KEMBAR78
Cryptography Network Security Introduction | PDF
AR
Uploaded byAlwyn Rajiv
PDF, PPTX82 views

Cryptography Network Security Introduction

The document provides an overview of communication network security. It defines three security goals of confidentiality, integrity, and availability. It also defines security attacks like cryptanalytic attacks and non-cryptanalytic attacks that threaten the security goals. The document discusses security services like confidentiality, integrity, authentication, non-repudiation, and access control. It relates these services to security mechanisms like encipherment, digital signatures, and access control. Finally, it introduces cryptography and steganography techniques used to implement security mechanisms.

Download as PDF, PPTX
Communication NetworkSecurity U n i t 1 I n t r o d u c t i o n a n d N u m b e r T h e o r y
Objective To define three security goal To define security attacks that threaten security goals To define security services and how they are related to the three security goals To define security mechanisms to provide security services To introduce two techniques, cryptography and steganography, to implement security mechanisms.
Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. ComputerSecurity
NetworkSecurity andInternet Security Network Security Measure to protect data during their transmission Measure to Protect data during their transmission over a collection of interconnected network Internet Security
SecurityGoals Three security goals •Confidentiality •Integrity •Availability
SecurityGoals
Confidentiality
Confidentiality Confidentiality is probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. • In the military, concealment of sensitive information is the major concern. • In industry, hiding some information from competitors to the operation of the organization. • In banking, customers accounts need to be kept secret. Example
Integrity
Integrity Information needs to be changed constantly. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. • In a bank, when a customer deposits or withdraws money, the balance of her account needs to be changed. • Integrity violation is not necessarily the result of a malicious act. Example
Availability
Availability • The information created and stored by an organization needs to be available to authorized entities. Information needs to be constantly changed which means it must be accessible to authorized entities. • The unavailability of information is just as harmful for an organization as the lack of confidentiality or integrity. • Imagine what would happen to a bank if the customers could not access their accounts for transactions. Example
CryptographicAttacks
Cryptographic Attacks • Cryptanalytic • Non Cryptanalytic The three goals of security – confidentiality , Integrity and availability can be threatened by security attacks.
Cryptanalytic
Cipher text only : only known algorithm & cipher text, is statistical known or can identify plain text Known plain text : known / suspect plain text & cipher text Chosen plain text : select plain text and obtain cipher text Chosen cipher text : select cipher text to obtain plain text Cryptanalytic 1. The objective of cryptanalysis is to find properties of the cipher which does not exist in a random function. 2. That is what we mean by “distinguishers”, and all attacks are fundamentally distinguishers. 3. The attacker thus guesses the key and looks for the distinguishing property. If the property is detected, the guess is correct otherwise the next guess is tried. 4. Efficient attacks will try to adopt “divide and conquer” strategy to reduce the complexity of guessing the key from the brute force search complexity. It is a combination of s tatis tical and algebraic techniques aimed at as certaining the s ecret key of cip her.
NonCryptanalytic
Non Cryptanalytic 1. Attacks Threatening Confidentiality 2. Attacks Threatening Integrity 3. Attacks Threatening Availability 4. Passive Versus Active Attacks Which do not exp loit the mathematical weaknes s of the cryp tog rap hic alg orithm.
Snooping • Snooping refers to unauthorized access to or interception of data • Example: A file transferred through the internet may certain confidential information. An unauthorized entity may intercept the transmission and use the contents for her own benefit. Attacks Threatening Confidentiality
TrafficAnalysis • Although encipherment of data may make it nonintelligible for the interceptor. • She can obtain some other type information by monitoring online traffic. • For example, she can find the electronic address of the sender or the receiver. She can collect pair of requests and response to help her guess the nature of transaction. Attacks Threatening Confidentiality
Modification • After intercepting or accessing information, the attacker modifies the information to make it beneficial to herself. • Example: a customer sends a message to a bank to do the some transaction. The attacker intercept the message and changes the type of transaction to benefit herself. Attacks Threatening Integrity
Masquerading • Masquerading or spoofing, happens when the attacker impersonates somebody else. • For example : an attacker might steal the bank card and PIN of a bank customer and pretend that she is that customer. • Some times the attacker pretends instead to be the receiver entity. • For example : a user tries to contact a bank, but another site pretends that it is the bank and obtain some information from user. Attacks Threatening Integrity
Replaying • The attacker obtains a copy of a message sent by a user and later tries to replay it. • For example: a person send a request to her bank to ask for payment to the attacker, who has done a job for her. The attacker intercept the message and send it again to receive another payment from the bank. Attacks Threatening Integrity
Repudiation • This type of attack is different from others because it is performed by one of the two parties in the communication: the sender or the receiver. • The sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message. • An example of denial by the sender would be a bank customer asking her bank to send some money to a third party but later denying that she has made such request. • An example of denial by the receiver could occur when the person buys a product from a manufacturer and pays for it electronically, but the manufacturer later denies having received the payment and asks to be paid. Attacks Threatening Integrity
Danialof Service • It may slow down or totally interrupt the service of a system. The attacker can use several strategies to achieve this. • She might send so many bogus requests to a server that the server crashes because of heavy load. • The attacker might intercept and delete a servers response to a client, making the client to believe that the server is not responding. • The attacker may also intercept requests from the client, causing the clients to send request many times and overload the system. Attacks Threatening Availability
Passive Attack Attacker goals is just to obtain information. This means that the attack does not modify data or harm the system.
ActiveAttack It may change the data or harm the system. Attacks that threaten the integrity and availability are active attacks.
Security Servicesand Mechanisms ITU-T provides some security services and some mechanisms to implement those services. Security services and mechanisms are closely related because a mechanism or combination of mechanisms are used to provide a service. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Topics discussed in this section: • Security Services • Security Mechanisms • Relation between Services and Mechanisms
Services Data Confidentiality Data Integrity Anti Change Anti Replay Authentication Peer Entity Data Origin Non repudiation Proof of origin Proof of Delivery Access Control Security Services
Confidentiality (privacy) It is designed to protect data from disclosure attack. A service as defined as X.800 is very broad and encompasses confidentiality of the whole message or part of a message and also protection against traffic analysis. That is, it is designed to prevent snooping and traffic analysis attack. • Connection Confidentiality • Connectionless Confidentiality • Selected Field Confidentiality • Traffic Flow Confidentiality
Integrity (has not been altered) It is designed to protect data from modification, insertion, deletion and replaying by an adversary. It may protect the whole message or part of the message. • Connection Integrity with recovery • Connection Integrity without recovery • Connectionless Integrity • Selected field Connection Integrity • Selected field connectionless Integrity • Anti Change • Anti Replay
Authentication (who created or sent the data) This service provides the authentication of the party at the other end of the line. In connection oriented communication. It provides authentication of the sender or receiver during the connection establishment (peer entity authentication). In connectionless communication. It authenticates the source of data (data origin authentication) 1. Peer Entity Authentication 2. Data Origin Authentication
Non-repudiation (the order is final) This service protects against repudiation by either the sender or the receiver of the data. In non repudiation with proof of the origin, the receiver of the data can later prove the identity of the sender if denied. In non repudiation with proof of delivery, the send of data can later prove that data were delivered to the intended recipient.
Access control (prevent misuse of resources) It provides protection against unauthorized access to data. The term access in this definition is very broad and can involve reading, writing, modifying, executing programs and so on.
Security Mechanisms ITU-T (X.800) also recommends some security mechanisms to provide the security services. Security Mechanisms Encipherment Data Integrity Digital Signature Authentication Exchange Traffic Padding Routing Control Notarization Access Control
Encipherment & Data Integrity Encipherment, hiding or covering data, can provide confidentiality. It can also be used to complement other mechanisms to provide other services. Today two techniques – cryptography and steganography are used in encipherment. The data integrity mechanism appends to the data a short check value that has been created by a specific process from the data itself. The receiver receive the data and the check value. He creates a new check value from the received data and compares the newly created check value with the one received. If the two check values are the same, the integrity of data has been preserved.
Authentication Exchange & Digital Signature In Authentication Exchange, two entities exchange some messages to prove their identity to each other. For example, one entity can prove that she knows a secret that only she is supposed to known. A Digital Signature, is a means by which the sender can electronically sign the digital and receiver can electronically verify the signature. The sender uses a process that involves showing that she owns a private key related to the public key that she has announced publicly. The receiver uses the senders public key to prove that the message is indeed signed by the sender who claims to have sent the message.
Traffic Padding & Routing Control Traffic Padding means inserting some bogus data into the data traffic to thwart the adversary’s attempt to use the traffic analysis. Routing Control means selecting and continuously changing different available routes between the sender and the receiver to prevent the opponent from eavesdropping on the particular route.
Access Control & Notarization Access Control uses methods to prove that a user has access right to the data or resources owned by a system. Examples of proofs are passwords and PINs. Notarization means selecting a third trusted party to control the communication between two entities. This can be done, for example, to prevent repudiation. The receiver can involve a trusted party to store the sender request in order to prevent the sender from later denying that the she has made such a request.
Relation Between Services and Mechanisms Security Services Security Mechanism Data Confidentiality Encipherment and Routing Control Data Integrity Encipherment, Digital Signature, Data Integrity Authentication Encipherment, Digital Signature, Authentication Exchanges Nonrepudiation Digital Signature, Data Integrity, Notarization Access Control Access Control mechanism
Cryptography Techniques Mechanisms discussed in the previous slides are only theoretical recipes to implement security. The actual implementation od security goals needs some techniques. • Cryptography (in General) • Steganography (Specific)
Cryptography Cryptography a word with Greek origins, means “Secret Writing”. However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. Although in the past cryptography referred only to the encryption and decryption of message using secret keys, today it is defined as involving three distinct mechanisms: • Symmetric Key encipherment • Asymmetric Key encipherment • Hashing
Symmetric Key Encipherment (Secret Key Encipherment or Secret Key Cryptography) • In symmetric key encipherment, an entity, say Alice, can send a message to another entity say Bob, over an insecure channel with the assumption that an adversary, say eve, cannot understand the contents of the message by simply eavesdropping over the channel. Alice encrypts the message using an encryption algorithm; Bob decrypt the message using a decryption algorithm. Symmetric key encipherment uses the single secret key for both encryption and decryption. • Encryption / Decryption can be thought of as electronic locking. In symmetric key encipherment, Alice puts the message in a box and locks the box using the shared secret key; Bob unlocks the box with the same key and takes out the message.
Asymmetric Key Encipherment (Public Key Encipherment or Public Key Cryptography) • In Asymmetric key encipherment, We have the same situation as the symmetric key encipherment, with few exceptions. First there are two keys instead of one: one public key and one private key. To send a secured message to Bob, Alice first encrypts the message using Bob’s Public Key. To decrypt the message, Bob uses his own private key.
Hashing • In hashing, a fixed length message digest is created out of a variable length message. The digest is normally much smaller that the message. To be useful, both the message and the digest must be sent to Bob. Hashing is used to provide check values, which were discusses earlier in relation to providing data integrity.
Steganography • The word Steganography, with origins in Greek, means “Covered Writing,” in contrast with cryptography, which means “Secret Writing”. Cryptography means concealing the contents of a message by enciphering; Steganography means concealing the message itself by covering it with something else. • Text Cover • Image Cover
Network SecurityModel
ThankYou

More Related Content

PDF
Network security main
byYogeshDhamke2
 
PPTX
Cryptographic Security
byjp tj
 
PDF
The Road Network security
byKhaled Omar
 
PDF
Types of Cryptosystem and Cryptographic Attack
byMona Rajput
 
PPTX
Unit 5
byKRAMANJANEYULU1
 
PPTX
Unit 1
byKRAMANJANEYULU1
 
PPT
Ch01
byn C
 
DOC
Unit 1
byVinod Kumar Gorrepati
 
Network security main
byYogeshDhamke2
 
Cryptographic Security
byjp tj
 
The Road Network security
byKhaled Omar
 
Types of Cryptosystem and Cryptographic Attack
byMona Rajput
 
Unit 5
byKRAMANJANEYULU1
 
Unit 1
byKRAMANJANEYULU1
 
Ch01
byn C
 
Unit 1
byVinod Kumar Gorrepati
 

What's hot

DOCX
Unit 1
byVinod Kumar Gorrepati
 
DOCX
Unit 7
byVinod Kumar Gorrepati
 
PPTX
Communication security
bySotheavy Nhoung
 
DOC
Cryptography
byArjun Shukla
 
PPTX
Security Mechanisms
bypriya_trehan
 
PDF
Network security chapter 1
byosama elfar
 
PPT
E business--dig sig
byravik09783
 
PDF
Survey Paper: Cryptography Is The Science Of Information Security
byCSCJournals
 
