Network Security. Omer Rana



Similar documents
Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

ECE 428 Network Security

Properties of Secure Network Communication

CS 758: Cryptography / Network Security

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

7! Cryptographic Techniques! A Brief Introduction

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Symmetric Key cryptosystem

The Advanced Encryption Standard (AES)

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

SeChat: An AES Encrypted Chat

How To Understand And Understand The History Of Cryptography

SECURITY IN NETWORKS

Chapter 10. Network Security

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CSCE 465 Computer & Network Security

The Advanced Encryption Standard: Four Years On

EXAM questions for the course TTM Information Security May Part 1

Chapter 8. Network Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Cryptography and Network Security

Network Security Technology Network Management

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Separable & Secure Data Hiding & Image Encryption Using Hybrid Cryptography

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

The Advanced Encryption Standard (AES)

Public Key Cryptography Overview

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Computer Security: Principles and Practice

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

CSCE 465 Computer & Network Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security in Distributed Systems. Network Security

IT Networks & Security CERT Luncheon Series: Cryptography


A Survey on Performance Analysis of DES, AES and RSA Algorithm along with LSB Substitution Technique

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Network Security. HIT Shimrit Tzur-David

CRYPTOGRAPHY IN NETWORK SECURITY

How To Encrypt With A 64 Bit Block Cipher

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Implementation of Full -Parallelism AES Encryption and Decryption

Lecture 9 - Network Security TDTS (ht1)

Overview of Public-Key Cryptography

Lecture 9: Application of Cryptography

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Evaluation of the RC4 Algorithm for Data Encryption

Public Key (asymmetric) Cryptography

Cryptography and Network Security Chapter 3

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Application Layer (1)

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

Split Based Encryption in Secure File Transfer

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Chapter 7: Network security

Cryptography and Network Security Block Cipher

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key

Lukasz Pater CMMS Administrator and Developer

Network Security. Outline of the Tutorial

Cryptography and Network Security

PA160: Net-Centric Computing II. Network Security

Security in Computer Networks

6 Data Encryption Standard (DES)

Efficient Software Implementation of AES on 32-bit Platforms

Keywords Web Service, security, DES, cryptography.

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security, PART IV: Reviews, Patches, and Theory 1 / 53

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1 Data Encryption Algorithm

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Cryptography Lecture 8. Digital signatures, hash functions

Center for Internet Security. INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO

IJESRT. [Padama, 2(5): May, 2013] ISSN:

Techniques of Asymmetric File Encryption. Alvin Li Thomas Jefferson High School For Science and Technology Computer Systems Lab

Security in Computer Networks

Elements of Applied Cryptography Public key encryption

Advanced Cryptography

Lecture 4 Data Encryption Standard (DES)

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Network Security. Chapter 2 Basics 2.1 Symmetric Cryptography. Cryptographic algorithms: outline. Basic Terms: Block cipher and Stream cipher

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Notes on Network Security Prof. Hemant K. Soni

Cryptography & Network Security

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Principles of Network Security

Application Layer (1)

Survey on Enhancing Cloud Data Security using EAP with Rijndael Encryption Algorithm

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Software Tool for Implementing RSA Algorithm

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

Transcription:

Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption or decryption algorithms (or categories of algorithms) Key: a number (set of numbers) that the cipher (as an algorithm) operates on. To encrypt a message: Encryption algorithm Encryption key Plaintext Ciphertext 1

Symmetric-key Cryptography Alice shared secret key Bob Three types of keys: Secret Key Public Key Private Key Plaintext Encryption Ciphertext Decryption Same key used by both parties Key used for both encryption and decryption Keys need to be swapped beforehand using a secure mechanism Plaintext Asymmetric-key Cryptography To everyone (public) Bob s public key Alice Bob Bob s private key Plaintext Encryption Ciphertext Decryption Plaintext Differentiate between a public key and a private key Symmetric-Key Cryptography Traditional ciphers: Character oriented Two main approaches: Substitution ciphers or Transposition Ciphers Substitution Ciper: Substitute one symbol with another Mono-alphabetic: a character (symbol) in plaintext is changed to the same character (symbol) in ciphertext regardless of its position in the text If L O, every instance of L will be changed to O Plaintext: HELLO Ciphertext: KHOOR Poly-alphabetic: each occurrence can have a different substitute. Relationship between a character in plaintext to ciphertext is one-to-many (based on position being in beginning, middle or end of text). Divide text into group of characters and use a set of keys. THISLECTUREISREALLYINTERESTING Plaintext: HELLO Ciphertext: ABNZF 2

