6.97k likes | 7.12k Views
CSCI 6365. Network Security and Management Instructor: Bin Fu, Ph.D Office: ENGR 3.280 Phone: 381-3635 Email: binfu@cs.panam.edu Web: http://cs.panam.edu/~binfu/. Textbook. Textbook: Cryptography and Network Security, by William Stallings, Fourth Edition. Topics. Symmetric ciphers
E N D
CSCI 6365 • Network Security and Management • Instructor: Bin Fu, Ph.D • Office: ENGR 3.280 • Phone: 381-3635 • Email: binfu@cs.panam.edu • Web: http://cs.panam.edu/~binfu/
Textbook Textbook: Cryptography and Network Security, by William Stallings, Fourth Edition
Topics • Symmetric ciphers • Block ciphers and DES • Public key cryptography (RSA) • Hash functions • Key management • Network Authentications • IP security • Web security • Software security, etc
Exam, Assignment and Grade • Midterm: 20% • Final: 25% • 4 assignments: 30% • Attendance and Exercises in class: 25%
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu
Background • Information Security requirements have changed in recent times • traditionally provided by physical and administrative mechanisms • computer use requires automated tools to protect files and other stored information • use of networks and communications links requires measures to protect data during transmission
Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks
Services, Mechanisms, Attacks • need systematic way to define requirements • consider three aspects of information security: • security attack • security mechanism • security service • consider in reverse order
OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • defines a systematic way of defining and providing security requirements • for us it provides a useful, if abstract, overview of concepts we will study
Security Services • X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources • X.800 defines it in 5 major categories
Security Services (X.800) • Authentication - assurance that the communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation - protection against denial by one of the parties in a communication
Security Mechanisms (X.800) • specific security mechanisms: • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • pervasive security mechanisms: • trusted functionality, security labels, event detection, security audit trails, security recovery
Classify Security Attacks as • passive attacks - eavesdropping on, or monitoring of, transmissions to: • obtain message contents, or • monitor traffic flows • active attacks – modification of data stream to: • masquerade of one entity as some other • replay previous messages • modify messages in transit • denial of service
Model for Network Security • using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security • using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorised users access designated information or resources • trusted computer systems can be used to implement this model
Summary • have considered: • computer, network, internet security def’s • security services, mechanisms, attacks • X.800 standard • models for network (access) security
Cryptography Cryptography Theoretical impact Application impact Algebra Number theory Complexity theory Security
Two parts of cryptography • Symmetric ciphers If the encryption is known, then decryption is known. Examples: DES, AES • Public Key (non-symmetric cipher) Even the encryption is know, the decryption is still unknown. Example: RSA
Basic Concepts in Cryptography • Plaintext: Original intelligible message • Encryption algorithm: convert plaintext into ciphertext • Key: One of inputs to encryption algorithm. Different key determines different encryption output • Ciphertext: output of encryption, unintelligible data • Decryption algorithm: takes the ciphertext and key to generate plaintext
Model of Cryptosystem Cryptanalyst Encryption Decryption Message Message Secure channel Key
Encryption and Decryption • Message X • Encryption key K • Ciphertext Y Encryption function: Decryption function:
