1.5k likes | 1.79k Views
Fundamentals of Security. Security Attacks. Passive Attacks. Active Attacks. Passive Attacks. Interception (confidentiality). Release Of Message Contents. Traffic Analysis. Interception. learn sensitive information Determine the identity and location of the host. Interruption
E N D
Security Attacks Passive Attacks Active Attacks
Passive Attacks Interception (confidentiality)
Release Of Message Contents Traffic Analysis Interception • learn sensitive information • Determine the identity and location of the host
Interruption (availability) Modification (integrity) Fabrication (authenticity) Active Attacks
Modification (integrity) Modify the contents of the message or a file. It is an attack on integrity
Interruption (availability) Try to break the system to make it out of service. It is an attack on Availability.
Fabrication (Authenticity) Insert messages into system or objects into files. Try to fool the system. It is attack on authenticity.
Confidentiality Authentication Nonrepudiation Availability Integrity Security Service
Confidentiality Is the protection of transmission from passive attacks ***-**-**** 444-21-8888 444-21-8888
Authentication The authentication service assures that the recipient receives information from reliable source. I am friend Ok-let us talk
Integrity Make sure that the message is received as it is sent without modification, duplication, insertion, reordering,or replay. He/She Broker Buy 1000 stocks, Buy 1000 stocks Buy 1000 stocks
Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transaction. He/She Broker You are not john, I can’t do that. I am John, buy 1000 stocks
Availability Protect against Denial Of Service attacks.
Cryptography Definition • A process associated with scrambling plaintext (ordinary text, or clear text) into cipher text (a process called encryption), then back again (known as decryption). Cryptography concerns itself with four objectives: • Confidentiality (the information cannot be understood by anyone for whom it was unintended) • Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected). • Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information). • Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.
Secure Channel Encryption Model X’ cryptanalyst K’ X X Plain Text Plain Text Encryption Algorithm Y Decryption Algorithm Cipher Text Key
Cryptography Classification • Cryptographic systems are generally classified along three independent dimensions: • The type of operation used for transforming plaintext to ciphertext:: all encryption algorithms are based on two general principles: • Substitution: in which each element in the plain text (bit, letter, group of bits or letters) is mapped into another elements. • Transposition: in which elements in the plaintext are rearranged. • The fundamental requirements that all operations must be reversible. Most system involves multiple stages of substitution and transposition. • The number of keys used: • Symmetric: If both sender and receiver use the same key, the system referred to be symmetric, single-key, secret-key, or conventional encryption. • Asymmetric: if both sender and receiver each uses a different key, the system is referred to be as asymmetric, two-key, or public-key encryption. • The way in which the plaintext is processed: • Block ciphering: processes the input one block of elements at a time, producing an output block for each input block. • Stream ciphering: processes the input elements continuously, producing output one elements at a time.
Encryption techniques: Caesar Cipher Substitution cipher: Plain: meet me after the party Cipher: PHHW PH DIWHU WKH SDUMB C = E(p) = (p+3) % 26 p = D(C) = (C-3) % 26
Encryption techniques: Caesar Cipher Cryptanalysis : p = D(C) = (C-i) % 26 Try all the different 25 keys.
Encryption techniques: Mono-alphabetic Cipher Substitution cipher: Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C The cipher line could be any permutation of the 26 characters, so there are 26! Or greater than 4 x 1026 Possible keys.
Encryption techniques: Mono-alphabetic Cipher Cryptanalysis Construct a table of frequency of one, two etc letters in a very long English text. Construct another table of frequency of one, two etc letters based on the encrypted text. From the relationship of both tables we can figure out the encryption key.
Encryption techniques: Hill Cipher Substitution cipher: The encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. The substitution is determined by m linear equations in which each character is assigned a numerical value determined by m linear equations in which each character is assigned a numerical value (a=0,b=1,….z=25). For m = 3, the system can be described as follows:
Secret Key Public Key Encryption Techniques
Block Cipher Modes of Operations • The Electronic Code Mode (ECB). • The Cipher Block Chaining Mode (CBC). • The Cipher Feedback Mode (CFB). • The Output Feedback Mode (OFB) • The Counter Mode (CTR).
