Upload
dr-ajith-sundaram
View
13
Download
0
Embed Size (px)
Citation preview
Objectives of Information Security
• Confidentiality (secrecy)– Only the sender and intended receiver should be able to understand the
contents of the transmitted message
• Authentication– Both the sender and receiver need to confirm the identity of other party involved
in the communication
• Data integrity– The content of their communication is not altered, either maliciously or by
accident, in transmission.
• Availability– Timely accessibility of data to authorized entities.
Friday, 11 March 2016 2
Objectives of Information Security
• Non-repudiation
– An entity is prevented from denying its previous commitments or actions
• Access control
– An entity cannot access any entity that it is not authorized to.
• Anonymity
– The identity of an entity if protected from others.
Friday, 11 March 2016 3
Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and cryptanalysis
Friday, 11 March 2016 4
Basic Terminology
• unconditional security
– no matter how much computer power is available, the cipher cannot be broken
since the ciphertext provides insufficient information to uniquely determine the
corresponding plaintext
• computational security
– given limited computing resources (eg time needed for calculations is greater
than age of universe), the cipher cannot be broken
Friday, 11 March 2016 5
History – The Manual Era
• Dates back to at least 2000 B.C.
• Pen and Paper Cryptography
• Examples
– Scytale – Spartan method involved wrapping a belt around a rod of a given
diameter and length
– Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The
DaVinci Code)
– Caesar – Shift all letters by a given number of letters in the alphabet
– Vignère – Use of a key and multiple alphabets to hide repeated characters in an
encrypted message
Friday, 11 March 2016 6
History – The Mechanical Era
• Invention of cipher machines
• Examples
– Confederate Army’s Cipher Disk
– Japanese Red and Purple Machines
– German Enigma
Friday, 11 March 2016 7
History – The Modern Era
• Computers!
• Examples
– Lucifer
– Rijndael
– RSA
– ElGamal
Friday, 11 March 2016 8
Cryptography
• Cryptography is a method of storing and transmitting data in a
particular form so that only those for whom it is intended can read and
process it.
Friday, 11 March 2016 9
Cryptographic Methods
• Symmetric
– Same key for encryption and decryption
– Key distribution problem
• Asymmetric
– Mathematically related key pairs for encryption and decryption
– Public and private keys
Friday, 11 March 2016 10
Symmetric
• Fast
• Only provide confidentiality
• Need secure channel for key distribution
• Key management headaches from large number of key pairs to
maintain
Friday, 11 March 2016 11
Symmetric Algorithms
• DES– Modes: ECB, CBC, CFB, OFB, CM
• 3DES
• AES
• IDEA
• Blowfish
• RC4
• RC5
• CAST
• SAFER
• Twofish
Friday, 11 March 2016 13
Asymmetric
• Large mathematical operations make it slower than symmetric
algorithms
• No need for out of band key distribution (public keys are public!)
• Scales better since only a single key pair needed per individual
• Can provide authentication and nonrepudiation
Friday, 11 March 2016 14
Asymmetric Algorithms
• Diffie-Hellman
• RSA
• El Gamal
• Elliptic Curve Cryptography (ECC)
Friday, 11 March 2016 16
Hybrid
• Combines strengths of both methods
• Asymmetric distributes symmetric key
– Also known as a session key
• Symmetric provides bulk encryption
• Example:
– SSL negotiates a hybrid method
Friday, 11 March 2016 17
Cipher text
PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD
KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL,
QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV
EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, ICJ X
LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM
LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL
EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ
SXGOKLU?'
Any Guesses???
Friday, 11 March 2016 18
THE SOLUTION
• Code
• X Z A V O I D B Y G E R S P C F H J K L M N Q T U W
• A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Friday, 11 March 2016 19
Plaintext
• Now during this time Shahrazad had borne King Shahriyar three sons.
On the thousand and first night, when she had ended the tale of
Ma'aruf, she rose and kissed the ground before him, saying: 'Great
King, for a thousand and one nights I have been recounting to you the
fables of past ages and the legends of ancient kings. May I make so
bold as to crave a favour of your majesty?’
