Cryptography and Cryptography and Network SecurityNetwork Security
Chapter 1Chapter 1
DIWANDIWAN
BackgroundBackground
Information Security requirements have changed Information Security requirements have changed in recent timesin recent times
traditionally provided by physical and traditionally provided by physical and administrative mechanismsadministrative mechanisms
computer use requires computer use requires automated tools to automated tools to protect files and other stored informationprotect files and other stored information
use of networks and communications links use of networks and communications links requires measures to protect data during requires measures to protect data during transmissiontransmission
DefinitionsDefinitions
Computer SecurityComputer Security - - generic name for the generic name for the collection of tools designed to protect data and collection of tools designed to protect data and to thwart hackersto thwart hackers
Network SecurityNetwork Security - - measures to protect data measures to protect data during their transmissionduring their transmission
Internet SecurityInternet Security - - measures to protect data measures to protect data during their transmission over a collection of during their transmission over a collection of interconnected networksinterconnected networks
Aim of CourseAim of Course
our focus is on our focus is on Internet SecurityInternet Security which consists of measures to deter, which consists of measures to deter,
prevent, detect, and correct security prevent, detect, and correct security violations that involve the transmission & violations that involve the transmission & storage of informationstorage of information
Security AttackSecurity Attack any action that compromises the security of any action that compromises the security of
information owned by an organizationinformation owned by an organization information security is about how to prevent information security is about how to prevent
attacks, or failing that, to detect attacks on attacks, or failing that, to detect attacks on information-based systemsinformation-based systems
often often threatthreat & & attackattack used to mean same thing used to mean same thing have a wide range of attackshave a wide range of attacks can focus of generic types of attackscan focus of generic types of attacks
passivepassive activeactive
Passive AttacksPassive Attacks
Active AttacksActive Attacks
Security Services (X.800)Security Services (X.800)
AuthenticationAuthentication - - assurance that the assurance that the communicating entity is the one claimedcommunicating entity is the one claimed
Access ControlAccess Control - - prevention of the prevention of the unauthorized use of a resourceunauthorized use of a resource
Data ConfidentialityData Confidentiality – –protection of data from protection of data from unauthorized disclosureunauthorized disclosure
Data IntegrityData Integrity - - assurance that data received is assurance that data received is as sent by an authorized entityas sent by an authorized entity
Non-RepudiationNon-Repudiation - - protection against denial by protection against denial by one of the parties in a communicationone of the parties in a communication
Model for Network SecurityModel for Network Security
Model for Network SecurityModel for Network Security
using this model requires us to: using this model requires us to: 1.1. design a suitable algorithm for the security design a suitable algorithm for the security
transformation transformation 2.2. generate the secret information (keys) used generate the secret information (keys) used
by the algorithm by the algorithm 3.3. develop methods to distribute and share the develop methods to distribute and share the
secret information secret information 4.4. specify a protocol enabling the principals to specify a protocol enabling the principals to
use the transformation and secret use the transformation and secret information for a security service information for a security service
Bill FiggBill Figg 2222
Symmetric EncryptionSymmetric Encryption
or conventional / or conventional / private-keyprivate-key / / single-keysingle-key sender and recipient share a sender and recipient share a common keycommon key all classical encryption algorithms are all classical encryption algorithms are
private-keyprivate-key was only type prior to was only type prior to invention of public-invention of public-
key in 1970’skey in 1970’s
Bill FiggBill Figg 2323
Symmetric Cipher ModelSymmetric Cipher Model
Bill FiggBill Figg 2424
CryptographyCryptography
can be characterized by:can be characterized by: type of encryption operations usedtype of encryption operations used
