Security. Communication security. System Security

Similar documents
Encryption. INST 346, Section 0201 April 3, 2018

Introduction to Cryptography. Vasil Slavov William Jewell College

Computer Security: Principles and Practice

CSC 774 Network Security

CSC/ECE 774 Advanced Network Security

CSC 474/574 Information Systems Security

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

UNIT - IV Cryptographic Hash Function 31.1

Cryptographic Concepts

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptography MIS

Security: Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Public Key Cryptography and RSA

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

(2½ hours) Total Marks: 75

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

CRYPTOGRAPHY & DIGITAL SIGNATURE

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Public Key Cryptography

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

CS Computer Networks 1: Authentication

2.1 Basic Cryptography Concepts

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

CIS 4360 Secure Computer Systems Symmetric Cryptography

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Overview. SSL Cryptography Overview CHAPTER 1

APNIC elearning: Cryptography Basics

KALASALINGAM UNIVERSITY

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Cryptography and Network Security

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

PROTECTING CONVERSATIONS

Kurose & Ross, Chapters (5 th ed.)

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Classical Cryptography. Thierry Sans

Tuesday, January 17, 17. Crypto - mini lecture 1

Solutions to exam in Cryptography December 17, 2013

Lecture III : Communication Security Mechanisms

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

David Wetherall, with some slides from Radia Perlman s security lectures.

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CCNA Security 1.1 Instructional Resource

CSE 127: Computer Security Cryptography. Kirill Levchenko

CSC 580 Cryptography and Computer Security

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

CSC 474/574 Information Systems Security

Cryptographic Checksums

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

CSCE 813 Internet Security Symmetric Cryptography

Encryption and Forensics/Data Hiding

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Study Guide to Mideterm Exam

Computer Security 3/23/18

Network Security Essentials Chapter 2

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Cryptography and Network Security. Sixth Edition by William Stallings

PASSWORDS & ENCRYPTION

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

Spring 2010: CS419 Computer Security

Cryptography Intro and RSA

Cryptography Introduction

Public Key (asymmetric) Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

CSCE 715: Network Systems Security

CS669 Network Security

Practical Aspects of Modern Cryptography

Cryptography (Overview)

Topics. Number Theory Review. Public Key Cryptography

Information Security CS526

CSC 8560 Computer Networks: Network Security

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Cryptography and Network Security

Symmetric Encryption Algorithms

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Summary on Crypto Primitives and Protocols

SECURITY IN NETWORKS 1

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

SECURITY IN NETWORKS

Digital Certificates Demystified

Lecture 1 Applied Cryptography (Part 1)

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Transcription:

Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security security at the end points information cannot be encrypted, as it needs to be accessed by applications on the end system logical separation is typically the basis 1

Security Concerns Availability Confidentiality Authenticity, integrity Nonrepudiability 2

How to achieve security Basis is separation How to separate adversaries? Separate adversarial entities Physical separation Temporal separation Cryptographic separation Logical separation Security vs Functionality Controlled sharing 3

Cryptography Encode the data in a manner that makes it accessible only to authorized parties Why it is not a good idea to rely on secrecy of algorithm Encryption algorithm Encryption key Hard to develop good encryption algorithm Does not scale beyond a few users Security by obscurity Key point: need to preserve secrecy of key 4

Key concepts and terminology Plaintext ( unencrypted ) Ciphertext ( encrypted ) Encryption (Ek(X)) Vs Decryption (Dk(X)) Key Vs Algorithm Cryptanalysis: Discover k, X or both 5

6

Steganography Hiding presence of information Use normal-looking messages/pictures that conceal secret data Useful if communication is monitored for suspicious content by someone Also used for copyright protection Watermark: invisible data encoded in messages that is retained in copies, and is robust in the face of typical image transformation operations 7

Symmetric Crypto 8

Model of Symmetric Crypto 9

Stream and Block Ciphers Stream cipher: used to encrypt digital streams of data, one bit or a byte at a time Block cipher: data is partitioned into blocks (typically 64 or 128 bits), and encryption operates on these blocks. Stream ciphers can be constructed from block ciphers For this reason, crypto algorithms are developed almost exclusively for block ciphers 10

Structure of Symmetric Crypto Needs to produce a reversible mapping that maps 64bit blocks onto other 64-bit blocks Good ciphers are based on Shannon s concepts of diffusion and confusion In principle, good ciphers can be implemented using a table of mappings Diffusion: disperse bit-patterns within each block of data Confusion: mix-up the order of bits within a block. In practice, use permutations specified by a key. Encryption key selects which mapping to use Approach impractical for all except smallest block sizes Feistel structure: a way to build more complex ciphers from simpler ones 11

12

Symmetric Crypto Algorithms DES Not considered very secure (key length of 56 bits) Triple DES with two keys (128 bits) AES (128 bits) IDEA (128 bits) Blowfish (up to 448 bits) RC5 (up to 2040 bits) CAST-128 (40 to 128 bits) RC2 (8 to 1024 bits) 13

