Cryptography and Network Security

Section 1

Chapter 1: Introduction

1
Outlines:
⮚ The course project
⮚ Syllabus

⮚ Introduction
❖ Security Trends
❖ The OSI Security Architecture
❖ Security Attacks, Mechanisms, Services
❖ A Model for Network Security

2
 The course project (Package)
1. crypto package is delivered as milestones during the semester. It includes the
implementation of the following algorithms:
a. Ceaser (shift) cipher, Monoalphabtic cipher
b. Hill Cipher, Vigenère cipher
c. DES
d. 3DES
e. AES
f. RSA
g. SHA-512

⮚ The final delivery of the project includes a user manual/documentation

⮚ Students into teams (Each time consists of 4-5 students (preferably from the
same section)
⮚ Link of the registration form: link

3
Syllabus
Lab Lab Topics
1 Introduction
2 Classical Encryption techniques I
3 Classical Encryption techniques II
4 DES
5 block cipher operations & 3DES
6 AES
7 Quiz 1
8 Public-Key Cryptography & RSA
9 Hash functions & SHA-512
10 User Authentication (Kerberos)
11 IEEE 802.11 Wireless LAN protocol
4
Contacts
TA Email

Alaa Tarek alaa.tarek@cis.asu.edu.

eg
Hesham Fathy Hesham.fathy@cis.asu.e
du.eg

5
Introduction
? Cryptology:
? This is the study of techniques for ensuring the secrecy and/or
authenticity of information. The two main branches of
cryptology are:
? Cryptography: which is the study of the design of such
techniques;
? Cryptanalysis: which deals with the defeating such techniques,
to recover information

6
Introduction
? Computer security: Refers to the security of computers
against intruders (e.g., hackers) and malicious software
(e.g., viruses).
? Typically, the computer to be secured is attached to a
network and the bulk of the threats arise from the
network.

? Network security: This area covers the use of

cryptographic algorithms in network protocols and
network applications.

7
Introduction
? To assess effectively the security needs of an organization and
to evaluate and choose various security products and policies.
The manager responsible for security needs some systematic
way of defining the requirements for security and
characterizing the approaches to satisfying those requirements.

Security Architecture for OSI, defines such

a systematic approach.

8
The OSI Security Architecture
? The OSI security architecture focuses on
? Security attacks,
? Mechanisms, and
? Services

9
Security Attacks
? Security attack: Any action that compromises the
security of information owned by an organization.

what's the
difference ?
Attack and
Threat ?

• A potential for • An assault on

violation of system security
security that derives
from an
intelligent threat

Threat Attack
10
Security Attacks
? Security attack: Any action that compromises the
security of information owned by an organization.

• Attempts to learn or make use of information

from the system but does not affect system
Passive resources
Attack • Very difficult to detect because they do not
involve any alteration of the data, however,
measures are available to prevent their success.

• Attempts to alter system resources or affect

their operation.
Active • Quite difficult to prevent active attacks
Attack absolutely. Instead, the goal is to detect
active attacks and to recover from any
violation or delay caused by them.
11
Security Attacks
? Security attack: Any action that compromises the
security of information owned by an organization.

Passive • A)Release of message contents

Attack • B)Traffic Analysis

• A) Masquerade
Active • B) Replay
Attack • C) Modification
• D) Denial of service
12
Passive Attacks
? A)Release of message contents
? B)Traffic Analysis

13
Passive Attacks
? A) Release of message contents

Let’s meet at 3 pm

B
A

Read the
contents of the
msg from A to B
attacker

14
Passive Attacks
? B)Traffic Analysis

Let’s meet at 3 pm

B
A

Observe pattern
of msgs from A
to B
attacker

15
Active Attacks
? A) Masquerade
? B) Replay
? C) Modification
? D) Denial of service

16
Active Attacks
? A) Masquerade

B
A

Let’s meet at 3 pm

Msg from
Attacker that
appears from A
attacker

17
Active Attacks
? B) Replay

B
A

Capture Msg
from A to B,
later replay msg
attacker to B

18
Active Attacks
? C) Modification (content, order, delay, insert )

Let’s meet at 3 pm

B
A
Let’s meet at 6 pm

modifies msg
from A to B

attacker

19
Active Attacks
? D) Denial of service (prevent, inhibit)

Server
A

Attacker disrupts
service provided
by server
attacker

20
Security Services
? Enhances the security of the data processing systems and the
information transfers of an organization.

? Security Service can be provided by one or more mechanism

and Security mechanism can provide one or more security
services
Security Services
Authentication (Peer entity , Data origin )
Confidentiality (Connection, Connectionless, Traffic)
Access Control
Data Integrity
Non-repudiation
Availability

21
Security Mechanisms
? It is an automated tool (algorithm) that is designed to deter,
prevent, detect, or correct security violation (recover from
security attack)

? There is one particular element that underlies many of the

security mechanisms in use: cryptographic techniques,
Encryption and decryption-like transformations of information.

? This course focus on development and management of such

techniques. The two most important issues are
? Key generation and distribution
? Avalanche Effect (Propagation)

22
Security Mechanisms
SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS
May be incorporated into the Mechanisms that are not specific to any
appropriate protocol layer in order to particular OSI security service or
provide some of the OSI security protocol layer.
services. Trusted Functionality
Encipherment Security Label
Digital Signature Security Audit Trail
Access Control Security Recovery
Data Integrity
Authentication Exchange
Traffic Padding
Routing Control
Notarization

? Reversible and Irreversible

23
Security Mechanisms and Services

24
Model for Network Security
? Security Model of Information Transfer

25
Model for Network Security
? Security Model of Information Accessibility

2
Two lines of defense
1- Limited Access
2- Monitoring activities

26
Model for Network Security
🞂 Security Model of Information Accessibility

2
Two lines of defense
1- Limited Access
2- Monitoring activities

27
Classical Encryption Techniques

Simplified Model of Conventional Encryption

28
Classical Encryption Techniques
🞂 Unconditionally Secure:
🞂 C.T have no enough information to determine only one
corresponding P.T

🞂 Computationally Secure:
🞂 Cost to break the cipher exceeds the value of the information

🞂 Time required to break the cipher exceeds the information life

time

29
Classical Encryption Techniques

Model of Conventional Cryptosystem

30
 Classical Encryption Techniques
Encryption techniques can be classified according to:

Type of Number of The way the

Operation used keys used data processed

Substitution Symmetric ( 1 key) Block Cipher

Transposition Asymmetric ( 2 keys) Stream Cipher

Public - Private
Product Using one way math function
f(x)🡪 y … easy
f-1(y)🡪 … infeasible
No key distribution problem

31
Classical Encryption Techniques
Cryptanalysis techniques can be classified according to:

Methodology Amount of available

information
Cryptanalysis Attack Cipher text only
Depends on the nature of (Enc + C.T)
the algorithm and lang.
characteristics
(Differential, Linear) Known P.T
(Enc+ C.T🡪P.T pairs)

Brute Force Attack

Try every possible key on Chosen P.T
C.T till get an intelligible (Enc+ C.T🡪 P.T specific
transformation of C.T pairs)
32
Steganography
🞂 Methods of hiding the existence of a message or other data. This is
different than cryptography, which hides the meaning of a message but does
not hide the message itself.

33
1

34