Upload File

12 security i

4
Comms Tech Introduction to Communication Security I 1 Communication Security Introduction to Concepts Part I Security Requirements Privacy: only the intended recipient can 'see' the contents of the message. Integrity : the message received is the same as the message transmitted Authentication : the message has actually come from a sender of known identity and not an imposter. Nonrepudiation: a sender cannot later deny sending the message or receiver having received it. (some also consider Availability: protection against loss of access to data or ability to communicate) Communication Channel Security Some media are more difficult to eavesdrop than others. In order of increasing difficulty it goes: wireless, wired, optical However: For all communications channels assume that a determined eavesdropper can pick up messages either by detecting the transmission directly or by manipulating lower layer protocols and devices. => Need to ‘protect’ messages Cryptography (brief introduction) From Greek for “secret writing” Plaintext message (readable by anyone) is converted to Ciphertext by an encryption algorithm. Ciphertext can only be read by intended receiver as it requires the specific decryption algorithm (which only intended receiver has) Sender Encryption Decryption Receiver Communication channel Plaintext Plaintext Ciphertext Ciphers and Keys A Cipher refers to a particular encryption/decryption algorithm (or class of algorithms). It is not necessary for every pair of communicators to have their own shared algorithms. Instead a public algorithm is used (it can be known by everyone) in combination with keys. A key is a number that the Cipher uses in the encryption and decryption process (ie. as an input to the algorithm). Keys may be: Shared secret keys (sender and receiver use same key that is secret from everyone else) or A pair of keys one public (that everyone can know about) and one secret (only known to the receiver*) *or transmitter depending on the purpose of the crytography Symmetric Key Cryptography Same key used by both parties (encryption and decryption) and in both directions (hence symmetric) The key is a shared secret key. Decryption algorithm is the inverse of the encryption algorithm. Alice Encryption Decryption Bob Communicatio n Channel Shared Secret Key

Upload: abdullah-salem

Post on 10-Oct-2015

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Comms Tech

    Introduction to Communication Security I 1

    Communication Security

    Introduction to ConceptsPart I

    Security Requirements Privacy: only the intended recipient can 'see'

    the contents of the message. Integrity: the message received is the same as

    the message transmitted Authentication: the message has actually

    come from a sender of known identity and not an imposter.

    Nonrepudiation: a sender cannot later deny sending the message or receiver having received it.

    (some also consider Availability: protection against loss of access to data or ability to communicate)

    Communication Channel SecuritySome media are more difficult to eavesdrop than others.In order of increasing difficulty it goes: wireless, wired, opticalHowever: For all communications channels assume that a determined eavesdropper can pick up messages either by detecting the transmission directly or by manipulating lower layer protocols and devices.

    => Need to protect messages

    Cryptography (brief introduction) From Greek for secret writing Plaintext message (readable by anyone) is converted to

    Ciphertext by an encryption algorithm. Ciphertext can only be read by intended receiver as it requires

    the specific decryption algorithm (which only intended receiver has)

    Sender

    Encryption Decryption

    Receiver

    Communication channel

    PlaintextPlaintextCiphertext

    Ciphers and Keys A Cipher refers to a particular encryption/decryption algorithm

    (or class of algorithms). It is not necessary for every pair of communicators to have their

    own shared algorithms. Instead a public algorithm is used (it can be known by

    everyone) in combination with keys. A key is a number that the Cipher uses in the encryption and

    decryption process (ie. as an input to the algorithm). Keys may be:

    Shared secret keys (sender and receiver use same key that is secret from everyone else) or

    A pair of keys one public (that everyone can know about) and one secret(only known to the receiver*)

    *or transmitter depending on the purpose of the crytography

    Symmetric Key Cryptography Same key used by both parties (encryption and decryption) and

    in both directions (hence symmetric) The key is a shared secret key. Decryption algorithm is the inverse of the encryption algorithm.

    Alice

    Encryption Decryption

    BobCommunication Channel

    Shared Secret Key

  • Comms Tech

    Introduction to Communication Security I 2

    Bob, Alice and Eve too

    It is conventional to call the communicators Alice and Bob.Eve is the evil eavesdropper

    Symmetric Key Ciphers Caesar Cipher (substitution Cipher)

    - Transform character by substituting character in new position of alphabet (e.g. A=> D, B=>E, C=>F)

    Transpositional cipher Reorganise position of characters according to

    table defined by key Data Encryption Standard

    Operates on 64-bit blocks with 56-bit key.

