This action might not be possible to undo. Are you sure you want to continue?
, modification, network-accessible resources. Network security involves the authorization of access to data in a network. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions Security Requirements • • • • • • Confidentiality Integrity Authentication Non-repudiation Availability Access control
Passive Threats • Release of a message contents:
Contents of a message are read. > Can be done even if messages are encrypted. Traffic analysis: An intruder makes inferences by observing message patterns. • Denial of service: Inhibits normal use of computer and communications resources. • Replay: Involves capture of a data unit and its retransmission to produce an unauthorized effect. . An entity captures an authentication sequence and replays it later to impersonate the original entity. > Flooding >Swamping of CPU or a server. Active Threats • Masquerade: An entity pretends to be some other entity. > • A message may be carrying sensitive or confidential data. • Modification of messages: A portion of a legitimate message has been altered to produce an undesirable effect.
oThis is an attack on integrity. Active Attacks 1. Security Attacks Interruption: An asset of the system is destroyed or becomes unavailable or unusable.Passive vs. Altering a program. Active Attacks: o Involve modification or creation of info. Examples: >Wiretapping to capture data in a network. Interception: An unauthorized party gains access to an asset. >Illicitly copying data or programs. Examples: • • • Changing data files. Passive Attacks: o Eavesdropping on information without modifying it. • This is an attack on availability. O This is an attack on confidentiality. Altering the contents of a message. Modification: An unauthorized party gains access and tampers an asset. Swamping a computer with jobs or communication link with packets. Examples: • • • • • • • • Destroying some H/W (disk or wire). . Disabling file system. 2.
Code 1. Examples: > Insertion of records in data files. > Insertion of spurious messages in a network. O This is an attack on authenticity. Cipher vs. Cryptography • • Greek words for “Secret Writing”. Code: replace one word with another word or symbol. • • The art of devising ciphers is called cryptography The art of breaking ciphers is called cryptanalysis Encryption Model . 2.• • • • • Fabrication: An unauthorized party inserts a counterfeit object into the system. Cipher: a character-to-character or bit-to-bit transformation . (message replay).
For example if k=4..The Caesar cipher would work by taking each letter in the plaintext message and substituting the letter that is kletters later (allowing wraparound." in ciphertext. as there are only 25 possible key values. . and so on. The letter in the key indicated the order of columns to be output. Plaintext horizontally read in. Here. rather than substituting according to a regular pattern. the value of k serves as the key. Monoalphabetic cipher • An improvement to the Caesar cipher is the so-called monoalphabetic cipher that also substitutes one letter in the alphabet with another letter in the alphabet. plaintext letter: a b c d e f g h i f k l m n o p q r s t u v w x y z ciphertext letter:m n b v c x z a s d f g h j k l p o i u y t r e w q Transposition Ciphers • A transposition cipher. "b" in plaintext becomes "e" in ciphertext. ciphertext read out column by column. having the letter "a" follow the letter "z") in the alphabet. the plaintext message “I like it. Keyed by a phrase such as “MEGABUCK”. if you knew that the Caesar cipher was being used. i.“ becomes “f ifhb fq. As an example.e. However. then the letter "a" in plaintext becomes "d" in ciphertext.
g. Last three bytes of encrypted packet content are product # and quantity. Three types of cryptography .Two Fundamental Cryptographic Principles • Redundancy: Messages must contains some redundancy. – – E. • Freshness Some method is needed to foil replay attacks. Recent fired employee can capture the packet replace the last three byte quantity field with a random number..
Symmetric Cryptographic Algorithm .
Must be computationally infeasible to derive the private key from public key. p and q..Public-Key Algorithms • 1976 Dillfie and Hellman proposed crypto scheme with two keys. given e. with no remainder) by z. we • . which has no common factors (other than 1) with z. e. Must be computationally infeasible to determine the private key from a chosen plaintext attack. such that ed -1 is exactly divisible (i. Put another way.e. (In this case. e and z are said to be relatively prime). Choose a number. public key and private key. • RSA RSA • • • Choose two large prime numbers. less than n. Requirement: – – – Must be computationally easy to encipher/decipher msg using these keys. The letter 'd' is used because this value will be used in decryption. Compute n = pq and z = (p-1)(q-1). Find a number. d. The letter 'e' is used since this value will be used in encryption.
d=29. is denoted x mod n). Then n=35and z=24. his private key is the pair of numbers (n.e). (The integer remainder when an integer x is divided by the integer n. C=me mod n M=cd mod n • • Example of RSA As a simple example of RSA. public and keeps the value d=29 secret. e=5. suppose p=5 and q=7 (admittedly. these values are far too small to be secure). since 5*29 . plaintext letter m: numeric representation me ciphertext c = me mod n l 12 248832 17 o 15 759375 15 v 22 5153632 22 e 5 3125 10 .1 (i. Finally.. since 5 and 24 have no common factors.d). Now we have n=35 and e=5. • The public key that Bob makes available to the world is the pair of numbers (n. ed -1 ) is exactly divisible by 24.choose d such that the integer remainder when ed is divided by z is 1.e.
Alice enciphers the following data with her secret key KA (B:Bob’s ID. Everyone (i) carries secret key Ki to BB’s office.plaintext letter m: numeric representation me ciphertext c = me mod n l 12 248832 17 o 15 759375 15 v 22 5153632 22 e 5 3125 10 Digital Signatures • digital signatures provide the ability to: – – – – • • • • verify sender`s. RA: a random number chosen by Alice. t: timestamp. The receiver cannot possibly have concocted the message himself. knows everything!).). Symmetric-Key Signatures Public-Key Signatures Message Digests The Birthday Attack Symmetric-Key Signatures • Digital signatures with Big Brother (BB: a central authority trust by everyone. P: plaintext msg. send it to BB. • • . date & time of signature authenticate message contents at the time of signature The sender cannot later repudiate the content of the message.
4 properties of Message Digest (MD hash function: arbitrarily long plaintext fixed-length bit string. NIST proposed Digital Signature Standard (DSS) using variant of the EL Gamal public key algorithm (discrete logarithm). t. encrypted the data together with a signed msg KBB(A. to new (not yet thoroughly analyzed). it is effectively impossible to find P. P) . t. it is easy to compute MD(P). Public-Key Signatures • • Digital signatures using public-key cryptography. Given P no one can find P’ such that MD(P’)=MD(P). Instead of KBB(A. But it is too secret (NSA designed). t. later changed to 1024 bits) • Message Digests • • Authentication without encrypting the entire msg. too slow (10-40 times slower than RSA for checking signature).• BB deciphers with KA. Given MD(P). A change to the input of even 1 bit produces a very different output. to insecure (fixed 512bits. 1991. – – – – • Given P. P) using B’s secret key. we have KBB(A. MD(P)) . For example.
The Birth Day Attack • • • It takes 2m operations to attack m-bit MD. I strongly urge you to grant him tenure. He is also a [highly I greatly] [respected I admired] [teacher I educator]. His [grants I contracts] have brought a [large I substantial] amount of money into [the I our] Department. Marilyn to write recommendation letter: Secretary Ellen Loves Dick. Tom Wilson. This [letter I message] is to give my [honest I frank] opinion of Prof. But it takes 2m/2 operations using birthday attack. Tom Wilson.• Digital signatures using message digests. which is so [important I essential] to both of us. Without these funds we would [be unable I not be able] to continue this program. Chair. He is an [outstanding I excellent] researcher of great [talent I ability] known [worldwide I internationally] for his [brilliant I creative] insights into [many I a wide variety of] [difficult I challenging] problems. Wilson is a [gifted I effective] fund raiser. • Official Letter 1 Dear Dean Smith. Fake Letter Dear Dean Smith. His students give his [classes I courses] [rave I spectacular] reviews. He is [our I the Department's] [most popular I best-loved] [teacher I instructor]. Yuval 1979 paper on “how to swindle Rabin” Example: two tenure faculty up for promotion: Tom and Dick. He is a . I have [known I worked with] Tom for [about I almost] six years. She prepares two letters. who is [a candidate I up] for tenure [now I this year]. Tom asks Dept. who is [a candidate I up] for tenure [now I this year]. [such as I for example] your State 2000 program. I have [known I worked with] Prof. This [letter I message] is to give my [honest I frank] opinion of Prof. Wilson for [about I almost] six years. Tom earlier by two years. [In addition I Additionally] Prof. [This money has I These funds have] [enabled I permitted] us to [pursue I carry out] many [special I important] programs.
such as your State 2000 program. under these [conditions I circumstances] I cannot in good [conscience I faith] recommend him to you for [tenure I a permanent position]. He is [our I the Department's] least popular [teacher I instructor]. His students give his [classes I courses] [poor I bad ] reviews. Furthermore. we may have to cancel some essential programs. known [mostly I primarily] within [the I our] Department for his [tendency I propensity] to [ridicule I embarrass] students [foolish I imprudent] enough to ask questions in his classes. . Unfortunately. His [grants I contracts] have brought only a [meager I insignificant] amount of money into [the I our] Department.[poor I weak] researcher not well known in his [field I area]. he is not a [respected I admired] [teacher I educator]. His research [hardly ever I rarely] shows [insight in I understanding of] the [key I major] problems of [the I our] day. [In addition I Additionally] Tom is a [poor I marginal] fund raiser. Unless new [money is I funds are] quickly located.