Nov 14, 2014

- 1. Network Security Lecture 2

2. Security goals 3. Attacks 4. Security Services 5. Model for Network Security 6. Cryptogrphy

- Symmetric Encryption and Message Confidentiality.

- Public Key Cryptography and Message Authentication

7. Symmetric Enryption

- DES, 3-DES, AES

- Principles of Encryption

- Five Ingredients

- Plain text, Encryption Algorithm, Secret Key, Cipher text, Decryption Algorithm

8. Model for Network Security

- using this model requires us to:

- design a suitable algorithm for the security transformation

- generate the secret information (keys) used by the algorithm

- develop methods to distribute and share the secret information

- specify a protocol enabling the principals to use the transformation and secret information for a security service

9. Symmetric Cipher Model 10. Requirements

- two requirements for secure use of symmetric encryption:

- a strong encryption algorithm

- a secret key known only to sender / receiver

- mathematically have:

- Y= E K ( X )

- X= D K ( Y )

- assume encryption algorithm is known

- implies a secure channel to distribute key

11. Model of Conventional Crypto System 12. Cryptography

- characterize cryptographic system by:

- type of encryption operations used

- substitution / transposition / product

- number of keys used

- single-key or private / two-key or public

- way in which plaintext is processed

- block / stream

13. Cryptanalysis

- objective to recover key not just message

- general approaches:

- cryptanalytic attack

- brute-force attack

14. Cryptanalytic Attacks

- ciphertext only

- only know algorithm & ciphertext, is statistical, can identify plaintext

- known plaintext

- also have plaintext for the ciphertext

- chosen plaintext

- Also can select plaintext and obtain ciphertext

- chosen ciphertext

- Also can select ciphertext and obtain plaintext

15. Level of Security

- unconditional security

- no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

- computational security

- Cost exceed the value of information

- Time exceeds the useful life of information

16. Brute Force Search

- always possible to simply try every key

- most basic attack, proportional to key size

- assume either know / recognise plaintext

6.410 6years 210 26s = 6.410 12years 26! = 410 26 26 characters permutation 5.910 30years 2 167s = 5.910 36years 2 168 = 3.710 50 168 5.410 18years 2 127s = 5.410 24years 2 128 = 3.410 38 128 10.01 hours 2 55s = 1142 years 2 56 = 7.210 16 56 2.15 milliseconds 2 31s = 35.8 minutes 2 32 = 4.310 9 32 Time required at 10 6decryptions/s Time required at 1 decryption/s Number of Alternative Keys Key Size (bits) 17. Feistel Cipher

- Many encryption algorithims are based on Feistel Cipher.

18. Confusion and Diffusion

- cipher needs to completely obscure statistical properties of original message

- a one-time pad does this

- diffusion dissipates statistical structure of plaintext over bulk of ciphertext

- confusion makes relationship between ciphertext and key as complex as possible

19. Feistel Cipher Structure

- Horst Feistel devised thefeistel cipher

- based on concept of invertible product cipher

- partitions input block into two halves

- process through multiple rounds which

- perform a substitution on left data half

- based on round function of right half & subkey

- then have permutation swapping halves

- implements Shannons S-P net concept

20. Feistel Cipher Structure 21. Feistel Cipher Design Elements

- block size

- key size

- number of rounds

- subkey generation algorithm

- round function

- fast software en/decryption

- ease of analysis

22. Feistel Cipher Decryption 23. On the Encryption side

Related Documents See more >