1 / 694

CSCI 6365

CSCI 6365. Network Security and Management Instructor: Bin Fu, Ph.D Office: ENGR 3.280 Phone: 381-3635 Email: binfu@cs.panam.edu Web: http://cs.panam.edu/~binfu/. Textbook. Textbook: Cryptography and Network Security, by William Stallings, Fourth Edition. Topics. Symmetric ciphers

dawn-glover
Download Presentation

CSCI 6365

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CSCI 6365 • Network Security and Management • Instructor: Bin Fu, Ph.D • Office: ENGR 3.280 • Phone: 381-3635 • Email: binfu@cs.panam.edu • Web: http://cs.panam.edu/~binfu/

  2. Textbook Textbook: Cryptography and Network Security, by William Stallings, Fourth Edition

  3. Topics • Symmetric ciphers • Block ciphers and DES • Public key cryptography (RSA) • Hash functions • Key management • Network Authentications • IP security • Web security • Software security, etc

  4. Exam, Assignment and Grade • Midterm: 20% • Final: 25% • 4 assignments: 30% • Attendance and Exercises in class: 25%

  5. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu

  6. Background • Information Security requirements have changed in recent times • traditionally provided by physical and administrative mechanisms • computer use requires automated tools to protect files and other stored information • use of networks and communications links requires measures to protect data during transmission

  7. Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks

  8. Services, Mechanisms, Attacks • need systematic way to define requirements • consider three aspects of information security: • security attack • security mechanism • security service • consider in reverse order

  9. OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • defines a systematic way of defining and providing security requirements • for us it provides a useful, if abstract, overview of concepts we will study

  10. Security Services • X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources • X.800 defines it in 5 major categories

  11. Security Services (X.800) • Authentication - assurance that the communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation - protection against denial by one of the parties in a communication

  12. Security Mechanisms (X.800) • specific security mechanisms: • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • pervasive security mechanisms: • trusted functionality, security labels, event detection, security audit trails, security recovery

  13. Classify Security Attacks as • passive attacks - eavesdropping on, or monitoring of, transmissions to: • obtain message contents, or • monitor traffic flows • active attacks – modification of data stream to: • masquerade of one entity as some other • replay previous messages • modify messages in transit • denial of service

  14. Model for Network Security

  15. Model for Network Security • using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service

  16. Model for Network Access Security

  17. Model for Network Access Security • using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorised users access designated information or resources • trusted computer systems can be used to implement this model

  18. Summary • have considered: • computer, network, internet security def’s • security services, mechanisms, attacks • X.800 standard • models for network (access) security

  19. Cryptography Cryptography Theoretical impact Application impact Algebra Number theory Complexity theory Security

  20. Two parts of cryptography • Symmetric ciphers If the encryption is known, then decryption is known. Examples: DES, AES • Public Key (non-symmetric cipher) Even the encryption is know, the decryption is still unknown. Example: RSA

  21. Basic Concepts in Cryptography • Plaintext: Original intelligible message • Encryption algorithm: convert plaintext into ciphertext • Key: One of inputs to encryption algorithm. Different key determines different encryption output • Ciphertext: output of encryption, unintelligible data • Decryption algorithm: takes the ciphertext and key to generate plaintext

  22. Model of Cryptosystem Cryptanalyst Encryption Decryption Message Message Secure channel Key

  23. Encryption and Decryption • Message X • Encryption key K • Ciphertext Y Encryption function: Decryption function:

  24. Attacks • Ciphertext only attack: attacker only knows ciphertext • Known Plaintext attack: attacker gets some plaintext patterns and their encryptions • Chosen-plaintext attack: attacker choose message to encrypt

  25. Caesar Cipher • Plain to Cipher mapping a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L MN O PQ RS TUVW XYZ A BC • Plain to Cipher mapping Plaintext: A t t a c k a t m i d n i g h t Ciphertext: DWWDFK DW P LGQLJ KW

  26. Two functions • a b c …. Z • 0 1 2 … 25 • The encryption function is E(p)=p+3 (mod 26) • The Decryption function is D(c)=(c-3) (mod 26)

  27. Key space and security • The number of keys for Caesar cipher is 26 • It is easy to break by brute-force attack via trying all possible keys

