1-141223035131-conversion-gate01.pptx

Overview of Modern

Cryptography

Prepared By: Shaikh Amrin

CryptographyIt’s a Greek origin having

meaning of “secret writing”.

Sender Receiver

Hiding Information

from unauthorize

d person

Preventing Information

from unauthorize

d modification

Should easily be

available to authorized

user.

Eavesdropper

Hello

3. Availability

1. Confidentialit

y2.

Integrity

Goals of Cryptography

1. Confidentiality2. Integrity3. Availability

1. ConfidentialityInformation is exchanged over

un-trusted network While exchange, Information should remain secret.

When we are storing an information it should not open up by eve.

Confidentiality= storage + transmission of

information.

2. IntegrityInformation is always changing

but can changed by only authorized user.ex: bank account withdraw can performed by account holder.

3. AvailabilityData must be available to

authorized user.Confidentiality and integrity

should not hinder the availability of data.

Attacks, Services and MechanismsSecurity Attacks: Action that compromise security.

Security Services: Services are designed to prevent security

attacks. Enhance the security of data processing

and transferring.Security Mechanism: Mechanism is used to provide security

services. Detect, prevent and recover from security

attack.

Cryptographic Attacks

1. Cryptanalytic attack2. Non-Cryptanalytic attack

1. Cryptanalytic attackCryptography: Science of making cipher.Cryptanalysis: Science of breaking cipher.Cryptology: cryptography+ Cryptanalysis.

These attacks are combination of statistical and algebraic techniques to retrieve secret key of a cipher.

Ex: Brute force attack, Character frequency

2. Non-Cryptanalytic attack

Thread to Confidentiality

1. Snoopinghello

hello

Solution:• Use encryption to make information non-

intelligible for snooper

• Alice sends “hello” to Bob and if Eve retrieves “hello” so, we can say Eve is snooping over the channel or having control on channel.

2. Traffic AnalysisE(hello)

E(hello)

• even an encrypted message can be analyzed to obtain sender id, receiver id , nature of content (audio/video/text/music) from packet.

Thread to Integrity

E(“Hi”,k

1)

E(E(

“Hi”,k

1),k

2)• Here Confidentiality is maintained but integrity

not.• Eve can modify data without knowing data for

own benefit or enjoyment.

1. Modification

2. Masquerading or spoofing

Fake bank

bank

• Eve impersonate somebody else.• Eve can modify information to spoof as a legal sender or

receiver to obtain the information which he can’t access.• Eve takes your all data and give message like timeout.

3. ReplayingEve copies a message sent by

different user and later tries to replay it.Solution: Timestamp, Sequence number

4. Repudiation:Alice or Bob may later deny that message sent by him/her.

Ex: you purchase a product & does online payment but you are claiming bank that you did not purchase or attempted any product or you did not do any online transaction.

Thread to Availability

1. Denial of serviceSlow down or totally disable the system so no authenticate person can access it.Ex: Sent so many bogus requests to server.Delete servers response to client.Feel client that server is not responding.

Categorization of attacks

1. Passive Attack2. Active Attack

1. Passive AttackEve’s goal is just to obtain

information not modification or to harm system

System continues its operationMay harm Alice or Bob

2. Active AttackMay change messageMay Harm system

Attacks Passive/Active Goals Threatened

Snooping Passive Confidentiality

Traffic Analysis Passive

Modification Active Integrity

Masquerading Active

Replaying Active

Repudiation Active

Denial of service Active Availability

How to achieve this security goals?

Security Services

ITU-T(X.800) International Telecommunication Union-Telecommunication Standardization Sector has defined Five services and some mechanisms to implement those services.

Data ConfidentialityData IntegrityNon RepudiationAuthenticationAccess Control

Data Confidentiality◦ Provide services to part or full message

to prevent snooping and traffic analysis.Data Integrity

◦ Protect data from modification, insertion, deletion & replay.

Non Repudiation:◦ Protects by providing proofs against

repudiation by either sender or receiver.

Authentication◦ Ensure that authenticate Sender &

Receiver are communicating.◦ Provides peer entity and data origin

authentication.◦ Sender & Receiver build up a trust

among each other that they are not masquerading.

