chapter 31 security of commun networks
MohammedAbbas653737
28 views
58 slides
Aug 06, 2024
Slide 1 of 58
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
About This Presentation
This slide to explain the security of the computer networks
Slide Content
Chapter 31
Cryptography
And
Network
Security
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography
And
Network
Security
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 31: Outline
331.1 331.1 INTRODUCTIONINTRODUCTION
331.2 331.2 CONFIDENTIALITYCONFIDENTIALITY
331.3 331.3 OTHER ASPECTS OF SECURITYOTHER ASPECTS OF SECURITY
331.1 331.1 INTRODUCTIONINTRODUCTION
331.2 331.2 CONFIDENTIALITYCONFIDENTIALITY
331.3 331.3 OTHER ASPECTS OF SECURITYOTHER ASPECTS OF SECURITY
Chapter 31: Objective
The first section introduces the subject. It first describes security
goals such as confidentiality, integrity, and availability. The
section shows how confidentiality is threatened by attacks such
as snooping and traffic analysis. The section then shows how
integrity is threatened by attacks such as modification,
masquerading, replaying, and repudiation. The section mentions
one attack that threatens availability, denial of service. This
section ends with describing the two techniques used in security:
cryptography and steganography. The chapter concentrates on
the first
The first section introduces the subject. It first describes security
goals such as confidentiality, integrity, and availability. The
section shows how confidentiality is threatened by attacks such
as snooping and traffic analysis. The section then shows how
integrity is threatened by attacks such as modification,
masquerading, replaying, and repudiation. The section mentions
one attack that threatens availability, denial of service. This
section ends with describing the two techniques used in security:
cryptography and steganography. The chapter concentrates on
the first
Chapter 31: Objective (continued)
The second section discusses confidentiality. It first describes
symmetric-key ciphers and explains traditional symmetric-key
ciphers such as substitution and transposition ciphers. It then
moves to modern symmetric-key ciphers and explains modern
block and stream ciphers. The section then shows that denial of
service is an attack to availability.
The third section discusses other aspects of security: message
integrity, message authentication, digital signature, entity
authentication. These aspects today are part of the security
system that complements confidentiality. The section also
describes the topic of key management including the distribution
of keys for both symmetric-key and asymmetric-key ciphers.
The second section discusses confidentiality. It first describes
symmetric-key ciphers and explains traditional symmetric-key
ciphers such as substitution and transposition ciphers. It then
moves to modern symmetric-key ciphers and explains modern
block and stream ciphers. The section then shows that denial of
service is an attack to availability.
The third section discusses other aspects of security: message
integrity, message authentication, digital signature, entity
authentication. These aspects today are part of the security
system that complements confidentiality. The section also
describes the topic of key management including the distribution
of keys for both symmetric-key and asymmetric-key ciphers.
31.5
31-1 INTRODUCTION31-1 INTRODUCTION
We are living in the information age.
Information is an asset that has a value
like any other asset. As an asset,
information needs to be secured from
attacks. To be secured, information
needs to be hidden from unauthorized
access (confidentiality), protected from
unauthorized change (integrity), and
available to an authorized entity when it
is needed (availability).
31-1 INTRODUCTION31-1 INTRODUCTION
We are living in the information age.
Information is an asset that has a value
like any other asset. As an asset,
information needs to be secured from
attacks. To be secured, information
needs to be hidden from unauthorized
access (confidentiality), protected from
unauthorized change (integrity), and
available to an authorized entity when it
is needed (availability).
31.6
331.31.1 Security Goals331.31.1 Security Goals
Let us first discuss three security goals:
confidentiality, integrity, and availability.
331.31.1 Security Goals331.31.1 Security Goals
Let us first discuss three security goals:
confidentiality, integrity, and availability.
31.7
331.31.2 Attacks331.31.2 Attacks
Our three goals of security, confidentiality, Our three goals of security, confidentiality,
integrity, and availability, can be threatened by integrity, and availability, can be threatened by
security attacks. Although the literature uses security attacks. Although the literature uses
different approaches to categorizing the attacks, different approaches to categorizing the attacks,
we divide them into three groups related to the we divide them into three groups related to the
security goals. Figure 331.1 shows the taxonomy.security goals. Figure 331.1 shows the taxonomy.
331.31.2 Attacks331.31.2 Attacks
Our three goals of security, confidentiality, Our three goals of security, confidentiality,
integrity, and availability, can be threatened by integrity, and availability, can be threatened by
security attacks. Although the literature uses security attacks. Although the literature uses
different approaches to categorizing the attacks, different approaches to categorizing the attacks,
we divide them into three groups related to the we divide them into three groups related to the
security goals. Figure 331.1 shows the taxonomy.security goals. Figure 331.1 shows the taxonomy.
31.8
Figure 331.1: Taxonomy of attacks with relation to security goals
Figure 331.1: Taxonomy of attacks with relation to security goals
31.9
331.31.3 Services and Techniques331.31.3 Services and Techniques
ITU-T defines some security services to achieve
security goals and prevent attacks. Each of these
services is designed to prevent one or more attacks
while maintaining security goals. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
one is very general (cryptography) and one is
specific (steganography).
331.31.3 Services and Techniques331.31.3 Services and Techniques
ITU-T defines some security services to achieve
security goals and prevent attacks. Each of these
services is designed to prevent one or more attacks
while maintaining security goals. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
one is very general (cryptography) and one is
specific (steganography).
31.10
31-2 CONFIDENTIALITY 31-2 CONFIDENTIALITY
We now look at the first goal of security,
confidentiality. Confidentiality can be
achieved using ciphers. Ciphers can be
divided into two broad categories:
symmetric-key and asymmetric-key.
31-2 CONFIDENTIALITY 31-2 CONFIDENTIALITY
We now look at the first goal of security,
confidentiality. Confidentiality can be
achieved using ciphers. Ciphers can be
divided into two broad categories:
symmetric-key and asymmetric-key.
31.11
331.2.1 Symmetric-Key Ciphers331.2.1 Symmetric-Key Ciphers
A symmetric-key cipher uses the same key for both A symmetric-key cipher uses the same key for both
encryption and decryption, and the key can be encryption and decryption, and the key can be
used for bidirectional communication, which is used for bidirectional communication, which is
why it is called symmetric. Figure 331.2 shows the why it is called symmetric. Figure 331.2 shows the
general idea behind a symmetric-key cipher.general idea behind a symmetric-key cipher.
331.2.1 Symmetric-Key Ciphers331.2.1 Symmetric-Key Ciphers
A symmetric-key cipher uses the same key for both A symmetric-key cipher uses the same key for both
encryption and decryption, and the key can be encryption and decryption, and the key can be
used for bidirectional communication, which is used for bidirectional communication, which is
why it is called symmetric. Figure 331.2 shows the why it is called symmetric. Figure 331.2 shows the
general idea behind a symmetric-key cipher.general idea behind a symmetric-key cipher.
31.12
Figure 331.2: General idea of a symmetric-key cipher
Figure 331.2: General idea of a symmetric-key cipher
31.13
Figure 331.3: Symmetric-key encipherment as locking and unlocking
with the same key
Figure 331.3: Symmetric-key encipherment as locking and unlocking
with the same key
31.14
Figure 331.4: Representation of plaintext and ciphertext characters in
modulo 26
Figure 331.4: Representation of plaintext and ciphertext characters in
modulo 26
Use the additive cipher with key = 15 to encrypt the
message “hello”.
Example 331.1
31.15
message “hello”.
Example 331.1
31.15
Use the additive cipher with key = 15 to decrypt the
message “WTAAD”.
Example 331.2
31.16
message “WTAAD”.
Example 331.2
31.16
31.17
Figure 331.5: An example key for a monoalphabetic substitution cipher
Figure 331.5: An example key for a monoalphabetic substitution cipher
We can use the key in Figure 10.5 to encrypt the message
Example 331.3
31.18
Example 331.3
31.18
Assume that Alice and Bob agreed to use an autokey cipher
with initial key value k
1 = 12. Now Alice wants to send Bob
the message “Attack is today”. The three occurrences of “t”
are encrypted differently.
