ACN - Security.pdf

Full Transcript

ADVANCED COMPUTER
NETWORKS (ICTW485)
Overview
Overview of Security
Tenets of Network Security
Risk, threat and vulnerability
Cryptographic Principles, concepts & Terminologies
Types of Ciphers
What is Security?
“The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place:
◦ Physical security
◦ Personal security
◦ Operations security
◦ Communications security
◦ Network security
◦ Information security
NETWORK SECURITY
oIs a set of rules and configurations designed to
protect the integrity, confidentiality and accessibility
of computer networks and data using both software
and hardware technologies.
oNetwork security protects your network and data
from breaches, intrusions and other threats.
Model for Network Security
 Model for Network Security
using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the
algorithm
– develop methods to distribute and share the secret
information
– specify a protocol enabling the principals to use the
transformation and secret information for a security service
Network Access Security
 Network Access Security

using this model requires us to:
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorised
users access designated information or resources

trusted computer systems can be used to implement
this model
BASIC TERMS
oVulnerability
oThreat
oExploit
oRisk
otrust
VULNERABILITY
‘A weakness that may lead to undesirable consequences.’
Typical vulnerabilities include
◦ Hardware Vulnerability
◦ Software Vulnerability
◦ Procedure Vulnerability
◦ External or environmental Vulnerability
Cont.
THREAT
◦ ‘The danger that a vulnerability will actually be taken advantage of.’
◦ Describes how the vulnerability would be attacked:
◦ E.g., buffer overflow is the vulnerability, and the threat would be transmission
of a TCP/IP packet to cause buffer overflow.

◦ EXPLOIT
◦ An “exploit” is a an attack using known vulnerabilities
◦ “Zero-day” attack refers to attacks taking place before the vulnerability
becomes known to software
Cont.
RISK
‘A potential problem’, consisting of a
◦ Vulnerability
◦ Threat (attack rate)
◦ Extent of the consequences.

TRUST
‘A relationship between two entities where one entity allows the other to perform certain
actions.’
Tenets of Network Security
(also referred to as security goals)
Confidentiality
It means guarding information from everyone except those with rights
to it.

Confidentiality is a security feature to assure that information can only
be received by eligible communication parties.

In modern cryptography, confidentiality is achieved through applying
encryption mechanisms.
Integrity
Integrity is to assure that the information is not tampered with by a
noneligible party or through a transmission or storage error.
oIntegrity deals with the validity and accuracy of data.
oFor some organizations, data and information are intellectual
property assets. Examples include copyrights, patents, secret
formulas, and customer databases. This information can have great
value.
oInformation has integrity when it is whole, complete, and
uncorrupted.
Availability
The information created and stored by an organization needs
to be available to authorized entities.
Services, system, application & data should be accessible
when needed and without extra delay.
Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of
information or an information system.
BUSINESS EXAMPLE
Confidentiality — An employee should not come to know
the salary of his manager
Integrity — An employee should not be able to modify the
employee's own salary
Availability — Paychecks should be printed on time as
stipulated by law
Cryptographic Concepts, Principles
& Terminologies
Overview of Cryptology
 Concepts
Cryptology: science of encryption; combines cryptography and
cryptanalysis
Is the science of secure communication
Cryptology: cryptography + cryptanalysis
Cryptography: process of making and using codes to secure
transmission of information.
◦ The art and science of keeping messages secure.
◦ it is practiced by cryptographers.
 Cont.
Cryptanalysis: process of obtaining original message from
encrypted message without knowing algorithms.
the art and science of breaking ciphertext; that is, seeing through the
disguise.
Cryptanalysts are practitioners of cryptanalysis,
 Basic Terminologies
Plaintext: original message to be encrypted
Cipher-text: the encrypted message
Enciphering or encryption: the process of converting plaintext into
cipher-text
Encryption algorithm: performs encryption
Two inputs: a plaintext and a secret key
Deciphering or decryption: recovering plaintext from cipher-text
OTHER TRADITIONAL CIPHERS
SUBSTITUTION CIPHER
TRANSPOSITION CIPHER
 Substitution Cipher

A substitution cipher replaces one
symbol with another.
It can be categorized as either mono
alphabetic ciphers or polyalphabetic
ciphers
 Monoalphabetic Substitution

In monoalphabetic substitution, the
relationship between a symbol in
the plaintext to a symbol in the
ciphertext is always one-to-one.
 Monoalphabetic Ciphers

Additive ciphers/Shift ciphers
Multiplicative Ciphers
Affine Cipher
 Additive/Shift cipher
The simplest monoalphabetic cipher is the additive cipher. This
cipher is sometimes called a shift cipher and sometimes a Caesar
cipher, but the term additive cipher better reveals its
mathematical nature.

A shift cipher can also be described as
Encryption EK(x) = x + K mod 26
Decryption DK(x) = x - K mod 26
for English alphabet by setting up a correspondence
between alphabetic characters and residues modulo 26.
K=3 in Caesar Cipher.
Additive

When the cipher is additive, the
plaintext, ciphertext, and key are
integers in Z26.
 Shift Ciphers

replace letters of a message by other distinct letters a
fixed distance away
Famous shift cipher: Caesar Cipher
Shift by 3 letters
reputedly used by Julius Caesar (100 – 44 B.C.)

Plaintext: I CAME I SAW I CONQUERED
Ciphertext: L FDPH L VDZ L FRQTXHUHG
Multiplicative Ciphers

In a multiplicative cipher, the plaintext
and ciphertext are integers in Z26; the
key is an integer in Z26*.
 Affine Cipher
The cipher that we get after combining additive and multiplicative ciphers
is called affine cipher.
Monoalphabetic Substitution Cipher

Because additive, multiplicative, and affine
ciphers have small key domains, they are
very vulnerable to brute-force attack.
 Polyalphabetic Cipher
In polyalphabetic substitution, each occurrence of a character
may have a different substitute. The relationship between a
character in the plaintext to a character in the ciphertext is one-
to-many.
 Example Auto Key Cipher
Assume that Alice and Bob agreed to use an autokey cipher with initial key value k1
= 12. Now Alice wants to send Bob the message “Attack is today”. Enciphering is
done character by character.

