Computer Science Information Security Management -- Cryptography Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric Encryption Public Encryption Digital Signature Key Distribution Fall, 2005 CPSC499 Information Security Management Computer Science.
Download ReportTranscript Computer Science Information Security Management -- Cryptography Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric Encryption Public Encryption Digital Signature Key Distribution Fall, 2005 CPSC499 Information Security Management Computer Science.
Computer Science Information Security Management -- Cryptography Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric Encryption Public Encryption Digital Signature Key Distribution Fall, 2005 CPSC499 Information Security Management Computer Science Basic Terminology • • • • • • • • Computer Science plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key • cryptology - the field of both cryptography and cryptanalysis Fall, 2005 CPSC499 Information Security Management The language of cryptography Alice’s K encryption A key plaintext encryption algorithm ciphertext Computer Science Bob’s K decryption B key decryption plaintext algorithm symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) Fall, 2005 CPSC499 Information Security Management Symmetric Encryption Computer Science • or conventional / secret-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of publickey in 1970’s Fall, 2005 CPSC499 Information Security Management Symmetric Cipher Model Fall, 2005 CPSC499 Information Security Management Computer Science Symmetric Key Cryptography KA-B KA-B plaintext message, m Computer Science encryption ciphertext algorithm K (m) A-B decryption plaintext algorithm m = K ( KA-B(m) ) A-B symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B • e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Fall, 2005 CPSC499 Information Security Management Requirements Computer Science • two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver Y = EK(X) X = DK(Y) • assume encryption algorithm is known • implies a secure channel to distribute key Fall, 2005 CPSC499 Information Security Management Cryptography • can characterize by: – type of encryption operations used • substitution / transposition / product – number of keys used • single-key or private / two-key or public – way in which plaintext is processed • block / stream Fall, 2005 CPSC499 Information Security Management Computer Science More Definitions Computer Science • unconditional security – no matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security – given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken Fall, 2005 CPSC499 Information Security Management Classical Substitution Ciphers Computer Science • where letters of plaintext are replaced by other letters or by numbers or symbols • or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns Fall, 2005 CPSC499 Information Security Management Caesar Cipher • • • • • Computer Science earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd letter later example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB Fall, 2005 CPSC499 Information Security Management Caesar Cipher Computer Science • can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • mathematically give each letter a number a b c 0 1 2 n o 13 14 d e f 3 4 5 p q 15 16 g h i 6 7 8 r s 17 18 j k l m 9 10 11 12 t u v w x y Z 19 20 21 22 23 24 25 • then have Caesar cipher as: C = E(p) = (p + k) mod (26) p = D(C) = (C – k) mod (26) Fall, 2005 CPSC499 Information Security Management Cryptanalysis of Caesar Cipher Computer Science • only have 26 possible ciphers – A maps to A,B,..Z • • • • • could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext “ERE L ORYH BRX DOLFH" Fall, 2005 CPSC499 Information Security Management Symmetric Encryption Example -- Substitution KA-B KA-B plaintext message, m encryption ciphertext algorithm K (m) decryption plaintext algorithm A-B • Plaintext • KA-B • Ciphertext • Encryption algorithm • Decryption algorithm Fall, 2005 Computer Science CPSC499 Information Security Management Monoalphabetic Ciphers Computer Science • “Cipher” line can be any permutation of the 26 alphabetic char • Statistical analysis – Letters “e” and “t” are the most frequent occurring letters – Two and three letter occurrences of letters appear quite often together, like “the”, “in” – Guess the appearance of the words Fall, 2005 CPSC499 Information Security Management Types of Cryptanalytic Attacks Computer Science • ciphertext only – only know algorithm / ciphertext, statistical, can identify plaintext • known plaintext – know/suspect plaintext & ciphertext to attack cipher • chosen plaintext – select plaintext and obtain ciphertext to attack cipher Fall, 2005 CPSC499 Information Security Management Brute Force Search Computer Science • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext Fall, 2005 CPSC499 Information Security Management Chosen-Plaintext Attack Computer Science PIN