Advance Computer Networks

Lecture# 8
Lecture Slides Prepared by:
Syed Irfan Ullah
Abasyn University Peshawar

Cryptography
Cryptography (or cryptology; derived
from Greek krypts "hidden," and
the verb grfo "write") is the study
of message secrecy. In modern times, it has
become a branch of information theory, as
the mathematical study of information and
especially its transmission from place to
place.

Contd
The art of protecting information by transforming
it (encrypting it) into an unreadable format, called
cipher text. Only those who possess a secret key
can decipher (or decrypt) the message into plain
text.
Encrypted messages can sometimes be broken by
cryptanalysis, also called codebreaking, although
modern cryptography techniques are virtually
unbreakable.

Contd
One of cryptography's primary purposes is
hiding the meaning of messages, not usually
the existence of such messages.
Cryptography also contributes to computer
science, central to the techniques used in
computer and network security for such
things as access control and information
confidentiality.

Contd
Cryptography is also used in many applications
encountered in everyday life; the security of ATM
cards, computer passwords, and electronic
commerce all depend on cryptography.
As the Internet and other forms of electronic
communication become more prevalent, electronic
security is becoming increasingly important.
Cryptography is used to protect e-mail messages,
credit card information, and corporate data.

Background
Information Security requirements have changed
in recent times
traditionally provided by physical and
administrative mechanisms
computer use requires automated tools to protect
files and other stored information
use of networks and communications links
requires measures to protect data during
transmission

Some Basic Terminology

plaintext - original message

ciphertext - coded message
cipher - algorithm for transforming plaintext to ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
cryptology - field of both cryptography and cryptanalysis

Definitions
Computer Security - generic name for the
collection of tools designed to protect data and to
thwart hackers
Network Security - measures to protect data
during their transmission
Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks

Aim of Course
our focus is on Network Security
which consists of measures to deter,
prevent, detect, and correct security
violations that involve the transmission &
storage of information

OSI Security Architecture

ITU-T X.800 Security Architecture for OSI
defines a systematic way of defining and
providing security requirements
for us it provides a useful, if abstract, overview
of concepts we will study

Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service

Contd
Security Attack
Any action that compromises the security of information.

Security Mechanism
A mechanism that is designed to detect, prevent, or
recover from a security attack.

Security Service
A service that enhances the security of data processing
systems and information transfers. A security service
makes use of one or more security mechanisms.

Security Attack
any action that compromises the security of
information owned by an organization
information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks
passive
active

Passive Attacks

Active Attacks

Security Attacks
Interruption:
This is an attack on availability
Interception:
This is an attack on confidentiality
Modification:
This is an attack on integrity
Fabrication:
This is an attack on authenticity

Security Attacks

Security Goals
Confidentiality

Integrity

Availability

Cryptanalysis
objective to recover key not just message
general approaches:
cryptanalytic attack
brute-force attack

Cryptanalytic Attacks
ciphertext only
only know algorithm & ciphertext, is statistical,
know or can identify plaintext

known plaintext
know/suspect plaintext & ciphertext

chosen plaintext
select plaintext and obtain ciphertext

chosen ciphertext
select ciphertext and obtain plaintext

chosen text
select plaintext or ciphertext to en/decrypt

More Definitions

unconditional security

no matter how much computer power or time is

available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext

computational security
given limited computing resources (eg time needed
for calculations is greater than age of universe), the
cipher cannot be broken

Brute Force Search

always possible to simply try every key
most basic attack, proportional to key size
assume either know / recognise plaintext
KeySize(bits)

NumberofAlternative
Keys

Timerequiredat1
decryption/s

Timerequiredat106
decryptions/s

32

232=4.3109

231s

=35.8minutes

2.15milliseconds

56

256=7.21016

255s

=1142years

10.01hours

128

2128=3.41038

2127s

=5.41024years

5.41018years

168

2168=3.71050

2167s

=5.91036years

5.91030years

26!=41026

21026s =6.41012years

6.4106years

26characters
(permutation)

Security Service
enhance security of data processing systems and
information transfers of an organization
intended to counter security attacks
using one or more security mechanisms
often replicates functions normally associated with
physical documents
which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed

Security Services
X.800:
a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers

RFC 2828:
a processing or communication service provided by
a system to give a specific kind of protection to
system resources

Security Services
Confidentiality
Privacy
Reading by authorized parties

Authentication
Who created or sent the data,
Origin of a message be correctly identified

Integrity
Data has not been altered
Modification only by authorized parties

Security Services
Non-repudiation
The order is final
Neither the sender nor the receiver of a message be able
to deny the transmission

Access Control
Prevent misuse of resources
Access to information resources be controlled

Availability (permanence, non-erasure)

Denial of Service Attacks
Virus that deletes files

Security Mechanism
feature designed to detect, prevent, or
recover from a security attack
no single mechanism that will support all
services required
however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques

hence our focus on this topic

Security Mechanisms (X.800)

Specific security mechanisms:
May be incorporated into the appropriate protocol layer in
order to provide some of the OSI security services.
encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding,
routing control, notarization

Pervasive security mechanisms:

Mechanisms that are not specific to any OSI security
service or protocol layer
trusted functionality, security labels, event detection,
security audit trails, security recovery

Model for Network Security

Model for Network Security

using this model requires us to:

1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service

Model for Network Access Security

Model for Network Access Security

using this model requires us to:

1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources

trusted computer systems may be useful to

help implement this model