Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Published byCatherine Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville."— Presentation transcript:

1 Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville Fall, 2013 Dr. Hiroshi Fujinoki E-mail: hfujino@siue.edu Information_Security/001

2 Information Security Fundamentals Information_Security/002 Software programs are running two physically separated host computers Network Program A Program B Assumptions throughout this discussions Client Server Two assumptions  Unreliable message transmissions  Possible hijack of network resources

3 Information Security Fundamentals Information_Security/003 Assumptions throughout this discussions Software programs communicate through insecure public networks Network Program A Program B  Unreliable message transmissions (a) Messages you transmit may not reach a destination. (b) Messages you transmit may be duplicated. (c) Messages you transmit may reach a destination out of order.

4 Information Security Fundamentals Information_Security/004 Assumptions throughout this discussions Software programs communicate through insecure public networks  Possible hijack of network resources Routers store your messages in them, and they forward. Someone else can access (read) contents in your message. Network Program A Program B Someone has illegal access to this router Router

5 Information Security Fundamentals Information_Security/005 Assumptions throughout this discussions Software programs communicate through insecure public networks Network Program A Program B  Possible hijack of network resources Routers store your messages in them, and they forward. Someone else can modify the contents in your message.

6 Information Security Fundamentals Information_Security/006 Major Known Information Security Problems  Release of message contents  Modification of message contents  Masquerading the identity of information sender and receiver  Repudiation of message transmission and/or receiving  Denial of services  Traffic analysis  Message-replays

7 Information Security Fundamentals Information_Security/007 Major Known Information Security Problems and Their Solutions  Release of message contents  Modification of message contents  Masquerading the identity of information sender and receiver Cryptography Message Digest Digital Signature

8 Information Security Fundamentals Information_Security/008 A Original information A’ Encrypted information f Encryption mathematical function = E.g., ‘A’ (ASCII ‘A’) E.g., + E.g., ‘B’ (ASCII ‘B’) 1 Encryption key A’ E.g., - 1 Encryption key A Original information Sender Receiver Internet Public Network (Internet) f ’ Decryption  Cryptography This type of cryptography is called “symmetric cryptography”

9 Information Security Fundamentals Information_Security/009  Cryptography (to prevent release of message contents) Three important issues in cryptography: (1) Encryption must be hard to break (time, computer resources) (2) Encryption key must be safely transferred over a network (3) Encryption must be scalable in the number of users you deal with A solution that satisfies all the above requirements “Asymmetric-Key Cryptography” Different keys can be used for encryption and decryption. The two big problems of symmetric cryptography

10 Information Security Fundamentals Information_Security/010  Cryptography (to prevent release of message contents) Network S R S P Encryption keys are always made as a pair of two keys One of the two keys is called “secret (private) key” while the other is is called “open (public) key”. You must keep your private key always secret (= never transfer it to anywhere) You can give your public key to any people you would like to securely communicate P (anyone should be able to get the public key)

11 Information Security Fundamentals Information_Security/011  Cryptography (to prevent release of message contents) Network S R S P Two most important properties in asymmetric-key cryptography: (1) If a message is encrypted by a public key, the encrypted message can be decrypted only by its private key. (2) If a message is encrypted by a private key, the encrypted message can be decrypted only by its public key. P Plain Message X P

12 Information Security Fundamentals Information_Security/012  Cryptography (to prevent release of message contents) Network S R S P Two most important properties in asymmetric-key cryptography: (1) If a message is encrypted by a public key, the encrypted message can be decrypted only by its pair secret key. (2) If a message is encrypted by a secret key, the encrypted message can be decrypted only by its pair public key. P X P Plain Message

13 Information Security Fundamentals Information_Security/013  Cryptography (to prevent release of message contents) Three important issues in cryptography: (1) Encryption must be hard to break (time, computer resources) (2) Encryption key must be safely transferred over a network (3) Encryption must be scalable in the number of users you deal with Solved !!

14 Information Security Fundamentals Information_Security/014  Message digests (to prevent modification of message contents) Network S R Message (2) Attach the digest to the message (1) Calculate a message digest H el lo Wo r l d! 72 101108 1113287 111 114 10810033 ASCII Code: (8 mod (total)) = 193 193 This methods has two problems!

15 Message 193 Message 193 Information Security Fundamentals Information_Security/015 Network S R  Message digests (to prevent modification of message contents) Message 193 How can we prevent this problem? 249

16 Information Security Fundamentals Information_Security/016 Network S R Message (1) Calculate a message digest 193 S P (2) Encrypt the digest using the private key  Message digests (to prevent modification of message contents) (3) Attach the encrypted digest to the message (4) The whole message is transferred (5) R downloads the public key of S (6) R decrypts the digest from S (7) R calculates the digest on its own and compares it with the digest from S P Message 193

17 Information Security Fundamentals Information_Security/017  Message digests (to prevent modification of message contents) Network S R Message (2) Attach the digest to the message (1) Calculate a message digest H el lo Wo r l d! 72 101108 1113287 111 114 10810033 ASCII Code: (8 mod (total)) = 193 193 If we have 8 bits for a digest, what is the probability of the digest accidentally match? It’s 1/256!

