CNS Co4
CNS Co4
CNS Co4
18CS2204
1
• Introduction to Security
• Security Goals
• Security Attacks
• Security Services
• Security Mechanisms
2
Security Goals
SECURITY GOALS
INTEGRITY AVAILABILITY
CONFIDENTIALITY
3
Key Security Concepts
Authentication
Non-repudiation
4
Security ATTACKS
Security Attacks
Modification
Snooping
Masquerading
Denial of
Traffic Service
Analysis Replaying
Repudiation
5
Security Attacks
Attacks Passive/Active Threatening
• Passive Attack
• Just to obtain information. Does not Modify or harm the
system.
• Active Attack
• May Change the Data and harm the system.
7
Security Services
Security Services
Data Authentication
Data Integrity Non Repudiation Access Control
Confidentiality
8
Security Mechanisms
Encipherment
Data Integrity
Digital Signature
Authentication Exchange
Security
Traffic Padding
Mechanisms
Routing Control
Notarization
Access Control
9
Relation Between Services and Mechanisms
Security Services Security Mechanism
10
Levels of Impact
11
Three Aspects of Security
12
1
2
Model for Network Security
3
Model for Network Security
4
Using this model requires us to:
1. Design a suitable algorithm for the security
transformation
2. Generate the secret information (keys) used by the
algorithm
3. Develop methods to distribute and share the secret
information (key)
4. Specify a protocol enabling the sender and receiver
to use the transformation and key for a security
service
Model for Network Access Security
5
Model for Network Access Security
6
Using this model requires us to:
1. Select appropriate gatekeeper functions to identify
users
2. Implement security controls to ensure only authorised
users access designated information or resources
1
Cryptanalysis Attacks
Cipher Text Only Known Plain Text Chosen Plain Text Chosen Cipher Text
2
Cipher Text Only Attack
3
Known Plain text Attack
4
Chosen Plain text Attack
5
Chosen Ciphertext Attack
6
Cryptanalytic Attacks
7
Brute Force Attack
Try every possible key
Key Size Number of Time required at 1 Time required at 106
(bits) Alternative Keys decryption/µs decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
128 2128 = 3.4 1038 2127 µs = 5.4 1024 5.4 1018 years
years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 5.9 1030 years
years
26 characters 26! = 4 1026 2 1026 µs = 6.4 6.4 106 years
(permutation) 1012 years
8
Statistical Attack
For Eg: we Know that letter E is the most frequently used letter in
english text. Cryptanalyst finds the most used character in the
cipher text and assumes the corresponding plain text as E.
9
Pattern Attack
10
Hill Cipher
m successive plaintext letters are substituted by m ciphertext letters.
If, a = 0, b = 1, …, z = 25. For m = 3
c1 = (k11p1 + k12p2 + k13p3) mod 26
c2 = (k21p1 + k22p2 + k23p3) mod 26
c3 = (k31p1 + k32p2 + k33p3) mod 26
1
Polyalphabetic Ciphers
2
Example of Vigenere Cipher
using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
cipher text: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
3
Vigenere Table or Vigenere Square
4
Vigenere Encryption using Vigenere Square
Example:
Plain text: SHEISLISTENING
Key : PASCAL
Generate Key Stream such that key size is equal to Plaintext size
Refer Plain text letter row and Key letter Column in Vigenere square
In that key column search for Cipher text letter (in example ‘h’)
Return that ciphertext letter’s row value( in Key letter ‘p’ column) as Plain text letter.
6
Security of Vigenere Ciphers
This scheme is vulnerable to cryptanalysis.
Because the key and the plain text share the
same frequency distribution of letters, a
statistical analysis can be applied.
7
Vernam Cipher
ci = pi Ⓧ ki where,
pi = i th binary digit of plaintext
ki = ith binary digit of key
ci = ith binary digit of ciphertext
Ⓧ = exclusive-or (XOR) operation
pi = ci Ⓧ ki
8
One-Time Pad
The beauty of one-time pad is, for same ciphertext the plain text is different if key is
different.
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
plaintext: mr mustard with the candlestick in the hall
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
plaintext: miss scarlet with the knife in the library
9
Onetime Pad
10
Onetime Pad
11
Transposition Ciphers
Rail fence technique
The plaintext is written down as a sequence of diagonals and then read as a
sequence of rows.
Example,
Plain text: “meet me after the toga party”
12
Row Transposition Ciphers
Arrange the plain text row by row, and read column by column,
but permute the order of the columns.
The order of the columns then becomes the key.
Plaintext = attackpostponeduntiltwoamxyz
Key: 4312567
Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
13
Rotor Machine
14
Rotor Machines
The result is that there are 26 * 26 * 26 = 17,576
different substitution alphabets used before the system
repeats. The addition of fourth and fifth rotors results in
periods of 456,976 and 11,881,376 letters, respectively.
15
Public-Key Cryptography
• In Symmetric key crypto only one secret key between sender and
receiver is used to encrypt/decrypt.
• In Symmetric key crypto maintaining the secret key between two
parties is a challenge.
• The main use of Symmetric key crypto is encryption and decryption
• Public key crypto was invented by Whitfield Diffie & Martin
Hellman at Stanford University in 1976.
• Two keys, (i) private and (ii) public, so called as asymmetric key
crypto.
Public Key Cryptography
• The main idea of public key crypto is not a substitute, but a
complement to symmetric key crypto.
• The uses of public key crypto can be classified into 3
categories:
• encryption/decryption (provide secrecy)
• digital signatures (provide authentication)
• key exchange (session keys)
Public Key Cryptography
Public Key Cryptography
Asymmetric algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important characteristic.
Itis computationally infeasible to determine the decryption key given only
knowledge of the cryptographic algorithm and the encryption key.
To Overcome this attack RSA randomly Pad the Plaintext prior to encryption.
Encrypt the Plain text using a procedure known as “Optimal Assymetric Encryption
Padding(OASP).
Optimal
Asymmetric
Encryption
Padding (OASP)