Textbook  Cryptography and Network Security: Principles and Practice (second/third edition) by William Stalling  密码学与网络安全：原理与实践（第 3 版） -- 刘玉珍 等译 电子工业出版社

Arrangement of this course 18 Weeks: 1th~18th Week Once a week Wednesday 8:00-9:40 D-202

Introduction to information security Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer Science and Engineering Shanghai Jiao Tong University

Why Security?  Explosive growth in  Computer systems  Interconnections of computer systems via network  Dependence of both organizations and individuals on  Information stored in computer systems  Communications between these systems  computer use requires automated tools to protect files and other stored information and to protect systems from network-based attacks  Need  To protect data and resources from disclosure  To guarantee the authenticity of data and messages

Objective  Principles of Cryptography  Secret key cryptosystem  Public key cryptosystem/Digital signature systems  ……  Practice of Cryptography  Kerboros—application-level authentication service  X Directory Authentication Service  PGP--Electronic mail security  ……

What is Security? “If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That is obscurity. If I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism—and you still can't open the safe and read the letter--that 's security. ” ---Bruce Schneier

Information Security  Information Security requirements have changed in recent times.  Traditionally provided by physical and administrative mechanisms  Now we use computer to store data and network for communications  Computer use requires automated tools to protect files and other stored information  Use of networks and communications links requires measures to protect data during transmission

Information Security  Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers  Network Security - measures to protect data during their transmission

Security Attack (Security Threat)  Attack: any action that compromises the security of information owned by an organization;  Information security: how to prevent attacks, and to detect attacks on information-based systems;

Attack

Security Mechanism  A mechanism that is designed to detect, prevent, or recover from a security attack;  No single mechanism that will support all functions required;  However one particular element underlies many of the security mechanisms in use: cryptographic techniques;  Hence, our focus is cryptographic techniques.

Security Service  Service is something that enhances the security of the data processing systems and the information transfers of an organization;  Service intends to counter security attacks;  Service makes use of one or more security mechanisms to provide the service;  Service replicates functions normally associated with physical documents. eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed;

Security Services  [Data Confidentiality] - protection of data from unauthorized disclosure  [Authentication] - assurance that the communicating entity is the one claimed  [Data Integrity] - assurance that data received is as sent by an authorized entity  [Non-Repudiation] - protection against denial by one of the parties in a communication  [Access Control] - prevention of the unauthorized use of a resource

Security Mechanisms Cryptagraphic techniques.  Block cipher  Stream cipher  Public key algorithms  Digital signature algorithms  MAC codes  Hash functions

Security Attacks  passive attacks  Eavesdropping on, or monitoring of, transmissions to obtain message contents  Monitor traffic flows  active attacks Modification of data stream to  Masquerade of one entity as some other;  Replay previous messages;  Modify messages in transit;  Denial of service;

Model for Network Security

What to be done?  Design a suitable algorithm for the security transformation;  Generate the secret information (keys) used by the algorithm;  Develop methods to distribute and share the secret information;  Specify a protocol enabling the principals to use the transformation and secret information for a security service.

Model for Network Access Security

 Select appropriate gatekeeper functions to identify users  Implement security controls to ensure only authorized users access designated information or resources  Trusted computer systems can be used to implement this model

Summery  We have considered the following stuff.  Computer security, network security  Definitions of security services, mechanisms, attacks  Models for network (access) security

A Cipher System: to provide confidentiality Alice Bob Eve (attacker, opponent, adversary, eavesdropper, intruder)

K KK Five elements in a cipher systems { M, C, K, E K, D K }  Plaintext (cleartext) M: the message to be sent to the receiver. Plaintext space M : the set of possible values of plaintext.  Ciphertext C: an encrypted message. Ciphertext space C :the set of possible values of ciphertext. K K  Key K: the secret information involves encryption and decryption. Key space K : the set of possible values of key. K  Encryption (encipher): the process of disguising a message in such way as to hide its substance. C =E K (M) K  Decryption (decipher): The process of turning ciphertext back into plaintext. M=D K (C)

Cryptology  Cryptography: the art and science of keeping messages secure;  Cryptanalysis /codebreaking: the art and science of breaking ciphertext.

Other services  [Authentication]  [Authentication] The receiver of a message to ascertain its origin. An intruder should not be able to masquerade as someone else;  [Integrity]  [Integrity] The receiver of a message to verify that it has not been modified in transit. An intruder should not be able to substitute a false message for a legitimate one.  [Non-repudiation]  [Non-repudiation] A sender should not be able to falsely deny later that he sent a message.

Algorithms and keys  Cryptographic algorithm: the mathematical functions used to provide security services with cryptographic techniques.  If the system relies on the secrecy of the algorithm. Each group must have their own unique algorithm.  No group can use off-the-shelf hardware or software product, or an eavesdropper can buy the same product and learn the algorithm.  The group must design and implement the algorithm on their own.  When a group uses an algorithm for communication security, any member's leaving leads to switch to a new algorithm.  If any member accidentally reveals the algorithm, the group must switch to a new algorithm.

Kerckhoffs’ principle  The security of a cipher system depends on the secrecy of the key, instead of the secrecy of the algorithm.

Symmetric cryptosystem  also called conventional cryptosystem, secret key cryptosystem, symmetric cryptosystem single-key cryptosystem - encryption key and decryption key are the same, or the decryption key can be derived from the encryption key.  The sender and receiver must agree on a key before their secret communication.  The security of the system relies on the secrecy of the key. Divulging the key means that anyone could encrypt and decrypt messages.  Two kinds of ciphers: stream cipher and block cipher.

Asymmetric cryptosystem also called Public-key cryptosystem.  Decryption key is different from encryption key;  Decryption key cannot be derived from the encryption key within any reasonable amount of time; public key  The encryption key is public, hence is called public key; private key  The decryption key is private, hence is called private key;

Attack/Cryptanalysis  Cryptanalysis is the science of recovering the plaintext of a message without access to the key;  Attacker, opponent, enemy, adversary, eavesdropper  There are several general types of cryptanalytic attacks.  Brute force attack: simply by trying every possible key one by one and checking the resulting plaintext is meaningful.  Cipher-only attack: Given C 1 =E K (M 1 ), C 2 =E K (M 2 ),..., C i =E K (M i ), Deduce either M 1, M 2,…, M i, K, or an algorithm to infer M i+1 from C i+1 =E K (M i+1 ).

 Known-plaintext attack: Given M 1, C 1 =E K (M 1 ), M 2, C 2 =E K (M 2 ),..., C i =E K (M i ), Deduce: either K or an algorithm to infer M i+1 from C i+1 =E K (M i+1 ),  Chosen-plaintext attack Given M 1, C 1 =E K (M 1 ), M 2, C 2 =E K (M 2 ),..., M i, C i =E K (M i ), where the attacker gets to choose M 1, M 2, …, M i, Deduce: either K or an algorithm to infer M i+1 from C i+1 =E K (M i+1 ).  Chosen-ciphertext attack

Security  Unconditional security: no matter how much ciphertext an attacker has, there is not enough information to recover the plaintext.  Computational security: the system cannot be broken with available resources.