Download
1 / 69
690 likes | 694 Views
Objectives:. ❑. ❑. ❑. ❑. ❑. To define security goals, types of attacks, and services provided by network security. To define two security techniques: cryptography and steganography. To define the first goal of security, confidentiality.
E N D
Objectives: ❑ ❑ ❑ ❑ ❑ To define security goals, types of attacks, and services provided by network security. To define two security techniques: cryptography and steganography. To define the first goal of security, confidentiality. To distinguish between symmetric-key ciphers and asymmetric-key ciphers and their applications. To describe other aspects of security: message integrity, message authentication, digital signature, entity authentication, and key management.
Objectives (continued): ❑ ❑ ❑ ❑ To understand how message integrity and message authentication cab be achieved. To understand how the symmetric and asymmetric keys are distributed between entities in communication. To understand the use of the firewalls to prevent harmful messages from reaching a system. To understand the difference between message authentication and entity authentication.
16.1 INTRODUCTION We are living in the information age. We need to keep information about every aspect of our lives. In other words, information is an asset that has a value like any other asset. As an asset, information needs to be secured from attacks. To be secured, information needs to be hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity), and available to an authorized entity when it is needed (availability).
Security goals Let us first discuss three security goals: confidentiality, integrity, and availability. Confidentiality Confidentialityis probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information.
Integrity Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. Availability The third component of information security is availability. Attacks Our three goals of security—confidentiality, integrity, and availability—can be threatened by security attacks.
Attacks threatening confidentiality In general, two types of attacks threaten the confidentiality of information: snooping and traffic analysis. Snooping Snooping refers to unauthorized access to or interception of data. Attacks threatening integrity The integrity of data can be threatened by several kinds of attacks: modification, masquerading,replaying, and repudiation.
Masquerading Masquerading, or spoofing, happens when the attacker impersonates somebody else. Replaying Replaying is another attack. The attacker obtains a copy of a message sent by a user and later tries to replay it. Attacks threatening availability We mention only one attack threatening availability: denial of service.
Cryptography Cryptography, a word with Greek origins, means “secret writing.” However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. Although in the past cryptography referred only to the encryption and decryption of messages using secret keys, today it is defined as involving three distinct mechanisms: symmetric-key encipherment,asymmetric-key encipherment, and hashing. We will discuss all these mechanisms later in the chapter.
Steganography The word steganography,with origins in Greek, means “covered writing,” in contrast with cryptography, which means“secret writing.” Cryptography means concealing the contents of a message by enciphering;steganography means concealing the message itself by covering it with something else.We leave the discussion of steganography to some books dedicated to this topic.
16.2 CONFIDENTIALITY We now look at the first goal of security, confidentiality. Confidentiality can be achieved using ciphers. Ciphers can be divided into two broad categories: symmetric-key and asymmetric-key.
Symmetric-key ciphers Figure 16.2: General idea of a symmetric-key cipher A symmetric-key cipher uses the same key for both encryption and decryption, and the key can be used for bidirectional communication, which is why it is called symmetric.
In Figure 16.2, an entity, Alice, can send a message to another entity, Bob, over an insecure channel with the assumption that an adversary, Eve, cannot understand the contents of the message by simply eavesdropping over the channel. The original message from Alice to Bob is called plaintext; the message that is sent through the channel is called ciphertext. To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a shared secret key. To create the plaintext from ciphertext, Bob uses a decryption algorithm and the same secret key. We refer to encryption and decryption algorithms as ciphers. A key is a set of values (numbers) that the cipher, as an algorithm, operates on.
Substitution ciphers Figure 16.4: Representation of plaintext and ciphertext A substitution cipher replaces one symbol with another. If the symbols in the plaintext arealphabetic characters, we replace one character with another. For example, we can replaceletter A with letter D and letter T with letter Z. If the symbols are digits (0 to 9), we canreplace 3 with 7 and 2 with 6.
Historically, additive ciphers are called shift ciphers because the encryption algorithmcan be interpreted as “shift key characters down” and the encryption algorithm can beinterpreted as “shift key characters up.” Julius Caesar used an additive cipher, with a keyof 3, to communicate with his officers. For this reason, additive ciphers are sometimesreferred to as the Caesar cipher.
Polyalphabetic ciphers In a polyalphabetic cipher, each occurrence of a character may have a different substitute.The relationship between a character in the plaintext to a character in the ciphertext is one-to-many. For example, “a” could be enciphered as “D” at the beginning of the text, but as“N” in the middle. To see the position dependency of the key, let us discuss a simple polyalphabetic ciphercalled the autokey cipher.
Transposition ciphers A transposition cipher does not substitute one symbol for another; instead it changes thelocation of the symbols. A symbol in the first position of the plaintext may appear in thetenth position of the ciphertext. A symbol in the eighth position in the plaintext mayappear in the first position of the ciphertext. In other words, a transposition cipher reorders(transposes) the symbols.
Stream and block ciphers The literature divides the symmetric ciphers into two broad categories: stream ciphers andblock ciphers. Stream cipher In a stream cipher, encryption and decryption are done one symbol (such as a character ora bit) at a time.
Block ciphers In a block cipher, a group of plaintext symbols of size m (m > 1) are encrypted together,creating a group of ciphertext of the same size. Modern symmetric-key ciphers The traditional symmetric-key ciphers that we have studied so far are character-orientedciphers. With the advent of the computer, we need bit-oriented ciphers.
