Top Banner

Click here to load reader

Cyptography and network security

Aug 19, 2014




  • UNIT-I Security trends OSI Security Architecture Security Attacks Security Services Security mechanisms A Model for Network Security Symmetric Cipher Model Substitution Techniques and Transposition Techniques Block Cipher Principles The Data Encryption Standard and The Strength of DES Differential and linear cryptanalysis Block cipher design principles Evaluation criteria for AES and The AES Cipher. 1
  • Cryptography Cryptography is the study of Secret (crypto-) writing (-graphy). 2
  • Cryptography cryptography - study of encryption principles/methods. Cryptography deals with creating documents that can be shared secretly over public communication channels. 3
  • Cryptanalysis cryptanalysis (code breaking) - study of principles/ methods of decrypting cipher text without knowing key. 4
  • Cryptology The area of cryptography and crypt analysis together are called cryptology. 5
  • Computer Security generic name for the collection of tools designed to protect data. 6
  • Network Security It is used to protect data during their transmission. 7
  • Internet security it is used to protect data during their transmission over a collection of interconnected networks. 8
  • Security trends In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the Internet Architecture" The report stated the general agreement that the Internet needs more and better security, and it identified key areas for security mechanisms. 9
  • CERT Statistics security trend in Internet-related vulnerabilities reported to CERT over a 10-year period. These include security weaknesses in the operating systems of attached computers as well as vulnerabilities in Internet routers and other network devices. 10
  • CERT Statistics 11
  • OSI Security Architecture The OSI (open systems interconnection) security architecture provides a systematic framework for defining security attacks, mechanisms, and services. 12
  • Services, Mechanisms, Attacks consider three aspects of information security: security attack security mechanism security service 13
  • Security service A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. 14
  • Security Services Authentication Access control Data Confidentiality Data Integrity Non-Repudiation 15
  • Authentication Authentication is a process of verification of the sender. 16
  • Access Control prevention of the unauthorized use of a resource 17
  • Data Confidentiality protection of data from unauthorized disclosure. 18
  • Data Integrity assurance that data received is as sent by an authorized entity 19
  • Non-Repudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message. 20
  • Security Mechanism A mechanism that is designed to detect, prevent, or recover from a security attack. 21
  • Encipherment The use of mathematical algorithm to transmit from data into a form that is not understandable. 22
  • Digital signature A valid digital signature gives a recipient reason to believe that the message was created by a known sender. 23
  • Access control A variety of mechanisms that enforce access right to resource. 24
  • Data integrity A variety of mechanism used to assure the integrity of a data unit. 25
  • Traffic padding The insertion of bits into gaps in a data stream to avoid traffic analysis attempts. 26
  • Routing control Enables selection of particular physically secure routes for data. 27
  • Notarization The use of a trusted third party to assure certain properties of a data exchange. 28
  • Security Attack Any action that compromise the security of information. threat & attack used to mean same thing 29
  • passive attacks passive attacks attempt to learn or make use of information from the system but does not affect system resources. Are difficult to detect because they do not involve any alteration of the data. 30
  • Release of message contents 31
  • Traffic analysis 32
  • Active attacks active attacks attempt to alter system resources or affect their operation. Easy to detect because they will involve alteration of the data. 33
  • Masquerade A masquerade takes place when one entity pretends to be a different entity 34
  • Masquerade 35
  • Replay 36
  • Modification of messages 37
  • Denial of service 38
  • Model for Network Security 39
  • Model for Network Security design a suitable algorithm for the security transformation generate the secret keys used by the algorithm develop methods to distribute secret key specify a protocol enabling the principals to use the transformation and secret information for a security service 40
  • Model for Network Access Security
  • Symmetric Encryption Symmetric encryption, also referred to as conventional encryption or single-key encryption All traditional schemes are symmetric / single key / private-key encryption algorithms, with a single key, used for both encryption and decryption. Since both sender and receiver are equivalent, either can encrypt or decrypt messages using that common key. 42
  • Some Basic Terminology plaintext - original message Cipher text - coded message key shared by both sender and receiver encipher (encrypt) - converting plaintext to cipher text decipher (decrypt) converting cipher text to plaintext
  • Symmetric Cipher Model
  • Cryptography characterize cryptographic system by: type of encryption operations used substitution / transposition / product number of keys used single-key or private / two-key or public way in which plaintext is processed block / stream
  • Cryptanalysis There are two general approach to attacking a conventional encryption scheme cryptanalytic attack brute-force attack
  • Cryptanalytic attack Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext. 47
  • Brute-force attack Brute-force attacks try every possible key on a piece of cipher text until plaintext is obtained. 48
  • Types of Encryption Schemes Encryption Classical Modern Rotor Machines Substitution Public KeyTransposition Secret Key BlockStream Steganography 49
  • Substitution Techniques letters of plaintext are replaced by other letters or by numbers or symbols. 50
  • Caesar Cipher The Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25.
  • Caesar Cipher mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11