IS-842 Advance Cryptography - I Lecture PDF

Advance Cryptography – I IS – 842 LECTURE NO. 1 TAHIRA ALI Introduction of Cryptography  Cryptology is the science of secure communications.  Cryptography creates messages whose meaning is hidden (Graphy is writing and representation in a specified manner).  Cryptanalysis is the science of breaking encrypted messages (recovering their meaning).  Many use the term cryptography in place of cryptology: it is important to remember that cryptology encompasses both cryptography and cryptanalysis. Introduction of Cryptography  A cipher is a cryptographic algorithm.  A plaintext is an unencrypted message.  Encryption converts the plaintext to a cipher text.  Decryption turns a cipher text back into a plaintext. History of Cryptography  1900 BC: One of the first implementations of cryptography was found in the use of non-standard hieroglyphs carved into the wall of a tomb from the Old Kingdom of Egypt.  1500 BC: Clay tablets found in Mesopotamia contained enciphered writing believed to be secret recipes for ceramic glazes.  650 BC: Ancient Spartans used an early transposition cipher to scramble the order of the letters in their military communications. The process works by writing a message on a piece of leather wrapped around a hexagonal staff of wood known as a scytale. When the strip is wound around a correctly sized scytale, the letters line up to form a coherent message; however, when the strip is unwound, the message is reduced to ciphertext.  100-44 BC: To share secure communications within the Roman army, Julius Caesar is credited for using what has come to be called the Caesar Cipher, a substitution cipher wherein each letter of the plaintext is replaced by a different letter determined by moving a set number of letters either forward or backward within the Latin alphabet. Type of Security Models  No Security  Security via Obscurity  Host Security  Network Security Security Models  No Security: In this simplest case, the approach could be a decision to implement no security at all.  Security via Obscurity: A system is secure simply because nobody knows about its existence and content. Security Models  Host Security: The security of each host is enforced individually.  Network Security: Host security is tough to achieve as an organizations grow and become more diverse. In this technique, the focus is to control network access to various hosts and their services, rather than individual host security. This is very efficient and scalable model. Security Management Practices  Good security management practices always talk of the security policy being in place.  A good security policy and its proper implementation go a long way in ensuring adequate security management practices. Security Management Practices  A good security policy generally takes care of four key aspects.  Affordability – How much money and efforts does the security implementation cost.  Functionality – What is the mechanism of providing security.  Cultural Issues – Does the policy gel well with the people’s expectations, working style and beliefs?  Legality – Does the policy meet the legal recruitments. Key Aspects of Security Policy  Once the security policy is in place, the following points should be ensured. A good security policy generally takes care of four key aspects.  Explanation of the policy to all the concerned.  Outline every one responsibilities.  Use simple language in all communications.  Accountability should be established. Principles of Security  Confidentiality  Integrity  Authentication  Non-Repudiation  Availability  Access Control Principles of Security – A Use Case  Let us assume that a person A wants to send a cheque worth Rs.10,000 to another person B. Normally, what are the factors that A and B will think of, in such case ?  A will write the cheque for Rs.10,000, put it inside an envelop, and send it to B. Principles of Security – Confidentiality Principles of Security – Integrity Principles of Security – Authentication Principles of Security – Availability Principles of Security  Non-Repudiation – Does not allow the sender of a message to refuse the claim of not sending that message.  Access Control – Access control specifies and controls who can access what. Types of Attacks Active Attacks Example of Active Attack  Replay Attacks – A users captures a sequence of events, or some data units and resend them. Active Attacks – A Use Case  For instance, suppose user A want to transfer some amount to user C’s Bank account.  User A might send an electronic message to bank B, requesting for the fund transfer.  User C could capture this message and send a second copy of the same to Bank B.  Bank B would have no idea that this is an unauthorized message and would treat this as a second and different fund transfer request from user A.  Therefore, user C would get the benefit of the funds transfer twice : once authorized and other one through replay attacks. Passive Attacks  A Passive attack attempts to learn or make use of information from the system but does not affect system resources.  Passive Attacks are in the nature of eavesdropping on or monitoring transmission. The goal of the opponent is to obtain information that is being transmitted. Passive attacks involve an attacker passively monitoring or collecting data without altering or destroying it. Examples of Passive Attacks  Packet Sniffing: An attacker monitors unencrypted network packets to gather information, such as usernames, passwords, or email content.  Wiretapping: Unauthorized interception of phone calls or other communication signals to gain access to sensitive information.  Eavesdropping: An attacker listens in on network traffic to collect sensitive information. Computer Virus  A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.  Computer virus also refers to a program which damages computer systems and/or destroys or erases data files. Worm  Worm - is a self-replicating program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.  It is a small piece of software that uses computer networks and security holes to replicate itself.  A copy of the worm scans the network for another machine that has a specific security hole.  It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Trojan Horse  A Trojan Horse is a hidden piece of code , like a virus.  Whereas a Trojan Horse attempts to reveal confidential information to an attacker.  It silently sit in the code for a login screen by attaching itself to it.  When the user enters the user ID and password the Trojan horse captures these details and sends this information to the attacker. Questions & Answers! Thank you!

IS-842 Advance Cryptography - I Lecture PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue