Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic."— Presentation transcript:

1 Network Security Chapter 8

2 Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles

3 Need for Security Some people who cause security problems and why.

4 The purpose of cryptography is to take a message or a file, called the plaintext, and encrypt it into the ciphertext in such a way that only authorized people know how to convert it back to the plaintext. The secrecy depends on parameters to the algorithms called keys. An Introduction to Cryptography

5 The encryption model (for a symmetric-key cipher).

6 Overview Cryptography functions –Secret key (symmetric cryptography, e.g., DES) –Public key (asymmetric cryptography, e.g., RSA) –Hashing (one-way function - message digest, e.g., MD5)Security services –Privacy (Secrecy): preventing unauthorized release of information –Authentication: verifying identity of the remote participant –Integrity: making sure message has not been altered Security Cryptography algorithms Public key (e.g., RSA) Secret key (e.g., DES) Message digest (e.g., MD5) Security services AuthenticationPrivacyMessage integrity

7 Given the encryption key, easy to find decryption key Secret-key cryptography is called symmetric-key cryptography because they used the same key for encryption and decryption. The data encryption standard (DES): –block cipher adopted by the US Government in Jan. 1977. –encryption based on 56-bit key. The Advanced Encryption Standard (AES) –In November 2001, Rijndael become US Government Standard. Secret-Key Cryptography

8 Public-Key Cryptography Public-key cryptography has the property: –Distinct keys are used for encryption and decryption. –Given a well-chosen encryption key, it is virtually impossible to discover the corresponding decryption key. The encryption key can be made public and only the private decryption key kept secret.

9 Substitute Cipher: each letter or group of letter is replaced by another letter or group of letters –Caesar cipher: rotate the letter (a  D, b  E, c  F, z  C). Example: attack  DWWDFN –Monoalphabetic substitution Each letter replaced by different letter Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM Disadvantage: It does not smooth out frequencies in the cipher text. –Polyalphabatic cipher – use multiple cipher alphabets. Secret-Key Cryptography

10 Transposition cipher: reorder the letters, but don't disguise them. select a key MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a n s f e r o n e h u n d r e d  afnsedtoelnhesurndpaeerr Plain text  cipher text Secret-Key Cryptography

11 Transposition Ciphers A transposition cipher.

12 One-Time Pads The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the ciphertext by the use of some other pad.

13 Quantum Cryptography An example of quantum cryptography.

14 Symmetric-Key Algorithms DES – The Data Encryption Standard AES – The Advanced Encryption Standard Cipher Modes Other Ciphers Cryptanalysis

15 Product Ciphers Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.

16 Data Encryption Standard The data encryption standard. (a) General outline. (b) Detail of one iteration. The circled + means exclusive OR.

17 Triple DES (a) Triple encryption using DES. (b) Decryption.

18 AES – The Advanced Encryption Standard Rules for AES proposals 1.The algorithm must be a symmetric block cipher. 2.The full design must be public. 3.Key lengths of 128, 192, and 256 bits supported. 4.Both software and hardware implementations required 5.The algorithm must be public or licensed on nondiscriminatory terms.

19 AES (2) An outline of Rijndael.

20 AES (3) Creating of the state and rk arrays.

21 Electronic Code Book Mode The plaintext of a file encrypted as 16 DES blocks.

22 Cipher Block Chaining Mode Cipher block chaining. (a) Encryption. (b) Decryption.

23 Cipher Feedback Mode (a) Encryption. (c) Decryption.

24 Stream Cipher Mode A stream cipher. (a) Encryption. (b) Decryption.

25 Counter Mode Encryption using counter mode.

26 Cryptanalysis Some common symmetric-key cryptographic algorithms.

27 Public-Key Algorithms RSA Other Public-Key Algorithms

28 Public-Key Cryptography Public-key cryptography uses an encryption algorithm E and a decryption algorithm D such that deriving D is effectively impossible even with a complete description of E. You can encrypt without knowing how to decrypt. Requirements: –D (E(P)) = P –It is extremely difficult to deduce the decryption key from the encryption key. –E cannot be broken by a plaintext attack.

29 Public-Key Cryptography All users pick a public key/private key pair –publish the public key –private key not published Public key is the encryption key –private key is the decryption key

30 Public-Key Cryptosystems: RSA RSA, named after its inventors Rivest, Shamir, and Adlemean, a public-key cryptographic algorithm. The security of RSA comes from the fact that no methods are known to efficiently find the prime factors to large numbers. For example, 2100 can be written as 2100 = 2 x 2 x 3 x 5 x 5 x 7 making 2, 3, 5, and 7 the prime factors in 2100. In RSA, the private and public keys are constructed from very large prime numbers. It turns out breaking RSA is equivalent to finding those two prime numbers.

31 Public-Key Cryptography RSA (Rivest, Shamir, Adleman) Algorithm: –choose 2 large primes, p and q > 10^100. –compute n=pq and z=(p-1)(q-1). –choose a number relatively prime to z (that is, such that d has no common factors with z ) and call it d. – find e such that e x d mod z = 1. Group P into blocks such that C=P e (mod n) and P=C d (mod n) where 0 <= P < n

32 Public-Key Cryptography Example: p=13 q=17  n = 13 x 17 = 221 z = (13 – 1) x (17 – 1) = 192. let d=5 (prime to z) e x d = 1 mod 192 = 1, 193, 385,... 385 is divisible by d e = 385/5 = 77 Example: p=3 q=11  n = 3 x 11 = 33 z = (3 – 1) x (11 – 1) = 20. let d=7 (prime to z) 7 x e mod 20 = 1  e=3 C = P 3 (mod 33), P = C 7 (mod 33)

33 RSA An example of the RSA algorithm.

34 Digital Signatures Symmetric-Key Signatures Public-Key Signatures Message Digests The Birthday Attack

35 One-Way Functions Function such that given formula for f(x) –easy to evaluate y = f(x) But given y –computationally infeasible to find x Example: Those functions used in public-key cryptography.