Attacks • Ciphertext only attack: attacker only knows ciphertext • Known Plaintext attack: attacker gets some plaintext patterns and their encryptions • Chosen-plaintext attack: attacker choose message to encrypt
Caesar Cipher • Plain to Cipher mapping a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L MN O PQ RS TUVW XYZ A BC • Plain to Cipher mapping Plaintext: A t t a c k a t m i d n i g h t Ciphertext: DWWDFK DW P LGQLJ KW
Two functions • a b c …. Z • 0 1 2 … 25 • The encryption function is E(p)=p+3 (mod 26) • The Decryption function is D(c)=(c-3) (mod 26)
Key space and security • The number of keys for Caesar cipher is 26 • It is easy to break by brute-force attack via trying all possible keys
Monoalphabetic Cipher • Plain letters to cipher letters a b c d e f g h i j k l m n o p q r s t u v w x y z Z E I R M F S K B HC U PQ GJ TOVW XYD A LN • Plaintext to ciphertext Plaintext: A t t a c k a t m i d n i g h t Ciphertext: ZWWZ I C ZW P BRQBS KW
Monoalphabetic Cipher • Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z • Cipher: a permutation of 26 letters • Number of possible keys: 26!=1x 2 x 3 x 4 …x 25 x26
Statistics for English Letters • Frequency of 26 Letters E(12.7%) T(9.0%) A(8.1%) O(7.5%) I(6.9%) N(6.7%) S( 6.3%) H(6.0%) R(5.9%) D(4.2%) L(4.0%) C( 2.7%) U(2.7%) M(2.4%) W(2.3%) F(2.2%) G(2.0%) Y(1.9%) P(1.9%) B(1.4%) V(0.9%) K(0.7% ) X(0.15%)J(0.15%) Q(0.09%) Z(0.07%)
Cipher Analysis • Select a cipher long enough • Analysis the frequency of all letters • Find the mapping of letters
Multiple Substitutes • A letter may be assigned different cipher symbols e3,7,23 • It makes it much harder to attack via statistic message
Playfair Cipher • Key: monarchy M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
Pairing before Encryption • Pair up letters walk(wa)(lk) • Insert filler letter for a pair with the same letter balloon(ba)(lx)(lo)(on)
Encryption Rules ar RM plaintext letters in the same row are replaced by the letter to the right (circularly) • muCM plaintext letters in the same column are replaced by the letter to the beneath (circularly) • bpHS plaintext letters are replaced by the letter that lie in its own row and column
Advantage of playfair over monoalphabetic • Multiple substitutes • Making the frequency analysis more difficulty
Polyalphabetic Cipher • 6 letters: a b c d e f a A B C D E F b B C D E F A c C D E F A B d D E F A B C e E F A B C D f F A B C D E
Encryption rules • Keyword: dece • Key: d e c e d e c e d e c e d • Plaintext: f d e f e c a b c c c e d • Ciphertext: CBAD BACF FAECA • The key “d” determines the row number “d” • The plaintext “f” determines column number “f” • The cipher letter is at the intersection of row “d” and column “f”, which is “C”
Polyalphabetic Cipher • 26 letters: a b c d e f ……. a A B C D E F ……. b B C D E F G ……. c C D E F G H ……. d D E F G H I ……. e E F G H I J ……. f F G H I J K ……. ……
Advantage • Each plaintext letter may be mapped to any of the 26 letters.
Basic Properties of Mod • For integers x, y, and k, x=y (mod k) if there is another integer z such that x-y=z*k • Example: x=7, y=11, k=4 3=11 (mod 4) • If x=y(mod k) iff x and y have the same remainder when divided by k
Mod k • Assume x=y(mod k) and u=v(mod k) we have: x+u=y+v(mod k) x*u=y*v(mod k)
Hill Cipher • Take m successive plaintext letters and substitutes for them m ciphertext letters • Each letter is assigned a numerical value • The Substitution is via a linear transformation
Matrix Multiplication • For two matrixes
Properties of matrix product • Associative: (AB)C=A(BC) • IA=AI=A, where I is the unit matrix 1 0 0 … 0 I= 0 1 0 … 0 0 0 1 … 0 …… 0 0 0 … 1
Inverse of matrix • For matrix , if there is another matrix such that AB=I, where I is the unit matrix. B is called the inverse of A, denoted by
Hill Cipher • C=K P mod 26 C is a column of m cipher letters K is a mxm matrix P is a column of m plain letters • K is invertible with I is a mxm matrix that has all ones on the main diagonal, and all zeros beyond the main diagonal
Encryption and Decryption • Encryption: • Decryption:
Example 17 17 5 • K= 21 18 21 2 2 19 4 9 15 • = 15 17 6 24 0 17