is encrypted and transmitted to bank cipher(key,PIN) Crook #1 changes his PIN to a number of his choice Fall, 2005 Crook #2 eavesdrops on the wire and learns ciphertext corresponding to chosen plaintext PIN … repeat for any PIN value CPSC499 Information Security Management Polyalphabetic encryption Computer Science • monoalphabetic ciphers + Caesar cipher. • Two Caesar ciphers (k=5, k=19) • Repeating pattern c1, c2, c2, c1, c2 Fall, 2005 CPSC499 Information Security Management Transposition Ciphers Computer Science • now consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text Fall, 2005 CPSC499 Information Security Management Rail Fence cipher Computer Science • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT Fall, 2005 CPSC499 Information Security Management Row Transposition Ciphers Computer Science • a more complex scheme • write letters of message out in rows over a specified number of columns • then reorder the columns according to some key before reading off the rows Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ Fall, 2005 CPSC499 Information Security Management Product Ciphers Computer Science • ciphers using substitutions or transpositions are not secure because of language characteristics • hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a new much harder cipher • this is bridge from classical to modern ciphers Fall, 2005 CPSC499 Information Security Management Simple Idea: One-Time Pad Computer Science ------------- = 10111101… 10001111… = 00110010… Key is a never-repeating bit sequence as long as plaintext Encrypt by bitwise XOR of plaintext and key: ciphertext = plaintext key 10111101… 00110010… Decrypt by bitwise XOR of ciphertext and key: ciphertext key = (plaintext key) key = plaintext (key key) = plaintext Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, and every key is equally likely (Claude Shannon’s result) Fall, 2005 CPSC499 Information Security Management Advantages of One-Time Pad Computer Science • Easy to compute – Encryption and decryption are the same operation – Bitwise XOR is very cheap to compute • As secure as possible – Given a ciphertext, all plaintexts are equally likely, regardless of attacker’s computational resources – …as long as the key sequence is truly random • True randomness is expensive to obtain in large quantities – …as long as each key is same length as plaintext • But how does the sender communicate the key to receiver? Fall, 2005 CPSC499 Information Security Management Problems with One-Time Pad Computer Science • Key must be as long as plaintext – Impractical in most realistic scenarios – Still used for diplomatic and intelligence traffic • Does not guarantee integrity – One-time pad only guarantees confidentiality – Attacker cannot recover plaintext, but can easily change it to something else • Insecure if keys are reused – Attacker can obtain XOR of plaintexts Fall, 2005 CPSC499 Information Security Management Modern Block Ciphers Computer Science • will now look at modern block ciphers • one of the most widely used types of cryptographic algorithms • provide secrecy and/or authentication services • in particular will introduce DES (Data Encryption Standard) Fall, 2005 CPSC499 Information Security Management Block vs Stream Ciphers Computer Science • block ciphers process messages into blocks, each of which is then en/decrypted • like a substitution on very big characters – 64-bits or more • stream ciphers process messages a bit or byte at a time when en/decrypting • many current ciphers are block ciphers • hence are focus of course Fall, 2005 CPSC499 Information Security Management Block Ciphers Computer Science • Operates on a single chunk (“block”) of plaintext – For example, 64 bits for DES – Same key is reused for each block (can use short keys) • Result should look like a random permutation – As if plaintext bits were randomly shuffled • Only computational guarantee of secrecy – Not impossible to break, just very expensive • If there is no efficient algorithm (unproven assumption!), then can only break by brute-force, try-every-possible-key search – Time/cost of breaking the cipher exceeds the value and/or useful lifetime of protected information Fall, 2005 CPSC499 Information Security Management Permutation Computer Science 1 2 3 4 1 2 3 4 CODE becomes DCEO • For N-bit input, N! possible permutations • Idea: split plaintext into blocks, for each block use secret key to pick a permutation, rinse and repeat – Without the key, permutation should “look random” Fall, 2005 CPSC499 Information Security Management Block Cipher Operation (Simplified) Block of plaintext S S S S S S S S repeat for several rounds S S S S Computer Science Key Add some secret key bits to provide confusion Each S-box permutes its input bits in a “random-looking” way to provide diffusion (spread plaintext bits throughout ciphertext) Procedure must be reversible Block of ciphertext (for decryption) Fall, 2005 CPSC499 Information Security Management Block