saad haj bakry, phd, ceng, fiee 1 principles of information security saad haj bakry, phd, ceng, fiee...
TRANSCRIPT
Saad Haj Bakry, PhD, CEng, FIEE
1
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE
PRESENTATIONS IN NETWORK SECURITYPRESENTATIONS IN NETWORK SECURITY
Saad Haj Bakry, PhD, CEng, FIEE 2
Information Processing Error / Volume Control Steganography Hash Function Symmetric (Private Key) Encryption Asymmetric (Public Key) Encryption Cryptanalysis
Objectives / Contents
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 3
Information Processing (1)
Source Encoding
Coding signal in digital form.
Compression Reduction of transmission bandwidth.
Error Control Detection (and correction) of communication errors (noise).
Traffic Padding
Testing traffic volume (volume confidentiality)
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 4
Information Processing (2)
Steganography Hiding Information within other informatiom.
Hash Function Message summary to test integrity.
Encryption Using encoding (encryption / enciphering) as means for protecting data from interception by unauthorized parties
Cryptanalysis Breaking (cracking) encryption.
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 5IT Security
PRINCIPLE: Redundant Information
to Detect / Correct Errors
PRINCIPLE: Redundant Information
to Detect / Correct Errors
FORWARD ERROR
CORRECTION:
Hamming
Reed-Solomon Codes
Bose Chaudhuri Hocquenhem Codes
FORWARD ERROR
CORRECTION:
Hamming
Reed-Solomon Codes
Bose Chaudhuri Hocquenhem Codes
ACKNOWLEDGEMENTS:
• Echo Checking: Send Back
• ARQ: Automatic Repeat Request
ACKNOWLEDGEMENTS:
• Echo Checking: Send Back
• ARQ: Automatic Repeat Request
Error Control (1)
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 6
BYTE PARITY CHECKBYTE PARITY CHECK
1 0 0 1 1 0 1
0
11 2 3 4 5 6 7
8
8
BIT No.
BITS
ODD PARITY
EVEN PARITY
Error Control (2)
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 7
BLOCK
CHECKING
BLOCK
CHECKING
1 0 0 1 1 0 1 1
1 2 3 4 5 6 7BIT No.
BITS
8 PARITY
BLOCK
PARITY
Error Control (3)
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 8
OBJECTIVES:
CONFIDENTIALITY FOR THE
VOLUME OF
TRAFFIC
OBJECTIVES:
CONFIDENTIALITY FOR THE
VOLUME OF
TRAFFIC
METHOD:
Filling idle periods with meaningless data (packets) that
can be detected by the receiver.
(Volume Testing & Control)
METHOD:
Filling idle periods with meaningless data (packets) that
can be detected by the receiver.
(Volume Testing & Control)
Traffic Padding
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 9
Steganography (Hiding Information)
Objective: To hide information within other informationObjective: To hide information within other information
Examples: Message: David
Owen
Hidden Message: DO Watermarks
bank notes / papers / Digital Watermark:
Adobe PhotoShopwww.adobe.com
Examples: Message: David
Owen
Hidden Message: DO Watermarks
bank notes / papers / Digital Watermark:
Adobe PhotoShopwww.adobe.com
Solutions www.digimark.com www.conginity.com
Solutions www.digimark.com www.conginity.com
Proof of Ownership:Music recorded with
frequencies not audible to humans
Proof of Ownership:Music recorded with
frequencies not audible to humans
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 10
The “Hash Function”Objective: Checking Message IntegrityObjective: Checking Message Integrity
Hash FunctionHash FunctionMessageMessage Message DigestMessage Digest
Mathematical Function Applied to the Message “Contents”Mathematical Function Applied to the Message “Contents”
“Hash Value”
Simple Function: “adding up the 1’s of the message”
Collision: Messages with the same “hash value”
Chance of Collision: Statistically insignificantMessages can be checked but not reconstructed from their hash value
Collision: Messages with the same “hash value”
Chance of Collision: Statistically insignificantMessages can be checked but not reconstructed from their hash value
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 11
Old Cryptographic Ciphers
Cipher Algorithm Example
Substitution Replacing “a” by “b”
“b” by “c”
“c” by “d”….
“information security”
becomes
“jogpsnbujpo tfdvsjuz”
Transposition Changing the sequence of letters to become:
“odd” followed by “even”
“information security”
becomes
“ifrain-nomto scrt-euiy”
Both Substitution and transposition together (see above)
“information security”
becomes
“jgsbjo-opnup tdsu-fvjz”
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 12
Encryption: Basic Data Security Terms
Term DefinitionPlaintext Source text / Unencrypted data
Cryptography Transforming “plaintext” to “cipher text” (encrypted text) using a “cipher” and a “key”
Cipher text Encrypted text / Incomprehensible data
Cipher /
Cryptosystem
A technique / A procedure / An algorithm (a computer science term) for encrypting data / messages
A Key A string of digits used to encrypt data (like a password) / Longer keys lead to stronger encryption
Cryptanalysis Breaking / cracking encryption
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 13
SenderSender
Secret-Key Cryptography (1)
SenderSender
ReceiverReceiver
ReceiverReceiver
Communication NetworkCommunication Network
Symmetric KeySymmetric Key
Symmetric KeySymmetric Key
Plain Text
Plain Text
Cipher Text
Cipher Text
Encrypt / Decrypt
Encrypt / Decrypt
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 14
Symmetric: Sender / ReceiverSymmetric: Sender / Receiver
Less Sophisticated: Relative to Public-KeyLess Sophisticated: Relative to Public-Key
More Efficient: Sending Large Amounts of DataMore Efficient: Sending Large Amounts of Data
Problem (1): S-R “Key Exchange”Problem (1): S-R “Key Exchange”
Problem (2): Many Keys “One for Each Receiver”Problem (2): Many Keys “One for Each Receiver”
Secret-Key Cryptography (2)
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 15
PUBLIC KEY
PUBLIC KEY
PRIVATE KEYPRIVATE KEY
PRIVATE KEYPRIVATE KEY
PUBLIC
KEY
Asymmetric Keys
Private Reception
Public Transmission
Many
to
One
Private Transmission
Public Reception
One
to
Many
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 16
Asymmetric: Sender / ReceiverAsymmetric: Sender / Receiver
Public Key:Distributed Freely Public Key:
Distributed Freely
Started at the MIT
in 1976 by:
Whitfield Diffe
Martin Hellman
Started at the MIT
in 1976 by:
Whitfield Diffe
Martin Hellman
Public-Key Cryptography (1/2)
Private Key:Kept by the Owner Private Key:
Kept by the Owner
RSA P-K Algorithm: Rivest / Shamir / Adleman,
MIT 1977, RSA Inc. 1982
Used by “Fortune 1000”
“e-Commerce Transactions”
RSA P-K Algorithm: Rivest / Shamir / Adleman,
MIT 1977, RSA Inc. 1982
Used by “Fortune 1000”
“e-Commerce Transactions”
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 17
Public-Key Cryptography (2/2)
The Two Keys are “Mathematically Related”,
BUT Computationally “Infeasible to Deduce” Private Key from the Public Key
The Two Keys are “Mathematically Related”,
BUT Computationally “Infeasible to Deduce” Private Key from the Public Key
Per Organization: One “Public Key” One“Private Key”
Not One “Secret Key”
per receiver.
Per Organization: One “Public Key” One“Private Key”
Not One “Secret Key”
per receiver.
“Secret Key”
Exchange
Not Needed
“Secret Key”
Exchange
Not Needed
Problem: Requires high computer power / Not efficient for data volumes /
Performance: Slower
Problem: Requires high computer power / Not efficient for data volumes /
Performance: Slower
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 18
Organization Public
Key
Organization Public
Key
Public-Key: Case / Problem (1)
NetworkNetwork
CustomerCustomer
CustomerCustomer
CustomerCustomer
OrganizationOrganization Organization Private
Key
Organization Private
Key
Problem:
Validation of customer’s
identity
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 19
Customer Private
Key
Customer Private
Key
Public-Key: Case / Problem (2)
NetworkNetwork
CustomerCustomer
OrganizationOrganizationCustomer
Public
Key
Customer Public
Key
Problem:
Proving the identity
of the receiving
organization’s
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 20
Customer Private
Key
Customer Private
Key
Public-Key: Combination / Solution
NetworkNetwork
CustomerCustomer
OrganizationOrganization
Customer Public
Key
Customer Public
Key
Organization
Public Key Organization
Public Key
Organization
Private Key Organization
Private Key
Identities of both partners are authenticated
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 21
Cryptanalysis
Objectives: Attack “to break key” Test “key strength”
Objectives: Attack “to break key” Test “key strength”
How: Analysis of encryption algorithm to find
relations between “bits of encryption key” and “bits of cipher-text” in order to “determine key”
How: Analysis of encryption algorithm to find
relations between “bits of encryption key” and “bits of cipher-text” in order to “determine key”
Key / Cipher-text Relationship:
“Statistical” nature “Plain-text” knowledge
Key / Cipher-text Relationship:
“Statistical” nature “Plain-text” knowledge
Principles of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 22
Error Control: against noise.
Traffic padding: volume control.
Steganography: hiding information.
Hash Function: measure of message integrity. Cryptography: confidential information
Key: length leads to strength. Symmetric: problems (key exchange / 1 key per receiver) Asymmetric: problems (processing / proof of identity) Cryptanalysis: key breaking.
Remarks / UnderstandingPrinciples of Information Security
Saad Haj Bakry, PhD, CEng, FIEE 23
References B.R. Elbert, Private Telecommunication Networks, Artech House, US,
1989. Telecommunications Management: Network Security, The National
Computer Centre Limited, UK, 1992 K.H. Rosen, Elementary Number Theory and its Applications, 4th
Edition, Addison Wesley / Longman, 1999. ISO Dictionary of Computer Science: The Standardized Vocabulary
(23882), ISO, 1997. F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce
for Managers, Prentice-Hall (USA), 2001
Principles of Information Security