computer and network security
DESCRIPTION
Computer and Network Security. Rabie A. Ramadan. CIA Triad. Security Goals C onfidentiality, I ntegrity , and A vailability. Confidentiality. To ensure confidentiality. To ensure confidentiality. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/1.jpg)
Computer and Network Security
Rabie A. Ramadan
![Page 2: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/2.jpg)
CIA Triad
2
Security Goals• Confidentiality,
• Integrity , and
• Availability
![Page 3: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/3.jpg)
Confidentiality
3
The property of preventing disclosure of information to unauthorized individuals or systems.
Real Scenario
• a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network.
• The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored.
• If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred.
To ensure confidentiality
To ensure confidentiality
To ensure confidentiality
To ensure confidentiality
![Page 4: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/4.jpg)
Integrity
4
Data cannot be modified without authorization. Real scenarios:
• Integrity is violated when an employee (accidentally or with malicious intent) deletes important data files,
• When a computer virus infects a computer,
• When an employee is able to modify his own salary in a payroll database,
• When an unauthorized user vandalizes a web site,
• When someone is able to cast a very large number of votes in an online poll, and so on.
Preventing by Access Control and Encryption
![Page 5: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/5.jpg)
Availability
5
The information must be available when it is needed. Highly available systems aim to remain available at
all times. Real Scenarios
• Power outages,
• Hardware failures,
• DoS attacks (denial-of-service attacks).
Preventions by fault tolerance , access control, and attack prevention mechanisms.
![Page 6: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/6.jpg)
Security Goals (Summary)
6
Confidentiality• Ensures that computer-related assets are accessed only by authorized
parties.
• Sometimes called secrecy or privacy.
Integrity• Assets can be modified only by authorized parties or only in
authorized ways.
Availability • Assets are accessible to authorized parties at appropriate times.
• The opposite is denial of service.
![Page 7: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/7.jpg)
Security Goals
7
Strong protection is based on Goals relations
![Page 8: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/8.jpg)
Goals are Applied to
8
Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
Network Security - measures to protect data during their transmission
Internet Security - measures to protect data during their transmission over a collection of interconnected networks
![Page 9: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/9.jpg)
Threats , vulnerability, and Attacks
9
Crossing the water to the right is a Threat to the man.
• Ex. (Computer) software failures
Crossing the water through the wall crack is a Vulnerability.
• Ex. (Computer) Open ports
Somebody or another system destroyed the wall is an Attack
• Ex. (Computer) sending an overwhelming set of messages to another system to block it.
![Page 10: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/10.jpg)
Attacks
10
Passive Attacks • Attempts to learn or make use of information from the system but
does not affect system resources.
• Eavesdropping or monitoring of transmissions
Active Attacks • Attempts to alter system resources or affect their operation.
![Page 11: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/11.jpg)
Passive Attacks
11
Release of message contents / snooping
![Page 12: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/12.jpg)
Passive Attacks (Cont.)
12
Traffic Analysis/ spoofing
Passive Attacks are hard to be detected
![Page 13: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/13.jpg)
Active Attacks
13
![Page 14: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/14.jpg)
Active Attacks
14
Masquerade• One entity pretends to be a different entity
![Page 15: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/15.jpg)
Active Attacks (Cont.)
15
Replay Attack • Passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
![Page 16: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/16.jpg)
Active Attacks (Cont.)
16
Modification Attack • Some portion of a legitimate message is altered, or that messages
are reordered, to produce an unauthorized effect
![Page 17: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/17.jpg)
Active Attacks (Cont.)
17
Denial of Service• Prevents or inhibits the normal use or management of
communications facilities
![Page 18: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/18.jpg)
Group Activities
18
Which of the following attacks is a threat to which of the security goals?
Attacks Security Goals Modification Confidentiality
Masquerading Integrity
Traffic Analysis Availability
Denial of service
Replaying
Snooping
![Page 19: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/19.jpg)
Answer
19
Security Attacks
Snooping
Traffic Analysis
Modification
Masquerading
Replaying
Denial of Service
Confidentiality Integrity Availability
![Page 20: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/20.jpg)
Security Services
20
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource
Data Confidentiality –protection of data from unauthorized disclosure
Data Integrity - assurance that data received is as sent by an authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication
![Page 21: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/21.jpg)
Security Mechanisms
21
Specific security mechanisms:• Implemented on specific layer (OSI model)
• Encipherment, digital signatures, access controls, data integrity, authentication exchange, routing control, notarization
Pervasive security mechanisms:• Not related to a specific layer
• Trusted functionality, security labels, event detection
![Page 22: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/22.jpg)
Model for Network Security
22
![Page 23: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/23.jpg)
Model for Network Security
23
Using this model requires us to: • Design a suitable algorithm for the security
transformation.