Advantages : Hides the single-letter frequency statistics of the plain-text.
Disadvantages: Vulnerable to brute-force attack as additive cipher.
 Transposition Ciphers
A transposition cipher does not substitute one
symbol for another, instead it changes the location
of the symbols.
Keyless Transposition Ciphers
Keyed Transposition Ciphers
Combining Two Approaches
 Keyless Transposition
Simple transposition ciphers, which were used in the past, are
keyless.
A good example of a keyless cipher using the first method is the rail
fence cipher.
The ciphertext is created reading the pattern row by row. For
example, to send the message “Meet me at the park” to Bob, Alice
writes

She then creates the ciphertext “MEMATEAKETETHPR”.
Cont.
Alice and Bob can agree on the number of columns and use the
second method. Alice writes the same plaintext, row by row, in a
table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.
Symmetric-Key Ciphers
 Symmetric Encryption
Symmetric encryption: uses same “secret key” to
encipher and decipher message
◦Encryption methods can be extremely efficient, requiring
minimal processing
◦Both sender and receiver must possess encryption key
◦If either copy of key is compromised, an intermediate can
decrypt and read messages
 General idea of symmetric-key cipher

The original message from Alice to Bob is called plaintext; the message that is sent through the channel is called the
ciphertext. To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a shared secret key. To
create the plaintext from ciphertext, Bob uses a decryption algorithm and the same secret key.
Kerckhoff’s Principle

Based on Kerckhoff’s principle, one should always
assume that the adversary, Eve, knows the
encryption/decryption algorithm. The resistance of the
cipher to attack must be based only on the secrecy of
the key.
 Symmetric Encryption
There are two requirements for secure use of
conventional encryption:
We need a strong encryption algorithm.
Sender and receiver must have obtained copies of the
secret key in a secure fashion and must keep the key
secure. If someone can discover the key and knows the
algorithm, all communication using this key is readable.
 STREAM AND BLOCK CIPHERS

The literature divides the symmetric ciphers into
two broad categories: stream ciphers and block
ciphers. Although the definitions are normally
applied to modern ciphers, this categorization
also applies to traditional ciphers.
 Block Cipher
In a block cipher, a group of plaintext are encrypted together
creating a group of ciphertext of the same size.
A block cipher is a method of encrypting data in blocks to
produce ciphertext using a cryptographic key and algorithm.
The block cipher processes fixed-size blocks simultaneously,
as opposed to a stream cipher, which encrypts data one bit
at a time. Most modern block ciphers are designed to encrypt
data in fixed-size blocks of either 64 or 128 bits.
Block Cipher
 Block Cipher
A block cipher requires an initialization vector (IV) that is
added to the input plaintext in order to increase the
keyspace of the cipher and make it more difficult to use
brute force to break the key.
The IV is derived from a random number generator,
which is combined with text in the first block and the key
to ensure all subsequent blocks result in ciphertext that
does not match that of the first encryption block.
 Examples of Block Ciphers
DES – Data Encryption Standards
AES – Advanced Encryption Standards
Blowfish
Twofish
3DES
ETC.
 Stream Ciphers
A stream cipher encrypts a continuous string of binary numbers by using
time varying transformations on plaintext information. Therefore, this kind of
encryption operates bit-by-bit, using keystreams to create ciphertext for
arbitrary lengths of plaintext messages.
In stream cipher, one byte is encrypted at a time while in block cipher ~128
bits are encrypted at a time.
Initially, a key(k) will be supplied as input to pseudorandom bit generator
and then it produces a random 8-bit output which is treated as keystream.
The resulted keystream will be of size 1 byte, i.e., 8 bits.
Stream Cipher follows the sequence of pseudorandom number stream.
 Stream Cipher
One of the benefits of following stream cipher is to make cryptanalysis
more difficult, so the number of bits chosen in the Keystream must be long
in order to make cryptanalysis more difficult.
By making the key more longer it is also safe against brute force attacks.
The longer the key the stronger security is achieved, preventing any
attack.
Keystream can be designed more efficiently by including more number of
1s and 0s, for making cryptanalysis more difficult.
Considerable benefit of a stream cipher is, it requires few lines of code
compared to block cipher.
Stream Cipher
 Examples of Stream Ciphers
RC4 – Rivest Cipher
Salsa20
SEAL – Software-optimized Encryption Algorithm
HC-256
RABBIT
Grain etc.
ASYMMETRIC KEY
CIPHER
 Asymmetric Encryption
Asymmetric key cryptography uses two separate keys: one private and one
public.
Locking and unlocking in asymmetric-key cryptosystem
General idea of Asymmetric-key cipher
 CONT.
Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and ciphertext are
treated as integers in asymmetric-key cryptography.

Encryption/Decryption

C = f (Kpublic , P) P = g(Kprivate , C)
RSA Cryptosystem
The most common public-key algorithm is the RSA cryptosystem, named for its
inventors (Rivest, Shamir, and Adleman).
Encryption, Decryption and Key Generation in RSA
CONT.
RSA Encryption
RSA Decryption
TRIAL QUESTION

P and Q are two prime numbers. P=13 and Q=11. Take
Public key E=3. if original message is 00111011, then
what will be the ciphertext value and private key value
according to RSA Algorithm? Calculate the plaintext
value from the ciphertext.
Thank you