Академический Документы
Профессиональный Документы
Культура Документы
Algorithms
14th May 2012
P.R.Lakshmi Eswari
e-Security Team
C-DAC Hyderabad
Network Security
What is it ?
Why do we need it ?
How is it provided ?
Normal Flow
Normal Flow
Interruption
Normal Flow
Modification
Interruption
Normal Flow
Modification
Interruption
Interception
Normal Flow
Interruption
Modification
Fabrication
Interception
Normal Flow
Interruption
Modification
Fabrication
Interception
No!
Get it?
Sent it?
No!
Repudiation
Availability
Requirement
Modification
Fabrication
Interception
No!
Get it?
Sent it?
No!
Repudiation
Availability
Requirement
Integrity
Interception
Fabrication
No!
Get it?
Sent it?
No!
Repudiation
Availability
Requirement
Integrity
Fabrication
Confidentiality
No!
Get it?
Sent it?
No!
Repudiation
Availability
Requirement
Integrity
Confidentiality
No!
Get it?
Authenticity
Sent it?
No!
Repudiation
Availability
Requirement
Integrity
Confidentiality
Authenticity
Non Repudiation
Security Mechanisms
Confidentiality
Integrity
Authentication
Non-Repudiation
Encryption
Hashing
Digital Certificates
Digital Signatures
Cryptographic Algorithms
Types of Cryptographic algorithms
Secret key cryptography or Symmetric Key
Symmetric Cryptography
Asymmetric Cryptography
Types of Cryptosystems
Disadvantages: slow
Decryption
algorithm
Encryption
algorithm
Plain text
input
Transmitted
Cipher text
Confidentiality
Plain text
output
64-bit
48-bitInput
K1
Generate keys
Permutation
Round 1
Round 2
...
Round 16
Swap
Permutation
64-bit Output
Initial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
Plain
text
Decrypt
Key3
Encrypt
Encryption
Key3
Cipher
text
Key2
Decrypt
Key2
Encrypt
Decryption
Cipher
text
Key1
Decrypt
Plain
text
Blowfish
CAST 128
Keystream
generator
Encryption
key
Keystream
generator
plaintext
ciphertext
ciphertext
plaintext
Decryption
Keystream Generator is a pseudo random generator like linear feedback shift register
Key Distribution
Confidentiality
Authentication
Key distribution
Confidentiality
Decryption
algorithm
Encryption
algorithm
Plain text
input
Transmitted
Cipher text
Confidentiality
Plain text
output
RSA
Key Generation
Decryption
Cipher text C
Plaintext M = Cd(mod n)
Cryptography
Strength of Cryptographic Algorithms
Identify the weakest links
Private Key
Decryption
algorithm
Encryption
algorithm
Plain text
input
Transmitted
Cipher text
Authentication
Plain text
output
Private Key
Session
key
Encryption
algorithm
encrypted
key
Decryption
algorithm
Key Exchange
Shared
session
key
Key Management
Diffie-Hellman Key Exchange
User A
prime p
primitive root
random no. x
prime p
primitive root
random no. y
Public key
pk1 = xmod p
Public key
pk2 = ymod p
Secret Key
pk2xmod p
K = pk
2
= xymod p
Secret Key
ymod
1
K = pk1pk
p
= xymod p
User B
Asymmetric
2048-bit key
Symmetric
56-bit key
Integrity
Hash Functions
A public function that maps a plaintext message of
any length into a fixed length hash value used as the
authenticator
Pros
Cons
No Confidentiality
Can be altered by attackers to match altered message
Integrity
Secure Hash Algorithm (SHA-1)
Original message
zero padding
512 x m bits
message
length
64 bits
Authentication
Digital Signatures
Digital Certificates
Digital Certificates
X.509 Certificates
X.509 Certificates
What is a protocol ?
Why do we need a network security protocol ?
Authentication
Data integrity
Confidentiality
Key exchange
Cipher Suite Negotiation
Protocol Layers
Where to Implement Security?
Application Layer
Transport Layer
Network Layer
Link Layer
Deployment of Cryptography
Application-Layer Encryption
Application
Layers (5-7)
Network-Layer Encryption
Transport/Network
Layers (3-4)
Link/Physical
Layers (1-2)
Link-Layer
Encryption
Link-Layer
Encryption