Information Security IBK3IBV01 College 4 Paul J. Cornelisse.
-
Upload
baldwin-pitts -
Category
Documents
-
view
212 -
download
0
Transcript of Information Security IBK3IBV01 College 4 Paul J. Cornelisse.
![Page 1: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/1.jpg)
Information SecurityIBK3IBV01 College 4
Paul J. Cornelisse
![Page 2: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/2.jpg)
Cryptology
Through the centuries, the need for information protection persistsCombat has evolved from hand-to-hand to modern warfare, or cyber warfareProtecting sensitive data is critical to preserving trade secrets, government communications, or military strategies
![Page 3: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/3.jpg)
Cryptology
Protection is achieved in part through the use of cryptology—more specifically, encryptionvital for everyday use in today’s cyber society;
online shopping and bankingATM usagedigital media
require encryption protection to avoid abuse
![Page 4: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/4.jpg)
Cryptology
Unfortunately, many of today’s systems lack appropriate protectionPasswords and authentication requirements are not protected themselvesEither through encryption or encrypted databasesThis leaves sensitive information vulnerable to unauthorized, prying eyes
![Page 5: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/5.jpg)
Cryptology
Cryptology is not a new conceptIt is “the science of keeping secrets secret” (Delfs and Knebl 2007)It is the study of encrypting algorithms and the art of creating and solving such algorithms, and is composed of bothCryptographyCryptanalysis
![Page 6: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/6.jpg)
Cryptology
Cryptography is the art or science of cipher systems used for protection informationThe term originates from the GreekKryptos, meaning “hidden” Graphia, meaning “writing”
![Page 7: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/7.jpg)
Cryptology
CryptographyProtect sensitive informationPrevent corruptionKeep secret from unauthorized access/useTries to compromise between expense and time consumption
![Page 8: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/8.jpg)
Cryptology
Cryptography has four basic purposes:ConfidentialityAuthenticationIntegrityNonrepudiation
![Page 9: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/9.jpg)
Cryptology
Confidentiality:keeps information secret from unauthorized use
![Page 10: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/10.jpg)
Cryptology
Authentication:Corroboration of an entity’s identity, achieved through initial identification between communicators.
“prove that you are who you claim to be”
![Page 11: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/11.jpg)
Cryptology
Integrity:assures that the message was not illegitimately altered during transmission or during storage and retrieval
![Page 12: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/12.jpg)
Cryptology
Nonrepudiation:guarantees that the sender will not deny previous commitments or actions unless they admit the cryptographic signing key has been compromised
![Page 13: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/13.jpg)
Cryptology
Cryptanalysis:the practice of breaking ciphers,or decrypting messages without the key,to discover the original message
![Page 14: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/14.jpg)
Cryptology
Someone wishes to send a message, which begins as plaintextPlaintext is the original, humanly readable form of a message, which is then encryptedThis could be text, numerical data, a program, or any other message form (Delfs and Knebl 2007)
![Page 15: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/15.jpg)
Cryptology
When plaintext is encrypted, or enciphered, the original message is obscured using an algorithm or pattern only known to the sender and authorized recipient(s).
![Page 16: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/16.jpg)
Cryptology
Encryption must be reversibleThe algorithm is known as the cipher
![Page 17: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/17.jpg)
Cryptology
Once encrypted, the message is referred to as ciphertext, and is only readable when the cipherkey is used in conjunction with the decrypting algorithm
![Page 18: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/18.jpg)
Cryptology
Protecting the key, and to whom it is known, is crucial for ensuring the
AuthenticityIntegrityConfidentiality
of the transmitted message
![Page 19: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/19.jpg)
Cryptology
The work factor, often forgotten, does not describe whether the algorithm can be broken, but how long it takes until it is broken
![Page 20: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/20.jpg)
Cryptology
Two ancient ciphers are the Spartan scytale and the Caesar cipherIn the Spartan scytale, a segment of parchment is wrapped around a cylinder of certain radius and the message is written lengthwise. The recipient must have a cylinder of equal radius to decryptThe Caesar cipher is a “classical” cipher, using a simple shift of the plaintext alphabet.
![Page 21: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/21.jpg)
Cryptology
![Page 22: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/22.jpg)
Cryptology
In the early twentieth century, cryptography broadened its horizons
![Page 23: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/23.jpg)
Cryptology
One of the first among the more complicated cryptosystems used an electronic machine The Enigma rotor machineEnigma, used by the Germans in World War II, applied a substitution cipher multiple times per message.
![Page 24: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/24.jpg)
Cryptology
![Page 25: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/25.jpg)
Cryptology
As more users access the Internet, the need for digital information security increasesThis has led to the “standardization” of cryptography in a scientific senseCurrently, many systems are secure, but rely on plausible assumptions that may one day be “discovered”
![Page 26: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/26.jpg)
Cryptology
So basically the standardization and mathematical focus of modern cryptosystems share the same issue suffered by earlier ciphers
![Page 27: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/27.jpg)
Cryptology
When explaining applied cryptography, universally, plaintext is written in lowercaseCiphertext is written in all capitalsKeys or keywords are also always written in capitals
![Page 28: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/28.jpg)
Cryptology
When referring to those who use cryptosystems, certain names typically are used as the placeholdersRather than referring to the sender as “Party A” and the recipient as “Party B,” Party A would be Alice and Party B would be Bob.
![Page 29: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/29.jpg)
Cryptology
Alice and Bob are always trying to communicate. Each associate communicating continues alphabetically, for example, Charlie and David want to speak with Alice and Bob. Eve is an eavesdropper, who does not have authorized access to the message. Eve is a passive listener; she does not modify the messageMallory is a malicious attacker and modifies, sends her own, or repeats previous messages Victor is a verifying agent who demonstrates that the intended transaction was successfully executed.
![Page 30: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/30.jpg)
Cryptology
Introhttp://www.youtube.com/watch?v=Kf9KjCKmDcU
![Page 31: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/31.jpg)
Cryptology
Kerckhoff’s Six Principles1. The system must be practically or mathematically
undecipherable2. The system is not required to be secret and should be able
to fall in enemy hands3. The key must be communicable and retained without
effort, and changeable at the will of the correspondents4. The system must be compatible with the communication
channel5. The system must be portable and not require functioning
by multiple people6. The system must be easy, requiring minimal knowledge of
the system rules
![Page 32: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/32.jpg)
Cryptology
There are two generations of encrypting methods: ClassicalModern
![Page 33: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/33.jpg)
Cryptology
Classical ciphers are those that were historically used, like the scytale and Caesar’s, but became impractical either resulting from popular use or advances in technologyModern ciphers consist of substitution or transposition ciphers
![Page 34: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/34.jpg)
Cryptology
Classical ciphers use an alphabet of letters, implemented using simple mathClassical ciphers can be broken using brute force attacks or frequency analysisBrute force is a standard attack, running all possible keys with a decrypting algorithm until the plaintext is exposed
![Page 35: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/35.jpg)
Cryptology
Modern ciphers are typically divided into two criteria:the key type used the data input type
![Page 36: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/36.jpg)
When referring to key types, modern ciphers branch intosymmetric (private key cryptography) asymmetric (public key cryptography)
![Page 37: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/37.jpg)
Substitution CiphersMonoalphabetic substitutions include the Caesar, Atbash, and Keyword ciphers
![Page 38: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/38.jpg)
Example of a substitution cipher is the Caesar shift cipher, which is typically a three-character shift
![Page 39: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/39.jpg)
This shift would change the plaintext “purple” into the ciphertext “MROMIB.”
![Page 40: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/40.jpg)
Cryptology
![Page 41: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/41.jpg)
If the shift was a three-character subtraction, the plaintext message “purple” would then become ciphertext “SXUSOH.”
![Page 42: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/42.jpg)
Cryptology
![Page 43: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/43.jpg)
The Atbash cipher flips the entire alphabet back on itself; the plaintext alphabet is “A–Z” and the ciphertext alphabet is “Z–A,” shown in the next slide. The Atbash cipher would obscure the plaintext “purple” as “KFIKOV.”
![Page 44: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/44.jpg)
![Page 45: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/45.jpg)
Another cipher, the Keyword cipher establishes a keyword such as “HEADY.” This begins the ciphertext alphabet, and the rest is completed using the remaining letters in alphabetic orderUsing “HEADY” as the keyword, the Keyword cipher changes the plaintext “purple” to “OTQOKY.”
![Page 46: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/46.jpg)
![Page 47: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/47.jpg)
Polyalphabetic substitutions are ciphers using multiple substitution alphabets. The Vigenère cipher is the most famous of this genre, introduced in the sixteenth century by Blaise de Vigenère.
![Page 48: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/48.jpg)
It encrypts plaintext by using a series of Caesar ciphers, based on the keywordThe keyword is written as many times as necessary above the plaintext message
![Page 49: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/49.jpg)
Using the Vigenère square, one will use a letter from the plaintext and its associated keyword letterPlaintext letters are listed on the top, creating columns, which intersect with the keyword alphabet along the left side of the square, creating rows
![Page 50: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/50.jpg)
The letter found at the intersection of these two letters is the cipher letter used to encrypt the messageThe beginning of the plaintext “O” and keyword letter “K” intersect at ciphertext letter “Y.” Therefore, “once upon a time” would become “YVPKM ZWAGL SUR.”
![Page 51: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/51.jpg)
The 25 variations of the Caesar cipher (shifts 0–25) are contained in the square. Each row is a single shift to the right from the row or letter preceding. Therefore, the first row, labeled “A,” is a shift of one. Row “X” is a shift of 23
![Page 52: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/52.jpg)
![Page 53: Information Security IBK3IBV01 College 4 Paul J. Cornelisse.](https://reader035.fdocuments.us/reader035/viewer/2022070414/5697bffa1a28abf838cc06ec/html5/thumbnails/53.jpg)