Example 331.4
31.19
with initial key value k
1 = 12. Now Alice wants to send Bob
the message “Attack is today”. The three occurrences of “t”
are encrypted differently.
Example 331.4
31.19
31.20
Figure 331.6: Transposition cipher
Figure 331.6: Transposition cipher
31.21
Figure 331.7: A modern block cipher
Figure 331.7: A modern block cipher
31.22
Figure 331.8: Components of a modern block cipher
Figure 331.8: Components of a modern block cipher
31.23
Figure 331.9: General structure of DES
Figure 331.9: General structure of DES
31.24
Figure 331.10: DES function
Figure 331.10: DES function
31.25
Figure 331.11: Key generation
Figure 331.11: Key generation
We choose a random plaintext block and a random key, and
determine (using a program) what the ciphertext block
would be (all in hexadecimal) as shown below.
Example 331.5
31.26
determine (using a program) what the ciphertext block
would be (all in hexadecimal) as shown below.
Example 331.5
31.26
To check the effectiveness of DES when a single bit is
changed in the input, we use two different plaintexts with
only a single bit difference (in a program). The two
ciphertexts are completely different without even changing
the key. Although the two plaintext blocks differ only in the
rightmost bit, the ciphertext blocks differ in 29 bits.
Example 331.6
31.27
changed in the input, we use two different plaintexts with
only a single bit difference (in a program). The two
ciphertexts are completely different without even changing
the key. Although the two plaintext blocks differ only in the
rightmost bit, the ciphertext blocks differ in 29 bits.
Example 331.6
31.27
31.28
Figure 331.12: One-time pad
Figure 331.12: One-time pad
31.29
331.2.2 Asymmetric-Key Ciphers331.2.2 Asymmetric-Key Ciphers
In previous sections we discussed symmetric-key In previous sections we discussed symmetric-key
ciphers. In this section, we start the discussion of ciphers. In this section, we start the discussion of
asymmetric-key ciphers. Symmetric- and asymmetric-key ciphers. Symmetric- and
asymmetric-key ciphers will exist in parallel and asymmetric-key ciphers will exist in parallel and
continue to serve the community. We actually continue to serve the community. We actually
believe that they are complements of each other; believe that they are complements of each other;
the advantages of one can compensate for the the advantages of one can compensate for the
disadvantages of the other.disadvantages of the other.
331.2.2 Asymmetric-Key Ciphers331.2.2 Asymmetric-Key Ciphers
In previous sections we discussed symmetric-key In previous sections we discussed symmetric-key
ciphers. In this section, we start the discussion of ciphers. In this section, we start the discussion of
asymmetric-key ciphers. Symmetric- and asymmetric-key ciphers. Symmetric- and
asymmetric-key ciphers will exist in parallel and asymmetric-key ciphers will exist in parallel and
continue to serve the community. We actually continue to serve the community. We actually
believe that they are complements of each other; believe that they are complements of each other;
the advantages of one can compensate for the the advantages of one can compensate for the
disadvantages of the other.disadvantages of the other.
31.30
Figure 331.13: Locking and unlocking in asymmetric-key cryptosystem
Figure 331.13: Locking and unlocking in asymmetric-key cryptosystem
31.31
Figure 331.14: General idea of asymmetric-key cryptosystem
Figure 331.14: General idea of asymmetric-key cryptosystem
31.32
Figure 331.15: Encryption, decryption, and key generation in RSA
Figure 331.15: Encryption, decryption, and key generation in RSA
For the sake of demonstration, let Bob choose 7 and 11 as p
and q and calculate n = 7 × 11 = 77, φ(n) = (7 − 1)(11 − 1),
or 60. If he chooses e to be 13, then d is 37. Note that e × d
mod 60 = 31. Now imagine that Alice wants to send the
plaintext 5 to Bob. She uses the public exponent 13 to
encrypt 5. This system is not safe because p and q are small.
