Documente Academic
Documente Profesional
Documente Cultură
Lecture# 8
Lecture Slides Prepared by:
Syed Irfan Ullah
Abasyn University Peshawar
Cryptography
Cryptography (or cryptology; derived
from Greek krypts "hidden," and
the verb grfo "write") is the study
of message secrecy. In modern times, it has
become a branch of information theory, as
the mathematical study of information and
especially its transmission from place to
place.
Contd
The art of protecting information by transforming
it (encrypting it) into an unreadable format, called
cipher text. Only those who possess a secret key
can decipher (or decrypt) the message into plain
text.
Encrypted messages can sometimes be broken by
cryptanalysis, also called codebreaking, although
modern cryptography techniques are virtually
unbreakable.
Contd
One of cryptography's primary purposes is
hiding the meaning of messages, not usually
the existence of such messages.
Cryptography also contributes to computer
science, central to the techniques used in
computer and network security for such
things as access control and information
confidentiality.
Contd
Cryptography is also used in many applications
encountered in everyday life; the security of ATM
cards, computer passwords, and electronic
commerce all depend on cryptography.
As the Internet and other forms of electronic
communication become more prevalent, electronic
security is becoming increasingly important.
Cryptography is used to protect e-mail messages,
credit card information, and corporate data.
Background
Information Security requirements have changed
in recent times
traditionally provided by physical and
administrative mechanisms
computer use requires automated tools to protect
files and other stored information
use of networks and communications links
requires measures to protect data during
transmission
Definitions
Computer Security - generic name for the
collection of tools designed to protect data and to
thwart hackers
Network Security - measures to protect data
during their transmission
Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks
Aim of Course
our focus is on Network Security
which consists of measures to deter,
prevent, detect, and correct security
violations that involve the transmission &
storage of information
Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service
Contd
Security Attack
Any action that compromises the security of information.
Security Mechanism
A mechanism that is designed to detect, prevent, or
recover from a security attack.
Security Service
A service that enhances the security of data processing
systems and information transfers. A security service
makes use of one or more security mechanisms.
Security Attack
any action that compromises the security of
information owned by an organization
information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks
passive
active
Passive Attacks
Active Attacks
Security Attacks
Interruption:
This is an attack on availability
Interception:
This is an attack on confidentiality
Modification:
This is an attack on integrity
Fabrication:
This is an attack on authenticity
Security Attacks
Security Goals
Confidentiality
Integrity
Availability
Cryptanalysis
objective to recover key not just message
general approaches:
cryptanalytic attack
brute-force attack
Cryptanalytic Attacks
ciphertext only
only know algorithm & ciphertext, is statistical,
know or can identify plaintext
known plaintext
know/suspect plaintext & ciphertext
chosen plaintext
select plaintext and obtain ciphertext
chosen ciphertext
select ciphertext and obtain plaintext
chosen text
select plaintext or ciphertext to en/decrypt
More Definitions
unconditional security
computational security
given limited computing resources (eg time needed
for calculations is greater than age of universe), the
cipher cannot be broken
NumberofAlternative
Keys
Timerequiredat1
decryption/s
Timerequiredat106
decryptions/s
32
232=4.3109
231s
=35.8minutes
2.15milliseconds
56
256=7.21016
255s
=1142years
10.01hours
128
2128=3.41038
2127s
=5.41024years
5.41018years
168
2168=3.71050
2167s
=5.91036years
5.91030years
26!=41026
21026s =6.41012years
6.4106years
26characters
(permutation)
Security Service
enhance security of data processing systems and
information transfers of an organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated with
physical documents
which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed
Security Services
X.800:
a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers
RFC 2828:
a processing or communication service provided by
a system to give a specific kind of protection to
system resources
Security Services
Confidentiality
Privacy
Reading by authorized parties
Authentication
Who created or sent the data,
Origin of a message be correctly identified
Integrity
Data has not been altered
Modification only by authorized parties
Security Services
Non-repudiation
The order is final
Neither the sender nor the receiver of a message be able
to deny the transmission
Access Control
Prevent misuse of resources
Access to information resources be controlled
Security Mechanism
feature designed to detect, prevent, or
recover from a security attack
no single mechanism that will support all
services required
however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques