Академический Документы
Профессиональный Документы
Культура Документы
1
Introduction
Cryptology :
–The study of cryptosystem.
Cryptography :
–The art and science of making cryptosystem that is
capable of providing information security.
–Study of crypto(secret) + graphy (writing)
Cryptanalysis :
–The art and science of breaking cipher text.
2
Origin ( History)
Hieroglyph (The Oldest Cryptographic
Technique)
– 4000 years ago, the Egyptians used to communicate
by messages written in hieroglyph.
– This code was the secret known only to the scribes
who used to transmit messages on behalf of the kings.
3
Origin ( History) (cond……)
Caesar Shift Cipher
–shift the letters back by an agreed number
Steganography
–Not only want to protect the secrecy of an information
by concealing it, but they also want to make sure any
unauthorized person gets no evidence
–EX: invisible watermarking.
4
Definitions
Computer Security - generic name for the
collection of tools designed to protect data and
to thwart hackers
Network Security - measures to protect data
during their transmission
Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks
5
1.1 OSI Security Architecture
ITU-T X.800, “Security Architecture for OSI “
defines systematic way of defining & providing
security requirements
Developed as an International standard
Used by managers & computer,communication
vendors in their products.
Focuses on;
–Security attack
–Security mechanism
–Security service
6
OSI Security Architecture (cond……)
7
(A) Security Attacks
8
(a) Passive Attacks
Attacker can only read(eavesdropping/Monitor)
9
(a.i)Release of Message
10
(a.ii) Traffic Analysis
11
(b) Active Attacks
Attacker can read, edit, modify
12
(b.i) Masquerade.
13
(b.ii) Replay.
14
(b.iii) Modification of messages.
15
(b.iv) Denial of Service.
16
(B) Security Service
17
(a) Authentication
Provides us the assurance that the communicating
entity is the one it claims to be
Example: consider a person, using online banking service. Both
the user and the bank should be assured in identities of each other
Two types of Authentication:
i) Peer entity authentication
Provides mutual confidence in the identities of
the parties involved in a connection.
Ex: password based authentication
19
(c) Data Confidentiality
Connection confidentiality: Protection of all (N)-
user-data on an (N)-connection
Connectionless confidentiality: Protection of all
(N)-user-data in a single data block
Selective field confidentiality: Confidentiality of
selected fields within the (N)-user-data on an (N)-
connection or in a single data block.
Traffic flow confidentiality: Protection of the
information which might be derived from
observation of traffic flows.
20
(d) DATA INTEGRITY
Assurance that data received are exactly as sent
by an authorized entity
21
DATA INTEGRITY (cont.....)
Selective-Field Connection Integrity:
Provides for the integrity of selected fields within the
user data of a data block transferred over a connection
and takes the form of determination of whether the
selected fields have been modified, inserted, deleted, or
replayed.
Selective-Field Connectionless Integrity:
Provides for the integrity of selected fields within
a single connectionless data block; takes the
form of determination of whether the selected
fields have been modified.
22
(e) Non-repudiation
Types:
Origin non-repudiation
Proof that the message was sent by the
specified party.
Destination non-repudiation
Proof that the message was received by the
specified party.
23
(C) Security mechanism
24
SPECIFIC SECURITY MECHANISMS
Mechanisms that are specific to any particular
OSI security service or protocol layer
Encryption (Encipherment)
– Process of encoding information into a secret code by
using a special key.
– To read an encrypted file, you must have the key of the
decoding that enables you to decrypt it.
– By using an algorithm for encryption we can protect our
personal information such as:
- Credit-card information
- Bank-account information
- Medical information
25
Encryption (Encipherment)
Encryption
Mechanism
26 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Encryption (Encipherment)
Symmetric encryption
27 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Encryption (Encipherment)
Public-key cryptography
28 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Encryption (Encipherment)
Asymmetric
Encryption
This figure explains
while Bob is writing an
e-mail to Nancy, Bob
has the public key of
Nancy, public key of
Nancy is widely
distributed, he can
encrypt that message
and send it to Nancy,
Nancy with her private
key can decrypt the
message and no
intruder should be able
to decrypt the message.
