Sei sulla pagina 1di 33

# Data and Network Security MIT 4010

Introduction

Nandika Kasun

## Department of Communication and Media Technologies

University of Colombo School of Computing
University of Colombo
Sri Lanka

1
kasun@cmb.ac.lk
Introduction

## Course Title: Data and Network Security (MIT 4010)

For Whom: MIT students
Number of Lecture Hours: 30 hours (2 hours x 15
Weeks)
Prerequisites: A familiarity with basic mathematical
concepts

2
kasun@cmb.ac.lk
Learning Outcome:

## After successfully completing this module student should be

able to:

understand the concept of symmetric key and asymmetric key
cryptography.

compare and contrast the different encryption and decryption
algorithms and technologies.

understand the web security and principals of security application
development

Apply modern cryptographic principles (symmetric key and
asymmetric key cryptography) to solve real world security problems.

design new cryptographic solutions to address the security issues in
open network environments.
3
kasun@cmb.ac.lk
Outline of the Syllabus

1. Introduction
Classical Encryption techniques, Cipher Principles ,Block Ciphers,
Stream Ciphers, Cipher Design Principle

2. Symmetric Encryption
Data Encryption Standard, Block Cipher Design Principles and
Modes of Operation, Triple DES, AES Cipher

## 3. Asymmetric key Encryption and Hash functions

Introduction to Number Theory, Confidentiality using Symmetric Encryption,
Public Key Cryptography, RSA, DSA, ECC

4. Message Authentication
Message Authentication Codes, Hash Functions, Security of Hash Functions and
MACs , MD5, Secure Hash Algorithm, HMAC, Digital Signatures
4
kasun@cmb.ac.lk
Outline of the Syllabus
5. Key Management
Diffie-Hellman key Exchange, Public Key Infrastructure (PKI), Quantum Cryptography

6. Authentication Protocols
Authentication principles,X.509 Authentication Service, Kerberos,
.NET Passport protocol, Multi-party authentication

## 7. IP Security and VPN

Security Association(SA), Authentication Header(AH), Encapsulating Security
Payload(ESP), The Internet Key Exchange (IKE) Protocol, VPN

## 8. Intrusion Detection and Prevention

Viruses and related Threats, Virus Counter measures, Firewall Design Principles,
IDS, Honey ports

## 9. Electronic Mail and Electronic Document Security

PGP, S/MIME, Hoax, Spam, PKCS7, XML Security
5
kasun@cmb.ac.lk
Outline of the Syllabus
10. Web Application Security
User Requirements,SSL, Web Server Protection, Web Service Security,
SQL Injection

## 11. Wireless Security

Wireless Application Protocol Security(WAP), Wireless Transport Layer,
Security(WTLS)

## 12. Secure electronic commerce

Digital cash, Credit card transactions, SET, 3D Secure

## 13. Java Cryptography

JSA, JCE, Java cryptography application development, Key management,
Signed applets

## 14. Information Crime and Investigations

UCSC
crime laws, DigitalAllforensic methodologies and tools
rights reserved. No part of this material may be reproduced and sold.
6
kasun@cmb.ac.lk
Basic Encryption and
Decryption
Lecturer 1

## •Requirement and basic concept

•Monoalpabetic & Polyalphabetic ciphers
•The “perfect” substitution ciphers
•Transposition ciphers
•Stream & Block ciphers
•Characteristics of “Good” cipher

7
kasun@cmb.ac.lk
Requirement

Help

8
kasun@cmb.ac.lk
Basic Concept

Cipher Algorithm

Cipher Algorithm

Encrypted Data

9
kasun@cmb.ac.lk
The Caesar Cipher

## Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Ci = E(Pi)= Pi+3

10
kasun@cmb.ac.lk
Monoalphabetic Substitutions

## Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : K E Y G H I J K L M N O P Q R S T U V W X Y Z A B C

Letter Frequency

ABCDEFGHIJKLMNOPQRSTUVWXYZ

11
kasun@cmb.ac.lk
Polyalalphabetic Substitutions

## Table for Odd Positions

Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : A D G J N O S V Y B E H K N Q T W Z C F I L O R U X

## Plain Text :ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher Text : N S X C H M R W B G I Q V A F K P U Z E J O T Y D I

## Plain Text : SSIBL

Cipher Text : czysh

12
kasun@cmb.ac.lk
The Perfect Substitution Cipher

•Plain text length = Key length

13
kasun@cmb.ac.lk
The Vernam Cipher
Plain Text :V E R NA M C I P H E R
Numeric Equivalent : 21 4 17 13 0 12 2 8 15 7 4 17
+Random Number : 76 48 16 82 44 3 58 11 60 5 48 88
= Sum : 97 52 33 95 44 15 60 19 75 12 52 105
=Mod 26 : 19 0 7 17 18 15 8 19 23 12 0 1

Cipher text : t a h r s p I t x m a b

## Binary Vernam Cipher

Plain Text :101000111001101
+ Random Stream : 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1
Cipher text :111110010111000
14
kasun@cmb.ac.lk

## •If a truly random key as long as the message is used, the

cipher will be secure
•Has unconditional security:
•ciphertext bears no statistical relationship to the
plaintext since for any plaintext & any ciphertext there
exists a key mapping one to other
•Can only use the key once
•Have problem of safe distribution of key
15
kasun@cmb.ac.lk
Random Number Generation

## •Books 2. Pseudo Random numbers

•CD
•Linear congruential random number generation

## Ri+1 = (a * Ri+b) mod n

R1 = (a * R0+b) mod n
R2 = (a * R1+b) mod n
R3 = (a * R2+b) mod n

16
kasun@cmb.ac.lk
Transpositions (Permutation)

Columnar Transposition

c1 c2 c3 c4 c5
c6 c7 c8 c9 c10
c11 c12 etc.

## Cipher text formed by c1 c6 c11 c2 c7 c12 c3 c8 ...

c1 c2 c3 c4 c5
c6 c7 c8 c9 c10
c11 c12 etc.

17
kasun@cmb.ac.lk
Block vs Stream Ciphers

## •Block ciphers process messages in blocks, each of which

is then en/decrypted
•Like a substitution on blocks of characters
•64-bits or more

## •Stream ciphers process messages a bit or byte at a time

when en/decrypting
•E.g. Vernam cipher, one time pad

## •Many current ciphers are block ciphers

18
kasun@cmb.ac.lk
Stream Cipher

Key (Optional)

ISSOPMI WEHTUA..
Y
Plain text Cipher text
Cipher

## •Speed of transformation Cipher text(F)

•Low error propagation Plain text (A)

•Low diffusion
•Susceptibility to malicious insertion and modifications
19
kasun@cmb.ac.lk
Block Cipher
XN
OI BA
TP QC
Key (Optional) KD
YR
CN EM
ES MC
Y
Plain text Cipher text
Cipher
•Slowness of encryption
•Error propagation
Cipher text(FRWSU)
Plain text
(AKEDF)
•Diffusion
•Immunity to insertion
20
kasun@cmb.ac.lk
Characteristic of “Good” Cipher

## •The amount of secrecy needed should determine

the amount of labor appropriate for encryption and decryption

•The set of keys and the encryption algorithm should be free from complexity

## •Errors in the ciphering should not propagate and cause corruption of

further information in the message

## •The size of enciphered text should be no larger than the

text of the original message

21
kasun@cmb.ac.lk
Kerckhoff’s Principle

## The security of the encryption scheme must depend

only on the secrecy of the key and not on the secrecy
of the algorithms.

Reasons:
•Algorithms are difficult to change
•Cannot design an algorithm for every pair of users
•Expert review
•No security through obscurity!

22
kasun@cmb.ac.lk
Confusion and Diffusion

## Goal: cipher needs to completely obscure statistical

properties of original plaintext (like a one time pad)

23
kasun@cmb.ac.lk
Confusion

Confusion
The interceptor should not be able to predict
what changing one character in the plaintext
will do to the ciphertext

Plaintext

Ciphertext

24
kasun@cmb.ac.lk
Diffusion

Diffusion
The characteristics of distributing the
information from single plaintext letter over
the entire ciphertext
Plaintext
KASUN

ANHYJ
Ciphertext
25
kasun@cmb.ac.lk
Information Theoretic Tests

Prob(h(C)=P)<z

## Perfect Secrecy Imperfect Secrecy

P1
C1 P1
C1
P2
C2 P2
C2
P3
C3 P3
C3
P4
C4 P4
C4
P5
C5 P5
C5
26
kasun@cmb.ac.lk
Redundancy

Meaningless messages P1
C1
P2
Meaningful message P3
P4
P5

27
kasun@cmb.ac.lk
What the Cryptanalyst Has to Work With

•Ciphertext only
•Full or partial plaintext
•Ciphertext of any plain text
•Algorithm of ciphertext

28
kasun@cmb.ac.lk
Types of Cryptanalytic Attacks

Ciphertext only
only knows encryption algorithm and ciphertext, goal is to
identify plaintext

Known plaintext
know encryption algorithm and one or more plaintext &
ciphertext pairs formed with the secret key

Chosen plaintext
know encryption algorithm and can select plaintext and obtain
ciphertext to attack cipher

29
kasun@cmb.ac.lk
Types of Cryptanalytic Attacks

Chosen ciphertext
know encryption algorithm and can select ciphertext and obtain
plaintext to attack cipher

Chosen text
know encryption algorithm and can select either plaintext or
ciphertext to en/decrypt to attack cipher

30
kasun@cmb.ac.lk
Brute Force Search
•Always possible to simply try every key
•Most basic attack, proportional to key size
•Assume either know/recognize plaintext

## Key Size Number of Time required at

(bits) Alternative Keys 106 Decryption/µs

## 32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years

31
kasun@cmb.ac.lk
Unconditional/Computational Security

Unconditional security
no matter how much computer power is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext

Computational security
given limited computing resources (e.g. time
needed for calculations is greater than age of
universe), the cipher cannot be broken