8/7/2019 Lecture 15-Network Security Part I
1/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 1
14/4/2011
NETWORK SECURITY
24/4/2011
Network security is needed to protect data during their transmission and to guarantee that data transmissionsare authentic.
The three requirements of network security are : Secrecy : Information available in the computer should only be
accessed by the authorized users. Integrity : Information can only be modified by authorized
parties. Availability : Information made available only to authorized
parties.
34/4/2011
Security attack include : Interruption : System or information destroyed or unusable to
user. Interception : Unauthorized person or party gains access to the
data. Modification : Unauthorized person gains access to the data and
modify the data. Fabrication : Unauthorized person gains control over network
and transmit fabricated data Security attacks could be of
Passive attacks : monitors the transmissions and do not involveany modification of data.
Active attacks : it modifies the data
44/4/2011
Counter measures : Implementing encrypted data transfer Use of passwords/keys Usage of firewalls and network security protocols
8/7/2019 Lecture 15-Network Security Part I
2/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 2
54/4/2011
Cryptography
Cryptography is the art of converting the originalintelligible message, referred to as plaintext intorandom nonsense, referred to as ciphertext.
The process of converting the plaintext into ciphertext iscalled encryption. The reverse process is calleddecryption. The user can do the decryption only byusing a secret key.
can be characterized by:
type of encryption operations used substitution / transposition / product
number of keys used single-key or private / two-key or public
way in which plaintext is processed block / stream
64/4/2011
Plaintext vs. Ciphertext P(plaintext): the original form of a message C(ciphertext): the encrypted form
Basic operations plaintext to ciphertext: encryption: C = E(P) ciphertext to plaintext: decryption: P = D(C) requirement: P = D(E(P))
74/4/2011
Cryptography cryptography means hidden writing, the practice of using
encryption to conceal text
Cryptanalysis cryptanalyst studies encryption and encrypted message, with
the goal of finding the hidden meaning of the messages cryptanalyst can do any or all of three different things:
attempt to break a single message attempt to recognize patterns in encrypted messages, in order
to be able to break subsequent ones by applying astraightforward decryption algorithm
attempt to find general weakness in an encryption algorithm,without necessarily having intercepted any messages
Cryptology includes both cryptography and cryptanalysis
84/4/2011
Breakable encryption An encryption algorithm may be breakable, meaning that given
enough time and data, an analyst could determine the algorithm practicality is an issue
for a given cipher scheme, there may be 10 30 possibledecipherments, so the task is to select the right one out of the 10 30
cryptanalyst cannot be expected to try just the hard, longway another efficient algorithm may exist
estimates of breakability are based on current technology budget dependent
8/7/2019 Lecture 15-Network Security Part I
3/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 3
94/4/2011
Keyless Cipher a cipher that does not require the use of a key
key cannot be changed
Two forms of encryption substitution: one letter is exchanged for another transposition: the order of the letters is rearranged
104/4/2011
Simple substitution
Simple substitution use a correspondence table
substitute each character by another character or symbol
monoalphabetic cipher one-by-one
Named for Julious Caesar Caesar used a shift of 3
translation chart
E(TREATY IMPOSSIBLE) = wuhdwb lpsrvvleoh E(T) = w, E(R)=u, etc.
Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext d e f g h I j k l m n o p q r s t u v w x y z a b c
The Caesar Cipher
114/4/2011
Advantages and Disadvantages of the Caesar Cipher advantage
easy to use
disadvantage simple structure easy to break
124/4/2011
Permutation based generalization of the Caesar cipher permutation
1-1
example: use more complex rule
use a key , a word that controls the enciphering
Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext k e y a b c d f g h i j l m n o p q r s t u v w x z
key: estart key: k key: y
8/7/2019 Lecture 15-Network Security Part I
4/12
8/7/2019 Lecture 15-Network Security Part I
5/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 5
174/4/2011
Transposition A transposition cipher is an encoding process thatdoes not change any of the letters of the original
message, but changes the position of the letters One simple transposition cipher reverses the order of
the letters. For example, the message
THE GAME IS AFOOT becomes the EHTEMAG SI TOOFA.
Such "backward writing" is easy to recognize anddecode.
