Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security - A Lecture 1 - NETW4006 NETW4006-Lecture01 1.

Published byGyörgy Glišić Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Security - A Lecture 1 - NETW4006 NETW4006-Lecture01 1."— Presentation transcript:

1 Network Security - A Lecture 1 - NETW4006 NETW4006-Lecture01 1

2 Text Book &References Linux Network Security – Peter G. Smith – Charles River Media Principle of Information Security – Second Edition – Michael E. Whitman and Herbert J. Mattord – Thomson Course Technology William Stallings – Cryptography and Network Security- Prentice Hall NETW4006-Lecture01 2

3 Content NETW4006-Lecture01

4 Common Definitions (1) Encipher/Encrypt: Transform data into unreadable format. Decipher/Decrypt: Transform data into readable format. Algorithm: Set of mathematical rules that dictate enciphering and deciphering. Plaintext: The original data. Ciphertext: Plaintext that has been encrypted following the enciphering algorithm to the message. Cryptanalysis: Attempt to figure out the message without the key. Refresh NETW4006-Lecture01

5 Common Definitions (2) Key: The key is the sequence of characters used by the encryption algorithm to encrypt plaintext into ciphertext. An algorithm contains a key space, which is a range of values that can be used to construct a key.  Key is a random value within the key space range.  The larger the key space, the more values can be used, and the safer the key Key space: All possible values to construct keys. Cryptosystem: The hardware and software that implement the cryptographic (encryption/decryption) transformations. Work factor: Definition of the amount of time, effort and resources necessary to break a cryptosystem NETW4006-Lecture01

6 Common Definitions (3) Confidentiality: The fact of ensuring that information is accessible only to those authorized to have access Authenticity: The quality of actually coming from the source which is claimed Integrity: The assurance that information has not been accidentally or maliciously altered or destroyed Non-Repudiation: The non-repudiation is a way to guarantee that the sender of the message can not later deny having sent the message or having furnished the signature of a message NETW4006-Lecture01

7 Cryptography.. Authentication Cipher Mechanism based up on a Policy..
A C I N Authentication Confidentiality Integrity Non Repudiation .

8 Cryptography.. A C I N C A I N Confidentiality is Privacy So P A I N

9 Cryptography.. See..

10 Cryptography.. Privacy A B Both r looking for privacy
Message A B Both r looking for privacy Will not allow any 3rd party to see the message.

11 Cryptography.. A & B has to authenticate themselves…
Authentication A & B has to authenticate themselves… i.e. B should get the confidence that this message is from A.

12 Cryptography.. Integrity There is no chance for modifications.. A B
Example: If the message is 1+1 = 2 1+1 = 2; (1+1=2) 1, 1 = 2 It should be = 2 What ever the message A is sending; B should get the same. C

13 Dataflow NETW4006-Lecture01

14 Cryptographic System Strength
Strength of encryption comes from: Algorithm, secrecy of key, length of key, initialization vectors, and how they all work together. Improper protection of the key can seriously weaken the cryptosystem Goals of cryptosystems:  confidentiality, authenticity, integrity, non repudiation initialization vectors – random numbers – fixed size input. NETW4006-Lecture01

15 Symmetric and Asymmetric Encryption (1)
Symmetric ciphers use a Pre-Shared-Key (PSK). The same key is used for both encrypting and decrypting Primary advantage: faster than asymmetric ciphers, hard to break with large key. Primary disadvantage: difficult to distribute key (how to securely transmit the key?). Can we re-key on longer connections, to protect against the key being broken? Cannot authenticate or provide non- repudiation Includes: DES (Date Encryption Standard), Triple DES, IDEA (International Data Encryption Algorithm), RC4, RC5, AES (Advanced Encryption Standard) NETW4006-Lecture01

16 How to exchange the key ??? 1.A can select a key and physically deliver it to B 2. A third party can select the key and physically deliver it to A and B 3. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key Note: Explain as a scenario NETW4006-Lecture01

17 Symmetric and Asymmetric Encryption (2)
Asymmetric ciphers use a public/private key-pair. Keys are mathematically linked such that what is encrypted with one is only decrypted by the other. Keys are linked so that it is computationally hard to guess the private key having the public key You must keep your private key secret. Often encrypted with a pass-phrase You disclose your public key to whoever wants to communicate with you You can have your public key signed by a mutually trusted Certificate Authority (CA) (see next) so people can be certain that it is really your key NETW4006-Lecture01

