Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)

Slides:

Advertisements

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

Advertisements

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Lecture 23 Symmetric Encryption

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Encryption Methods By: Michael A. Scott

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Chapter 8 Information Security 1.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Review for Exam 3 School of Business Eastern Illinois University © Abdou Illia, Fall 2005.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Cryptography, Authentication and Digital Signatures

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

An Introduction to Cryptography. What is cryptography? noun \krip- ˈ tä-grə-fē\ : the process of writing or reading secret messages or codes “Encryption”:

Cryptography Lynn Ackler Southern Oregon University.

Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.

Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2004.

Network Security – Special Topic on Skype Security.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

CRYPTOGRAPHY. TOPICS OF SEMINAR Introduction & Related Terms Categories and Aspects of cryptography Model of Network Security Encryption Techniques Public.

24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,

Lecture 23 Symmetric Encryption

+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

Network Security Celia Li Computer Science and Engineering York University.

Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Encryption Encryption: Transforms Message so that Interceptor Cannot Read it –Plaintext (original message) Not necessarily text; Can be graphics, etc.

Information Systems Design and Development Security Risks Computing Science.

1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.

Attacks on Public Key Encryption Algorithms

Chapter 2 Basic Encryption and Decryption

Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.

Presentation transcript:

Security School of Business Eastern Illinois University © Abdou Illia, Fall 2002 (Week 12, Wednesday 11/13/2002)

2 Learning Objectives n Understand standard systems attack n Describe Encryption-Decryption techniques

3 Standard systems attacks n Denial of service attacks, or distributed denial of service attacks: – Bombard a site (usually a server or a router) with so many messages that the site is incapable of answering valid requests n Stealing and intercepting passwords and confidential messages.

4 Denial-of-Service (DoS) Attacks n Make the system unusable (crash it or make it run very slowly) by sending a stream of messages. Message Stream DOS Attack (Overloads the Victim) ServerAttacker

5 Distributed DoS (DDoS) Attack Messages Come from Many Sources Server Message Stream Computer with Zombie Computer with Zombie Attacker Attack Command Attack Command n Attacker hacks into multiple clients and plants Zombie programs on them n Attacker sends commands to Zombie programs which execute the attacks

6 Identifying Victims for DDoS n Sending scanning messages – Ping messages (To know if a potential victim exist) – Supervisory messages (To know if victim available) – Etc. n Examining data that responses reveal n IP addresses of potential victims n What services victims are running; different services have different weaknesses n Host’s operating system, version number, etc.

7 Identifying Victims for DDoS n Now you can remotely monitor (in real time) your employee, spouse, child or love interest without even having access to their computer!! n iSpy will allow you to send a tiny file to any computer via which will install this software on the users system. You can then access the users hard drive, listen to the audio of the computer, view screenshots, keystrokes, chats, instant messages, s, and much... much more! You will not find this with any other software!

8 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server Message Exchange

9 Encryption and Decryption techniques n Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the data before any encryption has been performed Ciphertext is the data after encryption has been performed The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext

10 Encryption and Decryption techniques n Key = COMPUTER SCIENCE n Plaintext = this is the account number you have requested n Algorithm based on Vigenere matrix

11 Encryption and Decryption techniques 1) Look at the first letter in the plaintext (T) 2) Look at the corresponding key character immediately above it (C) 3) C tells us to use row C of Vigenere matrix to perform alphabetic substitution for plaintext character T 4) Go to column T in row C and find the cipher character V 5) Repeat Steps 1 through 4 for every character of the plaintext. COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCE Thisistheaccountnumberyouhaverequested

12 Encryption and Decryption techniques n Encryption algorithm cannot be kept secret n Key must be kept secret PlaintextEncryptionCiphertextDecryptionPlaintext Algorithm Key Algorithm Key TransmittedOriginal Message Original Message

13 Encryption: Key Length n Key can be “guessed” by exhaustive search – Try all possible keys – See which one decrypts the message n Long keys make exhaustive search difficult – If length is n bits, 2 n tries may be needed – If key length is 8 bits, only 256 tries maximum – Usually, Key Length ≥ 56 bits Assume a key is 56 bits. If it takes seconds to try each key, how long will it take to try all possible keys? What if computers are working together to try all key combinations?

14 Two general Encryption-Decryption methods n Symmetric key encryption method – Use a single key for Encryption-Decryption – Examples: Data Encryption Standard (DES), 3DES n Public key encryption method – Use different keys for Encryption-Decryption – Examples: RSA, Elliptical curve cryptosystem

15 Symmetric key Encryption-Decryption n Symmetric key must be distributed secretly between partners n When Partner A sends to Partner B n Partner A encrypts with the key, partner B decrypts with the key n When Partner B send to Partner A n Partner B encrypts with the key, partner A decrypts with the key PlaintextEncryptionCiphertextDecryptionPlaintext Transfer $5,000 Transfer $5,000

16 Symmetric key Encryption-Decryption n Advantages: n Simple enough for fast Encryption-Decryption n Fast enough for long messages n Disadvantages: n Need a different Symmetric key for each partner (or other partners could read messages) n If N partner, need N*(N-1)/2 keys. PlaintextEncryptionCiphertextDecryptionPlaintext Transfer $5,000 Transfer $5,000

17 Public key Encryption-Decryption n Each partner has a private key (kept secret) and a public key (shared with everybody) n Sending n Partner A encrypts with the public key of Partner B n Partner B encrypts with the public key of Partner A n Receiving n Each receiver decrypt with its own private key Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key

18 Public key Encryption-Decryption n Advantages: n Once the message is encrypted, nobody can decrypted it except the receiver n Simplicity of key exchange: No need to exchange public key securely n Disadvantages: n Complex: Requires many computer processing cycles to do Public Encryption- Decryption n Can only be used to encrypt small messages Encrypt with Party B’s Public Key Partner A Partner B Decrypt with Party B’s Private Key

19 Summary Questions 1. Name a few standard systems attacks Answer: 2. Distinguish between Denial-of-Service attack and Distributed Denial-of-Service attacks. Answer:

20 Summary Questions 3) Jason sends a message to Kristin using public key encryption. (a) What key will Jason use to encrypt the message? (b) What key will Kristin use to decrypt the message? (c) What key will Kristin use to encrypt the reply? (d) What key will Jason use to decrypt the reply? (e) Can the message and reply be long messages? Explain. (a) (b) (c) (d) (e) 4) Does public key encryption have a problem with secure key exchange for the public key? Explain.