jefferson’s ‘cylinder,’ (Menezes, Van Oorschot, & Vanstone, 1997, p. 243) and the Nazi Enigma Machine of World War II. (Piper & Murphy, 2002) There has always been a need to have secure communications and the ability to safeguard data that has been intercepted. Modern Cryptology is an art form that uses the science of mathematics in order to provide secrecy, authenticity, and security in the transport of data. “Cryptology also enables us to create trust relationships over open networks; more in general, cryptographic protocols allow mutually distrusting parties to achieving a common goal while protecting their own interests.” (Furnell, Katsikas, Lopez, & Patel, 2008, p. 105) The methods by which these transactions can occur are many; however, they can be broken down into two categories; symmetric key encryption and...
Words: 3473 - Pages: 14
...------------------------------------------------- ------------------------------------------------- COLLOQUIUM REPORT ------------------------------------------------- ------------------------------------------------- ON ------------------------------------------------- ------------------------------------------------- Data Mining ------------------------------------------------- ------------------------------------------------- Submitted as partial fulfillment for the award of ------------------------------------------------- ------------------------------------------------- MASTER OF COMPUTER APPLICATIONS ------------------------------------------------- ------------------------------------------------- DEGREE ------------------------------------------------- ------------------------------------------------- Session 2012-13 ------------------------------------------------- By + ------------------------------------------------- Jeetendra Kumar Maurya ------------------------------------------------- 1045914041 ------------------------------------------------- ------------------------------------------------- Under the guidance of ------------------------------------------------- MR. Vinod Kumar (Sr. Asst. Professor) ------------------------------------------------- ------------------------------------------------- ACADEMY...
Words: 6401 - Pages: 26
...secure and authenticated way with an expense less than that required by signature then encryption?”. This was for the first time, since public-key cryptography has been invented, that the question is addressed in literature. He discovered a new cryptographic primitive, called signcryption, which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly smaller than that required by signature then encryption. The proposed cryptographic primitive is more efficient for both types of costs involved: computational cost and communication overhead. The computational cost represents how much computational effort has to be invested by the sender and by the receiver of the message. It is determined by counting the number of dominant operations involved. The communication overhead represents the extra bits which are appended to a message in case of a digital signature or encryption based on public key cryptography. Encryption and digital signature are two fundamental cryptographic tools that can guarantee the confidentiality, integrity, and non-repudiation. Until signcryption, they have been viewed as important but distinct building blocks of various cryptographic systems. In public key schemes, a traditional method is to digitally sign a message then followed by an encryption, named signature-then-encryption. In many applications, both confidentiality and authenticity are needed together. Such applications...
Words: 833 - Pages: 4
...Authentication How companies use cryptography How penetration testers can also use cryptography Tools, Techniques and Attacks Academics discusses history of encryption. Academics simply encrypt or hash, why aren't people using hashing more? Professional is just, encrypt or not, hash or just verify Section 1-2 Topic: Key Concepts of Cryptography: PKIS & Encryption Learning Objectives: Cryptography is one of the most underrated courses of study in the industry. Of those who do study it, issues with comprehension tend to hinder individual mastery. By taking this course, learners will finally be able to grasp all the critical concepts, theories and practices associated with Cryptography. This Cryptography presentation discusses and demonstrates the key concepts of Cryptography from attacks, PKIs and Encryption in detail. You’ll learn about the difference between public and private keys and about the similarities and differences between symmetry & asymmetry. We’ll also discuss the concept of integrity and confidentiality and their relationships to/with protocols. This Cryptography course will help you master the basics of Cryptography as you begin to develop the discipline needed to become an accomplished pen tester. Keys and Principles 1. Keys 1a. Symmetric - also referred to as same keys, private key, symmetric key - same (confidentially) Different Version/Ways/Procedures to get PlainText to CipherText Symmetric Cipher Examples: AES, DES, 3DES, IDEA, CAST, twofish...
Words: 3749 - Pages: 15
...2. Cryptography: Overview An overview of the main goals behind using cryptography will be discussed in this section along with the common terms used in this field. Cryptography is usually referred to as "the study of secret", while nowadays is most attached to the definition of encryption. Encryption is the process of converting plain text "unhidden" to a cryptic text "hidden" to secure it against data thieves. This process has another part where cryptic text needs to be decrypted on the other end to be understood. Fig.1 shows the simple flow of commonly used encryption algorithms. Fig.1 Encryption-Decryption Flow As defined in RFC 2828 [RFC2828], cryptographic system is "a set of cryptographic algorithms together with the key management processes that support use of the algorithms in some application context." This definition defines the whole mechanism that provides the necessary level of security comprised of network protocols and data encryption algorithms. 2.1 Cryptography Goals This section explains the five main goals behind using Cryptography. Every security system must provide a bundle of security functions that can assure the secrecy of the system. These functions are usually referred to as the goals of the security system. These goals can be listed under the following five main categories[Earle2005]: Authentication: This means that before sending and receiving data using the system, the receiver and sender identity should be verified...
