110 likes | 134 Views
Cryptography: an overview. Outline. Security components Security mechanisms: Symmetric Cryptography Asymmetric Cryptography Cryptographic Checksums Digital Signatures. Security components. aka. Security Goals Confidentiality : Data is only for the authorized.
E N D
Cryptography: an overview csci5233 computer security & integrity
Outline • Security components • Security mechanisms: • Symmetric Cryptography • Asymmetric Cryptography • Cryptographic Checksums • Digital Signatures csci5233 computer security & integrity
Security components • aka. Security Goals • Confidentiality: Data is only for the authorized. • data integrity: Data is correct. • origin integrity: Origin of the data is correct. • non-repudiability: There exists a mechanism to prove that the actor (sender, receiver, writer, retrieval, …) indeed performed that action. • availability: Data is available to the authorized. • access control • anonymity • etc. • What components to implement depends on the application’s security policy/requirements. csci5233 computer security & integrity
Security components • What components to implement depends on the application’s security policy/requirements. • Example applications that demand the various security components? csci5233 computer security & integrity
Security components: Exercise • You are part of a project team, which is developing an information system for command, communication and control between a command center and nuclear submarines. Of course, the communication between the command center and the submarine must be secured from potential faults and attacks. Explain how each of the following goals could be achieved by providing detailed protocols (showing the actors and their respective actions). • Goal #1: The communication must remain secret. That is, only the targeted recipient of a message should have access to the content of the message. • Goal #2: The correctness of the messages/commands must be verifiable. That is, if the message ever gets altered, the change should be detected. • Goal #3: The recipient of a message should be able to verify the true identity of the sender. That is, an unauthentic sender should be detected. • Goal #4: A command issued by A cannot later be denied by A. That is, A cannot later deny either the content or the action of sending that message. csci5233 computer security & integrity
Security Mechanisms • A security component is provided by one or more mechanisms. • Common security mechanisms: • Symmetric Cryptography • Asymmetric Cryptography • Cryptographic Checksums • Digital Signatures • Digital Certificates • Firewalls • IDS • Kerberos • 802.11i • WEP • IPSec • SSL • … csci5233 computer security & integrity
Classical Cryptography • Sender, receiver share common key • Keys may be the same, or trivial to derive from one another • Also called symmetric cryptography csci5233 computer security & integrity
Public Key Cryptography • Sender, receiver use keys that are inverse • An entity has a key pair (public key, private key) • The public key is usually public, but the private key is known only to the owner. • Also called asymmetric cryptography csci5233 computer security & integrity
Cryptographical Checksums • Message Digest • A checksum of the data • Sent or stored along with the source data • The receiver or the user of the data verifies the digest to determine the correctness. csci5233 computer security & integrity
Cryptographical Checksums • Message Authentication Code (MAC) • Keyless checksum is not secure. Why? • MAC is usually used for data integrity. • Some sort of “protection” must be in place if keyless message digest is used. csci5233 computer security & integrity
Digital Signatures • Powerful but expensive security mechanism • Provides data integrity, origin integrity (of the signer), and creator non-repudiability. • How? • Note: Sender origin integrity and sender non-repudiability are not provided, because replay attacks are possible. csci5233 computer security & integrity