18 Symmetric and Asymmetric Encryption (3)
Advantages: Better at key distribution, better scalability for large systems, can provide authentication and non-repudiation Disadvantages: Asymmetric ciphers are many times slower than symmetric ciphers Includes: RSA (Rivest, Shamir, Adelman), Diffie Hellman, El Gamal, DSA (Digital Signature Algorithm), Knapsack, PGP (Pretty Good Privacy). NETW4006-Lecture01

19 Symmetric and Asymmetric Encryption (4)
Secret Key Ciphertext Plaintext Figure 1: Symmetric Encryption Plaintext Private Key Public Key Ciphertext Figure 2: Confidentiality with Asymmetric Encryption Plaintext CipherText Private Key Public Key Figure 3: Authentication with Asymmetric Encryption NETW4006-Lecture01

20 Signature (1) comparison Message = M Hash(M) 5a44ef150d fingerprint
Private Key Signature ALICE BOB Public Key comparison NETW4006-Lecture01

21 Signature (2) Signature = Hash value encrypted with the sender’s private key Hash = A hash function transforms a message M of arbitrary length to a numeric fingerprint (called a digest) of fixed length (128 bits for MD5). A hash function must have the following properties to be used in cryptographic transformations: Make computationally impossible or very difficult to find two messages producing the same fingerprint Make computationally impossible or very difficult to reverse the hash function NETW4006-Lecture01

22 Signature (3) Due to a) and b) hash functions are used to ensure the integrity of a message when transmitted through a non secure channel Act of signing means encrypting message’s hash value with private key Ensures integrity, authentication, and non-repudiation: Ensures that message was not altered and also came from Bob Hash includes: DSS (Digital Signature Standard), MD2 (Message Digest 2), MD4, MD5, SHA (Secure Hash Algorithm) NETW4006-Lecture01

23 Key Signing and PKC (1) Certificate is a document provided by a trustworthy authority (organization). The certificate associates the public key of an asymmetric ciphering algorithm to information related to a subject (user name, server name, address, etc.). The goal of a certificate is the authenticated association between a subject and its public key Certification Authority (CA): Trusted entity that issues certificates Multiple issuers pose validation problem: Alice’s CA is Cathy, Bob’s CA is Don; how can Alice validate Bob’s certificate? Have Cathy and Don cross-certify: Each issues certificate for the other NETW4006-Lecture01

24 Key Signing and PKC (2) A digital certificate is usually signed by a CA (CA’s private key), in order to prove that the CA generated the certificate (non-repudiation) CA’s signature: This is achieved by the CA hashing the certificate (the hash value will change if anything in the certificate changes), and then encrypting the hash value of the certificate with the CA private key. The CA includes the resulting digital signature in the certificate, making it signed and provides it to the requester. NETW4006-Lecture01

25 Key Signing and PKC (3) Verification of the CA’s signature: The CA signature can be verified by a third party by decrypting the digital signature with the CA’s public key, and comparing the certificate hash value to the result of the hash function applied to the certificate. If there is a difference, either the certificate has been altered (integrity) or the signature has been generated with a private key that does not match the CA’s public key. Usually the main CA certificates containing the CA public key are already installed in the Netscape Communicator, Firefox and Internet Explorer, allowing the automatic verification of the CA’s signature. NETW4006-Lecture01

26 X.509 Standard (1) Definition: X.509 is the ITU (International Telecommunication Union) standard that specifies the content of a numeric certificate. Key certificate fields in X.509v3 Version Serial number (unique) Signature algorithm identifier: hash algorithm (ex: MD5) Issuer’s name: uniquely identifies issuer (CA) Interval of validity Subject’s name; uniquely identifies subject (Alice) Subject’s public key Signature Identifies algorithm used to sign the certificate (ex: RSA) Signature (enciphered hash) NETW4006-Lecture01

27 X.509 Standard (2) X.509 Certificate Creation (for Alice)
Alice request certificate from CA CA creates certificate CA generates hash of certificate CA encrypts hash with private key X.509 Certificate Validation (by Bob) Bob obtains CA’s public key: The one for the particular signature algorithm (ex: RSA) Deciphers signature: Gives hash of certificate (1) Re-computes hash from certificate (2) and compare with hash of certificate: If (1) and (2) differ, certificate no valid Checks interval of validity: This confirms that certificate is current otherwise certificate no valid Checks Certificate Revocation List (CRL): This confirms that the certificate has not been revoked NETW4006-Lecture01

Download ppt "Network Security - A Lecture 1 - NETW4006 NETW4006-Lecture01 1."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.

Encryption Matches Domain 4.0 Basics of Cryptography (15 percent of Security +) Network Security Class Dr. Kleist Note: Most material from Harris, Shon.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Public Key Cryptography July 2011. Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.

Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Similar presentations

Ads by Google