FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2
|
|
- Pauline Willis
- 6 years ago
- Views:
Transcription
1 FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 9 Encryption and Firewalls By Whitman, Mattord & Austin 2008 Course Technology
2 Learning Objectives Describe the role encryption plays in a firewall architecture Explain how digital certificates work and why they are important security tools Analyze the workings of SSL, PGP, and other popular encryption schemes Discuss Internet Protocol Security (IPSec) and identify its protocols and modes Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 2
3 Firewalls and Encryption Hackers take advantage of a lack of encryption Encryption: Preserves data integrity Increases confidentiality Is relied upon by user authentication Plays a fundamental role in enabling VPNs Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 3
4 Hacker and an Unencrypted Packet Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 4
5 Hacker and an Encrypted Packet Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 5
6 The Cost of Encryption CPU resources and time Bastion host that hosts the firewall should be robust enough to manage encryption and other security functions Encrypted packets may need to be padded to uniform length to ensure that some algorithms work effectively Can result in slowdowns Monitoring can burden system administrator Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 6
7 Preserving Data Integrity Even encrypted sessions can go wrong as a result of man-in-the-middle attacks Encryption can perform nonrepudiation using a digital signature Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 7
8 Maintaining Confidentiality Encryption conceals information to render it unreadable to all but intended recipients Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 8
9 Authenticating Network Clients Firewalls need to trust that the person s claimed identity is genuine Firewalls that handle encryption can be used to identify individuals who have digital ID cards that include encrypted codes Digital signatures Public keys Private keys Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 9
10 Enabling Virtual Private Networks (VPNs) As an integral part of VPNs, encryption: Enables the firewall to determine whether the user who wants to connect to the VPN is actually authorized to do so Encodes payload of information to maintain privacy Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 10
11 Principles of Cryptography p y Encryption - the process of converting an original message into a form that cannot be understood by unauthorized individuals Cryptology, the science of encryption, encompasses two disciplines: Cryptography - describes the processes involved in encoding and decoding messages so that others cannot understand them Cryptanalysis - the process of deciphering i the original message (plaintext) from an encrypted message (ciphertext), without knowing the algorithms and keys used to perform the encryption Firewalls & Network Security, 2nd ed. - Chapter 9 11
12 Encryption Definitions Algorithm: The mathematical formula or method used to convert an unencrypted message into an encrypted message Cipher: The transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components Ciphertext or cryptogram: The unintelligible encoded d message resulting from an encryption Cryptosystem: The set of transformations necessary to convert an unencrypted message into an encrypted message Firewalls & Network Security, 2nd ed. - Chapter 9 12
13 Encryption Definitions (continued) Decipher: To decrypt or convert ciphertext to plaintext Encipher: To encrypt or convert plaintext to ciphertext Key or cryptovariable: The information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in a mathematical algorithm, or the knowledge of how to manipulate the plaintext t Keyspace: The entire range of values that can possibly be used to construct an individual key Firewalls & Network Security, 2nd ed. - Chapter 9 13
14 Encryption Definitions (continued) Plaintext: The original unencrypted message that is encrypted and results from successful decryption Steganography: The process of hiding messages, usually within graphic images Work factor: The amount of effort (usually expressed in units of time) required to perform cryptanalysis on an encoded message Firewalls & Network Security, 2nd ed. - Chapter 9 14
15 Cryptographic p Notation M represents original message; C represents ciphertext; E represents encryption process; D represents the decryption process; K represents a key So E(M) = C encrypting a message results in cyphertext D(C) = M and D[E(M)] = M E(M,K) = C specifies encrypting the message with a key; keys can be annotated t K1, K2 etc in the case of multiple keys Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 15
16 Common Ciphers In encryption the most commonly used algorithms include three functions: substitution, transposition, and XOR In a substitution cipher, you substitute one value for another - a monoalphabetic substitution uses only one alphabet - a polyalphabetic substitution use two or more alphabets The transposition cipher (or permutation cipher) simply rearranges the values within a block to create the ciphertext - this can be done at the bit level or at the byte (character) level Firewalls & Network Security, 2nd ed. - Chapter 9 16
