Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tutorial on Network Security: Sep 2003

Published byAdrian Underwood Modified over 6 years ago

Similar presentations

Presentation on theme: "Tutorial on Network Security: Sep 2003"— Presentation transcript:

1 Tutorial on Network Security: Sep 2003
1/1/2019 Tutorial on Network Security: Sep 2003

2 Lecture 1: Introduction
1/1/2019 Tutorial on Network Security: Sep 2003

3 Tutorial on Network Security: Sep 2003
Top-level issues Safety, security and privacy Security policy threats, both external and internal economic gains cost of securing resources cryptographic methods vs. physical security Information security: nature of resources (HW, SW, information) during storage, access and communication limited to a single computer vs. network security various layers (physical through application layers) 1/1/2019 Tutorial on Network Security: Sep 2003

4 Tutorial on Network Security: Sep 2003
Security threats Intentional vs. accidental Various forms of violations: Non-destructive Destructive Repudiation Denial of service Threat techniques: crypt-analysis snooping masquerading replay attacks virus, worms etc. 1/1/2019 Tutorial on Network Security: Sep 2003

5 Tutorial on Network Security: Sep 2003
Security services Services (or functions) vs. mechanisms Security functions: confidentiality authentication integrity non-repudiation access control availability 1/1/2019 Tutorial on Network Security: Sep 2003

6 Tutorial on Network Security: Sep 2003
Security mechanisms Physical controls Audit trails Fraud detection (data mining) Steganography Encryption: private-key vs. public-key encryption key generation, exchange, and management certification Firewalls etc. 1/1/2019 Tutorial on Network Security: Sep 2003

7 Lecture 2: Symmetric-key encryption
1/1/2019 Tutorial on Network Security: Sep 2003

8 Cryptographic systems
Symmetric vs. asymmetric encryption Number of keys used Key lengths Block vs. stream cipher Crypt-analysis (assume algorithm is known) ciphertext (only) plaintext + ciphertext chosen plaintext + ciphertext chosen ciphertext + plaintext 1/1/2019 Tutorial on Network Security: Sep 2003

9 Symmetric cryptographic system
Symmetric encryption Plaintext, X Ciphertext, Y Secret keys for encryption, decryption, K Secret key, K Encrypt EK(X) Decrypt DK(X) Crypt-analysis X Y K Secure channel Insecure channel 1/1/2019 Tutorial on Network Security: Sep 2003

10 Asymmetric cryptographic system
Asymmetric encryption Plaintext, X Ciphertext, Y Two keys K1, and K2. One is secret, other is public One of them (secret or public) is used to encrypt, the other for decryption Helps with confidentiality, digital signatures Key generation, management Encrypt EK(X) Decrypt DK(X) Crypt-analysis X Y K1 K2 Insecure channel 1/1/2019 Tutorial on Network Security: Sep 2003

11 Tutorial on Network Security: Sep 2003
Symmetric encryption Substitution cipher Transposition cipher DES Triple DES Blowfish, RC5, RC4, etc. 1/1/2019 Tutorial on Network Security: Sep 2003

12 Tutorial on Network Security: Sep 2003
Substitution cipher Ceasar cipher encrypt C  (p+k) mod n decrypt p  (C-k) mod n assumes set of n characters easily breakable in n-1 steps Substitute using n x n table encrypt Ci  lookup_encrypt(pi) decrypt pj  lookup_decrypt(Cj) 26! Different keys may be broken using known “relative frequency” of each character To counter: use multiple symbols to substitute substitute multiple symbols at a time e.g. two letter strings at a time 1/1/2019 Tutorial on Network Security: Sep 2003

13 Tutorial on Network Security: Sep 2003
Transposition cipher Transposition example: To make it more secure: transposition it multiple times combine it with substitution ciphers 1/1/2019 Tutorial on Network Security: Sep 2003

14 Tutorial on Network Security: Sep 2003
DES Combination of several substitution and transposition ops Applied to each block of size 64 bits Key is 56 bits Uses portions of key at different steps Uses techniques referred to by “diffusion and confusion” Developed by IBM , accepted by NBS (USA) as a standard in 1977 Primarily a block cipher Encypt EK(X) C1 K P1 Decrypt DK(X) P1 K C1 1/1/2019 Tutorial on Network Security: Sep 2003

15 DES encryption algorithm
Initial permutation Round 1 Round 2 Round 16 32-bit swap Inverse permute K1 K2 K16 Permuted key Left circular shift 64-bit plaintext 64-bit ciphertext 56-bit key 1/1/2019 Tutorial on Network Security: Sep 2003

16 Tutorial on Network Security: Sep 2003
Cipher Block Chaining Primarily a block cipher May be used in “block chaining mode” Encrypt EK(X) C1 IV K + P1 C2 P2 Decrypt DK(X) P1 IV K + C1 P2 C2 1/1/2019 Tutorial on Network Security: Sep 2003

17 Tutorial on Network Security: Sep 2003
Strength of DES Key size of 56 bits appears to be too small In 1993 Weiner developed HW device for $100K with 5760 search engines to break it in 35 hours In 1997, 70,000 systems on Internet discovered the key in less than 96 days (part of plaintext is given) Automating the process is difficult, unless plaintext is known Perhaps breakable by studying and exploiting weakness Differential cryptanalysis Linear cryptanalysis Trapdoor US Govt changed the original design Continues to enjoy wide acceptibility Particularly with triple-DES (used in PGP) 1/1/2019 Tutorial on Network Security: Sep 2003

18 Tutorial on Network Security: Sep 2003
Double-DES Two stages of encryption, using two different keys Decrypt EK2(X) X K2 Encypt EK1(X) C P K1 1/1/2019 Tutorial on Network Security: Sep 2003

