0% found this document useful (0 votes)
8 views42 pages

Cryptography and Network Security

The document covers key security concepts in cryptography and network security, including confidentiality, integrity, availability, authenticity, and accountability. It explains various cryptographic techniques, such as symmetric and public-key cryptography, and details the mechanisms of message authentication, digital signatures, and hash functions. Additionally, it discusses practical applications of cryptography, including secure communications, data storage, and password management.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
8 views42 pages

Cryptography and Network Security

The document covers key security concepts in cryptography and network security, including confidentiality, integrity, availability, authenticity, and accountability. It explains various cryptographic techniques, such as symmetric and public-key cryptography, and details the mechanisms of message authentication, digital signatures, and hash functions. Additionally, it discusses practical applications of cryptography, including secure communications, data storage, and password management.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 42

UNIT-3

Cryptography and
Network Security
Key Security Concepts
Key Security Concepts
 Confidentiality(covers both data confidentiality and privacy):

Authorized restrictions on information access and disclosure, I

Protection of personal privacy and proprietary information.

Loss of confidentiality is the unauthorized disclosure of information
 Integrity (covers both data and system integrity):

Guarding against improper information modification or destruction,

includes ensuring information non-repudiation and authenticity.

A loss of integrity is the unauthorized modification or destruction of information .
 Availability:

Ensuring timely and reliable access to and use of information.

A loss of availability is the disruption of access to or use of information or an
information system
 Authenticity:

The property of being genuine and being able to be verified and trusted

confidence in the validity of a transmission, a message, or message originator.
 Accountability:

The security goal that generates the requirement for actions of an entity to be
traced uniquely to that entity.
cryptography
 cryptography refers to secure
information and communication
techniques derived from mathematical
concepts and a set of rule-based
calculations called algorithms, to
transform messages in ways that are
hard to decipher.
Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering plaintext from ciphertext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis
Types of cryptography
 Symmetric Encryption or conventional /
private-key / single-key
 A Symmetric Encryption /public-key/
Two key
Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key
 all classical encryption algorithms are
private-key
 was only type prior to invention of public-
key in 1970’s
 and by far most widely used (still)
 is significantly faster than public-key crypto
Symmetric Cipher Model
Caesar Cipher
 earliest known substitution cipher
 by Julius Caesar
 first attested use in military affairs
 replaces each letter by 3rd letter on
 example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher
 can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z = IN
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C = OUT

 mathematically give each letter a number


a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

 then have Caesar (rotation) cipher as:


c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)
Cryptanalysis of Caesar
Cipher
 only have 26 possible ciphers

A maps to A,B,..Z
 could simply try each in turn
 a brute force search
 given ciphertext, just try all shifts of letters
 do need to recognize when have plaintext
 eg. break ciphertext "GCUA VQ DTGCM"
Cryptanalysis of Caesar
Cipher
Three important characteristics of this problem enabled us to
use a brut force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily
recognizable.
We can counter the third point of known plain text by
compressing the plain text due to which the language of
plain text is unknown .
We can use ZIP algorithm to compress
Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
 form basis of modern block ciphers
 S-P nets are based on the two primitive
cryptographic operations seen before:

substitution (S-box)

permutation (P-box)
 provide confusion & diffusion of message & key
Feistel Cipher Structure
 Horst Feistel devised the Feistel cipher

based on concept of invertible product cipher
 partitions input block into two halves

process through multiple rounds which

perform a substitution on left data half

based on round function of right half & subkey

then have permutation swapping halves
 implements Shannon’s S-P net concept
Feistel Cipher Structure
Public-Key Cryptography
 probably most significant advance in the
3000 year history of cryptography
 uses two keys – a public & a private key
 asymmetric since parties are not equal
 uses clever application of number
theoretic concepts to function
 complements rather than replaces private
key crypto
Public-Key Cryptography
 public-key/two-key/asymmetric cryptography
involves the use of two keys:

a public-key, which may be known by anybody, and can
be used to encrypt messages, and verify signatures

a related private-key, known only to the recipient, used
to decrypt messages, and sign (create) signatures
 infeasible to determine private key from public
 is asymmetric because

those who encrypt messages or verify signatures cannot
decrypt messages or create signatures
Public-Key Cryptography
Public-Key Cryptosystems
Symmetric vs Public-Key
Message Authentication
 message authentication is concerned with:

protecting the integrity of a message

validating identity of originator

non-repudiation of origin (dispute resolution)
 will consider the security requirements
 then three alternative functions used:

hash function

message encryption

message authentication code (MAC)
Hash Functions
 condenses arbitrary message to fixed size
h = H(M)
 usuallyassume hash function is public
 hash used to detect changes to message
 want a cryptographic hash function

computationally infeasible to find data mapping to
specific hash (one-way property)

computationally infeasible to find two data to same
hash (collision-free property)
Cryptographic Hash Function
Hash Function Uses
 Message Integrity Check (MIC)

send hash of message (digest)