Other Traditional Ciphers Shift/Caesar Cipher Plaintext and Ciphertext contains upper case characters Encryption: shift <x> characters up Decryption: shift <x> characters down <x> is the key Use shift cipher with key = 15 to encrypt message HELLO Solution: Each character is shifted 15 times: H W E T HELLO WTAAD L A O D Transposition Cipher Change location of characters from plaintext to cipher text Permute symbols in a block of symbols Key is a mapping between the position of symbols in plaintext to cipher text Example: Plaintext: 1 2 3 4; Cipher text: 2 4 1 3 1 1 2 3 4 2 3 4 position Encryption using the above Cipher: Message HELLO MY DEAR Remove spaces: HELLOMYDEAR Divide into block of four: HELL OMYD EARZ note addition of Z Ciphertext: ELHLMDOYAZER 3

Currently used Ciphers Traditional ciphers are character-oriented Modern ciphers are bit-oriented Can deal with text, numbers, video, audio, images, etc Convert data into bit stream then apply cipher Symmetric cipher: Use a combination of ciphers rather than just one Ciphers may be applied in rounds Examples: XOR, Rotation Cipher, Substitution Cipher (S-box), Transposition Cipher (P-box) Standards: Data Encryption Standard (DES) Advanced Encryption Standards (AES) Others: Int. Data Encryption Algorithm (IDEA), Blowfish, CAST- 128, RC5 A B C 0 0 0 0 1 1 1 0 1 1 1 0 XOR Modern Ciphers 1 Use of data (plaintext) and key Size of data, key and ciphertext are the same Interesting property: encryption and decryption are the same Plaintext: 11011 Key: 01011 Ciphertext: 10000 Key: 01011 Recovered Plaintext: 11011 Rotation Cipher Key may be specifically defined or assumed Keyless rotation: number of rotations (left/right) is pre-defined If plaintext size is N; then after N rotations, we get original Useless to apply more than N-1 rotations Decryption: use same key but opposite direction of rotation 4

Substitution: S-box Modern Ciphers 2 Similar to traditional substitution cipher for characters Plaintext: stream of length N Ciphertext: stream of length M, N<>M Transposition: P-box (Permutation box) Similar to traditional transposition cipher for characters Performs transposition at bit level E.g.: Straight (N N), Expansion (N M, M>N), Compression (N M, M<N) Round Ciphers Ciphers involve multiple rounds Each round is a complex cipher made up of simple ciphers Each round has a key which is a subset/variation of the general key ( round key ) Key generator If N rounds N keys are generated one for each round 5

Types Keys used for Encryption and Decryption Same Different Symmetric-Key Cryptography DES AES Asymmetric-Key Cryptography RSA Diffie-Hellman IDEA Blowfish CAST-128 RC5 Data Encryption Standard (DES) from IBM 64-bit plaintext Initial Permutation Round 1 Round 16 Final Permutation 64-bit ciphertext k1 k16 Round Key Generator Symmetric key cipher divide plaintext into blocks (use same key to encrypt/decrypt block) 64-bit plaintext, 64-bit key Two p-boxes, 16 complex (repeated) round ciphers with different key Initial and final permutations are keyless straight permutations (inverse of each other) 6

DES function for the i th Round 32 bits 32 bits Li Ri Ri 32 bits f(ri,ki) Outcome + XOR Li+1 Ri+1 32 bits 32 bits Key (Ki) 48-bits Expansion Permutation 48 bits + S S S S S S S Straight Permutation Outcome 48 bits 32 bits 32 bits (Ki) S-boxes Decryption Round 32 bits 32 bits Li Ri Ri 32 bits f(ri,ki) Outcome + XOR Li+1 Ri+1 32 bits 32 bits Key (Ki) 48-bits Expansion Permutation 48 bits + S S S S S S S Straight Permutation Outcome 48 bits 32 bits 32 bits (Ki) S-boxes 7

Triple DES (3DES) To improve on the limited size of DES key use of three DES blocks Encryption block: Encryption-Decryption-Encryption combination Decryption block Decryption-Encryption-Decryption combination Two version: 2 keys and 3 keys 64-bit plaintext Triple DES (3DES) Encrypt DES Decrypt DES Key 1 Key 2 2 keys version: Key 1 = Key 3 Text encrypted by a Single DES block can Be decrypted by the new 3DES Encrypt DES 64-bit ciphertext Key 3 Key sizes: 112 bits and 168 bits 8