• substitution / transposition / productsubstitution / transposition / product number of keys usednumber of keys used
• single-key or private / two-key or publicsingle-key or private / two-key or public way in which plaintext is processedway in which plaintext is processed
• block / streamblock / stream
Bill FiggBill Figg 2525
Types of Cryptanalytic Types of Cryptanalytic AttacksAttacks
ciphertext onlyciphertext only only know algorithm / ciphertext, statistical, can identify plaintext only know algorithm / ciphertext, statistical, can identify plaintext
known plaintextknown plaintext know/suspect plaintext & ciphertext to attack cipher know/suspect plaintext & ciphertext to attack cipher
chosen plaintextchosen plaintext select plaintext and obtain ciphertext to attack cipherselect plaintext and obtain ciphertext to attack cipher
chosen ciphertextchosen ciphertext select ciphertext and obtain plaintext to attack cipherselect ciphertext and obtain plaintext to attack cipher
chosen textchosen text select either plaintext or ciphertext to en/decrypt to attack cipherselect either plaintext or ciphertext to en/decrypt to attack cipher
Bill FiggBill Figg 2626
Caesar CipherCaesar Cipher
earliest known substitution cipherearliest known substitution cipher by by Julius CaesarJulius Caesar first attested use in military affairsfirst attested use in military affairs replaces each letter by 3rd letter onreplaces each letter by 3rd letter on example:example:
meet me after the toga partymeet me after the toga partyPHHW PH DIWHU WKH WRJD SDUWBPHHW PH DIWHU WKH WRJD SDUWB
Bill FiggBill Figg 2727
Polyalphabetic CiphersPolyalphabetic Ciphers another approach to improving security is to use multiple another approach to improving security is to use multiple
cipher alphabets cipher alphabets called called polyalphabetic substitution cipherspolyalphabetic substitution ciphers makes cryptanalysis harder with more alphabets to guess makes cryptanalysis harder with more alphabets to guess
and flatter frequency distribution and flatter frequency distribution use a key to select which alphabet is used for each letter of use a key to select which alphabet is used for each letter of
the messagethe message use each alphabet in turn use each alphabet in turn repeat from start after end of key is reached repeat from start after end of key is reached
Bill FiggBill Figg 2828
Transposition CiphersTransposition Ciphers
now consider classical now consider classical transpositiontransposition or or permutationpermutation ciphers ciphers
these these hidehide the message by the message by rearranging rearranging the letter the letter order order
without altering the actual letters usedwithout altering the actual letters used can recognise these since have the same can recognise these since have the same
frequency distribution as the original textfrequency distribution as the original text
Bill FiggBill Figg 2929
SteganographySteganography
an alternative to encryptionan alternative to encryption hides existence of messagehides existence of message
using only a subset of letters/words in a longer using only a subset of letters/words in a longer message marked in some waymessage marked in some way
using invisible inkusing invisible ink hiding in LSB in graphic image or sound filehiding in LSB in graphic image or sound file
has drawbackshas drawbacks high overhead to hide relatively few info bitshigh overhead to hide relatively few info bits
Bill FiggBill Figg 3030
Block vs Stream CiphersBlock vs Stream Ciphers
block ciphers process messages in into blocks, block ciphers process messages in into blocks, each of which is then en/decrypted each of which is then en/decrypted
like a substitution on very big characterslike a substitution on very big characters 64-bits or more 64-bits or more
stream ciphers stream ciphers process messages a bit or byte at process messages a bit or byte at a time when en/decryptinga time when en/decrypting
many current ciphers are block ciphersmany current ciphers are block ciphers hence are focus of coursehence are focus of course
Bill FiggBill Figg 3131
Confusion and DiffusionConfusion and Diffusion
cipher needs to completely obscure statistical cipher needs to completely obscure statistical properties of original messageproperties of original message
a one-time pad does thisa one-time pad does this more practically Shannon suggested combining more practically Shannon suggested combining
elements to obtain:elements to obtain: diffusiondiffusion – dissipates statistical structure of – dissipates statistical structure of
plaintext over bulk of ciphertextplaintext over bulk of ciphertext confusionconfusion – makes relationship between – makes relationship between
ciphertext and key as complex as possibleciphertext and key as complex as possible