Download presentation
1
Information Security Principles (ESGD4222)
Eng. Mohanned M. Dawoud Cryptography and Network Security
2
Textbook Cryptography and Network Security: Principles and Practice; By William Stallings, Fourth Edition Cryptography and Network Security
3
Grading and Others Grading Homework 20% Mid Term 25%
Report & Presentation % Final exam % Cryptography and Network Security
4
Topics Introduction Number Theory
Traditional Methods: secret key system Modern Methods: Public Key System Digital Signature and others Internet Security: DoS, DDoS Other topics: secret sharing, zero-knowledge proof, bit commitment, oblivious transfer,… Cryptography and Network Security
5
Organization Chapters Introduction Number Theory
Conventional Encryption Block Ciphers Public Key System Key Management Hash Function and Digital Signature Identification Secret Sharing Pseudo-random number Generation Security Internet Security Others Cryptography and Network Security
6
Cryptography and Network Security Introduction
Xiang-Yang Li Cryptography and Network Security
7
Introduction The art of war teaches us not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. --The art of War, Sun Tzu Cryptography and Network Security
8
Cryptography Cryptography (from Greek kryptós, "hidden", and gráphein, "to write") is, traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge — the art of encryption. Past: Cryptography helped ensure secrecy in important communications, such as those of spies, military leaders, and diplomats. Cryptography and Network Security
9
Crypto-graphy, -analysis, -logy
The study of how to circumvent the use of cryptography is called cryptanalysis, or codebreaking. Cryptography and cryptanalysis are sometimes grouped together under the umbrella term cryptology, encompassing the entire subject. In practice, "cryptography" is also often used to refer to the field as a whole; crypto is an informal abbreviation. Cryptography and Network Security
10
Approaches to Secure Communication
Steganography “covered writing” hides the existence of a message Cryptography “hidden writing” hide the meaning of a message Cryptography and Network Security
11
Stenography Example Last 2 bits Cryptography and Network Security
12
Network Security Model
Trusted Third Party principal principal Security transformation Security transformation attacker Cryptography and Network Security
13
Attacks, Services and Mechanisms
Security Attacks Action compromises the information security Could be passive or active attacks Security Services Actions that can prevent, detect such attacks. Such as authentication, identification, encryption, signature, secret sharing and so on. Security mechanism The ways to provide such services Detect, prevent and recover from a security attack Cryptography and Network Security
14
Attacks Passive attacks Active attacks Interception
Release of message contents Traffic analysis Active attacks Interruption, modification, fabrication Masquerade Replay Modification Denial of service Cryptography and Network Security
15
Information Transferring
Cryptography and Network Security
16
Attack: Interruption Cut wire lines, Jam wireless signals,
Drop packets, Cryptography and Network Security
17
Attack: Interception Wiring, eavesdrop
Cryptography and Network Security
18
Attack: Modification Replaced info intercept
Cryptography and Network Security
19
Also called impersonation
Attack: Fabrication Also called impersonation Cryptography and Network Security
20
Attacks, Services and Mechanisms
Security Attacks Action compromises the information security Could be passive or active attacks Security Services Actions that can prevent, detect such attacks. Such as authentication, identification, encryption, signature, secret sharing and so on. Security mechanism The ways to provide such services Detect, prevent and recover from a security attack Cryptography and Network Security
21
Important Services of Security
Confidentiality, also known as secrecy: only an authorized recipient should be able to extract the contents of the message from its encrypted form. Otherwise, it should not be possible to obtain any significant information about the message contents. Integrity: the recipient should be able to determine if the message has been altered during transmission. Authentication: the recipient should be able to identify the sender, and verify that the purported sender actually did send the message. Non-repudiation: the sender should not be able to deny sending the message. Cryptography and Network Security
22
Homework Describe two of the functions listed in Table 1.1 of the Textbook in half page for each one, be ready to discuss them in the next lecture. Deadline: Tuesday 3/3/2009
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.