36 Digital Signatures Digital signatures make it possible to sign email messages and other digital documents in such a way that they cannot be repudiated by the sender later. Steps to use digital signatures: –The sender runs the document through a one-way hashing algorithm –The sender applies his private key to the hash to get D(hash). This is called the signature block. –The receiver computes the hash of the document using MD5 or SHA and then applies the sender’s public key to the signature block to get E(D(hash)). Compare these two.

37 Symmetric-Key Signatures Digital signatures with Big Brother.

38 Public-Key Signatures Digital signatures using public-key cryptography.

39 Message Digests Digital signatures using message digests.

40 SHA-1 Use of SHA-1 and RSA for signing nonsecret messages.

41 SHA-1 (2) (a) A message padded out to a multiple of 512 bits. (b) The output variables. (c) The word array.

42 Digital Signatures The most popular hashing functions used are: –MD5 (Message Digest) –SHA (Secure Hash Algorithm) The public key is usually published. To avoid altering, message senders can attach a certificate to the message, which contains: –The user’s name –The public key –Digitally singed by a trusted third party

43 Management of Public Keys Certificates X.509 Public Key Infrastructures

44 Problems with Public-Key Encryption A way for Trudy to subvert public-key encryption.

45 Certificates A possible certificate and its signed hash.

46 X.509 The basic fields of an X.509 certificate.

47 Public-Key Infrastructures (a) A hierarchical PKI. (b) A chain of certificates.

48 Communication Security IPsec Firewalls Virtual Private Networks Wireless Security

49 IPsec The IPsec authentication header in transport mode for IPv4.

50 IPsec (2) (a) ESP in transport mode. (b) ESP in tunnel mode.

51 Firewalls A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. Rest of the InternetLocal siteFirewall

52 Firewalls A firewall consisting of two packet filters and an application gateway.

53 Virtual Private Networks (a) A leased-line private network. (b) A virtual private network.

54 802.11 Security Packet encryption using WEP.

55 Authentication Protocols Authentication Based on a Shared Secret Key Establishing a Shared Key: Diffie-Hellman Authentication Using a Key Distribution Center Authentication Using Kerberos Authentication Using Public-Key Cryptography

56 Authentication Based on a Shared Secret Key Two-way authentication using a challenge-response protocol.

57 Authentication Based on a Shared Secret Key (2) A shortened two-way authentication protocol.

58 Authentication Based on a Shared Secret Key (3) The reflection attack.

59 Authentication Based on a Shared Secret Key (4) A reflection attack on the protocol of Fig. 8-32..

60 Authentication Based on a Shared Secret Key (5) Authentication using HMACs.

61 Establishing a Shared Key: The Diffie-Hellman Key Exchange The Diffie-Hellman key exchange.

62 Establishing a Shared Key: The Diffie-Hellman Key Exchange The bucket brigade or man-in-the-middle attack.

63 Authentication Using a Key Distribution Center A first attempt at an authentication protocol using a KDC.

64 Authentication Using a Key Distribution Center (2) The Needham-Schroeder authentication protocol.

65 Authentication Using a Key Distribution Center (3) The Otway-Rees authentication protocol (slightly simplified).

66 Authentication Using Kerberos The operation of Kerberos V4.

67 Authentication Using Public-Key Cryptography Mutual authentication using public-key cryptography.

68 Example Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

69 E-Mail Security PGP – Pretty Good Privacy PEM – Privacy Enhanced Mail S/MIME

70 PGP – Pretty Good Privacy PGP in operation for sending a message.

71 PGP – Pretty Good Privacy (2) A PGP message.

72 Web Security Threats Secure Naming SSL – The Secure Sockets Layer Mobile Code Security

73 Secure Naming (a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.

74 Secure Naming (2) How Trudy spoofs Alice's ISP.

75 Secure DNS An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed has of the A and KEY records to verify their authenticity.

76 Self-Certifying Names A self-certifying URL containing a hash of server's name and public key.

77 SSL—The Secure Sockets Layer Layers (and protocols) for a home user browsing with SSL.

78 SSL (2) A simplified version of the SSL connection establishment subprotocol.

79 SSL (3) Data transmission using SSL.

80 Java Applet Security Applets inserted into a Java Virtual Machine interpreter inside the browser.

81 Social Issues Privacy Freedom of Speech Copyright

82 Anonymous Remailers Users who wish anonymity chain requests through multiple anonymous remailers.

83 Freedom of Speech Possibly banned material: 1.Material inappropriate for children or teenagers. 2.Hate aimed at various ethnic, religious, sexual, or other groups. 3.Information about democracy and democratic values. 4.Accounts of historical events contradicting the government's version. 5.Manuals for picking locks, building weapons, encrypting messages, etc.

84 Covert Channels Pictures appear the same but information is hidden in the image. It is called steganography. Picture on right has text of 5 Shakespeare plays –encrypted, inserted into low order bits of color values Zebras Hamlet, Macbeth, Julius Caesar Merchant of Venice, King Lear

Download ppt "Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Crytography Chapter 8.

Crytography Chapter 8.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Cryptographic Technologies

Cryptographic Technologies
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 8 Network Security 4/17/2017 www.noteshit.com.

Chapter 8 Network Security 4/17/2017
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.

Similar presentations

Ads by Google