Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 nd lecture.  Plaintext – ciphertext – encryption – decryption.  Cryptography – cryptanalysis – cryptanalyst – cryptology.  Authentication – Integrity.

Published byWhitney Parsons Modified over 7 years ago

Similar presentations

Presentation on theme: "2 nd lecture.  Plaintext – ciphertext – encryption – decryption.  Cryptography – cryptanalysis – cryptanalyst – cryptology.  Authentication – Integrity."— Presentation transcript:

1 2 nd lecture

2  Plaintext – ciphertext – encryption – decryption.  Cryptography – cryptanalysis – cryptanalyst – cryptology.  Authentication – Integrity – Non-repudiation – Confidentiality – Availability.  Symmetric algorithms – public-key (asymmetric) algorithms.

3 3 Interruption  This is an attack on availability.  An asset of the system is destroyed or becomes unusable.Interruption  This is an attack on availability.  An asset of the system is destroyed or becomes unusable. Information source Information Destination Information Interruption Categories of security attacks Interception Modification Fabrication

4 4 Interruption  Examples include:  destruction of a piece of hardware such as a hard disk,  the cutting of a communication line, or  the disabling of the file management system.Interruption  Examples include:  destruction of a piece of hardware such as a hard disk,  the cutting of a communication line, or  the disabling of the file management system. Interruption Categories of security attacks Interception Modification Fabrication

5 5 Interception  This is an attack on confidentiality.  Unauthorized party ( person, program ) gains access to an asset.Interception  This is an attack on confidentiality.  Unauthorized party ( person, program ) gains access to an asset. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

6 6 Interception  Examples include:  wiretapping to capture data in a network, and  the unauthorized copying of files or programs.Interception  Examples include:  wiretapping to capture data in a network, and  the unauthorized copying of files or programs. Interruption Categories of security attacks Interception Modification Fabrication

7 7 Modification  This is an attack on integrity.  Unauthorized party gains access and tampers with an asset..Modification  This is an attack on integrity.  Unauthorized party gains access and tampers with an asset.. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

8 8 Modification  Examples include:  changing values in data files,  altering a program so that it performs differently and  modifying the content of messages being transmitted in a network.Modification  Examples include:  changing values in data files,  altering a program so that it performs differently and  modifying the content of messages being transmitted in a network. Interruption Categories of security attacks Interception Modification Fabrication

9 9 Fabrication  This is an attack on authenticity.  Unauthorized party inserts counterfeit objects into system.Fabrication  This is an attack on authenticity.  Unauthorized party inserts counterfeit objects into system. Information source Information Destination Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

10 10 Fabrication  Examples include:  the insertion of spurious messages in a network or  the addition of records to a file.Fabrication  Examples include:  the insertion of spurious messages in a network or  the addition of records to a file. Interruption Categories of security attacks Interception Modification Fabrication

11 11 Passive threats  Passive attacks are in the nature of eavesdropping or monitoring of transmissions.  The goal is to obtain information that is being transmitted.  Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive threats  Passive attacks are in the nature of eavesdropping or monitoring of transmissions.  The goal is to obtain information that is being transmitted.  Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive Categories of security threats Active

12 12 Two types of Passive threats  The release of message contents such as a telephone conversation, an e-mail message, and a transferred file.  The traffic analysis to determine the location and identity of communicating hosts. Two types of Passive threats  The release of message contents such as a telephone conversation, an e-mail message, and a transferred file.  The traffic analysis to determine the location and identity of communicating hosts. Passive Categories of security threats Active

13 The attacker does not affect the protocol Eve

14 14 Active threats  Active attacks involve some modification of the data stream or the creation of a false stream.  These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Active threats  Active attacks involve some modification of the data stream or the creation of a false stream.  These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Passive Categories of security threats Active

15 Mallory

16  The aim of cryptography is to keep the plaintext secret from the eavesdroppers.  Adversary – attacker – intruder – interceptor – interloper – enemy.  Eavesdroppers are assumed to have complete access to the communication between the sender and receiver.  Cryptanalysis is the science of recovering the plaintext from the message without access to the key.

17  There are common 5 types of cryptanalytic attacks. 1. Ciphertext-only attack: the cryptanalyst has the ciphertext of several messages that are encrypted using the same algorithm. Given: C 1 =E k (M 1 ), C 2 =E k (M 2 ), …, C i =E k (M i ) Deduce: M 1, M 2, …, M i to infer M i+1 from C i+1

18 2. Known-plaintext attack: the cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) Deduce: k to infer M i+1 from C i+1

19 3. Chosen-plaintext attack: the cryptanalyst not only has access to the ciphertext and associated plain text of several messages, but he also chooses the plaintext that gets encrypted. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) where the cryptanalyst chooses M 1, M 2, …, M i Deduce: k to infer M i+1 from C i+1

20 4. Adaptive chosen-plaintext attack: Not only can the cryptanalyst choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption.

21 5. Chosen-ciphertext attack: The cryptanalyst can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. Hids job is to deduce the key. Given: C 1, M 1 =D k (C 1 ), C 2, M 2 =D k (C 2 ), …, C i, M i =D k (C i ) Deduce: K

22  The security of any algorithm depends on how hard it is to break.  An algorithm is:  Unconditionally secure: if there is not enough information to recover the plaintext.  Computationally secure: if it cannot be broken with the available resources, either current or future.  Brute-force attack: trying every possible key one by one and checking whether the resulting plaintext is meaningful.

23  The complexity of an attack can be measured by:  Data complexity: the amount of data needed as an input to the attack.  Processing complexity: The time needed to perform the attack (work factor)  Storage requirements: the amount of memory needed to do the attack. Ex: a key length = 128 bit. If we have 1 million processor, each performs 1 million operation/second. We need 10 19 years to recover the key.

24  Steganography  from the Greek word steganos meaning “ covered ”  and the Greek word graphie meaning “ writing ”  Steganography is the process of hiding of a secret message within an ordinary message and extracting it at its destination.  Anyone else viewing the message will fail to know it contains hidden data.

25  Invisible Ink is a form of steganography  By replacing the least significant bit if each byte of the image with the bits of the message, we can store 64Kbyte message in a 1024 X 1024 gray scale picture.

26

27 Steganography Carrier Files  bmp  jpeg  gif  wav  mp3  Amongst others …

28 Steganography Tools  Steganos  S-Tools (GIF, JPEG)  StegHide (WAV, BMP)  Invisible Secrets (JPEG)  JPHide  Camouflage  Hiderman The following example come from S-Tools for Windows. S-Tools allows users to hide information into BMP, GIF, or WAV files.

29 FIGURE 2. The original image file (left) and image file with embedded text (right), side by side.

30

31 Image of a tree. By removing all but the last 2 bits of each color component, an almost completely black image results. Making the resulting image 85 times brighter results in the image below.bitscolor component Image extracted from above image.

32 Identification of hidden files

33  Definition  Identifying the existence of a message  Not extracting the message  Note: Technically, Steganography deals with the concealment (hiding) of a message, not the encryption of it  Steganalysis essentially deals with the detection of hidden content

34  By identifying the existence of a hidden message, perhaps we can identify the tools used to hide it.  If we identify the tool, perhaps we can use that tool to extract the original message.

35  Methods of detecting the use of Steganography  Visual Detection (JPEG, BMP, GIF, etc.)  Audible Detection (WAV, MPEG, etc.)  Statistical Detection (changes in patterns of the pixels or LSB – Least Significant Bit) or Histogram Analysis  Structural Detection - View file properties/contents  size difference  date/time difference  contents – modifications  checksum

36  Categories  Anomaly  Histogram analysis  Change in file properties  Statistical Attack  Visually  Audible  Signature  A pattern consistent with the program used

37  Detecting Steganography by viewing it  Can you see a difference in these two pictures? (I can ’ t!)

38  Kurtosis  The degree of flatness of a curve describing a frequency of distribution.

39  Histogram analysis can be used to possibly identify a file with a hidden message

40  By comparing histograms, we can see this histogram has a very noticeable repetitive trend.

41  Compare the properties of the files  Properties  04/04/2003 05:25p 240,759 helmetprototype.jpg  04/04/2003 05:26p 235,750 helmetprototype.jpg  Checksum  C:\GNUTools>cksum a:\before\helmetprototype.jpg 3241690497 240759 a:\before\helmetprototype.jpg  C:\GNUTools>cksum a:\after\helmetprototype.jpg 3749290633 235750 a:\after\helmetprototype.jpg

42  If you have a copy of the original file, it can be compared to the modified carrier file.  Many tools can be used for viewing and comparing the contents of a hidden file.  Reviewing multiple files may identify a signature pattern related to the Steganography program

Download ppt "2 nd lecture.  Plaintext – ciphertext – encryption – decryption.  Cryptography – cryptanalysis – cryptanalyst – cryptology.  Authentication – Integrity."

Similar presentations

Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.

Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…

1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.
Steganography Rayan Ghamri.

Steganography Rayan Ghamri.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Steganography detection Roland Cmorik, Martin Šumák.

Steganography detection Roland Cmorik, Martin Šumák.
Steganography Ben Lee III Long Truong ECE 478 - Spring 2002.

Steganography Ben Lee III Long Truong ECE Spring 2002.
Cryptography and Network Security

Cryptography and Network Security
Information Security Principles (ESGD4222)

Information Security Principles (ESGD4222)

Similar presentations

Ads by Google