Cryptography & Network Security

Cryptography & Network Security

Principles of modern ciphersImplement crypto library

Network Security ApplicationsSystem Security

MSc. NGUYEN CAO DATDr. TRAN VAN HOAI

1

BKTP.HCM

Course details

Number of credits: 3 Study time allocation per week:

2 lecture hours for theory 2 lecture hours for lab, exercises 6 hours for self-study

Website: http://www.cse.hcmut.edu.vn/~dat

2

BKTP.HCM

Course outline (1/2)

Basics of Cryptography ▫Symmetric key▫Public key▫Hash function

Network Security Applications▫Authentication applications▫E-mail security

3

BKTP.HCM

Course outline (2/2)

Network Security Applications (con’t)▫Web security▫IP security

System Security ▫IDS/IPS▫Firewalls▫…

4

BKTP.HCM

References

[1] “Cryptography and Network Security Principles and Practices”, W. Stallings, 4th ed., Prentice Hall, 2005

[2] Slides “Cryptography and Network Security”, Bộ môn Hệ thống và Mạng, Khoa Khoa học và Kỹ thuật máy tính, ĐHBK Tp.HCM.

5

BKTP.HCM

Assessment Scheme

Attending lectures: >80% lecture timesReading textbooks and referencesSelf-study and working in groupLab: 20%Assignments: 20%Midterm Exam: 20%, multiple question choice

test – 45’Final Exam: 40%, multiple question choice test

– 60’6

Chapter 1

Introduction

MSc. NGUYEN CAO DATDr. TRAN VAN HOAI

7

BKTP.HCM

BackgroundInformation Security requirements have

changed in recent times.traditionally provided by physical and

administrative mechanisms.computer use requires automated tools to

protect files and other stored information.use of networks and communications links

requires measures to protect data during transmission.

8

BKTP.HCM

DefinitionsComputer Security - generic name for the

collection of tools designed to protect data and to thwart hackers.

Network Security - measures to protect data during their transmission.

Internet Security - measures to protect data during their transmission over a collection of interconnected networks.

9

BKTP.HCM

Aim of Course

our focus is on Internet Securitywhich consists of measures to deter, prevent,

detect, and correct security violations that involve the transmission & storage of information

10

BKTP.HCM

Security Trends

11

BKTP.HCM

12

BKTP.HCM

OSI Security Architecture

ITU-T X.800 “Security Architecture for OSI”defines a systematic way of defining and

providing security requirementsfor us it provides a useful, if abstract, overview

of concepts we will study

13

BKTP.HCM

Aspects of Security

consider 3 aspects of information security:▫security attack▫security mechanism▫security service

14

BKTP.HCM

Security Attack

any action that compromises the security of information owned by an organization

information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems

often threat & attack used to mean same thinghave a wide range of attackscan focus of generic types of attacks▫passive▫active

15

BKTP.HCM

Classify Security Attacks passive attacks - eavesdropping on, or

monitoring of, transmissions to:▫obtain message contents, or▫monitor traffic flows

active attacks – modification of data stream to:▫masquerade of one entity as some other▫ replay previous messages▫modify messages in transit▫denial of service

16

BKTP.HCM

Types of Attacks

17

BKTP.HCM

Passive Attacks

18

BKTP.HCM

Active Attacks

19

BKTP.HCM

Security Service▫enhance security of data processing systems

and information transfers of an organization▫ intended to counter security attacks▫using one or more security mechanisms ▫often replicates functions normally associated

with physical documents

20

BKTP.HCM

Security ServicesX.800

“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”

RFC 2828“a processing or communication service provided

by a system to give a specific kind of protection to system resources”

21

BKTP.HCM

Security Services (X.800)Authentication - assurance that the

communicating entity is the one claimedAccess Control - prevention of the

unauthorized use of a resourceData Confidentiality –protection of data from

unauthorized disclosureData Integrity - assurance that data received is

as sent by an authorized entityNon-Repudiation - protection against denial by

one of the parties in a communication22

BKTP.HCM

Security Mechanismfeature designed to detect, prevent, or recover

from a security attackno single mechanism that will support all

services requiredhowever one particular element underlies many

of the security mechanisms in use:▫cryptographic techniques

hence our focus on this topic

23

BKTP.HCM

Security Mechanisms (X.800)

specific security mechanisms▫encipherment, digital signatures, access

controls, data integrity, authentication exchange, traffic padding, routing control, notarization

pervasive security mechanisms▫trusted functionality, security labels, event

detection, security audit trails, security recovery

24

BKTP.HCM

Model for Network Security

25

BKTP.HCM

Model for Network Security using this model requires us to:

1. design a suitable algorithm for the security transformation

2. generate the secret information (keys) used by the algorithm

3. develop methods to distribute and share the secret information

4. specify a protocol enabling the principals to use the transformation and secret information for a security service

26

BKTP.HCM

Model for Network Access Security

27

BKTP.HCM

Model for Network Access Security using this model requires us to:

1. select appropriate gatekeeper functions to identify users

2. implement security controls to ensure only authorised users access designated information or resources

trusted computer systems may be useful to help implement this model

28

BKTP.HCM

Cryptography

29

BKTP.HCM

Cryptography

characterize cryptographic system by:▫type of encryption operations used

substitution / transposition / product▫number of keys used

single-key or private / two-key or public▫way in which plaintext is processed

block / stream

30

BKTP.HCM

Cryptanalysis

objective to recover key not just message

general approaches:▫cryptanalytic attack▫brute-force attack

31

BKTP.HCM

Cryptanalytic Attacksciphertext only ▫only know algorithm & ciphertext, is statistical,

know or can identify plaintext known plaintext ▫know/suspect plaintext & ciphertext

chosen plaintext ▫select plaintext and obtain ciphertext

chosen ciphertext ▫select ciphertext and obtain plaintext

chosen text ▫select plaintext or ciphertext to en/decrypt

32

BKTP.HCM

More Definitionsunconditional security ▫no matter how much computer power or time is

available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

computational security ▫given limited computing resources (eg time

needed for calculations is greater than age of universe), the cipher cannot be broken

33

BKTP.HCM

Brute Force Searchalways possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys

Time required at 1 decryption/µs

Time required at 106 decryptions/µs

32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years

168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years

26 characters (permutation)

26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years34

BKTP.HCM

Summary

have considered:▫definitions for:

computer, network, internet securityX.800 standardsecurity attacks, services, mechanismsmodels for network (access) securitytoCryptography, cryptanalysis

35

BKTP.HCM

Self study

Symmetric Cipher ModelClassical Substitution Ciphers▫Caesar Cipher▫Monoalphabetic Cipher▫Playfair Cipher▫Polyalphabetic Ciphers▫Vigenère Cipher

Cryptanalysis using letter frequencies

36