• Generate the secret information (keys) used by the algorithm.
• Develop methods to distribute and share the secret information.
• Specify a protocol enabling the principals to use the transformation and secret information for a security service.
![Page 24: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/24.jpg)
24
Symmetric Cipher Model
![Page 25: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/25.jpg)
Symmetric Cipher Model
25
Known as:• Conventional Encryption
• Single-Key Encryption
Plaintext• Original text/msg
Ciphertext• Coded msg
Enciphering/Encryption• The process of converting the plaintext to ciphertext
Deciphering/Decryption • The process of converting the ciphertext to plaintext
![Page 26: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/26.jpg)
Symmetric Cipher Model (Cont.)
26
Cryptography • The developed encryption schemes
Cryptanalysis • Techniques used to get the plaintext out of the ciphertext without
prior knowledge to the encryption scheme (breaking the code)
Cryptology • Both the cryptography and cryptanalysis
![Page 27: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/27.jpg)
More Definitions
27
Unconditional Security • The ciphertext provides insufficient information to
uniquely determine the corresponding plaintext.
Computational Security • The time needed for calculations is greater than
age of universe
![Page 28: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/28.jpg)
Symmetric Cipher Model (Cont.)
28
![Page 29: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/29.jpg)
Symmetric Cipher Model
29
Requirements • Strong Key the opponent can not figure it out even if he/she has
a number of ciphertexts
• The key must be exchanged through a secure channel
• Y = E(K,X) ~ Y = EK(X)
• X =D(K,Y) ~ X = DK(Y)
![Page 30: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/30.jpg)
Brute Force Search
30
Always possible to simply try every key Most basic attack, proportional to key size
![Page 31: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/31.jpg)
31
Substitution Ciphers
![Page 32: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/32.jpg)
Lets have Fun
32
You are spying on your friend Ahmed while he is chatting with John, you received the following message:
“Ygjcxgvqmnnvjgrgumfgpv”
Can you decrypt this message?
![Page 33: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/33.jpg)
Answer
33
Ahmed is telling John:
“Ygjcxgvqmnnvjgrgumfgpv”
“We have to kill the president” Encryption Key:
• Replacement Table Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext CDEFGHIJKLMNOPQRSTUVWXYZAB
Encryption Technique • Each letter is replaced by the second one after it
• Remove blanks
![Page 34: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/34.jpg)
Caesar Cipher
34
Earliest known substitution cipher by Julius Caesar first attested use in military affairs replaces each letter by 3rd one after it
E.g.meet me after the party
PHHW PH DIWHU WKH SDUWB
![Page 35: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/35.jpg)
Caesar Cipher (Cont.)
35
Transformation :
Mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
Then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
![Page 36: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/36.jpg)
Caesar Cipher (Cont.)
36
Cryptanalysis
• Only have 26 possible ciphers
•A maps to A,B,..Z
• Could simply try each in turn
![Page 37: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/37.jpg)
Monoalphabetic Cipher
37
Rather than just shifting the alphabet Could shuffle (jumble) the letters arbitrarily Each plaintext letter maps to a different random
ciphertext letter The key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZNPlaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
![Page 38: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/38.jpg)
Monoalphabetic Cipher Security
38
now have a total of 26! = 4 x 1026 keys with so many keys, might think is secure but would be !!!WRONG!!!
