SlideShare a Scribd company logo

Security

Download as PPTX, PDF
Raj Kumar Ranabhat
Raj Kumar Ranabhat

george-coulouris-distributed-systems-concepts-and-design-5th-edition

Education
1 of 51
DISTRIBUTED SYSTEMS Concepts and Design Fifth Edition George Coulouris Jean Dollimore Tim Kindberg Gordon Blair Presented by: Raj Kumar Ranabhat M.E in Computer Engineering(I/II) Kathmandu University
Table of Content: 1. SECURITY 1. Introduction 2. Overview of security techniques 3. Cryptographic algorithms 4. Digital signatures 5. Cryptography pragmatics 6. Case studies: Needham–Schroeder, Kerberos, TLS, 802.11 WiFi 7. Summary 12/6/2017 2
12/6/2017 3 1. INTRODUCTION • Mechanisms for the protection of data and other resources and legal interaction between computer is theme of this topic • Pervasive need for measures to guarantee the privacy, integrity and availability of resources in DS • Security attacks could be eavesdropping, masquerading, tampering and denial of service • Designers of secure DS must cope with exposed service interfaces and insecure networks • Cryptography provides the basis for the authentication of messages as well as their secrecy and integrity • The selection of cryptographic algorithms and the management of keys are critical • Public-key cryptography makes it easy to distribute cryptographic keys but its performance is inadequate for the encryption of bulk data • Digital information can be signed, producing digital certificates • Certificates enable trust to be established among users and organizations
12/6/2017 4 1. INTRODUCTION (Contd…) • The role of cryptography • Digital cryptography provides the basis for most computer security mechanisms • Cryptography is encoding information in a format that only the intended recipients can decode • Cryptography can also be employed to provide proof of the authenticity of information • Previously used only in political and military establishments • The opening of cryptography to public access and use has resulted in a great improvement in cryptographic techniques • Public-key cryptography is one of the fruits of this openness • DES encryption algorithm
12/6/2017 5 1. INTRODUCTION (Contd…)
12/6/2017 6 1.1 Threats and Attacks • The main goal of security is to restrict access to information and resources to just those principals that are authorized to have access • Security threats fall into three broad classes: 1. Leakage: Refers to the acquisition of information by unauthorized recipients 2. Tampering: Refers to the unauthorized alteration of information 3. Vandalism: Refers to interference with the proper operation of a system without gain to the perpetrator. 1. INTRODUCTION (Contd…)
12/6/2017 7 • Methods of attack can be further classified according to the way in which a channel is misused: 1. Eavesdropping: Obtaining copies of messages without authority 2. Masquerading: Sending or receiving messages using the identity of another principal without their authority. 3. Message tampering: altering the content of messages in transit. Man in the middle attack() tampers with the secure channel mechanism 4. Replaying: Storing intercepted messages and sending them at a later date 5. Denial of service: Flooding a channel or other resource with messages in order to deny access for others. 1. INTRODUCTION (Contd…)
12/6/2017 8 1.2 Securing electronic transactions • Many uses of the Internet in industry, commerce and elsewhere involve transactions that depend crucially on security. For example: 1. Email: when sending a credit card number or the contents and sender of a message must be authenticated 2. Purchase of goods and services: Buyers select goods and pay for them via the Web 3. Banking transactions: Electronic banks offer checking balances and statements, transfer money between accounts, set up regular automatic payments and so on. 4. Micro-transactions: Some webpages like nytimes, London review of book ..etc require subscription to view the content. 1. INTRODUCTION (Contd…)
12/6/2017 9 • Sensible security policies for Internet vendors and buyers lead to the following requirements for securing web purchases: 1. Authenticate the vendor to the buyer. 2. Keep the buyer’s credit card number and other payment details secure 3. Ensure the downloading material without alteration to the customer 4. Authenticate the identity of the account holder to the bank before giving them access to their account 1. INTRODUCTION (Contd…)
12/6/2017 10 1.3 Designing secure systems • Security is about avoiding disasters and minimizing mishaps. • The designer’s aim is to exclude all possible attacks and loopholes • When designing for security it is necessary to assume the worst • The system’s designers must first construct a list of threats, methods by which the security policies might be violated • Show that each of them is prevented by the mechanisms employed • The design of secure systems is an exercise in balancing costs against the threats 1. INTRODUCTION (Contd…)
12/6/2017 11 2. OVERVIEW OF SECURITY TECHNIQUES Worst-case assumptions and design guidelines . 1. Interfaces are exposed: Their communication interfaces are necessarily open– an attacker can send a message to any interface. 2. Networks are insecure: message sources can be falsified 3. Limit the lifetime and scope of each secret: The use of secrets such as passwords and shared secret keys should be time-limited, and sharing should be restricted 4. Algorithms and program code are available to attackers: publish the algorithms used for encryption and authentication, relying only on the secrecy of cryptographic keys 5. Attackers may have access to large resources : assume that attackers will have access to the largest and most powerful computers 6. Minimize the trusted base: all the hardware and software components upon which they rely should be minimized
12/6/2017 12 2.1 Cryptography • Encryption is the process of encoding a message in such a way as to hide its contents. • Modern cryptography includes several secure algorithms for encrypting and decrypting messages • two main classes of encryption algorithm 1. shared secret keys 2. public/private key pairs 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 13 2.2 Uses of cryptography • Secrecy and integrity: 1. Cryptography is used to maintain the secrecy and integrity of information whenever it is exposed to potential attacks 2. Eg., during transmission across networks that are vulnerable to eavesdropping and message tampering 3. a message that is encrypted with a particular encryption key can only be decrypted by a recipient who knows the corresponding decryption key. 4. Encryption also maintains the integrity of the encrypted information, provided that some redundant information such as a checksum is included and checked. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 14 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 15 Scenario 1. Secret communication with a shared secret key: Alice and Bob share a secret key 𝐾𝐴𝐵. 1. Alice uses 𝐾𝐴𝐵and an agreed encryption function E(𝐾𝐴𝐵, M) to encrypt and send any number of messages {𝑀𝑖} 𝐾𝐴𝐵 to Bob 2. Bob decrypts the encrypted messages using the corresponding decryption function D(𝐾𝐴𝐵, M) Issues: • Key distribution: How can Alice send a shared key 𝐾𝐴𝐵 to Bob securely? • Freshness of communication: How does Bob know that any {𝑀𝑖} isn’t a copy of an earlier encrypted message from Alice that was captured by Mallory and replayed later? 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 16 • Authentication: 1. Cryptography is used in support of mechanisms for authenticating communication between pairs of principals 2. A principal who decrypts a message successfully using a particular key can assume that the message is authentic if it contains a correct checksum or some other expected value 3. They can infer that the sender of the message possessed the corresponding encryption key 4. Hence deduce the identity of the sender if keys are held in private, a successful decryption authenticates the decrypted message as coming from a particular sender 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 17 Scenario 2. Authenticated communication with a server : Bob is a file server; Sara is an authentication service. Sara shares secret key 𝐾𝐴 with Alice and secret key 𝐾 𝐵 with Bob 1. Alice sends an (unencrypted) message to Sara stating her identity and requesting a ticket for access to Bob 2. Sara sends a response to Alice .{{𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 , 𝐾𝐴𝐵} 𝐾 𝐴 .It is encrypted in 𝐾𝐴 and consist of a ticket(to be sent to Bob with each request for file access) encrypted in 𝐾 𝐵 and a new secret key 𝐾𝐴𝐵 3. Alice uses 𝐾𝐴 to decrypt the response 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. 5. The ticket, originally created by Sara, is actually:{𝐾𝐴𝐵, Alice} 𝐾 𝐵 . Bob decrypts the ticket using his key 𝐾 𝐵,checks that Alice’s name matches and then uses 𝐾𝐴𝐵 when interacting with Alice 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 18 Scenario 3. Authenticated communication with public keys : Bob has a public/private key pair <𝐾 𝐵𝑝𝑢𝑏, 𝐾 𝐵𝑝𝑟𝑖𝑣> 1. Alice obtains a certificate that was signed by a trusted authority stating Bob’s public key 𝐾 𝐵𝑝𝑢𝑏 2. Alice creates a new shared key 𝐾𝐴𝐵, encrypts it using 𝐾 𝐵𝑝𝑢𝑏 using a public-key algorithm and sends the result to Bob. 3. Bob uses the corresponding private key , 𝐾 𝐵𝑝𝑟𝑖𝑣 to decrypt it. 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. Mallory might intercept Alice’s initial request to a key distribution services for Bob’s public-key certificate and send response containing his own public key. He can then intercept all the subsequent messages. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 19 • Digital Signatures: 1. Cryptography is used to implement digital signature 2. It verifies to a third party that a message or a document is an unaltered copy of one produced by the signer. 3. It is based upon an irreversible binding to the message or document of a secret known only to the signer 4. This can be achieved by encrypting the message – or better, a compressed form of the message called a digest – using a key that is known only to the signer 5. A digest is a fixed-length value computed by applying a secure digest function 6. A secure digest function is similar to a checksum function, but it is very unlikely to produce a similar digest value for two different messages 7. The resulting encrypted digest acts as a signature that accompanies the message 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 20 Scenario 3. Digital signatures with a secure digest function :Alice want to publish a document M in such a way that anyone can verify that it is from her. 1. Alice computes a fixed-length digest of the document, Digest(M) 2. Alice encrypts the digest in her private key, appends it to M and makes the resulting signed document(M, {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 )available to the intended users. 3. Bob obtains the signed document, extracts M and computes Digest(M). 4. Bob decrypts {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 using Alice’s public key, 𝐾𝐴𝑝𝑢𝑏, and compares the result with his calculated Digest(M). If they match, the signature is valid . 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 21 2.3 Certificates • A digital certificate is a document containing a statement (usually short) signed by a principal. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 22 2.5 Credentials • Credentials are a set of evidence provided by a principal when requesting access to a resource • A certificate from a relevant authority stating the principal’s identity is sufficient • And this would be used to check the principal’s permissions in an access control list 2.6 Firewalls • They protect intranets, performing filtering actions on incoming and outgoing communications • Firewalls produce a local communication environment in which all external communication is intercepted • Messages are forwarded to the intended local recipient only for communications that are explicitly authorized 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
12/6/2017 23 3. CRYPTOGRAPHIC ALGORITHMS • A message is encrypted by the sender applying some rule to transform the plaintext message to a ciphertext • The recipient must know the inverse rule in order to transform the ciphertext back into the original plaintext • Other principals are unable to decipher the message unless they also know the inverse rule • The encryption transformation is defined with two parts, a function E and a key K • The resulting encrypted message is written {𝑀} 𝐾 • E( K M )={𝑀} 𝐾 • Decryption is carried out using an inverse function D, which also takes a key as a parameter • D (K ,E (K ,M) )=M
12/6/2017 24 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • Two types of cryptographic algorithm : 1. Symmetric algorithms • E(K, M) = {𝑀} 𝐾 D(K, E(K, M)) = M • Same key for encryption and decryption • if K is not known M must be hard (infeasible) to compute • Usual form of attack is brute-force: try all possible key values for a known pair M, {M}K. Resisted by making K sufficiently large ~ 128 bits 2. Asymmetric algorithms 1. Separate encryption and decryption keys: 𝐾𝑒, 𝐾 𝑑 2. D(𝐾 𝑑,E(𝐾𝑒, M)) = M 3. depends on the use of a trap-door function to make the keys. E has high computational cost. Very large keys > 512 bits
12/6/2017 25 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Block Cipher : • A block cipher consists of two paired algorithms, one for encryption, E, and the other for decryption, D. • Both algorithms accept two inputs: an input block of size n bits and a key of size k bits; and both yield an n-bit output block • The decryption algorithm D is defined to be the inverse function of encryption, i.e., D = E−1 • a block cipher is specified by an encryption function  𝐸 𝑘(P)=E(K,P) :{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛 • The inverse for E is defined as a function  𝐸 𝑘 −1(P)=𝐷 𝑘 (C)=D(K,C):{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛
12/6/2017 26 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Cipher blocks chaining :
12/6/2017 27 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • stream ciphers:  can perform encryption incrementally, converting plaintext to ciphertext one bit at a time
