1 / 141

Fundamentals of Security

Fundamentals of Security. Security Attacks. Passive Attacks. Active Attacks. Passive Attacks. Interception (confidentiality). Release Of Message Contents. Traffic Analysis. Interception. learn sensitive information Determine the identity and location of the host. Interruption

avent
Download Presentation

Fundamentals of Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Security

  2. Security Attacks Passive Attacks Active Attacks

  3. Passive Attacks Interception (confidentiality)

  4. Release Of Message Contents Traffic Analysis Interception • learn sensitive information • Determine the identity and location of the host

  5. Interruption (availability) Modification (integrity) Fabrication (authenticity) Active Attacks

  6. Modification (integrity) Modify the contents of the message or a file. It is an attack on integrity

  7. Interruption (availability) Try to break the system to make it out of service. It is an attack on Availability.

  8. Fabrication (Authenticity) Insert messages into system or objects into files. Try to fool the system. It is attack on authenticity.

  9. Confidentiality Authentication Nonrepudiation Availability Integrity Security Service

  10. Confidentiality Is the protection of transmission from passive attacks ***-**-**** 444-21-8888 444-21-8888

  11. Authentication The authentication service assures that the recipient receives information from reliable source. I am friend Ok-let us talk

  12. Integrity Make sure that the message is received as it is sent without modification, duplication, insertion, reordering,or replay. He/She Broker Buy 1000 stocks, Buy 1000 stocks Buy 1000 stocks

  13. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transaction. He/She Broker You are not john, I can’t do that. I am John, buy 1000 stocks

  14. Availability Protect against Denial Of Service attacks.

  15. Cryptography Definition • A process associated with scrambling plaintext (ordinary text, or clear text) into cipher text (a process called encryption), then back again (known as decryption). Cryptography concerns itself with four objectives: • Confidentiality (the information cannot be understood by anyone for whom it was unintended) • Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected). • Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information). • Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.

  16. Secure Channel Encryption Model X’ cryptanalyst K’ X X Plain Text Plain Text Encryption Algorithm Y Decryption Algorithm Cipher Text Key

  17. Cryptography Classification • Cryptographic systems are generally classified along three independent dimensions: • The type of operation used for transforming plaintext to ciphertext:: all encryption algorithms are based on two general principles: • Substitution: in which each element in the plain text (bit, letter, group of bits or letters) is mapped into another elements. • Transposition: in which elements in the plaintext are rearranged. • The fundamental requirements that all operations must be reversible. Most system involves multiple stages of substitution and transposition. • The number of keys used: • Symmetric: If both sender and receiver use the same key, the system referred to be symmetric, single-key, secret-key, or conventional encryption. • Asymmetric: if both sender and receiver each uses a different key, the system is referred to be as asymmetric, two-key, or public-key encryption. • The way in which the plaintext is processed: • Block ciphering: processes the input one block of elements at a time, producing an output block for each input block. • Stream ciphering: processes the input elements continuously, producing output one elements at a time.

  18. Encryption techniques: Caesar Cipher Substitution cipher: Plain: meet me after the party Cipher: PHHW PH DIWHU WKH SDUMB C = E(p) = (p+3) % 26 p = D(C) = (C-3) % 26

  19. Encryption techniques: Caesar Cipher Cryptanalysis : p = D(C) = (C-i) % 26 Try all the different 25 keys.

  20. Encryption techniques: Mono-alphabetic Cipher Substitution cipher: Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C The cipher line could be any permutation of the 26 characters, so there are 26! Or greater than 4 x 1026 Possible keys.

  21. Encryption techniques: Mono-alphabetic Cipher Cryptanalysis Construct a table of frequency of one, two etc letters in a very long English text. Construct another table of frequency of one, two etc letters based on the encrypted text. From the relationship of both tables we can figure out the encryption key.

  22. Encryption techniques: Hill Cipher Substitution cipher: The encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. The substitution is determined by m linear equations in which each character is assigned a numerical value determined by m linear equations in which each character is assigned a numerical value (a=0,b=1,….z=25). For m = 3, the system can be described as follows:

  23. Encryption techniques: Hill Cipher

  24. Secret Key Public Key Encryption Techniques

  25. Block Cipher Modes of Operations • The Electronic Code Mode (ECB). • The Cipher Block Chaining Mode (CBC). • The Cipher Feedback Mode (CFB). • The Output Feedback Mode (OFB) • The Counter Mode (CTR).

