Академический Документы
Профессиональный Документы
Культура Документы
SECURITY TECHNOLOGIES
Semester 2
The internet was never designed to be a global market place with a billion users. So Internet lacks many basic security features found in older networks such as telephone system or broadcast television networks. The Internet is an open, vulnerable design network.
Integrity
Is the ability to ensure that information being displayed on a website, or transmitted or received over the Internet, has not been altered, in any way by an unauthorized party. Is the ability to ensure that the e-commerce participants do not deny their online actions. Is the ability to identify the identity of a person or entity with whom you are dealing on the Internet.
Nonrepudiation
Authenticity
Confidentiality
Is the ability to ensure that messages and data are available only to those who are authorized to view them. Contents should be known only to the sender and receiver
Privacy
Is the ability to control the use of information a customer provides about himself to an e-commerce merchant. Is the ability to ensure that an e-commerce site continues to function as intended.
Availability
Malicious code
Includes viruses, worms, Trojan horses and bots A virus is a computer program that has the ability to replicate or make copies of itself and spread to other files. A worm is designed to spread from computer to computer , instead of just spreading from file to file.
A Trojan horse hide a program to steal passwords e-mail them to another person.
and
Bots(Robots) are type of malicious code that can be covertly installed on your computer when attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and is able to be controlled by an external third party.
Unwanted programs
Unwanted programs can be a browser parasite or spyware A browser parasite is a program that can monitor and change the settings of a user browser. Spyware can be used to obtain information such as a users key strokes, copies of e-mail and instant messages.
Phishing
Phishing is any deceptive, online attempt by a third party to obtain confidential information for financial gain. Phishing rely on misrepresentation and fraud. The most popular phishing attack is the e-mail scam letter
Spoofing
To misrepresent oneself by using fake e-mail addresses or masquerading as someone else Spoofing a website is also called pharming which involves redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination. Spoofing does not directly damage files or network servers but threatens the integrity of a site.
Sniffer
A type of eavesdropping program that monitors information travelling over a network. Sniffers enable hackers to steal proprietary information from anywhere on the network, including e-mail messages, company files and confidential reports. The threat of sniffing is that confidential or personal information will be made public.
Hacker
An individual who intends to gain unauthorized access to a computer system. A hacker with criminal intent is called cracker. Hackers can be white hats, black hats or grey hats. White hats are good hackers who help organizations locate and fix security flaws. Black hats are hackers who act with the intention of causing harm. Grey hats are hackers who believe they are pursuing some greater good by breaking in and revealing system flaws.
Flooding a website with useless page requests to flood the sites web servers.
Uses numerous computers to attack the target network from numerous launch points.
The increase in complexity and size of software programs coupled with demands for timely delivery to markets has contributed to an increase in software errors and vulnerabilities that hackers can exploit.
CRYPTOGRAPHY
In cryptography, information is protected by scrambling it in such a manner that it can be unscrambled only with a secret key.
Key
Key
Plain text
Encryption algorithm
Cipher text
Decryption algorithm
Plain text
OBJECTIVES OF CRYPTOGRAPHY
Secure stored information Secure information transmission
Encryption
Encryption is defined as the transformation of data via a mathematical process called an algorithm into a form that is unreadable to anyone who does not possess a secret key for decrypting the message.
Plain text
The original message or data is referred to as plain text. The plain text is given to encryption algorithm as input.
Encryption algorithm
A mathematical algorithm used for the transformation of plain text into cipher text is referred to as the encryption algorithm. It receives the plain text and secret key as input and produces the ciphertext as output.
Ciphertext
The encoded or encrypted message produced as an output of the encryption algorithm by applying the secret key is referred to as the ciphertext. It depends on the plain text and the secret key.
Secret key
The secret key contains the code used to transform the plain text to cipher text and vice versa.
