Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Henson University of Worcester October 2016

Published byOpal Cannon Modified over 6 years ago

Similar presentations

Presentation on theme: "Richard Henson University of Worcester October 2016"— Presentation transcript:

1 Richard Henson University of Worcester October 2016
COMP3371 Cyber Security Richard Henson University of Worcester October 2016

2 Week 3: Encryption and Technical Controls
Objectives: Explain why, how, and to what standard an organisation can set up technical controls Compare the security of data sent via wireless, copper, fibre Explain encryption/decryption of data Contrast between symmetric keys and asymmetric keys

3 Information Security Standards involving Technical Controls
ISO27001 COBIT PCI-DSS IASME Cyber Essentials

4 Cyber Essentials Cyber Essentials is an Information Assurance standard designed for SMEs It requires only 5 controls… all essentially technical now a minimum for government contracts Most SMEs still very reluctant Why?

5 GCHQ Guidelines (Cyber Essentials based on these…)

6 Encryption Technique of changing digital data in a mathematical reversible way makes it impossible to get at the information… data representing it scrambled Coding data not new… been happening for millennia many clever techniques involved

7 Decryption Opposite of encryption
mathematically (or otherwise) reverses the effect of encryption Essential for getting the original message back from the coded version One technique that does both encryption & decryption together uses: a mathematical encryption method an encryption key

8 What is Cryptography? “The safe securing, storing, and transmitting of sensitive information” Purpose: conceal sensitive information from unauthorised persons Study includes: protocols, practices, procedures to build components of a cryptosystem authenticity (proof of ownership) integrity (data not tampered with in any way)

9 What is a Cryptosystem? Includes all OSI network hardware/software levels software potentially vulnerable at any layer application layer message converted through all seven layers before sent out as electrical or electro-magnetic signals all the hardware the message will pass through…

10 OSI layers and cryptosystem
Encryption level depends on: circumstances risk value of information Could be layer 7… encrypted directly from/to the screen layer 1 e.g. via communications equipment layers between… screen Layer 7 software Layer 1 hardware

11 The OSI model Link Transmit Receive Station Station Physical Layer
AH DATA PH SH TH NH LH LT Physical Layer Data link Network Transport Session Presentation Application Physical Layer Data link Network Transport Session Presentation Application DATA AH PH SH TH NH LT LH Repeat of earlier slide Link

12 Original Four Layers Model
Introduced with Unix (mid-1970s, pre-OSI) based on Internet protocols… “application” “transport” Shows four names in boxes: application, transport, network, physical “network” “physical”

13 Transport layer (TCP) Socket A Socket B End User
Physical Layer Data link Network Transport Upper OSI Layers End User Peer-to-Peer communications Socket A Socket B Similar to previous diagrams showing all seven network layers. This time, transport layer on sender identified at socket A, and transport layer on receiver is socket B. Arrow linking to two together as “peer-peer” communication, Diagram also shows two intermediate routers, where data is not converted up the stack beyond the network layer, before forwarding. Network A Network B

14 Transport Layer (from Unix)
Other roles: managing flow control providing acknowledgement of successful transmission of chunks of data software multiplexing routing in an Internetwork Manages OSI levels 1-4 so messages travel between network nodes via pairs of “sockets” After slide text: socket A (sender) in a box, arrow from box to socket B (receiver) in another box socket A (sender) socket B (receiver)

15 Network Layer (IP) Transport Layer Network Layer
User Specifies Service Transport Layer Network Service Network Layer Diagram shows the all important communication between transport layer (user oriented service) and network layer (network oriented service) Network provides Service Network layer service definitions

16 Network Layer Responsibilities: packet (IP) addressing and sequencing
determining to route from source to destination computer Routers operate up to this level

17 Network Layer Functions
Provides messages with an address for delivery (e.g. IP address) Translates logical network addresses/names into physical equivalents Handles packet switching and routes packets to their destination on the local network Controls network packet congestion Ensures packets conform to the network's format

18 TCP/IP & OSI Evolved with the Unix four layers… Application,
presentation, session OSI 5, 6, 7 TCP OSI 4 IP OSI 3 As previous slide but application, presentation, session all together in top layer Next layer: TCP Third layer: IP Fourth layer: connecting with physical medium Connecting with physical medium OSI 2, 1

19 TCP and Email Email is an application
most protocols link down to TCP Most text data is transmitted by , so secure protocols have also to work through TCP standard download protocol: POP3 links through port 110 secure (encrypted) links through port 443

20 Using Secure Email Most systems are not secure by default
some argue that for privacy reasons they should be others would argue that this slows things down During setup it is important to choose the secure TCP port… 443, as opposed to 110 (unsecured)

21 Key Escrow & Recovery Law enforcement agencies can intervene to decode encrypted data under a court order in pursuit of criminal evidence or activity Escrow: system of checks and balances to ensure that privacy rights are not infringed where agencies need to get hold of encrypted information separate agencies keep complementary components of the key system so no entity possesses a usable key

22 Email data and Encryption
As discussed earlier, sensitive data needs protecting… Internet designed to be an “open” system IDs of devices based on IP address Data at rest or moving round the Internet could be intercepted by: someone with a good knowledge of TCP/IP any IT literate person with the right software This person could be anywhere in the world!