  28. Monoalphabetic Cipher • Plain letters to cipher letters a b c d e f g h i j k l m n o p q r s t u v w x y z Z E I R M F S K B HC U PQ GJ TOVW XYD A LN • Plaintext to ciphertext Plaintext: A t t a c k a t m i d n i g h t Ciphertext: ZWWZ I C ZW P BRQBS KW

  29. Monoalphabetic Cipher • Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z • Cipher: a permutation of 26 letters • Number of possible keys: 26!=1x 2 x 3 x 4 …x 25 x26

  30. Statistics for English Letters • Frequency of 26 Letters E(12.7%) T(9.0%) A(8.1%) O(7.5%) I(6.9%) N(6.7%) S( 6.3%) H(6.0%) R(5.9%) D(4.2%) L(4.0%) C( 2.7%) U(2.7%) M(2.4%) W(2.3%) F(2.2%) G(2.0%) Y(1.9%) P(1.9%) B(1.4%) V(0.9%) K(0.7% ) X(0.15%)J(0.15%) Q(0.09%) Z(0.07%)

  31. Cipher Analysis • Select a cipher long enough • Analysis the frequency of all letters • Find the mapping of letters

  32. Multiple Substitutes • A letter may be assigned different cipher symbols e3,7,23 • It makes it much harder to attack via statistic message

  33. Playfair Cipher • Key: monarchy M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z

  34. Pairing before Encryption • Pair up letters walk(wa)(lk) • Insert filler letter for a pair with the same letter balloon(ba)(lx)(lo)(on)

  35. Encryption Rules ar RM plaintext letters in the same row are replaced by the letter to the right (circularly) • muCM plaintext letters in the same column are replaced by the letter to the beneath (circularly) • bpHS plaintext letters are replaced by the letter that lie in its own row and column

  36. Advantage of playfair over monoalphabetic • Multiple substitutes • Making the frequency analysis more difficulty

  37. Polyalphabetic Cipher • 6 letters: a b c d e f a A B C D E F b B C D E F A c C D E F A B d D E F A B C e E F A B C D f F A B C D E

  38. Encryption rules • Keyword: dece • Key: d e c e d e c e d e c e d • Plaintext: f d e f e c a b c c c e d • Ciphertext: CBAD BACF FAECA • The key “d” determines the row number “d” • The plaintext “f” determines column number “f” • The cipher letter is at the intersection of row “d” and column “f”, which is “C”

  39. Polyalphabetic Cipher • 26 letters: a b c d e f ……. a A B C D E F ……. b B C D E F G ……. c C D E F G H ……. d D E F G H I ……. e E F G H I J ……. f F G H I J K ……. ……

  40. Advantage • Each plaintext letter may be mapped to any of the 26 letters.

  41. Basic Properties of Mod • For integers x, y, and k, x=y (mod k) if there is another integer z such that x-y=z*k • Example: x=7, y=11, k=4 3=11 (mod 4) • If x=y(mod k) iff x and y have the same remainder when divided by k

  42. Mod k • Assume x=y(mod k) and u=v(mod k) we have: x+u=y+v(mod k) x*u=y*v(mod k)

  43. Hill Cipher • Take m successive plaintext letters and substitutes for them m ciphertext letters • Each letter is assigned a numerical value • The Substitution is via a linear transformation

  44. Hill Cipher

  45. Matrix Multiplication • For two matrixes

  46. Properties of matrix product • Associative: (AB)C=A(BC) • IA=AI=A, where I is the unit matrix 1 0 0 … 0 I= 0 1 0 … 0 0 0 1 … 0 …… 0 0 0 … 1

  47. Inverse of matrix • For matrix , if there is another matrix such that AB=I, where I is the unit matrix. B is called the inverse of A, denoted by

  48. Hill Cipher • C=K P mod 26 C is a column of m cipher letters K is a mxm matrix P is a column of m plain letters • K is invertible with I is a mxm matrix that has all ones on the main diagonal, and all zeros beyond the main diagonal

  49. Encryption and Decryption • Encryption: • Decryption:

  50. Example 17 17 5 • K= 21 18 21 2 2 19 4 9 15 • = 15 17 6 24 0 17

More Related