Data security in data communication


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Data security in data communication

  1. 1. Data SecurityUnderstanding Data Communications and Networks – William A. Shay (3E)
  2. 2. Data Security‘To ensure that the data is received meaningfullyonly by the intended recipient’Approach – Alter (encrypt) the message (un-intelligible even if intercepted)- Algorithms- Public key encryption- Secure Transfer over internet
  3. 3. Data SecurityDefinitions:‘Changing the encrypted data into its original form– decryption’Plaintext P- original formCipher-text C - encrypted dataEncryption algorithm and key Ek, changes P to CC = Ek(P),Decryption algorithm and key Dk’, changes C to PP = Dk’(C), in many cases k = k’
  4. 4. Data SecurityMono-alphabetic cipher:‘Replaces each plaintext character with another’- Add 1 to ASCII code of each character- A turns into B, B to C, …- Simple but Rarely used in serious applications- Relatively easy to decipher- Commonly used letters: E, T, O, A, N => if certain letters appear frequently in cipher- text, probably it is one of these (than Q or Z)
  5. 5. Data SecurityMono-alphabetic cipher:P = PLEASE ADD MONEY TOC = {;RSDRSFF,PMRUYP=> 4 times=> S Twice=> R Thrice=> P TwiceThey may be substitutions of commoncharacters, even blank spaces
  6. 6. Data SecurityMono-alphabetic cipher:‘Try various combinations of common ones’{;EADEAFF,ONEUYO…(R by E, S by A, P by O)“Replace ‘’ by blank spaces”{;EADE AFF ,ONEU YOClues: ‘Two letter word ends with O, Three letter word begins with A followed by repeated letter’{;EADE ADD ,ONEU TO=> With educated guesses, message can be decrypted
  7. 7. Data SecurityMono-alphabetic cipher:Drawbacks: preserving particular letter sequences, frequency with which letters occurPoly-alphabetic Cipher:‘Change the frequencies and break-up common sequences’A plaintext character is not always replaced with the same one cipher-text character.Replacement = f (P, its position in the message)
  8. 8. Data SecurityPoly-alphabetic Cipher:For (int i = 0; i < length of P; i++) C[i] = P[i] + K + (i mod 3)Assume, K =1.1 is added for positions 0, 3, 6, …2 is added for positions 1, 4, 7, …3 is added for positions 2, 5, 8, …THEMTHENTHEY -> UJHNVKFPWIG=> Repetition has reduced, but still present
  9. 9. Data SecurityPoly-alphabetic Cipher:‘THE’ appears as UJH, VKF, WIGIf there were more ‘THE’, the pattern wouldrepeat.Also, there are other patterns:First letters of each ‘THE’ cipher-text are consecutive – UVW, (also the 2nd one as JKI, and the 3rd one as HFG)=> Clues for decryption
  10. 10. Data SecurityTransposition Cipher:‘Rearranges the P letters of a message (notReplacing them)’One way – store characters in a 2-dimensionalarray with m-columns=> First m-characters in 1st row, next m- characters in 2nd row, …..Determine a permutation of numbers 1 to m:p1, p2, ……, pm
  11. 11. Data SecurityTransposition Cipher:Transmit p1 column first, then p2, ……, then pm.P = ‘FOLLOW THE YELLOW BRICK ROAD’ F O L L O W T H E Y E L L O W B R I C K R O A D
  12. 12. Data SecurityTransposition Cipher:Transmit columns 2, 4, 3, 1, 5 (permutation)O YWCALHLB LTE KDFW OIOOELRRIf, receiver knows the permutation and the number of columns -> reconstruct the messageDrawbacks: letter frequencies are preserved, also by grouping the characters in different columns for sequences like ‘THE, IS’ are helpful for guessed-decryption.
  13. 13. Data SecurityBit-Level ciphering:‘Previous methods are applicable to character sequences’‘Files may contain raw bits (execution files), This method handles them’- Encryption key is a randomly chosen bit-string- Message bit string is divided into substrings- Length is the same as that of the key
  14. 14. Data SecurityEncrypted string = message string XOR key- Decryption: Encrypted string XOR key- E (algorithm) is same as D (algorithm)- pi is a plaintext bit, if encryption key contains ‘0’ in that position: pi XOR 0 XOR 0 = pi if encryption key contains ‘1’ in that position: pi XOR 1 XOR 1 = pi XOR (1 XOR 1) = pi XOR 0 = pi
  15. 15. Data Security‘Security depends partly on the length of the key’- Short key => many substrings => more chance of repetition of the encrypted substring, susceptible- In extreme case, the key length = message length => each bit is encrypted uniquely- If the key-bits are random => unbreakable code (but long key needs to be transferred)
  16. 16. Data SecurityData Encryption Standards (DES):‘Approach is to keep the key short compared to the message and to use complex procedure to encrypt the message’- Based on ‘block-cipher’- Divides the message into 64-bit blocks, uses a key to employ a complex transformation.- It uses transposition (rearrangement) and substitution (replacing one bit-group with another
  17. 17. Data SecuritySteps:- Transposition on the block data and the key- 16 successive encryptions with different keys derived from the original, output of one fed to the next input- Swap (32 bits)- Reverse transposition (of the 1st step)
  18. 18. Data SecurityEncryption operations:data = C64 = L32 R32, K56 = key(R32: transpose, duplicate bits) results in R48(K56: shift on each half, transpose) results in K56R48 XOR K48 (first) = X48Divide into 8 (6-bit) groupsSubstitute each by 4-bit valueCombine into a 32-bit string, transpose = X32
  19. 19. Data SecurityL32 XOR X32 = X32Form final 64 bits = R32 X32‘Idea was to develop a method with many convoluted steps’- If the same 64-bit block occurs more than once, it generates the same cipher-text.‘Cipher Block Chaining (CBC)’ disrupts that pattern.
  20. 20. Data SecurityCBC:Initialization vector (IV):Block 1 XOR IV -> DES -> Block 1CBlock 1C XOR Block 2 -> DES -> Block 2CBlock 2C XOR Block 3 -> DES -> Block 3C …Cipher-text = f (plaintext, its position)=> Same plain text in different positions means different cipher text also
  21. 21. Data Security• DES Effectiveness: Brute force method of attack – trying all possible keys -> 256 possible keys, it was possible to break the code in hours using gigahertz processors.• Using 128-bit key => 9.5 * 1015 years to try all possible keys @ 1015 keys per second
  22. 22. Data SecurityPublic Key Encryption (PKE):‘Knowing the encryption key and the algorithm renders decryption easy’‘PKE makes decryption algorithm and key determination difficult even when encryption algorithm and key are known’- Many sources can send message using same Ek. Only the receiver knows the Dk’.
  23. 23. Data SecurityRSA algorithm:- Uses modulo-arithmetic and factorization of very large numbers- Cipher-text is easy to calculate but difficult to break1.Assign simple code to letters (1 to 26 for ‘a’ to ‘z’)2.Choose ‘n’ (200 or more digits) as a product of two large prime numbers p, q.
  24. 24. Data SecurityFor simplicity, n = p * q = 11 * 7 = 773. Find a number K that is relatively prime (no common factors except 1) to (p-1) * (q-1). Choose k = 7 as the encryption key (there is always a k)4. Divide the message into components (with many letters in one, avoids repetition), For simplicity: “hello” divided as h, e, l, l, o
  25. 25. Data Security5. For each component, concatenate all the binary code of each letter and interpret it as an integer. Here, integers are: 8, 5, 12, 12, 15.6. Encrypt the message by raising each number to the power of k (modulo n)Encrypted message = 57 47 12 12 71Decryption:1. Find a value k’ such that (k * k’) – 1 is evenly divisible by (p-1) * (q-1). K’ is the decryption key .
