Security for Computer Networks



Similar documents
Table of Contents. Bibliografische Informationen digitalisiert durch

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

1 Data Encryption Algorithm

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

CRYPTOGRAPHY AND NETWORK SECURITY

CRYPTOG NETWORK SECURITY

TELECOMMUNICATION NETWORKS

CRYPTOGRAPHY IN NETWORK SECURITY

Cryptography & Network Security

EXAM questions for the course TTM Information Security May Part 1

Lecture 9 - Network Security TDTS (ht1)

Properties of Secure Network Communication

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Lectures for the course: Electronic Commerce Technology (IT 60104)

Lukasz Pater CMMS Administrator and Developer

IT Networks & Security CERT Luncheon Series: Cryptography

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

ARCHIVED PUBLICATION

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

CS 758: Cryptography / Network Security

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

Authentication requirement Authentication function MAC Hash function Security of

Chapter 10. Network Security

SSL Firewalls

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Modes of Operation of Block Ciphers

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Tim Bovles WILEY. Wiley Publishing, Inc.

The Encryption Technology of Automatic Teller Machine Networks

NETWORK ADMINISTRATION AND SECURITY

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

VALLIAMMAI ENGINEERING COLLEGE

Secure Network Communications FIPS Non Proprietary Security Policy

SECURITY IN NETWORKS

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

First Semester Examinations 2011/12 INTERNET PRINCIPLES

How To Encrypt With A 64 Bit Block Cipher

7! Cryptographic Techniques! A Brief Introduction

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Advanced Authentication

Network Security - ISA 656 Introduction to Cryptography

Insight Guide. Encryption: A Guide

JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

The Misuse of RC4 in Microsoft Word and Excel

IBM SecureWay Cryptographic Products IBM. Transaction Security System. General Information Manual GA

Chapter 7: Network security

The Mathematics of the RSA Public-Key Cryptosystem

Symmetric Key cryptosystem

" Authentication Techniques. for Smart Cards

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Content Teaching Academy at James Madison University

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003

Chap. 1: Introduction

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security. HIT Shimrit Tzur-David

Security Policy for Oracle Advanced Security Option Cryptographic Module

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

ECE 297:11 - Lecture 1. Security Services. Basic Concepts of Cryptology. Security Threats and Security Services. Need for information security

How To Understand And Understand The History Of Cryptography

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Cryptography and Network Security Block Cipher

CSCE 465 Computer & Network Security

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Lecture 9: Application of Cryptography

Cryptography and Network Security

Chapter 8. Network Security

Associate Prof. Dr. Victor Onomza Waziri

Applied Cryptography Public Key Algorithms

A Secure RFID Ticket System For Public Transport

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

Lecture 6 - Cryptography

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Guide to Data Field Encryption

Chap 2. Basic Encryption and Decryption

Cryptography and Network Security

ICOM 5018 Network Security and Cryptography

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Cryptography and Network Security

Today. Network Security. Crypto as Munitions. Crypto as Munitions. History of Cryptography

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Client Server Registration Protocol

Network Security: Cryptography CS/SS G513 S.K. Sahay

Cryptography and Network Security Chapter 9

Network Security Technology Network Management

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Transcription:

Security for Computer Networks An Introduction to Data Security in Teleprocessing and Electronic Funds Transfer D. W. Davies Consultant for Data Security and W. L. Price National Physical Laboratory, Teddington, Middlesex A Wiley-Interscience Publication lecbnischs FACHBEREiCH INFORMATtK LLLLLP THEK Sadigebiste i Standorti JOHN WILEY & SONS Chichester New York Brisbane Toronto Singapore

Contents Preface xvii Chapter 1. Data Security 1 1.1 The need for data security 1 1.2 Assessment of security 3 Software integrity 5 Security and people 6 1.3 The effect of technology 7 1.4 The notation for encryption 7 The need for key distribution and management 10 1.5 Some uses for encipherment 10 1.6 General properties of cipher functions 12 Chapter 2. Ciphers and their Properties 14 2.1 Introduction 14 2.2 Substitution ciphers -' 17 The Caesar cipher 17 Monoalphabetic substitution 19 Polyalphabetic substitution 21 The Vigenere cipher 23 2.3 Transposition ciphers 25 Simple transposition 26 The Nihilist cipher 27 2.4 Product ciphers 28 2.5 Cipher machines 28 The Jefferson cylinder 28 The Wheatstone disc 29 Rotor machines, the Enigma 30 vii

Vlll Printing cipher machines 32 Modern cipher machines 33 Substitution in modern ciphers 34 Keyed substitution 34 Transposition in modern ciphers 35 2.6 Attacks against enciphered data 35 Classes of attack 36 2.7 The stream cipher 38 The Vernam cipher 39 2.8 The block cipher 40 2.9 Measurement of cipher strength 41 Shannon's theory of secrecy systems 41 Limits of computation 42 An application of Shannon's theory 43 2.10 Threats against a secure system 43 Active line taps 44 Methods of protection 46 2.11 The encipherment key 46 References 47 Chapter 3. The Data Encryption Standard 49 3.1 History of the DES 49 The role of NBS 50 The IBM Lucifer cipher 51 The process of establishing the DES 53 3.2 The algorithm of the Data Encryption Standard 54 The ladder diagram 61 An algebraic representation 63 3.3 The effect of the DES algorithm on data 65 3.4 Known regularities in the DES algorithm 67 Complementation 67 The weak keys 68 The semi-weak keys 69 Hamiltonian cycles in the DES 70 3.5 Argument over the security of the DES 71 Exhaustive search for a DES key 73 Multiple DES encipherment 74 Trapdoors in the DES? 75 Senate investigation of the DES 76

3.6 Implementations of the Data Encryption Standard 76 Single chips 77 Multiple-chip sets 78 Microprocessor implementations 78 Circuit boards for the Data Encryption Standard 79 Tamper-resistant security modules 80 3.7 The IBM cryptographic scheme 83 3.8 Future standardization of encipherment algorithms 84 References 86 Chapter 4. Using a Block Cipher in Practice 88 4.1 Methods for using a block cipher 88 The limitations of the electronic codebook mode 89 4.2 Cipher block chaining 91 The first and last blocks 93 Transmission errors in CBC encipherment 95 Choice of the initializing variable 96 4.3 Cipher feedback 97 Error extension in cipher feedback 99 Initializing with CFB 100 Encipherment of an arbitrary character set 101 4.4 Output feedback 104 Key stream repetition 105 4.5 Standard and non-standard methods of operation 106 4.6 The place of encipherment in network architecture 109 Line level encipherment 110 End-to-end encipherment 112 The key distribution problem for end-to-end encipherment 114 Node-by-node encipherment 114 A best place for encipherment in network architecture? 115 4.7 Appendix: The birthday problem 116 References - 117 Chapter 5. Authentication 119 5.1 Introduction 119 5.2 Protection against errors in data preparation 121 5.3 Protection against accidental errors in data transmission 122 Cyclic redundancy checks 122 5.4 Authentication using secret parameters 123 IX

5.5 Requirements for an authenticator algorithm 125 The decimal shift and add algorithm 127 A 'main frame' authenticator algorithm 130 Authentication methods using the standard 'modes of operation' 132 5.6 Message authentication by encipherment 134 Choice of the plaintext sum check method of authentication 134 Encipherment or authentication? 136 Authentication without a secret key 136 5.7 The problem of replay 137 Use of a message sequence number 138 The use of random numbers for entity authentication 140 The use of date and time stamps 141 Authentication of stored data 142 5.8 The problem of disputes 143 References 144 Chapter 6. Key Management 145 6.1 Introduction 145 6.2 Key generation 146 Random bit generators 147 Pseudo-random number generators 148 6.3 Terminal and session keys 149 Routes for distribution of session keys 151 Session key distribution protocol 152 Authentication at the key acquisition phase 153 Authentication at the key transfer phase 154 Distribution of terminal keys 155 6.4 The IBM key management scheme 156 Physical security requirements 157 The key hierarchy 158 The encipherment and decipherment of data at the host 159 Generation and distribution of a session key 160 Generation and distribution of the terminal key 162 The principles of file security in the IBM key management scheme 164 Generating and retrieving a file key 165 Transfer of enciphered data between hosts 166 Transfer of enciphered files between hosts 167 6.5 Key management with tagged keys 168 Generation of new tagged keys 170 Extending the key hierarchy 171

6.6 Key management by the key notarization method 172 The operation of key notarization 173 The management of data keys 174 Management of the interchange keys 176 Comparison with the IBM key management scheme 177 References 178 Chapter 7. Identity Verification 179 7.1 Introduction 179 7.2 Identity verification by something known Passwords Variable passwords based on a one-way function Questionnaires 7.3 Identity verification by a token Magnetic stripe cards Watermark tape Sandwich tape Active cards 7.4 Identity verification by personal characteristics Machine recognition System tolerance 7.5 Hand-written signature verification Techniques for recording pen movement Use of signature verification 7.6 Fingerprint verification Machine recoenitioh of fingerprints XI 180 180 186 187 188 188 190 191 192 194 195 196 196 198 198 199 200 7.7 Voice verification 201 7.8 Recognition of retinal patterns 202 7.9 The verification process 202 Introduction 203 Verification 203 Tradeoffs 204 7.10 Assessment of identity verification techniques 208 The Mitre evaluation studies 208 Voice 209 Signature 210 Fingerprints 211 Comparison of systems 212 7.11 Performance of other identity verification systems 213 Speaker verification 213 Signature verification 214

