Network Security – Part 1 Spring 2005 V.T. Raja, Ph.D., Oregon State University.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Chapter 11: Cryptography
Network Security V.T. Raja and James Coakley Oregon State University.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Network Security understand principles of network security:
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
Network Security7-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Encryption.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
Computer Security Cryptography. Cryptography Now and Before  In the past – mainly used for confidentiality  Today –Still used for confidentiality –Data.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Lecture 2: Introduction to Cryptography
24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Wireless. Wireless hosts: end system devices; may or may not be mobile Wireless links: A host connects to a base station or host through a communication.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Computer and Network Security - Message Digests, Kerberos, PKI –
1.1 Introduction to Cryptography. 1.2 Basic Cryptography Cryptography is a deep mathematical subject. Cryptographic protocols provide a cornerstone for.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Network Security  introduction  cryptography  authentication  key exchange  required reading: text section 7.1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptography Introduction. Definition Origin Objectives Terminologies References Agenda.
What is network security?
Cryptography.
10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.
Presentation transcript:

Network Security – Part 1 Spring 2005 V.T. Raja, Ph.D., Oregon State University

BA483: Network Security Part 1 - Outline Introduction –Identify characteristics of a secure communication Confidentiality Message Integrity Non-repudiation Authentication Availability and Access Control –Explanation of these characteristics –Cryptography

Confidentiality Alice wants the following to be confidential: –The fact that she is communicating with Bob –Timing of communication –Frequency of communication Only Alice and Bob should be able to understand the contents of the transmitted message; Should not be understood by eavesdropper Trudy.

Confidentiality Alice and Bob could represent two real users, or a client and a server, or 2 DNS servers, or 2 routers etc. Confidentiality often relies on cryptographic techniques.

Message Integrity Content of communication is not altered maliciously or by accident Message integrity relies on cryptographic techniques

Non-repudiation Assume sender transmitted document “D”. Non-repudiation: –Sender unable to successfully deny in court having transmitted document D. Non-repudiation also relies on cryptography techniques

Authentication Both sender and receiver should be able to confirm identity of other party involved in communication Confirm that the other party is indeed who/what they claim to be Authentication relies on authentication techniques, several of which rely on cryptographic techniques

Availability and Access Control –Can communication occur in first place? Detect breaches and respond to attacks –Are entities seeking to gain access to resources allowed to do so only if they have the appropriate access rights, and perform their access in a well-defined manner? Firewalls provide access control based on a per- packet basis, and on a per-service basis. Provide a degree of isolation and protection from those outside of one’s network

Cryptography Symmetric Key and Public Key Cryptography Basic Terminology –Plain Text Original data – not disguised –Cipher (Encrypted) Text Disguised data – looks unintelligible to intruder Data disguised using encryption algorithm –Key A string of #s or characters used as input to encryption algorithm to disguise plain text

Symmetric Key Cryptography Symmetric Key: –Alice and Bob use same key to encrypt and decrypt text Symmetric Key Cryptography Techniques –Caesar Cipher –Monoalphabetic Cipher –Polyalphabetic Cipher –Data Encryption Standard (DES) –Triple DES (3DES) –Advanced Encryption Standard (AES)

Symmetric Key Cryptography Caesar Cipher –Each letter in plaintext is substituted with letter that is K letters later –Wrap around is allowed (i.e., z followed by letter a) –If K = 3, a in plaintext becomes d in cipher text b in plaintext becomes e in cipher text Participation Exercise: Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).

Symmetric Key Cryptography Monoalphabetic Cipher –Improvement on Caesar Cipher –Rather than substituting according to a regular pattern – any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa. –Example of a monoalphabetic cipher Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q 26! Possible pairings of letters – so breaking code is not as easy as in the case of Caesar cipher. Usually statistical analysis of plain text language (in this case English language), and some basic knowledge of intruder can help in breaking the code faster