17 Common Ciphers (continued) In the XOR cipher conversion, the bit stream is subjected to a Boolean XOR function against some other data stream, typically a key stream XOR works as follows: 0 XOR ed with 0 results in a 0. (0 0 = 0) 0 XOR ed with 1 results in a 1. (0 1 = 1) 1 XOR ed with 0 results in a 1. (1 0 = 1) 1 XOR ed with 1 results in a 0. (1 1 = 0) Simply put, if the two values are the same, you get 0 ; if not, you get 1 This process is reversible. That is, if you XOR the ciphertext t with the key stream, you get the plaintext Firewalls & Network Security, 2nd ed. - Chapter 9 17
18 Vernam Cipher Also known as the one-time pad, the Vernam cipher was developed at AT&T and uses a set of characters that are used for encryption operations only one time and then discarded The values from this one-time pad are added to the block of text, t and the resulting sum is converted to text Firewalls & Network Security, 2nd ed. - Chapter 9 18
19 Book or Running Key Cipher Another method, used in the occasional spy movie, is the use of text in a book as the algorithm to decrypt a message The key relies on two components: knowing which book to use a list of codes representing the page number, line number, and word number of the plaintext word Firewalls & Network Security, 2nd ed. - Chapter 9 19
20 Symmetric Encryption The previous methods of encryption/decryption require the same algorithm and key be used to both encipher/decipher the message This is known as private key encryption, or symmetric encryption In this approach, the same key a secret key is used to encrypt and decrypt the message Usually extremely efficient, requiring simple processing to encrypt or decrypt the message Main challenge is getting a copy of the key to the receiver, a process that must be conducted out-of-band to avoid interception Firewalls & Network Security, 2nd ed. - Chapter 9 20
21 Symmetric Encryption Firewalls & Network Security, 2nd ed. - Chapter 9 21
22 The Technology of Symmetric Encryption Data Encryption Standard (DES) developed in 1977 by IBM based on the Data Encryption Algorithm (DEA), which uses a 64-bit block size and a 56-bit key federally approved standard for nonclassified data cracked in 1997 when developers of a new algorithm, Rivest-Shamir-Aldeman offered $10,000 to whomever was first to crack it fourteen thousand users collaborated over the Internet to finally break the encryption Triple DES (3DES) was developed as an improvement to DES and uses as many as three keys in succession Firewalls & Network Security, 2nd ed. - Chapter 9 22
23 The Technology of Symmetric Encryption (continued) Advanced Encryption Standard (AES) successor to 3DES based on Rinjndael Block Cipher, which features a variable block length and a key length of either 128, 192, or 256 bits In 1998, it took a special computer designed by the Electronic Freedom Frontier more than 56 hours to crack DES - it would take the same computer approximately 4,698, quintillion years to crack AES Firewalls & Network Security, 2nd ed. - Chapter 9 23
24 Asymmetric Encryption Also known as public key encryption Uses two different but related keys Either key can be used to encrypt or decrypt If Key A is used to encrypt message, then only Key B can decrypt; if Key B is used to encrypt message, then only Key A can decrypt This technique is most valuable when one of the keys is private and the other is public Problem: it requires four keys to hold a single conversation between two parties and the number of keys grows geometrically as parties are added Firewalls & Network Security, 2nd ed. - Chapter 9 24
25 Public Key Encryption Firewalls & Network Security, 2nd ed. - Chapter 9 25
26 Digital Signatures When asymmetric process is reversed, that the message was sent by organization owning the private key cannot be refuted (nonrepudiation) Digital signatures: encrypted messages verified as authentic by independent facility (registry) Digital certificate: electronic document, similar to digital signature, attached to file certifying that file is from the organization it claims to be from and dhas not tbeen modified dfrom original i lformat Certificate Authority (CA): agency that manages issuance of certificates and serves as electronic notary public to verify their origin and integrity Firewalls & Network Security, 2nd ed. - Chapter 9 26
27 Digital Signature Firewalls & Network Security, 2nd ed. - Chapter 9 27
28 Public Key Infrastructure Public key infrastructure (PKI) is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption Systems are based on public key cryptosystems and include digital it certificates t and certificate t authorities Firewalls & Network Security, 2nd ed. - Chapter 9 28
29 Public Key Infrastructure (continued) Can increase an organization s ability to protect its information assets by providing: Authentication: Digital certificates authenticate identity of each party in an online transaction Integrity: Digital certificate asserts content signed by the certificate has not been altered in transit Confidentiality: Keeps information confidential by ensuring it is not intercepted during transmission Authorization: Digital certificates can replace user IDs and passwords, enhance security, and reduce overhead Nonrepudiation: Certificates validate actions Firewalls & Network Security, 2nd ed. - Chapter 9 29
