1 / 11

Cryptography: an overview

Cryptography: an overview. Outline. Security components Security mechanisms: Symmetric Cryptography Asymmetric Cryptography Cryptographic Checksums Digital Signatures. Security components. aka. Security Goals Confidentiality : Data is only for the authorized.

charisw
Download Presentation

Cryptography: an overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cryptography: an overview csci5233 computer security & integrity

  2. Outline • Security components • Security mechanisms: • Symmetric Cryptography • Asymmetric Cryptography • Cryptographic Checksums • Digital Signatures csci5233 computer security & integrity

  3. Security components • aka. Security Goals • Confidentiality: Data is only for the authorized. • data integrity: Data is correct. • origin integrity: Origin of the data is correct. • non-repudiability: There exists a mechanism to prove that the actor (sender, receiver, writer, retrieval, …) indeed performed that action. • availability: Data is available to the authorized. • access control • anonymity • etc. • What components to implement depends on the application’s security policy/requirements. csci5233 computer security & integrity

  4. Security components • What components to implement depends on the application’s security policy/requirements. • Example applications that demand the various security components? csci5233 computer security & integrity

  5. Security components: Exercise • You are part of a project team, which is developing an information system for command, communication and control between a command center and nuclear submarines. Of course, the communication between the command center and the submarine must be secured from potential faults and attacks. Explain how each of the following goals could be achieved by providing detailed protocols (showing the actors and their respective actions). • Goal #1: The communication must remain secret. That is, only the targeted recipient of a message should have access to the content of the message. • Goal #2: The correctness of the messages/commands must be verifiable. That is, if the message ever gets altered, the change should be detected. • Goal #3: The recipient of a message should be able to verify the true identity of the sender. That is, an unauthentic sender should be detected. • Goal #4: A command issued by A cannot later be denied by A. That is, A cannot later deny either the content or the action of sending that message. csci5233 computer security & integrity

  6. Security Mechanisms • A security component is provided by one or more mechanisms. • Common security mechanisms: • Symmetric Cryptography • Asymmetric Cryptography • Cryptographic Checksums • Digital Signatures • Digital Certificates • Firewalls • IDS • Kerberos • 802.11i • WEP • IPSec • SSL • … csci5233 computer security & integrity

  7. Classical Cryptography • Sender, receiver share common key • Keys may be the same, or trivial to derive from one another • Also called symmetric cryptography csci5233 computer security & integrity

  8. Public Key Cryptography • Sender, receiver use keys that are inverse • An entity has a key pair (public key, private key) • The public key is usually public, but the private key is known only to the owner. • Also called asymmetric cryptography csci5233 computer security & integrity

  9. Cryptographical Checksums • Message Digest • A checksum of the data • Sent or stored along with the source data • The receiver or the user of the data verifies the digest to determine the correctness. csci5233 computer security & integrity

  10. Cryptographical Checksums • Message Authentication Code (MAC) • Keyless checksum is not secure. Why? • MAC is usually used for data integrity. • Some sort of “protection” must be in place if keyless message digest is used. csci5233 computer security & integrity

  11. Digital Signatures • Powerful but expensive security mechanism • Provides data integrity, origin integrity (of the signer), and creator non-repudiability. • How? • Note: Sender origin integrity and sender non-repudiability are not provided, because replay attacks are possible. csci5233 computer security & integrity

More Related