Professional Documents
Culture Documents
مدخل في أمنية البيانات و المعلومات PDF
مدخل في أمنية البيانات و المعلومات PDF
Third Edition
by William Stallings
Lecture slides by Lawrie Brown
:
.
Fahdalqasem.blogspot.com
fhdalqasem@yahoo.com
ibbalyaum.net
fahdalqasem.blogspot.com
-----------
----
-----------
---
-------
-------------
--------------
----------
MD5,SHA-1 full
-- - -dss ---------
Kerbrose5
--------
: introduction
: computer security
/.
: network security .
: internet security
.
.
: security service .
.
/.
:
)( .
: security mechanism
.
.
: ) (
.
: security attack .
.
):(x.800
:Authentication / / .
: access control / .
: data Confidentiality .
:data integrity
/ .authorized
:Non-repudiation / .
:
.
)(: )(.
:. : passive attacks
:
.
. / : active attacks
:
/ .
:
-
:
:plaintext /.
ciphertext . :cipher .
:key .
) :encipher (encrypt )(.
) :decipher (decrypt .
:Cryptography /.
) :cryptanalysis (codebreaking / :
.
:cryptology cryptography .cryptanalysis
ibbalyaum.net
fahdalqasem.blogspot.com
:
. .
. ) (.
. :/ .
Cryptanalytic Attacks :
: ciphertext only
.
known plaintext
.
chosen plaintext
.
chosen ciphertext
.
chosen text
.
:
Block Ciphers and the Data Encryption Standard
/ ) (stream / ):(block
* .
* .
* .
):Data Encryption Standard (DES
NBS .NIST
.
.......
:DES Encryption
Initial Permutation
.
ibbalyaum.net
: DES Decryption
fahdalqasem.blogspot.com
.
:
Finite Fields
: group )
( ) ( :
)(a.b).c = a.(b.c
associative law:
e.a = a.e = a has identity e:
a.a-1 = e
has inverses a-1:
a.b = b.a .abelian group
cyclic group
:
a b = ak b .k
: Ring ) ( :
abelian group .
associative distributive :
a.(b+c) = a.b + a.c
.commutative ring
) ( / integral
.domain
:Field :
)(.
)( .
.
: Modular Arithmetic
mod :
a mod n a .n
a=b mod n a,b n :
. 5=17 mod 12
a=b mod n a = qn + b 0 <= b <= n-1
modulo n
mod.
:(Modulo 7 Example)
...
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
...
divisors
b a m a = m . b :
a b . .b!a ,,,,,,,
.
:Modular Arithmetic Operations
/
.
:
}Zn = {0, 1, , n-1
. ):(Z8 , +
ibbalyaum.net
fahdalqasem.blogspot.com
:
:
.
, :
eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1
f(x) x g(x) = x5 + x2
) GF(2n .
:
Confidentiality Using Symmetric Encryption
Key Distribution
symmetric .
.
.
:
. .
. .
. .
.
.
Key Distribution Scenario
Key Distribution ) (
. authentication steps
fahdalqasem.blogspot.com
; a=2;n=11; (11)=10
hence 210 = 1024 = 1 mod 11
: RSA
Public Key Cryptography and RSA
:private Key Cryptography
.
: Public Key Cryptography
.
.
// public-key/two-key/asymmetric
:
: KU .
: KR / .
asymmetric
.
.
:
:
:key distribution /
.
: digital signatures
.
.
:
:
. .
. .
. .
:
:
:
: .
: / .
: .
.
:
.
) (.
.
.
.
) RSA (:
) (
.
:RSA
:
. P .q
. N :
N = p . q ) ).( ( N ) = ( p - 1 ) ( q - 1
.
N e ) ( N
e ) ( N
) . ( N :
)where 1<e<(N), GCD(e,(N))=1
. d
:
ibbalyaum.net
e . d = 1 mod ( N ) and 0 d N
fahdalqasem.blogspot.com
. } KU={e,N KU
.
.
} KR={d,p,q KR .
RSA Use
M } KU={e,N C
:
e
C = M mod N, where 0<= M < N.
M block
.
C
) ( N
N ) ( N p,q
.
} KR={d,p,q M :
d
M=C mod N
:RSA
:
)(n
a mod N = 1 ,where GCD ( a , N ) = 1.
:
) N = p . q and (N) = ( p 1 ) ( q 1
e d ) (mod (n)) (n
:
e . d = 1 + k . ( N ) ,for some k
e d ) ((N) , + , . :
:
Key Management; Other Public Key Cryptosystems
:Distribution of Public Keys
:
. Public announcement
. Publicly available directory
. Public-key authority
. Public-key certificates
:
.