Cipher Principles Computer Science • needed since must be able to decrypt ciphertext to recover messages efficiently • block ciphers look like an extremely large substitution • instead create from smaller building blocks • using idea of a product cipher (substitution followed by transposition) Fall, 2005 CPSC499 Information Security Management Claude Shannon and SubstitutionPermutation Ciphers Computer Science • in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks – modern substitution-transposition product cipher • these form the basis of modern block ciphers • S-P networks are based on the two primitive cryptographic operations we have seen before: – substitution (S-box) – permutation (P-box) • provide confusion and diffusion of message Fall, 2005 CPSC499 Information Security Management Confusion and Diffusion Computer Science • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining elements to obtain: • diffusion – dissipates statistical structure of plaintext over bulk of ciphertext • confusion – makes relationship between ciphertext and key as complex as possible Fall, 2005 CPSC499 Information Security Management Data Encryption Standard (DES) Computer Science • most widely used block cipher in world • adopted in 1977 by NBS (now NIST http://www.itl.nist.gov/fipspubs/fip462.htm ) • encrypts 64-bit data using 56-bit key • has widespread use • has been considerable controversy over its security Fall, 2005 CPSC499 Information Security Management DES History Computer Science • IBM developed Lucifer cipher – by team led by Feistel – used 64-bit data blocks with 128-bit key • then redeveloped as a commercial cipher with input from NSA and others • in 1973 NBS issued request for proposals for a national cipher standard • IBM submitted their revised Lucifer which was eventually accepted as the DES Fall, 2005 CPSC499 Information Security Management DES Encryption Computer Science Fall, 2005 CPSC499 Information Security Management Strength of DES – Key Size Computer Science • 56-bit keys have 256 = 7.2 x 1016 values • brute force search looks hard • recent advances have shown is possible – in 1997 on Internet in a few months – in 1998 on dedicated h/w (EFF) in a few days – in 1999 above combined in 22hrs! • still must be able to recognize plaintext Fall, 2005 CPSC499 Information Security Management Design Principles Computer Science • block size – increasing size improves security, but slows cipher • key size – increasing size improves security, makes exhaustive key searching harder, but may slow cipher • number of rounds – increasing number improves security, but slows cipher • subkey generation – greater complexity can make analysis harder, but slows cipher • round function – greater complexity can make analysis harder, but slows cipher • fast software en/decryption & ease of analysis – are more recent concerns for practical use and testing Fall, 2005 CPSC499 Information Security Management Confidentiality using Symmetric Encryption Computer Science • have two major placement alternatives • link encryption – encryption occurs independently on every link – implies must decrypt traffic between links • end-to-end encryption – encryption occurs between original source and final destination – need devices at each end with shared keys Fall, 2005 CPSC499 Information Security Management Placement of Encryption Computer Science • can place encryption function at various layers in OSI Reference Model – link encryption occurs at layers 1 or 2 – end-to-end can occur at layers 3, 4, 6, 7 – as move higher less information is encrypted but it is more secure though more complex with more entities and keys Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric encryption Public encryption Digital Signature Key distribution Fall, 2005 CPSC499 Information Security Management Computer Science Private-Key Cryptography Computer Science • traditional private/secret/single key cryptography uses one key • shared by both sender and receiver • if this key is disclosed communications are compromised • also is symmetric, parties are equal • hence does not protect sender from receiver forging a message & claiming is sent by sender Fall, 2005 CPSC499 Information Security Management Public-Key Cryptography Computer Science • probably most significant advance in the 3000 year history of cryptography • uses two keys – a public & a private key • asymmetric since parties are not equal • uses clever application of number theoretic concepts to function • complements rather than replaces private key crypto Fall, 2005 CPSC499 Information Security Management Public-Key Cryptography Computer Science • public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures – a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures • is asymmetric because – those who encrypt messages or verify signatures cannot decrypt messages or create signatures Fall, 2005 CPSC499 Information Security Management Public-Key Cryptography Fall, 2005 CPSC499 Information