Advanced C# Course

10- System.Security.Cryptography@MhdAlyan

04/13/2023 11:49 PM 2

Outlines Discover System.Security.Cryptography(How To Ensure Secure

Layer for our Applications) Understand Security Objectives (Security Requirements) ,

Security Mechanism . Explaining Security Requirements such as :

Confidentiality Data Integrity Availability Authentications None Repudiation .

Symmetric Encryption(Such as : AES) . Asymmetric Encryption(Such as : RSA).

04/13/2023 11:49 PM 3

Course Outlines Hash Functions(Such as , MD5 ,SHA-n) Message Authentication ways. Digital Signature ,What is it ? , Why do we need? , How is it

used? Entity Authentication (Such as : by Random Numbers !) PKI

CA …

04/13/2023 11:49 PM 4

Introduction What is Security?What is Information Security?Why We Need to Information security ?security requirementsSecurity Mechanisms

04/13/2023 11:49 PM 5

What is Security?What is Security?

Protecting general assets can be realized through:

Prevention Detection Reaction

Example : Private property

Prevention: locks at doors, window bars, walls around the

property.

Detection: stolen items aren’t there any more, burglar alarms,

CCTV, …

Reaction: call the police,…

04/13/2023 11:49 PM 6

What is Information Security ?

Information securityProtecting information and information resources

such as: books, faxes, computer data, voice communications, etc.

Information security What needs to be protected ? , i.e., assets Why (Security requirements which include CIA), What we need to protect from (Threats, vulnerabilities, risks), and how (Security measures) to protect it for as long as it

exists Security measures are implemented according to security

policies

7

What is Information Systems Security?

InformationSystems

(assets)

SecurityMeasures

Attackers

Policies

04/13/2023 11:49 PM 8

security requirementsMost important security requirements are:

Confidentiality: keeping information secret from all but those who are authorized to see it.

Integrity: ensuring information has not been altered by unauthorized or unknown means.

Availability: keeping information accessible by authorized users when required

Henric Johnson 9

Security Goals

Integrity

Confidentiality

Avaliability

04/13/2023 11:49 PM 10

security requirementsOther requirements:

Entity authentication: corroboration of the identity of an entity (e.g., a person, a credit card)Identification, identity verification

Message authentication: corroborating the source of information; also known as data origin authentication.Message authentication implicitly provides data

integrity

Non-repudiation: preventing the denial of previous commitments or actions

04/13/2023 11:49 PM 11

Security MechanismsCryptography Using Hashing (One Way Function) Functions

For Data Integrity Using Random Numbers for Authentication Using Digital Signature For None –

Repudiation

04/13/2023 11:49 PM 12

CryptographyEncryption algorithms have the following

schema:

04/13/2023 11:49 PM 13

Cryptography algorithms Types of cryptographic algorithms:

Symmetric Cryptography Stream Cipher . Block Cipher (Such as , DES ,3DES,AES)

Asymmetric (Public Key) Cryptography(RSA,ElGamal)

Symmetric Cryptography

15

Symmetric Cryptography Encryption key Decryption key=

ciphertext

EncryptionAlgorithm

Decryptionalgorithm plaintextplaintext

AES

Block of plaintext

128

Block of ciphertext

128

Encryption key

128 ,192 ,or 256

04/13/2023 11:49 PM 16

Symmetric Cryptography Example Characteristics :

Using The Same Key , for Encryption and Decryption Relatively small size of the keyKey must be kept secretIn a multiuser environment, there are heaters in

the process of key management Relatively Fast.Prefer to use for encrypting the massive

information.

04/13/2023 11:49 PM 17

Asymmetric Cryptography

04/13/2023 11:49 PM 18

Asymmetric Cryptography Alice wants to send a secret message m to BobBob should have 2 keys: public KUb and private

KRb

Prior to message encryption, Alice gets by some

means an authentic copy of Bob’s public key (i.e., the encryption key)

04/13/2023 11:49 PM 19

Asymmetric Cryptography

Key Source

MessageSource

Encryptionm

Alice

MessageSource

Decryption

m

Bob

KUb

KRb

04/13/2023 11:49 PM 20

Asymmetric Cryptography

Example Characteristics :

Two keys are used.The size of the keys is too large(over 1024 bit)Does not need the public key to any confidentialRelatively Slow.Preferably be used in data encryption small size

(asymmetric keys algorithms, such as AES Key)

04/13/2023 11:49 PM 21

Public Keys Distribution By the hand

04/13/2023 11:49 PM 22

Attacking RSA

04/13/2023 11:49 PM 23

Attacking RSARSA claims that 1024-bit keys are

likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.

An RSA key length of 3072 bits should be used if security is required beyond 2030.

04/13/2023 11:49 PM 24

One-Way Functions (OWF)A one-way function is a function that is “easy” to

compute and “difficult” to reverse (Such as : MD5,SHA-n)

H(m) provides error-detection capability(Data Integrity)

Example.

04/13/2023 11:49 PM 25

Message Authentication Message authentication is a procedure to

verify that received messages come from the pretended source and have not been altered. Also called data origin authenticationIt provides integrity.

26

Message Authentication Message Authentication Can be done by:

Message encryption: Symmetric encryption: if the encryption/decryption key is not known

to any other party (except the sender and receiver)

Asymmetric encryption:

the sender should uses its private key to encrypt the message,

the sender’s public key is then used to decrypt the message.

This helps providing only authentication !

Hash code:

H(m||S), where S is secret key shared between the sender and receiver.

No encryption

04/13/2023 11:49 PM

04/13/2023 11:49 PM 27

Message Authentication Example .

04/13/2023 11:49 PM 28

Digital signatureThe purpose of a digital signature is thus for an entity

to bind its identity to a message.We use the term:

signer for an entity who creates a digital signature

verifier for an entity who receives a signed message and attempts to check whether the digital signature is “correct” or not.  

A digital signature on a message provides:Message authentication : message’s origin is known +

integrityNon-repudiation

04/13/2023 11:49 PM 29

Digital signature using hash algorithms

04/13/2023 11:49 PM 30

RSA Signature

Hash Function

message

(RSA)

signature

Hash

Signer’s private key

signature

message Signed message

04/13/2023 11:49 PM 31

Verification of a RSA Signature

Signer’s public key

Hash Function

? =

Decision

message

signature

)RSA(

32

Entity Authentication•Traditional method of using a password (PAP)

Password1

User Name +Password

Network

33

Entity Authentication• CHAP Method

NetworkClient1 P1

Client2 P2

Client3 P3

P1

Rand1

Hash(Rand1,P1)

04/13/2023 11:49 PM 34

04/13/2023 11:49 PM 35