Overview

Agenda :    Introduction

                List of protocols used to protect the systems

                Implementation of cryptography

                Onetime keys & manytime keys

                Points to remember



Introduction :

By now, every CS student might have known that cryptography is a very common tool to protect data and used on every computers today . Right from web traffic to wireless traffic, user authentication to protecting files on discs, cryptography is used to secure information and also have communication securely.Cryptography is not something that, we should try to invent and design, but the standards which we should learn to implement it efficiently.

List of protocols used to protect the systems 

System                              Protocol used to protect

Web traffic                          HTTPS(SSL/TLS)

Wireless traffic                     WPA2 (part of 801.11i)

Implementation of Cryptography

There are many many applications where cryptography is implemented. Few applications are discussed below

Protecting files :

With the encryption mechanism used, the files are not compromised if it get stolen and as well it is content protected.

Q ) How ? 

A)  If files in the disc are decrypted, then the user will detect, then he abandons the file as soon as possible.
 

- DVDs uses a system called CSS ( content scrambling system ) 

- Blu-ray uses a system called AACS (Advanced content access system)

Note : CSS is easy to break !  

Secure communication

Considering Communication between a laptop and server, the protocol to be used to protect the system is HTTPS. But infact actual protocol used is SSL. Sometimes it is called TLS.

Goal of the protocol : Attacker should not 

                                      1) eavesdrop

                                      2) Modify the data

Q) What is TLS ?

A) TLS stands for Transport Layer Security.which encrypts the segments of network connections at the Application Layer for the Transport Layer.

Q) More Detail on TLS ?

A) TLS actually consists of two parts. 

The first part is called the handshake protocol  where laptop and server are in talk with one another and at the end of the handshake basically a shared secret key appears ,between the two of them. So both  know this secret key, but an attacker looking at the conversation has no idea what the key K is.

The second part is using the key for secure communication by properly encrypting data between them. This is possible using encryption and decryption algorithms.

Note : Encryption  and decryption algorithms are publicly known, and only thing that is kept secret is the key.

Onetime keys & Manytime keys

Onetime key :

when every key is used to encrypt a single message, we called this one time keys. 

for example, when you encrypt email messages, it's very common that every single email is encrypted using a different symmetric key. 

In short : same key cannot be reapplied 

Many time keys :

Using same key in many many different files.

for example, when you encrypt files in a file system the same key is used to all files. Therefore, we need a little bit of more machinery to make sure that the encryption system is secure.

Points to remember :

1) Cryptography is really not the solution to all security problems. For example, if you have software bugs then very often it is not going to help

2)cryptography is very often actually not going to help you if the attacker tries to fool the user into taking actions  

3) cryptography essentially becomes useless if it's implemented incorrectly. (WEP is an example to discuss the inefficient implementation)

Therefore cryptography is not a solution to all security problems.