Friday, August 31, 2012
Dia do voto
Explain the purpose, nature, function and operations of Symmetric Encryption Principles. What are the essential ingredients of a symmetric cipher? Differentiate between encryption and decryption.
Symmetric encryption
is a class of algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple
transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be
used to maintain a private information link.
Encryption
methods can be extremely efficient, requiring minimal processing, and Both sender and receiver must possess encryption
key. If either copy of key is compromised, an
intermediate can decrypt and read messages
A symmetric encryption
has two components a block cipher and stream cipher. (i) A block cipher operates on groups of bits –
typically groups of 64. If the final block of the plaintext message is shorter
than 64 bits, it is padded with some regular pattern of 1s and 0s to make a
complete block. Block ciphers encrypt each block independently, so the
plaintext does not have to be processed in a sequential manner. (ii) A stream cipher generally
operates on one bit of plaintext at a time, although some stream ciphers
operate on bytes. A component called a keystream generator generates a sequence
of bits, usually known as a keystream. In the simplest form of stream
cipher, a modulo-2 adder (exclusive-OR or XOR gate) combines each bit in the
plaintext with each bit in the keystream to produce the ciphertext. At the
receiving end, another modulo-2 adder combines the ciphertext with the
keystream to recover the plaintext.
A symmetric encryption has 5 ingredients, which are the following:
1.
Plaintext: this is
the original message or data that is fed into the algorithm as input.
2.
Encryption
algorithm: this algorithm performs various substitutions and
transformations on the plaintext.
3.
Secret
Key: is also input to algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key.
4.
Ciphertext: this is
the scrambled message produced as output. It depends on the plaintext and
secret key.
5.
Decryption
algorithm: this is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the same secret key and produces the
original plaintext.
Provide several examples of IPSec. What services are provided by IPSec? What is the difference between Transport Mode and Tunnel Mode?
IPSec (Internet Protocol Security) is a capability that
can be added to either current version of the internet protocol by means of
additional headers. IPsec encompasses three functional areas authentication, confidentiality,
and key management.
IPSec provides the capability to secure communications across
a LAN, Private and public WANs, and across the internet. Examples of IPSec
include the following:
Secure branch office connectivity over the internet: a
company can build a secure virtual private network over the internet or over a
public WAN. This enables a business to rely heavily on the internet and reduce
its need for private networks, saving costs and network management overhead.
Another example of internet protocol security is secure
remote access over the internet. On this case, an end user whose system is
equipped with IP security protocols can make a local call to an internet
service provider and gain secure access to a company network. This reduces the
cost of toll charges for travelling employees and telecommuters.
Last but not least, enhancing electronic commerce
security, even though some web and electronic commerce applications have
built-in security protocols, the use of IPSec enhances that security.
The IPSec provides security services at the IP layer
enabling a system to select required security protocols, determine the
algorithms to use for services, and put in place any cryptographic keys
required to provide the request services. The services provided by the IPSec
are the following:
·
Access control
·
Connectionless integrity
·
Data origin authentication
·
Rejection of replayed packets
(a form of partial sequence integrity)
·
Confidentiality (encryption)
·
Limited traffic flow
confidentiality
The IPsec standards
define two distinct modes of IPsec operation, transport mode and tunnel
mode. The modes do not affect the encoding of packets. The packets are
protected by AH, ESP, or both in each mode. The modes differ in policy
application when the inner packet is an IP packet, as follows:
·
In
transport mode, the outer header determines the IPsec policy that protects the
inner IP packet.
·
In
tunnel mode, the inner IP packet determines the IPsec policy that protects its
contents.
In transport mode, the outer header, the next header, and any ports that
the next header supports, can be used to determine IPsec policy. In effect,
IPsec can enforce different transport mode policies between two IP addresses to
the granularity of a single port. For example, if the next header is TCP, which
supports ports, then IPsec policy can be set for a TCP port of the outer IP
address. Similarly, if the next header is an IP header, the outer header and
the inner IP header can be used to determine IPsec policy.
Tunnel mode works only for IP-in-IP datagrams. Tunneling in tunnel mode
can be useful when computer workers at home are connecting to a central
computer location. In tunnel mode, IPsec policy is enforced on the contents of
the inner IP datagram. Different IPsec policies can be enforced for different
inner IP addresses. That is, the inner IP header, its next header, and the
ports that the next header supports, can enforce a policy. Unlike transport
mode, in tunnel mode the outer IP header does not dictate the policy of its
inner IP datagram.
Thursday, August 23, 2012
Happy Birthday loved daughter
Feliz aniversario filha! Obrigado, por trazares tanta felicidades em nossas vidas.
Subscribe to:
Posts (Atom)