Documente Academic
Documente Profesional
Documente Cultură
Notebook: Cryptography
Created: 8/18/2019 6:44 PM Updated: 8/21/2019 9:02 PM
Author: abinshoby@gmail.com
Goals of security
Security Attacks
Security Services
1. Authentication Service
The assurance that the communicating entity is the one that it
claims to be.
1. Peer Entity Authentication
Used in association with a logical connection to
provide confidence in the identity of the
entities connected
2. Data Origin Authentication
In a connectionless transfer, provides assurance that
the source of received data is as claimed.
2. Access Control
The prevention of unauthorized use of a resource (i.e., this
service controls who can have access to a resource, under what
conditions access can occur, and what those accessing the
resource are allowed to do).
3. Data Confidentiality
The protection of data from unauthorized disclosure.
1. Connection Confidentiality
The protection of all user data on a connection.
2. Connectionless Confidentiality
The protection of all user data in a single data block
3. Selective-Field Confidentiality
The confidentiality of selected fields within the user
data on a connection or in a single data block.
4. Traffic Flow Confidentiality
The protection of the information that might be
derived from observation of traffic flows.
4. Data Integrity
The assurance that data received are exactly as sent by an
authorized entity (i.e.,contain no modification, insertion,
deletion, or replay).
1. Connection Integrity with Recovery
Provides for the integrity of all user data on a
connection and detects any modification,
insertion, deletion, or replay of any data within an
entire data sequence, with recovery attempted
1. Connection Integrity without Recovery
As above, but provides only detection without recovery
2. Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user
data of a data block transferred over a connection and
takes the form of determination of whether the selected
fields have been modified, inserted, deleted, or replayed.
1. Connectionless Integrity
Provides for the integrity of a single connectionless data
block and may take the form of detection of data
modification. Additionally, a limited form of replay
detection may be provided.
1. Selective-Field Connectionless Integrity
Provides for the integrity of selected fields within a single
connectionless data block; takes the form of determination
of whether the selected fields have been modified
5. Non Repudiation
Provides protection against denial by one of the entities
involved in a communication of having participated in all or part
of the communication.
1. Nonrepudiation, Origin
Proof that the message was sent by the specified
party.
2. Nonrepudiation, Destination
Proof that the message was received by the specified
party
6. Availability Service
A variety of attacks can result in the loss of or reduction
in availability. Some of these attacks are amenable to
automated countermeasures, such as authentication and
encryption, whereas others require some sort of physical action
to prevent or recover from loss of availability of elements of a
distributed system.
This service addresses the security concerns raised by denial-of-
service attacks.
It depends on proper management and control of system
resources and thus depends on access control service and other
security services
Security Mechanisms
possible keys.
Cryptography
Cryptanalysis
Substitution Techniques
A substitution technique is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols
1. Caesar Cipher
example:
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
replaces a character by a character 3 character apart.
if we assign numbers for alphabets from 0 onwards
then it can be written as C = E(3, p) = (p + 3) mod 26
so that the general Caesar algorithm is C = E(k, p) = (p +
k) mod 26
The decryption algorithm is simply p = D(k, C) = (C k)
mod 26
If it is known that a given ciphertext is a Caesar cipher,
then a brute-force cryptanalysis is easily performed:
Simply try all the 25 possible keys.
Three important characteristics of this problem enabled us
to use a brute-force cryptanalysis:
1. The encryption and decryption algorithms are known
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily
recognizable: the input may be abbreviated or
compressed in some fashion, again making
recognition difficult. For eg: ZIP file content
1. Monoalphabetic ciphers
2. Playfair cipher
3. Hill cipher
4. Polyaphabetic cipher
5. One-Time Pad