Modern block ciphers Figure 16.6: A modern block cipher A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts ann-bit block of ciphertext. The encryption or decryption algorithm uses a k-bit key.
Modern stream ciphers Figure 16.7: One-time pad The simplest and the most secure type of synchronous stream cipher is called theOne-time pad, which was invented and patented by Gilbert Vernam. Note also that there must be a secure channel so that Alice can send the keystream sequence to Bob (Figure 16.7).
Asymmetric-key ciphers In previous sections we discussed symmetric-key ciphers. In this section, we start thediscussion of asymmetric-key ciphers. Symmetric- and asymmetric-key ciphers willexist in parallel and continue to serve the community. We actually believe that they arecomplements of each other; the advantages of one can compensate for the disadvantagesof the other.
The figure shows that, unlike symmetric-key cryptography, there are distinctive keys inasymmetric-key cryptography: a private key and a public key. Although some books use theterm secret key instead of private key, we use the term secret key only for symmetric-keycryptography and the terms private key and public key for asymmetric-key cryptography. Figure 16.9: General idea of asymmetric-key cryptosystem
Figure 16.10 shows several important facts. First, it emphasizes the asymmetric natureof the cryptosystem. The burden of providing security is mostly on the shoulders of thereceiver (Bob, in this case). Bob needs to create two keys: one private and one public. Bobis responsible for distributing the public key to the community. Plaintext/ciphertext The message must be encoded as an integer (or a set ofintegers) before encryption; the integer (or the set of integers) must be decoded into themessage after decryption.
Encryption/decryption Encryption and decryption in asymmetric-key cryptography are mathematical functionsapplied over the numbers representing the plaintext and ciphertext. Need for both There is a very important fact that is sometimes misunderstood: the advent of asymmetrickey(public-key) cryptography does not eliminate the need for symmetric-key (secret-key)cryptography.
RSA cryptosystem Although there are several asymmetric-key cryptosystems, one of the common public-key algorithms is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman).RSA uses two exponents, e and d, where e is public and d is private. Suppose P isthe plaintext and C is the ciphertext. Alice uses C = Pe mod n to create ciphertext C fromplaintext P; Bob uses P = Cd mod n to retrieve the plaintext sent by Alice. The modulus n,a very large number, is created during the key generation process.
Procedure Figure 16.10: Encryption, decryption, and keys in RSA Figure 16.10 shows the general idea behind theprocedure used in RSA.
16.3 OTHER ASPECTS OF SECURITY The cryptography systems that we have studied so far provide confidentiality. However, in modern communication, we need to take care of other aspects of security, such as integrity, message and entity authentication, non-repudiation, and key management. We briefly discuss these issues in this section.
Message integrity There are occasions where we may not even need secrecy but instead must have integrity:the message should remain unchanged. For example, Alice may write a will to distribute herestate upon her death. Message and message digest Eve cannot modify the contents ofthis document or create a false document because she cannot forge Alice’s fingerprint. To preserve the integrity of a message, the message is passed through analgorithm called a cryptographic hash function.
Message authentication To ensure the integrity of the message and the data origin authentication—thatAlice is the originator of the message, not somebody else—we need to include a secretshared by Alice and Bob (that Eve does not possess) in the process; we need to create amessage authentication code (MAC). Figure 16.12 shows the idea.
Note that there is no need to use two channels in this case. Both the message and theMAC can be sent on the same insecure channel. Eve can see the message, but she cannotforge a new message to replace it because Eve does not possess the secret key betweenAlice and Bob. She is unable to create the same MAC that Alice did.
Digital signature Another way to provide message integrity and message authentication (and some moresecurity services, as we will see shortly) is a digital signature. A MAC uses a secret key toprotect the digest; a digital signature uses a pair of private-public keys. Verification method The recipient needs to have a copy of this signature on file forcomparison.
Duplicity For example, suppose Alice sendsa document instructing Bob to pay Eve. If Eve intercepts the document and the signature,she can resend it later to get money again from Bob. Process Figure 16.13 shows the digital signature process. The sender uses a signing algorithm to signthe message. The message and the signature are sent to the receiver. The receiver receivesthe message and the signature and applies the verifying algorithm to the combination. If theresult is true, the message is accepted; otherwise, it is rejected.
Signing the digest We said before that the asymmetric-key cryptosystems are very inefficient when dealingwith long messages. The sender can sign the message digest and the receiver canverify the message digest. The effect is the same. Figure 16.14 shows signing a digest in adigital signature system.
A digest is made out of the message at Alice’s site. The digest then goes through thesigning process using Alice’s private key. Alice then sends the message and the signatureto Bob. At Bob’s site, using the same public hash function, a digest is first created out of thereceived message. The verifying process is applied. If authentic, the message is accepted;otherwise, it is rejected. Services We discussed several security services in the beginning of the chapter including messageconfidentiality, messageauthentication, messageintegrity, and non-repudiation.
Message authentication Message integrity Non-repudiation One solution is a trusted third party. People can create an established trusted partyamong themselves. Later in the chapter, we will see that a trusted party can solve manyother problems concerning security services and key exchange. Figure 16.15 shows how atrusted party can prevent Alice from denying that she sent the message.
