Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptology Information Security Süleyman Kondakcı S Kondakci

Published byAllen Moody Modified over 7 years ago

Similar presentations

Presentation on theme: "Cryptology Information Security Süleyman Kondakcı S Kondakci"— Presentation transcript:

1 Cryptology Information Security Süleyman Kondakcı S Kondakci

2 Brief Intro Main objectives of information security
Basic functions of cryptology Basic cryptographic systems Symmetric crypography Simple (XOR) encryption Asymmetric crypography and its application to authentication Confidentiality with asymmetric crypography Secure message exchange Digital Signature Othe important issues S Kondakci

3 The Triad (CIA) of Security Objectives
Confidentiality Integrity Availability

4 Distributed Denial of Service Attack

5 Attacks, Mechanisms, and Services
Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

6 Security Attacks Interruption: This is an attack on availability
Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

7 Security Services Confidentiality (privacy)
Authentication (who created or sent the data) Integrity (has not been altered) Non-repudiation (the order is final) Access control (prevent misuse of resources) Availability (permanence, non-erasure) Denial of Service Attacks Virus that deletes files

8

9 Main Objectives Expanded(1)
1) Confidentiality (Gizlilik) Protecting data from unauthorized disclosure 2) Authentication (Kimlik Doğrulama) Reliably determining the identity of the communicating parts 3) Integrity (Bütünlük sağlama) Ensure that the contents of the traffic are not altered in transmission. 4) Access Control (Erişim kontrolü) Prvent unauthorized users/devices. 5) Traffic Flow Control Trafik akış denetim ve yönetimi S Kondakci

10 Main Objectives Exapanded (2)
6) Availability (Sistem sürekliliği) Güvenlik servislerinde idame 7) Accountability (Gözetleme ve denetleme) Ağ aktivitelerinin taranması ve loglanması 8) Scalability (Ölçeklenebilirlilik) Adding new users/devices should be easy and should not require changes to existing architecture and infrastructure. S Kondakci

11 Defence Methods Encryption
Authorization: access control file systems, databases, and operating system controls for protecting users from violating each other’s area) Authentication Hardware Controls (smartcard) Policies (frequent changes of passwords) Physical Controls

12 The Basic Cipher Operator: XOR
Aslo known as Vernam Cipher 1 Encoded Text Bit 1 Plaintext Bit 1 Key Bit S Kondakci

13 Encrypting and Decrypting with XOR
Plaintext Key Ciphertext Ciphertext Key Plaintext S Kondakci

14 Monoalphabetic Ciphers: Cipher ROT13
Plaintext Ciphertext A B . M N Z O $ tr "[a-z][A-Z]" "[n-z][a-m][N-Z][A-M]" < plain_file S Kondakci

15 Polyalphabetic Substitution Ciphers: Vigenere Cipher
P = plain text, C= Cipher text, E(P) = Encryption, D(C) = Decryption. S Kondakci

16 Flexible Caeser Cipher in C
/* * Denmonstration of a flexible shifter function * S. Kondakci/10/5/1996 */ void caeser(short c,int shifts) { if (('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z')) { int Case = (isupper(c) == 0 ? 122 : 90); if ( shifts + c >= Case) printf("%c",(char)(c-25+shifts)); else putchar(c + shifts); } else if (c == '\n') putchar('\n\n'); putchar(c); S Kondakci

17 Rail fence technique Plaintext: “Let us bust them by the midnight”
Ciphertext: S Kondakci

18 Rail fence technique with key
Write the plaintext row by row in a rectangle, and cipher the message, column by column. Plaintext: “Let us bust them by the midnight” Ciphertext: tedte.uthumnshtbygLtmsbiehi S Kondakci

19 Security Planning S Kondakci

20 The Classification Ranges
5 0.6 2.1 3.5 Group 1: unclassified (public); weighed between 0 and 0.5. Group 2: classified; weighed between 0.6 and 2. Group 3: restricted; weighed between 2.1 and 3.5. Group 4: secret weighed between 3.6 and 5. S Kondakci

21 Estimation of the Security class
n = sizeof(LD)+sizeof(D)+sizeof(WD) Cumulative Max(F(LD),F(D),F(WD)) S Kondakci

22 Test Given the network below, We want to make secure messaging and document exchange within this network. Perform the following tasks: 1) Define at least 3 security objectives 2) Design the necessery security services 3) Assess the overal risk qıuantitatively Win UNIX HUB Mail, document, www-Server, SW-lib, etc Intranet common use İnternet (Güvensiz) S Kondakci

23 Cryptography Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Study of cryptography consists of a number of primitives (basic tasks and algorithms) that can be combined to provide a full range of information security services. S Kondakci

24 Basic Terminology Cryptography terminologies : Encryption/Encipherment
Decryption/Decipherment Cryptographic Algorithm/cipher Encryption Key/Decryption Key Cipher/Decipher Single key encryption = Symmetric key enc. Public key encryption = Asymmetric key enc.

25 Modern Cryptography 1977: Data Encryption Standard (DES) adopted by the U.S. Federal Information Processing for encrypting unclassified information 1976: Diffie and Hellman, introduced the revolutionary concept of public-key cryptography. Security is based on the intractability of the discrete logarithm problem 1978: Rivest, Shamir, and Adleman (RSA), perhaps the most well-known scheme; security is based on the intractability of factoring large integers. S Kondakci

26 Model of 2-Party Communication Using Encryption
S Kondakci

27 Cipher Types Stream cipher: Encrypts digital data one bit or one byte at a time. Block cipher: A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. Typical block sizes are 64 or 128 bits.

28 Terminology Below is a symmetric key encryption using a shared single key for secure data exchange. D_key E_key Plaintext M Encryption Decryption C = Ciphertext = E_key(M) C M = Plaintext = D_key(C) S Kondakci

29 Basic Encryption TEchniques
Symmetric algorithm Asymmetric algorithm Secret key ciphering Public key ciphering 4/22 S Kondakci

30 Basic Algorithms Symmetric/Shared key systems
Single key (Secret commonly shared). The single key both ciphers and deciphers. Asymmetric/Public key systems: Uses 2 keys: Private key (Private to the generator) Public key (Distributed to others) One of the keys ciphers the other deciphers S Kondakci

31 Symmetric Encryption DES, 3DES (Data Encryption Standard)
IDEA (International Data Enc. Algorithm) FEAL LOKI LUCIFER RC2 (Rives’t Code ) RC4 RC5 S Kondakci

32 A 2-Party Communication Using Symmetric Encryption
One of the major problems in symmetric-key systems is to find an efficient method to agree upon and exchange keys S Kondakci

33 Symmetric Encryption Same “Secret Key” S Kondakci Plaintext M
Ciphertext C Ciphertext C S Kondakci

34 Encryption—DES and 3 DES
Widely adopted standard Encrypts plaintext into ciphertext DES performs 16 rounds Triple DES 168-bit 3DES includes three DES keys Accomplished on VPN client, server, router, or firewall S Kondakci

35 Average time required for exhaustive key search
Key Size (bits) Number of Alternative Keys Time required at 106 Decryption/µs 32 232 = 4.3 x 109 2.15 milliseconds 56 256 = 7.2 x 1016 10 hours 128 2128 = 3.4 x 1038 5.4 x 1018 years 168 2168 = 3.7 x 1050 5.9 x 1030 years S Kondakci

36 Costs/Times to Break DES Keys
Budget 40-Bit 56-Bit 168-Bit 3 DES Type of Attacker Individual Hacker Dedicated Hacker Intelligence Community $400 38 Years Too Long 556 Days 1019 Years 21 Minutes 1017 Years $10M 0.02 Seconds $10K 12 Minutes 5 Hours S Kondakci

37 Asymmetric Algorithms
A pair of mathematically related keys: A private key and a public key Çok kullanılan açık anahtar kripto sistem: Stanford Üniversitesi’nden Whitfield Diffie ve Martin Hellman 1976 da açık anahtar sistemi buldular. Rivest Shamir Adleman (RSA) S Kondakci

38 Authentication with Asymmetric Algorithms
Private Key Public Key E_key D_key Plaintext = M (kullanıcı Kimliği) Plaintext M C Encryption Decryption S Kondakci

39 Confidentiality with Asymmetric Algorithms
Public Key Private Key E_key D_key Plaintext = M (Message) Plaintext M C Encryption Decryption S Kondakci

40 Feistel Cipher Structure
Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973 The realization of a Fesitel Network depends on the choice of the following parameters and design features (see next slide): S Kondakci

41 S Kondakci

42 A simple Feistel System
© S. Kondakcı S Kondakci

43 Feistel Cipher Structure
Block size: larger block sizes mean greater security Key Size: larger key size means greater security Number of rounds: multiple rounds offer increasing security Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern S Kondakci

44 Feistel Cipher Decryption
The process of decryption with a Feistel cipher, as shown in Stallings Figure 3.3, is essentially the same as the encryption process. The rule is as follows: Use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse order. That is, use Kn in the first round, Kn–1 in the second round, and so on until K1 is used in the last round. This is a nice feature because it means we need not implement two different algorithms, one for encryption and one for decryption. S Kondakci

45 Decryption Analysis Last round encryption
Output of the first round of decryption is equal to 32-bit swap of the input to the 16th round of the encryption process. Last round encryption S Kondakci

46 Decryption Analysis Cont’d
Thus, we have: Which is the 32-bit swap of the input to the 16th round of the encryption S Kondakci

47 Public Key Diffie-Hellman and RSA
Outlined by Diffie and Hellman in 1976 Refined by Rivest, Shamir and Adlemen RSA is based on a pair of keys—public and private Sender looks up the public key of the recipient and uses it to encipher the message Recipient deciphers the message with private key Eliminates need to exchange private keys before communicating Based on algorithms performed on numbers up to 256 bytes long No one has yet cracked it3 PGP is a public domain implementation of RSA Authentication achieved via digital signatures S Kondakci

48 RSA Algorithm

49 Diffie-Hellman Key Echange

50 Diffiie-Hellman Açık Anahtar Dağıtımı
From Bob To Alice Alice Bob Private Key Bob Alice Public Key Private Key Public Key Key calculation engine Plaintext M Plaintext M Ciphertext C Alice and Bob’s Shared Secret Key S Kondakci

51 RSA Public Key Distribution
Data authentication Data integrity Non-repudiation Security Objective RSA Usage are: Encryption, Digital Signature: 1) Generate Message Digest using a common hush function 2) Signature = Encrypt the Message Digest with the senders private key 3) Send the message and the Signature to the requestor S Kondakci

52 RSA-Encryption Alice Alice One-way Trust Model RSA calculation To Bob
Alice’s RSA Prv. Key RSA calculation Alice Encrypted Data To Bob Data Alice’s RSA Pub. Key RSA calculation Alice Data One-way Trust Model Information encrypted with the RSA private key can only be decrypted with the matching RSA public key Encrp. Data S Kondakci

53 Example: A trusted messaging
Shared session key Plain text S-key Cipher text Ciphertext To Bob S-key Bob’s public key Cipher-key Both the message and a session key (S-key) are encrypted and sent to Bob. Bob uses his own public key to decrypt the session key, then uses the decrypted session key to decrypt the message S Kondakci

54 Bob Deciphers the Session Key
text Bob’s private key Bob deciphers the encrypted session key using his own private key and asymmetric algorithm. Now he has the session key and ciphered message S-key S-key S Kondakci

55 Bob Deciphers the Message
S-key Cipher text Plaintext S Kondakci

56 Public-Key Cryptography Principles
The use of two keys has consequences in: key distribution, confidentiality and authentication. The scheme has six ingredients (see Figure 3.7) Plaintext Encryption algorithm Public and private key Ciphertext Decryption algorithm

57 Encryption using Public-Key system

58 Authentication using Public-Key System

59 Applications for Public-Key Cryptosystems
Three categories: Encryption/decryption: The sender encrypts a message with the recipient’s public key. Digital signature: The sender ”signs” a message with its private key. Key exchange: Two sides cooperate two exhange a session key.

60 Requirements for Public-Key Cryptography
Computationally easy for a party B to generate a pair (public key KUb, private key KRb) Easy for sender to generate ciphertext: Easy for the receiver to decrypt ciphertect using private key:

61 Requirements for Public-Key Cryptography
Computationally infeasible to determine private key (KRb) knowing public key (KUb) Computationally infeasible to recover message M, knowing KUb and ciphertext C Either of the two keys can be used for encryption, with the other used for decryption:

62 The RSA Algorithm: Key Generation
Select p,q p and q both prime Calculate n = p x q Calculate Select integer e Calculate d Public Key KU = {e,n} Private key KR = {d,n}

63 Example of RSA Algorithm

64 The RSA Algorithm: Encryption
Plaintext: M<n Ciphertext: C = Me (mod n)

65 The RSA Algorithm: Decryption
Ciphertext: C Plaintext: M = Cd (mod n)

66 RSA & Sagemath S Kondakci

67 RSA & Factoring S Kondakci

68 Factoring is Hard S Kondakci

69 Other Public-Key Cryptographic Algorithms
Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange Elliptic-Curve Cryptography (ECC) Good for smaller bit size Low confidence level, compared with RSA Very complex

70 Fingerprint: One-way Hash Functions
Also called hash function, cryptographic checksum, message integrity check, message digest function Plaintext Finger print Fingerprint (also called hash value) is always unique for a given message one-way; can’t generate plaintext from the hash value S Kondakci

71 One-way Hash one-way; can’t generate plaintext from the hash value
Unknown Plaintext Finger print S Kondakci

72 Message Digest Algorithms (Mesaj Özetleme)
MD4:128-bit hash value, 32-bit register faster than MD2, better security MD5: Replacement for MD4, solves some weaknesses of MD4 SHA: Secure Hash Algorithm, 160-bit. HAVAL, SNEFRU, etc ... S Kondakci

73 Digital Signatures (Sayısal İmzalar)
Digital signatures ensure: message integrity (not modified in transit) identity of the sender (Sender’s private key) non-repudiation Message SHA, DH, … 1/1/93 to 12/31/98 Alice Smith, Acme Corp DH, Acme Corporation, Security Dept. SHA, DH, Digital certificate S Kondakci

74 Digital Signatures At the Sender’s Side Receiver Genereted Digest
Sender’s private key Digest To the Receiver Digest Receiver Genereted Digest At the Receiver’s Side Digest Digest TRUE Comparator Sender’s public key FALSE Digest Sender Genereted Digest To verify the signature of the message both the sender and receiver create digest messages. S Kondakci

75 Cryptographic Strength
Key Secrecy: The secrecy of the key. Exhaustive Search: The difficulty of guessing the key or trying out all possible keys. Keys with longer size (over 40 bits) are harder to guess. Breaking: The difficulty of inverting the encryption algorithm without knowing the encryption key, also known as breaking the encryption algorithm. Trapdoors: The existence (or lack) of back doors, or additional ways by which an encrypted file can be decrypted more easily without knowing the key. Knowntext Attack: The ability to decrypt an entire ciphertext if you know the way that a portion of it decrypts. Chosentext Attack The properties of the plaintext and the knowledge of those properties by an attacker. S Kondakci

76 That’s all Folks! Süleyman Kondakcı: suleyman.kondakci@ieu.edu.tr
S Kondakci

Download ppt "Cryptology Information Security Süleyman Kondakcı S Kondakci"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Behzad Akbari Spring 2012 1 In the Name of the Most High.

Behzad Akbari Spring In the Name of the Most High.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.

© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures

Similar presentations

Ads by Google