MOD1
MOD1
MODULE I
1
Module 1
(Basics of Security and Traditional Cryptosystems)
OSI security architecture – Security attacks, Services,
Mechanisms. Cryptography vs Cryptanalysis. Classical
encryption techniques – Symmetric cipher model.
Substitution ciphers – Monoalphabetic vs
Polyalphabetic ciphers, Caesar cipher, Affine cipher,
Playfair cipher, Vigenere cipher, Hill cipher.
Transposition ciphers – Keyless, Keyed, Double
transposition
2
Module 2
(Modern Symmetric Key Cryptosystems)
Symmetric key ciphers – Block vs Stream ciphers, Block
cipher components, Product ciphers, Feistel and
Non-Feistel ciphers. Data Encryption Standard (DES)
– Structure, Key generation, Design criteria,
Weaknesses, Double DES, Triple DES. Advanced
Encryption Standard (AES) – Structure, Key
expansion. Block cipher modes of operation –
Electronic Codebook Mode (ECB), Cipher Block
Chaining Mode (CBC), Cipher Feedback Mode (CFB),
Output Feedback Mode (OFB), Counter Mode (CTR).
Stream ciphers – Structure, RC4.
3
Module 3
(Public Key Cryptosystems)
Introduction to public key cryptosystems –
Principles, Applications, Requirements,
Conventional vs Public key cryptosystems. RSA
cryptosystem – Algorithm, Security, Attacks.
ElGamal cryptosystem – Algorithm. Diffie-
Hellman key exchange – Algorithm, Man-in-
the-middle attack. Elliptic Curve Cryptography
(ECC) – ElGamal ECC, Key exchange using ECC .
4
Module 4
Message Integrity and Authentication)
(
6
7
MODULE I
8
Definitions
• Computer Security
– Generic name for the collection of tools
designed to protect data and to defeat hackers
• Network Security
– Measures to protect data during their
transmission
• Internet Security
– Measures to protect data during their
transmission over a collection of interconnected
networks
9
OSI Security Architecture
• “Security Architecture for OSI”
– A systematic way of defining and providing
security requirements
10
Aspects of Security
• 3 aspects of information security:
– security attack
– security mechanism
– security service
• terms
– threat – a potential for violation of security
– attack –a deliberate attempt to evade
security services
11
Security Attack: Any action that compromises the
security of information.
Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
Security Service: A service that enhances the
security of data processing systems and
information transfers.
A security service makes use of one or more
security mechanisms.
12
Security Attacks
Kavitha N 13 13
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than
detection
• By means of encryption
14
Passive Attacks (1)
Release of Message Contents
15
Passive Attacks (2)
Traffic Analysis
16
• Active attacks try to alter system resources or affect
their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade
– Replay
– Modification of messages
– Denial of service: preventing normal use
• Difficult to prevent
– The goal is to detect and recover
17
Active Attacks (1)
Masquerade
18
Active Attacks (2)
Replay
19
Active Attacks (3)
Modification of Messages
20
Active Attacks (4)
Denial of Service
21
Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modfication: This is an attack on
integtrity
• Fabrication: This is an attack on
authenticity
N
22
Security Attack
Classification
23
Security Service
– enhance security of data processing
systems and information transfers of an
organization
– intended to counter security attacks
– using one or more security mechanisms
24
3 Primary Security
Goals
27
Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment,
– digital signatures,
– access controls,
– authentication exchange
28
Model for Network Security
• communication across internet
• Techniques for providing security have 2
components
–Transformation of infmn
–Some secret infmn shared by sender and
receiver, unknown to opponent
Trusted third party is needed to achieve secure
transmission
Kavitha N 29 29
Kavitha N 30 30
Model for Network Security…
• Secret-Key cryptography
• Public-Key
• One-way functions
• Digital Signatures
Kavitha N 33 33
Secret-Key cryptography
Kavitha N 34 34
Public-Key Cryptography
• Everyone picks a public key and a private key.
• Public key: Encryption key
Private key: Decryption key
• Public key is published.
• Sender encrypts with receiver’s public key.
• Receiver decrypts with his private key.
Kavitha N 35 35
One-Way Functions
Kavitha N 36 36
Digital Signatures
Kavitha N 37 37
CRYPTOGRAPHY
38
Introduction
Greek: “krypto” = hide
Cryptology – science of hiding
40
Cryptographic goals
Confidentiality:
ensuring that information is accessible only to
those authorized to have access
Data integrity:
ensuring that the data is correct and complete
Authentication:
ensuring that the user who attempts to access
information or perform functions in a system is
the user who is authorized to do so.
41
Cryptographic goals…
Non-repudiation:
the sender and the recipient were, in fact,
the parties who claimed to send or receive the
message
non-repudiation of origin proves that data has
been sent
non-repudiation of delivery proves it has been
received.
42
Classification of Cryptography
49
cryptanalysis
2 general approaches
1. Cyptanalysis: rely on
- the nature of the algorithm
-Some knowledge of the plain text characteristics
-some known plain text –cypher text pairs
2. Brute-force attack
-tries every possible key on a piece of cipher text ,
- on average half of all possible keys must be tried
50
Cryptanalysis…
• various types of cryptanalytic attacks based on
the amount of information known to the
cryptanalyst
• brute-force approach is trying all possible keys.
