Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

Published byWendy Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides."— Presentation transcript:

1 © Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides taken from Dr Lawrie Brown (UNSW@ADFA) for “Computer Security: Principles and Practice”, 1/e, by William Stallings and Lawrie Brown Faisal Karim Shaikh DEWSNet Group Dependable Embedded Wired/Wireless Networks www.fkshaikh.com/dewsnet

2 Computer Security 2 Cryptographic Tools  cryptographic algorithms important element in security services  review various types of elements  symmetric encryption  public-key (asymmetric) encryption  digital signatures and key management  secure hash functions  example is use to encrypt stored data

3 Computer Security 3 Some Basic Terminology  plaintext - original message  ciphertext - coded message  cipher - algorithm for transforming plaintext to ciphertext  key - info used in cipher known only to sender/receiver  encipher (encrypt) - converting plaintext to ciphertext  decipher (decrypt) - recovering ciphertext from plaintext  cryptography - study of encryption principles/methods  cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key  cryptology - field of both cryptography and cryptanalysis

4 Computer Security 4 Symmetric Encryption

5 Computer Security 5 Attacking Symmetric Encryption  cryptanalysis  rely on nature of the algorithm  plus some knowledge of plaintext characteristics  even some sample plaintext-ciphertext pairs  exploits characteristics of algorithm to deduce specific plaintext or key  brute-force attack  try all possible keys on some ciphertext until get an intelligible translation into plaintext

6 Computer Security 6 Exhaustive Key Search

7 Computer Security 7 Symmetric Encryption Algorithms

8 Computer Security 8 DES and Triple-DES  Data Encryption Standard (DES, 1977) is the most widely used encryption scheme  uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block  concerns about algorithm & use of 56-bit key  Triple-DES ( ANSI standard X9.17 in 1985 )  repeats basic DES algorithm three times  using either two or three unique keys  much more secure but also much slower

9 Computer Security 9 Advanced Encryption Standard (AES)  needed a better replacement for DES  NIST called for proposals in 1997  selected Rijndael in Nov 2001  published as FIPS 197  symmetric block cipher  uses 128 bit data & 128/192/256 bit keys  now widely available commercially

10 Computer Security 10 Block verses Stream Ciphers

11 Computer Security 11 Message Authentication  protects against active attacks  verifies received message is authentic  contents unaltered  from authentic source  timely and in correct sequence  can use conventional encryption  only sender & receiver have key needed  or separate authentication mechanisms  append authentication tag to cleartext message

12 Computer Security 12 Message Authentication Codes

13 Computer Security 13 Secure Hash Functions

14 Computer Security 14 Message Auth

15 Computer Security 15 Hash Function Requirements  applied to any size data  H produces a fixed-length output.  H(x) is relatively easy to compute for any given x  one-way property  computationally infeasible to find x such that H(x) = h  weak collision resistance  computationally infeasible to find y ≠ x such that H(y) = H(x)  strong collision resistance  computationally infeasible to find any pair (x, y) such that H(x) = H(y)

16 Computer Security 16 Hash Functions  two attack approaches  cryptanalysis exploit logical weakness in algexploit logical weakness in alg  brute-force attack trial many inputstrial many inputs strength proportional to size of hash code ( 2 n/2 )strength proportional to size of hash code ( 2 n/2 )  SHA most widely used hash algorithm  SHA-1 gives 160-bit hash  more recent SHA-256, SHA-384, SHA-512 provide improved size and security

17 Computer Security 17 Public Key Encryption Diffie and Hellman (1976)

18 Computer Security 18 Public Key Authentication

19 Computer Security 19 Public Key Requirements 1.computationally easy to create key pairs 2.computationally easy for sender knowing public key to encrypt messages 3.computationally easy for receiver knowing private key to decrypt ciphertext 4.computationally infeasible for opponent to determine private key from public key 5.computationally infeasible for opponent to otherwise recover original message 6.useful if either key can be used for each role

20 Computer Security 20 Public Key Algorithms  RSA (Rivest, Shamir, Adleman)  developed in 1977  only widely accepted public-key encryption alg  given tech advances need 1024+ bit keys  Diffie-Hellman key exchange algorithm  only allows exchange of a secret key  Digital Signature Standard (DSS) (1991)  provides only a digital signature function with SHA-1  Elliptic curve cryptography (ECC)  new, security like RSA, but with much smaller keys

21 Computer Security 21 Public Key Certificates X.509 standard

22 Computer Security 22 Digital Envelopes

23 Computer Security 23 Random Numbers  random numbers have a range of uses  requirements:  randomness  based on statistical tests for uniform distribution and independence  unpredictability  successive values not related to previous  clearly true for truly random numbers  but more commonly use generator

24 Computer Security 24 Pseudorandom verses Random Numbers  often use algorithmic technique to create pseudorandom numbers  which satisfy statistical randomness tests  but likely to be predictable  true random number generators use a nondeterministic source  e.g. radiation, gas discharge, leaky capacitors  increasingly provided on modern processors

25 Computer Security 25 Practical Application: Encryption of Stored Data  common to encrypt transmitted data  much less common for stored data  which can be copied, backed up, recovered  approaches to encrypt stored data:  back-end appliance  library based tape encryption  background laptop/PC data encryption

26 Computer Security 26 Summary  introduced cryptographic algorithms  symmetric encryption algorithms for confidentiality  message authentication & hash functions  public-key encryption  digital signatures and key management  random numbers

Download ppt "© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Lecture 3: Cryptographic Tools

Lecture 3: Cryptographic Tools
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

Similar presentations

Ads by Google