12/6/2017 28 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) 3.1 Secret-key (symmetric) algorithms • These are all programs that perform confusion and diffusion operations on blocks of binary data • TEA: a simple but effective algorithm developed at Cambridge U (1994) for teaching and explanation. 128-bit key, 700 kbytes/sec • DES: The US Data Encryption Standard (1977). No longer strong in its original form. 56-bit key, 350 kbytes/sec. • Triple-DES: applies DES three times with two different keys. 112-bit key, 120 Kbytes/sec • IDEA: International Data Encryption Algorithm (1990). Resembles TEA. 128-bit key, 700 kbytes/sec • AES: A proposed US Advanced Encryption Standard (1997). 128/256-bit key. • The above speeds are for a Pentium II processor at 330 MHZ. Today's PC's (January 2002)should achieve a 5 x speedup.
12/6/2017 29 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
12/6/2017 30 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
12/6/2017 31 4. DIGITAL SIGNATURES • needed in order to certify certain pieces of information • signatures are used to meet the needs of document recipients to verify that the document is  Authentic:  Unforgeable  Non-repudiable: • An electronic document or message M can be signed by a principal A by encrypting a copy of M with a key 𝐾𝐴 and attaching it to a plaintext copy of M and A’s identifier • The signed document consists of: M, A, [𝑀] 𝐾 𝐴 • The signature can be verified by a receiver to check that it was originated by A and that its contents, M, have not been altered.
12/6/2017 32 4. DIGITAL SIGNATURES (Contd…) • 4.1 Secure Digest function : • It is also called secure hash function and denoted H(M) • They must be carefully designed to ensure that H(M) is different from H(M') for all likely pairs of messages M and M' • A secure digest function h = H(M) should have the following properties  Given M, it is easy to compute h  Given h, it is hard to compute M  Given M, it is hard to find another message M', such that H(M) = H(M') • MD5: Developed by Rivest (1992). Computes a 128-bit digest. Speed 1740 kbytes/sec. • SHA: (1995) based on Rivest's MD4 but made more secure by producing a 160-bit digest, speed 750 kbytes/second • Any symmetric encryption algorithm can be used in CBC (cipher block chaining) mode. The last block in the chain is H(M)
12/6/2017 33 4. DIGITAL SIGNATURES (Contd…) 4.2 Digital signatures with public keys :
12/6/2017 34 4. DIGITAL SIGNATURES (Contd…) 4.3 Digital signatures with secret keys – MACs:
12/6/2017 35 5. CRYPTOGRAPHY PRAGMATICS 5.1 Performance of cryptographic algorithms
12/6/2017 36 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi • In early distributed systems (1974-84) it was difficult to protect the servers  E.g. against masquerading attacks on a file server  because there was no mechanism for authenticating the origins of requests  public-key cryptography was not yet available or practical  computers too slow for trap-door calculations  RSA algorithm not available until 1978 • The authentication protocols originally published by Needham and Schroeder are at the heart of many security techniques • Most important applications of their secret-key authentication protocol is the Kerberos system • It was designed to provide authentication between clients and servers in networks that form a single management domain (intranets)
12/6/2017 37 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.1 The Needham–Schroeder authentication protocol
12/6/2017 38 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.2 Kerberos • Secures communication with servers on a local network  Developed at MIT in the 1980s to provide security across a large campus network > 5000 users  based on Needham - Schroeder protocol • Standardized and now included in many operating systems  BSD UNIX, Linux, Windows 2000, NT, XP, etc  Available from MIT • Kerberos server creates a shared secret key for any required server and sends it (encrypted) to the user's computer • User's password is the initial secret shared with Kerberos
12/6/2017 39 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • System architecture of Kerberos
12/6/2017 40 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step A • A-> Name of Kerberos authentication service • T-> Name of Kerberos ticket- granting service • C-> Name of client • n ->A nonce. • t ->A timestamp. • t1-> Starting time for validity of ticket • t2 ->Ending time for validity of ticket
12/6/2017 41 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step B
12/6/2017 42 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step C • Step D
12/6/2017 43 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…)Critiques of Kerberos • Kerberos protocol is too costly to apply on each NFS operation • Kerberos is used in the mount service  to authenticate the user's identity  User's UserID and GroupID are stored at the server with the client's IP address • For each file request  UserID and GroupID are sent encrypted in the shared session key  The UserID and GroupID must match those stored at the server  IP addresses must also match • This approach has some problems  can't accommodate multiple users sharing the same client computer  all remote filestores must be mounted each time a user logs in
12/6/2017 44 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.3 Securing electronic transactions with secure sockets • The Secure Sockets Layer (SSL) protocol was originally developed by the Netscape Corporation • An extended version of SSL has been adopted as an Internet standard under the name Transport Layer Security (TLS) • TLS is supported by most browsers and is widely used in Internet commerce • Negotiable encryption and authentication algorithms  Client use different software or different encryption algorithm.  The laws of some countries restrict the use of certain encryption algorithms  TLS attempt to handle this scenario during initial handshake.  It may turn out that they do not have sufficient algorithms in common, and in that case the connection attempt will fail
12/6/2017 45 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS protocol stack
12/6/2017 46 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS consists of two layers:  TLS Record Protocol layer: which implements a secure channel, encrypting and authenticating messages transmitted through any connection-oriented protocol  handshake layer: containing the TLS handshake protocol and two other related protocols that establish and maintain a TLS session (that is, a secure channel) between a client and a server • The TLS record protocol is a session-level layer; it can be used to transport application level data transparently between a pair of processes while guaranteeing its secrecy, integrity and authenticity • It is probably most widely used to secure HTTP interactions for use in Internet commerce and other security-sensitive applications
12/6/2017 47 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS handshake protocol
12/6/2017 48 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS supports a variety of options for the cryptographic functions to be used known as a cipher suite
12/6/2017 49 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS record protocol
12/6/2017 50 Summary • It is essential to protect the resources, communication channels and interfaces of distributed systems and applications against attacks • This is achieved by the use of access control mechanisms and secure channels • Public-key and secret-key cryptography provide the basis for authentication and for secure communication • Kerberos and SSL are widely-used system components that support secure and authenticated communication.
12/6/2017 51 End of Presentation Thank You !

Recommended

Birthday Paradox explained
Birthday Paradox explainedBirthday Paradox explained
Birthday Paradox explainedSajith Ekanayaka
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Modern block cipher
Modern block cipherModern block cipher
Modern block cipherUdit Mishra
 

Recommended

Birthday Paradox explained
Birthday Paradox explainedBirthday Paradox explained
Birthday Paradox explainedSajith Ekanayaka
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Modern block cipher
Modern block cipherModern block cipher
Modern block cipherUdit Mishra
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Number system
Number systemNumber system
Number systemGagan Deep
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptographyYasser Ali
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
Aggrement protocols
Aggrement protocolsAggrement protocols
Aggrement protocolsMayank Jain
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 
Message Authentication
Message AuthenticationMessage Authentication
Message AuthenticationRam Dutt Shukla
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
pgp s mime
pgp s mimepgp s mime
pgp s mimeChirag Patel
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
 

More Related Content

What's hot

Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptographyYasser Ali
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In CryptographyAadya Vatsa
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVipin Tejwani
 
Aggrement protocols
Aggrement protocolsAggrement protocols
Aggrement protocolsMayank Jain
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 

What's hot (20)

Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Number system
Number systemNumber system
Number system
 
Number theory and cryptography
Number theory and cryptographyNumber theory and cryptography
Number theory and cryptography
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
Number Theory In Cryptography
Number Theory In CryptographyNumber Theory In Cryptography
Number Theory In Cryptography
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For Authentication
 
S/MIME
S/MIMES/MIME
S/MIME
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Aggrement protocols
Aggrement protocolsAggrement protocols
Aggrement protocols
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
pgp s mime
pgp s mimepgp s mime
pgp s mime
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 

Similar to Security

International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionDidar Hussain
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Petar Radanliev
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptographyijtsrd
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfAdiseshaK
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfAdiseshaK
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMJournal For Research
 
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONSECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONadeij1
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Petar Radanliev
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCSCJournals
 
Cryptography introduction
Cryptography introductionCryptography introduction
Cryptography introductionVasuki Ramasamy
 
Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]Md. Fazla Rabbi
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 

Similar to Security (20)

International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
Wireless Networks Encryption and Decryption
Wireless Networks Encryption and DecryptionWireless Networks Encryption and Decryption
Wireless Networks Encryption and Decryption
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
network security
network securitynetwork security
network security
 
Chapter 7 security
Chapter 7 securityChapter 7 security
Chapter 7 security
 
Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptography
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdfCNS_Solutions-Adi.pdf
CNS_Solutions-Adi.pdf
 
CNS Solutions-Adi.pdf
CNS Solutions-Adi.pdfCNS Solutions-Adi.pdf
CNS Solutions-Adi.pdf
 
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEMSECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
SECURITY BASED ISSUES IN VIEW OF CLOUD BASED STORAGE SYSTEM
 
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONSECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data Communication
 
Cryptography introduction
Cryptography introductionCryptography introduction
Cryptography introduction
 
Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]Analysis of-security-algorithms-in-cloud-computing [autosaved]
Analysis of-security-algorithms-in-cloud-computing [autosaved]
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
 

More from Raj Kumar Ranabhat

From data mining to knowledge discovery in
From data mining to knowledge discovery inFrom data mining to knowledge discovery in
From data mining to knowledge discovery inRaj Kumar Ranabhat
 
The Adoption of Knowledge Management Systems in Small Firms
The Adoption of Knowledge Management Systems in Small Firms The Adoption of Knowledge Management Systems in Small Firms
The Adoption of Knowledge Management Systems in Small Firms Raj Kumar Ranabhat
 

More from Raj Kumar Ranabhat (8)

Sales forcedemo
Sales forcedemoSales forcedemo
Sales forcedemo
 
Sales force
Sales forceSales force
Sales force
 
From data mining to knowledge discovery in
From data mining to knowledge discovery inFrom data mining to knowledge discovery in
From data mining to knowledge discovery in
 
Kruskal's algorithm
Kruskal's algorithmKruskal's algorithm
Kruskal's algorithm
 
The Adoption of Knowledge Management Systems in Small Firms
The Adoption of Knowledge Management Systems in Small Firms The Adoption of Knowledge Management Systems in Small Firms
The Adoption of Knowledge Management Systems in Small Firms
 
Visual notation
Visual notationVisual notation
Visual notation
 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection Model
 
Visual Notation
Visual NotationVisual Notation
Visual Notation
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Security

  • 1. DISTRIBUTED SYSTEMS Concepts and Design Fifth Edition George Coulouris Jean Dollimore Tim Kindberg Gordon Blair Presented by: Raj Kumar Ranabhat M.E in Computer Engineering(I/II) Kathmandu University
  • 2. Table of Content: 1. SECURITY 1. Introduction 2. Overview of security techniques 3. Cryptographic algorithms 4. Digital signatures 5. Cryptography pragmatics 6. Case studies: Needham–Schroeder, Kerberos, TLS, 802.11 WiFi 7. Summary 12/6/2017 2
  • 3. 12/6/2017 3 1. INTRODUCTION • Mechanisms for the protection of data and other resources and legal interaction between computer is theme of this topic • Pervasive need for measures to guarantee the privacy, integrity and availability of resources in DS • Security attacks could be eavesdropping, masquerading, tampering and denial of service • Designers of secure DS must cope with exposed service interfaces and insecure networks • Cryptography provides the basis for the authentication of messages as well as their secrecy and integrity • The selection of cryptographic algorithms and the management of keys are critical • Public-key cryptography makes it easy to distribute cryptographic keys but its performance is inadequate for the encryption of bulk data • Digital information can be signed, producing digital certificates • Certificates enable trust to be established among users and organizations
  • 4. 12/6/2017 4 1. INTRODUCTION (Contd…) • The role of cryptography • Digital cryptography provides the basis for most computer security mechanisms • Cryptography is encoding information in a format that only the intended recipients can decode • Cryptography can also be employed to provide proof of the authenticity of information • Previously used only in political and military establishments • The opening of cryptography to public access and use has resulted in a great improvement in cryptographic techniques • Public-key cryptography is one of the fruits of this openness • DES encryption algorithm
  • 6. 12/6/2017 6 1.1 Threats and Attacks • The main goal of security is to restrict access to information and resources to just those principals that are authorized to have access • Security threats fall into three broad classes: 1. Leakage: Refers to the acquisition of information by unauthorized recipients 2. Tampering: Refers to the unauthorized alteration of information 3. Vandalism: Refers to interference with the proper operation of a system without gain to the perpetrator. 1. INTRODUCTION (Contd…)
  • 7. 12/6/2017 7 • Methods of attack can be further classified according to the way in which a channel is misused: 1. Eavesdropping: Obtaining copies of messages without authority 2. Masquerading: Sending or receiving messages using the identity of another principal without their authority. 3. Message tampering: altering the content of messages in transit. Man in the middle attack() tampers with the secure channel mechanism 4. Replaying: Storing intercepted messages and sending them at a later date 5. Denial of service: Flooding a channel or other resource with messages in order to deny access for others. 1. INTRODUCTION (Contd…)
  • 8. 12/6/2017 8 1.2 Securing electronic transactions • Many uses of the Internet in industry, commerce and elsewhere involve transactions that depend crucially on security. For example: 1. Email: when sending a credit card number or the contents and sender of a message must be authenticated 2. Purchase of goods and services: Buyers select goods and pay for them via the Web 3. Banking transactions: Electronic banks offer checking balances and statements, transfer money between accounts, set up regular automatic payments and so on. 4. Micro-transactions: Some webpages like nytimes, London review of book ..etc require subscription to view the content. 1. INTRODUCTION (Contd…)
  • 9. 12/6/2017 9 • Sensible security policies for Internet vendors and buyers lead to the following requirements for securing web purchases: 1. Authenticate the vendor to the buyer. 2. Keep the buyer’s credit card number and other payment details secure 3. Ensure the downloading material without alteration to the customer 4. Authenticate the identity of the account holder to the bank before giving them access to their account 1. INTRODUCTION (Contd…)
  • 10. 12/6/2017 10 1.3 Designing secure systems • Security is about avoiding disasters and minimizing mishaps. • The designer’s aim is to exclude all possible attacks and loopholes • When designing for security it is necessary to assume the worst • The system’s designers must first construct a list of threats, methods by which the security policies might be violated • Show that each of them is prevented by the mechanisms employed • The design of secure systems is an exercise in balancing costs against the threats 1. INTRODUCTION (Contd…)
  • 11. 12/6/2017 11 2. OVERVIEW OF SECURITY TECHNIQUES Worst-case assumptions and design guidelines . 1. Interfaces are exposed: Their communication interfaces are necessarily open– an attacker can send a message to any interface. 2. Networks are insecure: message sources can be falsified 3. Limit the lifetime and scope of each secret: The use of secrets such as passwords and shared secret keys should be time-limited, and sharing should be restricted 4. Algorithms and program code are available to attackers: publish the algorithms used for encryption and authentication, relying only on the secrecy of cryptographic keys 5. Attackers may have access to large resources : assume that attackers will have access to the largest and most powerful computers 6. Minimize the trusted base: all the hardware and software components upon which they rely should be minimized
  • 12. 12/6/2017 12 2.1 Cryptography • Encryption is the process of encoding a message in such a way as to hide its contents. • Modern cryptography includes several secure algorithms for encrypting and decrypting messages • two main classes of encryption algorithm 1. shared secret keys 2. public/private key pairs 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 13. 12/6/2017 13 2.2 Uses of cryptography • Secrecy and integrity: 1. Cryptography is used to maintain the secrecy and integrity of information whenever it is exposed to potential attacks 2. Eg., during transmission across networks that are vulnerable to eavesdropping and message tampering 3. a message that is encrypted with a particular encryption key can only be decrypted by a recipient who knows the corresponding decryption key. 4. Encryption also maintains the integrity of the encrypted information, provided that some redundant information such as a checksum is included and checked. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 14. 12/6/2017 14 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 15. 12/6/2017 15 Scenario 1. Secret communication with a shared secret key: Alice and Bob share a secret key 𝐾𝐴𝐵. 1. Alice uses 𝐾𝐴𝐵and an agreed encryption function E(𝐾𝐴𝐵, M) to encrypt and send any number of messages {𝑀𝑖} 𝐾𝐴𝐵 to Bob 2. Bob decrypts the encrypted messages using the corresponding decryption function D(𝐾𝐴𝐵, M) Issues: • Key distribution: How can Alice send a shared key 𝐾𝐴𝐵 to Bob securely? • Freshness of communication: How does Bob know that any {𝑀𝑖} isn’t a copy of an earlier encrypted message from Alice that was captured by Mallory and replayed later? 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 16. 12/6/2017 16 • Authentication: 1. Cryptography is used in support of mechanisms for authenticating communication between pairs of principals 2. A principal who decrypts a message successfully using a particular key can assume that the message is authentic if it contains a correct checksum or some other expected value 3. They can infer that the sender of the message possessed the corresponding encryption key 4. Hence deduce the identity of the sender if keys are held in private, a successful decryption authenticates the decrypted message as coming from a particular sender 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 17. 12/6/2017 17 Scenario 2. Authenticated communication with a server : Bob is a file server; Sara is an authentication service. Sara shares secret key 𝐾𝐴 with Alice and secret key 𝐾 𝐵 with Bob 1. Alice sends an (unencrypted) message to Sara stating her identity and requesting a ticket for access to Bob 2. Sara sends a response to Alice .{{𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 , 𝐾𝐴𝐵} 𝐾 𝐴 .It is encrypted in 𝐾𝐴 and consist of a ticket(to be sent to Bob with each request for file access) encrypted in 𝐾 𝐵 and a new secret key 𝐾𝐴𝐵 3. Alice uses 𝐾𝐴 to decrypt the response 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. 5. The ticket, originally created by Sara, is actually:{𝐾𝐴𝐵, Alice} 𝐾 𝐵 . Bob decrypts the ticket using his key 𝐾 𝐵,checks that Alice’s name matches and then uses 𝐾𝐴𝐵 when interacting with Alice 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 18. 12/6/2017 18 Scenario 3. Authenticated communication with public keys : Bob has a public/private key pair <𝐾 𝐵𝑝𝑢𝑏, 𝐾 𝐵𝑝𝑟𝑖𝑣> 1. Alice obtains a certificate that was signed by a trusted authority stating Bob’s public key 𝐾 𝐵𝑝𝑢𝑏 2. Alice creates a new shared key 𝐾𝐴𝐵, encrypts it using 𝐾 𝐵𝑝𝑢𝑏 using a public-key algorithm and sends the result to Bob. 3. Bob uses the corresponding private key , 𝐾 𝐵𝑝𝑟𝑖𝑣 to decrypt it. 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. Mallory might intercept Alice’s initial request to a key distribution services for Bob’s public-key certificate and send response containing his own public key. He can then intercept all the subsequent messages. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 19. 12/6/2017 19 • Digital Signatures: 1. Cryptography is used to implement digital signature 2. It verifies to a third party that a message or a document is an unaltered copy of one produced by the signer. 3. It is based upon an irreversible binding to the message or document of a secret known only to the signer 4. This can be achieved by encrypting the message – or better, a compressed form of the message called a digest – using a key that is known only to the signer 5. A digest is a fixed-length value computed by applying a secure digest function 6. A secure digest function is similar to a checksum function, but it is very unlikely to produce a similar digest value for two different messages 7. The resulting encrypted digest acts as a signature that accompanies the message 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 20. 12/6/2017 20 Scenario 3. Digital signatures with a secure digest function :Alice want to publish a document M in such a way that anyone can verify that it is from her. 1. Alice computes a fixed-length digest of the document, Digest(M) 2. Alice encrypts the digest in her private key, appends it to M and makes the resulting signed document(M, {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 )available to the intended users. 3. Bob obtains the signed document, extracts M and computes Digest(M). 4. Bob decrypts {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 using Alice’s public key, 𝐾𝐴𝑝𝑢𝑏, and compares the result with his calculated Digest(M). If they match, the signature is valid . 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 21. 12/6/2017 21 2.3 Certificates • A digital certificate is a document containing a statement (usually short) signed by a principal. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 22. 12/6/2017 22 2.5 Credentials • Credentials are a set of evidence provided by a principal when requesting access to a resource • A certificate from a relevant authority stating the principal’s identity is sufficient • And this would be used to check the principal’s permissions in an access control list 2.6 Firewalls • They protect intranets, performing filtering actions on incoming and outgoing communications • Firewalls produce a local communication environment in which all external communication is intercepted • Messages are forwarded to the intended local recipient only for communications that are explicitly authorized 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  • 23. 12/6/2017 23 3. CRYPTOGRAPHIC ALGORITHMS • A message is encrypted by the sender applying some rule to transform the plaintext message to a ciphertext • The recipient must know the inverse rule in order to transform the ciphertext back into the original plaintext • Other principals are unable to decipher the message unless they also know the inverse rule • The encryption transformation is defined with two parts, a function E and a key K • The resulting encrypted message is written {𝑀} 𝐾 • E( K M )={𝑀} 𝐾 • Decryption is carried out using an inverse function D, which also takes a key as a parameter • D (K ,E (K ,M) )=M
  • 24. 12/6/2017 24 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • Two types of cryptographic algorithm : 1. Symmetric algorithms • E(K, M) = {𝑀} 𝐾 D(K, E(K, M)) = M • Same key for encryption and decryption • if K is not known M must be hard (infeasible) to compute • Usual form of attack is brute-force: try all possible key values for a known pair M, {M}K. Resisted by making K sufficiently large ~ 128 bits 2. Asymmetric algorithms 1. Separate encryption and decryption keys: 𝐾𝑒, 𝐾 𝑑 2. D(𝐾 𝑑,E(𝐾𝑒, M)) = M 3. depends on the use of a trap-door function to make the keys. E has high computational cost. Very large keys > 512 bits