• If the key space is very large, this becomes
impractical.
• the opponent must rely on an analysis of
the ciphertext itself, generally applying various
statistical tests to it.
51
Cryptanalysis…
• the opponent must have some general idea of
the type of plaintext that is concealed.
• such as English or French text, an EXE file, a Java
source listing, an accounting file, and so on.
52
53
54
More Definitions
• unconditionally secure
– no matter how much computer power is available,
the cipher cannot be broken since the ciphertext
provides insufficient information to uniquely
determinehe corresponding plaintext
• computationally secure
• The cost of breaking the cipher exceeds the value of
the encrypted information.
• The time required to break the cipher exceeds the
useful lifetime of the information.
Symmetric-key ciphers
Stream cipher
takes the plaintext string and produces a
ciphertext string using key stream
Block cipher
breaks up the plaintext into blocks of a fixed
length, and then
encrypts one block at a time.
Stream cipher is specific case of block cipher
with the size of 1
56
Symmetric Cipher Model
57
Substitution Ciphers
Letters of plaintext are replaced by other
letters or by numbers or symbols
58
Caesar Cipher
59
Caesar Cipher
Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
60
Cryptanalysis of Caesar Cipher
Only have 25 possible ciphers
A maps to B,..Z
61
Affine Cipher
broaden to include multiplication
can define affine transformation as:
c = E(k, p) = (ap + b) mod (26)
p = D(k, c) = (a-1(c – b)) mod (26)
key k=(a,b)
a must be relatively prime to 26
so there exists unique inverse a-1
Caesar cipher is Affine cipher with a=1
k=(17,3):
Affine Cipher - Example
64
65
Tutorial I
Plaintext: ifwewishtoreplaceletters
67
• Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
68
Monoalphabetic Cipher
Security
Now have a total of 26! = 4 x 1026 keys
Is that secure?
Problem is language characteristics
Human languages are redundant
Letters are not equally commonly used
69
standard frequency distribution for English
70
Example Cryptanalysis
Given ciphertext:
71
Example Cryptanalysis
• it seems likely that cipher letters P and Z are the
equivalents of plain letters e and t, but it is not certain
which is which.
• The letters S,U,O, M, and H are all of relatively high
frequency and probably correspond to plain letters from
the set {a, h, i, n, o, r, s}.
• The letters with the lowest frequencies (namely,A, B,G,Y,
I, J) are likely included in the set {b, j, k, q, v, x, z}.
72
Example Cryptanalysis
Guess P & Z are e and t
73
Playfair Cipher
-not even the large number of keys in a monoalphabetic
cipher provides security
-one approach to improving security was to encrypt
multiple letters
-the Playfair Cipher is an example
-invented by Charles Wheatstone in 1854, but named
after his friend Baron Playfair
74
Playfair Key Matrix
a 5X5 matrix of letters based on a keyword
fill in letters of keyword
fill rest of matrix with other letters
eg. using the keyword MONARCHY
75
Playfair Key Matrix -Encrypting and
Decrypting
77
Playfair Key Matrix..
Eg:
Encrypt : security
decrypt “FHXNMKHNVZ”
78
Security of the Playfair Cipher
81
Vigenere Cipher…
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w
13 14 15 16 17 18 19 20 21 22
x y Z
23 24 25
82
Security of Vigenere
Ciphers
83
Autokey Cipher
n o p q r s t u v w
13 14 15 16 17 18 19 20 21 22
x y Z
23 24 25
86
Hill Cipher
• Polyalphebetic Cipher developed by the
mathematician Lester Hill in 1929.
• Use Linear algebra- matrix arithmetic modulo
26.
• Use a square matrix M for encryption and M-1
for decryption
• M(M-1) = M-1M = I
• I – Identity matrix .
87
Hill Cipher…
88
Hill Cipher…
• Determinant
k11k22 - k12k21
90
THE HILL ALGORITHM
91
THE HILL ALGORITHM…
92
THE HILL ALGORITHM…
93
Transposition Ciphers
transposition or permutation ciphers
These hide the message by rearranging the
letter order, without altering the actual
letters used
Can recognise these since have the same
frequency distribution as the original text
94
Rail Fence cipher
Write message letters out diagonally over a
number of rows
Then read off cipher row by row
E.g., write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
Giving ciphertext
MEMATRHTGPRYETEFETEOAAT
95
Row Transposition Ciphers
a more complex scheme
write letters of message out in rows over a specified
number of columns
then reorder the columns according to some key before
reading off the rows
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext:
TTNAAPTMTSUOAODWCOIXKNLYPETZ
96
Keyless transposition
• Two methods for permutations
– Text is written into a table column by column and
then transmitted row by row.
– Text is written into a table row by row and then
transmitted column by column.
– Rail fence cipher is keyless transposition.
97
Keyless transposition
– Sender and receiver agree on the number of
columns and use the second method
98