Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 1Chapter 1

DIWANDIWAN

BackgroundBackground

Information Security requirements have changed Information Security requirements have changed in recent timesin recent times

traditionally provided by physical and traditionally provided by physical and administrative mechanismsadministrative mechanisms

computer use requires computer use requires automated tools to automated tools to protect files and other stored informationprotect files and other stored information

use of networks and communications links use of networks and communications links requires measures to protect data during requires measures to protect data during transmissiontransmission

DefinitionsDefinitions

Computer SecurityComputer Security - - generic name for the generic name for the collection of tools designed to protect data and collection of tools designed to protect data and to thwart hackersto thwart hackers

Network SecurityNetwork Security - - measures to protect data measures to protect data during their transmissionduring their transmission

Internet SecurityInternet Security - - measures to protect data measures to protect data during their transmission over a collection of during their transmission over a collection of interconnected networksinterconnected networks

Aim of CourseAim of Course

our focus is on our focus is on Internet SecurityInternet Security which consists of measures to deter, which consists of measures to deter,

prevent, detect, and correct security prevent, detect, and correct security violations that involve the transmission & violations that involve the transmission & storage of informationstorage of information

Security AttackSecurity Attack any action that compromises the security of any action that compromises the security of

information owned by an organizationinformation owned by an organization information security is about how to prevent information security is about how to prevent

attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on information-based systemsinformation-based systems

often often threatthreat & & attackattack used to mean same thing used to mean same thing have a wide range of attackshave a wide range of attacks can focus of generic types of attackscan focus of generic types of attacks

passivepassive activeactive

Passive AttacksPassive Attacks

Active AttacksActive Attacks

Security Services (X.800)Security Services (X.800)

AuthenticationAuthentication - - assurance that the assurance that the communicating entity is the one claimedcommunicating entity is the one claimed

Access ControlAccess Control - - prevention of the prevention of the unauthorized use of a resourceunauthorized use of a resource

Data ConfidentialityData Confidentiality – –protection of data from protection of data from unauthorized disclosureunauthorized disclosure

Data IntegrityData Integrity - - assurance that data received is assurance that data received is as sent by an authorized entityas sent by an authorized entity

Non-RepudiationNon-Repudiation - - protection against denial by protection against denial by one of the parties in a communicationone of the parties in a communication

Model for Network SecurityModel for Network Security

Model for Network SecurityModel for Network Security

using this model requires us to: using this model requires us to: 1.1. design a suitable algorithm for the security design a suitable algorithm for the security

transformation transformation 2.2. generate the secret information (keys) used generate the secret information (keys) used

by the algorithm by the algorithm 3.3. develop methods to distribute and share the develop methods to distribute and share the

secret information secret information 4.4. specify a protocol enabling the principals to specify a protocol enabling the principals to

use the transformation and secret use the transformation and secret information for a security service information for a security service

Bill FiggBill Figg 2222

Symmetric EncryptionSymmetric Encryption

or conventional / or conventional / private-keyprivate-key / / single-keysingle-key sender and recipient share a sender and recipient share a common keycommon key all classical encryption algorithms are all classical encryption algorithms are

private-keyprivate-key was only type prior to was only type prior to invention of public-invention of public-

key in 1970’skey in 1970’s

Bill FiggBill Figg 2323

Symmetric Cipher ModelSymmetric Cipher Model

Bill FiggBill Figg 2424

CryptographyCryptography

can be characterized by:can be characterized by: type of encryption operations usedtype of encryption operations used

• substitution / transposition / productsubstitution / transposition / product number of keys usednumber of keys used

• single-key or private / two-key or publicsingle-key or private / two-key or public way in which plaintext is processedway in which plaintext is processed

• block / streamblock / stream

Bill FiggBill Figg 2525

Types of Cryptanalytic Types of Cryptanalytic AttacksAttacks

ciphertext onlyciphertext only only know algorithm / ciphertext, statistical, can identify plaintext only know algorithm / ciphertext, statistical, can identify plaintext

known plaintextknown plaintext know/suspect plaintext & ciphertext to attack cipher know/suspect plaintext & ciphertext to attack cipher

chosen plaintextchosen plaintext select plaintext and obtain ciphertext to attack cipherselect plaintext and obtain ciphertext to attack cipher

chosen ciphertextchosen ciphertext select ciphertext and obtain plaintext to attack cipherselect ciphertext and obtain plaintext to attack cipher

chosen textchosen text select either plaintext or ciphertext to en/decrypt to attack cipherselect either plaintext or ciphertext to en/decrypt to attack cipher

Bill FiggBill Figg 2626

Caesar CipherCaesar Cipher

earliest known substitution cipherearliest known substitution cipher by by Julius CaesarJulius Caesar first attested use in military affairsfirst attested use in military affairs replaces each letter by 3rd letter onreplaces each letter by 3rd letter on example:example:

meet me after the toga partymeet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWBPHHW PH DIWHU WKH WRJD SDUWB

Bill FiggBill Figg 2727

Polyalphabetic CiphersPolyalphabetic Ciphers another approach to improving security is to use multiple another approach to improving security is to use multiple

cipher alphabets cipher alphabets called called polyalphabetic substitution cipherspolyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to guess makes cryptanalysis harder with more alphabets to guess

and flatter frequency distribution and flatter frequency distribution use a key to select which alphabet is used for each letter of use a key to select which alphabet is used for each letter of

the messagethe message use each alphabet in turn use each alphabet in turn repeat from start after end of key is reached repeat from start after end of key is reached

Bill FiggBill Figg 2828

Transposition CiphersTransposition Ciphers

now consider classical now consider classical transpositiontransposition or or permutationpermutation ciphers ciphers

these these hidehide the message by the message by rearranging rearranging the letter the letter order order

without altering the actual letters usedwithout altering the actual letters used can recognise these since have the same can recognise these since have the same

frequency distribution as the original textfrequency distribution as the original text

Bill FiggBill Figg 2929

SteganographySteganography

an alternative to encryptionan alternative to encryption hides existence of messagehides existence of message

using only a subset of letters/words in a longer using only a subset of letters/words in a longer message marked in some waymessage marked in some way

using invisible inkusing invisible ink hiding in LSB in graphic image or sound filehiding in LSB in graphic image or sound file

has drawbackshas drawbacks high overhead to hide relatively few info bitshigh overhead to hide relatively few info bits

Bill FiggBill Figg 3030

Block vs Stream CiphersBlock vs Stream Ciphers

block ciphers process messages in into blocks, block ciphers process messages in into blocks, each of which is then en/decrypted each of which is then en/decrypted

like a substitution on very big characterslike a substitution on very big characters 64-bits or more 64-bits or more

stream ciphers stream ciphers process messages a bit or byte at process messages a bit or byte at a time when en/decryptinga time when en/decrypting

many current ciphers are block ciphersmany current ciphers are block ciphers hence are focus of coursehence are focus of course

Bill FiggBill Figg 3131

Confusion and DiffusionConfusion and Diffusion

cipher needs to completely obscure statistical cipher needs to completely obscure statistical properties of original messageproperties of original message

a one-time pad does thisa one-time pad does this more practically Shannon suggested combining more practically Shannon suggested combining

elements to obtain:elements to obtain: diffusiondiffusion – dissipates statistical structure of – dissipates statistical structure of

plaintext over bulk of ciphertextplaintext over bulk of ciphertext confusionconfusion – makes relationship between – makes relationship between

ciphertext and key as complex as possibleciphertext and key as complex as possible