  26. PLAINTEXT INPUT BLOCK INPUT BLOCK CIPHk CIPH-1k OUTPUT BLOCK OUTPUT BLOCK CIPHERTEXT ECB Encryption: ECB Decryption: Electronic Code Mode (ECB) ECB Encryption ECB Decryption CIPHERTEXT PLAINTEXT for j=1..n for j=1..n

  27. INPUT BLOCK1 INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPH-1k CIPH-1k CIPH-1k CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 Cipher Block Chaining Mode (CBC) IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn ECB Encryption + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn + + + IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn

  28. Cipher Block Chaining Mode (CBC) (continue) for j=1..n CBC Encryption: CBC Decryption: for j=1..n • Initial Vector (IV): • Need not be secret. • It should be generated for each encryption/decryption operation. • Must be available for each party in the communication. • It is very difficult to generate IV from the plaintext.

  29. INPUT BLOCKn INPUT BLOCK1 INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 Output Feedback Mode (OFB) IV ECB Encryption PLAUNTEXT1 + PLAUNTEXT2 + Plaintextn + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption IV + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn

  30. Output Feedback Mode (OFB)-Encryption for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1

  31. Output Feedback Mode (OFB)-Decryption for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1

  32. INPUT BLOCK1 CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits Cipher Feedback Mode (CFB) ECB Encryption IV INPUT BLOCK (b-s)bits|sbits CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits PLAUNTEXT1 S bits + PLAUNTEXT1 S bits + IV CIPHERTEXT1 S bits CIPHERTEXT1 S bits ECB Decryption INPUT BLOCKn (b-s)bits|sbits INPUT BLOCK1 CIPHk CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits OUTPUT BLOCK1 Select s bits Discard (b-s)bits + + PLAINTEXT1 S bits PLAINTEXT1 S bits

  33. Cipher Feedback Mode (OFB)-Encryption for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits

  34. Cipher Feedback Mode (OFB)-Decryption for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits

  35. INPUT BLOCK2 INPUT BLOCKn INPUT BLOCK2 INPUT BLOCKn INPUT BLOCK1 INPUT BLOCK1 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 Counter Mode (CTR) Counter1 Counter1 Countern ECB Encryption PLAUNTEXT1 PLAUNTEXT2 Plaintextn + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption Counter1 Counter2 Countern + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn

  36. Counter Mode (CTR) (continue) for j=1..n for j=1..n-1 CTR Encryption: for j=1..n for j=1..n-1 CTR Decryption:

  37. Secret Key Data Encryption Standard (DES) E D K (56 bits) Cipher Data Plain Data K (56 bits) Plain Data Cipher Data

  38. 2DES E E D D K1 (56 bits) K2 (56 bits) Cipher Data Plain Data K2 (56 bits) K1 (56 bits) Plain Data Cipher Data

  39. 3DES D E E E D D K1 (56 bits) K2 (56 bits) K1 (56 bits) Cipher Data Plain Data K1 (56 bits) K2 (56 bits) K1 (56 bits) Plain Data Cipher Data

  40. RSA (Rivest- Chamir Adelman) Public Key E D KU (Alice) Cipher Data Bob’s Plain Data KP (Alice) Plain Data Cipher Data

  41. Secret Key Public Key Authentication Techniques

  42. Authentication With Secret Key E D K (Alice-Bob secret key) Bob Cipher Data Bob’s Name Bob’s Name K (Alice-Bob-secret key) Alice Cipher Data

  43. Authentication With Public Key E D KP (Bob’s Private Key) Bob Cipher Data Bob’s Name Bob’s Name KU (Bob’s Public Key) Alice Cipher Data

  44. Integrity Hashing Algorithms Message Digest of 128 bits 512 bit Blocks MD5 Message Digest of 160 bits 512 bit Blocks SHA-1

  45. Hash Function Requirements H(x) = h x is any size h is fixed

  46. Hash Function Requirements (continue) H is easy to implement using hardware or software

  47. Hash Function Requirements (continue) One way property : given h it is Computationally infeasible to find X such that H(x) = h

  48. Hash Function Requirements (continue) Week Collision Resistance : for any given x it is computationally infeasible to find y <> x with H(x) = H(y) Strong Collision Resistance : for any given(x,y) it is computationally infeasible to find H(x) = H(y)for x<>y

  49. Hash Function Requirements (continue) block1 block2 blockm Ci = bi1 + bi2 + …….. bim

  50. Problem with simple hash function. Doesn’t provide collision resistance

More Related