Words: 6825 - Pages: 28
...Seminar Presentation On Application of encrypting techniques In Database Security By Uweh SKelvin ABSTRACT Security in today’s world is one of the important challenges that people are facing all over the world in every aspect of their lives. Similarly security in electronic world has a great significance. In this seminar work, we discuss the applications of encryption techniques in database security. This is an area of substantial interest in database because we know that, the use of database is becoming very important in today’s enterprise and databases contains information that is major enterprise asset. This research work discuses the application of various encryption techniques in database security, and how encryption is used at different levels to provide the security. 1. INTRODUCTION Information or data is a valuable asset in any organization. Almost all organization, whether social, governmental, educational etc., have now automated their information systems and other operational functions. They have maintained the databases that contain the crucial information. So database security is a serious concern. To go further, we shall first discuss what actually the database security is? Protecting the confidential/sensitive data stored in a repository is actually the database security. It deals with making database secure from any form of illegal access or threat at any level. Database security demands permitting or prohibiting user actions...
Words: 4175 - Pages: 17
...Table of Contents Project Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23 Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers...
Words: 5336 - Pages: 22
...considered for the encryption of all sensitive data being transmitted over the Internet. There is symmetric encryption and asymmetric encryption. It is the intention of this paper to describe both methods and give an opinion on which method to use to secure the sensitive date. When a symmetric encrypted key is used, both parties share the same key to both encrypt and decrypt data. Since symmetric encryption's use-case is to share information between users, each has to posses a shared key. Although a symmetric key requires less computer resources, is simplistic and easy to understand, the utmost security measures should be set in place to ensure the safety and secrecy of the shared key by all collaborators. Should the key become compromised in some way, all sensitive data will be compromised. Also, exchanging the secret key over the Internet or over a large network is extremely risky because it can become intercepted by an attacker who could then use that key to decrypt the shared data. There is an alternative to this type of encryption, however, that could be more secure, though it poses its own disadvantages: asymmetric encryption. An asymmetric encrypted method relies on a public and private key. The public key is available to anyone who might wish to share encrypted data. The public key is used to encrypt the data being sent, while the private key (kept secret) is used to decrypt said data. The public key is not at as much risk because only the private key can unlock it...
Words: 451 - Pages: 2
...Symmetric key encryption is also known as shared-key, single-key, secret-key, and private-key or one-key encryption. In this type of message encryption, both sender and receiver share the same key which is used to both encrypt and decrypt messages. Sender and receiver only have to specify the shared key in the beginning and then they can begin to encrypt and decrypt messages between them using that key. Examples include AES (Advanced Encryption Standard) and TripleDES (Data Encryption Standard). Advantages - Simple: This type of encryption is easy to carry out. All users have to do is specify and share the secret key and then begin to encrypt and decrypt messages. - Encrypt and decrypt your own files: If you use encryption for messages or files which you alone intend to access, there is no need to create different keys. Single-key encryption is best for this. - Fast: Symmetric key encryption is much faster than asymmetric key encryption. - Uses less computer resources: Single-key encryption does not require a lot of computer resources when compared to public key encryption. Disadvantages - Need for secure channel for secret key exchange: Sharing the secret key in the beginning is a problem in symmetric key encryption. It has to be exchanged in a way that ensures it remains secret. - Too many keys: A new shared key has to be generated for communication with every different party. This creates a problem with managing and ensuring the security of all these keys. - Origin...
Words: 729 - Pages: 3
...information is safeguarded against those who seek to do personal harm and profit from gaining access to the data. The key behind keeping information safe is the method in which it’s protected and encrypted. In order to appreciate how information is secured, users must understand the encryption concepts behind it. To do this, one must comprehend the current encryption standards, the trends and developments in encryption technology, the importance of securing data, the government’s regulations pertaining to encryption, the companies involved in research and implementation, the implications of leaked or stolen data, and a brief look into the recent Heartbleed vulnerability. Encryption is at the heart of security in today’s networked world. When using the Internet, users are not always clicking around and taking in information passively, such as reading through their Facebook feed, a blog, or a news article. Often times, they are transmitting their own information while shopping online or registering for a website such as Twitter (Tyson 2014). Users take for granted the “behind the scenes” process of safeguarding the information they share while performing these day to day tasks. Simply put, encryption refers to any process used to make data more secure and less likely to be viewed or read by unauthorized or unintended parties (Tom’s Guide 2014). Encryption relies on the science of cryptography, which humans have used for thousands of years. Before the dawn of the information...
Words: 767 - Pages: 4
...developers and a small number of administrative personnel. The client has decided that it would be in their best interest to use a public key infrastructure (PKI) to provide a framework that facilitates confidentiality, integrity, authentication, and nonrepudiation. Fundamentals of PKI. Public Key Infrastructure is a security architecture created to provide a high level of confidence for exchanging information over the internet that has become more and more insecure lately. The term can be very confusing, because it is used to mean several different things; for instance PKI may mean the technologies, techniques, and methods that used together provide a secure infrastructure. Additionally PKI may mean the use of a public key and private key pair for authentication mainly as well as “proof of content”. This uses a mathematical technique known as public key cryptography which uses a pair of related cryptographic keys to verify the identity of the sender (signing), and ensuring privacy (encryption). PKI have been developed to support secure information exchange over insecure networks like the Internet, in which features like these cannot be readily provided, and can, however, be used easily for information exchanged over private networks, (including corporate internal networks). PKI can also be used to deliver cryptographic keys between servers and users in a secure manner, and also...