PPTX
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
byPace IT at Edmonds Community College
 
PPTX
Man in the middle
byAhmadThaqifAimanAhma
 
PPT
Data security & cryptography
byMuhammad Danish
 
PPTX
Session Hijacking
byn|u - The Open Security Community
 
PPTX
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
byPace IT at Edmonds Community College
 
PPT
Unauthorized access, Men in the Middle (MITM)
byBalvinder Singh
 
PDF
Module 10 (session hijacking)
byWail Hassan
 
PPTX
Network Security Fundamental
byMousmi Pawar
 
PPTX
Secure communication
byTushar Swami
 
PPTX
Information and network security 37 hash functions and message authentication
byVaibhav Khanna
 
PPT
Cryptography
bySajal Agarwal
 
Unit 1
byVinod Kumar Gorrepati
 
Unit 7
byVinod Kumar Gorrepati
 
Communication security
bySotheavy Nhoung
 
Cryptography
byArjun Shukla
 
Security Mechanisms
bypriya_trehan
 
Network security chapter 1
byosama elfar
 
E business--dig sig
byravik09783
 
Survey Paper: Cryptography Is The Science Of Information Security
byCSCJournals
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
byPace IT at Edmonds Community College
 
Man in the middle
byAhmadThaqifAimanAhma
 
Data security & cryptography
byMuhammad Danish
 
Session Hijacking
byn|u - The Open Security Community
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
byPace IT at Edmonds Community College
 
Unauthorized access, Men in the Middle (MITM)
byBalvinder Singh
 
Module 10 (session hijacking)
byWail Hassan
 
Network Security Fundamental
byMousmi Pawar
 
Secure communication
byTushar Swami
 
Information and network security 37 hash functions and message authentication
byVaibhav Khanna
 
Cryptography
bySajal Agarwal
 

Similar to Cryptography Network Security Introduction

PPTX
Network Security
bymoviebro1
 
PPT
ch1-1.ppt
byNayyabMirTahir
 
PPTX
Unit 1-NETWORK Security.pptx............
byr47381047
 
PPT
COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt
bygadisaAdamu
 
DOCX
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
PDF
ch01.pdf
bySamtech6
 
PPTX
Introduction to Cryptography
byUmangThakkar26
 
PPT
Cryptography introduction
byVasuki Ramasamy
 
PPTX
Network security
byAttaullah Khan
 
PPTX
Introduction of network security
bysneha padhiar
 
PPT
Network and Information Security unit 1.ppt
byVivekananda Gn
 
PPTX
CNS Module 1 in cryptography and network security
bybodamaddy
 
PPTX
information security unit 1 notes ppt contents
byKrishna681298
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PDF
Ch01 NetSec5e.pdf
byMohammadAbusaa3
 
PPTX
abc.pptx
byBhargaviGorde1
 
PPTX
Ch01 NetSec5e.pptx
byAwais725629
 
PPTX
information security.pptx
byAwais725629
 
PPT
Module-1.ppt cryptography and network security
byAparnaSunil24
 
Network Security
bymoviebro1
 
ch1-1.ppt
byNayyabMirTahir
 
Unit 1-NETWORK Security.pptx............
byr47381047
 
COMPUTER Computer science SECURITY-CHAPTER-ONE.ppt
bygadisaAdamu
 
CCS354-NETWORK SECURITY-network-security notes
byKiruba buri R
 
ch01.pdf
bySamtech6
 
Introduction to Cryptography
byUmangThakkar26
 
Cryptography introduction
byVasuki Ramasamy
 
Network security
byAttaullah Khan
 
Introduction of network security
bysneha padhiar
 
Network and Information Security unit 1.ppt
byVivekananda Gn
 
CNS Module 1 in cryptography and network security
bybodamaddy
 
information security unit 1 notes ppt contents
byKrishna681298
 
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
Ch01 NetSec5e.pdf
byMohammadAbusaa3
 
abc.pptx
byBhargaviGorde1
 
Ch01 NetSec5e.pptx
byAwais725629
 
information security.pptx
byAwais725629
 
Module-1.ppt cryptography and network security
byAparnaSunil24
 

Recently uploaded

PPTX
aerated foam concrete types of concrete .pptx
bykumarrajsumn
 
PPTX
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
PPTX
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
PDF
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
PDF
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
PDF
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PDF
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PPTX
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
PPTX
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
PPTX
Data types and datatype conversions of python programming.pptx
byAmyPrasannaTella1
 
PDF
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
PDF
The CULTURIST Design Portfolio 2025 architecture and interior
bydesign and architecture
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PDF
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
aerated foam concrete types of concrete .pptx
bykumarrajsumn
 
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
Certified Kubernetes Security Specialist (CKS): Unit 8
byVICTOR MAESTRE RAMIREZ
 
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
Certified Cloud Security Professional (CCSP): Unit 4
byVICTOR MAESTRE RAMIREZ
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
DECARBONAZING REFINING INDUSTRY rev2.pptx
bygonzalezolabarriaped
 
Data types and datatype conversions of python programming.pptx
byAmyPrasannaTella1
 
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
The CULTURIST Design Portfolio 2025 architecture and interior
bydesign and architecture
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 

Cryptography Network Security Introduction

  • 1.
    Communication NetworkSecurity U ni t 1 I n t r o d u c t i o n a n d N u m b e r T h e o r y
  • 2.
    Objective To define threesecurity goal To define security attacks that threaten security goals To define security services and how they are related to the three security goals To define security mechanisms to provide security services To introduce two techniques, cryptography and steganography, to implement security mechanisms.
  • 3.
    Computer security basicallyis the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. ComputerSecurity
  • 4.
    NetworkSecurity andInternet Security Network Security Measure toprotect data during their transmission Measure to Protect data during their transmission over a collection of interconnected network Internet Security
  • 5.
  • 6.
  • 7.
  • 8.
    Confidentiality Confidentiality is probablythe most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. • In the military, concealment of sensitive information is the major concern. • In industry, hiding some information from competitors to the operation of the organization. • In banking, customers accounts need to be kept secret. Example
  • 9.
  • 10.
    Integrity Information needs tobe changed constantly. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. • In a bank, when a customer deposits or withdraws money, the balance of her account needs to be changed. • Integrity violation is not necessarily the result of a malicious act. Example
  • 11.
  • 12.
    Availability • The informationcreated and stored by an organization needs to be available to authorized entities. Information needs to be constantly changed which means it must be accessible to authorized entities. • The unavailability of information is just as harmful for an organization as the lack of confidentiality or integrity. • Imagine what would happen to a bank if the customers could not access their accounts for transactions. Example
  • 13.
  • 14.
    Cryptographic Attacks • Cryptanalytic • NonCryptanalytic The three goals of security – confidentiality , Integrity and availability can be threatened by security attacks.
  • 15.
  • 16.
    Cipher text only: only known algorithm & cipher text, is statistical known or can identify plain text Known plain text : known / suspect plain text & cipher text Chosen plain text : select plain text and obtain cipher text Chosen cipher text : select cipher text to obtain plain text Cryptanalytic 1. The objective of cryptanalysis is to find properties of the cipher which does not exist in a random function. 2. That is what we mean by “distinguishers”, and all attacks are fundamentally distinguishers. 3. The attacker thus guesses the key and looks for the distinguishing property. If the property is detected, the guess is correct otherwise the next guess is tried. 4. Efficient attacks will try to adopt “divide and conquer” strategy to reduce the complexity of guessing the key from the brute force search complexity. It is a combination of s tatis tical and algebraic techniques aimed at as certaining the s ecret key of cip her.
  • 17.
  • 18.
    Non Cryptanalytic 1. Attacks ThreateningConfidentiality 2. Attacks Threatening Integrity 3. Attacks Threatening Availability 4. Passive Versus Active Attacks Which do not exp loit the mathematical weaknes s of the cryp tog rap hic alg orithm.
  • 19.
    Snooping • Snooping refersto unauthorized access to or interception of data • Example: A file transferred through the internet may certain confidential information. An unauthorized entity may intercept the transmission and use the contents for her own benefit. Attacks Threatening Confidentiality
  • 20.
    TrafficAnalysis • Although enciphermentof data may make it nonintelligible for the interceptor. • She can obtain some other type information by monitoring online traffic. • For example, she can find the electronic address of the sender or the receiver. She can collect pair of requests and response to help her guess the nature of transaction. Attacks Threatening Confidentiality
  • 21.
