Create Presentation
Download Presentation

Download Presentation
## Fundamentals of Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Security Attacks**Passive Attacks Active Attacks**Passive Attacks**Interception (confidentiality)**Release Of Message Contents**Traffic Analysis Interception • learn sensitive information • Determine the identity and location of the host**Interruption**(availability) Modification (integrity) Fabrication (authenticity) Active Attacks**Modification (integrity)**Modify the contents of the message or a file. It is an attack on integrity**Interruption (availability)**Try to break the system to make it out of service. It is an attack on Availability.**Fabrication (Authenticity)**Insert messages into system or objects into files. Try to fool the system. It is attack on authenticity.**Confidentiality**Authentication Nonrepudiation Availability Integrity Security Service**Confidentiality**Is the protection of transmission from passive attacks ***-**-**** 444-21-8888 444-21-8888**Authentication**The authentication service assures that the recipient receives information from reliable source. I am friend Ok-let us talk**Integrity**Make sure that the message is received as it is sent without modification, duplication, insertion, reordering,or replay. He/She Broker Buy 1000 stocks, Buy 1000 stocks Buy 1000 stocks**Nonrepudiation**Nonrepudiation prevents either sender or receiver from denying a transaction. He/She Broker You are not john, I can’t do that. I am John, buy 1000 stocks**Availability**Protect against Denial Of Service attacks.**Cryptography Definition**• A process associated with scrambling plaintext (ordinary text, or clear text) into cipher text (a process called encryption), then back again (known as decryption). Cryptography concerns itself with four objectives: • Confidentiality (the information cannot be understood by anyone for whom it was unintended) • Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected). • Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information). • Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.**Secure Channel**Encryption Model X’ cryptanalyst K’ X X Plain Text Plain Text Encryption Algorithm Y Decryption Algorithm Cipher Text Key**Cryptography Classification**• Cryptographic systems are generally classified along three independent dimensions: • The type of operation used for transforming plaintext to ciphertext:: all encryption algorithms are based on two general principles: • Substitution: in which each element in the plain text (bit, letter, group of bits or letters) is mapped into another elements. • Transposition: in which elements in the plaintext are rearranged. • The fundamental requirements that all operations must be reversible. Most system involves multiple stages of substitution and transposition. • The number of keys used: • Symmetric: If both sender and receiver use the same key, the system referred to be symmetric, single-key, secret-key, or conventional encryption. • Asymmetric: if both sender and receiver each uses a different key, the system is referred to be as asymmetric, two-key, or public-key encryption. • The way in which the plaintext is processed: • Block ciphering: processes the input one block of elements at a time, producing an output block for each input block. • Stream ciphering: processes the input elements continuously, producing output one elements at a time.**Encryption techniques: Caesar Cipher**Substitution cipher: Plain: meet me after the party Cipher: PHHW PH DIWHU WKH SDUMB C = E(p) = (p+3) % 26 p = D(C) = (C-3) % 26**Encryption techniques: Caesar Cipher**Cryptanalysis : p = D(C) = (C-i) % 26 Try all the different 25 keys.**Encryption techniques: Mono-alphabetic Cipher**Substitution cipher: Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C The cipher line could be any permutation of the 26 characters, so there are 26! Or greater than 4 x 1026 Possible keys.**Encryption techniques: Mono-alphabetic Cipher**Cryptanalysis Construct a table of frequency of one, two etc letters in a very long English text. Construct another table of frequency of one, two etc letters based on the encrypted text. From the relationship of both tables we can figure out the encryption key.**Encryption techniques: Hill Cipher**Substitution cipher: The encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. The substitution is determined by m linear equations in which each character is assigned a numerical value determined by m linear equations in which each character is assigned a numerical value (a=0,b=1,….z=25). For m = 3, the system can be described as follows:**Secret Key**Public Key Encryption Techniques**Block Cipher Modes of Operations**• The Electronic Code Mode (ECB). • The Cipher Block Chaining Mode (CBC). • The Cipher Feedback Mode (CFB). • The Output Feedback Mode (OFB) • The Counter Mode (CTR).**PLAINTEXT**INPUT BLOCK INPUT BLOCK CIPHk CIPH-1k OUTPUT BLOCK OUTPUT BLOCK CIPHERTEXT ECB Encryption: ECB Decryption: Electronic Code Mode (ECB) ECB Encryption ECB Decryption CIPHERTEXT PLAINTEXT for j=1..n for j=1..n**INPUT BLOCK1**INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPH-1k CIPH-1k CIPH-1k CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK1 Cipher Block Chaining Mode (CBC) IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn ECB Encryption + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn + + + IV PLAINTEXT1 PLAINTEXT2 PLAINTEXTn**Cipher Block Chaining Mode (CBC) (continue)**for j=1..n CBC Encryption: CBC Decryption: for j=1..n • Initial Vector (IV): • Need not be secret. • It should be generated for each encryption/decryption operation. • Must be available for each party in the communication. • It is very difficult to generate IV from the plaintext.**INPUT BLOCKn**INPUT BLOCK1 INPUT BLOCK2 INPUT BLOCK1 INPUT BLOCKn INPUT BLOCK2 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 Output Feedback Mode (OFB) IV ECB Encryption PLAUNTEXT1 + PLAUNTEXT2 + Plaintextn + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption IV + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn**Output Feedback Mode (OFB)-Encryption**for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1**Output Feedback Mode (OFB)-Decryption**for j=2,….n for j=1,2…..n-1 for j=1,2…..n-1**INPUT BLOCK1**CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits Cipher Feedback Mode (CFB) ECB Encryption IV INPUT BLOCK (b-s)bits|sbits CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits PLAUNTEXT1 S bits + PLAUNTEXT1 S bits + IV CIPHERTEXT1 S bits CIPHERTEXT1 S bits ECB Decryption INPUT BLOCKn (b-s)bits|sbits INPUT BLOCK1 CIPHk CIPHk OUTPUT BLOCK1 Select s bits Discard (b-s)bits OUTPUT BLOCK1 Select s bits Discard (b-s)bits + + PLAINTEXT1 S bits PLAINTEXT1 S bits**Cipher Feedback Mode (OFB)-Encryption**for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits**Cipher Feedback Mode (OFB)-Decryption**for j=2,….n for j=1,2…..n for j=1,2…..n Ciphertext segment consists of s bits Plaintext segment consists of s bits**INPUT BLOCK2**INPUT BLOCKn INPUT BLOCK2 INPUT BLOCKn INPUT BLOCK1 INPUT BLOCK1 CIPHk CIPHk CIPHk CIPHk CIPHk CIPHk OUTPUT BLOCKn OUTPUT BLOCK1 OUTPUT BLOCK1 OUTPUT BLOCKn OUTPUT BLOCK2 OUTPUT BLOCK2 Counter Mode (CTR) Counter1 Counter1 Countern ECB Encryption PLAUNTEXT1 PLAUNTEXT2 Plaintextn + + + CIPHERTEXT1 CIPHERTEXT2 CIPHERTEXTn ECB Decryption Counter1 Counter2 Countern + + + PLAINTEXT1 PLAINTEXT2 PLAINTEXTn**Counter Mode (CTR) (continue)**for j=1..n for j=1..n-1 CTR Encryption: for j=1..n for j=1..n-1 CTR Decryption:**Secret Key**Data Encryption Standard (DES) E D K (56 bits) Cipher Data Plain Data K (56 bits) Plain Data Cipher Data**2DES**E E D D K1 (56 bits) K2 (56 bits) Cipher Data Plain Data K2 (56 bits) K1 (56 bits) Plain Data Cipher Data**3DES**D E E E D D K1 (56 bits) K2 (56 bits) K1 (56 bits) Cipher Data Plain Data K1 (56 bits) K2 (56 bits) K1 (56 bits) Plain Data Cipher Data**RSA (Rivest- Chamir Adelman)**Public Key E D KU (Alice) Cipher Data Bob’s Plain Data KP (Alice) Plain Data Cipher Data**Secret Key**Public Key Authentication Techniques**Authentication With Secret Key**E D K (Alice-Bob secret key) Bob Cipher Data Bob’s Name Bob’s Name K (Alice-Bob-secret key) Alice Cipher Data**Authentication With Public Key**E D KP (Bob’s Private Key) Bob Cipher Data Bob’s Name Bob’s Name KU (Bob’s Public Key) Alice Cipher Data**Integrity**Hashing Algorithms Message Digest of 128 bits 512 bit Blocks MD5 Message Digest of 160 bits 512 bit Blocks SHA-1**Hash Function Requirements**H(x) = h x is any size h is fixed**Hash Function Requirements (continue)**H is easy to implement using hardware or software**Hash Function Requirements (continue)**One way property : given h it is Computationally infeasible to find X such that H(x) = h**Hash Function Requirements (continue)**Week Collision Resistance : for any given x it is computationally infeasible to find y <> x with H(x) = H(y) Strong Collision Resistance : for any given(x,y) it is computationally infeasible to find H(x) = H(y)for x<>y**Hash Function Requirements (continue)**block1 block2 blockm Ci = bi1 + bi2 + …….. bim**Problem with simple hash function.**Doesn’t provide collision resistance