Access Control:◦ Provide protection against un-authorized

use of data. (use password, pin number)

Security MechanismIt is used to provide security

services.

1.EnciphermentHiding information by encryption

or by other means like steganography.

It can provide confidentiality.

Two techniques used for enciphering

1. Cryptography2. steganography

2. Data Integrity A small checksum or hash value for a

message is appended and sent and Bob checks validity of message with checksum or hash value.

If Eve receives cipher with hash value then he can change cipher and sent to bob.

Bob can verify cipher by calculating hash value.

Condition: hash function must be collision resistant.

3. Digital signatureSender can electronically sign

the message and receiver can electronically verify the signature.

4. Authentication ExchangeAlice and Bob exchange

information to prove each other that they are communicating and not being masquerading

5. Traffic PaddingInserting bogus data to prevent

traffic analysis.

6. Routing ControlContinuously changing different

available routes between Alice and Bob to prevent Bob from eavesdropping on a particular route. So, the task of Eve will be harder.

7. NotarizationSelect Trusted 3rd party to control

communication.It provides tickets or keys.To achieve repudiation it stores

all the information passed by Alice and Bob.

Cost of Communication.

8. Access ControlIt uses methods to prove that

user has right to access information using password or pin number.

Relation between services and MechanismServices Mechanism

Data Confidentiality

Data Integrity

Non-Repudiation

Authentication

Access Control

EnciphermentData IntegrityDigital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

Encipherment

Data Integrity

Encipherment

Non-Repudiation

Authentication

Encipherment

Access Control

Data IntegrityDigital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

Encipherment

Data Integrity

EnciphermentData Integrity

Non-Repudiation

Data Integrity

Authentication

Encipherment

Access Control

Digital signatureAuthentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

Encipherment

Data Integrity

EnciphermentData IntegrityDigital signature

Non-Repudiation

Data IntegrityDigital signature

Authentication

EnciphermentDigital signature

Access Control

Authentication ExchangeTraffic PaddingRouting ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

Encipherment

Data Integrity

EnciphermentData IntegrityDigital signature

Non-Repudiation

Data IntegrityDigital signature

Authentication

EnciphermentDigital signatureAuthentication Exchange

Access Control

Traffic PaddingRouting ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

EnciphermentTraffic Padding

Data Integrity

EnciphermentData IntegrityDigital signature

Non-Repudiation

Data IntegrityDigital signature

Authentication

EnciphermentDigital signatureAuthentication Exchange

Access Control

Routing ControlNotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

EnciphermentTraffic PaddingRouting Control

Data Integrity

EnciphermentData IntegrityDigital signature

Non-Repudiation

Data IntegrityDigital signature

Authentication

EnciphermentDigital signatureAuthentication Exchange

Access Control

NotarizationAccess Control

Relation between services and MechanismServices Mechanism

Data Confidentiality

EnciphermentTraffic PaddingRouting Control

Data Integrity

EnciphermentData IntegrityDigital signature

Non-Repudiation

Data IntegrityDigital signatureNotarization

Authentication

EnciphermentDigital signatureAuthentication Exchange

Access Control

Access Control

Relation between services and MechanismServices Mechanism

Data Confidentiality EnciphermentTraffic PaddingRouting Control

Data Integrity Encipherment, Data IntegrityDigital signature

Non-Repudiation Data IntegrityDigital signatureNotarization

Authentication EnciphermentDigital signatureAuthentication Exchange

Access Control Access Control

Security mechanisms are theoretical recipes to implement security.

Actually security goals need some techniques

1. Cryptography (Secret Writing)1. Symmetric key Encipherment2. Asymmetric key Encipherment3. Hashing

2. Steganography (Cover writing)

Cryptography vs SteganographyCryptography Steganography

Secret writing Cover writing

Concealing the content of message via enciphering

Concealing the message itself by covering it with something else

Use Symmetric or Asymmetric key cryptography.

History: •Message is carved on wood that were later dipped into wax to cover writing.•Use invisible ink.Modern:•Text/audio/video/image can be digitized and covered with message.

Thank you