Overview of Modern Cryptography Prepared By: Shaikh Amrin
Dec 21, 2015
Sender Receiver
Hiding Information
from unauthorize
d person
Preventing Information
from unauthorize
d modification
Should easily be
available to authorized
user.
Eavesdropper
Hello
3. Availability
1. Confidentialit
y2.
Integrity
1. ConfidentialityInformation is exchanged over
un-trusted network While exchange, Information should remain secret.
When we are storing an information it should not open up by eve.
Confidentiality= storage + transmission of
information.
2. IntegrityInformation is always changing
but can changed by only authorized user.ex: bank account withdraw can performed by account holder.
3. AvailabilityData must be available to
authorized user.Confidentiality and integrity
should not hinder the availability of data.
Attacks, Services and MechanismsSecurity Attacks: Action that compromise security.
Security Services: Services are designed to prevent security
attacks. Enhance the security of data processing
and transferring.Security Mechanism: Mechanism is used to provide security
services. Detect, prevent and recover from security
attack.
1. Cryptanalytic attackCryptography: Science of making cipher.Cryptanalysis: Science of breaking cipher.Cryptology: cryptography+ Cryptanalysis.
These attacks are combination of statistical and algebraic techniques to retrieve secret key of a cipher.
Ex: Brute force attack, Character frequency
Thread to Confidentiality
1. Snoopinghello
hello
Solution:• Use encryption to make information non-
intelligible for snooper
• Alice sends “hello” to Bob and if Eve retrieves “hello” so, we can say Eve is snooping over the channel or having control on channel.
2. Traffic AnalysisE(hello)
E(hello)
• even an encrypted message can be analyzed to obtain sender id, receiver id , nature of content (audio/video/text/music) from packet.
Thread to Integrity
E(“Hi”,k
1)
E(E(
“Hi”,k
1),k
2)• Here Confidentiality is maintained but integrity
not.• Eve can modify data without knowing data for
own benefit or enjoyment.
1. Modification
2. Masquerading or spoofing
Fake bank
bank
• Eve impersonate somebody else.• Eve can modify information to spoof as a legal sender or
receiver to obtain the information which he can’t access.• Eve takes your all data and give message like timeout.
3. ReplayingEve copies a message sent by
different user and later tries to replay it.Solution: Timestamp, Sequence number
4. Repudiation:Alice or Bob may later deny that message sent by him/her.
Ex: you purchase a product & does online payment but you are claiming bank that you did not purchase or attempted any product or you did not do any online transaction.
Thread to Availability
1. Denial of serviceSlow down or totally disable the system so no authenticate person can access it.Ex: Sent so many bogus requests to server.Delete servers response to client.Feel client that server is not responding.
1. Passive AttackEve’s goal is just to obtain
information not modification or to harm system
System continues its operationMay harm Alice or Bob
Attacks Passive/Active Goals Threatened
Snooping Passive Confidentiality
Traffic Analysis Passive
Modification Active Integrity
Masquerading Active
Replaying Active
Repudiation Active
Denial of service Active Availability
Security Services
ITU-T(X.800) International Telecommunication Union-Telecommunication Standardization Sector has defined Five services and some mechanisms to implement those services.
Data ConfidentialityData IntegrityNon RepudiationAuthenticationAccess Control
Data Confidentiality◦ Provide services to part or full message
to prevent snooping and traffic analysis.Data Integrity
◦ Protect data from modification, insertion, deletion & replay.
Non Repudiation:◦ Protects by providing proofs against
repudiation by either sender or receiver.
Authentication◦ Ensure that authenticate Sender &
Receiver are communicating.◦ Provides peer entity and data origin
authentication.◦ Sender & Receiver build up a trust
among each other that they are not masquerading.
Access Control:◦ Provide protection against un-authorized
use of data. (use password, pin number)
1.EnciphermentHiding information by encryption
or by other means like steganography.
It can provide confidentiality.
Two techniques used for enciphering
1. Cryptography2. steganography
2. Data Integrity A small checksum or hash value for a
message is appended and sent and Bob checks validity of message with checksum or hash value.
If Eve receives cipher with hash value then he can change cipher and sent to bob.
Bob can verify cipher by calculating hash value.
Condition: hash function must be collision resistant.
3. Digital signatureSender can electronically sign
the message and receiver can electronically verify the signature.
4. Authentication ExchangeAlice and Bob exchange
information to prove each other that they are communicating and not being masquerading
6. Routing ControlContinuously changing different
available routes between Alice and Bob to prevent Bob from eavesdropping on a particular route. So, the task of Eve will be harder.
7. NotarizationSelect Trusted 3rd party to control
communication.It provides tickets or keys.To achieve repudiation it stores
all the information passed by Alice and Bob.
Cost of Communication.
8. Access ControlIt uses methods to prove that
user has right to access information using password or pin number.
Relation between services and MechanismServices Mechanism
Data Confidentiality
Data Integrity
Non-Repudiation
Authentication
Access Control
EnciphermentData IntegrityDigital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
Encipherment
Data Integrity
Encipherment
Non-Repudiation
Authentication
Encipherment
Access Control
Data IntegrityDigital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
Encipherment
Data Integrity
EnciphermentData Integrity
Non-Repudiation
Data Integrity
Authentication
Encipherment
Access Control
Digital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
Encipherment
Data Integrity
EnciphermentData IntegrityDigital signature
Non-Repudiation
Data IntegrityDigital signature
Authentication
EnciphermentDigital signature
Access Control
Authentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
Encipherment
Data Integrity
EnciphermentData IntegrityDigital signature
Non-Repudiation
Data IntegrityDigital signature
Authentication
EnciphermentDigital signatureAuthentication Exchange
Access Control
Traffic PaddingRouting ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
EnciphermentTraffic Padding
Data Integrity
EnciphermentData IntegrityDigital signature
Non-Repudiation
Data IntegrityDigital signature
Authentication
EnciphermentDigital signatureAuthentication Exchange
Access Control
Routing ControlNotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
EnciphermentTraffic PaddingRouting Control
Data Integrity
EnciphermentData IntegrityDigital signature
Non-Repudiation
Data IntegrityDigital signature
Authentication
EnciphermentDigital signatureAuthentication Exchange
Access Control
NotarizationAccess Control
Relation between services and MechanismServices Mechanism
Data Confidentiality
EnciphermentTraffic PaddingRouting Control
Data Integrity
EnciphermentData IntegrityDigital signature
Non-Repudiation
Data IntegrityDigital signatureNotarization
Authentication
EnciphermentDigital signatureAuthentication Exchange
Access Control
Access Control
Relation between services and MechanismServices Mechanism
Data Confidentiality EnciphermentTraffic PaddingRouting Control
Data Integrity Encipherment, Data IntegrityDigital signature
Non-Repudiation Data IntegrityDigital signatureNotarization
Authentication EnciphermentDigital signatureAuthentication Exchange
Access Control Access Control
Security mechanisms are theoretical recipes to implement security.
Actually security goals need some techniques
1. Cryptography (Secret Writing)1. Symmetric key Encipherment2. Asymmetric key Encipherment3. Hashing
2. Steganography (Cover writing)
Cryptography vs SteganographyCryptography Steganography
Secret writing Cover writing
Concealing the content of message via enciphering
Concealing the message itself by covering it with something else
Use Symmetric or Asymmetric key cryptography.
History: •Message is carved on wood that were later dipped into wax to cover writing.•Use invisible ink.Modern:•Text/audio/video/image can be digitized and covered with message.