Upload
pawaryogesh
View
216
Download
0
Embed Size (px)
Citation preview
8/8/2019 479624_634179597380063750
1/23
8/8/2019 479624_634179597380063750
2/23
M PRADEEP KUMAR & P RAHUL
HT.NO 08AU1A0559 08AU1A0571
1ST B.TECH
CSE BRANCH
GNYANA SARASWATI COLLEGE OF ENG.&TECHNOLOGY
DHARMARAM(B)
8/8/2019 479624_634179597380063750
3/23
Information security means protecting information and information systems
from unauthorized access, use, disclosure, disruption, modification, or
destruction
Cryptography (from Greek "hidden, secret") is the practice and study of hiding
information
Information security is concerned with the confidentiality, integrity and
availability of data regardless of the form the data may take: electronic, print,
or other forms.Cryptography is used in applications present in technologically advanced
societies; examples include the security ofATM cards, computer passwords,
and electronic commerce, which all depend on cryptography.
8/8/2019 479624_634179597380063750
4/23
Information security uses cryptography to transform usable information
into a form that renders it unusable by anyone other than an authorized
user; this process is called encryption
Encrypted information can be transformed back into its original form byan authorized user, who possesses the cryptographic key, through the
process of decryption
Cryptography is used in information security to protect information from
unauthorized users while the information is in transit and storage
Cryptography provides information security with improved authentication
methods, message digests, digital signatures, and encrypted network
communications
8/8/2019 479624_634179597380063750
5/23
Modern Information Security
Computer Security
It mainly focuses on shared system, such as time-sharing system andnecessary to provide some tools to protect file and other information stored
on the computer
Network (Communication) SecurityIt mainly concerns distributed system, such as internet and its purpose is to
protect the information over the internet
It also focuses on measures to deter, prevent, detect and correct security
violations that involve the transmission of information.
8/8/2019 479624_634179597380063750
6/23
Confidentiality : Information is accessible only for reading
Authentication :Information is correctly identified, with an assurance
that identity is not false
Integrity :Only authorized parties are able to modify computersystem assets and transmitted information
Nonrepudiation :Both the sender and receiver of message are unable
to deny the transmission.
Access Control : Requires that access to information resources maybe
controlled by or for the target system..
8/8/2019 479624_634179597380063750
7/23
Source Destination
INTERRUPTION
Source Destination
INTERCEPTION
Source Destination
MODIFICATION
Source Destination
FABRICATION
8/8/2019 479624_634179597380063750
8/23
Passive Attacks
Passive threats
Interception
Release of message contents Traffic analysis
Active Attacks
Passive threats
Interruption
(availability)
Fabrication
(authenticity)
Modification
(integrity)
8/8/2019 479624_634179597380063750
9/23
Integrity
Confidentiality
Avaliability
8/8/2019 479624_634179597380063750
10/23
The art or science encompassing the principles and methods of
transforming an intelligible message into unintelligibleone, and then
retransforming that message back to original form.
Plaintext
Ciphertext
Cipher
Key
code
Encipher(encode)
Decipher(decode)
Cryptanalysis
Cryptology
8/8/2019 479624_634179597380063750
11/23
8/8/2019 479624_634179597380063750
12/23
The development of digital computers
and electronics afterWWII made
possible much more complex ciphers
Many computer ciphers can be charact-
erized by their operation on binary bit
sequences,unlike classical and
mechanical schemes
The Enigma machine, used, in several
variants, by the German military
between the late 1920s and the end of
WorldWar II
Enigma machine
8/8/2019 479624_634179597380063750
13/23
Cryptography, then, not only protects data from theft or alteration, but
can also be used for user authentication. There are, in general, three
types of cryptographic schemes typically used to accomplish these goals
Secret key cryptography (or symmetric)
Public-key cryptography (or asymmetric)
Hash functions,
8/8/2019 479624_634179597380063750
14/23
In this form single key is used for both encryption and decryption
The sender uses the key to encrypt the plaintext and sends the
ciphertext to the receiver. The receiver applies the same key to decrypt
the message and recover the plaintext
Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption
8/8/2019 479624_634179597380063750
15/23
Secret key cryptography schemes are generally categorized as being
either stream ciphers or block ciphers.
Stream ciphers operate on a single bit (byte or computer word) at a
time and implement some form of feedback mechanism so that the
key is constantly changing.
A block cipher is so-called because the scheme encrypts one block
of data at a time using the same key on each block.
In general, the same plaintext block will always encrypt to the sameciphertext when using the same key in a block cipher whereas the
same plaintext will encrypt to different ciphertext in a stream cipher.
8/8/2019 479624_634179597380063750
16/23
8/8/2019 479624_634179597380063750
17/23
Hash functions, also called message digests and one-way encryption,
are algorithms that, in some sense, use no key
A fixed-length hash value is computed based upon the plaintext that
makes it impossible for either the contents or length of the plaintext to berecovered.
Hash algorithms are typically used to provide a digital fingerprint of a
file's contents and are also commonly employed by many operating
systems to encrypt passwords and then, provide a measure of the
integrity of a file
8/8/2019 479624_634179597380063750
18/23
Combines all functions to form a secure transmission comprising digital signature and
digital envelope
8/8/2019 479624_634179597380063750
19/23
Nearly all modern network operating systems employ passwords at
the very least to protect and authenticate users accessing computer
and network resources
But passwords are not typically kept on a host or server in plaintext,but are generally encrypted using some sort of hash scheme
As the passwords are not saved in plaintext on computer systems
precisely,they cannot be easily compromised.
An even stronger authentication method uses the password to modifya shared secret between the client and server, but never allows the
password in any form to go across the network.
8/8/2019 479624_634179597380063750
20/23
PGP can be used to sign or encrypt e-mail messages with the mere
click of the mouse
Depending upon the version ofPGP, the software uses SHA or MD5
for calculating the message hash; CAST, Triple-DES, or IDEA forencryption; and RSA or DSS/Diffie-Hellman for key exchange and
digital signatures.
PGP is available as a plug-in for many e-mail clients, such as Claris
Emailer, Microsoft Outlook and Qualcomm Eudora
Pretty Good Privacy (PGP) is one of today's most widely used
public key cryptography programs, developed by Philip Zimmermann
in the early 1990s
8/8/2019 479624_634179597380063750
21/23
In typical applications workstation are attached to LAN. The user
can reach other hosts, workstations and servers in the same LAN
that are interconnected via bridges and routers.
Transmissions from station to station is visible on the LAN to allstation. Data is transmitted in the form of packets which contain
source/destination Ids, and other information.
On this basis, an eavesdropper can monitor and capture traffic
packets. Eavesdropper needs not be a local LAN user; it could be
anyone to whom the LAN offers a dial-up capacity.
Eavesdropping may also occur in any of the communication links
which provide connectivity to the system
8/8/2019 479624_634179597380063750
22/23
Link Encryption
Each vulnerable communication link is equipped on both end with an
encryption devices
End-to-End EncryptionData is encrypted only at the source node and decrypted at the destination
node
Problem
Data consists of packets have a header portion and content portion. we canencrypt the header. So the data is secure and the traffic pattern is not
Solution
Use a combination of above two approaches.
8/8/2019 479624_634179597380063750
23/23