Professional Documents
Culture Documents
SECURITY
Dr. Kashif Naseer Qureshi
Associate Professor
(MCS, MS-IT, Ph.D)
(MCSE, MCITP, CCNA, CCNP)
1
In todays lecture
■ Basic notions of confidentiality
■ Integrity
■ Availability
■ Classical encryption Techniques (Overview)
2
The confidentiality, Integrity and Availability
Triad
– CIA Model provides security concepts.
– DAD (Disclosure, Alteration and Denial)
Confidentiality
3
Integrity
■ Several aspects of integrity are illustrated by the example of a hospital
patient’s allergy information stored in a database.
■ The doctor should be able to trust that the information is correct and
current.
■ Now suppose that an employee (e.g., a nurse) who is authorized to
view and update this information deliberately falsifies the data to cause
harm to the hospital.
■ The database needs to be restored to a trusted basis quickly, and it
should be possible to trace the error back to the person responsible.
■ Patient allergy information is an example of an asset with a high
requirement for integrity. Inaccurate information could result in serious
harm or death to a patient and expose the hospital to massive liability.
4
Availability
■ The more critical a component or service, the higher the
level of availability required.
■ Consider a system that provides authentication services for
critical systems, applications, and devices.
■ An interruption of service results in the inability for
customers to access computing resources and staff to
access the resources they need to perform critical tasks.
■ The loss of the service translates into a large financial loss
in lost employee productivity and potential customer loss.
5
Security Concepts and Relationships
6
Assets
The assets of a computer system can be categorized as
follows:
■ Hardware: Including computer systems and other data
processing, data storage, and data communications
devices
■ Software: Including the operating system, system
utilities, and applications.
■ Data: Including files and databases, as well as security-
related data, such as password files.
■ Communication facilities and networks: Local and
wide area network communication links, bridges, routers,
and so on.
7
Vulnerabilities of system
■ It can be corrupted, so that it does the wrong thing or
gives wrong answers. For example, stored data values may
differ from what they should be because they have been
improperly modified.
■ It can become leaky. For example, someone who should
not have access to some or all of the information available
through the network obtains such access.
■ It can become unavailable or very slow. That is, using
the system or network becomes impossible or impractical.
8
Threats, attacks, and assets
9
Scope of Computer Security
10
Computer and Network Assets, with
Examples of Threats
11
Classical Encryption Techniques
12
Cryptography
■ Comes from Greek kryptós "hidden" and gráfein "to write"
13
Some Basic Terminologies
■ plaintext - original message
■ ciphertext - coded message
■ cipher - algorithm for transforming plaintext to ciphertext
■ key - info used in cipher known only to sender/receiver
■ encipher (encrypt) - converting plaintext to ciphertext
■ decipher (decrypt) - recovering ciphertext from plaintext
■ cryptography - study of encryption principles/methods
■ cryptanalysis (codebreaking) - study of principles/ methods of
deciphering ciphertext without knowing key
■ cryptology - field of both cryptography and cryptanalysis
14
Ciphers
15
Symmetric Cipher Model
16
17
Symmetric Encryption
■ Or conventional / secret-key / single-key
■ Sender and recipient share a common key
■ All classical encryption algorithms are symmetric
■ The only type of ciphers prior to the invention of asymmetric-key ciphers
in 1970’s
■ By far most widely used
18
Symmetric Encryption
■ Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
■ X = plaintext
■ Y = ciphertext
■ K = secret key
■ E = encryption algorithm
■ D = decryption algorithm
■ Both E and D are known to public
19
Cryptography
■ Characterize cryptographic system by:
– type of encryption operations used
■ substitution / transposition / product
– number of keys used
■ single-key or private / two-key or public
– way in which plaintext is processed
■ block / stream
20
Classical encryption operations
21
Cryptanalysis
■ Objective: to recover the plaintext of a
ciphertext or, more typically, to recover the
secret key.
22
Brute-Force Attack
■ Try every key to decipher the ciphertext.
■ On average, need to try half of all possible keys
■ Time needed proportional to size of key space
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters 26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
(permutation)
23
Cryptanalytic Attacks
■ Ciphertext only
– only knows algorithm & ciphertext
■ Known plaintext
– know/suspect plaintext & ciphertext
■ Chosen plaintext
– select plaintext and obtain ciphertext
■ Chosen ciphertext
– select ciphertext and obtain plaintext
24
Ciphertext-only attack
■ Given: a ciphertext c
■ Q: what is the plaintext m?
■ An encryption scheme is completely insecure if it cannot resist
ciphertext-only attacks.
25
Known-plaintext attack
26
Chosen-plaintext attack
■ Given: (m1,c1), (m2,c2), …, (mk,ck), where m1, m2, …, mk are chosen by
the adversary; and a new ciphertext c.
27
Example: chosen-plaintext attack
28
Chosen-ciphertext attack
29
More Definitions
■ Unconditional security
– no matter how much computer power or time is available, the
cipher cannot be broken since the ciphertext provides insufficient
information to uniquely determine the corresponding plaintext
■ Computational security
– given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher cannot be
broken
30
Cryptography - recap
■ characterize cryptographic system by:
– type of encryption operations used
■ substitution / transposition / product
– number of keys used
■ single-key or private : symmetric
■ two-key or public : Asymmetric
– way in which plaintext is processed
■ block / stream
31
Classical Substitution Ciphers
■ Letters/bits of plaintext are replaced by other
letters/bits.
■ Categorized as:
– Monoalphabetic Ciphers – Simple Cipher
– Homophonic Ciphers
– Polyalphabetic Ciphers
– Polygram Ciphers
32
Mono-alphabetic cipher/ Simple
Substitution
■ Substitution of single letters separately
■ simple substitution—can be demonstrated by writing
out the alphabet in some order to represent the
substitution.
■ This is termed a substitution alphabet.
■ The cipher alphabet may be shifted or reversed
(creating the Caesar and Atbash ciphers, respectively)
or scrambled in a more complex fashion, in which
case it is called a mixed alphabet or deranged
alphabet.
33
Caesar Cipher
■ Earliest known substitution cipher
■ Invented by Julius Caesar
■ Each letter is replaced by the letter three positions
further down the alphabet.
• Plain: abcdefghijklmnopqrstuvwxyz
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
34
Caesar Cipher
35
Cryptanalysis of Caesar Cipher
■ Key space: {0, 1, ..., 25}
■ Vulnerable to brute-force attacks.
36
37