Presentation is loading. Please wait.

Presentation is loading. Please wait.

I-4 security.

Published byShannon Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "I-4 security."— Presentation transcript:

1 i-4 security

2 Security taxonomy Physical security Resource exhaustion
Key-based security cryptography

3 Security dichotomy Computer (system) Security
automated tools and mechanisms to protect data in a computer, even if the computers are connected to a network against hackers (intrusion) against viruses against Denial of Service attacks Access control, authorization, … Internet (network) Security measures to prevent, detect, and correct security violations that involve the transmission of information in a network or interconnected network Everything on the network can be a target Every transmitted bit can be tapped

4 Friends and enemies: Alice, Bob, Trudy
well-known in network security world Bob, Alice want to communicate “securely” Trudy (intruder) may tap, delete, add, modify messages Alice Bob channel data, control messages secure sender secure receiver data data Trudy Source: Kurose at UMass

5 There are bad guys (and girls) out there!
Q: What can a “bad guy” do? A: A lot! eavesdrop: intercept messages Insert/modify/delete messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) Source: Kurose at UMass

6 Thwart the attacks! Basic Security services authentication
Access control confidentiality Data (or message) integrity Non-repudiation

7 More Security services
Anonymity Availability Accountability Privacy forensics

8 Security mechanisms Encipherment Message digest Digital Signatures
Encryption and decryption Keys Message digest Hash function characteristics it is easy to compute the hashed value for any given message, it is infeasible to find a message that has a given hash, it is infeasible to find two different messages with the same hash Can have a key (Cryptographic) Digital Signatures demonstrating the authenticity of a digital message or document

9 Meaning of Cryptography
from Greek Cryptos: secret, hidden graphos: writing cryptography: study of secret writing

10 Basics Encryption key Decryption key Encryption (Encipherment)
(Decipherment) Message (plaintext, cleartext) Ciphertext (cryptogram) plaintext cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - the study of principles/methods of deciphering ciphertext without knowing key

11 Classification of Cryptosystems
The way in which keys are used Symmetric cryptography Single key Public key cryptography Two keys the way in which plaintext is processed Block cipher Stream cipher

12 Symmetric cryptography

13 Symmetric Encryption also known as
Classical, conventional private-key single-key Secret key sender and recipient share a common key was only type prior to invention of public-key cryptography until second half of 1970’s

14 Symmetric Cipher Model
there must be a secure mechanism for the distribution of this key a priori

15 Requirements two requirements for secure use of symmetric encryption:
a strong encryption algorithm a secret key known only to sender / receiver Y = EK(X) X = DK(Y) assume encryption algorithm is known imply a secure channel to distribute the key

16 X-or() in cryptography
Sender wants to send M to receiver M (Original plaintext): 1010 K (Key): 0011 M  K = 1001 (Encrypted ciphertext) 1001 transmitted Receiver already knows K (M  K)  K= 1001  0011 = 1010 = M -> original message is restored!

17 Some primitives Substitution Permutation

18 Two types of symmetric ciphers
Stream cipher Encrypts one bit at a time RC4 Block cipher Encrypts a block of bits at a time DES, AES

19 Asymmetric cryptography Or Public key cryptography (PKC)

20 PKC – General Characteristics
public-key/two-key/asymmetric cryptography uses 2 keys public-key may be known by anybody, and can be used to encrypt messages, and verify signatures private-key known only to the recipient, used to decrypt messages, and sign (create) signatures keys are related to each other but it is not feasible to find out private key from the public one Modular arithmetic

21 PKC – General Characteristics
It is computationally easy to en/decrypt messages when the relevant keys are known RSA Trap-door one-way function ku: public-key, kr: private key Y=fku(X) easy, if ku and X are known X=fkr-1(Y)easy, if kr and Y are known, but infeasible if Y is known but kr is not known

22 Public-Key Cryptography: Encryption
Bob Alice

23 Another notation Alice has a public key, kp, and a secret key, ks
Alice’s public key is known to Bob Asymmetric Cipher: F-1(F(m,kp),ks) = m Bob Alice 1. Construct m 2. Compute c= F(m,kp) 3. Send c to Bob c 4. Receive c from Alice 5. Compute d=F-1(c,ks) 6. m = d

24 Public-Key Cryptography - Authentication
Commutative! Alice Bob

25 Why PKC? Initially developed to address two challenging issues:
key distribution symmetric crypto requires how to securely share the key in PKI you do not need to distribute/know secret keys, but you need trusted third parties digital signatures (non-repudiation) not possible with symmetric crypto

26 Diffie-Hellman (D-H) Algorithm
D-H model’s primary contribution: Take a prime p and a primitive element g Cyclic group in finite field Publicize both g and p Alice chooses some x  Zp* and sends (gx mod p) to Bob Bob chooses some y  Zp* and sends (gy mod p) to Alice Eve can see both (gx mod p) and (gy mod p) but she cannot calculate x or y Discrete logarithm problem

27 D-H Algorithm gx mod p gy mod p Alice Bob
Alice calculates the key; k = (gy)x mod p Bob calculates the same key; k = (gx)y mod p Since Eve does not know x or y, she cannot calculate the key k Diffie and Hellman developed this method to share a key using some publicly available information

28 PKC Applications 3 categories encryption/decryption digital signatures
to provide secrecy digital signatures to provide authentication and non-repudiation key exchange to agree on a session key (symmetric cipher) to encrypt data packets Why not use public/private keys?

29 MESSAGE INTEGRITY

30 Source: Kurose at UMass
Message Digest large message m H: Hash Function H(m) Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature” Note that H( ) is a many-to-1 function H( ) is often called a “hash function” MD5, SHA-1 Desirable properties: Easy to calculate Irreversibility: Can’t determine m from H(m) Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’) Seemingly random output Source: Kurose at UMass

31 Message Authentication Code (MAC)
compare s = shared secret Authenticates sender Verifies message integrity No encryption ! Also called “keyed hash” Notation: MDm = H(s||m) ; send m||MDm HMAC (Hash-based Message Authentication Code) Source: Kurose at UMass

32 Digital Signatures data integrity, non-repudiation, authentication
Basic idea use private key on the message to generate a piece of information that can be generated only by yourself because you are the only person who knows your private key public key can be used to verify the signature so everybody can verify Generally signatures are created and verified over the hash of the message Not over the original message. Why?

33 Digital Signature – RSA approach
Sender a Receiver M: message to be signed H: Hash function E: RSA Private Key Operation KRa: Sender’s Private Key D: RSA Public Key Operation KUa: Sender’s Public Key EKRa[H(M)] Signature of A over hash of M

Download ppt "I-4 security."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Network Security understand principles of network security:

Network Security understand principles of network security:
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google