Friday, 11 March 2016 20
Types of Cryptography
• Stream-based Ciphers
– One at a time
– Mixes plaintext with key stream
– Good for real-time services
• Block Ciphers
– Amusement Park Ride
– Substitution and transposition
Friday, 11 March 2016 21
Encryption Systems
• Substitution Cipher
– Convert one letter to another
– Cryptoquip
• Transposition Cipher
– Change position of letter in text
– Word Jumble
• Monoalphabetic Cipher
– Caesar
Friday, 11 March 2016 22
Encryption Systems
• Polyalphabetic Cipher
– Vigenère
• Modular Mathematics
– Running Key Cipher
• One-time Pads
– Randomly generated keys
Friday, 11 March 2016 23
Types of Cryptanalytic Attacks
• ciphertext only – only know algorithm / ciphertext, statistical, can identify plaintext
• known plaintext – know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext – select plaintext and obtain ciphertext to attack cipher
• chosen ciphertext – select ciphertext and obtain plaintext to attack cipher
• chosen text – select either plaintext or ciphertext to en/decrypt to attack cipher
Friday, 11 March 2016 24
Steganography
• Hiding a message within another medium, such as an image
• No key is required
• Example
– Modify colour map of JPEG image
Friday, 11 March 2016 25
Public Key Infrastructure
• All components needed to enable secure communication
– Policies and Procedures
– Keys and Algorithms
– Software and Data Formats
• Assures identity to users
• Provides key management features
Friday, 11 March 2016 26
PKI Components
• Digital Certificates
– Contains identity and verification info
• Certificate Authorities
– Trusted entity that issues certificates
• Registration Authorities
– Verifies identity for certificate requests
• Certificate Revocation List (CRL)
Friday, 11 March 2016 27
History
• In 1971, IBM developed an algorithm, named LUCIFER which operates
on a block of 64 bits, using a 128-bit key
• Walter Tuchman, an IBM researcher, refined LUCIFER and reduced
the key size to 56-bit, to fit on a chip.
• In 1977, the results of Tuchman’s project of IBM was adopted as the
Data Encryption Standard by NSA (NIST).
Friday, 11 March 2016 29
DES (Data Encryption Standard)
• Authors: NSA & IBM, 1977
• Data block size: 64-bit (64-bit input, 64-bit output)
• Key size: 56-bit key
• Encryption is fast
– DES chips
– DES software: a 500-MIP CPU can encrypt at about 30K octets per second
• Security
– No longer considered secure: 56 bit keys are vulnerable to exhaustive search
Friday, 11 March 2016 30
Data Encryption Standard (DES)
• Goal of DES is to completely scramble the data and key so that every
bit of cipher text depends on every bit of data and ever bit of key
• DES is a block Cipher Algorithm
– Encodes plaintext in 64 bit chunks
– One parity bit for each of the 8 bytes thus it reduces to 56 bits
• It is the most used algorithm
– Standard approved by US National Bureau of Standards for Commercial and
nonclassified US government use in 1993
Friday, 11 March 2016 31
OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• Defines a systematic way of defining and providing security
requirements
Friday, 11 March 2016 33
Aspects of Security
• The OSI security architecture focuses on security attacks, mechanisms,
and services. These can be defined briefly as follows:
– Security attack: Any action that compromises the security of information owned
by an organization.
– Security mechanism: A process (or a device incorporating such a process) that
is designed to detect, prevent, or recover from a security attack.
– Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.
Friday, 11 March 2016 34
Security Attack
• any action that compromises the security of information owned by an
organization
• information security is about how to prevent attacks, or failing that, to
detect attacks on information-based systems
• often threat & attack used to mean same thing
• have a wide range of attacks
• can focus of generic types of attacks
– passive
– active
Friday, 11 March 2016 35
Security Services
• X.800:
• “a service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or of data
transfers”
• RFC 2828:
• “a processing or communication service provided by a system to give a
specific kind of protection to system resources”
Friday, 11 March 2016 38