PLAINTEXT INPUT BLOCK INPUT BLOCK CIPHk CIPH-1k OUTPUT BLOCK OUTPUT BLOCK CIPHERTEXT ECB Encryption: ECB Decryption: Electronic Code Mode (ECB) ECB Encryption ECB Decryption CIPHERTEXT PLAINTEXT for j=1..n for j=1..n
INPUT BLOCK1 INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPH-1k CIPH-1k CIPH-1k CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 Cipher Block Chaining Mode (CBC) IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn ECB Encryption + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn + + + IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn
Cipher Block Chaining Mode (CBC) (continue) for j=1..n CBC Encryption: CBC Decryption: for j=1..n • Initial Vector (IV): • Need not be secret. • It should be generated for each encryption/decryption operation. • Must be available for each party in the communication. • It is very difficult to generate IV from the plaintext.
INPUT BLOCKn INPUT BLOCK1 INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 Output Feedback Mode (OFB) IV ECB Encryption PLAUNTEXT1 + PLAUNTEXT2 + Plaintextn + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption IV + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn
Output Feedback Mode (OFB)-Encryption for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1
Output Feedback Mode (OFB)-Decryption for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1
INPUT BLOCK1 CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits Cipher Feedback Mode (CFB) ECB Encryption IV INPUT BLOCK (b-s)bits|sbits CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits PLAUNTEXT1 S bits + PLAUNTEXT1 S bits + IV CIPHERTEXT1 S bits CIPHERTEXT1 S bits ECB Decryption INPUT BLOCKn (b-s)bits|sbits INPUT BLOCK1 CIPHk CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits OUTPUT BLOCK1 Select s bits Discard (b-s)bits + + PLAINTEXT1 S bits PLAINTEXT1 S bits
Cipher Feedback Mode (OFB)-Encryption for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits
Cipher Feedback Mode (OFB)-Decryption for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits
INPUT BLOCK2 INPUT BLOCKn INPUT BLOCK2 INPUT BLOCKn INPUT BLOCK1 INPUT BLOCK1 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 Counter Mode (CTR) Counter1 Counter1 Countern ECB Encryption PLAUNTEXT1 PLAUNTEXT2 Plaintextn + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption Counter1 Counter2 Countern + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn
Counter Mode (CTR) (continue) for j=1..n for j=1..n-1 CTR Encryption: for j=1..n for j=1..n-1 CTR Decryption:
Secret Key Data Encryption Standard (DES) E D K (56 bits) Cipher Data Plain Data K (56 bits) Plain Data Cipher Data
2DES E E D D K1 (56 bits) K2 (56 bits) Cipher Data Plain Data K2 (56 bits) K1 (56 bits) Plain Data Cipher Data
3DES D E E E D D K1 (56 bits) K2 (56 bits) K1 (56 bits) Cipher Data Plain Data K1 (56 bits) K2 (56 bits) K1 (56 bits) Plain Data Cipher Data
RSA (Rivest- Chamir Adelman) Public Key E D KU (Alice) Cipher Data Bob’s Plain Data KP (Alice) Plain Data Cipher Data
Secret Key Public Key Authentication Techniques
Authentication With Secret Key E D K (Alice-Bob secret key) Bob Cipher Data Bob’s Name Bob’s Name K (Alice-Bob-secret key) Alice Cipher Data
Authentication With Public Key E D KP (Bob’s Private Key) Bob Cipher Data Bob’s Name Bob’s Name KU (Bob’s Public Key) Alice Cipher Data
Integrity Hashing Algorithms Message Digest of 128 bits 512 bit Blocks MD5 Message Digest of 160 bits 512 bit Blocks SHA-1
Hash Function Requirements H(x) = h x is any size h is fixed
Hash Function Requirements (continue) H is easy to implement using hardware or software
Hash Function Requirements (continue) One way property : given h it is Computationally infeasible to find X such that H(x) = h
Hash Function Requirements (continue) Week Collision Resistance : for any given x it is computationally infeasible to find y <> x with H(x) = H(y) Strong Collision Resistance : for any given(x,y) it is computationally infeasible to find H(x) = H(y)for x<>y
Hash Function Requirements (continue) block1 block2 blockm Ci = bi1 + bi2 + …….. bim
Problem with simple hash function. Doesn’t provide collision resistance