19 Tutorial on Network Security: Sep 2003
Double-DES “two stages cannot be reduced to one stage”: for given K1, K2, there is no K s.t. EK2(EK1(P)) = EK(P) Meet-in-the-middle attack Let C = EK2(EK1(P)), and X = EK1(P) = DK2(C) Let known P and C Search for K1 and K2 such that X = EK1(P) = DK2(C) Complexity is O( ), not O(2128) 1/1/2019 Tutorial on Network Security: Sep 2003

20 Tutorial on Network Security: Sep 2003
Triple-DES Three stages of encryption, using two different keys Decrypt EK2(X) X1 K2 Encypt EK1(X) C P K1 X2 EK3(X) K3 1/1/2019 Tutorial on Network Security: Sep 2003

21 Tutorial on Network Security: Sep 2003
IDEA International data encryption algorithm (IDEA) developed in 1991, gaining ground block cipher better understood US government has had no role in its design design principle: block size 64 bits key length 128 bits more emphasis on “diffusion” and “confusion” uses three operations: “exclusive-OR”, “addition”, “multiplication” some effort to make HW implementation easier 1/1/2019 Tutorial on Network Security: Sep 2003

22 Tutorial on Network Security: Sep 2003
RC5 developed by Rivest, in 1994 suitable for HW or SW implementation on microprocessors simple different word length low memory high level of security simpler determination of strength variable no. of “rounds”, key length 1/1/2019 Tutorial on Network Security: Sep 2003

23 Tutorial on Network Security: Sep 2003
Blowfish Developed in 1993 block cipher up to 448 bit keys no known attacks simple, fast and compact 1/1/2019 Tutorial on Network Security: Sep 2003

24 Summary: symmetric key encryption
Since the same key is used to encrypt and decrypt, the system is also know as private-key encryption Symmetric key encryption uses shared secret keys also known as “private-key” encryption Primarily used for purpose of confidentiality but may be used to authenticate as well, but may be “repudiated” Key sharing or management is an issue particularly when the no. of clients sharing the key is “large” 1/1/2019 Tutorial on Network Security: Sep 2003

25 Application to confidentiality
Private-key encryption may be used to provide confidentiality of messages during transfer over LANs and/or WANs At issue: what information: User data vs. headers Identity of correspondents vs. node/route identity in what layer, and between what points Link-layer vs. end-to-end vs. application level Assumption: data over physical network is accessible Wireless links Employee of the network service provider Your own colleagues 1/1/2019 Tutorial on Network Security: Sep 2003

26 Link-level vs. end-to-end confidentiality
Host A B R Link-level enrypt/ decrypt End-to-end enrypt/ decrypt 1/1/2019 Tutorial on Network Security: Sep 2003

27 Link-level vs. end-to-end confidentiality
Link-level encryption End-to-end encryption Security within nodes, hosts Exposed in intermediate nodes Exposed in end hosts Encrypted in intermediate nodes Encrypted/Decrypted by end hosts Role of end devices, intermediate nodes Intermediate nodes require encryption One key for each link Done in hardware Only end hosts need encryption One key per session/connection Perhaps done in software 1/1/2019 Tutorial on Network Security: Sep 2003

28 Traffic confidentiality
Issues: Identity of communicating entities Identity of hosts, routers Traffic volumes, patterns Link-level encryption offers better confidentiality Padding may be used to “hide” patterns and volumes 1/1/2019 Tutorial on Network Security: Sep 2003

29 Tutorial on Network Security: Sep 2003
Key distribution Secret key must be distributed between the communicating entities, say A and B Link level encryption requires L number of keys to be distributed, one for each device at the end of a link Host-to-host encryption requires N*(N-1)/2 keys to be distributed Two techniques: Physical delivery (works only in a very limited environs) A delivers it to B A trusted third party C delivers the key to A and to B Electronic delivery using an established secure connection or session A delivers it to B after suitably encrypting it A trusted third party C delivers the key to A and to B using secure channels to A and to B. 1/1/2019 Tutorial on Network Security: Sep 2003

30 Tutorial on Network Security: Sep 2003
Key distribution Electronic distribution by B to A, though process initiated by A Above: N1 and N2 are “nonce”, MKm is the “master key” used by A and B KS is the new “session key” F is a well-known function, such as ADD 1 1/1/2019 Tutorial on Network Security: Sep 2003

31 Tutorial on Network Security: Sep 2003
Key distribution Electronic distribution by trusted third party C to A and to B 1/1/2019 Tutorial on Network Security: Sep 2003

32 Tutorial on Network Security: Sep 2003
Key distribution Above: KA and KB are keys used by A and B, respectively, to communicate with C IDA identifies entity A 1/1/2019 Tutorial on Network Security: Sep 2003

33 Tutorial on Network Security: Sep 2003
Key distribution Secure operation of these schemes, against: Masquerade replay attacks Other issues: Hierarchy of keys Lifetime of a session key Generation of Nonce or Random numbers 1/1/2019 Tutorial on Network Security: Sep 2003

34 Tutorial on Network Security: Sep 2003
Thanks 1/1/2019 Tutorial on Network Security: Sep 2003

Download ppt "Tutorial on Network Security: Sep 2003"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.

CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.

IT 221: Conventional Encryption Algorithms and Ensuring Confidentiality Lecture 3: Conventional Encryption Algorithms and Ensuring Confidentiality For.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.

Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 7 – Confidentiality Using Symmetric Encryption.

Chapter 7 – Confidentiality Using Symmetric Encryption.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.

K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Chapter 2 Symmetric Encryption.

Chapter 2 Symmetric Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

Similar presentations

Ads by Google