Security Management Computer Science Public-Key Characteristics Computer Science • Public-Key algorithms rely on two keys with the characteristics that it is: – computationally infeasible to find decryption key knowing only algorithm & encryption key – computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known – either of the two related keys can be used for encryption, with the other used for decryption (in some schemes) Fall, 2005 CPSC499 Information Security Management Public-Key Cryptosystems Fall, 2005 CPSC499 Information Security Management Computer Science Public-Key Applications Computer Science • can classify uses into 3 categories: – encryption/decryption (provide secrecy) – digital signatures (provide authentication) – key exchange (of session keys) • some algorithms are suitable for all uses, others are specific to one Fall, 2005 CPSC499 Information Security Management Security of Public Key Schemes Computer Science • like private key schemes brute force exhaustive search attack is always theoretically possible • but keys used are too large (>512bits) • security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalysis) problems • more generally the hard problem is known, its just made too hard to do in practise • requires the use of very large numbers • hence is slow compared to secret key schemes Fall, 2005 CPSC499 Information Security Management Public key encryption algorithms Computer Science Requirements: 1 need + KB ( ) and KB ( ) - + K (K (m)) = m B B . . such that 2 given public key KB+ , it should be impossible to compute private key KB RSA: Rivest, Shamir, Adelson algorithm Fall, 2005 CPSC499 Information Security Management RSA: Choosing keys Computer Science 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). Fall, 2005 + KB - KB CPSC499 Information Security Management RSA: Encryption, decryption Computer Science 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute e e c = m mod n (i.e., remainder when m is divided by n) 2. To decrypt received bit pattern, c, compute d m = c d mod n (i.e., remainder when c is divided by n) Magic m = (m e mod n) d mod n happens! c Fall, 2005 CPSC499 Information Security Management RSA example: Computer Science Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. encrypt: decrypt: Fall, 2005 letter m me l 12 1524832 c 17 d c 481968572106750915091411825223071697 c = me mod n 17 m = cd mod n letter 12 l CPSC499 Information Security Management RSA: Why is that d m = (m e mod n) mod n Computer Science Useful number theory result: If p,q prime and n = pq, then: y y mod (p-1)(q-1) x mod n = x mod n e (m mod n) d mod n = medmod n = m ed mod (p-1)(q-1) mod n (using number theory result above) 1 = m mod n (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) = m Fall, 2005 CPSC499 Information Security Management RSA: another important property Computer Science The following property will be very useful later: - + B B K (K (m)) + = m = K (K (m)) B B use public key first, followed by private key use private key first, followed by public key Result is the same! Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric encryption Public encryption Digital Signature Key distribution Fall, 2005 CPSC499 Information Security Management Computer Science Digital Signatures Computer Science Cryptographic technique analogous to hand-written signatures. • sender (Bob) digitally signs document, establishing he is document owner/creator. • verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document Fall, 2005 CPSC499 Information Security Management Digital Signatures Computer Science Simple digital signature for message m: • Bob signs m by encrypting with - his private key KB, creating “signed” message, KB(m) Bob’s message, m Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Fall, 2005 K B Bob’s private key Public key encryption algorithm CPSC499 Information Security Management - K B(m) Bob’s message, m, signed (encrypted) with his private key Digital Signatures (more) Computer Science - • Suppose Alice receives msg m, digital signature KB(m) • Alice verifies m signed by Bob by applying Bob’s public + + key KB to KB(m) then checks KB(KB(m) ) = m. + • If KB(KB-(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. Fall, 2005 CPSC499 Information Security Management Internet checksum: poor crypto hash function Computer Science Internet checksum has some properties of hash function: produces fixed length digest (16-bit sum) of message is many-to-one But given message with given hash value, it is easy to find another message with same hash value: message I O U 1 0 0 . 9 9 B O B ASCII format 49 4F 55 31 30 30 2E 39 39 42 D2 42 B2 C1 D2 AC Fall, 2005 message I O U 9 0 0 . 