Symmetric Key Cryptography Polyalphabetic Encryption –Use multiple monoalphabetic/Caesar ciphers –Use a specific monoalphabetic/Caesar cipher to encode a letter in a specific position in the plain text message –This implies that same letter appearing in different positions in the plaintext might be encoded differently. Example: 2 Caesar ciphers; K = 5, K = 19 For every 5 bits in the plain text use the 2 Caesar ciphers in the following pattern: C1, C2, C2, C1, C2

Symmetric Key Cryptography Data Encryption Standard (DES) –Published in 1977, and updated in 1993 –Used for commercial and non-classified U.S. Govt. use –DES encodes plaintext in 64-bit chunks using 64-bit key –Actually eight of the 64 bit-key are odd parity bits; So actual key is perceived as 56-bits. –Objective: Scramble data and key so that every bit of the cipher text depends on every bit of the data and every bit of the key –Algorithm: Complex (beyond the scope of the course); Decryption works by reversing the algorithm’s operations.

How well does DES work? In 1997 RSA Data Security Inc., ( A network security company) launched a DES challenge contest to crack a short phrase (“strong cryptography makes the world a safer place”) it had encrypted using a 56-bit DES. Winning team took 4 months to decode. It had volunteers throughout the Internet to systematically explore key space. Claimed 10K cash prize after testing only a quarter of the key space (about 18 quadrillion keys) In 1999, RSA launched another DES challenge. Message was decrypted in little over 22 hours by a network of volunteers and a special purpose computer called “Deep Crack”. Claimed 250 K cash prize. Not bad for a day’s work?

Symmetric Key Cryptography Triple DES (3 DES) –If 56-bit DES is considered to be insecure, one can simply run the algorithm multiple times, using a different key each time –DES run three times (with a different 56-bit key at beginning of each time DES is run). Advanced Encryption Standard (AES) –NIST – in Nov 2001 announced successor to DES. –AES is also a symmetric key algorithm that processes data in 128-bit blocks –AES can operate with 128-bit keys, 192-bit keys, and 256-bit keys –NIST estimated that a machine that could crack a 56-bit DES in one second (i.e. Try 2 55 keys per second) would take approximately 149 trillion years to crack a 128-bit AES key

Symmetric Key Distribution Disadvantage of Symmetric Key Cryptography: –2 communicating parties have to agree upon their secret key ahead of time in a secure manner. Since sender and receiver do not meet face to face in the networking world, they need a trusted intermediary Trusted Intermediaries for symmetric key distribution: Key Distribution Center (KDC) Kerberos

Key Distribution Center (KDC) A server that shares a different secret symmetric key with each registered user. This key might be manually installed at the server when a user first registers. KDC knows the secret key of each user, and each user can communicate securely with KDC using this key.

KDC for Alice and Bob Assume Alice and Bob use KDC for their communication. Assume Alice’s secret key known to Alice and KDC is K A-KDC ; Assume Bob’s secret key known to Bob and KDC is K B-KDC. Assume Alice wishes to send an encrypted message to Bob while using KDC as the trusted intermediary.

Example: Alice and BOB using KDC 1.Using her key, Alice sends a message to KDC saying that she (A) wants to communicate with Bob (B). We denote this message as: K A-KDC (A, B). 2.a. KDC decrypts K A-KDC (A, B). b. KDC generates a random number R 1, which is a “nonce” that will be used as symmetric key by Alice and Bob during their communication. c. KDC sends Alice R 1, and a pair of values A and R 1 encrypted using Bob’s key. We denote this message sent to Alice by KDC as: K A-KDC (R 1, K B-KDC (A, R 1 )).

Example: Alice and BOB using KDC 3. Alice decrypts message and extracts symmetric key R 1. Alice extracts and forwards (although she cannot decrypt) K B-KDC (A, R 1 ) to Bob. 4.Bob decrypts and understands that he is to use R 1 as symmetric key to converse with Alice.

Kerberos Authentication service developed by MIT Very similar to KDC Has additional functions such as: –Time stamp for validity of nonce R 1. –Has info about which users have access privileges to which services on which network servers. The authentication server in Kerberos parlance, is referred to as the Ticket Granting Server Sending K B-KDC (A, R 1 ) to A in the previous example is referred in Kerberos as granting a ticket to Bob’s services.