30 Hybrid Systems Pure asymmetric key encryption not widely used except in area of certificates t - instead, typically employed in conjunction with symmetric key encryption, creating a hybrid system Hybrid process currently in use is based on Diffie-Hellman key exchange, which provides method to exchange private keys using public key encryption without exposure to third parties In this method, asymmetric encryption is used to exchange symmetric keys, so two entities can conduct quick, efficient, secure communications based on symmetric encryption - Diffie-Hellman provided d the foundation for subsequent developments in public key encryption Firewalls & Network Security, 2nd ed. - Chapter 9 30
31 Hybrid Encryption Firewalls & Network Security, 2nd ed. - Chapter 9 31
32 Using Cryptographic p Controls Generation of unbreakable ciphertext is possible only if proper key management infrastructure has been constructed and cryptosystems are operated and managed correctly Cryptographic controls can be used to support several aspects of business: Confidentiality and integrity of and its attachments Authentication, confidentiality, integrity, and nonrepudiation of e-commerce transactions Authentication and confidentiality of remote access through VPN connections Higher standard of authentication when used to supplement access control systems Firewalls & Network Security, 2nd ed. - Chapter 9 32
33 Security Secure Multipurpose Internet Mail Extensions (S/MIME) builds on Multipurpose Internet Mail Extensions (MIME); adds encryption and authentication via digital signatures Privacy Enhanced Mail (PEM) proposed by Internet Engineering Task Force (IETF) as a standard d that t will function with public key cryptosystems; uses 3DES and RSA for key exchanges and digital signatures Pretty Good Privacy (PGP): uses IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64-bit blocks for message encoding; RSA for symmetric key exchange and digital signatures Firewalls & Network Security, 2nd ed. - Chapter 9 33
34 Securing the Web Secure Electronic Transactions (SET) developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud encrypts credit card transfers with DES and uses RSA for key exchange Secure Sockets Layer (SSL) developed by Netscape in 1994 to provide security for online electronic commerce transactionsti uses several algorithms; mainly relies on RSA for key transfer and IDEA, DES, or 3DES for encrypted symmetric key-based data transfer Firewalls & Network Security, 2nd ed. - Chapter 9 34
35 Securing the Web (continued) Secure Hypertext Transfer Protocol (SHTTP) an encrypted version of HTTP provides secure e-commerce transactions and encrypted Web pages for secure data transfer over the Web, using several different algorithms Secure Shell (SSH) uses tunneling to provide security for remote access connections over public networks provides authentication services between a client and a server used to secure replacement tools for terminal emulation, remote management, and file transfer applications Firewalls & Network Security, 2nd ed. - Chapter 9 35
36 Securing the Web (continued) IP Security (IPSec): primary and now dominant cryptographic authentication ti ti and encryption product of IETF s IP Protocol Security Working Group IPSec combines several different cryptosystems: t Diffie-Hellman key exchange for deriving key material between peers on a public network Public key cryptography for signing the Diffie-Hellman exchanges to guarantee the identity of the two parties Bulk encryption algorithms for encrypting the data Digital certificates signed by a certificate authority to act as digital ID cards Firewalls & Network Security, 2nd ed. - Chapter 9 36
37 Securing the Web (continued) IPSec has two components: the IP Security protocol itself, which specifies the information to be added to an IP packet and indicates how to encrypt packet data the Internet Key Exchange, which uses asymmetric key exchange and negotiates the security associations Firewalls & Network Security, 2nd ed. - Chapter 9 37
38 Securing the Web (continued) IPSec works in two modes of operation: transport mode: only IP data is encrypted not the IP headers themselves; allows intermediate nodes to read source and destination addresses tunnel mode: entire IP packet is encrypted and inserted as payload in another IP packet IPSec and other cryptographic extensions to TCP/IP often used to support a virtual private network (VPN), a private, secure network operated over a public, insecure network Firewalls & Network Security, 2nd ed. - Chapter 9 38
39 Securing Authentication A final use of cryptosystems y is to provide enhanced and secure authentication One approach to this issue is provided by Kerberos, which uses symmetric key encryption to validate an individual user s access to various network resources It keeps a database containing the private keys of clients and servers that are in the authentication domain that it supervises Firewalls & Network Security, 2nd ed. - Chapter 9 39