  26. 26. Data SecurityHere, (p-1) * (q-1) = 60, k’ = 43 works well. (there is always a k’)2. Raise each encrypted number to the power of k’ (modulo n)Results are the original numbers 8, 5, 12, 12, 15.Potential problem: How to find 71 43 modulo 77?Break the power in 2, 4, 8, …Find the modulo for lowest to the highest.
  27. 27. Data Security• How secure is RSA?‘n’ and ‘k’ are needed for encryption,If they are intercepted, K’ could be deduced.However, it needs ‘p’ and ‘q’ – the factors of ‘n’.• If ‘n’ is large (200 or more digits) => difficult, time-consuming
  28. 28. Data SecurityTransport layer security (TLS) and Server Authentication:‘To ensure access to the proper encryption methods and keys to protect privacy’‘Also to ascertain the legitimacy of the site connected to’‘Secure Sockets Layer (SSL) and Transport Layer Security Protocols, X.509 certificates’
  29. 29. Data Security‘TLS and SSL lies between application layer and transport layer’Sender side: encrypts the message from application layer and passes it to the transport layerReceiver side: receives the message from transport layer and passes the decrypted message to the application layer‘TLS has the ability to revert to SSL 3.0, there are some low level differences’
  30. 30. Data SecurityX.509 certificate:‘Electronic ID to prove that a site is what it claims to be’‘Certificate Authority (CA) issues certificates’‘Consumer maintains a list of trustworthy CAs in his computer’‘Trusted CA list is developed over the time’‘Certificate contains a period of validity and two fingerprints’
  31. 31. Data Security‘Authentication is the process of validating the identity of the message-source’‘Fingerprints are values calculated using some algorithms for authentication’Browser: - downloads the server certificate - checks the period of validity - checks the fingerprints - checks the CA‘All must be affirmative in order to proceed’
  32. 32. Data Security‘An initial set of exchange takes place between the server and the client – handshake’‘Handshake defines the cryptographic routines, key exchanges, and authentication process’1. Client to server: highest TLS (SSL) version available, a list of encryption algorithms, a list of key exchange algorithms, and a list of supported compression methods.
  33. 33. Data Security2. Server chooses each one of the above items from the suggested list of the client. It also sends its certificate.3. Client needs to authenticate the certificate. Issuing CA attaches a digital signature / Fingerprints to it. Two methods are used to provide extra security. Also, it verifies the domain name in the certificate with that of server.4. Client sends key to server.5. If required, server may authenticate the client.6. Both client and server exchanges session-keys.
  34. 34. Data Security7. Both sides confirm this arrangements and start secure-communication.# If user A wants to send an encrypted message to user B, the plaintext is encrypted with the public key of _.a) User A b) User B c) The network d) (a) or (b)
  35. 35. Data SecurityFirewalls‘Machines are at risk when they are not actively doing anything’‘Risk comes from malicious attacks disrupting activities, causing harm’‘Challenge is to prevent attacks from being successful’‘All internet traffic has to pass through special machine(s) – Firewall’
  36. 36. Data Security‘It examines passing traffic to look for possible threats’‘The challenge is to identify the threats’IP – layer 3, TCP – layer 4IP packet contains data, source and destination addresses, layer 4 protocol (TCP / UDP) using it.Server is identified by IP address and the specific service by port number
  37. 37. Data SecurityTelnet – Port 23, FTP - Port 21, SMTP - Port 25Some approaches:Packet Filtering:‘Examine the header of each packet and decide’Decision may base on: - Address field - port number - transport protocol represented
  38. 38. Data SecurityExample decisions:- Allow any incoming packet with TCP port designation of 23 (allowing remote login to any machine)- Allow any incoming packet with TCP port designation of 23 with destination address found in a maintained list. Implication?- Allow any outgoing packet with destination address found in a maintained list. Implication?
  39. 39. Data SecurityThe above specifies criteria to allow packets.=> Blocks unless otherwise specified (default)Alternative: Allows unless otherwise specified (default)- Block any incoming packet with TCP port designation of 23. Implication?- Block any incoming packet with source address found in a maintained list. Implication?
  40. 40. Data Security- Block any incoming packet with destination address found in a maintained list. Implication?- Block any outgoing packet with source and destination addresses found in a maintained list. Implication?Better ‘default’ approach? Block packet – nothing will pass unless explicitly stated,Ensures more security.
  41. 41. Data SecurityApplication Level Gateway:Packet filtering works at layer 3, making decision on packet contents, inflexible on an action within an application.Gateway provides that flexibility, works at a higher layer.‘Allow for file transfer – download files but not upload’‘More logic into a firewall that understands the applications and their abilities – called proxy server’
  42. 42. Data Security‘Special programs for each type of application it needs to watch.’‘It examines application layer requests and allows (denies) based on the information provided to the firewall’‘A gateway program for each application’- Main advantage: flexibility- Significant overhead
  43. 43. Data SecurityStateful Inspection:‘Works at the network layer and avoids overhead’‘It examines the contents of a packet in the context of what has happened previously’Example: a ‘ping’ command response indicates that a device is reachable and the time needed for a round-trip’=> Command sends an echo request and site responds with echo response
  44. 44. Data SecurityStateful inspection ensures that a response packet is not allowed unless there was a previous request.Also the source and the destination should reverse in these two events. (security against denial-of-service attack)
  45. 45. Data SecurityViruses‘A collection of instructions attached to an executable file that does something not intended originally’Virus attachment to a file -> infected fileWorms usually appear as a separate program, intruding a system, threatening security.‘Infected file contains a branch instruction to unintended tasks, and branches to some point of the original code’ - diagram
  46. 46. Data Security‘User may not be aware of the virus unless it causes a major distraction’‘Worst viruses avoid massive, immediate destruction, rather making small, unnoticeable changes over time’‘As such, even back-ups may be infected’‘Virus may probe file system looking for executable files on disk, if found, it duplicates itself and stores a copy in the file’
  47. 47. Data SecurityMemory Resident viruses:‘Resides in memory, attacks a file when it enters the memory’It needs to be referenced to be executed.It may use the interrupt mechanism to do so.‘Modifies the Interrupt table with vectors pointing to the virus instead’
  48. 48. Data SecurityEarly Antivirus programs worked by looking for signature – a sequence of bytes contained in the virus- at the beginning and end of file.Signatures were encrypted and the decryption algorithm was added to virus.Antivirus programs looked for byte patterns of decryption algorithm, examined decrypted result and look for signatures – proved quite successful
  49. 49. Data SecurityVirus Sources:‘Individuals trying to invade a system’‘It spreads by sharing resources – through removable disks, networks’‘Prevention is the best approach’Internet worm:‘Replicates quickly throughout internet, clogging communications, forcing system shut down’
  50. 50. Data SecurityOne approach taken by the worm:‘Used an utility program that allows one user to obtain information of other user’‘A flaw that did not check for buffer-overflow was exploited’‘The worm was able to overflow the buffer and overwrote part of the system stack’‘The original return address was lost, pointing to some instructions in the buffer’
  51. 51. Data Security‘This enabled it to copy itself and infect new machines’
  52. 52. Data Security# Mono- alphabetic cipher has no real value where serious security is needed. T/F# Public key encryption allows different people to use the same encryption key even when they are not supposed to know what another person is sending. T/F# Any block cipher that encrypts a block at a time is essentially a substitution cipher, replacing one block with another. T/F
  53. 53. Data Security# An encryption method that uses longer key is more secure than one that uses a shorter key. T/F# The most serious viruses destroy a lot of data very quickly. T/F# Firewalls are commonly used to protect a network against incoming viruses. T/F
  54. 54. Data Security# A _ can forward or block packets based on the information in the network and transport layer headers.a) Proxy Firewall b) Packet filter firewallc) Message Digest d) Private key# A _ can forward or block packets based on the information in the message itself.a) Proxy Firewall b) Packet filter firewallc) Message Digest d) Private key