    Modification • After interceptingor accessing information, the attacker modifies the information to make it beneficial to herself. • Example: a customer sends a message to a bank to do the some transaction. The attacker intercept the message and changes the type of transaction to benefit herself. Attacks Threatening Integrity
  • 22.
    Masquerading • Masquerading orspoofing, happens when the attacker impersonates somebody else. • For example : an attacker might steal the bank card and PIN of a bank customer and pretend that she is that customer. • Some times the attacker pretends instead to be the receiver entity. • For example : a user tries to contact a bank, but another site pretends that it is the bank and obtain some information from user. Attacks Threatening Integrity
  • 23.
    Replaying • The attackerobtains a copy of a message sent by a user and later tries to replay it. • For example: a person send a request to her bank to ask for payment to the attacker, who has done a job for her. The attacker intercept the message and send it again to receive another payment from the bank. Attacks Threatening Integrity
  • 24.
    Repudiation • This typeof attack is different from others because it is performed by one of the two parties in the communication: the sender or the receiver. • The sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message. • An example of denial by the sender would be a bank customer asking her bank to send some money to a third party but later denying that she has made such request. • An example of denial by the receiver could occur when the person buys a product from a manufacturer and pays for it electronically, but the manufacturer later denies having received the payment and asks to be paid. Attacks Threatening Integrity
  • 25.
    Danialof Service • It mayslow down or totally interrupt the service of a system. The attacker can use several strategies to achieve this. • She might send so many bogus requests to a server that the server crashes because of heavy load. • The attacker might intercept and delete a servers response to a client, making the client to believe that the server is not responding. • The attacker may also intercept requests from the client, causing the clients to send request many times and overload the system. Attacks Threatening Availability
  • 26.
    Passive Attack Attacker goals isjust to obtain information. This means that the attack does not modify data or harm the system.
  • 27.
    ActiveAttack It may changethe data or harm the system. Attacks that threaten the integrity and availability are active attacks.
  • 28.
    Security Servicesand Mechanisms ITU-T provides somesecurity services and some mechanisms to implement those services. Security services and mechanisms are closely related because a mechanism or combination of mechanisms are used to provide a service. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Topics discussed in this section: • Security Services • Security Mechanisms • Relation between Services and Mechanisms
  • 29.
    Services Data Confidentiality Data Integrity Anti Change AntiReplay Authentication Peer Entity Data Origin Non repudiation Proof of origin Proof of Delivery Access Control Security Services
  • 30.
    Confidentiality (privacy) It is designedto protect data from disclosure attack. A service as defined as X.800 is very broad and encompasses confidentiality of the whole message or part of a message and also protection against traffic analysis. That is, it is designed to prevent snooping and traffic analysis attack. • Connection Confidentiality • Connectionless Confidentiality • Selected Field Confidentiality • Traffic Flow Confidentiality
  • 31.
    Integrity (has not been altered) Itis designed to protect data from modification, insertion, deletion and replaying by an adversary. It may protect the whole message or part of the message. • Connection Integrity with recovery • Connection Integrity without recovery • Connectionless Integrity • Selected field Connection Integrity • Selected field connectionless Integrity • Anti Change • Anti Replay
  • 32.
    Authentication (who created or sentthe data) This service provides the authentication of the party at the other end of the line. In connection oriented communication. It provides authentication of the sender or receiver during the connection establishment (peer entity authentication). In connectionless communication. It authenticates the source of data (data origin authentication) 1. Peer Entity Authentication 2. Data Origin Authentication
  • 33.
    Non-repudiation (the order is final) Thisservice protects against repudiation by either the sender or the receiver of the data. In non repudiation with proof of the origin, the receiver of the data can later prove the identity of the sender if denied. In non repudiation with proof of delivery, the send of data can later prove that data were delivered to the intended recipient.
  • 34.
    Access control (prevent misuse ofresources) It provides protection against unauthorized access to data. The term access in this definition is very broad and can involve reading, writing, modifying, executing programs and so on.
  • 35.
    Security Mechanisms ITU-T (X.800) also recommendssome security mechanisms to provide the security services. Security Mechanisms Encipherment Data Integrity Digital Signature Authentication Exchange Traffic Padding Routing Control Notarization Access Control
  • 36.
    Encipherment & Data Integrity Encipherment,hiding or covering data, can provide confidentiality. It can also be used to complement other mechanisms to provide other services. Today two techniques – cryptography and steganography are used in encipherment. The data integrity mechanism appends to the data a short check value that has been created by a specific process from the data itself. The receiver receive the data and the check value. He creates a new check value from the received data and compares the newly created check value with the one received. If the two check values are the same, the integrity of data has been preserved.
  • 37.
    Authentication Exchange & Digital Signature InAuthentication Exchange, two entities exchange some messages to prove their identity to each other. For example, one entity can prove that she knows a secret that only she is supposed to known. A Digital Signature, is a means by which the sender can electronically sign the digital and receiver can electronically verify the signature. The sender uses a process that involves showing that she owns a private key related to the public key that she has announced publicly. The receiver uses the senders public key to prove that the message is indeed signed by the sender who claims to have sent the message.
  • 38.
    Traffic Padding & Routing Control TrafficPadding means inserting some bogus data into the data traffic to thwart the adversary’s attempt to use the traffic analysis. Routing Control means selecting and continuously changing different available routes between the sender and the receiver to prevent the opponent from eavesdropping on the particular route.
  • 39.
    Access Control & Notarization AccessControl uses methods to prove that a user has access right to the data or resources owned by a system. Examples of proofs are passwords and PINs. Notarization means selecting a third trusted party to control the communication between two entities. This can be done, for example, to prevent repudiation. The receiver can involve a trusted party to store the sender request in order to prevent the sender from later denying that the she has made such a request.
  • 40.
    Relation Between Services and Mechanisms SecurityServices Security Mechanism Data Confidentiality Encipherment and Routing Control Data Integrity Encipherment, Digital Signature, Data Integrity Authentication Encipherment, Digital Signature, Authentication Exchanges Nonrepudiation Digital Signature, Data Integrity, Notarization Access Control Access Control mechanism
  • 41.
    Cryptography Techniques Mechanisms discussed inthe previous slides are only theoretical recipes to implement security. The actual implementation od security goals needs some techniques. • Cryptography (in General) • Steganography (Specific)
  • 42.
    Cryptography Cryptography a wordwith Greek origins, means “Secret Writing”. However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. Although in the past cryptography referred only to the encryption and decryption of message using secret keys, today it is defined as involving three distinct mechanisms: • Symmetric Key encipherment • Asymmetric Key encipherment • Hashing
  • 43.
    Symmetric Key Encipherment (Secret Key Enciphermentor Secret Key Cryptography) • In symmetric key encipherment, an entity, say Alice, can send a message to another entity say Bob, over an insecure channel with the assumption that an adversary, say eve, cannot understand the contents of the message by simply eavesdropping over the channel. Alice encrypts the message using an encryption algorithm; Bob decrypt the message using a decryption algorithm. Symmetric key encipherment uses the single secret key for both encryption and decryption. • Encryption / Decryption can be thought of as electronic locking. In symmetric key encipherment, Alice puts the message in a box and locks the box using the shared secret key; Bob unlocks the box with the same key and takes out the message.
  • 44.
    Asymmetric Key Encipherment (Public Key Enciphermentor Public Key Cryptography) • In Asymmetric key encipherment, We have the same situation as the symmetric key encipherment, with few exceptions. First there are two keys instead of one: one public key and one private key. To send a secured message to Bob, Alice first encrypts the message using Bob’s Public Key. To decrypt the message, Bob uses his own private key.
  • 45.
    Hashing • In hashing,a fixed length message digest is created out of a variable length message. The digest is normally much smaller that the message. To be useful, both the message and the digest must be sent to Bob. Hashing is used to provide check values, which were discusses earlier in relation to providing data integrity.
  • 46.
    Steganography • The wordSteganography, with origins in Greek, means “Covered Writing,” in contrast with cryptography, which means “Secret Writing”. Cryptography means concealing the contents of a message by enciphering; Steganography means concealing the message itself by covering it with something else. • Text Cover • Image Cover
  • 47.
  • 48.