Language Characteristics Problem
• Using the occurrence frequency of each letter , we can deduce the letters in the ciphertext
![Page 39: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/39.jpg)
English Letter Frequencies
39
![Page 40: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/40.jpg)
Playfair Cipher
40
Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
Encrypts multiple letters
Uses Playfair Matrix
Uses some of the rules to interpret the matrix
![Page 41: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/41.jpg)
Playfair Key Matrix
41
A 5X5 matrix of letters based on a keyword Fill in letters of keyword (Avoid repetition) Fill rest of matrix with other letters E.g. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
![Page 42: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/42.jpg)
Playfair Rules
42
Plaintext encrypted two letters at a time: • if a pair is a repeated letter, insert a filler like 'X',
• eg. "balloon" encrypts as "ba lx lo on"
• If both letters fall in the same row, replace each with letter to right (wrapping back to start from end), • eg. “ar" encrypts as "RM"
• If both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), • eg. “mu" encrypts to "CM"
• Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair,• eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
![Page 43: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/43.jpg)
Group Activity
43
Based on Playfair encryption, encrypt the word
“Hello”
Key :
Note: The key is an arrangement of all of the alphabetic letters
L G D B A
Q M H E C
U R N I/J F
X V S O K
Z Y W T P
![Page 44: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/44.jpg)
Answer
44
Step 1: Group the letters
• He ll o
• 1st rule repeated letters ll
• He lx lo Step 2: find the corresponding text in the key
• He EC - rule 2 H and e on the same row (replace each with letter to right) EC
• Lx QZ -- rule 3 L and x at the same column (replace each with the letter below it) QZ
• loBX -- rule 4 l and o at different rows and columns (replaced by the one in its row in the column of the other letter of the pair)
E (Hello) “ECQZBX”
![Page 45: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/45.jpg)
Security of the Playfair Cipher
45
Security much improved over monoalphabetic
Since have 26 x 26 = 676 diagrams
Was widely used for many years (eg. US & British military in WW1)
It can be broken, given a few hundred letters since still has much of plaintext structure
![Page 46: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/46.jpg)
Polyalphabetic Ciphers
46
Another approach to improving security is to use multiple cipher alphabets
Makes cryptanalysis harder with more alphabets to guess and flatter frequency distribution
Use a key to select which alphabet is used for each letter of the message
Use each alphabet in turn Repeat from start after end of key is reached
![Page 47: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/47.jpg)
Vigenère Cipher
47
Simplest polyalphabetic substitution cipher effectively multiple Caesar ciphers key is multiple letters long K = k1 k2 ... kd ith letter specifies ith alphabet to use use each alphabet in turn repeat from start after d letters in message decryption simply works in reverse
![Page 48: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/48.jpg)
48
![Page 49: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/49.jpg)
Example
49
eg using repeated keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
From the previous table lookup the key letter then the
plain text letter.
The cipher letter is the intersection letter
![Page 50: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/50.jpg)
Security of Vigenère Ciphers
50
have multiple ciphertext letters for each plaintext letter
Letter frequencies are obscured
But not totally lost
![Page 51: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/51.jpg)
Autokey Cipher
51
Ideally want a key as long as the message Vigenère proposed the autokey cipher The keyword is prefixed to message as key Still have frequency characteristics to attack
Eg. given key deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGKZEIIGASXSTSLVVWLA
![Page 52: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/52.jpg)
One-Time Pad
52
Select a random key that is equal to the message length.
Use a table structure such as Vigenère table
Problems: • Generating long random keys
• Bandwidth problem sending the key as long as the Msg
![Page 53: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/53.jpg)
53
Transposition/Permutation Ciphers
![Page 54: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/54.jpg)
Transposition (Cont.)
54
The letters of the message are rearranged
Columnar transpositionThe number of columns is required
Example:
THIS IS A MESSAGE TO SHOW HOW A COLMUNAR TRANSPOSITION WORKS
![Page 55: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/55.jpg)
Transposition (Cont.)
55
T H I S I S A M E S S A G E T O S H O W H O W A C O L M U N A R T R A N S P O S I T I O N W O R K S
tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasna
![Page 56: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/56.jpg)
Group Activity
56
Given the following message
“ This is the second lecture”
Divide the message onto a block of 5 letters block Transpose the message Use Autokey cipher to encrypt the result
• Key : “ NetworkSecurity”
![Page 57: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/57.jpg)
Stream Vs. Block Ciphers
57
Stream converts one symbol of plaintext into a symbol of ciphertext
Block encrypts a group of plaintext symbols as one block.
![Page 58: Computer and Network Security](https://reader035.vdocuments.site/reader035/viewer/2022062221/56813b48550346895da4315f/html5/thumbnails/58.jpg)
Reading materials
58
Stallings Chapter 1
Chapter 2