Cryptography

Instructor:
Dr.Maaz bin ahmad.
[email protected]

1
Recall: Tasks involved in sending
Message

2
Recall: OSI Layers

3
 Need for Cryptography
• To securely transfer the message from
Sender to Receiver
• To hide the actual message from Interceptor
• To offer strongest methods to resist against
Crypt Analysis attacks

4
 Basic Terms to Remember

• Cryptography: The science of secret writing

with a goal of hiding the meaning of message
• Cryptanalysis: The science/Art of breaking
cryptosystems. 5
 Definitions
• Computer Security - generic name for the
collection of tools designed to protect data
and to stop attackers
• Network Security - measures to protect
data during their transmission
• Information Security – Computer sec +
Network sec

6
 Aim of Course
• our focus is on Internet Security

• consists of measures to prevent, detect, and

correct security violations that involve the
transmission of information.

7
Outline

8
Computer Security Concepts

11
 According to NIST……

• Confidentiality: Preserving authorized

restrictions on information access and disclosure.
• Integrity: Guarding against improper
information modification or destruction.
• Availability: Ensuring timely and reliable access
to and use of information.
12
 CIA Triad
• Confidentiality:
– Data Confidentiality: Assures that private on
confidential information is not made available or
disclosed to unauthorized individuals
– Privacy: Assures that individual controls what
information related to them.
• Integrity
– Data Integrity: Assures that information and programs
are changed in specified manner.
– System Integrity: Assures that system performs its
intended function.
• Availability: Assures that system works promptly and
13
service is not denied.
OSI Security Architecture

14
 Attacks, Services and
Mechanisms
• Security Attack: Any action that
compromises the security of information.
• Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
• Security Service: A service that enhances
the security of data processing systems and
information transfers. A security service
makes use of one or more security mechanisms.

15
Security Attacks

17
 Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• have a wide range of attacks
• can focus of generic types of attacks
• note: often threat & attack mean same
18
Security Attacks

19
 Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on
integrity
• Fabrication: This is an attack on
authenticity
20
 Classify Security Attacks as
• passive attacks - eavesdropping on, or
monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data
stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
21
22
Security Services

23
 Security Service
– is something that enhances the security of the
data processing systems and the information
transfers of an organization.

– intended to counter security attacks.

– make use of one or more security mechanisms

to provide the service.

24
 Security Services
• Authentication - assurance that the
communicating entity is the one claimed
• Access Control - prevention of the
unauthorized use of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is
as sent by an authorized entity
• Non-Repudiation - protection against denial by
one of the parties in a communication 25
 Security Services
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files
26
Security Mechanism

27
 Security Mechanism
• a mechanism that is designed to detect,
prevent, or recover from a security attack
• no single mechanism that will support all
functions required
• however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques
• hence our focus on this area
28
 Security Mechanism
• specific security mechanisms:

– encipherment, digital signatures, access

controls, authentication exchange, traffic
padding, routing control etc..

29
Model for Network Security

30
31
 Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security
transformation
– generate the secret information (keys) used by
the algorithm
– develop methods to distribute and share the
secret information
– specify a protocol enabling the principals to use
the transformation and secret information for a
security service
32
33
Model for Network Access Security

• using this model requires us to:

– select appropriate gatekeeper functions to
identify users

– implement security controls to ensure only

authorised users access designated information
or resources

34