40 Kerberos Kerberos system knows these private keys and can authenticate one network node (client or server) to another Kerberos also generates temporary session keys that is, private keys given to the two parties in a conversation Firewalls & Network Security, 2nd ed. - Chapter 9 40
41 Kerberos Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 41
42 Kerberos Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 42
43 Attacks on Cryptosystems y Historically, attempts to gain unauthorized access to secure communications have used brute force attacks in which the ciphertext is repeatedly searched for clues that can lead to the algorithm s structure (ciphertext attacks) This process, known as frequency analysis, can be used along with published frequency of occurrence patterns of various languages and can allow an experienced attacker to quickly crack almost any code if the individual has a large enough sample of the encoded text Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 43
44 Attacks on Cryptosystems y (continued) Occasionally, an attacker may obtain duplicate texts, one in ciphertext and one in plaintext, which enable the individual to reverse-engineer the encryption algorithm in a known-plaintext attack scheme Alternatively, ti l an attacker may conduct a selected-plaintext attack by sending a potential victim a specific text that they are sure the victim will forward on to others; the attacker then intercepts the encrypted message and compares it to the original plaintext Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 44
45 Attacks on Cryptosystems y (continued) Man-in-the-middle attack: method used to intercept the transmission of a public key or even to insert a known key structure in place of the requested public key Correlation attacks: collection of brute-force methods that t attempt t to deduce d statistical ti ti relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 45
46 Attacks on Cryptosystems y (continued) In a dictionary attack, the attacker encrypts every word in a dictionary using the same cryptosystem as used by the target In a timing attack, the attacker eavesdrops during a victim s session and uses statistical analysis of the user s typing patterns and interkeystroke timings to discern sensitive session information Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 46
47 Defending from Attacks No matter how sophisticated encryption and cryptosystems have become, however, they have retained the same flaw that the first systems contained thousands of years ago: If you discover the key, that is, the method used to perform the encryption, you can determine the message Thus, key management is not so much the management of technology but rather the management of peoplep Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 47
48 Chapter Summary Encryption: process of rendering information unreadable to all but the intended recipients; purpose is to preserve the integrity and confidentiality of information and/or make the process of authenticating users more effective Firewalls use encryption to provide protection ti both for data in transit and to help keep firewall secure Encryption of data incurs costs since it requires processing time to encrypt and decrypt the data being protected Firewalls & Network Security, 2nd ed. - Chapter 9 48
49 Chapter Summary (continued) Cryptology: science of encryption Cryptography: complex process of making and using codes Applying concealing techniques is encryption and decoding ciphertext is called decryption Process used to decrypt data when the process and/or keys are unknown is called cryptanalysis Cryptographic controls: techniques and tools used to implement cryptographic protections; used to secure mail, Web access, Web applications, file transfers, remote access procedures like VPNs Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 49
50 Chapter Summary (continued) Cryptographic control systems often subject to attack Many methods of attack have evolved brute computational approaches use of weaknesses often found in implementation of cryptographic controls Some attacks attempt to inject themselves between the parties of a secured communication channel Other attacks combine multiple brute-force approaches into one correlation attack Firewalls & Network Security, 2nd ed. - Chapter 9 Slide 50
Principles of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationChapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads
Cryptography p y Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationA New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationChapter 3 Traditional Symmetric-Key Ciphers 3.1
Chapter 3 Traditional Symmetric-Key Ciphers 3.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Objectives To define the terms and the concepts of symmetric
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 7 Cryptographic Systems 2012 Cisco and/or its affiliates. All rights reserved. 1 Explain how cryptology consists of cryptography (encoding messages) and
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationCryptography=To protect transmitted info from being read and understood by anyone but the recipient.
