ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based

Information SystemsInformation Systems

Chapter 50Chapter 50

Cryptography, Privacy, and Digital CertificatesCryptography, Privacy, and Digital Certificates

IntroductionIntroduction

Remember: the Internet is VERY insecureRemember: the Internet is VERY insecure Snoopers can access almost anything you Snoopers can access almost anything you

send/receivesend/receive Most of the time – not a problemMost of the time – not a problem

Big deal if someone knows you went to Big deal if someone knows you went to www.uncc.edu

However, VERY big deal if someone However, VERY big deal if someone knows your credit card numberknows your credit card number

IntroductionIntroduction

How can businesses operate properly?How can businesses operate properly? Exchange dataExchange data Exchange financial informationExchange financial information

How do you know that the “person” on the How do you know that the “person” on the other end of a communication is really who other end of a communication is really who they say they are?they say they are? Verifying identities is crucial to many activitiesVerifying identities is crucial to many activities

Without solutions to these problems the Without solutions to these problems the Internet becomes much less usefulInternet becomes much less useful

CryptographyCryptography

Cryptography – secret writingCryptography – secret writing Altering information so anyone intercepting Altering information so anyone intercepting

it cannot understand itit cannot understand it Three-step processThree-step process

Encrypt (change plain text to Encrypt (change plain text to ciphertextciphertext)) TransmitTransmit

Anyone intercepting sees only nonsenseAnyone intercepting sees only nonsense Decrypt (change ciphertext back into plain Decrypt (change ciphertext back into plain

text)text)

CryptographyCryptography

Key element: only Key element: only recipientrecipient can change can change ciphertext back into plain textciphertext back into plain text

Accomplished via mathematical manipulationAccomplished via mathematical manipulation Treats message as a numerical sequenceTreats message as a numerical sequence Alters message usingAlters message using

AlgorithmAlgorithm KeyKey

Result is a different numerical sequenceResult is a different numerical sequence What gets transmittedWhat gets transmitted

CryptographyCryptography

Algorithms produce different results if Algorithms produce different results if different keys are useddifferent keys are used

Guessing the key means the ciphertext Guessing the key means the ciphertext can be decryptedcan be decrypted Thus, key length is importantThus, key length is important

Example: if every UNCC password was 1 Example: if every UNCC password was 1 alphabetic character long could you alphabetic character long could you eventually guess it?eventually guess it?

CryptographyCryptography

Why is key length important?Why is key length important? Example:Example:

26 Uppercase26 Uppercase

+ 26 Lowercase+ 26 Lowercase + 42+ 42 special characters & numbers special characters & numbers 94 characters in “key space”94 characters in “key space”

8 character password means 948 character password means 9488 combinations combinations6,095,689,385,410,820 possible passwords6,095,689,385,410,820 possible passwordsAt 1 per second would take 193,293,042 years to test allAt 1 per second would take 193,293,042 years to test all

CryptographyCryptography

Common encryption systemsCommon encryption systems SymmetricSymmetric

Sender and receiver use same keySender and receiver use same key

Asymmetric (public key – private key)Asymmetric (public key – private key) Sender and receiver Sender and receiver

Each have two keys: public and privateEach have two keys: public and private Use different keys for specific situationsUse different keys for specific situations

Sender’s key is public – made available to anyoneSender’s key is public – made available to anyone Receiver’s key is privateReceiver’s key is private Sender’s key can only encrypt – it cannot decryptSender’s key can only encrypt – it cannot decrypt

CryptographyCryptography

Messages encrypted with your public keyMessages encrypted with your public key Cannot be decrypted except with your Cannot be decrypted except with your

private keyprivate key Because only you know your private key, Because only you know your private key,

only you can decrypt messages intended only you can decrypt messages intended for youfor you

The public key is a one-way keyThe public key is a one-way key Encryption onlyEncryption only

CryptographyCryptography

Process requires hash functions to workProcess requires hash functions to work Hash functions convert a message into a shorter Hash functions convert a message into a shorter

message that has unique propertiesmessage that has unique properties No collisionsNo collisions No reverse engineeringNo reverse engineering

MD5MD5 Most common algorithmMost common algorithm Ron Rivest MITRon Rivest MIT Mathematical formula translates a file into a 128-bit Mathematical formula translates a file into a 128-bit

hexadecimal “message digest”hexadecimal “message digest”

CryptographyCryptography

Example:Example:

The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog

9e107d9d372bb6826bd81d3542a419d69e107d9d372bb6826bd81d3542a419d6

The quick brown fox jumps over the lazy The quick brown fox jumps over the lazy eeog og

ffd93f16876049265fbaef4da268dd0effd93f16876049265fbaef4da268dd0e

CryptographyCryptography

Secure Hash Algorithm (SHA)Secure Hash Algorithm (SHA) Developed by NISTDeveloped by NIST When a message of any length < 2When a message of any length < 26464 bits is bits is

input, produces a 160-bit message digestinput, produces a 160-bit message digest

CryptographyCryptography

Example:Example:The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog

2fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb122fd4e1c6 7a2d28fc ed849ee1 bb76e739 1b93eb12

The quick brown fox jumps over the lazy The quick brown fox jumps over the lazy ccog og

de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3de9f2c7f d25e1b3a fad3e85a 0bd17d9b 100db4b3

How Cryptosystems WorkHow Cryptosystems WorkMessage converted via hash algorithm to a “message digest”

Message

Hash function

Message digest

Private key encrypts the “message digest”

Private key

Message digest

Digital signature

Original message

Random key

Encrypted message

Digital signature

Random key

Encrypted digital signature

Random key encrypts the message digest and original message

Random key

Mia’s public key

Digital envelope

Random key encrypted with Mia’s public key

Encrypted digital envelope(random key)

Mia’s private key

Gabriel’s random key

Mia decrypts digital envelope with her private key

Gabriel’s random key Encrypted message

Original (decrypted) message

Mia decrypts message using the random keyGabriel’s public key

Encrypted digital signature(message digest)

Decrypted message digest

Mia decrypts the digital signature

Gabriel’s decrypted message

Hash function

Message digest

Mia generates her own message digest

CryptographyCryptography

Gabriel wants to send a secret message Gabriel wants to send a secret message to Miato Mia

Two problems:Two problems: How does Gabriel ensure that no one but Mia How does Gabriel ensure that no one but Mia

can read his message?can read his message? How does Mia know the message came from How does Mia know the message came from

Gabriel?Gabriel?

