Understanding Cryptography: Confidentiality, Integrity, and Authentication

Classified in Technology

Written at on English with a size of 3.62 KB.

Understanding Cryptography: Key Concepts

Confidentiality: Prevents the disclosure of information.

Authentication: The act of establishing or confirming that something or someone is authentic.

Integrity: Prevents the modification or destruction of unauthorized information. Passive threat.

Symmetric vs. Asymmetric Keys

Symmetric Key: In symmetric key systems, the same key is used to encrypt and decrypt.

Asymmetric Key: In asymmetric key systems, encryption uses one key, and decryption uses a complementary key.

Cryptography Explained

Cryptography is the art of writing messages with a secret key or in an enigmatic way. It's a branch of mathematics, informatics, and telematics that uses mathematical methods and techniques to encrypt messages or files through algorithms and keys.

This ensures the fundamental aspects of computer security: confidentiality, integrity, availability, and non-repudiation of sender or receiver.

Symmetric Encryption (Secret Key)

Uses the same key for encryption and decryption. Typical algorithms: DES, IDEA, AES, RC4, RC5, Blowfish.

Advantages:

  • Fast encryption of large data volumes.
  • Optimized.

Disadvantages:

  • Secure key exchange is challenging.
  • Key management: one key per recipient.

Asymmetric Encryption (Public Key)

Uses two different, complementary keys. Based on one-way functions: easy to do, hard to undo. The public key is known to everyone, and the private key is known only by the owner. Typical algorithms: RSA (Rivest Shamir Adleman) 1977, Diffie-Hellman 1976.

Advantages and Disadvantages:

  • Key management.
  • Slower.
  • Larger encrypted messages.

Hybrid Encryption

Hybrid encryption for any transaction, divided in 2 threads:

  • Encrypts the message using symmetric encryption (key k).
  • Encrypts key k using asymmetric encryption.

Features:

  • Optimized key exchange and management.
  • Appropriate speed and message size.
  • Greater cryptanalytic strength against attacks.

Digital Signatures

Steps to Sign: Generate hash, encrypt hash with sender's private key, and send encrypted hash with the original message.

Pharming Attacks

Pharming involves manipulating DNS matches the user resolves. Data thieves redirect page views to collect confidential information (especially related to online banking). Pharming attacks can be performed directly against DNS servers, affecting all users who use it.

SET (Secure Electronic Transactions)

Objectives of the System:

  • Asymmetric encryption for authentication of all parties involved.
  • Confidentiality and integrity through encryption techniques and digital signatures.
  • Global payment management.

Transaction Set:

A transaction set consists of the following:

The customer visits and browses the web vendor. Customer decides to buy the software and boot purse: Streaming

Encrypted payment order: Sending the request for payment to the merchant bank validation customer and the merchant by the acquiring bank: Authorization of payment by the issuing bank or bank customer:

Sending the merchant of a witness to the transfer of funds: envio of a receipt to the client portfolio Passing the baton funds transfer to collect the amount of the transaction fee on the customer's account:

Karma: -31%
Visits: 0

Entradas relacionadas:

Tags:
asymmetric key digital signatures SET pharming authentication cryptography security encryption secure electronic transactions data protection integrity symmetric key confidentiality