MIC always encrypted, message optionally
 Message Authentication Code (MAC)

send keyed hash of message

MAC, message optionally encrypted
 Digital Signature (non-repudiation)

Encrypt hash with private (signing) key

Verify with public (verification) key
Message Authentication Code
(MAC)
 generated by an algorithm that creates a
small fixed-sized block

depending on both message and secret key

like encryption though need not be reversible
 appended to message as a “signature”
 receiver performs same computation on
message and checks it matches the MAC
 provides assurance that message is
unaltered and comes from sender
Message Authentication Code
asmall fixed-sized block of data
 generated from message + secret key
 MAC = C(K,M)
 appended to message when sent
Message Authentication
Codes
 asshown the MAC provides authentication
 can also use encryption for secrecy

generally use separate keys for each

can compute MAC either before or after
encryption

is generally regarded as better done before, but
see Generic Composition
Message Authentication
Codes
 why use a MAC?

sometimes only authentication is needed

sometimes need authentication to persist longer
than the encryption (e.g. archival use)
 note that a MAC is not a digital signature
• Does NOT provide non-repudiation
MAC Properties
a MAC is a cryptographic checksum
MAC = CK(M)

condenses a variable-length message M

using a secret key K

to a fixed-sized authenticator
 is a many-to-one function

potentially many messages have same MAC

but finding these needs to be very difficult
Requirements for MACs
 taking into account the types of attacks
 need the MAC to satisfy the following:
1. knowing a message and MAC, is infeasible
to find another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all bits of the
message
Security of MACs
 like
block ciphers have:
 brute-force attacks exploiting
m/

strong collision resistance hash have cost 2 2

• 128-bit hash looks vulnerable, 160-bits better



MACs with known message-MAC pairs
• can either attack keyspace (cf. key search) or MAC
• at least 128-bit MAC is needed for security
Security of MACs
 cryptanalytic attacks exploit structure

like block ciphers want brute-force attacks to
be the best alternative
 morevariety of MACs so harder to
generalize about cryptanalysis
Digital Signature Definition
 A digital signature is an authentication
mechanism that enables the creator of a
message to attach a code that acts as a
signature.

 Typically the signature is formed by taking the


hash of the message and encrypting the
message with the creator’s private key.

 The signature guarantees the source and


integrity of the message.
Digital Signatures
 have looked at message authentication

but does not address issues of lack of trust
 digital signatures provide the ability to:

verify author, date & time of signature

authenticate message contents

be verified by third parties to resolve disputes
 hence include authentication function with
additional capabilities
Digital Signature Model
Digital
Signature
Model
Digital Signature Requirements
 must depend on the message signed
 must use information unique to sender

to prevent both forgery and denial
 must be relatively easy to produce
 must be relatively easy to recognize & verify
 be computationally infeasible to forge

with new message for existing digital signature

with fraudulent digital signature for given message
 be practical save digital signature in storage
Applications of Cryptography

 Secure communications

The most obvious use of cryptography, and the one that all of us use frequently,
is encrypting communications between us and another system.

This is most commonly used for communicating between a client program and a
server.

Examples are a web browser and web server, or email client and email server

The best example is web encryption, since here you can choose between a clear
or encrypted version of a website by switching between HTTP and HTTPS in the
URL
 End-to-end Encryption

When email moves from server to server, and from server to you, it is encrypted.

On the mail server and on your system, however, an administrator can read it.

There are options to implement “end-to-end” encryption for email ( use PGP) but
email systems are complex and these options are complex.

Truly secure messaging systems – where only the sender and receiver can read
the message – are those where encryption has been built in from the start.

Whatsapp is good; Signal is better.
Applications of Cryptography

 Storing Data

We all store a large amount of data, and any data is valuable to at least
the person who generated it.

A more notable use of encryption is to encrypt the entire drive, and require
correct credentials to access it.

UCL has recently implemented Microsoft’s Bitlocker on Desktop@UCL
machines, and this means that without the user logging in the data on the
drive is completely opaque.

A relatively recent development is software to create encrypted containers
on a drive.

Veracrypt can be used to create an encrypted volume which is completely
under user control.
Applications of Cryptography
 cryptographically hashed password

One of the main uses of this is to store passwords.

It is very risky to store passwords in an accessible way.

If stored in plaintext on a system, anyone who has access to the system
– legitimate or malicious – can read the password.

Encryption is only a partial answer to storing passwords.

If someone has access to the system storing the encrypted passwords,
they will probably have access to the encryption key to decrypt the
password.

Hashing, on the other hand, produces a relatively secure value for the
attacker.

A system will take the password on login, hash it, and compare to the
hashed value.

At no point will the system – or an attacker – have access to the
plaintext password.

You might also like