CryptographyCryptography

Hash function converts Gabriel’s message Hash function converts Gabriel’s message to a “message digest”to a “message digest” A unique digital fingerprint of the original A unique digital fingerprint of the original

messagemessage

Message digest encrypted using Gabriel’s Message digest encrypted using Gabriel’s private keyprivate key Produces a unique digital signature that only Produces a unique digital signature that only

Gabriel could have createdGabriel could have created

CryptographyCryptography

Gabriel generates a new random keyGabriel generates a new random key Using this key he encrypts both his Using this key he encrypts both his

original message and his digital signatureoriginal message and his digital signature The random key is the only key in the world The random key is the only key in the world

that can decrypt the messagethat can decrypt the message And only Gabriel has a copy of this keyAnd only Gabriel has a copy of this key

CryptographyCryptography

Gabriel encrypts the random key using Gabriel encrypts the random key using Mia’s public keyMia’s public key This is called a digital envelopeThis is called a digital envelope Only Mia can decrypt this value using her Only Mia can decrypt this value using her

private keyprivate key Gabriel sends message to MiaGabriel sends message to Mia

Encrypted messageEncrypted message Encrypted digital signatureEncrypted digital signature Encrypted digital envelopeEncrypted digital envelope

CryptographyCryptography

Mia receives message and testsMia receives message and tests It’s contentIt’s content It’s authenticityIt’s authenticity

Mia decrypts the digital envelope using her Mia decrypts the digital envelope using her private keyprivate key This gives her the random key Gabriel used to This gives her the random key Gabriel used to

encrypt the message and his digital signatureencrypt the message and his digital signature

CryptographyCryptography

Using the now decrypted random key, Mia Using the now decrypted random key, Mia decrypts the messagedecrypts the message

However:However: Was it altered enroute?Was it altered enroute? Is this message really from Gabriel?Is this message really from Gabriel?

Using the random key and Gabriel’s public Using the random key and Gabriel’s public key, Mia decrypts the digital signaturekey, Mia decrypts the digital signature The message digest is now revealedThe message digest is now revealed

CryptographyCryptography

The message digest enables Mia to tell if The message digest enables Mia to tell if the information she received matches the the information she received matches the information Gabriel sentinformation Gabriel sent

Mia runs the decrypted message thru the Mia runs the decrypted message thru the same hash function that Gabriel usedsame hash function that Gabriel used This produces a new message digestThis produces a new message digest

CryptographyCryptography

Mia comparesMia compares The message digest she generated withThe message digest she generated with The message digest she decrypted from The message digest she decrypted from

Gabriel’s digital signatureGabriel’s digital signature

If the two match Mia knows:If the two match Mia knows: The message she received was from GabrielThe message she received was from Gabriel It was not altered in transit to herIt was not altered in transit to her

Digital CertificatesDigital Certificates

Method of using encryption to verify the Method of using encryption to verify the identify of an individualidentify of an individual

Each user gets a unique certificateEach user gets a unique certificate Issued by a certificate authorityIssued by a certificate authority Charge users for the certificateCharge users for the certificate

Attached to email or presented to a Web Attached to email or presented to a Web sitesite Verifies their identityVerifies their identity

Digital CertificatesDigital Certificates

How do you get a digital certificate?How do you get a digital certificate? Visit a site that offers them: Visit a site that offers them: VeriSign Provide personally identifying informationProvide personally identifying information

NameName AddressAddress

Certificate downloaded to your PCCertificate downloaded to your PC Includes your own private keyIncludes your own private key

Digital CertificatesDigital Certificates

Certificate containsCertificate contains Your nameYour name Name of the certificate authority (CA)Name of the certificate authority (CA) Digital signature of the CADigital signature of the CA Serial number of your certificateSerial number of your certificate Expiration date of your certificateExpiration date of your certificate Your public keyYour public key

Encrypted in a way that makes it unique to Encrypted in a way that makes it unique to youyou

Digital CertificatesDigital Certificates

How do you use it?How do you use it? Attach certificate to your emailAttach certificate to your email

Causes your message to be signed with your Causes your message to be signed with your private keyprivate key

Recipient getsRecipient gets Email messageEmail message Information from your certificateInformation from your certificate Used to verify that the message actually came Used to verify that the message actually came

from youfrom you

Secure Socket LayerSecure Socket Layer

Secure Socket LayerSecure Socket Layer

Used to encrypt communications between Used to encrypt communications between two computerstwo computers

Padlock lets you know you’re secure:Padlock lets you know you’re secure:

Secure Socket LayerSecure Socket Layer

Computers use combination of public-key, Computers use combination of public-key, private-key encryptionprivate-key encryption

Works like this:Works like this: Computer A generates a symmetric key and Computer A generates a symmetric key and

sends it to computer B using B’s public keysends it to computer B using B’s public key Computer B decrypts it using its private keyComputer B decrypts it using its private key Now both computers have the same keyNow both computers have the same key Communicate securelyCommunicate securely Discard key at end of sessionDiscard key at end of session