Words: 1197 - Pages: 5
...This project for the Masters of Engineering in Software Engineer degree by Hakan Evecek has been approved for the Department of Computer Science By _______________________________________________________ Dr. C. Edward Chow, Chair _______________________________________________________ Dr. Richard Weiner _______________________________________________________ Dr. Xiaobo Zhou Date Table of Contents Online E-Voting System Project Documentation 4 Abstract 6 1. Introduction 7 2. E-Voting System Related Literature 9 2.1. Public Key Cryptography 9 2.2. Homomorphic Encryption 10 2.3. Zero Knowledge Proofs 10 2.4. Threshold Cryptography 10 2.5. Cryptographic Voting Protocol 11 2.6. Issues in secure e-voting system 12 2.7. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) 13 2.8. Chinese Remainder Theorem (CRT) 14 3. Online E-Voting System Project Description 17 3.1. Paillier Threshold Crytosystem Web Services Architecture and Design 17 4. Online E-Voting Prototype System 22 4.1. E-Voting System Overview 22 4.1.1 User Login 23 4.1.2. Election Set-Up 24 4.1.3. Creating Ballots 25 4.1.4. Vote Format 26 4.2. Voting 27 4.2.1. Creating the Vote 27 4.3. Tally the Vote 28 5. PTC Web Services Efficiency Improvement 29 5.1 Pre-Computation...
Words: 7163 - Pages: 29
...Private key: A private key is a tiny bit of code that is paired with a public key to set off algorithms for text encryption and decryption. It is created as part of public key cryptography during asymmetric-key encryption and used to decrypt and transform a message to a readable format. Public and private keys are paired for secure communication, such as email. Explanation for private key A private key is shared only with the key's initiator, ensuring security. For example, A and B represent a message sender and message recipient, respectively. Each has its own pair of public and private keys. A, the message initiator or sender, sends a message to B. A's message is encrypted with B’s public key, while B uses its private key to decrypt A’s received message. A digital signature, or digital certificate, is used to ensure that A is the original message sender. To verify this, B uses the following steps: ⦁ B uses A's public key to decrypt the digital signature, as A must previously use its private key to encrypt the digital signature or certificate. ⦁ If readable, the digital signature is authenticated with a certification authority (CA). In short, sending encrypted messages requires that the sender use the recipient's public key and its own private key for encryption of the digital certificate. Thus, the recipient uses its own private key for message decryption, whereas the sender's public key is used for digital certificate decryption. Secret key: A secret key is the...
Words: 496 - Pages: 2
...communication environment, lot of research is going on, to improve the performance of issues like handoffs, routing etc. Security is another key issue that needs to be considered, which comes into picture once the communication channel is setup. Many security protocols are being proposed for different applications like Wireless Application Protocol, 802.11 etc. most of them are based on the public and private key cryptography. This paper provides an insight on these cryptographic protocols and also looks into the current research project going on at Sun Microsystems Lab on wireless security. 1.Introduction With the rapid growth in the wireless mobile communication technology, small devices like PDAs, laptops are able to communicate with the fixed wired network while in motion. Because of its flexibility and provision of providing ubiquitous infrastructure, the need to provide security increases to a great degree. As wireless communication takes place mainly through the radio signals rather than wires, it is easier to intercept or eavesdrop on the communication channels. Therefore, it is important to provide security from all these threats. There are different kinds of issues within security like confidentiality, integrity, availability, legitimacy, and accountability that needs to be individually taken care off. One of the key issues of these being, confidentiality and authentication, where the user must be protected from unauthorized eavesdropping. The goal of...
Words: 4692 - Pages: 19
...Network Security When it comes to networking and the security of networks, there are several different methods of protecting networks. Of these differing methods, some of them sound similar, but provide differing levels of security. In the following paragraphs, I will try to explain the differences between some of the methods used. • Explain the difference between historical and statistical logging. Logging is a simple way of keeping a record of activity on a network. There are several types of logs that can be kept, each providing different data that can be analyzed to provide information on potential ways of improving security over time. With historical logging, records are kept of all data passing through a particular network device. This might be the gateway separating a network from the outside world or an internal router on the network. In either case, the record kept can then be analyzed at a later date and hopefully provide insight on the security of the network. Statistical logging is a more efficient form of logging and includes some analysis already built into the report. This information might include which users were logged in during which time frames, what files were accessed, and how long they were logged in. By watching for different trends in this type of report, potentially harmful activity is more easily identifiable and mitigated. • Explain the difference between file security and firewalls. Firewalls provide a barrier between internal networks...
Words: 966 - Pages: 4