Material base de acople lado caliente

In cryptography, encryption is the process of encoding messages in such a way that others cannot read it, but authorized parties can. An encryption scheme is an effective approach to achieve confidentiality. In an encryption scheme, a message is encrypted using an encryption algorithm, turning it into an unreadable ciphertext. This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm that usually requires a decryption key. There are two types of encryption schemes: symmetric-key encryption and public-key encryption [16].

2.2.1.1 Symmetric-key Cryptography

Symmetric-key algorithms use a single secret key to encrypt and decrypt messages, as shown in Figure 2.11. Thus communicating parties must agree on the same secret key before they wish to communicate with each other.

follows:

(1) The key generation algorithmG is a randomized algorithm that returns a stringK. Let Keys(SE) denote a set of all strings that have non-zero probability of being output by G. The members of this set are called keys. We write K ←R− G for the operation of executingGand let K denote the key returned.

(2) The encryption algorithm E takes the key K ∈ Keys(SE) and a plaintext M ∈ {0,1}∗ _{to return a ciphertext C ∈ {0,1}}∗ _{denoted as C←}R_−E

K(M).

(3) The decryption algorithmDtakes a keyK ∈Keys(SE) and a ciphertextC∈ {0,1}∗ to return the plaintextM ∈ {0,1}∗ _{denoted as M ←D}

K(C).

2.2.1.2 Public-key Cryptography

Public-key encryption algorithms use a private key that is known only to its owner and a public key that can be made known to anyone. The public key and the private key are mathematically linked. Data encrypted with a public key can be decrypted only with its corresponding private key and vice versa.

Each useruin the network has a pair of keyshPu, Suiassociated with him. The public keyPu is accessible to everyone, and the private-keySu is known only to useru. A public and private key pair is generated by running a key-generation algorithm. To send a secret messageM to useru, the sender first encrypts messageM into a cipher textC =EPu(M)

using u’s public key Pu and a public encryption algorithmE, and then sends the cipher textC to useru. E is a public encryption algorithm. Upon receiving cipher textC, user

ucan decrypt the message by using his private key Su and computing DSu(C), where D

is a decryption algorithm. Clearly, for this to work we need thatDSu(EPu(M)) =M.

Figure 2.12 shows the public-key encryption and decryption process. Two parties (sender and recipient) use public-key encryption as follows. If the sender wants to send to the recipient an encrypted message, he uses the recipient’s public key to encrypt the message. For example, Bob wants to send a message to Alice. Bob first encrypts the message using Alice’s public key and then sends the encrypted message to Alice. When receiving the encrypted message, Alice decrypts the encrypted message using her private key.

Figure 2.12: Public key encryption and decryption

cept the encrypted message from Bob. However, the unauthorized user cannot retrieve the original message since the encrypted message can only be decrypted with Alice’s pri- vate key, which is known only to Alice. If Alice wants to send a message back to Bob, she encrypts her message using Bob’s public key. Bob then decrypts the message using his private key.

A public-key encryption scheme is a triplet (G, E, D) of algorithms (key generation, encryption, and decryption) which are required to satisfy the following conditions [16]:

(1) Key generation algorithm: an algorithmGproduces a pair (Pu, Su), wherePuis called the public key, andSu is the corresponding private key. We also refer to (Pu, Su) as a pair of encryption/decryption keys.

(2) Encryption algorithm: an algorithm E takes as inputs a public-key Pu and a string

M ∈ {0,1}k _{called the message, and produces as output a string C ∈ {0,1}}∗ _called the ciphertext. The notationC∈EPu(M) denotesCbeing an encryption of message M using keyPu.

(3) Decryption algorithm: an algorithmDtakes as inputs a private-keySu and a cipher- textCfrom the range ofE_Pu(M), and produces as output a stringM0_{∈ {0,1}}∗_{, such} that for every pair (Pu, Su), for everyM, for everyC ∈D(Pu, M), the probability for the decryption resultDSu(C) being not equal to the output stringM0 is negligible.

2.2.1.3 Symmetric-key vs. Public-key Cryptography

Symmetric-key cryptography uses a single key for both encryption and decryption. It is easier to implement, and generally requires less processing power. On the other hand, public-key cryptography uses different keys for encryption and decryption. The decryp- tion key cannot be calculated from the encryption key. Public-key encryption is normally used to encrypt other keys for subsequent communications. Symmetric-key cryptograph is well suited for performing cryptographic transformations on large streams of data because symmetric key encryption is computationally less expensive than public-key encryption given equivalent levels of security.

Symmetric-key cryptography requires a sender and a receiver to agree on a key before data transmission. The security of the cryptographic algorithm lies solely with the key. Symmetric-key cryptography incurs high costs for key creation and maintenance. For

example, given M people, the total of M2 _{keys have to be created/maintained. On} the other hand, the public-key cryptography only requires to maintain M pair of keys. The drawbacks of public-key cryptography is that it is more computationally expensive compared with most symmetric-key algorithms of equivalent security, and also requires the use of large keys. These drawbacks makes it cost prohibitive to send large amounts of data using public-key encryption.

Since both symmetric and public key cryptography have their own advantages, file transfer systems typically employ a hybrid of the two, such as SSL (secure socket layer) used in FTPS (file transfer protocol secure) and HTTPS (hypertext transfer protocol secure), or SSH (secure shell) used in SFTP (secure file transfer protocol). Hybrid cryp- tosystems employed in an FTPS or SFTP server use public keys to initially encrypt symmetric keys known as session keys. The session keys are then used to encrypt the actual data. A session key is only used in one session. After the session, the key is simply discarded. If a session key is compromised, only the data sent within that particular session will be at risk.