Xll Fingerprint verification 215 Retinal patterns 215 Profile verification 216 7.12 Selection of an identity verification system 216 References 217 Chapter 8. Public Key Ciphers 219 8.1 The principle of public key encipherment 219 Access control with an asymmetric cipher 222 Constructing a public key system 222 One-way functions revisited 223 Number theory and finite arithmetic 224 8.2 The exponential function and key distribution 225 The exponential as a one-way function 228 The complexity of the logarithm 230 Key distribution 231 Authentication and transparency 233 8.3 The power function 234 Encipherment without key transport 235 8.4 The Rivest, Shamir and Adleman public key cipher 237 An attack by iteration and a defence 240 Practical aspects of the RSA cipher 242 8.5 The trapdoor knapsack 246 Practical aspects of the trapdoor knapsack 249 8.6 A cipher based on error correcting codes 251 8.7 The registry of public keys 253 8.8 Complexity theory and cryptography 255 The limitations of complexity theory for cryptography 256 8.9 Appendix: Finite arithmetic 257 Counting in modulo m arithmetic 257 Addition - 258 Subtraction 258 Multiplication 259 Division 260 The Euclidean algorithm 260 Calculation of the reciprocal 261 References 262 Chapter 9. Digital Signatures 265 9.1 The problem of disputes 265

Xlll 9.2 Digital signature using a public key cipher 266 Signature and encipherment combined 269 Signature using the RSA cipher 270 The asymmetric use of DES as a signature substitute 273 A new, economical signature method 274 9.3 Separation of the signature from the message 275 Falsifying a signed message by the 'Birthday' method 278 A one-way function for signature or authentication 280 9.4 Signatures employing a symmetric cipher 281 Rabin's signature method 282 Arbitrated signatures 284 9.5 The practical application of digital signatures 286 Revocation of signatures 287 References 289 Chapter 10. Electronic Funds Transfer and the Intelligent Token 290 10.1 Introduction 290 10.2 Established payment mechanisms 292 The bank cheque 293 Credit transfer 294 Summary of the properties of payment methods 296 10.3 Inter-bank payments 297 The Society for Worldwide Inter-bank Financial Telecommunication s.c. 297 Message format standards 299 Security in the S.W.I.F.T. system 302 The Clearing Houses Automated Payments System (CHAPS) 304 10.4 Automatic teller machines 306 On-line and off-line operation 308 PIN management 310 Algorithmic PIN checking 311 The dialogue for an on-line ATM 313 Shared ATM systems 315 Checking the PIN with an authentication parameter 320 Public key cryptography in a shared ATM system 321 10.5 Point-of-sale payments 321 The end-to-end session key in shared ATM and point-of-sale systems 325 Off-line point-of-sale terminals 327 Physical security requirements of the intelligent token 328 PIN checking in an intelligent token 328

XIV 10.6 Payments by signed messages 331 Point-of-sale payments by electronic cheque 334 A development of the intelligent token 335 10.7 Access control by intelligent tokens 336 Access control for centralized and distributed information services 337 10.8 Negotiable documents 340 A general-purpose negotiable document 340 Protection of negotiable documents against theft 343 References 344 Chapter 11. Data Security Standards 345 11.1 Introduction 345 The standards authorities 346 11.2 Standardization related to the Data Encryption Standard 350 Federal Standard 1027 General security requirements for equipment using the DES 351 11.3 Modes of operation 352 11.4 Encipherment in the physical layer of data communications 354 Principles for encipherment at the physical layer 356 Signalling the start of transmission 358 Treatment of the break signal 359 The option of bypass control 360 11.5 Encipherment in the data link layer 361 11.6 Authentication standards 364 11.7 Conclusion 365 References 366 Glossary 367 Index 381 Note added in proof The OSS quadratic signature method (p. 274) was described as 'tentative'. Since we wrote this, J. M. Pollard has shown that values of s and t can be obtained to satisfy the signature check, in other words that signatures can be forged, with a reasonable amount of calculation. However, C. P. Schnorr has devised a cubic version which defeats Pollard's attack. Will this prove to be secure?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information