saad haj bakry, phd, ceng, fiee 1 principles of information security saad haj bakry, phd, ceng, fiee...

Saad Haj Bakry, PhD, CEng, FIEE

1

Principles of Information Security

Saad Haj Bakry, PhD, CEng, FIEE

PRESENTATIONS IN NETWORK SECURITYPRESENTATIONS IN NETWORK SECURITY

Saad Haj Bakry, PhD, CEng, FIEE 2

Information Processing Error / Volume Control Steganography Hash Function Symmetric (Private Key) Encryption Asymmetric (Public Key) Encryption Cryptanalysis

Objectives / Contents



Information Processing (1)

Source Encoding

Coding signal in digital form.

Compression Reduction of transmission bandwidth.

Error Control Detection (and correction) of communication errors (noise).

Traffic Padding

Testing traffic volume (volume confidentiality)



Information Processing (2)

Steganography Hiding Information within other informatiom.

Hash Function Message summary to test integrity.

Encryption Using encoding (encryption / enciphering) as means for protecting data from interception by unauthorized parties

Cryptanalysis Breaking (cracking) encryption.


Saad Haj Bakry, PhD, CEng, FIEE 5IT Security

PRINCIPLE: Redundant Information

to Detect / Correct Errors

PRINCIPLE: Redundant Information

to Detect / Correct Errors

FORWARD ERROR

CORRECTION:

Hamming

Reed-Solomon Codes

Bose Chaudhuri Hocquenhem Codes

FORWARD ERROR

CORRECTION:

Hamming

Reed-Solomon Codes

Bose Chaudhuri Hocquenhem Codes

ACKNOWLEDGEMENTS:

• Echo Checking: Send Back

• ARQ: Automatic Repeat Request

ACKNOWLEDGEMENTS:

• Echo Checking: Send Back

• ARQ: Automatic Repeat Request

Error Control (1)



BYTE PARITY CHECKBYTE PARITY CHECK

1 0 0 1 1 0 1

0

11 2 3 4 5 6 7

8

8

BIT No.

BITS

ODD PARITY

EVEN PARITY

Error Control (2)



BLOCK

CHECKING

BLOCK

CHECKING

1 0 0 1 1 0 1 1

1 2 3 4 5 6 7BIT No.

BITS

8 PARITY

BLOCK

PARITY

Error Control (3)



OBJECTIVES:

CONFIDENTIALITY FOR THE

VOLUME OF

TRAFFIC

OBJECTIVES:

CONFIDENTIALITY FOR THE

VOLUME OF

TRAFFIC

METHOD:

Filling idle periods with meaningless data (packets) that

can be detected by the receiver.

(Volume Testing & Control)

METHOD:

Filling idle periods with meaningless data (packets) that

can be detected by the receiver.

(Volume Testing & Control)

Traffic Padding



Steganography (Hiding Information)

Objective: To hide information within other informationObjective: To hide information within other information

Examples: Message: David

Owen

Hidden Message: DO Watermarks

bank notes / papers / Digital Watermark:

Adobe PhotoShopwww.adobe.com

Examples: Message: David

Owen

Hidden Message: DO Watermarks

bank notes / papers / Digital Watermark:

Adobe PhotoShopwww.adobe.com

Solutions www.digimark.com www.conginity.com

Solutions www.digimark.com www.conginity.com

Proof of Ownership:Music recorded with

frequencies not audible to humans

Proof of Ownership:Music recorded with

frequencies not audible to humans



The “Hash Function”Objective: Checking Message IntegrityObjective: Checking Message Integrity

Hash FunctionHash FunctionMessageMessage Message DigestMessage Digest

Mathematical Function Applied to the Message “Contents”Mathematical Function Applied to the Message “Contents”

“Hash Value”

Simple Function: “adding up the 1’s of the message”

Collision: Messages with the same “hash value”

Chance of Collision: Statistically insignificantMessages can be checked but not reconstructed from their hash value

Collision: Messages with the same “hash value”

Chance of Collision: Statistically insignificantMessages can be checked but not reconstructed from their hash value



Old Cryptographic Ciphers

Cipher Algorithm Example

Substitution Replacing “a” by “b”

“b” by “c”

“c” by “d”….

“information security”

becomes

“jogpsnbujpo tfdvsjuz”

Transposition Changing the sequence of letters to become:

“odd” followed by “even”


becomes

“ifrain-nomto scrt-euiy”

Both Substitution and transposition together (see above)


becomes

“jgsbjo-opnup tdsu-fvjz”



Encryption: Basic Data Security Terms

Term DefinitionPlaintext Source text / Unencrypted data

Cryptography Transforming “plaintext” to “cipher text” (encrypted text) using a “cipher” and a “key”

Cipher text Encrypted text / Incomprehensible data

Cipher /

Cryptosystem

A technique / A procedure / An algorithm (a computer science term) for encrypting data / messages

A Key A string of digits used to encrypt data (like a password) / Longer keys lead to stronger encryption

Cryptanalysis Breaking / cracking encryption



SenderSender

Secret-Key Cryptography (1)

