1 / 73

8. Network Security

8. Network Security. Introduction. Network Security deals with 4 basic problems: Secrecy - Confidentiality Authentication – Determining whom ur talking. The process of proving one's identity.

manon
Download Presentation

8. Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 8. Network Security

  2. Introduction • Network Security deals with 4 basic problems: • Secrecy - Confidentiality • Authentication – Determining whom ur talking. The process of proving one's identity. • Non-repudiation – deals with signatures. A mechanism to prove that the sender really sent this message • Integrity Control – Msg is the real one. Assuring the receiver that the received message has not been altered in any way from the original

  3. Cryptography • Comes from the Greek words for ''secret writing.'' • Distinction between ciphers and codes • A cipher is a character-for-character or bit-for-bit transformation (Encryption & Decryption algorithm) • a code replaces one word with another word or symbol (not used any more)

  4. Introduction to Cryptography P = Dk(C)

  5. Introduction to Cryptography • Cryptanalysis – Art of breaking ciphers • Cryptology – Art of devising them (cryptography) • Key : Is a number/character or a set of number/character that the cipher or algorithm operates on. • Use of Key: • Everytime changing algorithm is impractical. • Kerchkhoff’s Principle – All algorithm must be public; only the keys are secret. • Longer the key, higher the work factor

  6. Encryption methods • Divided into two categories: • Substitution ciphers • In a substitution cipher each letter or group of letters is replaced by another letter or group of letters to disguise it. • Preserve the order of the plaintext • 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the alphabet. • Transposition ciphers • Reorder the letters but do not disguise them • Eg : 'help me' becomes 'ehpl em' in a trivially simple rearrangement scheme

  7. Substitution Ciphers • Caesar cipher • The ciphertext alphabet to be shifted by k letters • For example if k=3 then • a becomes D, b becomes E, c becomes F, ... w becomes Z, x becomes A ….. and z becomes C

  8. Substitution Ciphers • Improvement • Monoalphabetic Substitution • Each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter • plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z • ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M Eg : attack - QZZQEA

  9. Breaking Substitution Ciphers • ‘e’ is the most common letter in English • e is commonly followed by t,o,a,n,I etc • Digrams: two letter combinations • th,in,er,re,an…. • Trigrams : three letter combinations • the,ing,and,ion • Find out the frequency of each letters. • Assign the max frequency to ‘e’ • Then the next freq value to t • Then look at trigrams tXe,which strongly suggest X=h • Similarly if the pattern thYt occurs frequently => Y=a • aZW = and

  10. Transposition Ciphers

  11. One-Time Pads • Unbreakable cipher • Steps: • Choose a random bit string as the key • Convert plaintext into bit string using ASCII • XOR two strings • Disadvantage: • Memorizing the key • Total amount of data is that can be transmitted is limited by amount of key

  12. One-Time Pads

  13. Quantum Cryptography • Uses Quantum Mechanics to guarantee secure communication. • It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages. • Vertical = 0 Horizontal = 1 • Lower left to Upper Right = 0 • Upper left to Lower Right = 1 • Rectilinear Basis = set of vertical to horizontal filter • Diagonal basis = same as rectilinear except rotated at 45 degree

  14. Example of Quantum Cryptography

  15. Types of Cryptography Algorithms (Modern Methods) • Symmetric Key (Secret key) • Same key is used by both parties • Asymmetric key(Public key) • Two keys are used • Private & Public Key • Private key is kept by the receiver. • Public key is announced public

  16. Symmetric-Key Algorithms • Uses same key for encryption and decryption • Block Ciphers – n-bit of block of plaintext as input transformed into n-bit block of ciphertext. • Cryptographic algorithms can be implemented in either hardware (for speed) or in software (for flexibility). • P-Box (Permutation) – By appropriate internal wiring, it can be made to perform any transposition • Uses 8 bit of data

  17. H/W implementation of transposition cipher 01234567 ?

  18. H/W implementation of transposition cipher 01234567 ? 36071245

  19. H/W implementation of substitution cipher 01234567 ?

  20. H/W implementation of substitution cipher 24506713 01234567 ?

  21. product cipher • 212=4096 crossed wires • K bit input = 64 to 256 • 18 Physical stages other than 7

  22. DES (Data Encryption Standard) • Product cipher developed by IBM • Plaintext is encrypted in blocks of 64 bits, yielding 64 bits of ciphertext • 56-bit key, 19 distinct stages • The first stage is a key-independent transposition on the 64-bit plaintext • The last stage is the exact inverse of this transposition • The stage prior to the last one exchanges the leftmost 32 bits with the rightmost 32 bits.

