1 / 19

Security Attacks: Active and Passive

Security Attacks: Active and Passive. Active. Masquerade (impersonation). Replay. Modification of message. Denial of service. Passive. Traffic analysis. Release of message contents. Interruption Interception Modification Fabrication. Anita. Betito.

egillespie
Download Presentation

Security Attacks: Active and Passive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Attacks: Active and Passive • Active • Masquerade (impersonation) • Replay • Modification of message • Denial of service • Passive • Traffic analysis • Release of message contents

  2. Interruption Interception Modification Fabrication Anita Betito Classes of Security Attacks

  3. Interruption Interception Modification Fabrication Anita Betito Classes of Security Attacks: Interruption • Availability

  4. Interruption Interception Modification Fabrication Anita Betito Classes of Security Attacks: Interception • Confidentiality

  5. Interruption Interception Modification Fabrication Anita Betito Classes of Security Attacks: modification • Integrity

  6. Interruption Interception Modification Fabrication Anita Betito Classes of Security Attacks: fabrication • Authenticity

  7. Confidentiality - protect info value Authentication - protect info origin (sender) Identification - ensure identity of users Integrity - protect info accuracy Non-repudiation - protect from deniability Access control - access to info/resources Availability - ensure info delivery Security Services

  8. "Any sufficiently advanced technology is indistinguishable from magic.” Arthur C. Clarke. secure mail secure communications network authentication electronic voting electronic notary digital money (digital wallet) data distribution Some Practical Applications

  9. Pretty Good Privacy was created by Philip R. Zimmermann. For that, he was the target of a three-year criminal investigation, because the US government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite of this government persecution, PGP nonetheless became the most widely used email encryption software in the world. PGP is a freeware. A copy of the software can be obtain at, PGP download site: http://web.mit.edu/network/pgp.html Secure Mail: PGP (Pretty Good Privacy)

  10. Scenarios Security for real-time electronic links local area networks link encryption cellular (and ordinary) phones and faxes Goals message privacy sender and recipient authentication non-repudiation Tools key-agreement protocols secret-key cryptosystems public-key cryptosystems digital signatures certicates Secure Communications

  11. Scenarios conditional access TV software distribution via CD­ROM information bulletin boards Goals broadcast operation (TV, CD­ROM) message privacy selective reception Tools secret­key cryptography public­key cryptography secure hardware Data Distribution

  12. Scenarios general elections shareholders meetings secure distributed computation Goals anonymity fairness accountability Tools RSA-based mathematics blind signatures sender untraceability protocols Electronic Voting

  13. Scenarios replacement for paper money more flexible than credit cards Goals anonymity untraceability fairness dividability transferability off­line (from bank) operations universality Tools more RSA­based mathematics zero­knowledge protocols secure hardware tokens Digital Money (Digital Wallet)

  14. Design of cryptographic algorithms Analysis of cryptographic algorithms Design of cryptographic protocols Hardware and software implementations Applications of cryptography Some Research Interests in Cryptography

  15. Cryptography Schemes Sender Receiver Message Adversary Problem: How to have secure communication over an insecure channel?

  16. using this model requires us to: design an algorithm for the security transformation generate the secret information used by the algorithm develop methods to distribute the secret information specify a protocol enabling the principals to use the transformation & secret info for a security service Solution A: Trusted Third Party

  17. Solution B: Secret-key cryptography key: e or d Sender Receiver Ciphertext C := f(e; M) M := g(d; C) Adversary • Exchange the key over a secure channel • Functions f(e; -) and g(d; -) are inverses of one another • Encryption and decryption processes are symmetric

  18. requires establishment of a secure channel for key exchange two parties cannot start communication if they never met Problems with secret-key cryptography:

  19. requires establishment of a public-key directory in which everyone publishes their encryption keys two parties can start communication even they never met provides ability to sign digital data Alternative: Public-Key Cryptography

More Related