Public Key (Asymmetric) Crypto Uses one key for encryption and another one for decryption One of the two keys is private to a principal; the other key can be freely distributed to any one Requires that it be computationally infeasible to compute one of the keys based on the other Each principal generates his/her own pair of public/private keys, and the private key need not be revealed to any one. Some public key algorithms (e.g., RSA) permit both keys to be used for encryption and decryption What is encrypted with one key can be decrypted with the other 14

Encryption in Public Key Crypto 15

Authentication in Public Key Crypto 16

Encryption Vs Signing When the encoding operation is performed using someone s public key, the results are accessible only to that person This operation can be used to ensure confidentiality of data --- hence called encryption When the encoding operation is done using someone s private key, the results are accessible to every one. But one can be sure that the message came only from the person whose public key is used for decoding --- hence called signing 17

RSA Algorithm Alphabet = {0,...,n-1} in practice, {0,...,2k} for 2k < n <= 2k+1 e Encryption: C = M mod n Decryption: M = Cd mod n = (Me) d mod n = Med mod n Need: Med = M mod n Both sender and receiver know n. Sender knows e, while only the receiver knows d. ie, KU = (e, n), KR = {d, n} 18

RSA Algorithm Requirements It is possible to find d,e, n s.t. Med = M mod n, for all M < n e d It is easy to calculate M and C It is infeasible to determine d from e 19

RSA Algorithm 20

Miller-Rabin Test Pick an odd number n, note n-1 = 2kq, where q is odd q 2q Pick a number 1 < a < n-1, compute a, a,,a If n is prime, by Fermat s theorem 2kq a mod n = an-1 mod n = 1 Hence, for some 0 j k, a 2kq 2jq mod n = 1 Case 1: j = 0: this means aq mod n = 1 Case 2: j > 0, a 2j-1q 2j-1q 2jq mod n 1, a 2j-1q mod n = 1 i.e., (a 1)*(a +1) mod n = 0 Since the first factor is nonzero, we have 2j-1q (a 2j-1q +1) mod n = 0, or, a mod n = n-1 The algorithm tests for case 1 or case 2. If the test fails, that means n is composite If it succeeds, n is not guaranteed to be prime but the probability of success for a nonprime is less than 0.25 21 t repeat the test for t different a s to get a prime with probability 1-(0.25)

Conventional Vs Public Key Crypto Conventional crypto is fast Public key crypto is much slower At least 3 orders of magnitude slower Key distribution is easier with public keys Software implementations on current PCs can perform encryption at the rate of few MB/s Need to ensure authenticity of public keys For conventional keys, confidentiality is needed Solution Use conventional crypto for encrypting bulk data Use public key crypto to exchange keys for such encryption. conventional keys are encrypted using public keys and sent to the recipient. Use certificates and certification authorities (CAs) to establish authenticity of public keys 22

Uses of Random Numbers Nonces (to protect against replay attacks) Session key generation RSA key generation Need cryptographically strong random number generator Not enough if we had random numbers in a statistical sense Need unpredictability 23

Pseudorandom number generators Linear congruential method Xn+1 = (axn + x) mod m Not good for crypto applications, as it is predictable Cyclic encryption Ek(n), for n = 0,1,2, Problem: what happens after a system restart? Does n go back to zero? If so, the random number sequence becomes predictable (seen before) Solutions: use something like a real-time clock plus sequence number use true random source 24

Natural Random Noise Best source is natural randomness in real world radiation counters radio noise Keystroke intervals Network packet arrival characteristics 25

Digital Signatures Required properties Conventional crypto is not very useful Sender and recipient share key, so nonrepudiability is a problem Public-key signature receiver can verify who sends sender can not repudiate receiver can not generate Originator simply encrypts the message using private key When the receiver gets the message decrypted using the originator s public key, then we can be sure about who sent the message Note that the encrypted message can be produced only by the originator, so all of the above properties are satisfied. 26

Message Digests Encrypting the whole message for signature purposes is impractical (too inefficient) Solution One-way hash code: use one-way hash functions: compute a fixed-size (e.g., 128bit) hash on the message Encrypt the hash using private key Given P, it is easy to compute H(P) Given H(P), it is impossible find P No one can generate two messages that have the same message digest Common hash functions MD5 SHA-1 RIPEMD-160 27

Digital Certificates Certificates are issued by a CA Every one knows the public keys of the CA A certificate for a principal A is simply A s public key that is encrypted with CA s private key Only the CA could have produced such a message, so the recipient of the certificate knows that the CA vouches for A s public key If the recipient trusts CA, then the certificate provides a simple way to authenticate the public key of A. 28

Public-Key Certificates certificates allow key exchange without real-time access to public-key authority a certificate binds identity to public key usually with other info such as period of validity, rights of use etc with all contents signed by a trusted Public-Key or Certificate Authority (CA) can be verified by anyone who knows the public-key authorities public-key 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback