Embed Size (px)
DESCRIPTION
Cryptography & Network Security. Principles of modern ciphers Implement crypto library Network Security Applications System Security. MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI. Course details. Number of credits: 3 Study time allocation per week: 2 lecture hours for theory - PowerPoint PPT Presentation
Citation preview
Cryptography & Network Security
Principles of modern ciphersImplement crypto library
Network Security ApplicationsSystem Security
MSc. NGUYEN CAO DATDr. TRAN VAN HOAI
1
BKTP.HCM
Course details
Number of credits: 3 Study time allocation per week:
2 lecture hours for theory 2 lecture hours for lab, exercises 6 hours for self-study
Website: http://www.cse.hcmut.edu.vn/~dat
2
BKTP.HCM
Course outline (1/2)
Basics of Cryptography ▫Symmetric key▫Public key▫Hash function
Network Security Applications▫Authentication applications▫E-mail security
3
BKTP.HCM
Course outline (2/2)
Network Security Applications (con’t)▫Web security▫IP security
System Security ▫IDS/IPS▫Firewalls▫…
4
BKTP.HCM
References
[1] “Cryptography and Network Security Principles and Practices”, W. Stallings, 4th ed., Prentice Hall, 2005
[2] Slides “Cryptography and Network Security”, Bộ môn Hệ thống và Mạng, Khoa Khoa học và Kỹ thuật máy tính, ĐHBK Tp.HCM.
5
BKTP.HCM
Assessment Scheme
Attending lectures: >80% lecture timesReading textbooks and referencesSelf-study and working in groupLab: 20%Assignments: 20%Midterm Exam: 20%, multiple question choice
test – 45’Final Exam: 40%, multiple question choice test
– 60’6
Chapter 1
Introduction
MSc. NGUYEN CAO DATDr. TRAN VAN HOAI
7
BKTP.HCM
BackgroundInformation Security requirements have
changed in recent times.traditionally provided by physical and
administrative mechanisms.computer use requires automated tools to
protect files and other stored information.use of networks and communications links
requires measures to protect data during transmission.
8
BKTP.HCM
DefinitionsComputer Security - generic name for the
collection of tools designed to protect data and to thwart hackers.
Network Security - measures to protect data during their transmission.
Internet Security - measures to protect data during their transmission over a collection of interconnected networks.
9
BKTP.HCM
Aim of Course
our focus is on Internet Securitywhich consists of measures to deter, prevent,
detect, and correct security violations that involve the transmission & storage of information
10
BKTP.HCM
Security Trends
11
BKTP.HCM
12
BKTP.HCM
OSI Security Architecture
ITU-T X.800 “Security Architecture for OSI”defines a systematic way of defining and
providing security requirementsfor us it provides a useful, if abstract, overview
of concepts we will study
13
BKTP.HCM
Aspects of Security
consider 3 aspects of information security:▫security attack▫security mechanism▫security service
14
BKTP.HCM
Security Attack
any action that compromises the security of information owned by an organization
information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
often threat & attack used to mean same thinghave a wide range of attackscan focus of generic types of attacks▫passive▫active
15
BKTP.HCM
Classify Security Attacks passive attacks - eavesdropping on, or
monitoring of, transmissions to:▫obtain message contents, or▫monitor traffic flows
active attacks – modification of data stream to:▫masquerade of one entity as some other▫ replay previous messages▫modify messages in transit▫denial of service
16
BKTP.HCM
Types of Attacks
17
BKTP.HCM
Passive Attacks
18
BKTP.HCM
Active Attacks
19
BKTP.HCM
Security Service▫enhance security of data processing systems
and information transfers of an organization▫ intended to counter security attacks▫using one or more security mechanisms ▫often replicates functions normally associated
with physical documents
20
BKTP.HCM
Security ServicesX.800
“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”
RFC 2828“a processing or communication service provided
by a system to give a specific kind of protection to system resources”
21
BKTP.HCM
Security Services (X.800)Authentication - assurance that the
communicating entity is the one claimedAccess Control - prevention of the
unauthorized use of a resourceData Confidentiality –protection of data from
unauthorized disclosureData Integrity - assurance that data received is
as sent by an authorized entityNon-Repudiation - protection against denial by
one of the parties in a communication22
BKTP.HCM
Security Mechanismfeature designed to detect, prevent, or recover
from a security attackno single mechanism that will support all
services requiredhowever one particular element underlies many
of the security mechanisms in use:▫cryptographic techniques
hence our focus on this topic
23
BKTP.HCM
Security Mechanisms (X.800)
specific security mechanisms▫encipherment, digital signatures, access
controls, data integrity, authentication exchange, traffic padding, routing control, notarization
pervasive security mechanisms▫trusted functionality, security labels, event
detection, security audit trails, security recovery
24
BKTP.HCM
Model for Network Security
25
BKTP.HCM
Model for Network Security using this model requires us to:
1. design a suitable algorithm for the security transformation
2. generate the secret information (keys) used by the algorithm
3. develop methods to distribute and share the secret information
4. specify a protocol enabling the principals to use the transformation and secret information for a security service
26
BKTP.HCM
Model for Network Access Security
27
BKTP.HCM
Model for Network Access Security using this model requires us to:
1. select appropriate gatekeeper functions to identify users
2. implement security controls to ensure only authorised users access designated information or resources
trusted computer systems may be useful to help implement this model
28
BKTP.HCM
Cryptography
29
BKTP.HCM
Cryptography
characterize cryptographic system by:▫type of encryption operations used
substitution / transposition / product▫number of keys used
single-key or private / two-key or public▫way in which plaintext is processed
block / stream
30
BKTP.HCM
Cryptanalysis
objective to recover key not just message
general approaches:▫cryptanalytic attack▫brute-force attack
31
BKTP.HCM
Cryptanalytic Attacksciphertext only ▫only know algorithm & ciphertext, is statistical,
know or can identify plaintext known plaintext ▫know/suspect plaintext & ciphertext
chosen plaintext ▫select plaintext and obtain ciphertext
chosen ciphertext ▫select ciphertext and obtain plaintext
chosen text ▫select plaintext or ciphertext to en/decrypt
32
BKTP.HCM
More Definitionsunconditional security ▫no matter how much computer power or time is
available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
computational security ▫given limited computing resources (eg time
needed for calculations is greater than age of universe), the cipher cannot be broken
33
BKTP.HCM
Brute Force Searchalways possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext
Key Size (bits) Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106 decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters (permutation)
26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years34
BKTP.HCM
Summary
have considered:▫definitions for:
computer, network, internet securityX.800 standardsecurity attacks, services, mechanismsmodels for network (access) securitytoCryptography, cryptanalysis
35
BKTP.HCM
Self study
Symmetric Cipher ModelClassical Substitution Ciphers▫Caesar Cipher▫Monoalphabetic Cipher▫Playfair Cipher▫Polyalphabetic Ciphers▫Vigenère Cipher
Cryptanalysis using letter frequencies
36
