Códigos y Criptografía Francisco Rodríguez Henríquez Security Attacks: Active and Passive Active...
-
Upload
lindsey-jackson -
Category
Documents
-
view
214 -
download
0
Transcript of Códigos y Criptografía Francisco Rodríguez Henríquez Security Attacks: Active and Passive Active...
Códigos y Criptografía Francisco Rodríguez Henríquez
Security Attacks: Active and Passive• Active
• Masquerade (impersonation)• Replay
• Modification of message
• Denial of service
• Passive• Traffic analysis
• Release of message contents
Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks
• Interruption
• Interception
• Modification
• FabricationAnita Betito
Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks: Interruption
• Interruption
• Interception
• Modification
• FabricationAnita Betito
• Availability
Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks: Interception
• Interruption
• Interception
• Modification
• Fabrication Anita Betito
• Confidentiality
Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks: modification
• Interruption
• Interception
• Modification
• Fabrication Anita Betito• Integrity
Códigos y Criptografía Francisco Rodríguez Henríquez
Classes of Security Attacks: fabrication
• Interruption
• Interception
• Modification
• FabricationAnita Betito
• Authenticity
Códigos y Criptografía Francisco Rodríguez Henríquez
Security Services
• Confidentiality - protect info value • Authentication - protect info origin (sender)
• Identification - ensure identity of users
• Integrity - protect info accuracy • Non-repudiation - protect from deniability • Access control - access to info/resources • Availability - ensure info delivery
Códigos y Criptografía Francisco Rodríguez Henríquez
Some Practical Applications "Any sufficiently advanced technology is indistinguishable from
magic.” Arthur C. Clarke.
• secure mail• secure communications• network authentication• electronic voting• electronic notary• digital money (digital wallet)• data distribution
Códigos y Criptografía Francisco Rodríguez Henríquez
Secure Mail: PGP (Pretty Good Privacy)• Pretty Good Privacy was created by Philip R. Zimmermann. For that,
he was the target of a three-year criminal investigation, because the US government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite of this government persecution, PGP nonetheless became the most widely used email encryption software in the world.
• PGP is a freeware. A copy of the software can be obtain at,
PGP download site: http://web.mit.edu/network/pgp.html
Códigos y Criptografía Francisco Rodríguez Henríquez
Secure Communications• Scenarios
– Security for real-time electronic links– local area networks– link encryption– cellular (and ordinary) phones and faxes
• Goals– message privacy– sender and recipient authentication– non-repudiation
• Tools– key-agreement protocols– secret-key cryptosystems– public-key cryptosystems– digital signatures– certicates
Códigos y Criptografía Francisco Rodríguez Henríquez
Data Distribution• Scenarios
– conditional access TV – software distribution via CD ROM – information bulletin boards
• Goals– broadcast operation (TV, CD ROM) – message privacy – selective reception
• Tools– secret key cryptography – public key cryptography – secure hardware
Códigos y Criptografía Francisco Rodríguez Henríquez
Electronic Voting
• Scenarios– general elections– shareholders meetings– secure distributed computation
• Goals– anonymity– fairness– accountability
• Tools– RSA-based mathematics– blind signatures– sender untraceability protocols
Códigos y Criptografía Francisco Rodríguez Henríquez
Digital Money (Digital Wallet)• Scenarios
– replacement for paper money – more flexible than credit cards
• Goals– anonymity – untraceability – fairness – dividability – transferability – off line (from bank) operations – universality
• Tools– more RSA based mathematics – zero knowledge protocols – secure hardware tokens
Códigos y Criptografía Francisco Rodríguez Henríquez
Some Research Interests in Cryptography
• Design of cryptographic algorithms • Analysis of cryptographic algorithms • Design of cryptographic protocols • Hardware and software implementations
• Applications of cryptography
Códigos y Criptografía Francisco Rodríguez Henríquez
Cryptography Schemes
SenderSender ReceiverReceiver
AdversaryAdversary
Message
Problem: How to have secure communication over an insecure channel?
Códigos y Criptografía Francisco Rodríguez Henríquez
Solution A: Trusted Third Party
using this model requires us to: • design an algorithm for the security transformation
• generate the secret information used by the algorithm
• develop methods to distribute the secret information
• specify a protocol enabling the principals to use the
transformation & secret info for a security service
Códigos y Criptografía Francisco Rodríguez Henríquez
Solution B: Secret-key cryptography
SenderSender ReceiverReceiver
AdversaryAdversary
Ciphertext
•Exchange the key over a secure channel•Functions f(e; -) and g(d; -) are inverses of one another•Encryption and decryption processes are symmetric
key: e or d
C := f(e; M) M := g(d; C)
Códigos y Criptografía Francisco Rodríguez Henríquez
Problems with secret-key cryptography:
• requires establishment of a secure channel for key exchange
• two parties cannot start communication if they never met