Pptunit 1 - Introduction
Pptunit 1 - Introduction
18EC752
Dr. M. V. Mandi
Professor & Head, Dept. of ECE, Dr. AIT,
Bangalore
1
Topics
2
Textbook
– Cryptography and Network Security: Principles and
Practice: By William Stallings Pearson Education,
2003
Reference Books
– Cryptography & Network Security: By Behrouz
Forouzan, TMH, 2007
- Cryptography & Network Security: By Atul Kahate,
TMH, 2003
– Handbook of Applied Cryptography: By Alfred J.
Menezes, Paul C. van Oorschot and Scott A. Vanstone,
CRC Press
– Cryptography & Network Security with Source Code
in C: By Bruce Scheiner
3
Unit 1 – Introduction
4
Cryptography
5
Cryptography
• Past: Cryptography helped ensure secrecy in
important communications, such as those of spies,
military leaders, and diplomats.
– in widespread use by many civilians, and users are not aware of it.
6
Crypto-graphy, -analysis, -logy
• The study of how to circumvent the use of
cryptography is called cryptanalysis, or codebreaking.
• Cryptography and cryptanalysis are sometimes
grouped together under the umbrella term
cryptology, encompassing the entire subject.
• In practice, "cryptography" is also often used to refer
to the field as a whole; crypto is an informal
abbreviation.
• Cryptography is an interdisciplinary subject,
– Mathematics: number theory, information theory, computational complexity,
statistics and combinatorics
– Engineering
7
Close, but different fields
• Steganography
– the study of hiding the very existence of a message,
and not necessarily the contents of the message itself
(for example, microdots, or invisible ink)
– http://en.wikipedia.org/wiki/Steganography
• Traffic analysis
– which is the analysis of patterns of communication in
order to learn secret information
– http://en.wikipedia.org/wiki/Traffic_analysis
8
Stenography Example
Last 2 bits
9
Background
• Information Security requirements have changed in
recent times
11
Aim of Course
• Our focus is on Cryptography
• Consists of measures to deter, prevent, detect and
correct security violations that involve the transmission of
information
12
Services, Mechanisms, Attacks
• Need systematic way to define requirements
– Security service
– Security mechanism
– Security attack
13
Security Service
– is something that enhances the security of the
data processing systems and the information
transfers of an organization
– intended to counter security attacks
– make use of one or more security
mechanisms to provide the service
– replicate functions normally associated with
physical documents
• Eg: have signatures, dates; need protection from disclosure,
tampering, or destruction; be recorded or licensed
14
Security Mechanism
• a mechanism that is designed to detect, prevent,
or recover from a security attack
• no single mechanism that will support all
functions required
• however one particular element underlies many
of the security mechanisms in use:
cryptographic techniques
• hence our focus on this area
15
Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• have a wide range of attacks
• can focus of generic types of attacks namely
passive attacks or active attacks
16
Security Attack
• Passive attacks
– Interception
• Release of message contents
• Traffic analysis
• Active attacks
– Interruption, modification, fabrication
• Replay
• Modification
• Denial of service
17
Information Transferring
18
Attack: Interruption
19
Attack: Interception
Wiring,
eavesdrop
20
Attack: Modification
Replaced
intercept
info
21
Attack: Fabrication
22
In brief: Attacks, Services and Mechanisms
• Security Attacks
– Action compromises the information security
– Could be passive or active attacks
• Security Services
– Actions that can prevent, detect such attacks.
– Such as authentication, identification, encryption,
signature, secret sharing and so on.
• Security mechanism
– The ways to provide such services
– Detect, prevent and recover from a security attack
23
Some Basic Concepts
24
• Cryptography is the study of
Decipher P = D(K1)(C)
Plaintext ciphertext
Encipher C = E(K1)(P)
K1: from keyspace
26
OSI Security Architecture
• ITU-T (International Telecommunication Union
Telecommunication) standardization sector
recommendation X.800 Security Architecture for
OSI
• defines a systematic way of defining and
providing security requirement
27
Security Services
• X.800 defines it as: a service provided by a
protocol layer of communicating open systems,
which ensures adequate security of the systems
or of data transfers
• RFC 2828 defines it as: a processing or
communication service provided by a system to
give a specific kind of protection to system
resources
• X.800 defines it in 5 major categories
28
Security Services (X.800)
• Authentication - assurance that the
communicating entity is the one claimed
• Access Control - prevention of the
unauthorized use of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is
as sent by an authorized entity
• Non-Repudiation - protection against denial by
one of the parties in a communication
29
Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access
controls, data integrity, authentication etc.
30
Classify Security Attacks as
• passive attacks - eavesdropping on, or
monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data stream to:
– replay previous messages
– modify messages in transit
– denial of service
31
Model for Network Security
32
Model for Network Security
Trusted Third Party
principal principal
Security Security
transformation transformation
attacker
33
Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security
transformation
– generate the secret information (keys) used
by the algorithm
– develop methods to distribute and share the
secret information
– specify a protocol enabling the principals to
use the transformation and secret information
for a security service
34
Model for Network Access Security
35
Model for Network Access Security
• using this model requires us to:
– select appropriate gatekeeper functions (Firewall)
to identify users
– implement security controls to ensure only authorised
users access designated information or resources
36
Summary
• We have considered:
– computer, network, internet security
definitions
– security services, mechanisms and attacks
– X.800 standard
– models for network (access) security
37
Classical Encryption
Techniques
Symmetric Encryption
• mathematically have:
Y = EK(X)
X = DK(Y)
• general approaches:
– cryptanalytic attack
– brute-force attack
Cryptanalytic Attacks
• ciphertext only
– only know algorithm & ciphertext, is statistical, know or can
identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext
• chosen plaintext
– select plaintext and obtain ciphertext
• chosen ciphertext
– select ciphertext and obtain plaintext
• chosen text
– select plaintext or ciphertext to en/decrypt
More Definitions
• unconditional security
– no matter how much computer power or time is available, the
cipher cannot be broken since the ciphertext provides insufficient
information to uniquely determine the corresponding plaintext
• computational security
– given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher cannot
be broken
Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
Key Size (bits) Number of Time required at Time required at
Alternative 1 decryption/µs 106
Keys decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
Classical Substitution Ciphers
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
• given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
Row Transposition Ciphers
• a more complex transposition
• write letters of message out in rows over a
specified number of columns
• then reorder the columns according to some key
before reading off the rows
Key: 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Product Ciphers
• ciphers using substitutions or transpositions are not
secure because of language characteristics
• has drawbacks
– high overhead to hide relatively few info bits
Summary
• have considered:
– classical cipher techniques and terminology
– monoalphabetic substitution ciphers
– cryptanalysis using letter frequencies
– Playfair cipher
– polyalphabetic ciphers
– transposition ciphers
– product ciphers and rotor machines
– stenography