Professional Documents
Culture Documents
Section 01 - Introduction
Section 01 - Introduction
Section 1
Chapter 1: Introduction
1
Outlines:
⮚ The course project
⮚ Syllabus
⮚ Introduction
❖ Security Trends
❖ The OSI Security Architecture
❖ Security Attacks, Mechanisms, Services
❖ A Model for Network Security
2
The course project (Package)
1. crypto package is delivered as milestones during the semester. It includes the
implementation of the following algorithms:
a. Ceaser (shift) cipher, Monoalphabtic cipher
b. Hill Cipher, Vigenère cipher
c. DES
d. 3DES
e. AES
f. RSA
g. SHA-512
3
Syllabus
Lab Lab Topics
1 Introduction
2 Classical Encryption techniques I
3 Classical Encryption techniques II
4 DES
5 block cipher operations & 3DES
6 AES
7 Quiz 1
8 Public-Key Cryptography & RSA
9 Hash functions & SHA-512
10 User Authentication (Kerberos)
11 IEEE 802.11 Wireless LAN protocol
4
Contacts
TA Email
5
Introduction
? Cryptology:
? This is the study of techniques for ensuring the secrecy and/or
authenticity of information. The two main branches of
cryptology are:
? Cryptography: which is the study of the design of such
techniques;
? Cryptanalysis: which deals with the defeating such techniques,
to recover information
6
Introduction
? Computer security: Refers to the security of computers
against intruders (e.g., hackers) and malicious software
(e.g., viruses).
? Typically, the computer to be secured is attached to a
network and the bulk of the threats arise from the
network.
7
Introduction
? To assess effectively the security needs of an organization and
to evaluate and choose various security products and policies.
The manager responsible for security needs some systematic
way of defining the requirements for security and
characterizing the approaches to satisfying those requirements.
8
The OSI Security Architecture
? The OSI security architecture focuses on
? Security attacks,
? Mechanisms, and
? Services
9
Security Attacks
? Security attack: Any action that compromises the
security of information owned by an organization.
what's the
difference ?
Attack and
Threat ?
Threat Attack
10
Security Attacks
? Security attack: Any action that compromises the
security of information owned by an organization.
• A) Masquerade
Active • B) Replay
Attack • C) Modification
• D) Denial of service
12
Passive Attacks
? A)Release of message contents
? B)Traffic Analysis
13
Passive Attacks
? A) Release of message contents
Let’s meet at 3 pm
B
A
Read the
contents of the
msg from A to B
attacker
14
Passive Attacks
? B)Traffic Analysis
Let’s meet at 3 pm
B
A
Observe pattern
of msgs from A
to B
attacker
15
Active Attacks
? A) Masquerade
? B) Replay
? C) Modification
? D) Denial of service
16
Active Attacks
? A) Masquerade
B
A
Let’s meet at 3 pm
Msg from
Attacker that
appears from A
attacker
17
Active Attacks
? B) Replay
B
A
Capture Msg
from A to B,
later replay msg
attacker to B
18
Active Attacks
? C) Modification (content, order, delay, insert )
Let’s meet at 3 pm
B
A
Let’s meet at 6 pm
modifies msg
from A to B
attacker
19
Active Attacks
? D) Denial of service (prevent, inhibit)
Server
A
Attacker disrupts
service provided
by server
attacker
20
Security Services
? Enhances the security of the data processing systems and the
information transfers of an organization.
21
Security Mechanisms
? It is an automated tool (algorithm) that is designed to deter,
prevent, detect, or correct security violation (recover from
security attack)
22
Security Mechanisms
SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS
May be incorporated into the Mechanisms that are not specific to any
appropriate protocol layer in order to particular OSI security service or
provide some of the OSI security protocol layer.
services. Trusted Functionality
Encipherment Security Label
Digital Signature Security Audit Trail
Access Control Security Recovery
Data Integrity
Authentication Exchange
Traffic Padding
Routing Control
Notarization
23
Security Mechanisms and Services
24
Model for Network Security
? Security Model of Information Transfer
25
Model for Network Security
? Security Model of Information Accessibility
2
Two lines of defense
1- Limited Access
2- Monitoring activities
26
Model for Network Security
🞂 Security Model of Information Accessibility
2
Two lines of defense
1- Limited Access
2- Monitoring activities
27
Classical Encryption Techniques
28
Classical Encryption Techniques
🞂 Unconditionally Secure:
🞂 C.T have no enough information to determine only one
corresponding P.T
🞂 Computationally Secure:
🞂 Cost to break the cipher exceeds the value of the information
29
Classical Encryption Techniques
30
Classical Encryption Techniques
Encryption techniques can be classified according to:
31
Classical Encryption Techniques
Cryptanalysis techniques can be classified according to:
33
1
34