View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Learning outcomes
At the end of this session, you should be able to:
– Describe the reasons for having system and network security
– Relate security services to security attacks– Describe the basic operation of encryption
trhough Feistel cypher structure– Compare different symmetric encryption
algorithms: DES and AES– Design a simple encryption algorithm
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Introduction
With the high availability of resources on the Internet, security has become a very relevant issue.
The main aim is to protect the resources on the Internet so that they cannot:
– Be accessed
– Be changed
– Be deleted
by non-authorised or malicious users
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Vulnerability of systems and networks
A
B
C
D
Malicioususer
Malicioususer
Malicioususer
Malicioususer
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Passive security attacks
Passive attacks– Obtain information being transmitted or stored in
a system– Do not alter the contents of messages or files– Difficult to detect
Solution:– Prevent the attack: data confidentiality– Encrypt information, strongly authenticate
access
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Active security attacks
Active attacks
– Modify or delete data stored or being transmitted• Masquerade• Replay• Modification• Denial of service
– Easier to detect– Harder to prevent
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Active security attacks
Solution:
– Authentication– Access control– Data confidentiality– Data integrity– Non-repudiation– Availability
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Conclusions
Security strategies are important because they:– help maintain good performance of resources on
a network
– guarantee users that their information is safe and private
– deter potential attacks on resources
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Resources
• Stallings W., Network Security Essentials, 2nd Edition, Prentice Hall, 2002
(Chapter 1)
• RFC 2828 Internet Security Glossary
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Cryptography
Cryptography modifies the content of a message according to a predetermined pattern only known by sender and receiver with the aim to prevent other parties from reading the content
An encrypted message is:1 Transformed2 Transmitted3 Unchanged
The predetermined pattern or key needs to be transmitted separately
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Symmetric cryptography
• Message
• Encryption algorithm
• Secret key
• Ciphertext
• Decryption algorithm
(the success of the process relies on the secrecy of the key, but it must be known by the sender and the receiver)
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Feistel Cipher Structure
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Data Encryption Standard (DES)
It is a symmetric block cipher algorithm:• 64 bit code• 56 bit key• Sixteen rounds (iterations), hence 16 subkeys
need to be generated
Advantages:No one has found a fatal weakness of the algorithm
Disadvantages:It has been broken by “brute-force” (256 possible keys) in
1998 by the Electronic Frontier Foundation with their DES-cracker
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Triple DES
• The same as DES but it uses three executions of the full DES algorithm with three different keys
• Used in financial applications
C=EK3[DK2
[EK1[P]]]
C – ciphertextP – plaintext
EK [X] – encryption of X using key K
DK [X] – decryption of X using key K
• Advantage – effective key of 128 bits• Disadvantage – more processing power needed
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Advanced Encryption Standard (AES)
AES – first thought of to replace 3DES with a lighter algorithm that provides the same security as 3DES
• Block length – 128 bits
• Supports keys of – 128, 192 and 256 bits (most common key is 128)
• NOT a Feistel structure
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security AES
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security AES
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security AES
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security AES
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Other symmetric algorithms
• IDEA
• Blowfish
• RC5
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Conclusions
• Encrypted information has more probabilities of remaining private
• Most common symmetrical encryption algorithms use Feistel’s cipher
• The length of the block and the key determine the efficiency of the cipher based algorithms
• AES solves the problem of processing power and key sizes
• The transmission of the key remains a problem
Internet Management & Security 06Dr Alejandra Flores-Mosri
Security Resources
Stallings W., Network Security Essentials, 2nd Edition, Prentice Hall, 2002(Chapter 2)
FIPS Advanced Encryption Standard, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
FIPS DES Data Encryption Standard, http://www.itl.nist.gov/fipspubs/fip46-2.htm