INTRODUCTION TO

CRYPTOGRAPHY AND NETWORK

SECURITY

CRYPTOGRAPH D R. FAHEEM MUSHTAQ

Y
AND
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Background
• Information Security requirements have changed in
recent times
• traditionally provided by physical and
administrative mechanisms
• computer use requires automated tools to protect
files and other stored information
• use of networks and communications links requires
measures to protect data during transmission
Aim of Course
• Our focus is on Cryptography & Network
Security which consists of measures to
discourage, prevent, detect, and correct
security violations that involve the
transmission & storage of information
 Course Contents
 Information security overview :
Goals, attacks, services, mechanisms &
techniques
 Maths for Symmetric Key Cryptography:
Modular Arithmetic, Congruence,
Groups, Rings & Finite Fields.
 Traditional Symmetric Key Ciphers:
Substitution, Transposition, One-time pad,
Steganography
 Modern Symmetric Key Ciphers:
Block cipher; DES, triple-DES, AES, Stream cipher;
RC4 & modes of cipher ops,
 Course Contents…cont’d
 Maths for asymmetric key cryptography: Number
Theory: Prime numbers, Euler’s theorem,
Primality testing, Factorization, Chinese
remainder theorem, Discrete logarithm
 Asymmetric key cryptography:
RSA, Elgamal & Elliptic curve cryptosystem
 Cryptographic Hash functions:
SHA-512 & Whirlpool
 Message Integrity & Authentication:
MDC, MAC, HMAC, Digital Signature &
Entity authentication
 Course Contents…cont’d
 Key Management:
KDC, KERBEROS, Diffie-Hellman,
CA, X.509 & PKI
 Security at Internet model layers:
Application layer; PGP & S/MIME
Transport layer; SSL & TLS Network
layer; IPsec
 E-Commerce Security:
Dual Signature & SET protocol

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

Course Learning Outcomes (CLOs):
At the end of the course, the students will be able
to:
Explain various security mechanisms work and correlate
these security mechanisms with security principles.
Identify various security mechanisms, and articulate
their advantages and limitations
Analyze working and performance of security
algorithms and protocols.
Apply security principles to solve problem.
 SECURITY GOALS

CRYPTOGRAPH
Y
AND
D R. FAHEEM MUSHTAQ
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Security Goals:
 There are three fundamental security goals
Security Goals
Confidentiality:
Refers to the concealment of secret or private
information from unauthorized persons.
Individual person or Organizations needs their
sensitive information must not be disclosed to
unauthorized persons.
Disclosure of secret information may harm an
organization severely.
Security Goals

Integrity:
Integrity means that changes in information needs
to be done only by authorized users and through
authorized mechanisms.
Availability:
Means the information needs to be available to
authorized entities when it is required.
 Taxonomy of
ATTACKS
CRYPTOGRAPH with Relation to Security Goals
Y
AND
D R. FAHEEM MUSHTAQ
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
SECURITY ATTACKS

 Any action that compromise security of information

owned by an organization is called security attack or
security threat
 The three goals of security-confidentiality, integrity, and
availability-can be threatened by security attacks.

Attacks Threatening Confidentiality

Attacks Threatening Integrity
Attacks Threatening Availability
Taxonomy of attacks with relation to Security Goals
 Attacks Threatening Confidentiality:

Snooping
Refers to unauthorized access to or interception of data.

Traffic analysis
Refers to obtaining some other type of information by monitoring
online traffic.
Other type of information may include email addresses of sender and
receiver, frequency of communication to help for guessing nature of
transaction.
Attacks Threatening Integrity:
Modification
Means that the attacker intercepts the message and changes it
Masquerading or spoofing
Happens when the attacker impersonates somebody else.
Replaying
Means the attacker obtains a copy of a message sent by a user and
later tries to replay it.
Repudiation Means that sender of the message might later deny that
she has sent the message; the receiver of the message might later deny
that he has received the message.
Attacks Threatening Availability:
Denial of service (DoS) is a very common attack. It may slow down
or totally interrupt the service of a system.
 PASSIVE
VERSUS
CRYPTOGRAPH ACTIVE ATTACK
Y
AND
D R. FAHEEM MUSHTAQ
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Taxonomy of attacks with relation to Security Goals
 SECURITY
SERVICES
CRYPTOGRAPH
Y
D R. FAHEEM MUSHTAQ
AND
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Security Services
• A processing or communication service which
enhance security of data processing systems and
information transfers of an organization intended
to counter security attacks using one or more
security mechanisms.

