1 / 36

Cryptography & Network Security

Cryptography & Network Security. Principles of modern ciphers Implement crypto library Network Security Applications System Security. MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI. Course details. Number of credits: 3 Study time allocation per week: 2 lecture hours for theory

aristotle-mcpherson
Download Presentation

Cryptography & Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography & Network Security Principles of modern ciphers Implement crypto library Network Security Applications System Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI

  2. Course details • Number of credits: 3 • Study time allocation per week: • 2 lecture hours for theory • 2 lecture hours for lab, exercises • 6 hours for self-study • Website: http://www.cse.hcmut.edu.vn/~dat

  3. Course outline (1/2) • Basics of Cryptography • Symmetric key • Public key • Hash function • Network Security Applications • Authentication applications • E-mail security

  4. Course outline (2/2) • Network Security Applications (con’t) • Web security • IP security • System Security • IDS/IPS • Firewalls • …

  5. References [1] “Cryptography and Network Security Principles and Practices”, W. Stallings, 4th ed., Prentice Hall, 2005 [2] Slides “Cryptography and Network Security”, BộmônHệthốngvàMạng, KhoaKhoahọcvàKỹthuậtmáytính, ĐHBK Tp.HCM.

  6. Assessment Scheme • Attending lectures: >80% lecture times • Reading textbooks and references • Self-study and working in group • Lab: 20% • Assignments: 20% • Midterm Exam: 20%, multiple question choice test – 45’ • Final Exam: 40%, multiple question choice test – 60’

  7. Chapter 1Introduction MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI

  8. Background Information Security requirements have changed in recent times. traditionally provided by physical and administrative mechanisms. computer use requires automated tools to protect files and other stored information. use of networks and communications links requires measures to protect data during transmission.

  9. Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers. • Network Security - measures to protect data during their transmission. • Internet Security - measures to protect data during their transmission over a collection of interconnected networks.

  10. Aim of Course • our focus is on Internet Security • which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission & storage of information

  11. Security Trends

  12. OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • defines a systematic way of defining and providing security requirements • for us it provides a useful, if abstract, overview of concepts we will study

  13. Aspects of Security • consider 3 aspects of information security: • security attack • security mechanism • security service

  14. Security Attack • any action that compromises the security of information owned by an organization • information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • often threat & attack used to mean same thing • have a wide range of attacks • can focus of generic types of attacks • passive • active

  15. Classify Security Attacks • passive attacks - eavesdropping on, or monitoring of, transmissions to: • obtain message contents, or • monitor traffic flows • active attacks – modification of data stream to: • masquerade of one entity as some other • replay previous messages • modify messages in transit • denial of service

  16. Types of Attacks

  17. Passive Attacks

  18. Active Attacks

  19. Security Service • enhance security of data processing systems and information transfers of an organization • intended to counter security attacks • using one or more security mechanisms • often replicates functions normally associated with physical documents

  20. Security Services • X.800 “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” • RFC 2828 “a processing or communication service provided by a system to give a specific kind of protection to system resources”

  21. Security Services (X.800) • Authentication - assurance that the communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation - protection against denial by one of the parties in a communication

  22. Security Mechanism • feature designed to detect, prevent, or recover from a security attack • no single mechanism that will support all services required • however one particular element underlies many of the security mechanisms in use: • cryptographic techniques • hence our focus on this topic

  23. Security Mechanisms (X.800) • specific security mechanisms • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • pervasive security mechanisms • trusted functionality, security labels, event detection, security audit trails, security recovery

  24. Model for Network Security

  25. Model for Network Security • using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service

  26. Model for Network Access Security

  27. Model for Network Access Security • using this model requires us to: • select appropriate gatekeeper functions to identify users • implement security controls to ensure only authorised users access designated information or resources • trusted computer systems may be useful to help implement this model

  28. Cryptography

  29. Cryptography • characterize cryptographic system by: • type of encryption operations used • substitution / transposition / product • number of keys used • single-key or private / two-key or public • way in which plaintext is processed • block / stream

  30. Cryptanalysis • objective to recover key not just message • general approaches: • cryptanalytic attack • brute-force attack

  31. Cryptanalytic Attacks • ciphertext only • only know algorithm & ciphertext, is statistical, know or can identify plaintext • known plaintext • know/suspect plaintext & ciphertext • chosen plaintext • select plaintext and obtain ciphertext • chosen ciphertext • select ciphertext and obtain plaintext • chosen text • select plaintext or ciphertext to en/decrypt

  32. More Definitions • unconditional security • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security • given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

  33. Brute Force Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext

  34. Summary • have considered: • definitions for: • computer, network, internet security • X.800 standard • security attacks, services, mechanisms • models for network (access) securityto • Cryptography, cryptanalysis

  35. Self study • Symmetric Cipher Model • Classical Substitution Ciphers • Caesar Cipher • Monoalphabetic Cipher • Playfair Cipher • Polyalphabetic Ciphers • Vigenère Cipher • Cryptanalysis using letter frequencies

More Related