    Shared Secret Key: ExampleCipher: shift letter in message to right by corresponding key value

    Decipher: shift letter in ciphertext to left by corresponding key value

    Shared Key Example: Part IIHeres a highly secret message encrypted earlier:

    f ilsb zljjp qbze

    In groups of four or five see if you can crack the code (the Caesar Cipher has been used)

    Prize to the winning team

    Shared Key Distribution Cipher may be public but Key is a shared secret

    anyone who gets the key could decrypt the ciphercode.

    Need a way of sharing the key without the key being found out by potential eavesdropper.

    This becomes more difficult as the number of users grows (poor scalability)

    => An alternative is Public Key Cryptography

    Public Key Cryptography Two keys: Public Key and Private or Secret Key. Secret key held by receiver (i.e. it's kept secret) Public key

    made openly available to anyone who wants to send a message (i.e. it's not secret).

    Public key used to encrypt message Private key necessary to decrypt message (only intended

    receiver has this)

    Alice

    Encryption Decryption

    Bob

    Communication Channel

    Public Key

    Private KeyPrivate Key

  • Comms Tech

    Introduction to Communication Security I 3

    Public Key Cipherse.g. RSA Private key pair of numbers (N,d) Public key another pair of numbers (N,e) Sender encryption algorithm: C=Pe mod N Receiver decryption algorithm: P=Cd mod N[P is Plain message (Plaintext),C is Ciphered message (Ciphertext)Mod means remainder after division]

    Public Key: ExampleMy public key: 5Send me a message: Cipher: P5 mod 133 = C(mod means remainder after division)

    Note: in this example use P = the numerical position of the letter in the alphabet e.g. a=1 b=2 etc. (this isnt very robust (could be easily hacked) but it will do as a simple example

    My secret key: ?Decryption: Csecret key mod 133 = P

    Comparison Symmetric/Public Key Cryptography

    Symmetric Public

    EfficiencyKey can be smallerEfficient for long messages

    Complex algorithm

    ScalabilityRequires key for each pair of communicators

    Pair of keys for each entity

    Key distribution Can be difficult Key is public

    AuthenticationVerification implied in sharing process

    Public key needs to be verified as belonging to appropriate entity.

    Privacy/Secrecy Confidentiality of the message. Eavesdroppers cannot decode and read

    message Achieved with either Symmetric or Public key

    cryptography Relies on Robustness of algorithm (Cipher)

    (and private keys remaining secret)

    ImplementationThese ideas may be implemented at any layer of the communication protocol stack

    Common examples exist for layers 1, 2, 3, 4 and 7

    Example Wireless (LAN)

    Wired Equivalent Privacy (WEP) Layer 2 protocol for privacy symmetric key for message privacy (+attempt at

    integrity) Key managed by manually inputting key value for each

    user.

    Encrypted message becomes payload in unencrypted 802.11 frame

    Relatively easy to crack (lots of how-tos on Web).

  • Comms Tech

    Introduction to Communication Security I 4

    WEP Structure

    K is shared secret key:

    40 bit or 104 bit (input as 10 or 26 hex digits respectively) IV is initialization vector:

    24 bit random value that should vary from frame to frame RC4 is algorithm to generate key stream from concatenation of K and IV ICV is Integrity check value appended to message (32 bit CRC acting on plaintext

    message) Key ID 2-bit value that permits choice of K to be used.

    KeyID

    Ciphered Message802.11 frame header

    IV FCS

    Message

    Key stream

    ICV

    K IV RC4

    XOR

    Summary Communication security relates to four main criteria:

    Privacy, Integrity, Authentication and Non-repudiation. To implement security algorithms called Ciphers are

    used. Rather than requiring a secret cipher for each pair of

    communicators Keys are used with public ciphers. Keys can be shared secret or public key (one of them) So far we have looked at how these ideas can be used

    to give message privacy.