 ITU-T (X.800) defined five services related to the security

goals and attacks we defined in previous slides.
 Security Services

Data Confidentiality –Designed to protect of data from unauthorized disclosure

and traffic analysis
Data Integrity – Design to protect data from modification, insertion, deletion and
replaying by an attacker.
Authentication – Provides authentication of the party at the other end of the line.
Non-Repudiation - Protection against denial by one of the parties in a
communication
Access Control - Prevention of the unauthorized use of a resource
 SECURITY
MECHANISMS
CRYPTOGRAPH
Y
D R. FAHEEM MUSHTAQ
AND
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
Security Mechanism (X.800)

Process designed to detect, prevent, or recover

from a security attack
No single mechanism that will support all services
required. However, one particular service element
underlies many of the security mechanisms in use:
Cryptographic techniques
Hence our focus on this topic
Security Mechanism
Relation between Services and Mechanisms
 INTRODUCTION TO
CRYPTOGRAPHY AND NETWORK
SECURITY

CRYPTOGRAPH D R. FAHEEM MUSHTAQ

Y
AND
NETWORK
SECURITY

The Islamia University of Bahawalpur

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
TECHNIQUES

Mechanisms discussed in the previous sections are only

theoretical recipes to implement security. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.

 Cryptography
 Steganography
 Cryptography vs Steganography

Cryptography, a word with Greek origins,

means “secret writing.” However, we use the
term to refer to the science and art of
transforming messages to make them secure
and immune to attacks.

The word Steganography, with origin in

Greek, means “covered writing,” in contrast
with cryptography, which means “secret
writing.”
Model for Network Security

Using this model requires us to:

 Design a suitable algorithm for the security transformation
 Generate the secret information (keys) used by the algorithm
 Develop methods to distribute and share the secret information
 Specify a protocol enabling the principals to use the
transformation and secret information for a security service
Cryptography
Characterize cryptographic system by:
Type of encryption operations used
 Substitution / transposition / product

Number of keys used

 Single-key or private / two-key or public

Way in which plaintext is processed

 Block / stream
Symmetric Cipher Model
 Symmetric Encryption

Or conventional / private-key / single-key

Sender and recipient share a common key
All classical encryption algorithms are private-key
Was only type prior to invention of public-key in
1970’s
And by far most widely used
Model of Conventional Crypto System
Requirements
Two requirements for secure use of symmetric
encryption:
A strong encryption algorithm
A secret key known only to sender / receiver
Mathematically have:
 Y = EK(X)
 X = DK(Y)
Assume encryption algorithm is known (why?)
Implies a secure channel to distribute key
 Level of Security
Unconditional security
No matter how much computer power or time is available,
the cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext (only one-time-pad)

Computational security
Cost exceed the value of information
Time exceeds the useful life of information
Cryptanalysis

Objective to recover key not just message

General approaches:
Cryptanalytic attack

Brute-force attack
Cryptanalytic Attacks

Ciphertext only
• Only know algorithm & ciphertext, is statistical, can
identify plaintext
Known plaintext
• Also have plaintext for the ciphertext
Chosen plaintext
• Also can select plaintext and obtain ciphertext
Chosen ciphertext
• Also can select ciphertext and obtain plaintext
 Brute Force Search
 always possible to simply try every key
 most basic attack, proportional to key size
 assume either know / recognise plaintext

Key Size Number of Time required at 1 Time required at 106

(bits) Alternative Keys decryption/µs decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 5.4  1018 years
years
168 2168 = 3.7  1050 2167 µs = 5.9  1036 5.9  1030 years
years
26 characters 26! = 4  1026 2  1026 µs = 6.4 6.4  106 years
permutation  1012 years