Page 236 - DCAP403_Operating System
P. 236
Unit 12: Security Solution
Cipher Feedback (CFB) mode is a block cipher implementation as a self-synchronizing stream Notes
cipher. CFB mode allows data to be encrypted in units smaller than the block size, which might
be useful in some applications such as encrypting interactive terminal input. If we were using
1-byte CFB mode, for example, each incoming character is placed into a shift register the same
size as the block, encrypted, and the block transmitted. At the receiving side, the ciphertext is
decrypted and the extra bits in the block (i.e., everything above and beyond the one byte) are
discarded.
Output Feedback (OFB) mode is a block cipher implementation conceptually similar to a
synchronous stream cipher. OFB prevents the same plaintext block from generating the same
ciphertext block by using an internal feedback mechanism that is independent of both the
plaintext and ciphertext bitstreams.
12.4 Public-key Encryption
Public-key cryptography has been said to be the most significant new development in
cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford
University professor Martin Hellman and graduate student Whitfi eld Diffie in 1976. Their paper
described a two-key crypto system in which two parties could engage in a secure communication
over a non-secure communications channel without having to share a secret key.
Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in
which a user has a pair of cryptographic keys—a public key and a private key. The private key is
kept secret, while the public key may be widely distributed. The keys are related mathematically,
but the private key cannot be practically derived from the public key. A message encrypted with
the public key can be decrypted only with the corresponding private key.
The two main branches of public key cryptography are:
1. Public key encryption — a message encrypted with a recipient’s public key cannot be
decrypted by anyone except the recipient possessing the corresponding private key. This is
used to ensure confi dentiality.
2. Digital signatures — a message signed with a sender’s private key can be verifi ed by
anyone who has access to the sender’s public key, thereby proving that the sender signed
it and that the message has not been tampered with. This is used to ensure authenticity.
An analogy for public-key encryption is that of a locked mailbox with a mail slot. The mail slot
is exposed and accessible to the public; its location (the street address) is in essence the public
key. Anyone knowing the street address can go to the door and drop a written message through
the slot; however, only the person who possesses the key can open the mailbox and read the
message.
An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The
message can be opened by anyone, but the presence of the seal authenticates the sender.
A central problem for public-key cryptography is proving that a public key is authentic, and
has not been tampered with or replaced by a malicious third party. The usual approach to this
problem is to use a public-key infrastructure (PKI), in which one or more third parties, known
as certificate authorities, certify ownership of key pairs. Another approach, used by PGP, is the
“web of trust” method to ensure authenticity of key pairs.
LOVELY PROFESSIONAL UNIVERSITY 229