Example 331.7
31.33
and q and calculate n = 7 × 11 = 77, φ(n) = (7 − 1)(11 − 1),
or 60. If he chooses e to be 13, then d is 37. Note that e × d
mod 60 = 31. Now imagine that Alice wants to send the
plaintext 5 to Bob. She uses the public exponent 13 to
encrypt 5. This system is not safe because p and q are small.
Example 331.7
31.33
Here is a more realistic example calculated using a computer
program in Java. We choose a 512-bit p and q, calculate n
and φ(n). We then choose e and calculate d. Finally, we
show the results of encryption and decryption. The integer p
is a 159-digit number.
Example 331.8
31.34
program in Java. We choose a 512-bit p and q, calculate n
and φ(n). We then choose e and calculate d. Finally, we
show the results of encryption and decryption. The integer p
is a 159-digit number.
Example 331.8
31.34
Example 331.8 (continued)
31.35
31.35
Example 331.8 (continued)
31.36
31.36
Example 331.8 (continued)
31.37
31.37
31.38
31-3 OTHER ASPECTS OF SECURITY31-3 OTHER ASPECTS OF SECURITY
The cryptography systems that we have
studied so far provide confidentiality.
However, in modern communication, we
need to take care of other aspects of
security, such as integrity, message and
entity authentication, nonrepudiation,
and key management. We briefly discuss
these issues in this section.
31-3 OTHER ASPECTS OF SECURITY31-3 OTHER ASPECTS OF SECURITY
The cryptography systems that we have
studied so far provide confidentiality.
However, in modern communication, we
need to take care of other aspects of
security, such as integrity, message and
entity authentication, nonrepudiation,
and key management. We briefly discuss
these issues in this section.
31.39
331.3.1 Message Integrity331.3.1 Message Integrity
There are occasions where we may not even need
secrecy but instead must have integrity: the
message should remain unchanged. For example,
Alice may write a will to distribute her estate upon
her death. The will does not need to be encrypted.
After her death, anyone can examine the will. The
integrity of the will, however, needs to be
preserved. Alice does not want the contents of the
will to be changed.
331.3.1 Message Integrity331.3.1 Message Integrity
There are occasions where we may not even need
secrecy but instead must have integrity: the
message should remain unchanged. For example,
Alice may write a will to distribute her estate upon
her death. The will does not need to be encrypted.
After her death, anyone can examine the will. The
integrity of the will, however, needs to be
preserved. Alice does not want the contents of the
will to be changed.
31.40
Figure 331.16: Message and digest
Insecure channel
Channel immune to change
Figure 331.16: Message and digest
Insecure channel
Channel immune to change
31.41
331.3.2 Message Authentication331.3.2 Message Authentication
A digest can be used to check the integrity of a
message—that the message has not been changed.
To ensure the integrity of the message and the
data origin authentication—that Alice, not
somebody else, is the originator of the message—
we need to include a secret shared by Alice and
Bob (that Eve does not possess) in the process; we
need to create a message authentication code
(MAC). Figure 331.17 shows the idea.
331.3.2 Message Authentication331.3.2 Message Authentication
A digest can be used to check the integrity of a
message—that the message has not been changed.
To ensure the integrity of the message and the
data origin authentication—that Alice, not
somebody else, is the originator of the message—
we need to include a secret shared by Alice and
Bob (that Eve does not possess) in the process; we
need to create a message authentication code
(MAC). Figure 331.17 shows the idea.
Figure 10.17: Message authentication code
M + MAC
Insecure channel
31.42
M + MAC
Insecure channel
31.42
31.43
331.3.3 Digital Signature331.3.3 Digital Signature
Another way to provide message integrity and
message authentication (and some more security
services, as we will see shortly) is a digital
signature. A MAC uses a secret key to protect the
digest; a digital signature uses a pair of private-
public keys.
331.3.3 Digital Signature331.3.3 Digital Signature
Another way to provide message integrity and
message authentication (and some more security
services, as we will see shortly) is a digital
signature. A MAC uses a secret key to protect the
digest; a digital signature uses a pair of private-
public keys.
