920 likes | 1.46k Views
Cryptography and Network Security. Chapter 1 – Introduction. secret (crypto-) writing (- graphy ). Definitions. Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
E N D
Chapter 1 – Introduction secret (crypto-) writing (-graphy)
Definitions • Computer Security- generic name for the collection of tools designed to protect data and to thwart hackers computer use requires automated tools to protect files(file system) and other stored information • Network Security- measures to protect data during their transmission • Internet Security- measures to protect data during their transmission over a collection of interconnected networks
Internet Security • which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information
Password Nearly all modern multiuser computer and network operating systems employ passwords at the very least to protect and authenticate users accessing computer and/or network resources. But passwords are not typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme. an intruder can grab the password off of the network and use an off-line attack (such as a dictionary attack where an attacker takes every known word and encrypts it with the network's encryption algorithm)
OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • defines a systematic way of defining and providing security requirements • ITU -International Telecommunication Union • OSI - Open Systems Interconnection
Aspects of Security • consider 3 aspects of information security: • security attack • security mechanism • security service
Why Security? • Some of the sites which have been compromised • U.S. Department of Commerce • NASA • CIA • Greenpeace • Motorola • UNICEF • Church of Christ … • Some sites which have been rendered ineffective • Yahoo • Microsoft • Amazon …
Why do Hackers Attack? • Because they can • A large fraction of hacker attacks have been trouble • Financial Gain • Espionage (spying) • Venting anger at a company or organization • Terrorism
Types of Hacker Attack • Active Attacks • Denial of Service • Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks • Sniffing • Passwords • Network Traffic • Sensitive Information • Information Gathering
Modes of Hacker Attack • Over the Internet • Over LAN • Locally • Offline • Theft • Deception
Security Attack • can focus of generic types of attacks • passive • active
Passive Attacks 1. Release of Message Contents: It is easily understandable. Eg: Telephone conversation, e-mail message 2. Traffic Analysis: Eavesdropper observe the pattern of message from sender to receiver.
Active Attacks 1.Masequerade: One entity pretends to be a different entity. 2.Replay: It involves passive capture of a data unit and its subsequent retransmission to produce an unauthorized affects. 3.Modification of message: Some portion of legitimate message is altered, or that message are delayed or re-ordered to produce an unauthorized effect. 4.Denail of Service: it prevents or inhibits the normal use or management of communication facilities.
Security Services (X.800) • X.800 defines it in 5 major categories • Authentication (who created or sent the data) • Access control / Availability (prevent misuse of resources) • Confidentiality (privacy) • Integrity (has not been altered) • Non-repudiation (the order is final)
Security Services • A security serviceis a measure to address a threat • E.g. authenticate individuals to prevent unauthorized access
Security Services (X.800) • Authentication - assurance that the communicating entity is the one claimed. • The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) • Access Control/Availability- prevention of the unauthorized use of a resource • Data Confidentiality–protection of data from unauthorized disclosure. • Privacy - Ensuring that no one can read the message except the intended receiver.
Security Services (X.800) • Data Integrity- assurance that data received is as sent by an authorized entity. • Assuring the receiver that the received message has not been altered in any way from the original. • Non-Repudiation - protection against denial by one of the parties in a communication. A mechanism to prove that the sender really sent this message. • prevents the sender of information from claiming at a later date that the information was never sent.
Security Mechanism • A security mechanismis a means to provide a service • E.g. encryption, cryptographic protocols • feature designed to detect, prevent, or recover from a security attack • no single mechanism that will support all services required • however one particular element underlies many of the security mechanisms in use: • cryptographic techniques
Security Mechanisms (X.800) • specific security mechanisms: • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • pervasive security mechanisms: • trusted functionality, security labels, event detection, security audit trails, security recovery
Model for Network Security • using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service
Crypto keywords • cryptography the art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form
Crypto keywords plaintext the original intelligible message ciphertext the transformed message cipher an algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods
Crypto keywords keysome critical information used by the cipher, known only to the sender & receiver encipher (encode) the process of converting plaintext to ciphertext using a cipher and a key
Crypto keywords decipher(decode) the process of converting ciphertext back into plaintext using a cipher and a key cryptanalysis the study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called codebreaking cryptology both cryptography and cryptanalysis
Cryptography • can be characterized by: • type of encryption operations used • substitution / transposition / product • number of keys used • single-key or private / two-key or public • way in which plaintext is processed • block / stream
cryptanalysis The process of attempting to discover plaintext or key or both is known as cryptanalysis. There are 2 general approaches to attacking a conventional encryption scheme.
