1 / 22

Advanced Computer Networks

Advanced Computer Networks. Lecture 4 Security. 1 Motivation. More vital/secret data handled by distributed components within network systems and Internet. Security : protecting data stored in and transferred between distributed components from unauthorised access.

effie
Download Presentation

Advanced Computer Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Computer Networks Lecture 4 Security

  2. 1 Motivation • More vital/secret data handled by distributed components within network systems and Internet. • Security: protecting data stored in and transferred between distributed components from unauthorised access. • Insecurity effect: Confidential Data may be stolen, e.g.: • corporate plans. • new product designs. • medical/financial records (e.g. Access bills…) • Insecurity effect: Data may be altered, e.g.: • finances made to seem better than they are. • results of tests, e.g. on drugs, altered. • examination results amended (up or down).

  3. 1 Why are Distributed Systems Insecure? • Distributed component rely on messages sent and received from network. • Is network (especially WANs and wireless networks) secure? • Is client component secure? • Is client component who it claims to be? • Are users of calling components really who they claim to be?

  4. 1 Consequences of Insecurity • Loss of confidence: above effects may reduce confidence in computerized systems. • Claims for damages: legal developments may allow someone to sue if data on computer has not been guarded according to best practice. • Loss of privacy: data legally stored on a computer may well be private to the person concerned (e.g. medical/personnel) record.

  5. 2 Security Threats • Categorization of attacks (and goals of attacks) that may be made on system. • Three broad classes: • leakage: information leaving system. • tampering: unauthorised information altering. • vandalism: disturbing correct system operation. • Used to specify what the system is proof, or secure, against. • Attacks: Passive and Active

  6. 2 Passive Attacks • Eavesdropping on transmissions • Receive message copies without authority. • To obtain information • Release of message contents • Outsider learns content of transmission • Traffic analysis • By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed • Difficult to detect • Can be prevented

  7. 2 Active Attacks • Masquerading: Pretending to be a different entity without authority. • Message tampering: Intercepting and altering messages. • Replaying: Storing messages and sending them later. • Denial of service: Flooding server resources with messages in order to deny other’s access. • Hard to prevent • Easy to detect • Detection may lead to deterrent

  8. 3.1 Introduction • Cryptography: encode message data so that it can only be understood by intended recipient. • Romans used it in military communication. • Given knowledge of encryption algorithm, a brute force attempt is to try every possible decoding until a valid message is produced. • Computers are good at this! • Modern schemes must be computationally hard to solve to remain secure.

  9. 3.2 Cryptographic Terminology • Plain text: the message before encoding (by encryption). • Cipher text: the message after encoding. • Key: information needed to convert from plain text to cipher text (or vice-versa). • Function: the encryption or decryption algorithm used, in conjunction with key, to encode or decode message. • Key distribution service: trusted service which hands out keys.

  10. 3.3 Encryption • Encrypting data prevents unauthorised access to the data (i.e. prevents eavesdropping). • If encrypted data can only be encrypted with a matching key, this can be used to prove sender’s identity (i.e. prevents masquerading). • Likewise, it can be used to ensure that only intended recipients can use the data. • Two main ways: secret key and public key.

  11. 3.4 Secret Keys • One key is used to both encrypt and decrypt data • Encryption and decryption functions are often chosen to be the same type • Security should not be compromised by making function well-known as security comes from secret keys

  12. 3.4 Enigma Encryption Machine

  13. 3.4 Using Secret Keys • Sender and recipient exchange keys through some secure, trusted, non-network based means. • Sender encodes message using encryption function and sends the message, knowing that only the holder of key (the intended recipient) can make sense of it. • Recipient decodes message, and knows that only intended sender could generate it. • Message can be captured but is of no use.

  14. 3.4 Simplified Model of Symmetric (Secret Key) Encryption

  15. 3.4 Secret Key Encryption Algorithms • Historical cipher • Caesar Cipher • Monoalphabetic Cipher • Polyalphabetic Cipher

  16. 3.4.1 Caesar Cipher • Each letter in plaintext is substituted with letter that is K letters later • Wrap around is allowed (i.e., z followed by letter a) • If K = 3, a in plaintext becomes d in cipher text b in plaintext becomes e in cipher text • Exercise: “Dolfh, L oryh brx. Ere” • Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).

  17. 3.4.1 Attacking Caesar Cipher: Brute-Force • Brute-Force attack is based on the making sense feature of the data by trying every possible key. • Suppose that the cipher “mrsxocoexsfobcsdi” is the result of a Caesar shift cipher. • Since the key space is {0, 1, …, 25}, then the possible plaintexts are: mrsxocoexsfobcsdi, nstypdpfytgpcdtej, otuzqeqgzuhqdeufk, puvarfrhavirefvgl, qvwbsgsibwjsfgwhm, rwxcthtjcxktghxin, sxyduiukdyluhiyjo, tyzevjvlezmvijzkp, uzafwkwmfanwjkalq, vabgxlxngboxklbmr, wbchymyohcpylmcns, xcdiznzpidqzmndot, ydejaoaqjeranoepu, zefkbpbrkfsbopfqv, afglcqcslgtcpqgrw, bghmdrdtmhudqrhsx, chineseuniversity, dijoftfvojwfstjuz, ejkpgugwpkxgtukva, fklqhvhxqlyhuvlwb, glmriwiyrmzivwmxc, hmnsjxjzsnajwxnyd, inotkykatobkxyoze, jopulzlbupclyzpaf, kpqvmamcvqdmzaqbg, lqrwnbndwrenabrch

  18. 3.4.2 Monoalphabetic Cipher • Improvement on Caesar Cipher • Rather than substituting according to a regular pattern – any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa. • Example of a monoalphabetic cipher • Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z • Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q • Complexity: • _______ Possible pairings of letters – so breaking code is not as easy as in the case of Caesar cipher. 26!

  19. 3.4.2 Cryptanalysis: Simple Example • Mono-alphabetic substitution ciphers can be broken by simple frequency analysis • The relative frequency of letters in English text is distinct (shown in table) • Ciphertext frequencies can be used to guess plaintext letters

  20. 3.4.2 Cryptanalysis • It is the art and science of breaking ciphers, ciphertexts, or keys. • Brute-force: A cryptanalysis where all possible keys are tested, and then the result possible plaintext are analyzed. • Statistical analysis: single-letter appearance frequency; “q” is mostly followed by “u”; multi-letter frequency. • Known plaintext-ciphertext combination.

  21. 3.4.3 Polyalphabetic Encryption • Use multiple monoalphabetic/Caesar ciphers • Use a specific monoalphabetic/Caesar cipher to encode a letter in a specific position in the plain text message • This implies that same letter appearing in different positions in the plaintext might be encoded differently. Example: 2 Caesar ciphers; K = 5, K = 19 For every 5 bits in the plain text use the 2 Caesar ciphers in the following pattern: C1, C2, C2, C1, C2

  22. 3.4.3 Example: Vigenere Cipher • In the Vigenere cipher, the character in the ciphertext is chosen from a two-dimensional table (26 x 26), in which each row is a permutation of 26 characters (A to Z).

More Related