Professional Documents
Culture Documents
Fundamental of Cryptography
Outline
Chapter:1 Introduction
• Security Goal/Objectives
• OSI Security Architecture
• Security Attacks
• Security Services
• Security Mechanism
• A model for Network Security
What is Security ?
1. Computer Security : Generic name for the collection of tools
designed to protect data.
2. Network and Internet Security : Measures to protect data
during their transmission over a collection of interconnected
networks.
Unit-1: Fundamental of Cryptography 5
Key Security Objectives
Goal/Objectives of Security :
1. Confidentiality
2. Integrity
3. Availability
4. Authenticity
5. Accountability
Bob
Alice
Attacker
Unit-1: Fundamental of Cryptography 7
Confidentiality
• Privacy: Assure individuals can control what information related
to them is collected, stored, distributed.
• Privacy is the right of an individual to protect personal or
sensitive information.
Message
Bob
Alice
Modifies the message, Message
or Inserts a new one.
Attacker
www.amazon.com
User
Browser working Server down
User A
Bank
User C
Bank
Replay attack involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect.
Replay attack is to replay the message sent to a network by an
attacker, which was earlier sent by an authorized user.
Unit-1: Fundamental of Cryptography 22
3. Modification of messages Attack (Active Attack)
Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality
Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery
Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery
Selective Field
Selective Repeat
Connection
Confidentiality
Integrity
Selective Field
Connection less
Integrity
Authentication
Authentication is the assurance that the communicating entity is
the one that it claims to be.
1. Peer Entity Authentication: Used Who you are ?
in association with a logical (biometrics)
connection (TCP) to provide
confidence in the identity of the
entities connected. Physical
authentication
2. Data-Origin Authentication: In a where you are ?
connectionless (UDP) transfer,
provides assurance that the What you know ?
source of received data is as Password
claimed. One-time Password(OTP)
Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality
Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery
Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery
Selective Field
Selective Repeat
Connection
Confidentiality
Integrity
Selective Field
Connection less
Integrity
Access Control
Access control is the prevention of unauthorized use of a resource
This service controls who can have access to a resource, under
what conditions access can occur, and what those accessing the
resource are allowed to do.
User A
User B
Human resources Development
network network
Unit-1: Fundamental of Cryptography 30
Security Services
Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality
Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery
Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery
Selective Field
Selective Repeat
Connection
Confidentiality
Integrity
Selective Field
Connection less
Integrity
Data Confidentiality
Data confidentiality is the protection of data from unauthorized
disclosure.
1. Connection Confidentiality: The
protection of all user data on a
connection.
2. Connectionless Confidentiality: The
protection of all user data in a single
data block.
3. Selective-Field Confidentiality: The
confidentiality of selected fields
within the user data on a connection
or in a single data block.
4. Traffic-Flow Confidentiality: The
protection of the information that
might be derived from observation of
traffic flows.
Unit-1: Fundamental of Cryptography 32
Security Services
Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality
Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery
Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery
Selective Field
Selective Repeat
Connection
Confidentiality
Integrity
Selective Field
Connection less
Integrity
Data Integrity
Data integrity is the assurance that data received are exactly as
sent by an authorized entity (i.e., contain no modification,
insertion, deletion, or replay).
Channel
Alice Bob
Data
Authentication Access Control Data Integrity Non Repudiation
Confidentiality
Connection
Peer Entity Connection Non Repudiation
Integrity with
Authentication Confidentiality Origin
recovery
Connection
Data Origin Connection less Non Repudiation
Integrity with
Authentication Confidentiality Destination
out recovery
Selective Field
Selective Repeat
Connection
Confidentiality
Integrity
Selective Field
Connection less
Integrity
Non Repudiation
Nonrepudiation is the assurance that someone cannot deny
something.
Typically, nonrepudiation refers to the ability to ensure that a
communication cannot deny the authenticity of their signature on
a document or the sending of a message that they originated.
Sender Recipient
Security -related Info. Security -related
Channel
Message
Message
Message
Message
Transformation Transformation
Secure
Secure
Secret Secret
Information Opponent Information
(Attacker)
1. The cost of breaking the cipher exceeds the value of the encrypted
information.
2. The time required to break the cipher exceeds the useful lifetime of the
information.
Data
Authentication
integrity
Symmetric
Asymmetric algorithms
Protocols
encryption
encryption usedused
usedare
to to
to schemes
protect
conceal
secure thebased
blocks
small of
ondata,
contents
blocks the
of
of such
usesuch
data,
blocks as
of
or
messages,
streams
as offrom
cryptographic
encryptiondata alteration.
algorithms
keys
of any designed
and size,
hash to authenticate
including
function messages,
values, whichtheare
files, identity
used of
encryption
in
entities.
keys,
digital
and
signatures.
passwords