By analogy, transposition ciphers are like jigsaw puzzles
All the pieces are present, its just a matter of putting them in the correct order
184/4/2011
Transposition-based Ciphers
In a transposition-based cipher, the order of theplaintext is not preserved
As a simple example, select a key such asCOMPUTER
Number the letters of the word COMPUTER in the
order they appear in the alphabet1 4 3 5 8 7 2 6
C O M P U T E R
194/4/2011
Transposition-based Ciphers (continued)
Now take the plaintext message and write it under thekey1 4 3 5 8 7 2 6
C O M P U T E R
t h i s i s t h
e b e s t c l a
s s i h a v e e
v e r t a k e n
204/4/2011
Transposition-based Ciphers (continued)
Then read the ciphertext down the columns, startingwith the column numbered 1, followed by columnnumber 2
TESVTLEEIEIRHBSESSHTHAENSCVKITAA
8/7/2019 Lecture 15-Network Security Part I
6/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 6
214/4/2011
Symmetric and AsymmetricKeys
224/4/2011
encryptionbox
decryptionbox
encrypted messageencrypted message
bad guylistening in
plain textplain textmessagemessage
plain textplain textmessagemessage
KEYKEY KEYKEY
234/4/2011
Features : As a password is used to
access a computer system, acryptographic key is apassword or passphrase that isused to unlock an encryptedmessage.
Mathematical functions thatwork in tandem with a key
Same plaintext data encryptsinto different cipher text withdifferent keys
Security of data relies on: Strength of the algorithm Secrecy of the key
Key Generation
244/4/2011
Key generation is the process of generating keys for cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted.Modern cryptographic systems include symmetric-keyalgorithms (such as DES and AES) and public-keyalgorithms (such as RSA).
Symmetric-key algorithms use a single shared key; keeping datasecret requires keeping this key secret.Public-key algorithms use a public key and a private key. The
public key is made available to anyone (often by means of a digitalcertificate). A sender will encrypt data with the public key; only theholder of the private key can decrypt this data.
In encryption systems that use a cipher algorithm, messagescan be much longer than the key. The key must, however, belong enough so that an attacker cannot try all possiblecombinations.A key length of 80 bits is generally considered the minimumfor strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong.
8/7/2019 Lecture 15-Network Security Part I
7/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 7
254/4/2011
Encryption with key encryption key: K E decryption key: K D C = E(K E, P) P = D(K D, E(K E, P))
Symmetric When encryption and decryption keys are the same
D and E are mirror images of each other
P = D (K, E(K,P)) Asymmetric
When the encryption and decryption keys are different
P = D(K D E (K E ,P))
264/4/2011
Encryption Decryption
Key
Plaintext CiphertextOriginal
Plaintext
Encryption Decryption
Plaintext CiphertextOriginal
Plaintext
Encyption KeyK E
Decyption KeyK D
KE KD
KE = KD
274/4/2011
Symmetric Vs AsymmetricAlgorithms
Type of Algorithm Advantages Disadvantages
Symmet ric Single key Require s sender and receiver to agree on a key beforetransmission of data
Security lies only with the keyHigh cost
Asymmetric Encryption anddecryption keys aredifferentDecryption key cannotbe calculated fromencryption key
Security of keys can becompromised when malicioususers post phony keys
284/4/2011
Symmetric Encryption
8/7/2019 Lecture 15-Network Security Part I
8/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 8
294/4/2011
Encryption Using aSymmetric Algorithm
304/4/2011
Symmetric Algorithms
Usually use same key for encryption and decryption Encryption key can be calculated from decryption key
and vice versa Require sender and receiver to agree on a key before
they communicate securely Security lies with the key Also called secret key algorithms, single-key algorithms,
or one-key algorithms
314/4/2011
Categories of Algorithms Stream algorithms
Operate on the plaintext one bit at a time
Block algorithms Encrypt and decrypt data in groups of bits, typically 64 bits in
size
Stream Cipher
convert one symbol of plaintext immediately intoa symbol of ciphertext
Block Cipher
convert a group of plaintext symbols as oneblock
324/4/2011
Stream Ciphers Advantage
Speed of Transposition Low error propagation
Disadvantage Low diffusion
subject to the tools such as frequency distribution, digram analysis,the index of coincidence, and the Kasiski method
Susceptibility to malicious insertions and modifications integrity
8/7/2019 Lecture 15-Network Security Part I
9/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 9
334/4/2011
Block Cipher
Disadvantages the strengths of stream cipher
speed error propagation
Advantages Diffusion
information from the plaintext if diffused into several ciphertext symbols one ciphertext block may depend on several plaintext letters
Immunity to insertions: integrity it is impossible to insert a single symbol into one block the length of the block would then be incorrect, and the decipherment
would quickly reveal the insertion active interceptor cannot simply cut one ciphertext letter out of a
message and paste a new one in to change an account, a time, a date,or a name of a message
344/4/2011
Asymmetric Algorithms Use different keys for encryption and decryption Decryption key cannot be calculated from the encryption
key Anyone can use the key to encrypt data and send it to
the host; only the host can decrypt the data Also known as public key algorithms
354/4/2011
Asymmetric Key Algorithm
364/4/2011
8/7/2019 Lecture 15-Network Security Part I
10/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 10
374/4/2011
Common Encryption Algorithms
Lucifer (1974) Diffie-Hellman
(1976) RSA (1977) DES (1977)
Triple DES (1998) IDEA (1992) Blowfish (1993) RC5 (1995)
384/4/2011
DIGITAL SIGNATURE
394/4/2011
A digital signature or digital signature scheme is amathematical scheme for demonstrating the authenticityof a digital message or document. A valid digitalsignature gives a recipient reason to believe that themessage was created by a known sender, and that itwas not altered in transit. Digital signatures arecommonly used for software distribution, financialtransactions, and in other cases where it is important todetect forgery or tampering.
Digital signatures employ a type of asymmetriccryptography.
404/4/2011
A digital signature scheme typically consists of threealgorithms: A key generation algorithm that selects a private key uniformly
at random from a set of possible private keys. The algorithmoutputs the private key and a corresponding public key .
A signing algorithm that, given a message and a private key,produces a signature.
A signature verifying algorithm that, given a message, publickey and a signature, either accepts or rejects the message'sclaim to authenticity.
Two main properties are required. First, a signature generated from a fixed message and fixed
private key should verify the authenticity of that message byusing the corresponding public key.
Secondly, it should be computationally infeasible to generate avalid signature for a party who does not possess the private key.
8/7/2019 Lecture 15-Network Security Part I
11/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 11
414/4/2011
Digital signature can provide authentication, integrity, andDigital signature can provide authentication, integrity, andnonrepudiationnonrepudiation for a message.for a message. Authentication : receiver needs to be sure of the senders
identity and an imposter has not sent the message. Integrity : the data must arrive at the receiver exactly as they
were sent. Nonrepudiation : the receiver must be able to prove that a
received message came from a specific sender.
The idea of digital signature is similar to the signing of adocument.
Signing the entire document Signing the condensed version of the document
424/4/2011
SIGNING THE ENTIRE DOCUMENT
The sender uses the private key to encrypt (sign). The receiver uses the public key of the sender to decrypt
the message. Digital signature does not provide privacy. If there is a
need for privacy, another layer of encryption/decryptionmust be applied.
434/4/2011
SIGNING THE DIGEST
To create digest of the message, a hash function isused. Most common hash function is MD5(Message Digest 5) and
SHA-1(Secure Hash Algorithm 1) MD5 creates 120-bit digest and SHA-1 creates 160-bit digest
444/4/2011
Hash function guarantee success. Because Digest can only be created from the message, not vice versa Hashing is one-to-one function; there is little probability that two
messages will create the same digest.
After the creation of digest, it is encrypted usingsenders private key.
Encrypted digest is attached to the original messageand sent to the receiver.
Receiver receives original message and encrypteddigest and apply hash function to create digest.
Receiver then decrypts the received digest using publickey of the sender.
If the two digests are the same the signature is valid.
8/7/2019 Lecture 15-Network Security Part I
12/12
CS65-COMPUTER NETWORKS Dept. of EEE
Prepared by S.Muralidharan 12
454/4/2011 464/4/2011
474/4/2011
Contents of a typical digital certificate Serial Number : Used to uniquely identify the certificate. Subject : The person, or entity identified. Signature Algorithm : The algorithm used to create the signature. Issuer : The entity that verified the information and issued the certificate. Valid-From : The date the certificate is first valid from. Valid-To : The expiration date. Key-Usage : Purpose of the public key (e.g. encipherment, signature,
certificate signing...). Public Key : the purpose of SSL when used with HTTP is not just to
encrypt the traffic, but also to authenticate who the owner of the website is,and that someone's been willing to invest time and money into proving theauthenticity and ownership of their domain.
Thumbprint Algorithm : The algorithm used to hash the certificate. Thumbprint : The hash itself to ensure that the certificate has not been
tampered with.
Top Related