• Like
Cryptography and network security
Upcoming SlideShare
Loading in...5
×

Cryptography and network security

  • 7,333 views
Uploaded on

This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.

This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.

More in: Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
7,333
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
276
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cryptography and Network SecurityAn Overview
    Nagendra U M
    namahesh@cisco.com
  • 2. Agenda
    • Introduction
    • 3. Security Trends
    • 4. ASM: Attacks, Services, Mechanisms
    • 5. A Network Security Model
    • 6. Private-Key Cryptography / Symmetric Ciphers
    • 7. DES, 3DES, AES
    • 8. Private Key Distribution
    • 9. Public-Key Cryptography
    • 10. Mathematical Concepts
    • 11. The RSA Algorithm
    • 12. Key Management
    • 13. Hashing Algorithms
    • 14. Digital Signatures
    • 15. Authentication Protocols
    • 16. Network Security
    • 17. X.509, Public Key Infrastructure (PKI)
    • 18. PGP, S/MIME
    • 19. SSL/TLS
    • 20. IPSec
  • 21.
  • 22.
  • 23. Model for Network Security
  • 24. Simplified Model of Conventional Encryption
    Model of Conventional Cryptosystem
  • 25. Goals of an ‘Unconditionally Secure’ Encryption Algorithm:
    ● The cost of breaking the cipher exceeds the value of the encrypted information.
    ● The time required to break the cipher exceeds the useful lifetime of the information.
    CLASSIC SUBSTITUTION ALGORITHMS:
    Caesar Cipher:
    C = E(k, p) = (p + k) mod 26
    p = D(k, C) = (C - k) mod 26
    where K={1..25} for english
    Monoalphabetic Ciphers:
    Substitute one arbitrary alphabet in the place of a particular alphabet
    For english, it generates a key space of 26! (~4 x 10^26) keys
    BUT it can be broken by exploiting patterns in language
    Polyalphabetic Ciphers:
    Use different monoalphabetic substitutions as one proceeds through the plaintext message.
    Vignere Cipher
  • 26. CLASSIC TRANSPOSITION ALGORITHMS:
    Rail-fence Technique:
    Written as a sequence of diagonals and read off as a sequence of rows
    Eg: “CiscoSystems” is written as
    C s o y t m
    i c S s e s
    CipherText:CsoytmicSses
    A more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key to the algorithm.
    Rotor Machines:
    Steganography:
    Strictly speaking, its NOT encryption
    Conceal the existence of a message
    JPEG steganography
  • 27.
  • 28. The Fiestel Cipher
  • 29. DES: Data Encryption Standard
    • 64-bit plaintext blocks => 64-bit ciphertext blocks
    • 30. 56-bit key
    • 31. Same algorithm with the same key is used to decrypt and encrypt
    • 32. Exhibits a strong Avalanche effect
    • 33. No big deal nowadays
    3DES: Triple DES
    • Since DES was too weak in itself
    • 34. Do DES encryption 3 times in an E-D-E sequence
    • 35. C = E(K1, D(K2, E(K1, P)))
    • 36. Much stronger than DES
    AES: Advanced Encryption Standard
    • Released in 2001 by the U.S. Govt.
    • 37. Extremely strong algorithm
    • 38. 128-bit plaintext blocks => 128-bit ciphertext blocks
    • 39. 128, 192 or 256-bit keys
    Blowfish
    • Developed by Bruce Schneier in 1993
    • 40. Unofficially the strongest encryption algorithm
    • 41. 64-bit plaintext blocks => 64-bit ciphertext blocks
    • 42. Variable length keys from 32 to 448 bits
    • 43. Twofishis the successor of Blowfish (128-bit blocks, 256-bit keys)
  • Block Cipher Modes
    • ECB – Electronic Code Book
    • 44. CBC – Cipher Block Chaining
    Where to do encryption?
  • 45. Centralized Symmetric Key Distribution
  • 46. Public Key Cryptography
    Mathematical Concepts:
    • The ability to choose a large prime number
    • 47. Discrete Logarithms
    Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys - one a public key and one a private key.
    It can be used for confidentiality, authentication or both.
    Hailed as the greatest revolution in information security – no more substitutions and permutations and the use of 2 keys !!!
    Attacks 2 problems in symmetric cryptography: Key distribution and digital signatures
    One way function:
    Y = f(X) easy
    X = f^-1(X) infeasible
    (NP-hard or NP-complete)
    Public-key algorithms are very slow and resource-consuming to be used for encryption. For practical uses, they are confined to key management and signature applications
  • 48. The Public Key cryptosystem for secrecy
    The Public Key cryptosystem for authentication, integrity, nonrepudiation
  • 49. Best of both worlds : Authentication/Integrity and Secrecy
  • 50. RSA Algorithm
    • Invented by Ronald Rivest, AdiShamir, and Len Adleman at MIT in 1978
    • 51. Block cipher (usually ~1024 bits block size)
    The Algorithm:
    • p and q should be chosen at random, both of the
    same size and large numbers
    • n = p*q where n is used as the modulus for both
    public and private keys
    • φ(n) is the Euler’s totient function
    • 52. Choose e such that e and φ(n) are relatively prime
    • 53. d is the private key exponent and e is the
    public key exponent
    An Example:
    1) Let Plaintext = 88
    2) Let p = 17, q = 11 (both primes)
    3) n = p*q = 17 * 11 = 187
    4) φ(n) = (p-1)(q-1) = 16*10 = 160
    5) We choose e = 7 since e < φ(n) and e is relatively prime to φ(n)
    6) Choose d such that d = 1(mod φ(n)) / e i.e. de = 1 (mod 160). So, d = 7
    Public Key = {7,187} Private Key = {23,187}
    7) At the sender’s end:
    Ciphertext C = P^e (mod n) = 88^7 (mod 187) = 11
    8) At the receiver’s end:
    Plaintext P = C^d (mod n) = 11^7 (mod 187) = 88
  • 54. Key Management
    • Public-key encryption schemes are secure only if the authenticity of the public key is assured.
    • 55. Various ways
    ● Public announcement
    ● Publicly available directory
    ● Public-key authority
    ● Public-key certificates
    Message Authentication
    • used to verify the integrity of a message
    • 56. Hash Functions
    • 57. accepts a variable-size message M as input and produces a fixedsizeoutput, referred to as a hash code H(M) or Message Digest
    • 58. Eg: MD5, SHA-256, SHA-512
  • Digital Signatures
    • taking the hash of the message and encrypting the message with the creator's private key
    Authentication Applications
    • Kerberos – distributed authentication using symmetric cryptography
    • 59. ITU-T X.509 – authentication based on X.500 directory service
    • 60. PKI – Public Key Infrastructure
    • 61. CHAP
    Email Security
    PGP – Pretty Good Privacy
    • FOSS
    • 62. Authentication via digital signatures, confidentiality via symmetric block ciphers, compression via ZIP etc.
    S/MIME – Secure/Multipurpose Internet Mail Extension
    • Internet standard approach
    IP Security (IPSec)
    • capability that can be added to IPv$4 or IPv6 via additional headers
    • 63. 3 areas – authentication, confidentiality, key management
    • 64. Confidentality in 2 modes : tunnel and transport
    • 65. Higher-level layers may be ignorant of security implications
    • 66. RFC 2401-2408
    • 67. 2 main headers : AH (Authentication Header) and ESP (Encapsulating Security Payload)
    • 68. Key Management: Internet Security Association and Key Mgmt. Protocol (ISAKMP)
  • 69.
  • 70. Web Security
    • Secure Socket Layer (SSL)/Transport Layer Security(TLS)
  • 71.
  • 72. Detailed Reference