29 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Encryption (Encipherment)
Private Key encryption
Private Key means that each computer has a secret
key that it can use to encrypt a packet of information.
30 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Digital Signature
31 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Access Control
– A variety of mechanisms that enforce access rights to
resources.
– Way of talking about controlling access to a web
resource.
– Access can be granted or denied based on a wide
variety of criteria, such as the network address of the
client, the time of day, or the browser which the visitor is
using.
32 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
Data Integrity:
– Assure the integrity of a data unit or stream of data units.
Authentication Exchange:
– Ensure the identity of an entity by means of information
exchange.
Traffic Padding:
–The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.
–Padding messages is a way to make it harder to do traffic
analysis.
–The attacker might not know what A and B were talking but
he could know that they were talking and how much they
talked.
33
Routing Control:
–Enables selection of particular physically secure routes
for certain data and allows routing changes, especially
when a breach of security is suspected.
Notarization:
–The use of a trusted third party to assure certain
properties of a data exchange.
34 564 Fall 2007 Security and Privacy on the Internet - Dr. A.K. Aggarwal
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any
particular OSI security service or protocol layer.
Trusted Functionality:
–That which is perceived to be correct with respect to
some criteria (e.g., as established by a security policy).
Security Label:
–The marking bound to a resource (which may be a
data unit) that names or designates the security
attributes of that resource.
Event Detection
–Detection of security-relevant events.
35
Security Audit Trail
–Data collected and potentially used to facilitate a
security audit, which is an independent review and
examination of system records and activities.
Security Recovery
–Deals with requests from mechanisms, such as event
handling and management functions, and takes
recovery actions.
36
Relationship between Security
Services and Mechanisms
37
Model for Network Security
Model for Network Security
using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service
Model for Network Access
Security
Model for Network Access
Security
using this model requires us to:
1. select appropriate gatekeeper functions to identify
users
2. implement security controls to ensure only
authorised users access designated information or
resources
trusted computer systems may be useful to
help implement this model
Classical Encryption Techniques
Symmetric Cipher Model
–Cryptography
–Cryptanalysis
Substitution Techniques
– Caesar Cipher
– Monoalphabetic Ciphers
– Playfair Cipher
– Hill Cipher
– Polyalphabetic Ciphers
– One-Time Pad
Transposition Techniques
Rotor Machines
Steganography
Symmetric Encryption (conventional /
private-key / single-key)
sender and recipient share a common key
all classical encryption algorithms are private-key
was only type prior to invention of public-key in
1970’s
and by far most widely used
Some Basic Terminology
b) brute-force attack
(a) Cryptanalytic Attacks
ciphertext only
–only know algorithm & ciphertext, is statistical, know or
can identify plaintext
known plaintext
–know/suspect plaintext & ciphertext
chosen plaintext
–select plaintext and obtain ciphertext
chosen ciphertext
–select ciphertext and obtain plaintext
chosen text
–select plaintext or ciphertext to en/decrypt
More Definitions
unconditional security
–no matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to uniquely
determine the corresponding plaintext
computational security
–given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher
cannot be broken
(b) Brute Force Attack
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters 26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
(permutation)
Classical Substitution Ciphers
where letters of plaintext are replaced by other
letters or by numbers or symbols
or if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext bit
patterns with ciphertext bit patterns
1. Caesar Cipher
2. Monoalphabetic Ciphers
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad
(a) Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher
can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
now have a total of 26! = 4 x 1026 keys
with so many keys, might think is secure
but would be !!!WRONG!!!
problem is language characteristics
Language Redundancy and
Cryptanalysis
human languages are redundant
eg "th lrd s m shphrd shll nt wnt"
letters are not equally commonly used
in English E is by far the most common letter
–followed by T,R,N,I,O,A,S
other letters like Z,J,K,Q,X are fairly rare
have tables of single, double & triple letter
frequencies for various languages
English Letter Frequencies
Use in Cryptanalysis
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Encrypting and Decrypting