Cryptography and Network Security
Cryptography and Network Security
Cryptography and
Network Security
Key Security Concepts
Key Security Concepts
Confidentiality(covers both data confidentiality and privacy):
Authorized restrictions on information access and disclosure, I
Protection of personal privacy and proprietary information.
Loss of confidentiality is the unauthorized disclosure of information
Integrity (covers both data and system integrity):
Guarding against improper information modification or destruction,
includes ensuring information non-repudiation and authenticity.
A loss of integrity is the unauthorized modification or destruction of information .
Availability:
Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or an
information system
Authenticity:
The property of being genuine and being able to be verified and trusted
confidence in the validity of a transmission, a message, or message originator.
Accountability:
The security goal that generates the requirement for actions of an entity to be
traced uniquely to that entity.
cryptography
cryptography refers to secure
information and communication
techniques derived from mathematical
concepts and a set of rule-based
calculations called algorithms, to
transform messages in ways that are
hard to decipher.
Some Basic Terminology
plaintext - original message
ciphertext - coded message
cipher - algorithm for transforming plaintext to ciphertext
key - info used in cipher known only to sender/receiver
encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering plaintext from ciphertext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
cryptology - field of both cryptography and cryptanalysis
Types of cryptography
Symmetric Encryption or conventional /
private-key / single-key
A Symmetric Encryption /public-key/
Two key
Symmetric Encryption
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are
private-key
was only type prior to invention of public-
key in 1970’s
and by far most widely used (still)
is significantly faster than public-key crypto
Symmetric Cipher Model
Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher
can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z = IN
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C = OUT
Secure communications
The most obvious use of cryptography, and the one that all of us use frequently,
is encrypting communications between us and another system.
This is most commonly used for communicating between a client program and a
server.
Examples are a web browser and web server, or email client and email server
The best example is web encryption, since here you can choose between a clear
or encrypted version of a website by switching between HTTP and HTTPS in the
URL
End-to-end Encryption
When email moves from server to server, and from server to you, it is encrypted.
On the mail server and on your system, however, an administrator can read it.
There are options to implement “end-to-end” encryption for email ( use PGP) but
email systems are complex and these options are complex.
Truly secure messaging systems – where only the sender and receiver can read
the message – are those where encryption has been built in from the start.
Whatsapp is good; Signal is better.
Applications of Cryptography
Storing Data
We all store a large amount of data, and any data is valuable to at least
the person who generated it.
A more notable use of encryption is to encrypt the entire drive, and require
correct credentials to access it.
UCL has recently implemented Microsoft’s Bitlocker on Desktop@UCL
machines, and this means that without the user logging in the data on the
drive is completely opaque.
A relatively recent development is software to create encrypted containers
on a drive.
Veracrypt can be used to create an encrypted volume which is completely
under user control.
Applications of Cryptography
cryptographically hashed password
One of the main uses of this is to store passwords.
It is very risky to store passwords in an accessible way.
If stored in plaintext on a system, anyone who has access to the system
– legitimate or malicious – can read the password.
Encryption is only a partial answer to storing passwords.
If someone has access to the system storing the encrypted passwords,
they will probably have access to the encryption key to decrypt the
password.
Hashing, on the other hand, produces a relatively secure value for the
attacker.
A system will take the password on login, hash it, and compare to the
hashed value.
At no point will the system – or an attacker – have access to the
plaintext password.