1 / 26

Chapter 12

Chapter 12. Security. Information Systems. Cryptography Information Security. Chapter Goals. Cryptography Techniques Information Security Issues. Cryptography and Information Security. Cryptography. Cryptography

sierra
Download Presentation

Chapter 12

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12 Security

  2. Information Systems • Cryptography • Information Security

  3. Chapter Goals • Cryptography Techniques • Information Security Issues

  4. Cryptography and Information Security

  5. Cryptography Cryptography The field of study related to encoded information (comes from Greek word for "secret writing") Encryption The process of converting plaintext into ciphertext Decryption The process of converting ciphertext into plaintext

  6. Cryptography Encryption plaintext message ciphertext message Decryption Encrypted(Information) cannot be read (understood ) Decrypted(Encrypted(Information)) can be

  7. Cryptography Cipher An algorithm used to encrypt and decrypt text Key The set of parameters that guide a cipher • Neither is any good without the other • Need to keep at least one of these secret • (or even better, both)

  8. Cryptography Substitution cipher --A cipher that substitutes one character with another Caesar cipher --A substitution cipher that shifts characters a certain number of positions in the alphabet Transposition ciphers --A cipher that rearranges the order of existing characters in a message in a certain way (e.g., a route cipher)

  9. Substitution cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Encrypt(COMPUTER) = FRPSXWHU Decrypt(FRPSXWHU) = COMPUTER Why is this called the Caesar cipher? What is the key?

  10. Transposition Cipher T O D A Y + I S + M O N D A Y Algorithm 1: Write across rows Read down columns Encrypt(TODAY IS MONDAY) = T+OOINDSDA+AYMY The key is the table dimensions, 5 x 3

  11. Transposition Cipher T O D A Y + I S + M O N D A Y Algorithm 2: Write across rows Read in a counter clockwise spiral from top-left Encrypt(TODAY IS MONDAY) = T+ONDAYMYADOIS+

  12. Cryptanalysis Cryptanalysis Decrypting a message without knowing the cipher or the key Substitution and transposition ciphers are easy for modern computers to break using frequency analysis of characters and patterns To protect information more sophisticated schemes are needed

  13. Cryptanalysis withFrequency analysis Frequency Analysis Breaking a cipher by looking for the frequency of letters (or other patterns) English 

  14. Encryption Standards There are 2 standard encryption systems: • 3DES aka Private Key Cryptography Efficient, but needs a secret key! • RSA aka Public-Key Cryptography Actually uses a pair of keys, one public, one private

  15. 3DES (Triple Data Encryption Standard) 3DES • Uses multiple substitutions and transpositions to hide patterns • Etext appears essentially random • it is very hard to crack The cipher algorithm is public The keyis kept secret

  16. 3DES (Triple Data Encryption Standard) 3DES Since the cipher is public, bad guys can always try to guess the key The key is 128 bits so quessing takes a loooooooooooooooong time: 2 ^ 128 = 340,000,000,000,000,000,000,000,000,000,000,000,000 keys PROBLEM: How to keep the key secret????

  17. RSA Public Key Cryptography Public-key cryptography • There are two related keys, one public and one private • Sender encrypts an outgoing message, using the Receiver's public key • Only the Receiver's private key can decrypt the message

  18. Exchanging Secret Keys • 3DES is a more efficient algorithm than RSA • However, the problem with 3DES is how to do the secret exchange of the private “session key” between sender and receiver • RSA can help with this exchange

  19. RSA Public Key Cryptography Session Key Exchange • B generates a “session key”, encrypts it using A’s public key, and sends it to A • A uses its private key to decrypt the session key

  20. 3 Things RSA can help do • Session Key Exchange • Used to exchange 3DES “session keys” • Authentication - Are you who you say you are? • Like a written signature says: “I am me” • Certification - Are you a “good guy” • Like a drivers license says “CA says I can drive” • Or a Diploma says “FLC says I am educated”

  21. AuthenticationDigital Signatures Key Exchange Protocol with Authentication: • A encrypts a random number using B’s public key • B decrypts A’s number using B’s private key, combines the number with a Session Key, encrypts the whole message using A’s public key, and sends it to A • A decrypts the message using A’s private key, if the random number matches the message must be from B. • (Or at least from the same person who sent “B’s public key”)

  22. Certification Digital certificate Uses a Third Party to prove you are a “good guy” Example: Verisign Made possible by RSA key pairs Certificates can only be decrypted by Certificate Issuer, essentially validating the certificate bearer

  23. Computer Security Issues

  24. Computer Security • Malicious Code • A computer program that attempts to bypass appropriate authorization and/or perform unauthorized functions • Worm stands alone, targets network resources • Trojan horse disguised as benevolent resource • Virusself-replicating • Logic bomb set up to execute at system event

  25. Computer Security • Security Attacks • An attack on the computer system itself • Password guessing • Phishing trick users into revealing security information • Spoofing malicious user masquerades as authorized user • Back door unauthorized access to anyone who knows it exists

  26. Computer Security • Denial-of-service attack that overwhelms a system • Man-in-the-middlenetwork communication is intercepted in an attempt to obtain key data

More Related