People want and need privacy and security while communicating. In the past, cryptography is heavily used for military applications to keep sensitive information secret from enemies (adversaries). Julius Caesar used a simple shift cipher to communicate with his generals in the battlefield. Now a days, with the technologic progress as our dependency on electronic systems has increased we need more sophisticated techniques. Cryptography provides most of the methods and techniques for a secure communication.
It mainly specifies that how a particular information is protected. i.e., protection Security makes the information to in access it by the third party. It contains 4 basic structures, namely 1. Security Attacks 2. Security Services 3. Security Mechanisms 4. A model for network security
Any action that comprises the security of information wont by an organization. Normal Information Flow The 4 general categories of attacks are namely, Interruption: This is an attack on availability in which the resources of a computer system are damaged or becomes unavailable. SOURCEDESTINATION SOURCE DESTINATION
Interception: It affects the confidentiality of information in which an unauthorized person or program gets the access or control to some system resource. Modification: It is an attack against the integrity of the Information. i.e., modifying the values in a data file. Fabrication: This is an attack on the authenticity of a message in which an unauthorized party adds fake objects into the system. SOURCEDESTINATION INTRUDER SOURCE DESTINATION INTRUDER SOURCEDESTINATION INTRUDER
There are 2 types of attacks, namely Passive Attack: It refers to the process of monitoring or wiretapping of the ongoing transmission. It includes 1. Release of message contents 2. Traffic Analysis Active Attack: An Attacker can alter the information or sometimes generates fraudulent information into the network. It includes 1. Masuerade 2. Replay 3. Modification 4. Denial of service
X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources X.800 defines it in 5 major categories Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in communication.
The security mechanisms in x.800 are categorized into 2 types,namely Specific security mechanisms: The Mechanisms that are executed in a particular protocol layer. It includes, 1. Encipherment 2. Digital Signatures 3. Access Controls 4. Data Integrity 5. Authentication Exchange 6. Traffic Padding 7. Routing Control 8. Notarization
Pervasive Mechanisms: The Mechanisms that are not specific to any protocol layer. It includes, 1. Trusted functionality 2. Security Labels 3. Event Detection 4. Security Audit Trails 5. Security Recovery
Trusted Third Party (Secret Information) (Opponent) (Secret Information) MSG secure Message Information Channel Secure Message MSG
Cryptology: All-inclusive term used for the study of secure communication over non-secure channels and related problems. Cryptography: The process of designing systems to realize secure communications over non-secure channels. Cryptoanalysis: The discipline of breaking the cryptographic systems. Coding Theory: Deals with representing the information using codes. It covers: compression, secrecy, and error-correction. Recently, it is predominantly associated with error-correcting codes which ensures the correct transmissions over noisy-channels.
Cryptography: process of making and using codes to secure transmission of information Encryption: converting original message into a form unreadable by unauthorized individuals. i.e., converting a given particular plain text into cipher text. Decryption: Converting the obtained cipher text into original message. i.e., Plain Text.
Encrypt Decrypt Alice Bob Eve Encryption KeyDecryption Key plaintextciphertext Basic Communication Scenario Enemy or Adversary Mallory Oscar
1. Read the message 2. Figure out the key Alice is using and read all the messages encrypted with that key 3. Modify the content of the message in such a way that Bob will think Alice sent the altered message. 4. Impersonate Alice and communicate with Bob who thinks he is communicating with Alice. Oscar is a passive observer who is trying to perform (1) and (2). Mallory is more active and evil who is trying to perform (3) And (4).
1. Ciphertext only: Alice has only a copy of ciphertext 2. Known Plaintext : Eve has a copy of ciphertext and the corresponding plaintext and tries the deduce the key. 3. Chosen Plaintext: Eve has a copy of ciphertext corresponding to a copy of plaintext selected by Alice who believes it is useful to deduce the key. 4. Chosen Ciphertext: Eve has a copy plaintext corresponding to a copy of ciphertext selected by Alice who believes it is useful to deduce the key.
Often grouped into two broad categories, symmetric and asymmetric; today’s popular cryptosystems use hybrid combination of symmetric and asymmetric algorithms Symmetric and asymmetric algorithms distinguished by types of keys used for encryption and decryption operations
Symmetric encryption: uses same “secret key” to encipher and decipher message Encryption methods can be extremely efficient, requiring minimal processing Both sender and receiver must possess encryption key If either copy of key is compromised, an intermediate can decrypt and read messages
Data Encryption Standard (DES): one of most popular symmetric encryption cryptosystems 64-bit block size; 56-bit key Adopted by NIST in 1976 as federal standard for encrypting non- classified information Triple DES (3DES): created to provide security far beyond DES Advanced Encryption Standard (AES): developed to replace both DES and 3DE S
Asymmetric Encryption (public key encryption): Uses two different but related keys; either key can encrypt or decrypt message If Key A encrypts message, only Key B can decrypt Highest value when one key serves as private key and the other serves as public key
Confidentiality Authentication Integrity Non-repudiation Hiding the contents of the messages exchanged in a transaction Ensuring that the origin of a message is correctly identified Ensuring that only authorized parties are able to modify computer system assets and transmitted information Requires that neither of the authorized parties deny the aspects of a valid transaction
Digital Signatures: allows electronically sign (personalize) the electronic documents, messages and transactions Identification: is capable of replacing password-based identification methods with more powerful (secure) techniques. Key Establishment: To communicate a key to your correspondent (or perhaps actually mutually generate it with him) whom you have never physically met before. Secret Sharing: Distribute the parts of a secret to a group of people who can never exploit it individually. E-commerce: carry out the secure transaction over an insecure channel like Internet. (E-cash and Games)
Secure Socket Layer (SSL) protocol: uses public key encryption to secure channel over public Internet Secure Hypertext Transfer Protocol (S-HTTP): extended version of Hypertext Transfer Protocol; provides for encryption of individual messages between client and server across Internet S-HTTP is the application of SSL over HTTP; allows encryption of information passing between computers through protected and secure virtual connection
Securing with S/MIME, PEM, and PGP Secure Multipurpose Internet Mail Extensions (S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding
Securing Web transactions with SET, SSL, and S-HTTP Secure Electronic Transactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud Uses DES to encrypt credit card information transfers Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores
Advantages: There will be a perfect security to the secret writing.
Disadvantages : There will be hacking problems, i.e., There is a problem to secret writing.
There will be Technology like Quantum Computing, where quantum computer would deal with quantum bits (qubits) that can simultaneously represent both 0 and 1 by simultaneously spinning in different directions.
Information security is increasingly important Have varying degrees of sensitivity of information --cf military info classifications: confidential, secret etc Subjects (people or programs) have varying rights of access to objects (information) Cryptography and encryption provide sophisticated approach to security Many security-related tools use embedded encryption technologies Encryption converts a message into a form that is unreadable by the unauthorized Many tools are available and can be classified as symmetric or asymmetric, each having advantages and special capabilities