This presentation is created for Applied Data Communication lecture of Computer Systems Engineering master programme at Tallinn University of Technology
2. 2
What is Encryption?What is Encryption?
Encryption is the process of encoding
messages or information in such a way
that only authorized parties can read it.
13. 13
EncryptionEncryption
Generates a ciphertext from a plaintext using an
encryption key and an encryption algorithm (cipher)
It is a two way process:
an encrypted data is expected to be decrypted later.
17. 17
Symmetric Key EncryptionSymmetric Key Encryption
Faster compared to public key encryption
Key needs to be stored securely (only accessed when required)
Secure channel required to transfer the key
18. 18
Public Key EncryptionPublic Key Encryption
Requires two keys:
Public Key: used for encryption
Private Key: used for decryption
All communicating parties exchange their public keys
Sender encrypts the plaintext using receiver's public key
Receiver decrypts the ciphertext using their own private key
19. 19
Public Key EncryptionPublic Key Encryption
Slower compared to Symmetric Key Encryption
Public key & ciphertext can be sent over an
insecure channel
More secure because there is no need to share
private keys with anyone
20. 20
Public Key EncryptionPublic Key Encryption
Public Key
(share with pink)
Private Key
(keep it secret)
Public Key
(share with blue)
Private Key
(keep it secret)
22. 22
Logic Behind the KeysLogic Behind the Keys
Trying to find a prize behind a series of number of doors
23. 23
Public & Symmetric Key MixPublic & Symmetric Key Mix
Performance ? Security ?
Public key encryption used to exchange keys
Symmetric key encryption used to encrypt data
25. 25
Encryption AlgorithmsEncryption Algorithms
An encryption algorithm is called "cipher"
There are two types of ciphers:
Block cipher
Stream cipher
Two concepts are very important for both of them:
Prime numbers
Entropy for random number generation
26. 26
Block CipherBlock Cipher
Operates on fixed-size blocks (N bits) and uses fixed-size keys (K bits)
1. Reads N-bits of data from the plaintext
2. Uses the key and applies the encryption algorithm
3. Produces ciphertext in size of N-bits
4. Repeats steps 1-4 until all plaintext is processed
27. 27
Block Cipher - AESBlock Cipher - AES
One of the most popular block ciphers is the AES algorithm.
Some other examples are: DES, Blowfish, RC5, ...
AES stands for Advanced Encryption Standard
Works on 128 bits (16 bytes) of blocks
Uses 128, 192 or 256 bits of keys
Operates on a 4x4 matrix of bytes
There are four stages in the algorithm:
1. KeyExpansions: Keys are derived from the provided key
2. InitialRound: AddRoundKey
3. Rounds: SubBytes, ShiftRows, MixColumns, AddRoundKey
4. FinalRound: SubBytes, ShiftRows, AddRoundKey
29. 29
Stream CipherStream Cipher
Operates on variable-size blocks (N bits) and uses random-size keys
1. Generates a random number N
2. Reads N-bits of data from the plaintext
3. Uses the key and applies the encryption algorithm
4. Produces ciphertext in size of N-bits
5. Repeats steps 1-5 until all plaintext is processed
A popular stream cipher algorithm is RC4.
However, it is replaced by RC5, a block cipher algorithm.
30. 30
Key Distribution MethodsKey Distribution Methods
The main concern of a key distribution method is how to securely
supply keys between all communicating parties
There are some important security questions we must consider:
Symmetric Key Encryption
Is the shared key stored securely? Is it compromised?
Is the communication channel secure?
Public Key Encryption
Am I encrypting for the intended receiver?
A key distribution method helps us with those concerns.
31. 31
Key Distribution MethodsKey Distribution Methods
There are various different key distribution methods for different
encryption types:
In symmetric key encryption, trusted key distribution
center (KDC) is acting as intermediary between parties
In public key encryption, public key servers are used for both
uploading and downloading public keys
One another method is using a public key infrastructure (PKI)
to share SSL certificates. A Certificate Authority (CA) provides
public keys and also validates SSL certificates
32. 32
Use-Case: GPGUse-Case: GPG
GPG (GNU Privacy Guard) is a very popular application
that uses public key encryption
Most commonly used for encryption / decryption of
files & email messages
Available for many platforms: Linux, Mac OS X,
Microsoft Windows, BSD, etc...
There are very large key servers to distribute public
keys (e.g., MIT PGP Public Key Server)