31.44
Figure 331.18: Digital signature process
(M, S)
Figure 331.18: Digital signature process
(M, S)
31.45
Figure 331.19: Signing the digest
Figure 331.19: Signing the digest
31.46
Figure 331.20: Using a trusted center for non-repudiation
(M, S
A
) (M, S
T)
Figure 331.20: Using a trusted center for non-repudiation
(M, S
A
) (M, S
T)
31.47
Figure 331.21: The RSA signature on the message digest
Figure 331.21: The RSA signature on the message digest
31.48
331.3.4 Entity Authentication331.3.4 Entity Authentication
Entity authentication is a technique designed to let
one party verify the identity of another party. An
entity can be a person, a process, a client, or a
server. The entity whose identity needs to be
proven is called the claimant; the party that tries
to verify the identity of the claimant is called the
verifier.
331.3.4 Entity Authentication331.3.4 Entity Authentication
Entity authentication is a technique designed to let
one party verify the identity of another party. An
entity can be a person, a process, a client, or a
server. The entity whose identity needs to be
proven is called the claimant; the party that tries
to verify the identity of the claimant is called the
verifier.
31.49
Figure 331.22: Unidirectional, symmetric-key authentication
Figure 331.22: Unidirectional, symmetric-key authentication
31.50
Figure 331.23: Unidirectional, asymmetric-key authentication
Figure 331.23: Unidirectional, asymmetric-key authentication
31.51
Figure 331.24: Digital signature, unidirectional authentication
Figure 331.24: Digital signature, unidirectional authentication
31.52
331.3.5 Key Management331.3.5 Key Management
We discussed symmetric-key and asymmetric-key
cryptography in the previous sections. However,
we have not yet discussed how secret keys in
symmetric-key cryptography, and public keys in
asymmetric-key cryptography, are distributed and
maintained. This section touches on these two
issues.
331.3.5 Key Management331.3.5 Key Management
We discussed symmetric-key and asymmetric-key
cryptography in the previous sections. However,
we have not yet discussed how secret keys in
symmetric-key cryptography, and public keys in
asymmetric-key cryptography, are distributed and
maintained. This section touches on these two
issues.
31.53
Figure 331.25: Multiple KDCs
Figure 331.25: Multiple KDCs
31.54
Figure 331.26: Creating a session key using KDC
Figure 331.26: Creating a session key using KDC
31.55
Figure 331.27: Diffie-Hellman method
Figure 331.27: Diffie-Hellman method
Example 331.9
Let us give a trivial example to make the procedure clear.
Our example uses small numbers, but note that in a real
situation, the numbers are very large. Assume that g = 7 and
p = 23. The steps are as follows:
31. Alice chooses x = 3 and calculates R
1 = 7
3
mod 23 = 231.
Bob chooses y = 6 and calculates R
2 = 7
6
mod 23 = 4.
2. Alice sends the number 21 to Bob.
31.56
Let us give a trivial example to make the procedure clear.
Our example uses small numbers, but note that in a real
situation, the numbers are very large. Assume that g = 7 and
p = 23. The steps are as follows:
31. Alice chooses x = 3 and calculates R
1 = 7
3
mod 23 = 231.
Bob chooses y = 6 and calculates R
2 = 7
6
mod 23 = 4.
2. Alice sends the number 21 to Bob.
31.56
Example 331.9 (continued)
3. Bob sends the number 4 to Alice.
4. Alice calculates the symmetric key K = 4
3
mod 23 = 18.
Bob calculates the symmetric key K = 21
6
mod 23 = 18.
Conclusion:
The value of K is the same for both Alice and Bob;
g
xy
mod p = 7
18
mod 23 = 18.
31.57
3. Bob sends the number 4 to Alice.
4. Alice calculates the symmetric key K = 4
3
mod 23 = 18.
Bob calculates the symmetric key K = 21
6
mod 23 = 18.
Conclusion:
The value of K is the same for both Alice and Bob;
g
xy
mod p = 7
18
mod 23 = 18.
31.57
31.58
Figure 331.28: Certification authority
Figure 331.28: Certification authority
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 28
- Slides 58
- Age 492 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
37 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
40 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
36 views
14
Fertility awareness methods for women in the society
Isaiah47
34 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
32 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
34 views