INS unit 1.pdf
Document Details
Uploaded by BestTroll
Vivekananda Global University Jaipur
Tags
Related
- Chapter 7 - 01 - Discuss Essential Network Security Protocols - 03_ocred_fax_ocred.pdf
- Chapter 7 - 01 - Discuss Essential Network Security Protocols - 05_ocred_fax_ocred.pdf
- ACN - Security.pdf
- IT502 - Information Security.pdf
- four (2).pdf
- 3. Technical Network Security_e828335af0701d1b4091018c4a51d486.pdf
Full Transcript
VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Information and Network Security Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: ...
VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Information and Network Security Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Textbook(s): 1) Cryptography and Network Security: Principles and Practice 5th Edition, William Stallings, Pearson,2010 Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce What is Network Combination of multiple computers Need for forming Network? To share data To share resources Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Network Security Network security is the security provided to a network from unauthorized access and risks. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Basic Terminologies PlainText- original message to be encrypted.(readable format ) Ciphertext-the encrypted message (non readable format) Encryption-the process of converting plain text into cipher text. Encryption algorithm-perform encryption 2 i/p->plain text and secret key Decryption-Recovering Plain Text from Cipher Text 2 i/p->ciphertext and secret key Decryption algorithm-Perform Decryption Secret Key- used as an input to a mathematical function to encrypt a plaintext message Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix "crypt-" means "hidden" -- and the suffix "-graphy" stands for "writing.(study of Encryption) Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Cryptanalysis- is the process of studying cryptographic systems to look for weaknesses or leaks of information Cryptology- crptoraphy+cryptanalysis. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Types of Encryption Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s memory. Bit by bit Valid only for short length message Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key.As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce The OSI Security Architecture The OSI Security architecture is useful t manage the task of providing security. ITU-T4 recommendation X.800 security architecture for OSI,defines such as Systematic approach. Focuses on security attacks, mechanism, and services. Security attack OSI Security Architecture Security mechanism Security Services Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Security attack-any action which can harm the security of information owned by an organization. Security mechanism-A process designed to detect, prevent or recover from security attack. Security Services-processing or communication services that enhance the security of the data processing system Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Key Principles of security /Security Services Confidentiality Authentication Integrity Non Repudiation Access Control Availability Note: CAINAA Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Confidentiality- Confidentiality ensures that no one can read the message except intended receiver. Limiting information Preventing access Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Authentication Process of recognizing user’s identity. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Integrity No modification should be done during transmission. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Non repudiation Non repudiation prevents either sender or receiver from denying a transmitted message. Sender and receiver can prove message has been sent or received. Prevents from DOS. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Access Control The principle of access control determines who should be able to access what. Authentication and Authorization Authorization Access permission Whether the user is having the access permission or not. What the user want to do. Authentication Who is doing the actual work. Example: ATM Card Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Availability Refers to the availability of information to authorized users. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Security Attack Security attacks are unauthorized actions against private, corporate or governmental IT assets in order to destroy them, modify them or steal sensitive data. Two types of Security Attack Active Attack Passive Attack Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Passive Attack Attacker does not perform any modification. Only aim to obtain the information Prevention rather than detection. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Passive Attack The main goal of a passive attack is to obtain unauthorized access to the information Passive attacks are the attacks where the attacker indulges in unauthorized eavesdropping. The eavesdropper does not make any changes to the data or the system. just monitoring the transmission or gathering information. No Data modification Unauthorized deletion of data. With a passive attack, the attacker tries to collect or learn information from the application but does not affect the application itself. Denial of access to information for legitimate users (denial of service). Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti…… Example: These actions are passive in nature, as they neither affect information nor disrupt the communication channel. A passive attack is often seen as stealing information. The only difference in stealing physical goods and stealing information is that theft of data still leaves the owner in possession of that data. Passive information attack is thus more dangerous than stealing of goods, as information theft may go unnoticed by the owner. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Key Differences Between Active and Passive Attacks The active attack includes modification of the message. On the other hand, in passive attacks, the attacker doesn’t commit any changes to the intercepted information. The active attack causes a huge amount of harm to the system while the passive attack doesn’t cause any harm to the system resources. A passive attack is considered as a threat to data confidentiality. In contrast, an active attack is a threat to the integrity and availability of the data. The attacked entity is aware of the attack in case of active attack. As against, the victim is unaware of the attack in the passive attack. The active attack is accomplished by gaining the physical control over the communication link to capture and insert transmission. On the contrary, in a passive attack, the attacker just needs to observe the transmission. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Two kinds of passive attack. Release of content Traffic Analysis Release of content Only eavesdropping. Eavesdropping-means no modification will be done just they listen to message. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti……. Traffic analysis traffic analysis (TA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. Common use cases for NTA include: Collecting a real-time and historical record of what’s happening on your network Detecting malware Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Active Attack An active attack involves changing the information in some way by conducting some process on the information. For example, Modifying the information in an unauthorized manner. Initiating unintended or unauthorized transmission of information. Alteration of authentication data such as originator name or timestamp associated with information Unauthorized deletion of data. Denial of access to information for legitimate users (denial of service). Types of Active Attack Masquerade Attack Replay Attack Data Modification Denial of Service Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti……… Masquerade Attack Receiver will receives the data from the third party on the name of the sender. masquerade attack in which unauthorized attacker tries to pose as another entity. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti……… Replay Attack original message will be gained by 3rd party modify and send again to the receiver. Receiver receive altered message. Receiver will receive 2 message Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti……… Data Modification original message will be received by third party. Modified original message and then it will be sent to the receiver. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti……… Denial of Service The 3rd party interrupt the services sends by the server. DOS prevents the normal use or management of communication. Disruption of an entire network either by disabling the network or by overloading it with message so as to degrade performance. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Security Mechanism Designed to detect, prevent, or recover from security attack Security mechanism are technical tools and techniques. Defined by X.800 as follows. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Security Mechanism 1. Encipherment:This is hiding or covering of data which provides confidentiality. Cryptography and Steganography are used for enciphering 2. Digital Integrity:Data integrity is preserved by comparing check value received to the check value generated. 3. Digital Signature:A digital signature is a means by which the sender can electronically sign the data and the receiver can electronically verify the signature. Public and private keys can be used. 4.Authentication Exchange:In this two entities exchange some messages to prove their identity to each other. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce 5. Traffic Padding:Traffic padding means inserting some bogus data into the data traffic to thwart the adversary’s attempt to use the traffic analysis. 6. Routing Control:Routing control means selecting and continuously changing different available routes between sender and receiver to prevent the opponent from eavesdropping on a particular route. 7. Notarization:Notarization means selecting a third trusted party to control the communication between two entities. The receiver can involve a trusted third party to store the sender request in order to prevent the sender from later denying that she has made a request. 8. Access Control:Access control used methods to prove that a user has access right to the data or resources owned by a system. Examples of proofs are passwords and PINs. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Cryptography- Is the process performing encryption and decryption. Cryptanalysis- It is the technique of decoding message from non-readable format into red able format without knowing how they were converted from readable format in non readable format. Cryptology It is the combination of cryptography and cryptanalysis. Plain text or clear Text-Readable The text signifies a message that can be understood by a sender, the recipient and also by any one get access to their message Cipher Text- coded text It is the codified form of a plain text message. Encryption- It is the process of converting plain text into cipher text. Decryption It is process of converting cipher text into plain text. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Cryptography? Cryptography is the practice and study of techniques for securing communication and data in the presence of adversaries. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce What is encryption? Encryption is a way of scrambling data so that only authorized parties can understand the information. In technical terms, it is the process of converting plaintext to ciphertext. Encryption requires the use of an encryption key: a set of mathematical values that both the sender and the recipient of an encrypted message know. Truly secure encryption will be complex enough that a third party is highly unlikely to decrypt the ciphertext by brute force – in other words, by guessing. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce What are the different types of encryption? The two main kinds of encryption are : symmetric encryption asymmetric encryption/public key encryption. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Symmetric Key Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. By using symmetric encryption algorithms, data is converted to a form that cannot be understood by anyone who does not possess the secret key to decrypt it. The secret key that the sender and recipient both use could be a specific password/code or it can be random string of letters or numbers that have been generated by a secure random number generator (RNG). Denoted By-> KS Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Asymmetric key Cryptography Pair of keys Public key Private key Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Here one key you used in encryption process and another key used for decryption. Public key->KU Private key->KR Example user A is having KUA and KRA ENC->KUA DEC->KRA Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Types of symmetric Encryption Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key.As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks. Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s memory. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Classification of encryption Techniques Types of encryption technique Substitution Transposition Substitution Plain text message are replaced by other characters, number or symbol. Substitution Technique have 4 technique Ceaser cipher Monoalphabetic cipher Play fair cipher Hill cipher Polyalphabetic cipher Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce ceaser cipher The Caesar cipher is named after the legendary Roman emperor Julius Caesar, It is a simple substitution cipher. Here encryption done by replacing an alphabet 3 places down the line. For example: Plain Text HELLO Cipher Text:KHOOR Here key->3 Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Modified Ceaser Cipher Modified Caesar cipher is an extension to Caesar cipher Here an alphabet may not be replaced with a single other alphabet based on 3 position after,it could be replaced with an alphabet n=k, k position after. To crack this kind of cipher text the attacker needs to make 25 attempts for 26 letters in English. Key is numerical range from 18 bit sub keys Cipher Text-64 bit Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti…. Data Encryption Standard (DES) is a block cipher algorithm that takes plain text in blocks of 64 bits and converts them to ciphertext using keys of 48 bits. It is a symmetric key algorithm, which means that the same key is used for encrypting and decrypting data. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti…. DES is based on the two fundamental attributes of cryptography: substitution (also called as confusion) and transposition (also called as diffusion). DES consists of 16 steps, each of which is called as a round. Each round performs the steps of substitution and transposition. Let us now discuss the broad-level steps in DES. 1. In the first step, the 64 bit plain text block is handed over to an initial Permutation (IP) function. 2. The initial permutation performed on plain text. 3. Next the initial permutation (IP) produces two halves of the permuted block; says Left Plain Text (LPT) and Right Plain Text (RPT). 4. Now each LPT and RPT to go through 16 rounds of encryption process. 5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the combined block 6. The result of this process produces 64 bit cipher text. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce conti… Initial Permutation (IP) – As we have noted, the Initial permutation (IP) happens only once and it happens before the first round. It suggests how the transposition in IP should proceed, as show in figure. For example, it says that the IP replaces the first bit of the original plain text block with the 58th bit of the original plain text, the second bit with the 50th bit of the original plain text block and so on. This is nothing but jugglery of bit positions of the original plain text block. the same rule applies for all the other bit positions which shows in the figure. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti…. As we have noted after IP done, the resulting 64-bit permuted text block is divided into two half blocks. Each half block consists of 32 bits, and each of the 16 rounds Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Strength of DES Strength- The strength of DES - a. The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A brute force attack on such number of keys is impractical.(With a key of length n bits, there are 2n possible keys) Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Double DES Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Double DES is a encryption technique which uses two instance of DES on same plain text. In both instances it uses different keys to encrypt the plain text. Both keys are required at the time of decryption. The 64 bit plain text goes into first DES instance which than converted into a 64 bit middle text using the first key and then it goes to second DES instance which gives 64 bit cipher text by using second key. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Triple DES with 2 keys k3 Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Triple DES with 3 keys Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Triple DES is a encryption technique which uses three instance of DES on same plain text. Here k1 k2 and k3 are all different from each other. To decrypt C.T and to obtain the plain text we need to perform the following operation P=DK3(DK2(DK1[c])) C=EK3(EK2(EK1[P]))) Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce AES Block Size-128 bit plain text No of rounds-10 rounds Key size-128 bit(28byte/16 bytes) No of rounds depends on the key size Key Length No of Rounds 128 bits 10 192 bits 12 256 bits 14 Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… AES was developed by NIST(National Institute of Standards and Technology) in 1997. It was developed for replacing DES which was slow and was vulnerable to various attacks. So, therefore, a new encryption algorithm was made to overcome the shortcomings of DES. AES was then published on 26th November 2001. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: ShiftRows In the ShiftRows operation, each of these rows is shifted to the left by a set amount: their row number starting with zero. The top row is not shifted at all, the next row is shifted by one and so on. This is illustrated in the Figure below. MixColumns MixColumns phase provides diffusion by mixing the input around. Unlike ShiftRows, MixColumns performs operations splitting the matrix by columns instead of rows. VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce RSA algorithm RSA algorithm is a public key encryption technique and is considered as the most secure way of encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence name RSA algorithm. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Algorithm The RSA algorithm holds the following features − RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers. The integers used by this method are sufficiently large making it difficult to solve. There are two sets of keys in this algorithm: private key and public key. Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Conti… Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper: VIVEKANAND EDUCATION SOCIETY’S College of Arts, Science and Commerce Thank You Name of the Teacher: Laxmi Tiwari Class: TYCS Subject INS Paper:
