Introduction of cryptography and network security
-
Upload
neha-patel -
Category
Engineering
-
view
192 -
download
3
Transcript of Introduction of cryptography and network security
IT306.01: CRYPTOGRAPHY AND NETWORK SECURITY
Teaching Scheme Theory Practical Total Credit
Hours/week 3 2 54
Marks 100 50 150
SrNo
.
Title of the unit Minimum number of hours
1.Conventional Encryption
04
2.Block Cipher
12
3.Public Key Cryptography
07
4.Number Theory
04
5.Message Authentication and Hash Function
06
6.Network Security
04
7.IP Security and E-mail Security
04
8.Web Security
04
Text Books:Behrouz A. Forouzan, Cryptography and Network Security, McGraw-Hill CompaniesReference Books:William Stallings, Cryptography And Network Principles And Practice, Prentice Hall, Pearson Education Asia
Modules :-
CSPIT-Department Of Information Technology Prepared By: Neha Patel
IntroductionNeha Patel
Assistant Professor,
Department of I.T,
CSPIT-Changa.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
CSPIT-Department Of Information Technology Prepared By: Neha Patel
• The advancement of technology has made man dependent on Internet for all his needs.
• Internet has given man easy access to everything while sitting at one place. Social networking, online shopping, storing data, gaming, online studying, online jobs, every possible thing that man can think of can be done through the medium of internet.
• Internet is used in almost every sphere. • With the development of the internet and its related benefits also developed
the concept of cyber crimes. • Cyber crimes are committed in different forms. A few years back, there was
lack of awareness about the crimes that could be committed through internet.
Why Need to Study this Subject?
Cyber Attacks
• Phishing fraud :Escorts MD Nikhil Nanda, son-in-law of Amitabh Bachchan, was cheated into submitting his email ID, password and date of birth to a fake Microsoft account on July 21-13. The scamsters hacked two email accounts and his social network profile, and sought money from his contacts by impersonating him.
• Sony Cyber Attack One of Worst in Corporate History. Wiper-Malware attack. Nov-14– Thousands of files, seized by hackers last week, have been leaked online including personal details of
around 6,000 Sony employees, upcoming Sony feature films and the salary details of top executives.• Xbox Live is Struggling Due to a Lizard Squad DDoS Attack .Dec-14
– This DDoS has resulted in many users being unable to connect to the service, making online play next to impossible, in addition to impacting update and game downloads.
• Huawei hacked India’s Biggest telecommunication Network ‘BSNL’ –Feb -14• Sony Xperia Smartphones have default installed Spyware, Sending data to China –oct-14• One in Six Smartphone Users Victim of Cyber Attack: Study The Indian News Express.• Report by Arbor Networks reveals that India has seen a significant increase in attacks against financial
and government organizations, with 34 percent and 43 percent reporting cyber threats and attacks respectively, up from last year’s 15 percent and 19 percent respectively
Indian News Express news.google.co.in
CSPIT-Department Of Information Technology Prepared By: Neha Patel
The Internet landscape has been transformed into a binary battlefield.
Who needs a gun when you have a keyboard?
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Tutorial#1
• For the two entities A and B to communicate with each other semantically correctly,
• Identify what are the properties desired in the protocol that facilitates the communication ?
• What additional properties are required in presence of an adversary ?
A B
Adversary
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Security Goals(CIA)• Confidentiality :-
– The protection of data from unauthorized disclosure.
• Integrity:-– The assurance that data received are exactly as sent by an authorized entity
(i.e., contain no modification, insertion, deletion or replay).
• Availability– The information created and stored by an organization needs to be available
to authorized entities
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Attacks• Security attack: Any action that compromises the security Goals.• The three goals of security confidentiality, integrity, and availability can be
threatened by security attacks.
• Attacks Threatening Confidentiality:-
CSPIT-Department Of Information Technology Prepared By: Neha Patel
A B
C
Attacks Threatening Confidentiality:-
• Snooping - unauthorized access to or interception of data.
o For example, if you login to a website that uses no encryption, your username and password can be sniffed off the network by someone who can capture the network traffic between you and the web site.
•Traffic Analysis- monitoring online traffic.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Attacks Threatening Integrity.
• Modification means that the attacker intercepts the message and changes it.• An example is the man-in-the-middle attack, in which an intruder reads messages from the
sender and sends (possibly modified) versions to the recipient,
• Masquerading or spoofing happens when the attacker impersonates somebody else.
• Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it.
• Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message
A B
C
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Attacks Threatening Availability
• Attacks Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system
A B
C
CSPIT-Department Of Information Technology Prepared By: Neha Patel
• Passive attack: The goal of the opponent is to obtain information that is being transmitted.
• Active attack :Involve some modification of the data stream or the creation of a false stream
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Passive versus Active Attacks [Forouzan]
Cryptanalysis
objective to recover key not just message• general approaches:– cryptanalytic attack– brute-force attack
• if either succeed all key use compromised
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Kerckhoff’s Principle [Forouzan]
Based on Kerckhoff’s principle, one should always assume that the adversary, Eve, knows the
encryption/decryption algorithm. The resistance of the cipher to attack must be based only on the secrecy of the
key.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Cryptanalytic Attacks ciphertext only
only know algorithm & ciphertext, is statistical, know or can identify plaintext
known plaintext know/suspect plaintext & ciphertext
chosen plaintext select plaintext and obtain ciphertext
chosen ciphertext select ciphertext and obtain plaintext
Brute-force attack
• The attacker tries every possible key on a piece of ciphper text until an intelligent translation into plaintext is obtained. On average half of all possible keys must be tried
CSPIT-Department Of Information Technology Prepared By: Neha Patel
The OSI Security Architecture [William Stalling]
• ITU-T provides some security services and some mechanisms to achieve security goals services. Security services and mechanisms are closely related because a mechanism or combination of mechanisms are used to provide a service..
• Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.– Methods or techniques to achieve security services.
Note : For detail study refer Textbook and Reference book
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Security Services [Forouzan]
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Security mechanisms[Forouzan]
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Relation between Services and Mechanisms[William Stalling]
CSPIT-Department Of Information Technology Prepared By: Neha Patel
About Subject
• In this subject you will learn different security mechanism/techniques to achieve security goals and services.
• There are many cryptanalytic techniques.
CSPIT-Department Of Information Technology Prepared By: Neha Patel
1.22
Encipher Techniques
• The actual implementation of security goals needs some techniques. Two techniques are prevalent today: cryptography and steganography.
• Cryptography :
o Cryptography, a word with Greek origins, means “secret writing.” However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks.
• Steganographyo The word steganography, with origin in Greek, means “covered/Hide
writing,” in contrast with cryptography, which means “secret writing.”
CSPIT-Department Of Information Technology Prepared By: Neha Patel
Cryptography Characteristics
• can characterize cryptographic system by:– type of encryption operations used
• substitution• transposition• product
– number of keys used• single-key or private• two-key or public
– way in which plaintext is processed• block• stream
CSPIT-Department Of Information Technology Prepared By: Neha Patel
THE REST OF THE BOOK
The rest of this book is divided into four parts.
Part One: Symmetric-Key Enciphermen
Part Two: Asymmetric-Key Encipherment
Part Three: Integrity, Authentication, and Key Management
Part Four: Network Security
CSPIT-Department Of Information Technology Prepared By: Neha Patel