Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Network Security Sorina Persa Group 3250 Group 3250.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
Chapter 31 Network Security
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Bob can sign a message using a digital signature generation algorithm
Behzad Akbari Spring In the Name of the Most High.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Cryptography, Authentication and Digital Signatures
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Networks Management and Security Lecture 3.
IS 302: Information Security and Trust Week 5: Integrity 2012.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Chapter 21 Public-Key Cryptography and Message Authentication.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Network Security David Lazăr.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Digital Signatures, Message Digest and Authentication Week-9.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Computer Communication & Networks
Information Security message M one-way hash fingerprint f = H(M)
Basic Network Encryption
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Basic Network Encryption
Presentation transcript:

Security

Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to the genuine users Security policy is to ensure that

Security Services Authentication Access control Data confidentiality Data integrity Non-repudiation

Security Services A user proves its identity to another party A data sender proves that the data is actually sent by him/her Authentication

Security Services Guard against unauthorized use of resources Access control

Security Services Data and its meanings are only available to those who are the genuine receivers For other parties, the data would appear to be “ rubbish ” Data confidentially

Security Services Guards against active attack – modification, insertion, deletion, replay If a piece of data is changed, such a change can be detected Data integrity

Security Services When a party sends a piece of information, it can be proved that the sender is actually that party The sender cannot subsequently deny the act of having sent a piece of information Non-repudiation

Security Mechanisms Encipherment Digital signature Access control To provide security services, some specific security mechanisms may be implemented:

DES The Data Encryption Standard (DES) is a private key encryption system developed by the U.S. government in the 1970s It was based on a previous IBM encryption system called “ Lucifer ” It was adopted as a U.S. federal standard in 1976, and then as an international standard

DES Overview Plaintext size : 64 bits Key size : 64 bits input, only 56 bits are used Ciphertext size : 64 bits 64 bit ciphertext Encryption 64 bit message 56 bit key

Strength of DES DES has been cryptanalyzed for many years by many people, no serious flaws have been revealed up to now The 56-bit key size : there are 2 56 =7.2x10 16 different possible keys May not be sufficient to resist brute- force key search attack

Strength of DES If it takes 1 sec to test 1 key then 228 million years are needed to test all keys If it takes 1 μsec to test 1 key then 2,280 years to test all keys If there are 1 million machines working in parallel then the key can be found in a day!

Triple DES Triple DES employs the Encrypt-Decrypt- Encrypt (EDE) mode of operation with two different keys – equivalent to a key of 112 bits k2 DES Decrypt DES Encrypt k1 plaintext DES Encrypt k1 ciphertext

Triple DES The decryption process is: k2 DES Encrypt DES Decrypt k1 ciphertext DES Decrypt k1 plaintext

Triple DES Triple DES can use the existing DES block When K2=K1, the triple DES system “ falls back ” to the single DES system It is “ backward compatible ” with single key DES

AES AES stands for “ Advanced Encryption System ” NIST (National Institute of Standards and Technology) of USA announced AES in 1997, and then called for algorithms from the public on 12 Sept 1997

AES Researchers from 12 different countries submitted 15 algorithms for the AES As at Aug 1999, 5 algorithms have been chosen by NIST for further consideration On 3-Oct-2000, the proposal by Rijdael [pro. Rhine doll] – Joan Daemen and Vincent Rijmen of Belgium was selected

Public Key Encryption

Each user will have a pair of keys K1 & K2 Use keys K1 to encrypt and K2 to decrypt Keep K1 private and top secret Gives out K2 to anybody who needs it K1 is called the private key K2 is called the public key

Two Keys In a public key encryption system, the encryption key and the decryption key are different Plaintext Encryption Key K1 Decryption Key K2

Proof of Identity Alice sends a message to Bob Bob can prove that the message could only have been created by Alice English Message Encryption Alice ’ s Private Key K1 Decryption Alice ’ s Public Key K2 Alice English Message Bob

Confidentiality + Identity Alice sends an encrypted message to Bob so that only Bob can decrypt the message and Bob can later prove that the creator was Alice English Message Encryption Alice ’ s Private Key Encryption Bob ’ s Public Key Alice Encrypted Message

RSA Algorithm The most widely used public key algorithm Proposed by Rivest, Shamir, and Adleman Security is based on the difficulty in factorizing a large integer that is the product of two large prime numbers E.g. 437 = ? x ? 437 = 19 x 23 Reference web page:

Hash Function A Hash Functionis a one-way function y=H(x), designed to produced a fixed length “ message digest ” or a “ fingerprint ” of a variable-length message Input = x (variable Length) Hash Function Output = y (fixed length)

MD5 MD5 – Message Digest 5 Designed by Prof. R. Rivest of MIT Internet standard – RFC1321 Thought to be a strong hash function The message digest is 128 bits Message is processed in 512-bit blocks

Secure Hash Algorithm (SHA) SHA was FIPS PUB 180-1, designed by the U.S. National Security Agency (NSA) To be used in the Digital Signature Algorithm (DSA) – part of the Digital Signature Standard (DSS) Input data length is less than 2 64 bits Message digest is 160 bits

Digital Signature A digital signature has functions similar to those of conventional signature Support authentic messages: Signer of document can be confirmed Contents of a signed document can be verified

Digital Signature Generation A widely adopted scheme is based on hash function and public key encryption ….. …… ….. HashEncrypt Alice ’ s Private key ….. …… ….. DS Alice

Digital Signature Verification Hash Decrypt Alice ’ s Public key ….. …… ….. DS Bob Compare Equal => authentic message Not equal => non-authentic

Public Key Infrastructure How to give your public key to your friend? How can you be sure that the public key you obtain is indeed your friend ’ s public key? For a small number of mutually trusted users, a “ web of trust ” system is O.K.

Web of Trust Bob Alice David Eve Public key

Certification Authority For a large population of users, a central trusted party can act as a Certification Authority (CA) Users may deposit their public keys in a CA who they trust The CA may pass out the public keys to any user who need them in certificates

A CA Supporting Many Users CA ab c d

Certificate A certificate for a user (also called a subscriber) contains the user ’ s particulars and the user ’ s public key The certificate is an electronic document signed by the CA who issue it

Certificate CA Alice ’ s certificate Cert. I.D.: Name:Alice Public key: … Valid date:xx to yy …… Sign:________ Signed by CA Other certificates to other users

Revocation A user may revoke the validity of his/her certificate before the actual expiry date Revocation information about a CA ’ s subscribers are published in a Certificate Revocation List (CRL)

Public Key Infrastructure When there are many CA ’ s and many subscribers, a hierarchy can be formed linking all the CA ’ s and the subscribers This form a public key infrastructure The subscribers can communicate securely by using digital signature techniques

Public Key Infrastructure CA 1 user 1 user 2 user 3user 4user 5 user 6 CA 2 CA 3 CA 4