Chapter 8

Network Security
 What is network security?

Confidentiality: only sender, intended receiver

should “understand” message contents
 sender encrypts message
 receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
Access and Availability: services must be
accessible and available to users
Security Threats and Attacks

 eavesdrop: intercept messages

 actively insert messages into connection
 impersonation: can fake (spoof) source address
in packet (or any field in packet)
 hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
 denial of service: prevent service from being
used by others (e.g., by overloading resources)
cryptographic Tools

 cryptographic algorithms important

element in security services
 review various types of elements
 symmetric encryption
 public-key (asymmetric) encryption
 digital signatures and key management
 secure hash functions
Symmetric Encryption

 or conventional / secret-key / single-key

 sender and recipient share a common key
 all classical encryption algorithms are private-key
 was the only type of cryptography, prior to
invention of public-key in 1970’s
Basic Terminology

 plaintext - the original message

 ciphertext - the coded message
 cipher - algorithm for transforming plaintext to
ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering ciphertext from
plaintext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - the field of both cryptography and
cryptanalysis
Symmetric Cipher Model
Requirements

 Two requirements for secure use of

symmetric encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
 assume encryption algorithm is known
 implies a secure channel to distribute
key
Cryptography

• can be characterized by:

 type of encryption operations used
substitution / transposition / product
 number of keys used
single-key or secret-key vs two-key or
public-key
 way in which plaintext is processed
block / stream
Classical Substitution Ciphers

 where letters of plaintext are replaced

by other letters or by numbers or
symbols
 or if plaintext is viewed as a sequence
of bits, then substitution involves
replacing plaintext bit patterns with
ciphertext bit patterns
 Caesar Cipher
 earliest known substitution cipher
 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter on
 example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 What’s the key?
Caesar Cipher

 can define transformation as:

a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 mathematically give each letter a number
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
 then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
Playfair Cipher

 provides security one approach to improving

security was to encrypt multiple letters

 the Playfair Cipher is an example

 invented by Charles Wheatstone in 1854 but

named after his friend Baron Playfair
Playfair Cipher

 Playfair Key Matrix a 5X5 matrix of letters based

on a keyword
 fill in letters of keyword (sans duplicates)
 fill rest of matrix with other letters
 e.g. using the keyword MONARCHY
Encrypting and Decrypting

 plaintext is encrypted two letters at a time

1. if a pair is a repeated letter, insert filler like 'X'

2. if both letters fall in the same row, replace each

with letter to right (wrapping back to start from end)

3. if both letters fall in the same column, replace each

with the letter below it (wrapping to top from bottom)

4. otherwise each letter is replaced by the letter in the

same row and in the column of the other letter of the
pair
 Vigenère Cipher

 simplest polyalphabetic substitution cipher is the Vigenère

Cipher

 effectively multiple caesar ciphers

 key is multiple letters long K = k1 k2 ... kd

 ith letter specifies ith alphabet to use

 use each alphabet in turn

 repeat from start after d letters in message

 decryption simply works in reverse

Example
 write the plaintext out
 write the keyword repeated above it
 use each key letter as a caesar cipher key
 encrypt the corresponding plaintext letter
 eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Vigenere Cipher Table
Transposition Ciphers

 now consider classical transposition or

permutation ciphers
 these hide the message by rearranging
the letter order
 without altering the actual letters used
 can recognize these since have the
same frequency distribution as the
original text
Rail Fence cipher

 write message letters out diagonally over a

number of rows
 then read off cipher row by row
 Row Transposition Ciphers

 is a more complex transposition

 write letters of message out in rows over a specified
number of columns then reorder the columns
 according to some key before reading off the rows