:
:
.
.
:
/ ) (
) (real-time .
Public-Key Authority
:
!
) (
.
ibbalyaum.net
fahdalqasem.blogspot.com
Public-Key Certificates
.
:
)
( .
Simple Secret Key Distribution
....
.
Diffie-Hellman Key Exchange
.
:
.
.
.
.
) (
.
) (
) (RAS .
:
) ( q .
/ .q
) q A xA
(xA<q yA ).(yA = xA mod q
A yA B yB KAB:
) ( KAB = yA yB mod q = xA.xB mod q
)KAB = yAxB mod q (which B can compute
fahdalqasem.blogspot.com
:MAC
: checksumMAC = CK(M) , where M is the message
. . .to a fixed-sized authenticator ) ( .many-to-one function . :MAC
MAC :
( ) ( .
( / .
( )( .
:
.
) Data Authentication Algorithm (DAA
.DES-CBC
)(zero-pad of final block DES CBC
.
.
/ : Hash Functions
.
: Hash Function Properties
:)h = H(M
M . .
.
.
.
.
.
.
MD5,SHA-1 full
-- - -DSS ---------
Kerbrose5
--------
: Hash Algorithm
:
block cipher
brute-force
.plaintext
MD4 , MD5, SHA1 , RIPEMD160 :
.
) ( :message digest MD5
.RAS
MDn MD2 .MS4
)( .
.
).(RFC 1321
:MD5
padding
.
buffer MD5 ).(A,B,C,D
MD5 Overview
) (compression function
.
buffer ) (IV0: ini al value
ibbalyaum.net
fahdalqasem.blogspot.com
)
(.
) (digest MD5 .pad message
) (digest ) (integrity.
:MD5 Compression Funcon
round1 round2
.
:
)]b=b+(( a+ g(a,c,d) + X[k] + T[i
a,b,c,d
.
) g(a,c,d g
).(f,g,h,i
] x[k ] T[i .sin
MD4 . :SHA-1
MD5 padding . ) ( . initial value ) ( :
).(mixing & shifting buffer. . :SHA-1
) (MD5 ) (SHA-1
) (
.
5 buffers
:
)(A,B,C,D,E) <-(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D
a,b,c,d t
.
) f(t,b,c,d wt
kt .
ibbalyaum.net
:
fahdalqasem.blogspot.com
-:
.
A B .KDC
:
1. AKDC: IDA|| IDB|| N1
2. KDCA: EKa[Ks|| IDB|| N1 || EKb[Ks||IDA] ]
3. AB: EKb[Ks||IDA]
]4. BA: EKs[N2
])5. AB: EKs[f(N2
.
.
) ( .
:digital signature standard DSS
.
.SHA
.NIST&NSA
.
.
: DSA Key Generation DSA
):(p,q,g
L
p .p= 2 :
L .
q .p1
g :
(p1)/q
(p1)/q
where h<p1, h
(mod p) > 1
g=h
x : y
:
x<q
X
)y = g (mod p
:
M :
k .k<q
r,s:
k
) r = ( g (mod p) ) ( mod q
) s = ( k1 .SHA ( M ) + x.r ) ( mod q
) (r,s .M
ibbalyaum.net
fahdalqasem.blogspot.com
: DSA Signature Verification
M r . s
) (:
)w = s1(mod q
)u1= (SHA(M).w)(mod q
)u2= (r.w)(mod q
)v = (gu1.yu2(mod p)) (mod q
if v=r then signature is verified
r v
.
r v .
:
Authentication Applications
:KERBEROS
.MIT
.
.
.
KERBEROS 4 : KERBEROS 5
:
. . . . -.
: Kerberos Version 5
:
.
:
:
.
:
.
.RFC 1510
:
1) C As : IDc || Pc || IDv .
2) As C : Ticket.
3) C As : IDc || Ticket.
where:
]Ticket = Ekv[IDc || ADc || IDv
C = client
As = server of authentication
IDc = identifier of user on C
IDv = identifier of user on V
Pc = password of C
ADc = Netowork address of C
Kv = security key shard by As & V
|| concatenation
ibbalyaum.net
fahdalqasem.blogspot.com
: Web Security
): Secure Electronic Transactions (SET
.
) (credit card .
.
.
:
.
. x.509v3
.
SET Components
: SET
. .credit card
. .certificate
. .
. .
. ) (certificate server .
. .
. .
. .
. .
. .
: dual signature
OI
PI .
.
.
ibbalyaum.net
fahdalqasem.blogspot.com
PI OI
.
:
DS = Ekr[ H(PI) || H(OI) ] POMD
PIMD Payment Order Message Digest
.
:
.