1. Introduction (Pendahuluan)  Information Security  Criptography

2. 2  Information is a strategic resource  Information security requirements have changed in recent decades Traditionally provided by physical & administrative mechanisms Use of computer requires automated tools to protect files and other stored information Use of networks and communication links requires measures to protect data during transmission Information Security – Why?

3. 3  Computer Security : generic name for the collection of tools designed to protect data and to thwart hackers  Network Security : measures to protect data during their transmission  Internet Security : measures to protect data during their transmission over a collection of interconnected networks Definition

4. 4 3 aspects of information security:  Security Attacks  Security Services  Security Mechanisms

5. 5 Security Attacks  Definition: Any action that compromises the security of information owned by an organization  Often threat & attack used to mean same thing  Threat : A potential for violation of security  Attack : An assault on system security that derives from an intelligent threat

6. 6 Classification of security attacks  Passive Attacks: attempt to learn or make use of information from the system but does not affect system resources  Active Attacks: attempt to alter system resource or affect their operation

7. 7 Security Threats  Threats can come from a range of sources  Various surveys, with results of order: 55% human error 10% disgruntled employees 10% dishonest employees 10% outsider access also have "acts of god" (fire, flood etc)  Note that in the end, it always comes back to PEOPLE.  Technology can only assist so much, always need to be concerned about the role of people in the threat equation - who and why.

8. 8 Passive Attacks  Only involve monitoring (interception) of the information, leading to loss of confidentiality or  Traffic analysis (monitoring exchange of information without knowing precise contents),  hard to detect

9. 9  Release of message contents: attacks confidentiality Eavesdropping Learn the content of transmitted messages

10. 10  Traffic Analysis: attacks confidentiality, or anonymity Monitoring the pattern of transmitted messages  Include: the source & destination, frequency, and length of messages Determine the location and identity of communicating hosts

11. 11 Active Attacks  Active attacks involve some modification of the data stream or the creation of a false stream, and  hard to prevent.

12. 12 Masquerade  pretends to be a different entity

13. 13 Replay  passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect

14. 14 Modification of messages  alters some portion of a legitimate message

15. 15 Denial of service  prevents or inhibits the normal use or management of communications facilities

16. 16 Security Services  Enhance security of data processing systems and information transfers of an organization  Intended to counter security attacks using one or more security mechanisms  Security services implement security policies  Often replicate functions normally associated with physical documents have signatures, dates need protection from disclosure, tampering, or destruction; be notarized or witnessed be recorded or licensed

17. 17 Security Services  Authentication - protect info origin (sender)  Access control - control access to info/resources  Data Confidentiality - protect info content/access  Data Integrity - protect info accuracy  Non-repudiation - protect from deniability  Availability - ensure a system (info) is available to authorized entities when needed. One Useful Classification of Security Services:

18. 18 Security Mechanisms  Features designed to detect, prevent, or recover from a security attack Personnel : Access Tokens, Biometrics Physical : Integrated Access Control Managerial : Security Education Data Networking : Encryption, Config. Control S/W & O/S : Testing, Evaluation, Trusted O/S

19. 19 Facts: security mechanism  No single mechanism can provide all the security services wanted.  But encryption or encryption-like information transformation (and hence the cryptography) is a key enabling technology

20. Cryptography

21. 21 Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. The study of secret (crypto) writing (graphy)

22. 22 Cryptographic goals  Confidentiality is a service used to keep the content of information from all but those authorized to have it.  Data integrity is a service which addresses the unauthorized alteration of data.  Authentication is a service related to identification.  Non-repudiation is a service which prevents an entity from denying previous commitments or actions.

23. 23 Basic Terminology (1/4)  Plaintext The original intelligible message  Ciphertext The transformed message  Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods  Key Some critical information used by the cipher, known only to the sender & receiver Introduction to Cryptography

24. 24  Encipher (encode) Process of converting plaintext to ciphertext using a cipher and a key  Decipher (decode) The process of converting ciphertext back into plaintext using a cipher and a key  Cryptanalysis (codebreaking) The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key.  Cryptology The field encompassing both cryptography and cryptanalysis Basic Terminology (2/4)

25. 25  Encryption The mathematical function mapping plaintext to ciphertext using the specified key: Y = E K (X) or E(K, X)  Decryption The mathematical function mapping ciphertext to plaintext using the specified key: X = D K (Y) or D(K, Y) = E K -1 (Y) Basic Terminology (3/4)

26. 26  Cryptographic system (Cryptosystem) A cryptosystem is a five-tuple (P, C, K, E, D), where following conditions are satisfied : 1.P is a finite set of possible plaintexts 2.C is a finite set of possible ciphertexts 3.K, the keyspace, is a finite set of possible keys 4.For each K  K, there is an encryption algorithm E K  E and a corresponding decryption algorithm D K  D. Each E K : P  C and D K : C  P are functions such that D K (E K (X)) = X for every plaintext X  P. Basic Terminology (4/4)

27. 27 Simplified Conventional Encryption Model  Requirements 1.Strong encryption algorithm 2.Share of the secret key in a secure fashion  Conventional Secret-Key( Public-Key) Single-Key( Two-Key) Symmetric( Asymmetric) Kerchhoff’s Principle “ Encryption algorithms being used should be assumed to be publicly known and the security of the algorithm should reside only in the key chosen”

28. 28 Conventional Cryptosystem Model

29. 29 Unconditional and Computational Security  Unconditionally secure (Perfect secure) No matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext  Computationally secure The cost of breaking the security exceeds the value of the secured service or information. The time required to break the security exceeds the useful lifetime of the information

30. 30 Classification of Cryptographic Systems  Type of operations used when transforming from plaintext to ciphertext Substitution Transposition  Number of keys used Symmetric key Asymmetric key  The way in which the plaintext is processed Block cipher Stream cipher

31. 31

32. 32 Classical Encryption Techniques  Substitution Techniques Caesar Cipher Monoalphabetic Ciphers Playfair Cipher Hill Cipher Polyalphabetic Ciphers One-Time Pad  Transposition (Permutation) Techniques Rail Fence Technique Block (Columnar) Transposition Technique  Product Techniques Substitution and transposition ciphers are concatenated