1.Cryptanalytic Attacks ciphertext only only have access to some enciphered messages use statistical attacks only known plaintext know (or strongly suspect) some plaintext-ciphertext pairs use this knowledge in attacking cipher chosen plaintext can select plaintext and obtain corresponding ciphertext use knowledge of algorithm structure in attack
chosen plaintext-ciphertext can select plaintext and obtain corresponding ciphertext, or select ciphertext and obtain plaintext allows further knowledge of algorithm structure to be used
2. Brute Force Attack It involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.
Encryption Scheme • Unconditionally Secure: • If the ciphertext generated by the scheme does not contain enough information to determine the corresponding plaintext. • Computationally Secure: • 2 criteria • The cost of breaking the cipher exceeds the value of the encrypted information. • The time required to break the cipher exceeds the useful lifetime of the information.
Classical Cryptographic Techniques have two basic components of classical ciphers: substitution and transposition in substitution ciphers letters are replaced by other letters in transposition ciphers the letters are arranged in a different order
Substitution Techniques Caesar Cipher Monoalphabetic Cipher Playfair Cipher Hill Cipher Polyalphabetic Cipher Vernam Cipher
Caesar Cipher Proposed by Julius Caesar. Each alphabet in a plaintext message is replaced by an alphabet three places down the alphabet. Note that the alphabet is wrapped around, so that the letter following Z is A. Plain :a b c d e f g h I j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
The caesar algorithm can be expressed as follows • Encryption • C=E(p)=(p+3) mod 26 • Decryption • p=D(C)=(C-3) mod 26 Eg: Plain text : hello Cipher text:KHOOR convert cipher text into plaintext Ciphertext: phhw ph diwhuwkhsduwb Ciphertext: ehvwrioxfn Ciphertext: L ORYH BRX
Advantages: • Easy to perform • Simple • Disadvantages: • To break a cipher text message using the Brute Force attack. • There are only 25 possibilities to try out. • The language of the plaintext was English
Monoalphabetic Cipher Rather than using a uniform scheme for all the alphabets in a given text message, apply random substitution This means that in a given plaintext message, each ‘A’ can be replaced by any other alphabet (B through Z), each ‘B’ can also replaced by any other random alphabet (A or C through Z) and so on. There is no relation between replacement of one alphabet with any other alphabet. There is any permutation or combination of the 26 alphabets, which means (26 X 25 X … X 2) or 4 X 1026 possibilities
Advantages: • Extremely hard to crack the cipher text even with the most modern computers. Disadvantages: • Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. A counter measure is to provide multiple substitutes known as homophones. • Relative frequency of alphabet in the cipertext can be determined and compared to standard frequency distribution for English by the cryptanalyst to break cipher text.
Character Frequencies in most languages letters are not equally common in English e is by far the most common letter
Playfair cipher • Which treats digrams in the plain text as single units and translates these units into ciphertextdigrams. • Algorithm: • is based on the use of a 5 X 5 matrix of letters constructed using a keyword. • The matrix is constructed by filling in the letters of the keyword (minus duplications) from left to right and from top to bottom. • And then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters IandJcount as one letter. For example: keyword is MONARCHY
Plaintext is encrypted two letters at a time, according to the following rules. 1. Repeating plaintext letters that would fall in the same pair are separated with filler letter, such as x. • For eg: balloonwould be treated as ba lx lo on. 2. Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. • For eg: pqand arare encrypted as QSand RM. • Plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the row circularly following the last. for eg: drandmuare encrypted as KDand CM. • Otherwise, each plaintext letter is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. for eg: hsbecomes BPandeabecomesIM or JM p.t: meet me at hammersmith bridge tonight key:charlesC.T:?
C.T:GDDOGDRQARKYGDHDNKPRDAMSOGUPGKICQY C.T:HQVSITKQESAX KEY:INFOTECH p.t:? C.T:CLKLCLOILKDZCFSODZBW KEY:MONARCHY p.t:? C.T:EPVSZRLOISMV KEY:ZINTA p.t:? K:TEENAGE c.t: KMIZAWUZ p.t:? K:LAST c.t: WLMPLWBI p.t:?
Advantages: • There are only 26 letters in the alphabet. Therefore 26 X 26 = 676 digrams, So that identification of individual digrams is more difficult. • The relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. Disadvantages: • Playfair cipher is breakable only if few hundreds of cipher text are known
Hill Cipher Multiletter cipher Proposed by Lester Hill The encryption algorithm takes ‘m’ successive plain text letters and substitutes for them ‘m’ cipher text letters For Hill ciphers, assign numerical values to each plaintext and ciphertext letter so that A=0, B=1, C=2 and so on. Encryption For m=3, the system can be described as follows. C1=(K11p1+K12p2+K13p3) mod 26 C2=(K21p1+K22p2+K23p3) mod 26 C3=(K31p1+K32p2+K33p3) mod 26