SenderSender

ReceiverReceiver

ReceiverReceiver

Communication NetworkCommunication Network

Symmetric KeySymmetric Key

Symmetric KeySymmetric Key

Plain Text

Plain Text

Cipher Text

Cipher Text

Encrypt / Decrypt

Encrypt / Decrypt



Symmetric: Sender / ReceiverSymmetric: Sender / Receiver

Less Sophisticated: Relative to Public-KeyLess Sophisticated: Relative to Public-Key

More Efficient: Sending Large Amounts of DataMore Efficient: Sending Large Amounts of Data

Problem (1): S-R “Key Exchange”Problem (1): S-R “Key Exchange”

Problem (2): Many Keys “One for Each Receiver”Problem (2): Many Keys “One for Each Receiver”

Secret-Key Cryptography (2)



PUBLIC KEY

PUBLIC KEY

PRIVATE KEYPRIVATE KEY

PRIVATE KEYPRIVATE KEY

PUBLIC

KEY

Asymmetric Keys

Private Reception

Public Transmission

Many

to

One

Private Transmission

Public Reception

One

to

Many



Asymmetric: Sender / ReceiverAsymmetric: Sender / Receiver

Public Key:Distributed Freely Public Key:

Distributed Freely

Started at the MIT

in 1976 by:

Whitfield Diffe

Martin Hellman

Started at the MIT

in 1976 by:

Whitfield Diffe

Martin Hellman

Public-Key Cryptography (1/2)

Private Key:Kept by the Owner Private Key:

Kept by the Owner

RSA P-K Algorithm: Rivest / Shamir / Adleman,

MIT 1977, RSA Inc. 1982

Used by “Fortune 1000”

“e-Commerce Transactions”

RSA P-K Algorithm: Rivest / Shamir / Adleman,

MIT 1977, RSA Inc. 1982

Used by “Fortune 1000”

“e-Commerce Transactions”



Public-Key Cryptography (2/2)

The Two Keys are “Mathematically Related”,

BUT Computationally “Infeasible to Deduce” Private Key from the Public Key

The Two Keys are “Mathematically Related”,

BUT Computationally “Infeasible to Deduce” Private Key from the Public Key

Per Organization: One “Public Key” One“Private Key”

Not One “Secret Key”

per receiver.

Per Organization: One “Public Key” One“Private Key”

Not One “Secret Key”

per receiver.

“Secret Key”

Exchange

Not Needed

“Secret Key”

Exchange

Not Needed

Problem: Requires high computer power / Not efficient for data volumes /

Performance: Slower

Problem: Requires high computer power / Not efficient for data volumes /

Performance: Slower



Organization Public

Key

Organization Public

Key

Public-Key: Case / Problem (1)

NetworkNetwork

CustomerCustomer

CustomerCustomer

CustomerCustomer

OrganizationOrganization Organization Private

Key

Organization Private

Key

Problem:

Validation of customer’s

identity



Customer Private

Key

Customer Private

Key

Public-Key: Case / Problem (2)

NetworkNetwork

CustomerCustomer

OrganizationOrganizationCustomer

Public

Key

Customer Public

Key

Problem:

Proving the identity

of the receiving

organization’s



Customer Private

Key

Customer Private

Key

Public-Key: Combination / Solution

NetworkNetwork

CustomerCustomer

OrganizationOrganization

Customer Public

Key

Customer Public

Key

Organization

Public Key Organization

Public Key

Organization

Private Key Organization

Private Key

Identities of both partners are authenticated



Cryptanalysis

Objectives: Attack “to break key” Test “key strength”

Objectives: Attack “to break key” Test “key strength”

How: Analysis of encryption algorithm to find

relations between “bits of encryption key” and “bits of cipher-text” in order to “determine key”

How: Analysis of encryption algorithm to find

relations between “bits of encryption key” and “bits of cipher-text” in order to “determine key”

Key / Cipher-text Relationship:

“Statistical” nature “Plain-text” knowledge

Key / Cipher-text Relationship:

“Statistical” nature “Plain-text” knowledge



Error Control: against noise.

Traffic padding: volume control.

Steganography: hiding information.

Hash Function: measure of message integrity. Cryptography: confidential information

Key: length leads to strength. Symmetric: problems (key exchange / 1 key per receiver) Asymmetric: problems (processing / proof of identity) Cryptanalysis: key breaking.

Remarks / UnderstandingPrinciples of Information Security


References B.R. Elbert, Private Telecommunication Networks, Artech House, US,

1989. Telecommunications Management: Network Security, The National

Computer Centre Limited, UK, 1992 K.H. Rosen, Elementary Number Theory and its Applications, 4th

Edition, Addison Wesley / Longman, 1999. ISO Dictionary of Computer Science: The Standardized Vocabulary

(23882), ISO, 1997. F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce

for Managers, Prentice-Hall (USA), 2001


saad haj bakry, phd, ceng, fiee 1 principles of information security saad haj bakry, phd, ceng, fiee...

Documents

information examples

information objective

redundant information

fiee p resentations

security p rinciple

hash function message

error control detection

c onfidentiality