23 How does Encryption work?
Unencrypted data sent e.g. in forms or messages over the Internet usually a sequence of ASCII codes ASCII code generated at keyboard by converting a selected keyboard character into a particular binary number intercepted ASCII codes not secret; very easily converted back to text

24 Encryption of ASCII data
Encryption puts further coding onto each ASCII character in some reversible way before it is sent. Requires… a coding method (often a mathematical operation) a numerical value used with the coding method The ASCII codes can always be recovered by someone who knows the encryption method

25 Simple Encryption Example
Algorithm based on a mathematical operation such as ADD key based on a numerical digit (e.g 5) Data represented by an ASCII code Algorithm + key produce encrypted data

26 Using Encryption when sending data…
Key must be kept secret!! anyone with access to the key and the algorithm can decrypt the encrypted data Needed to decrypt coding method key that was used to produce cipher text

27 Diagram – single key encryption
server Message is decoded Message is coded key key User sends message via server Message is received Data is transmitted to another server

28 Putting this together…
Method of encryption could be – add 5 to each ASCII code (this would be the key) plain text = HELLO (ASCII codes B 4B 4F) cipher text would be MJQQT (ASCII codes 4D 4A ) Getting the original data back would mean the opposite Mathematical operation subtracting 5 from each ASCII character very easy to anyone with access to the key

29 Effectiveness of Encryption
Only effective if: either the key remains secret or the algorithm remains secret WWII: Germans thought they had an encryption method that was impossible to decipher With the efforts of the Mathematicians at Bletchley Park, the key and algorithm were deciphered

30 Access to Encrypted Data
File accessed Authorised User NTFS EFS enabled Data encrypted “HELLO” “MJQQT” Access Denied Unauthorised User Stored, encrypted file File system that supports encryption

31 Encryption in Practice
Many techniques have been developed Examples: DES (Data Encryption Standard) IDEA (ID Encryption Algorithm) RSA (Rivest, Shamir, Adleman) Diffie-Hellmann Classified into two types: Symmetric Key Asymmetric Key

32 Limitations of Symmetric Encryption
Key used to encrypt and decrypt the message Advantages: simple and fast (short key…) Disadvantages: the two parties must need to exchange the key in a secure way sender cannot easily be authenticated

33 DES – an example of symmetric encryption
IBM/US gov ; still popular 56-bit encryption working on 64-bit blocks of data However, in view of recent research, clearly inadequate for really secure encryption “Using P2P architecture and over 100,000 participants (using only idle CPU time), distributed.net was able to test 245 billion keys per second to break the 56 bit DES encryption algorithm in less than 24 hours (22 hours and 15 minutes).”

34 What levels of encryption are available?
The more complex the key, the more difficult the encryption method is to decipher a single 40-digit key can be mathematically deduced very quickly using a computer known as WEAK encryption an equivalent 128-digit key would take much longer to “crack” known as STRONG encryption

35 Making Encryption as Effective as Possible
It makes sense to use strong (128-digit) key encryption if possible…. However… strong encryption is more expensive is the extra expense going to be justified? e.g. Verisign 40-bit SSL actually 128-bit within US 40-bit for any communications that go outside US borders… e.g. Verisign Global Server SSL “the world’s strongest encryption” standard for large-scale online merchants, banks, brokerages, health care organisations and insurance companies worldwide

36 Breaking an Encryption Technique
Usually achieved with the aid of very powerful computers The more powerful the computer, the more likely that the key can be mathematically deduced Until fairly recently, a 128-bit encryption key would have been considered to be secure However, research teams can now break 128 bit encryption in seconds, using a supercomputer…

37 Secure Symmetric Encryption for Today and Tomorrow…
256-bit encryption is probably now a minimum for single key encryption but only a matter of time… 512-bit encryption is currently used by financial institutions to transfer funds electronically via the Internet again, only a matter of time before even this can be cracked… solution bit keys?

Download ppt "Richard Henson University of Worcester October 2016"

Similar presentations

Network Layer and Transport Layer.

Network Layer and Transport Layer.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 2 The OSI Model and the TCP/IP.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,

TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.

The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
OIS Model TCP/IP Model.

OIS Model TCP/IP Model.
Lecturer: Tamanna Haque Nipa

Lecturer: Tamanna Haque Nipa
The OSI Model and the TCP/IP Protocol Suite

The OSI Model and the TCP/IP Protocol Suite
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Data Communications and Networks

Data Communications and Networks
COMP3123 Internet Security Richard Henson University of Worcester October 2010.

COMP3123 Internet Security Richard Henson University of Worcester October 2010.
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.

Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.
THE OSI MODEL AND THE TCP/IP PROTOCOL SUITE CS 1202 Lectur3 part2.

THE OSI MODEL AND THE TCP/IP PROTOCOL SUITE CS 1202 Lectur3 part2.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
MODULE I NETWORKING CONCEPTS.

MODULE I NETWORKING CONCEPTS.

Similar presentations

Ads by Google