Cryptography : Introduction By Sheetal (For CSIT)

Cryptography: Introduction Greek word: Hidden Secret Study differs now and past past : encryption and decryption now: past + digital signature + authentication + key mgmt + cryptanalysis The art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form

Aspect Security Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

More terms threat – a potential for violation of security attack – an assault on system security, a deliberate attempt to evade security services

Attack : Classification Passive: obtain information but not change contents Active: obtain information but not change contents

Passive Attacks (1) Release of Message Contents A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are: + release of message contents - as shown above in Stallings Figure 1.2a here + traffic analysis - monitor traffic flow to determine location and identity of communicating hosts and could observe the frequency and length of messages being exchanged These attacks are difficult to detect because they do not involve any alteration of the data.

Passive Attacks (2) Traffic Analysis

Passive attack contd… Passive attacks do not affect system resources Eavesdropping, monitoring Two types of passive attacks Release of message contents Traffic analysis Passive attacks are very difficult to detect Message transmission apparently normal No alteration of the data Emphasis on prevention rather than detection By means of encryption

Active Attacks (1) : Masquerade (a false show) )

Active Attacks (2) Replay Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service: masquerade of one entity as some other replay previous messages (as shown above in Stallings Figure 1.3b) modify/alter (part of) messages in transit to produce an unauthorized effect denial of service - prevents or inhibits the normal use or management of communications facilities Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.

Active Attacks (3) Modification of Messages

Active Attacks (4) Denial of Service

Active attacks try to alter system resources or affect their operation Modification of data, or creation of false data Four categories Masquerade Replay Modification of messages Denial of service: preventing normal use A specific target or entire network Difficult to prevent The goal is to detect and recover

Attacking software Viruses Worms Trojan Horses

Classical Cryptography Symbol were used in ancient Egypt

Classical Cryptography Greece around 500 BC

Classical Cryptography Caesar cypher in ancient Rome Substitution cypher Alberti Cipher during 1400 Form of substitution cypher using mechanical disk

Classical Cryptography Vigenere Cypher: 1500 AD Use Table and Key Plain: attackatdawn Key: lemonlemonle Cypher: LXFOPVEFRNHR

Classical Cryptography Jefferson Wheel Cipher : Late 1700’s Wheel with random alphabet Arrangement of Wheels is key Developed lately by US Army Used from 1923-1942

Classical Cryptography WWI & WWII  Boom of cryptography method Zimmerman Telegram – German army in 1917 Choctaw Codetalkers – US army Enigma by Nazi (10144 Combination) – But cracked by Alan Turing (The imitation game’s guy) Purple by Japanese