Cryptography and network security

13,016 views

Published on

This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.

Published in: Technology, Education
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
13,016
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
623
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide

Cryptography and network security

  1. 1. Cryptography and Network SecurityAn Overview<br />Nagendra U M<br />namahesh@cisco.com<br />
  2. 2. Agenda<br /><ul><li>Introduction
  3. 3. Security Trends
  4. 4. ASM: Attacks, Services, Mechanisms
  5. 5. A Network Security Model
  6. 6. Private-Key Cryptography / Symmetric Ciphers
  7. 7. DES, 3DES, AES
  8. 8. Private Key Distribution
  9. 9. Public-Key Cryptography
  10. 10. Mathematical Concepts
  11. 11. The RSA Algorithm
  12. 12. Key Management
  13. 13. Hashing Algorithms
  14. 14. Digital Signatures
  15. 15. Authentication Protocols
  16. 16. Network Security
  17. 17. X.509, Public Key Infrastructure (PKI)
  18. 18. PGP, S/MIME
  19. 19. SSL/TLS
  20. 20. IPSec</li></li></ul><li>
  21. 21.
  22. 22.
  23. 23. Model for Network Security<br />
  24. 24. Simplified Model of Conventional Encryption<br />Model of Conventional Cryptosystem<br />
  25. 25. Goals of an ‘Unconditionally Secure’ Encryption Algorithm:<br />● The cost of breaking the cipher exceeds the value of the encrypted information.<br />● The time required to break the cipher exceeds the useful lifetime of the information.<br />CLASSIC SUBSTITUTION ALGORITHMS:<br />Caesar Cipher:<br />C = E(k, p) = (p + k) mod 26<br />p = D(k, C) = (C - k) mod 26<br />where K={1..25} for english<br />Monoalphabetic Ciphers:<br />Substitute one arbitrary alphabet in the place of a particular alphabet<br />For english, it generates a key space of 26! (~4 x 10^26) keys<br />BUT it can be broken by exploiting patterns in language<br />Polyalphabetic Ciphers:<br />Use different monoalphabetic substitutions as one proceeds through the plaintext message.<br />Vignere Cipher<br />
  26. 26. CLASSIC TRANSPOSITION ALGORITHMS:<br />Rail-fence Technique:<br />Written as a sequence of diagonals and read off as a sequence of rows<br />Eg: “CiscoSystems” is written as<br />C s o y t m<br />i c S s e s<br />CipherText:CsoytmicSses<br />A more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key to the algorithm.<br />Rotor Machines:<br />Steganography:<br />Strictly speaking, its NOT encryption<br />Conceal the existence of a message<br />JPEG steganography<br />
  27. 27.
  28. 28. The Fiestel Cipher<br />
  29. 29. DES: Data Encryption Standard<br /><ul><li>64-bit plaintext blocks => 64-bit ciphertext blocks
  30. 30. 56-bit key
  31. 31. Same algorithm with the same key is used to decrypt and encrypt
  32. 32. Exhibits a strong Avalanche effect
  33. 33. No big deal nowadays</li></ul>3DES: Triple DES<br /><ul><li>Since DES was too weak in itself
  34. 34. Do DES encryption 3 times in an E-D-E sequence
  35. 35. C = E(K1, D(K2, E(K1, P)))
  36. 36. Much stronger than DES</li></ul>AES: Advanced Encryption Standard<br /><ul><li>Released in 2001 by the U.S. Govt.
  37. 37. Extremely strong algorithm
  38. 38. 128-bit plaintext blocks => 128-bit ciphertext blocks
  39. 39. 128, 192 or 256-bit keys</li></ul>Blowfish<br /><ul><li>Developed by Bruce Schneier in 1993
  40. 40. Unofficially the strongest encryption algorithm
  41. 41. 64-bit plaintext blocks => 64-bit ciphertext blocks
  42. 42. Variable length keys from 32 to 448 bits
  43. 43. Twofishis the successor of Blowfish (128-bit blocks, 256-bit keys)</li></li></ul><li>Block Cipher Modes<br /><ul><li>ECB – Electronic Code Book
  44. 44. CBC – Cipher Block Chaining</li></ul>Where to do encryption?<br />
  45. 45. Centralized Symmetric Key Distribution<br />
  46. 46. Public Key Cryptography<br />Mathematical Concepts:<br /><ul><li>The ability to choose a large prime number