1 9 B O B ASCII format 49 4F 55 39 30 30 2E 31 39 42 D2 42 B2 C1 D2 AC different messages but identical checksums! CPSC499 Information Security Management Message Digests Computer Science Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- tocompute digital “fingerprint” • apply hash function H to m, get fixed size message digest, H(m). Fall, 2005 large message m H: Hash Function H(m) Hash function properties: • many-to-1 • produces fixed-size msg digest (fingerprint) • given message digest x, computationally infeasible to find m such that x = H(m) CPSC499 Information Security Management Digital signature = signed message digest Computer Science Bob sends digitally signed message: large message m H: Hash function Bob’s private key + Fall, 2005 - KB Alice verifies signature and integrity of digitally signed message: encrypted msg digest H(m) digital signature (encrypt) encrypted msg digest KB(H(m)) large message m H: Hash function KB(H(m)) Bob’s public key H(m) H(m) CPSC499 Information Security Management + KB digital signature (decrypt) equal ? Digital Envelopes -- Symmetric + Asymmetric Computer Science • Generate a secret key (session key) at random. • Encrypt the message using the session key and symmetric algorithm. • Encrypt the session key with the recipient’s public key. This becomes the “digital envelope”. • Send the encrypted message and the digital envelope to the recipient. • Figure … Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric encryption Public encryption Digital Signature Key distribution Fall, 2005 CPSC499 Information Security Management Computer Science Key Distribution Computer Science • symmetric schemes require both parties to share a common secret key • issue is how to securely distribute this key • often secure system failure due to a break in the key distribution scheme Fall, 2005 CPSC499 Information Security Management Key Distribution • Computer Science given parties A and B have various key distribution alternatives: 1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B Fall, 2005 CPSC499 Information Security Management Trusted Intermediaries Symmetric key problem: • How do two entities establish shared secret key over network? Solution: • trusted key distribution center (KDC) acting as intermediary between entities Fall, 2005 Computer Science Public key problem: • When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: • trusted certification authority (CA) CPSC499 Information Security Management Key Distribution Center (KDC) Computer Science • Alice, Bob need shared symmetric key. • KDC: server shares different secret key with each registered user (many users) • Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. KDC KA-KDC KP-KDC KP-KDC KB-KDC KA-KDC Fall, 2005 CPSC499 Information Security Management KX-KDC KY-KDC KB-KDC KZ-KDC Key Distribution Center (KDC) Computer Science Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 KA-KDC(A,B) Alice knows R1 KA-KDC(R1, KB-KDC(A,R1) ) KB-KDC(A,R1) Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Fall, 2005 CPSC499 Information Security Management Key Management (public) Computer Science • public-key encryption helps address key distribution problems • have two aspects of this: – distribution of public keys – use of public-key encryption to distribute secret keys Fall, 2005 CPSC499 Information Security Management Distribution of Public Keys • can be considered as using one of: – Public announcement – Publicly available directory – Public-key authority – Public-key certificates Fall, 2005 CPSC499 Information Security Management Computer Science Public Announcement Computer Science • users distribute public keys to recipients or broadcast to community at large – eg. append PGP keys to email messages or post to news groups or email list • major weakness is forgery – anyone can create a key claiming to be someone else and broadcast it – until forgery is discovered can masquerade as claimed user Fall, 2005 CPSC499 Information Security Management Certification Authorities Computer Science • Certification authority (CA): binds public key to particular entity, E. • E (person, router) registers its public key with CA. – E provides “proof of identity” to CA. – CA creates certificate binding E to its public key. – certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key Bob’s identifying information Fall, 2005 + KB digital signature (encrypt) CA private key K- CA CPSC499 Information Security Management + KB certificate for Bob’s public key, signed by CA Certification Authorities Computer Science • When Alice wants Bob’s public key: – gets Bob’s certificate (Bob or elsewhere). – apply CA’s public key to Bob’s certificate, get Bob’s public key + KB digital signature (decrypt) CA public key Fall, 2005 + K CA CPSC499 Information Security Management Bob’s public + key KB A certificate contains: Computer Science • Serial number (unique to issuer) • info about certificate owner, including algorithm and key value itself (not shown) • info about certificate issuer • valid dates • digital signature by issuer Fall, 2005 CPSC499 Information Security Management Summary • • • • Symmetric encryption Public encryption Digital Signature Key distribution Fall, 2005 CPSC499 Information Security Management Computer Science