Advanced Encryption Standard (AES) from NIST Overcome limitation with small DES keysize 3DES increases key size but slow Uses Rijndael algorithm Uses a complex round cipher with 3 key sizes 128 bits (10 rounds), 192 bits (12 rounds), 256 bits (14 rounds) data block: 128 bits Other variations proposed which differ in either size of block, key, number of rounds, or function used 10 Blocks identical (except 10), but each uses a different key Each Round (except 10) is a cipher with four operations that are invertible. Last round has only three operations Each operation uses a complex cipher AES (10 rounds, 128-bit key) 128-bit plaintext 128-bit data Round i + k0 Byte Substitution (SubByte) Round 1 k1 Round Key Generator Byte Permutation (ShiftRow) Round 10 (different from other rounds) k16 Complex Operation -- except Round 10 (MixColumn) 128-bit ciphertext 128-bit key ki + 128-bit data 9

Applying the Cipher Electronic Code Block Plaintext divided into N blocks, Ciphertext has N blocks If Plaintext blocks 1,2,3 are identical Ciphertext blocks 1,2,3 are identical Blocks are considered independent of each other error in one block is not propagated to another Cipher Block Chaining Use previous cipher block in the preparation of the current block (Plaintext and Ciphertext still N blocks) Identical blocks in Plaintext are not identical in Ciphertext Blocks have dependencies errors propagated across blocks An initiation vector used to bootstrap the process Various other approaches are also possible Rivest, Shamir and Adleman (RSA) Two keys (e,d); e:public; d:private Keys related Selecting keys by Bob Chose two large prime numbers: p, q n=p * q; f=(p-1) * (q-1) Chose a random integer e d * e = 1 mod f Public: e,n Private: f,d Size of Plaintext block < n Alice sends message to Bob: C = P e (mod n) Bob receives message from Alice: P = C d (mod n) 10

RSA Example Bob chooses: p=7; q=11 n=p*q=7*11=77 f=(7-1) * (11-1) = 60 Bob chooses: e=13; and calculates: d=37 Public key = 13 Private key = 37 Alice: Plaintext = 5 C= 5 13 = 26 mod 77 Bob receives ciphertext 26 Bob: Ciphertext=26 P= 26 37 = 5 mod 77 Plaintext = 5 RSA 2 Slow if message is long Useful for small message digests Useful for Digital signatures Useful for encrypting a symmetric key Diffie-Hellman Used for key exchange Bob and Alice create a symmetric session key They do not need to remember or store the key They do not have to meet to agree on the key 11

Bob and Alice: Diffie-Hellman Choose two numbers: p, g these are public p: large prime number (1024 bits); g: random number Bob: chooses y ; Alice: chooses x (x,y: large random numbers) Secret key has three parts: (p,g),x,y: (g,p=public; Bob knows y; Alice knows x). Each adds their own part to calculate the shared key Alice R1=g x mod p R2=g y mod p Bob R1 R2 K=(R2) x mod p K=(R1) y mod p Shared secret key K=g xy mod p (g x mod p) y mod p = (g y mod p) x mod p = g xy mod p Both reach the same value for the key, without Bob knowing x, and Alice knowing y Simple Diffie-Hellman Example Assume: g=7; p=23 Alice: chooses x=3; R1=7 3 mod 23 = 21 Bob: chooses y=6; R2=7 6 mod 23 = 4 Alice 21 Bob 4 Bob Alice: calculate symmetric key (K) K = 4 3 mod 23 = 18 Bob: calculate symmetric key (K) K = 21 6 mod 23 = 18 Alice g xy mod p = 7 (3*6) mod 23 = 18 12

Man-in-the-middle attack Diffie-Hellman is a sophisticated symmetric-key creation algorithm If x,y are large numbers; difficult for another party to find the key (knowing only p,q) Even if R1 and R2 intercepted, intruder still needs to know x,y Finding x from R1; or y from R2 are difficult tasks Alternative attack: Intruder can fool Alice and Bob by creating two keys (one between each party) Intermediate party (Eve) can fool Alice and Bob into believing they are communicating directly Eve can also change/modify message before forwarding Alice Eve Bob R1=g x mod p R1 R2=g z mod p R2 R2 R3=g y mod p K1=(R2) x mod p K1=(R1) z mod p K2=(R3) z mod p R3 K2=(R2) y mod p Alice-Eve: K1= g xy mod p Eve-Bob: K2= g zy mod p 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information