Cryptography=To protect transmitted info from being read and understood by anyone but the recipient. Definitions Block Cipher. Obtained by segregating plaintext into blocks or bits and applying the identical
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationChapter 8 Information Technology
CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationCRYPTOGRAPHY. BY, Ayesha Farhin
CRYPTOGRAPHY BY, Ayesha Farhin Overview Introduction Types Advantages n Disadvantages Future Developments Bibliography Introduction Cryptography considered as a branch of both mathematics and computer
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More information10EC832: NETWORK SECURITY
10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationModule 13 Network Security. Version 1 ECE, IIT Kharagpur
Module 13 Network Security Lesson 40 Network Security 13.1.1 INTRODUCTION Network Security assumes a great importance in the current age. In this chapter we shall look at some of the security measures
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationIntroduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014
Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014 Page 1 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers Permutation ciphers
More informationThe Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,
1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationMaking and Breaking Ciphers
Making and Breaking Ciphers Ralph Morelli Trinity College, Hartford (ralph.morelli@trincoll.edu) Smithsonian Institute October 31, 2009 2009 Ralph Morelli You are free to reuse and remix this presentation
More informationJNTU World JNTU World. JNTU World. Cryptography and Network Security. Downloaded From JNTU World (http://(http:// )(http:// )JNTU World
Cryptography and Network Security )(http:// ) Downloaded From (http://(http:// )(http:// ) Downloaded From (http://(http:// Introduction The art of war teaches us not on the likelihood of the enemy s not
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationCryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.
Telling Secrets Secret Writing Through the Ages William Turner Department of Mathematics & Computer Science Wabash College Crawfordsville, IN 47933 Tuesday 4 February 2014 W. J. Turner Telling Secrets
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationNetwork Security. Chapter 8. MYcsvtu Notes.
Network Security Chapter 8 Network Security Some people who cause security problems and why. Cryptography Introduction Substitution ciphers Transposition ciphers One-time pads Fundamental cryptographic
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationPublic Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA
Public Key Cryptography, OpenPGP, and Enigmail Cryptography is the art and science of transforming (encrypting) a message so only the intended recipient can read it Symmetric Cryptography shared secret
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationCryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)
Cryptology Part 1 Uses of Cryptology 1. Transmission of a message with assurance that the contents will be known only by sender and recipient a) Steganography: existence of the message is hidden b) Cryptography:
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationNETWORK SECURITY & CRYPTOGRAPHY
Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationService Managed Gateway TM. Configuring IPSec VPN
Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationLECTURE 4: Cryptography
CSC 519 Information Security LECTURE 4: Cryptography Dr. Esam A. Alwagait alwagait@ksu.edu.sa Recap form previous Lecture We discussed more symmetric encryption. Books? Security Engineering, Ross Anderson
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics
Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationCryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators
Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators Belfast, 11-Nov-2010 Innovative Software Solutions. Thomas Bahn - graduated in mathematics, University of Hannover - developing
More informationJaringan Komputer (IF8505) Pengamanan jaringan komputer. Cryptography
Jaringan Komputer (IF8505) Pengamanan jaringan komputer Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Intro
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationCryptology. An introduction. by Ulf Lindqvist translated and processed by Erland Jonsson
Cryptology An introduction by Ulf Lindqvist translated and processed by Erland Jonsson Contents Introduction Terminology History Symmetrical systems (secret-key) Asymmetrical systems (public-key) Key management
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More information6 Cryptographic Techniques A Brief Introduction
6 Cryptographic Techniques A Brief Introduction 6.1 Introduction to Cryptography 6.2 Symmetric Encryption 6.3 Asymmetric (Public-Key) Encryption 6.4 Digital Signatures 6.5 Public Key Infrastructures Literature:
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationClassical Cryptography. Thierry Sans
Classical Cryptography Thierry Sans Example and definitions of a cryptosystem Caesar Cipher - the oldest cryptosystem A shift cipher attributed to Julius Caesar (100-44 BC) MEET ME AFTER THE TOGA PARTY
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationSymmetric, Asymmetric, and One Way Technologies
Symmetric, Asymmetric, and One Way Technologies Crypto Basics Ed Crowley Fall 2010 1 Topics: Symmetric & Asymmetric Technologies Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes
More information