Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694."— Presentation transcript:

1 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694

2 2 Textbook: C. Kaufman, R. Perlman, and M. Speciner, Network Security, Second Edition, Prentice-Hall PTR, 2002. Reference Books: 1. W. Ford, Computer Communications Security: principles, Standard Protocols, and Techniques, Prentice Hall, 1994. 2. W. Stallings, Network Security Essentials, Second Edition, Prentice Hall, 2003. Grading Scheme: Project 50%, Paper 25%, Exams 25%

3 3 Chapter 2 Introduction to Cryptography Instructor: 孫宏民

4 4 2.1 What is Cryptography Plaintexts (cleartexts): A message is a plaintext. Code (digits): representation of data (e.g., ASCII) Another code: A = 00, B = 01, C = 02,..., Z = 25 Sender, Receiver, and Intruder (or Interceptor): (Senders and receivers want to make sure an intruder cannot read the messages.)

5 5 Cipher(Cryptosystem): secret method of writing Ciphertexts: An encrypted messages Sender Receiver Intruder Model of Conventional Cryptosystem

6 6 Cryptography is the study of creating and using secret writing, or the art and science of keeping messages secure. Encryption (Enciphering): The encryption is the process of disguising a message in such a way as to hide its substance. Notation: C=E(M) or E K (M) or E K1 (M) Decryption (Deciphering): The process of turning ciphertext back into plaintext. Notation: M=D(C) or D K (C) or D K2 (C)

7 7 Cryptanalysis: The art and science of breaking ciphertexts. Cryptographers v.s. Cryptanalysts Cryptology = Cryptography+ Cryptanalysis

8 8 Four Basic Services of Cryptography Confidentiality (Secrecy): The intruder cannot read the encrypted message form the ciphertext. Authentication: It should be possible for the receiver of a message to ascertain its origin; an intruder should not be able to masquerade as someone else.

9 9 Four Basic Services of Cryptography Integrity: It should be possible for the receiver of a message to verify that it has not been modified in transit; an intruder cannot substitute a false message for a legitimate one. Nonrepudiation: A sender should not be able to falsely deny later that he sent a message.

10 10 2.2 Breaking an Encryption Scheme(1) A cipher is breakable if it is possible to find plaintext or key from ciphertext, or to find the key from plaintext-ciphertext pairs. Cryptanalysis = study (methods) of breaking system, that is, deciphering without the key (K2), using :

11 11 2.2 Breaking an Encryption Scheme(2)  (a) Ciphertext only (C) Most difficult to break  (b) Known plaintext (M, C) E.g., encrypted programs (while, if, else,...)  (c) Chosen plaintext (M*, C) Get the sender to encipher M* (your choice) for you.  (d) Chosen ciphertext (M, C*) Get the receiver to decipher C* (your choice) for you.

12 12 2.2 Breaking an Encryption Scheme(3)  (e) Chosen text (M*, C) and (M, C*) Combine (c) and (d).

13 13 Some other types of Cryptanalytic Attacks(1) Adaptive-chosen-plaintext Attacks (a special case of a chosen-plaintext attack): The intruder not only can choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption. Chosen-key Attacks: The intrduer has some knowledge about the relationship between different keys.

14 14 Some other types of Cryptanalytic Attacks(2) Bruce-force Attacks (Exhaustive search): To try every possible key one by one and to check whether the resulting plaintext is meaningful.

15 15 2.3 Type of Cryptographic Function Hash Function Secret Key Function Public Key Function

16 16 2.4 Secret Key Cryptography Secret Key Cryptosystems: The encryption & decryption keys are the same.(E K (M)= C & D K (C)= M).  Stream ciphers: The operation unit on the plaintext is a single bit (or byte), such as RC4 and A5.  Block ciphers: The operation unit on the plaintext is a group of bits (a block), such as DES, IDEA, and AES.

17 17 plaintext encryption ciphertext key ciphertext plaintext decryption

18 18 Example of a Cipher m i, c i  {00, 01, 02,..., 25} To encipher: M=m1m1 m2m2 m3m3 … C=c1c1 c 2 c 3 …

19 19 To decipher:

20 20 Caesar Cipher Shift each letter in the English alphabet forward by K positions (shift past Z cycle back to A). K is the key to the cipher. Example: k=3 TSINGHUAUNIVERSITY WVLQJKXDXQLYHUVLWB

21 21 Code Book Plaintext words or phrases are entered into the code book together with their ciphertext substitutes. The code book is the key. Example: ATTACK JAPAN  4008 5603 WordCode BOMB1701 JAPAN5603 ATTACK4008 NIGHT3790 

22 22 2.5 Public Key Cryptosystems Public Key Cryptosystems: Encryption & decryption keys are different (E K1 (M)=C & D K2 (C)=M), such as RSA, ElGamal, and McEliece.  The encryption key (public key) can be public while the decryption key (secret key) cannot be calculated from the public key.

23 23 Encryption and decryption are two mathmatical functions that incerses of each other. plaintext encryption ciphertext Private key ciphertext plaintext decryption Public key

24 24 There is an additional thing one can do with public key technology, which is to generate a digital signature on a message. plaintext signing Signed message public key Signed message plaintext verification private key

25 25 2.6 Hash Algorithm A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length number. We will call the hash of a message m, h(m).

26 26 It has the following property:  For any message, it is easy to compute h(m).  Given h(m), there is no way to find a m that hashes to h(m) in a way that is substantially easier than going through all possible values of m and computing h(m) for each one.  It is computationally infeasible to find two value that hash to the same thing.

27 27 Security Attacks Normal flow: Interruption: Interception:

28 28 Modification: Fabrication:

29 29 Interruption  This is an attack on availability.  Examples: cutting of a communication line, or destruction of a piece of hardware. Interception  This is an attack on secrecy.  Examples: wiretapping to capture data in network, or illicit copying of files or programs.

30 30 Modification  This is an attack on integrity.  Examples: changing values in a data file, or altering a program so that it performs differently. Fabrication  This is an attack on authenticity.  Examples: insertion of fake messages in network, or addition of records to a file.

31 31 Security Threats Passive threats  Interception (Secrecy) Active threats  Interruption (Availability)  Modification (Integrity)  Fabrication (Authenticity)

32 32 Data Security(1) Data security is the science and study of methods of protecting data in computer and communications systems. Data security studies four kinds of control:  Cryptography  Access  Information flow Prevent leakage  Inference  People shouldn't be able to infer something that shouldn't be inferred

33 33 Data Security(2) Threats to data in computer systems  Secrecy Browsing, Leakage, Inference  Authenticity Tampering, Accidental destruction Browsing Searching through main memory or secondary storage

34 34 Data Security(3) Leakage Transmission of data to unauthorized users by processes with legitimate access to the data (e.g., compilers, text editors,...) Inference In a statistical database, you may infer the info of an individual from average.

35 35 Data Security(4) Tampering  Replay  insert  Delete Accidental destruction  Unintentional overwriting  Caused by faulty software (e.g., an array subscript is out-of-range)  Access controls are needed to prevent programs from writing into memory regions of other programs

36 36 Data Security(5)  Unintentional deletion  Caused by software or hardware failure or user mistakes (e.g., a disk crash)  Backup is needed to recover from destruction

37 37 Other Threats to Data Security Ciphertext searching xyzxyz  salary (example) You don't know what xyz is, but know they are the same. Know one of them  Know both Masquerading Write programs to simulate login procedure to get other people's password.

38 38 Computer System

39 39 Cryptographic System For a given K, DK is the inverse of E K ; that is, D K (E K (M)) = M Requirements for cryptosystems:   K, E K and D K are efficient (run in polynomial time)  System is easy to use (no 200 digits keys has to be typed)  Security depends only on the secrecy of K, not on E or D

Download ppt "1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…

1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Network Security Sorina Persa Group 3250 Group 3250.

Network Security Sorina Persa Group 3250 Group 3250.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google