Decryption algorithm
A mathematical algorithm used for transforming the cipher text into plain text by applying the secret key is referred to as decryption algorithm. It receives the ciphertext and the secret key as input and produces the plain text as output. In symmetric encryption decryption algorithm is just reverse of encryption algorithm. In asymmetric encryption, the decryption algorithm may be distinct from encryption algorithm
TYPES OF ENCRYPTION
Symmetric encryption Asymmetric encryption
SYMMETRIC ENCRYPTION
The sender and receiver share a common secret key. The decryption algorithm is just reverse of encryption algorithm. Symmetric encryption is also called the single-key or secret key encryption.
Secret key
Identical keys
Secret key
Plain text
Encryptio n algorithm
Cipher text
Decryptio n algorithm
Plain text
ASYMMETRIC ENCRYPTION
Sender and Receiver share a unique key pair consisting of a public key and private key.
key key
Distinct keys
Plain text
Encryptio n algorithm
Cipher text
Decryptio n algorithm
Plain text
Substitution
Each element in the plain text is substituted by another element. E.g. Plain text: WILLPOWER Key: first succeeding letter Cipher text: XJMMQPXFS
2.
Transposition
The elements in the plain text are re-arranged by performing some sort of permutation on the plaintext letters or bits. E.g. WILLPOWER WI/LL/PO/WE/R0 KEY:2314 CIPHERTEXT: LLPOWIR0
Block cipher:
The plain text is processed on block of elements at a time, producing an output block for each input block. The input plaintext elements are processed continuously, producing an output of one element at a time.
2.
Stream cipher:
The process of attempting to discover the plain text or the secret key is known as cryptanalysis. Cryptanalysis depends on The nature of the encryption scheme The information available to the cryptanalyst
VARIOUS TYPES OF CRYPTANALYTIC ATTACKS EXIST DEPENDING ON THE INFORMATION AVAILABLE TO THE CRYPTANALYST.
Ciphertext only: In this case known to the crypt analyst are
ciphertext encryption or decryption algorithm
The cryptanalyst uses the following strategies Apply brute force approach of trying all possible keys. If the key length is very large, this becomes impractical. Apply many statistical steps to ciphertext.
Brute force attack This method is to try all possible key on a piece of ciphertext until an intelligible translation into plain text is obtained. On average, half of all possible keys must be tried to achieve success.
With the above type of knowledge, the cryptanalyst may be able to deduce the key on the basis of the way in which the known plain text is transferred.
Sometimes the cryptanalyst insert into the plaintext certain chosen patterns. These patterns get encrypted with the plaintext with the secret key of the sender. Thus using patterns inserted by him, the crypt analyst can work towards analyzing the secret key.
Data Encryption Standard (DES) Triple Data Encryption Algorithm (TDEA) Advanced Encryption Standard (AES)
Scramble a 64 bit text block one time Divide the 64 bit block into to 32 bit blocks Take each of 32 bit blocks and scramble them16 times using the secret DES key. Apply the inverse of the initial scramble
Proposed in 1985 Incorporated in 1999 Follows encrypt-decrypt-encrypt implementation. Message is encrypted with the first key(K1-56bits), decrypted with the second key(K2-56bits) and again encrypted with the third key(K3-56bits). Thus with the use of three distinct keys, TDEA has an effective key length of 168bits or 112 bits
K2 K3
K1
Plain text
Encryption
Decryption
Encryption
Cipher text
Drawbacks
The algorithm which has three times as many rounds as DES is correspondingly slower. The use of 64 bit block size reduces the efficiency of the TDEA
Two alternatives
Link Encryption End-to-End Encyption
PSN
Receiving end
Sending end
PSN
PSN
Receiving end
PSN
KEY DISTRIBUTION
Session key :
When two end systems communicate One time use At the end of the connection or session, the key is lost
Permanent Key :
Provides one time session key for a connection Performs end to end encryption and gets the session key on behalf of the terminal
KDC
FEP
Sending terminal
ASYMMETRIC ALGORITHM
DIGITAL SIGNATURES
Developed due to disputes between sender and receiver Digital signatures are designed to bind the message originator with the exact contents of the message It can be a encrypted message digest
One way hash algorithm to digest the original message Senders private key is used to encrypt the message digest Original message + digital signature are transmitted Receiver uses hash algorithm to recompute the message digest from original message Receiver uses senders public key to decrypt the message digest Both should match