18 Certificate Authority Merchant’s host (server) Client’s host (browser)  CA creates a certificate for this merchant S1S1 P1P1  Digital Certificate S2S2 P2P2 P2P2 HASH  CA encrypts this certificate using its PRIVATE key Encrypt  CA issues (transmits) this certificates to the merchant  The merchant sends its certificate to you HASH Compare P2P2 P1P1 Decrypt (hash) digest of the server’s certificate  A client contacts this merchant for business Digital signature of this certificate Extracted Digital Signature of the CA Re-Constructed Digital Signature of the CA Initiate the hybrid encryption with this server  Request for issuing a certificate for this merchant (must pay $$$) Information Security Fundamentals Information_Security/018

19 Digital Certificate Certificate: Data: Version: 3 (0x2) Serial Number: 7 (0x7) Signature Algorithm: md5WithRSAEncryption Issuer: C=JP, ST=Aichi-Ken, L=Nagoya, O=NIT, OU=TEST depth, CN=ailab second cert/Email=wakayama@elcom.nitech.ac.jp Validity Not Before: Sep 22 05:31:34 1998 GMT Not After : Sep 22 05:31:34 1999 GMT Subject: C=JP, ST=Aichi-Ken, O=nitech.ac.jp, OU=ailab, CN=test7.second/Email=7.second@mars Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:bd:06:2b:bc:35:55:0b:d7:c4:d6:09:a5:b7:5c: 57:2a:0a:e5:7d:8c:2e:ed:8f:df:c3:ca:37:63:bb: ae:b1:ac:94:54:40:da:7b:71:16:ff:e7:68:5e:00: 49:54:43:70:b7:a1:35:0a:e3:53:4d:4c:86:d2:90: e8:18:39:55:2b Exponent: 65537 (0x10001) X509v3 extensions: Netscape CA Revocation URL:.#http://www.cryptsoft.com/ca-crl.pem Netscape Comment:..This is a comment Netscape Cert Type:...@ Signature Algorithm: md5WithRSAEncryption e7:04:71:f0:9a:d5:da:5e:50:c5:13:20:97:8c:ff:69:fa:18: 2a:9d:b8:75:22:d7:f4:d5:87:4a:7c:c4:3a:7f:b7:72:0f:a3: f3:f4:82:60:8e:e0:f8:10:36:9f:d9:a8:c3:b2:83:50:3d:dd: 5c:b8:29:b7:79:49:03:13:6d:83 Declare the beginning of a certificate ITU-T X.509 Version 3 certificate format Unique Certificate Serial # Which hash and encryption are used for the signature Name of the CA who issued this certificate Name of the server this certificate is issued to This is the public-key information for the server! This is the digital signature signed by this CA (not by this server) Encryption algorithm you need to use when you talk to this server CS 548 Network Security Information_Security/019

20 Certificate Authority Merchant’s host (server) Client’s host (browser) S1S1 P1P1 S2S2 P2P2  CA issues (transmits) this certificates to the merchant P1P1  Request for issuing a certificate for this merchant (must pay $$$) How can you be sure that this CA is a legitimate CA? When (or how) did you get the public-key of this CA? If you are going to get the public-key through the network, how you are sure this key is from the CA?  Digital Certificate Information Security Fundamentals Information_Security/020

21 Certificate Authority Merchant’s host (server) S2S2 P2P2 Certificate for this CA  Request for the certificate issued to this CA  This CA sends its certificate to this merchant This is the certificate for this merchant HASH Compare Decrypt Extracted Digital Signature of the CA Re-Constructed Digital Signature of the CA P We need the public key for this decryption S P You can (should) not get the public-key from this CA  Digital Certificate Information Security Fundamentals Information_Security/021

22 Certificate Authority Merchant’s host (server) S1S1 P1P1 S2S2 P2P2  Request for the certificate issued to this CA  This CA sends its certificate to this merchant This is the certificate for this merchant HASH Compare Decrypt Extracted Digital Signature of the CA Re-Constructed Digital Signature of the CA Another Certificate Authority S3S3 P3P3 P3P3 P3P3 How can this merchant be sure that P 3 is from Y? X Y CA X requests Y to issue a certificate for X! Certificate for this CA  Digital Certificate Information Security Fundamentals Information_Security/022

23 R Merchant’s host (server) Root CA The CA who does not have the parent CA Digital Certificate (a)Your browser must have the pre-installed certificate of the root CA (b) If your browser does not have the certificate of the root CA, you must make your own decision of you accept (trust) the certificate of not X Y Z Information Security Fundamentals Information_Security/023

24 Information Security Fundamentals Information_Security/024  Repudiation of message transmission of receiving Network S R Message S transmits a message to R R received this message from S Non-Repudiation (a) S can not deny that it transmitted this message to R. (b) R can not deny that it received this message from S.

25 Information Security Fundamentals Information_Security/025  Repudiation of message transmission of receiving Network S R Message I did not transmit this message to S I did not receive this message from S Non-Repudiation (a) S can not deny that it transmitted this message to R. (b) R can not deny that it received this message from S. This situation is NOT repudiation (because message transfer did not occur)

26 Information Security Fundamentals Information_Security/026  How to prevent repudiation? Homework: Develop an algorithm that prevents the two types of repudiations Use the information security solutions we discussed so far We still assume an insecure network environment (especially message losses and message duplications) Hints: Like digital certificate, combine multiple security solutions It should be “algorithm” (which contains “if – else” structures)

Download ppt "Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Similar presentations

Ads by Google