Top Banner
Network Security Chapter 8
68

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Dec 19, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security

Chapter 8

Page 2: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Cryptography

• Introduction to Cryptography

• Substitution Ciphers

• Transposition Ciphers

• One-Time Pads

• Two Fundamental Cryptographic Principles

Page 3: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Need for Security

Some people who cause security problems and why.

Page 4: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

An Introduction to Cryptography

The encryption model (for a symmetric-key cipher).

Page 5: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Transposition Ciphers

A transposition cipher.

Page 6: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

One-Time Pads

The use of a one-time pad for encryption and the possibility of getting any possible plaintext from

the ciphertext by the use of some other pad.

Page 7: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Quantum Cryptography

An example of quantum cryptography.

Page 8: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Symmetric-Key Algorithms

• DES – The Data Encryption Standard

• AES – The Advanced Encryption Standard

• Cipher Modes

• Other Ciphers

• Cryptanalysis

Page 9: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Product Ciphers

Basic elements of product ciphers. (a) P-box. (b) S-box. (c) Product.

Page 10: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Data Encryption Standard

The data encryption standard. (a) General outline.(b) Detail of one iteration. The circled + means exclusive OR.

Page 11: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Triple DES

(a) Triple encryption using DES. (b) Decryption.

Page 12: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

AES – The Advanced Encryption Standard

Rules for AES proposals

1. The algorithm must be a symmetric block cipher.

2. The full design must be public.

3. Key lengths of 128, 192, and 256 bits supported.

4. Both software and hardware implementations required

5. The algorithm must be public or licensed on nondiscriminatory terms.

Page 13: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

AES (2)

An outline of Rijndael.

Page 14: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

AES (3)

Creating of the state and rk arrays.

Page 15: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Electronic Code Book Mode

The plaintext of a file encrypted as 16 DES blocks.

Page 16: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Cipher Block Chaining Mode

Cipher block chaining. (a) Encryption. (b) Decryption.

Page 17: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Cipher Feedback Mode

(a) Encryption. (c) Decryption.

Page 18: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Stream Cipher Mode

A stream cipher. (a) Encryption. (b) Decryption.

Page 19: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Counter Mode

Encryption using counter mode.

Page 20: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Cryptanalysis

Some common symmetric-key cryptographic algorithms.

Page 21: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Public-Key Algorithms

• RSA

• Other Public-Key Algorithms

Page 22: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

RSA

An example of the RSA algorithm.

Page 23: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Digital Signatures

• Symmetric-Key Signatures

• Public-Key Signatures

• Message Digests

• The Birthday Attack

Page 24: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Symmetric-Key Signatures

Digital signatures with Big Brother.

Page 25: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Public-Key Signatures

Digital signatures using public-key cryptography.

Page 26: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Message Digests

Digital signatures using message digests.

Page 27: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

SHA-1

Use of SHA-1 and RSA for signing nonsecret messages.

Page 28: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

SHA-1 (2)

(a) A message padded out to a multiple of 512 bits.

(b) The output variables. (c) The word array.

Page 29: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Management of Public Keys

• Certificates

• X.509

• Public Key Infrastructures

Page 30: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Problems with Public-Key Encryption

A way for Trudy to subvert public-key encryption.

Page 31: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Certificates

A possible certificate and its signed hash.

Page 32: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

X.509

The basic fields of an X.509 certificate.

Page 33: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Public-Key Infrastructures

(a) A hierarchical PKI. (b) A chain of certificates.

Page 34: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Communication Security

• IPsec

• Firewalls

• Virtual Private Networks

• Wireless Security

Page 35: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

IPsec

The IPsec authentication header in transport mode for IPv4.

Page 36: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

IPsec (2)

(a) ESP in transport mode. (b) ESP in tunnel mode.

Page 37: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Firewalls

A firewall consisting of two packet filters and an application gateway.

Page 38: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Virtual Private Networks

(a) A leased-line private network. (b) A virtual private network.

Page 39: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

802.11 Security

Packet encryption using WEP.

Page 40: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Protocols

• Authentication Based on a Shared Secret Key

• Establishing a Shared Key: Diffie-Hellman

• Authentication Using a Key Distribution Center

• Authentication Using Kerberos

• Authentication Using Public-Key Cryptography

Page 41: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Based on a Shared Secret Key

Two-way authentication using a challenge-response protocol.

Page 42: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Based on a Shared Secret Key (2)

A shortened two-way authentication protocol.

Page 43: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Based on a Shared Secret Key (3)

The reflection attack.

Page 44: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Based on a Shared Secret Key (4)

A reflection attack on the protocol of Fig. 8-32.

Page 45: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Based on a Shared Secret Key (5)

Authentication using HMACs.

Page 46: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Establishing a Shared Key:The Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange.

Page 47: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Establishing a Shared Key:The Diffie-Hellman Key Exchange

The bucket brigade or man-in-the-middle attack.

Page 48: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Using a Key Distribution Center

A first attempt at an authentication protocol using a KDC.

Page 49: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Using a Key Distribution Center (2)

The Needham-Schroeder authentication protocol.

Page 50: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Using a Key Distribution Center (3)

The Otway-Rees authentication protocol (slightly simplified).

Page 51: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Using Kerberos

The operation of Kerberos V4.

Page 52: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Authentication Using Public-Key Cryptography

Mutual authentication using public-key cryptography.

Page 53: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

E-Mail Security

• PGP – Pretty Good Privacy

• PEM – Privacy Enhanced Mail

• S/MIME

Page 54: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

PGP – Pretty Good Privacy

PGP in operation for sending a message.

Page 55: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

PGP – Pretty Good Privacy (2)

A PGP message.

Page 56: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Web Security

• Threats

• Secure Naming

• SSL – The Secure Sockets Layer

• Mobile Code Security

Page 57: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Secure Naming

(a) Normal situation. (b) An attack based on breaking into DNS and modifying Bob's record.

Page 58: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Secure Naming (2)

How Trudy spoofs Alice's ISP.

Page 59: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Secure DNS

An example RRSet for bob.com. The KEY record is Bob's public key. The SIG record is the top-level com server's signed has of the A and KEY records to verify their authenticity.

Page 60: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Self-Certifying Names

A self-certifying URL containing a hash of server's name and public key.

Page 61: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

SSL—The Secure Sockets Layer

Layers (and protocols) for a home user browsing with SSL.

Page 62: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

SSL (2)

A simplified version of the SSL connection establishment subprotocol.

Page 63: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

SSL (3)

Data transmission using SSL.

Page 64: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Java Applet Security

Applets inserted into a Java Virtual Machine interpreter inside the browser.

Page 65: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Social Issues

• Privacy

• Freedom of Speech

• Copyright

Page 66: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Anonymous Remailers

Users who wish anonymity chain requests through multiple anonymous remailers.

Page 67: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Freedom of Speech

Possibly banned material:

1. Material inappropriate for children or teenagers.

2. Hate aimed at various ethnic, religious, sexual, or other groups.

3. Information about democracy and democratic values.

4. Accounts of historical events contradicting the government's version.

5. Manuals for picking locks, building weapons, encrypting messages, etc.

Page 68: Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Steganography

(a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare.