PRESENTATIONS IN NETWORK SECURITY

Principles of Information Security
Saad Haj Bakry,
PhD, CEng, FIEE

Saad Haj Bakry, PhD, CEng, FIEE 1

Principles of Information Security

Objectives / Contents 
     

Information Processing Error / Volume Control Steganography Hash Function Symmetric (Private Key) Encryption Asymmetric (Public Key) Encryption Cryptanalysis
2

Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Information Processing (1)
Coding signal in digital form. Source Encoding Compression Reduction of transmission bandwidth. Error Control Detection (and correction) of communication errors (noise). Testing traffic volume (volume Traffic confidentiality) Padding
Saad Haj Bakry, PhD, CEng, FIEE 3

Principles of Information Security

Information Processing (2)
Steganography Hiding Information within other Hash Function Encryption
informatiom. Message summary to test integrity. Using encoding (encryption / enciphering) as means for protecting data from interception by unauthorized parties Breaking (cracking) encryption.
4

Cryptanalysis
Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Error Control (1)
PRINCIPLE:
Redundant Information to Detect / Correct Errors

FORWARD ERROR CORRECTION:
Hamming Reed-Solomon Codes Bose Chaudhuri Hocquenhem Codes
IT Security

ACKNOWLEDGEMENTS:
‡ Echo Checking: Send Back ‡ ARQ: Automatic Repeat Request
Saad Haj Bakry, PhD, CEng, FIEE

5

Principles of Information Security

Error Control (2)
BYTE PARITY CHECK
BIT No. BITS

8 1 8 0
ODD PARITY

1 2 3

4 5 6 7

1 0 0 1 1 0 1

EVEN PARITY

Saad Haj Bakry, PhD, CEng, FIEE

6

Principles of Information Security

Error Control (3)
BIT No. BITS

1 2 3 4 5 6 7 1 0 0 1 1 0 1

8 1

PARITY

BLOCK

BLOCK CHECKING

PARITY
Saad Haj Bakry, PhD, CEng, FIEE 7

Principles of Information Security

Traffic Padding METHOD: OBJECTIVES:
CONFIDENTIALITY
FOR THE

VOLUME OF TRAFFIC
Saad Haj Bakry, PhD, CEng, FIEE

Filling idle periods with meaningless data (packets) that can be detected by the receiver. (Volume Testing & Control)
8

Principles of Information Security

Steganography (Hiding Information)
Objective: To hide information within other information
Examples: 

Proof of Ownership:
Music recorded with frequencies not audible to humans 

Message: David Owen Hidden Message: DO Watermarks
bank notes / papers / 

Digital Watermark: Adobe PhotoShop
Saad Haj Bakry, PhD, CEng, FIEE 



Solutions www.digimark.com www.conginity.com
9

www.adobe.com

Principles of Information Security

The ³Hash Function´
Objective: Checking Message Integrity
Mathematical Function Applied to the Message ³Contents´ Message Message Digest

Hash Function
³Hash Value´ Simple Function: ³adding up the 1¶s of the message´

Collision: Messages with the same ³hash value´ Chance of Collision: Statistically insignificant
Messages can be checked but not reconstructed from their hash value
Saad Haj Bakry, PhD, CEng, FIEE 10

Principles of Information Security

Old Cryptographic Ciphers
Cipher
Substitution

Algorithm
Replacing ³a´ by ³b´ ³b´ by ³c´ ³c´ by ³d´«. of letters to become: ³odd´ followed by ³even´ Substitution and transposition together (see above)

Example
³information security´ becomes ³jogpsnbujpo tfdvsjuz´ ³information security´ becomes ³ifrain-nomto scrt-euiy´ ³information security´ becomes ³jgsbjo-opnup tdsu-fvjz´
11

Transposition Changing the sequence

Both

Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Encryption: Basic Data Security Terms
Term
Plaintext
Cryptography

Definition
Source text / Unencrypted data Transforming ³plaintext´ to ³cipher text´ (encrypted text) using a ³cipher´ and a ³key´ Encrypted text / Incomprehensible data
A technique / A procedure / An algorithm (a computer science term) for encrypting data / messages

Cipher text
Cipher / Cryptosystem

A Key
Cryptanalysis

A string of digits used to encrypt data (like a password) / Longer keys lead to stronger encryption Breaking / cracking encryption
12

Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Secret-Key Cryptography (1)
Receiver Sender Plain Text Symmetric Key Encrypt / Decrypt Cipher Text Communication Network Cipher Text Encrypt / Decrypt
Saad Haj Bakry, PhD, CEng, FIEE

Symmetric Key

Plain Text

Sender Receiver
13

Principles of Information Security

Secret-Key Cryptography (2)
Symmetric: Sender / Receiver Less Sophisticated: Relative to Public-Key More Efficient: Sending Large Amounts of Data Problem (1): S-R ³Key Exchange´ Problem (2): Many Keys ³One for Each Receiver´
Saad Haj Bakry, PhD, CEng, FIEE 14

Principles of Information Security

Asymmetric Keys
Public
Transmission

Private PUBLIC KEY PRIVATE KEY
Transmission

PRIVATE KEY

Man y to One Private
Reception

One to Man y Public
Reception

PUBLIC KEY
15

Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Public-Key Cryptography (1/2)
Asymmetric: Sender / Receiver Public Key:
Distributed Freely Started at the MIT in 1976 by: Whitfield Diffe Martin Hellman
Saad Haj Bakry, PhD, CEng, FIEE

Private Key:
Kept by the Owner

RSA P-K Algorithm:
Rivest / Shamir / Adleman, MIT 1977, RSA Inc. 1982 Used by ³Fortune 1000´ ³e-Commerce Transactions´
16

Principles of Information Security

Public-Key Cryptography (2/2)
³Secret Key´ Exchange
Not Needed

The Two Keys are
³Mathematically Related´,
BUT Computationally

³Infeasible to Deduce´
Private Key from the Public Key

Per Organization:
One ³Public Key´  One³Private Key´ Not One ³Secret Key´ 

Problem:
Requires high computer power / Not efficient for data volumes / Performance: Slower
17

per receiver.
Saad Haj Bakry, PhD, CEng, FIEE

Principles of Information Security

Public-Key: Case / Problem (1)
Customer Organization Customer Customer

Public Key

Problem:
Validation of customer¶s

Networ k Organization
Saad Haj Bakry, PhD, CEng, FIEE

identity

Organization

Private Key
18

Principles of Information Security

Public-Key: Case / Problem (2)
Customer
Customer Private Key

Problem:
Proving the

Networ k Organization
Saad Haj Bakry, PhD, CEng, FIEE

identity
of the receiving organization¶s
19

Customer Public Key

Principles of Information Security

Public-Key: Combination / Solution
Customer
Organization

Public Key

Customer Private Key

Identities of both partners are authenticated
Organization
Saad Haj Bakry, PhD, CEng, FIEE

Networ k
Customer Public Key
20

Organization

Private Key

Principles of Information Security

Cryptanalysis
Objectives: 


Attack ³to break key´ Test ³key strength´

Key / Cipher-text Relationship: 


³Statistical´ nature ³Plain-text´ knowledge

How: Analysis of encryption algorithm to find relations
between ³bits of encryption key´ and ³bits of cipher-text´ in order to ³determine key´
Saad Haj Bakry, PhD, CEng, FIEE 21

Principles of Information Security

Remarks / Understanding 
   

Error Control: against noise. Traffic padding: volume control. Steganography: hiding information. Hash Function: measure of message integrity. Cryptography: confidential information
Key: length leads to strength.  Symmetric: problems (key exchange / 1 key per receiver)  Asymmetric: problems (processing / proof of identity)  Cryptanalysis: key breaking. 

Saad Haj Bakry, PhD, CEng, FIEE

22

Principles of Information Security

References 
   



B.R. Elbert, Private Telecommunication Networks, Artech House, US, 1989. Telecommunications Management: Network Security, The National Computer Centre Limited, UK, 1992 K.H. Rosen, Elementary Number Theory and its Applications, 4th Edition, Addison Wesley / Longman, 1999. ISO Dictionary of Computer Science: The Standardized Vocabulary (23882), ISO, 1997. F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce for Managers, Prentice-Hall (USA), 2001

Saad Haj Bakry, PhD, CEng, FIEE

23

Sign up to vote on this title
UsefulNot useful