•Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Cryptography (from Greek "hidden, secret") is the practice and study of hiding information

•Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.

•Cryptography is used in applications present in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography.

•Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption

•Encrypted information can be transformed back into its original form by an authorized user, who possesses the cryptographic key, through the process of decryption

•Cryptography is used in information security to protect information from unauthorized users while the information is in transit and storage

•Cryptography provides information security with improved authentication methods, message digests, digital signatures, and encrypted network communications

Modern Information Security

• Computer Security It mainly focuses on shared system, such as time-sharing system and

necessary to provide some tools to protect file and other information

stored on the computer

• Network (Communication) Security It mainly concerns distributed system, such as internet and its

purpose is to protect the information over the internet

It also focuses on measures to deter, prevent, detect and correct security

violations that involve the transmission of information.

• Confidentiality : Information is accessible only for reading

• Authentication : Information is correctly identified, with an assurance that identity is not false

• Integrity : Only authorized parties are able to modify computer system assets and transmitted information

• Nonrepudiation : Both the sender and receiver of message are unable to deny the transmission.

• Access Control : Requires that access to information resources may be controlled by or for the target system..

Source Destination

INTERRUPTION

Source Destination

INTERCEPTION

Source Destination

MODIFICATION

Source Destination

FABRICATION

Passive Attacks

Passive threats

Interception

Release of message contents Traffic analysis

Active AttacksPassive threats

Interruption(availability)

Fabrication(authenticity)

Modification(integrity)

Integrity

Confidentiality

Avaliability

The art or science encompassing the principles and methods of transforming an intelligible message into unintelligible one, and then retransforming that message back to original form.

Plaintext

Ciphertext

Cipher

Key

code

Encipher(encode)

Decipher(decode)

Cryptanalysis

Cryptology

World War II brought about many advancements in information security and mark the beginning of the professional field of information security

German Lorenz cipher machine

The development of digital computers and electronics after WWII made possible much more complex ciphers

Many computer ciphers can be charact-erized by their operation on binary bit sequences,unlike classical and mechanical schemes

The Enigma machine, used, in several variants, by the German military between the late 1920s and the end of World War II

Enigma machine

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals

•Secret key cryptography (or symmetric)

•Public-key cryptography (or asymmetric)

•Hash functions,

•In this form single key is used for both encryption and decryption•The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext

•Because a single key is used for both functions, secret key cryptography is also called symmetric encryption

•Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.

•Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.

• A block cipher is so-called because the scheme encrypts one block of data at a time using the same key on each block.

• In general, the same plaintext block will always encrypt to the same ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a stream cipher.

•PKC depends upon the existence of so-called one-way functions,that are easy to computer whereas their inverse function is difficult to compute

•It employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key

•One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext

Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key

A fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered.

Hash algorithms are typically used to provide a digital fingerprint of a file's contents and are also commonly employed by many operating systems to encrypt passwords and then, provide a measure of the integrity of a file

Combines all functions to form a secure transmission comprising digital signature and digital envelope

•Nearly all modern network operating systems employ passwords at the very least to protect and authenticate users accessing computer and network resources

•But passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme

•As the passwords are not saved in plaintext on computer systems precisely,they cannot be easily compromised.

•An even stronger authentication method uses the password to modify a shared secret between the client and server, but never allows the password in any form to go across the network.

•PGP can be used to sign or encrypt e-mail messages with the mere click of the mouse

•Depending upon the version of PGP, the software uses SHA or MD5 for calculating the message hash; CAST, Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for key exchange and digital signatures.

•PGP is available as a plug-in for many e-mail clients, such as Claris Emailer, Microsoft Outlook and Qualcomm Eudora

•Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs, developed by Philip Zimmermann in the early 1990s

•In typical applications workstation are attached to LAN. The user can reach other hosts, workstations and servers in the same LAN that are interconnected via bridges and routers.

•Transmissions from station to station is visible on the LAN to all station. Data is transmitted in the form of packets which contain source/destination Ids, and other information.

•On this basis, an eavesdropper can monitor and capture traffic packets. Eavesdropper needs not be a local LAN user; it could be anyone to whom the LAN offers a dial-up capacity.

•Eavesdropping may also occur in any of the communication links which provide connectivity to the system

Link EncryptionEach vulnerable communication link is equipped on both end with an encryption devices

End-to-End Encryption Data is encrypted only at the source node and decrypted at the destination node

ProblemData consists of packets have a header portion and content portion. we can’t encrypt the header. So the data is secure and the traffic pattern is notSolutionUse a combination of above two approaches.

QUESTIONSTHANK YOU