  47. 47. Discrete Logarithms</li></ul>Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys - one a public key and one a private key.<br />It can be used for confidentiality, authentication or both.<br />Hailed as the greatest revolution in information security – no more substitutions and permutations and the use of 2 keys !!!<br />Attacks 2 problems in symmetric cryptography: Key distribution and digital signatures<br />One way function:<br />Y = f(X) easy<br />X = f^-1(X) infeasible<br /> (NP-hard or NP-complete)<br />Public-key algorithms are very slow and resource-consuming to be used for encryption. For practical uses, they are confined to key management and signature applications<br />
  48. 48. The Public Key cryptosystem for secrecy<br />The Public Key cryptosystem for authentication, integrity, nonrepudiation<br />
  49. 49. Best of both worlds : Authentication/Integrity and Secrecy<br />
  50. 50. RSA Algorithm<br /><ul><li> Invented by Ronald Rivest, AdiShamir, and Len Adleman at MIT in 1978
  51. 51. Block cipher (usually ~1024 bits block size)</li></ul>The Algorithm:<br /><ul><li> p and q should be chosen at random, both of the </li></ul>same size and large numbers<br /><ul><li> n = p*q where n is used as the modulus for both</li></ul>public and private keys<br /><ul><li>φ(n) is the Euler’s totient function
  52. 52. Choose e such that e and φ(n) are relatively prime
  53. 53. d is the private key exponent and e is the </li></ul>public key exponent<br />An Example:<br />1) Let Plaintext = 88<br />2) Let p = 17, q = 11 (both primes)<br />3) n = p*q = 17 * 11 = 187<br />4) φ(n) = (p-1)(q-1) = 16*10 = 160<br />5) We choose e = 7 since e < φ(n) and e is relatively prime to φ(n)<br />6) Choose d such that d = 1(mod φ(n)) / e i.e. de = 1 (mod 160). So, d = 7<br />Public Key = {7,187} Private Key = {23,187}<br />7) At the sender’s end:<br />Ciphertext C = P^e (mod n) = 88^7 (mod 187) = 11<br />8) At the receiver’s end:<br /> Plaintext P = C^d (mod n) = 11^7 (mod 187) = 88<br />
  54. 54. Key Management<br /><ul><li>Public-key encryption schemes are secure only if the authenticity of the public key is assured.
  55. 55. Various ways</li></ul>● Public announcement<br />● Publicly available directory<br />● Public-key authority<br />● Public-key certificates<br />Message Authentication<br /><ul><li> used to verify the integrity of a message
  56. 56. Hash Functions
  57. 57. accepts a variable-size message M as input and produces a fixedsizeoutput, referred to as a hash code H(M) or Message Digest
  58. 58. Eg: MD5, SHA-256, SHA-512</li></li></ul><li>Digital Signatures<br /><ul><li> taking the hash of the message and encrypting the message with the creator's private key</li></ul>Authentication Applications<br /><ul><li>Kerberos – distributed authentication using symmetric cryptography
  59. 59. ITU-T X.509 – authentication based on X.500 directory service
  60. 60. PKI – Public Key Infrastructure
  61. 61. CHAP</li></ul>Email Security<br />PGP – Pretty Good Privacy<br /><ul><li>FOSS
  62. 62. Authentication via digital signatures, confidentiality via symmetric block ciphers, compression via ZIP etc.</li></ul>S/MIME – Secure/Multipurpose Internet Mail Extension<br /><ul><li>Internet standard approach</li></ul>IP Security (IPSec)<br /><ul><li>capability that can be added to IPv$4 or IPv6 via additional headers
  63. 63. 3 areas – authentication, confidentiality, key management
  64. 64. Confidentality in 2 modes : tunnel and transport
  65. 65. Higher-level layers may be ignorant of security implications
  66. 66. RFC 2401-2408
  67. 67. 2 main headers : AH (Authentication Header) and ESP (Encapsulating Security Payload)
  68. 68. Key Management: Internet Security Association and Key Mgmt. Protocol (ISAKMP)</li></li></ul><li>
  69. 69.
  70. 70. Web Security<br /><ul><li> Secure Socket Layer (SSL)/Transport Layer Security(TLS)</li></li></ul><li>
  71. 71.
  72. 72. Detailed Reference<br />

×