  23. The remaining 16 stages • Each stage takes two 32-bit inputs and produces two 32-bit outputs. • The left output is simply a copy of the right input. • The right output is the bitwise XOR of the left input and a function of the right input and the key for this stage, Ki. • All the complexity lies in this function

  24. Function. • The function consists of four steps • First, a 48-bit number, E, is constructed by expanding the 32-bit Ri - 1 according to a fixed transposition and duplication rule • Second, E and Ki are XORed together • This output is then partitioned into eight groups of 6 bits each, each of which is fed into a different S-box. Each of the 64 possible inputs to an S-box is mapped onto a 4-bit output. • Finally, these 8 x 4 bits are passed through a P-box.

  25. FIESTEL FUNCTION (F-Function) 48 bit

  26. Key • Before the algorithm starts, a 56-bit transposition is applied to the key • Before each iteration, the key is partitioned into two 28-bit units, each of which is rotated left by a number of bits dependent on the iteration number • Yet another 56-bit transposition to it. A different 48-bit subset of the 56bits is extracted and permuted on each round

  27. Whitening • It consists of XORing a random 64-bit key with each plaintext block before feeding it into DES • and then XORing a second 64-bit key with the resulting ciphertext before transmitting it.

  28. Triple DES To increase the key length of DES

  29. Raised two questions (Triple DES) • Why two keys not three? • 112(56*2) is adequate for commercial applications. • 168 (56*3) bit key just increases overhead. • Why EDE & not EEE? • Using triple encryption can speak to one using single encryption by just setting K1 = K2.

  30. AESThe Advanced Encryption Standard • The algorithm must be a symmetric block cipher. • The full design must be public. • Key lengths of 128, 192, and 256 bits must be supported. • Both software and hardware implementations must be possible. • The algorithm must be public or licensed on nondiscriminatory terms.

  31. AESThe Advanced Encryption Standard • Fifteen serious proposals were made • In August 1998, NIST (National Institute of Standards and Technology)selected five finalists primarily on the basis of their security, efficiency, simplicity, flexibility, and memory requirements

  32. The finalists and their scores were as follows: • Rijndael (from Joan Daemen and Vincent Rijmen, 86 votes). • Serpent (from Ross Anderson, Eli Biham, and Lars Knudsen, 59 votes). • Twofish (from a team headed by Bruce Schneier, 31 votes). • RC6 (from RSA Laboratories, 23 votes). • MARS (from IBM, 13 votes).

  33. Rijndael • Key & Block size : Supports 128 bits to 256 bits • AES has two variants: • 128 bit block with 128 bit key • 128 bit block with 256 bit key • 128 bit key => 2128 = 3*1038 • 1 billion processor which can evaluate 1 key per picosecond (10−12 seconds) it would take 1010 yrs to search the key space.

  34. Rijndael • Also uses Permutation & Substitution • There are Multiple rounds/iterations which depends on key size • 10 rounds for 128 bit key • 14 rounds for 256 bit key

  35. An outline of Rijndael

  36. AES

  37. Step 1 (Byte by Byte substitution on state using S Box) Rijndael uses only one SBox unlike DES which uses multiple SBox

  38. Step 2 (Rotation)

  39. Step 3 (Mix Columns)

  40. Step 4 (AddRoundKey step )

  41. Cipher Modes • Property of Block Ciphers • The same plaintext block goes in the front end, the same ciphertext block comes out the back end • If you encrypt the plaintext abcdefgh 100 times with the same DES key, you get the same ciphertext 100 times • Electronic Code Book Mode : Breaking up long piece of plaintext into 8 byte(64 bit) and encrypting it.

  42. Electronic Code Book Mode The plaintext of a file encrypted as 16 DES blocks.

  43. Cipher Modes • Cipher Block Chaining Mode • Cipher Feedback Mode • Stream Cipher Mode • Counter Mode

  44. Cipher Block Chaining Mode

  45. Cipher Block Chaining Mode • Each plaintext block is XORed with the previous ciphertext block before being encrypted • The first block is XORed with a randomly chosen IV (Initialization Vector), which is transmitted (in plaintext) along with the ciphertext.

  46. Cipher Block Chaining Mode

  47. Cipher Block Chaining Mode(Advantage & Disadvantage) • Adv: • Same plaintext block will not result in the same ciphertext block • Disadv : • Requiring an entire 64-bit block to arrive before decryption can begin

More Related