1 Homeland Security Presidential Directive 12 (HSPD-12) Policies & Procedures Veronica McCann - Security Specialist Western Region Security Office March

Common Misconceptions IBM i Security CyberWar … · Common Misconceptions IBM i Security profile,

NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY · NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY MID-SIZE ORGANIZATIONS BUSINESS CONTINUITY IN COMPLEX ARCHITECTURES

Security Platforms Network Security Storage Security Content …ww1.prweb.com/prfiles/2011/07/12/8635996/Discretix... · 2011-07-12 · hacking – embedded security has become crucial

i 02-c - UIH · IWUdlÕ11ã80ñO 3 MFioñu (2014 - 2016) 2. Security Operation Center (SOC) tuli30,flnu I-SECURE SOC Cybersecurity Information Security L-nnnÖn 12 @ 3. uSmsliJns:50ñennmumoãnu

I ss security

Chapter 12 – Dependability and Security Specification 1Chapter 12 Dependability and Security Specification

12/13/20151 Computer Security Security Policies

12-Electronic Security

Management of Information Security Chapter 12 Information Security Project Management I find that the harder I work, the more luck I seem to have. —Thomas

i-4 security

Security System 1 - 12

Enhancing Network Security through Software Defined …nss.kaist.ac.kr/papers/SDNSok-ICCCN16.pdf · 2016-12-19 · security research, i.e., (i) enhancing security using SDN, and

II FNT i VII ICT Forum Agenda 161111 · 2016-11-12 · • Cyber security na internetu i mobilnim uređajima: (WEB, e-mail, social networks), Nenad Andrejević, Information Security

I[ ]Perimeter Security Sensor TechnoLogies Handbook I · PDF filei I[ ]Perimeter Security Sensor TechnoLogies ... Perimeter Security Sensor Technologies Handbook I I I I I I I

12 – Security, TV and Access ontrol - Services - ANU - Security... · 12 | Security, CCTV & Access Control Campus & Buildings Requirements Manual I ... Security Systems General

12. Protection/Security Interface

Effective Software Security Management · 2011-12-11 · Effective Software Security Management 5 I. Initiation – Application Classification At the application initiation, try and

DEFENSE SECURITY COOPERATION AGENCY I ~ …samm.dsca.mil/sites/default/files/DSCA 15-56.pdf · I ~ DEFENSE SECURITY COOPERATION AGENCY 201 12'TH STREET SOUTH, STE 203 ARLINGTON, VA

NETWOR SECURITY I ENDPOINT SECURIT I DATA SECURITY

NETWOR SECURITY I ENDPOINT SECURIT I DATA SECURITY - NRC

ENEE 457: Computer Systems Security Lecture 12 Security Protocols …enee457.github.io/lectures/week7/lecture12.pdf · 2018-12-14 · ENEE 457: Computer Systems Security Lecture 12

ASEAN Political-Security Community Blueprint · 2015-12-22 · ASEAN POLITICAL-SECURITY COMMUNITY BLUEPRINT I. INTRODUCTION 1. The ASEAN Political-Security Community has its genesis

Cognitive Security - Telco & Mobile Security ('12)

Chapter 12 – Dependability and Security Specification Lecture 1 1Chapter 12 Dependability and Security Specification

Cognitive Security - Finance & Banking Security ('12)

Fedora 12 Security Guide

NETWOR SECURITY I ENDPOINT SECURITY I DATA SECURITY · PDF fileleine unternehmen und ilialen networ security i endpoint security i data security einheitliche sicherheitslÖsung stormshield

3GPP Rel-12 Security, and Future 3GPP Security Work

12 — Human Security757 Human Security Chapter 12

Chapter 12 Network Security

DELEGATED AUTHORITY AGREEMENTfile.lacounty.gov/SDSInter/bos/bc/110105_BENS11-12-08.pdf · Homeland Security Advisory Council Consultant Agreement - i - AGREEMENT FOR HOMELAND SECURITY

Topic 12 internet security

Security Newsletter · 2019-11-03 · Security Newsletter MAY 2018 I ISSUE 9 OMNIRISC SECURITY SERVICE (MACAO) LTD. 26 Avenida De Marciano Baptista, Chong Fok Comercial Centre, 12/H,

CS 563 - Advanced Computer Security: Foundations I · 2018. 12. 3. · Complete Mediation 16-Every security-sensitive operation must be mediated-What’s a “security-sensitive operation”?-Operation