Network Security & Cryptography

• Lecture# 1

• Dr. Syed Irfan Ullah

• Asst. Professor
• Abasyn University Peshawar
 Course Outline
• Introduction
• Attacks, Services and Mechanisms
• Security Attacks & Services
• Methods of Defence
• Internetwork Security Model
• Conventional Encryption Model & Techniques
• Data Encryption Standard( DES) & Triple DES
• Traffic Confidentiality & Key Distribution Using
Conventional Encryption
 Cont’d
• Random Number Generation
• Public Key Cryptology
• The RSA* Algorithm
• Public Key Management
• Authentication Functions
• Cryptographic Checksums
• Hash Functions
• Digital Signatures
• Authentication Protocols
• Intruders, Viruses, & Worms
 Cont’d
• Trusted Systems
• The MD5 Message Digest Algorithm
• The Secure Hash Algorithm (SHA)
• International Data Encryption Algorithm (IDEA)
• Kerberos & X.509 Directory Authentication Service
• Digital Signature Standard (DSS)
• Pretty Good Privacy(PGP)
Privacy Enhanced Mail (PEM)
• Network Management Security
• Many more that comes under discussion day by day
 Cryptography
• Cryptography (or cryptology; derived
from Greek κρυπτός kryptós "hidden," and
the verb γράφω gráfo "write") is the study
of message secrecy. In modern times, it has
become a branch of information theory, as
the mathematical study of information and
especially its transmission from place to
place.
 Cont’d
• The art of protecting information by transforming
it (encrypting it) into an unreadable format, called
cipher text. Only those who possess a secret key
can decipher (or decrypt) the message into plain
text.
• Encrypted messages can sometimes be broken by
cryptanalysis, also called codebreaking, although
modern cryptography techniques are virtually
unbreakable.
 Cont’d
• One of cryptography's primary purposes is
hiding the meaning of messages, not usually
the existence of such messages.
Cryptography also contributes to computer
science, central to the techniques used in
computer and network security for such
things as access control and information
confidentiality.
 Cont’d
• Cryptography is also used in many applications
encountered in everyday life; the security of ATM
cards, computer passwords, and electronic
commerce all depend on cryptography.

• As the Internet and other forms of electronic

communication become more prevalent, electronic
security is becoming increasingly important.
Cryptography is used to protect e-mail messages,
credit card information, and corporate data.
 Background
• Information Security requirements have changed
in recent times
• traditionally provided by physical and
administrative mechanisms
• computer use requires automated tools to protect
files and other stored information
• use of networks and communications links
requires measures to protect data during
transmission
 Some Basic Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
 Definitions
• Computer Security - generic name for the
collection of tools designed to protect data and to
thwart hackers
• Network Security - measures to protect data
during their transmission
• Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks
 Aim of Course
• our focus is on Internet Security
• which consists of measures to deter,
prevent, detect, and correct security
violations that involve the transmission &
storage of information
 OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• defines a systematic way of defining and
providing security requirements
• for us it provides a useful, if abstract, overview
of concepts we will study
ITU-T X.800 Aspects of Security
• consider 3 aspects of information security:
– security attack
– security mechanism
– security service
 Cont’d
• Security Attack
Any action that compromises the security of information.
• Security Mechanism
A mechanism that is designed to detect, prevent, or
recover from a security attack.
• Security Service
A service that enhances the security of data processing
systems and information transfers. A security service
makes use of one or more security mechanisms.
 Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
• often threat & attack used to mean same thing
• have a wide range of attacks
• can focus of generic types of attacks
– passive
– active
Passive Attacks
Active Attacks
 Security Attacks
• Interruption:
This is an attack on availability
• Interception:
This is an attack on confidentiality
• Modification:
This is an attack on integrity
• Fabrication:
This is an attack on authenticity
Security Attacks
 Security Goals

Confidentiality

Integrity Availability
 Cryptanalysis
• objective to recover key not just message
• general approaches:
– cryptanalytic attack
– brute-force attack
 Cryptanalytic Attacks
• ciphertext only
– only know algorithm & ciphertext, is statistical,
know or can identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext
• chosen plaintext
– select plaintext and obtain ciphertext
• chosen ciphertext
– select ciphertext and obtain plaintext
• chosen text
– select plaintext or ciphertext to en/decrypt
 More Definitions
• unconditional security
– no matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
• computational security
– given limited computing resources (eg time needed
for calculations is greater than age of universe), the
cipher cannot be broken
 Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
 Security Service
– enhance security of data processing systems and
information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated with
physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
 Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

• RFC 2828:
“a processing or communication service provided by
a system to give a specific kind of protection to
system resources”
 Security Services
• Confidentiality
Privacy
Reading by authorized parties

• Authentication
Who created or sent the data,
Origin of a message be correctly identified

• Integrity
Data has not been altered
Modification only by authorized parties
 Security Services
• Non-repudiation
The order is final
Neither the sender nor the receiver of a message be able
to deny the transmission

• Access Control
Prevent misuse of resources
Access to information resources be controlled
• Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
 Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
• hence our focus on this topic
 Security Mechanisms (X.800)
• Specific security mechanisms:
– May be incorporated into the appropriate protocol layer in
order to provide some of the OSI security services.
• encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding,
routing control, notarization
• Pervasive security mechanisms:
– Mechanisms that are not specific to any OSI security
service or protocol layer
• trusted functionality, security labels, event detection,
security audit trails, security recovery
Model for Network Security
 Model for Network Security
• using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Model for Network Access Security
Model for Network Access Security
• using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources
• trusted computer systems may be useful to
help implement this model
Thanks