  • 25. 12/6/2017 25 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Block Cipher : • A block cipher consists of two paired algorithms, one for encryption, E, and the other for decryption, D. • Both algorithms accept two inputs: an input block of size n bits and a key of size k bits; and both yield an n-bit output block • The decryption algorithm D is defined to be the inverse function of encryption, i.e., D = E−1 • a block cipher is specified by an encryption function  𝐸 𝑘(P)=E(K,P) :{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛 • The inverse for E is defined as a function  𝐸 𝑘 −1(P)=𝐷 𝑘 (C)=D(K,C):{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛
  • 26. 12/6/2017 26 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Cipher blocks chaining :
  • 27. 12/6/2017 27 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • stream ciphers:  can perform encryption incrementally, converting plaintext to ciphertext one bit at a time
  • 28. 12/6/2017 28 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) 3.1 Secret-key (symmetric) algorithms • These are all programs that perform confusion and diffusion operations on blocks of binary data • TEA: a simple but effective algorithm developed at Cambridge U (1994) for teaching and explanation. 128-bit key, 700 kbytes/sec • DES: The US Data Encryption Standard (1977). No longer strong in its original form. 56-bit key, 350 kbytes/sec. • Triple-DES: applies DES three times with two different keys. 112-bit key, 120 Kbytes/sec • IDEA: International Data Encryption Algorithm (1990). Resembles TEA. 128-bit key, 700 kbytes/sec • AES: A proposed US Advanced Encryption Standard (1997). 128/256-bit key. • The above speeds are for a Pentium II processor at 330 MHZ. Today's PC's (January 2002)should achieve a 5 x speedup.
  • 29. 12/6/2017 29 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
  • 30. 12/6/2017 30 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
  • 31. 12/6/2017 31 4. DIGITAL SIGNATURES • needed in order to certify certain pieces of information • signatures are used to meet the needs of document recipients to verify that the document is  Authentic:  Unforgeable  Non-repudiable: • An electronic document or message M can be signed by a principal A by encrypting a copy of M with a key 𝐾𝐴 and attaching it to a plaintext copy of M and A’s identifier • The signed document consists of: M, A, [𝑀] 𝐾 𝐴 • The signature can be verified by a receiver to check that it was originated by A and that its contents, M, have not been altered.
  • 32. 12/6/2017 32 4. DIGITAL SIGNATURES (Contd…) • 4.1 Secure Digest function : • It is also called secure hash function and denoted H(M) • They must be carefully designed to ensure that H(M) is different from H(M') for all likely pairs of messages M and M' • A secure digest function h = H(M) should have the following properties  Given M, it is easy to compute h  Given h, it is hard to compute M  Given M, it is hard to find another message M', such that H(M) = H(M') • MD5: Developed by Rivest (1992). Computes a 128-bit digest. Speed 1740 kbytes/sec. • SHA: (1995) based on Rivest's MD4 but made more secure by producing a 160-bit digest, speed 750 kbytes/second • Any symmetric encryption algorithm can be used in CBC (cipher block chaining) mode. The last block in the chain is H(M)
  • 33. 12/6/2017 33 4. DIGITAL SIGNATURES (Contd…) 4.2 Digital signatures with public keys :
  • 34. 12/6/2017 34 4. DIGITAL SIGNATURES (Contd…) 4.3 Digital signatures with secret keys – MACs:
  • 35. 12/6/2017 35 5. CRYPTOGRAPHY PRAGMATICS 5.1 Performance of cryptographic algorithms
  • 36. 12/6/2017 36 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi • In early distributed systems (1974-84) it was difficult to protect the servers  E.g. against masquerading attacks on a file server  because there was no mechanism for authenticating the origins of requests  public-key cryptography was not yet available or practical  computers too slow for trap-door calculations  RSA algorithm not available until 1978 • The authentication protocols originally published by Needham and Schroeder are at the heart of many security techniques • Most important applications of their secret-key authentication protocol is the Kerberos system • It was designed to provide authentication between clients and servers in networks that form a single management domain (intranets)
  • 37. 12/6/2017 37 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.1 The Needham–Schroeder authentication protocol
  • 38. 12/6/2017 38 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.2 Kerberos • Secures communication with servers on a local network  Developed at MIT in the 1980s to provide security across a large campus network > 5000 users  based on Needham - Schroeder protocol • Standardized and now included in many operating systems  BSD UNIX, Linux, Windows 2000, NT, XP, etc  Available from MIT • Kerberos server creates a shared secret key for any required server and sends it (encrypted) to the user's computer • User's password is the initial secret shared with Kerberos
  • 39. 12/6/2017 39 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • System architecture of Kerberos
  • 40. 12/6/2017 40 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step A • A-> Name of Kerberos authentication service • T-> Name of Kerberos ticket- granting service • C-> Name of client • n ->A nonce. • t ->A timestamp. • t1-> Starting time for validity of ticket • t2 ->Ending time for validity of ticket
  • 41. 12/6/2017 41 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step B
  • 42. 12/6/2017 42 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step C • Step D
  • 43. 12/6/2017 43 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…)Critiques of Kerberos • Kerberos protocol is too costly to apply on each NFS operation • Kerberos is used in the mount service  to authenticate the user's identity  User's UserID and GroupID are stored at the server with the client's IP address • For each file request  UserID and GroupID are sent encrypted in the shared session key  The UserID and GroupID must match those stored at the server  IP addresses must also match • This approach has some problems  can't accommodate multiple users sharing the same client computer  all remote filestores must be mounted each time a user logs in
  • 44. 12/6/2017 44 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.3 Securing electronic transactions with secure sockets • The Secure Sockets Layer (SSL) protocol was originally developed by the Netscape Corporation • An extended version of SSL has been adopted as an Internet standard under the name Transport Layer Security (TLS) • TLS is supported by most browsers and is widely used in Internet commerce • Negotiable encryption and authentication algorithms  Client use different software or different encryption algorithm.  The laws of some countries restrict the use of certain encryption algorithms  TLS attempt to handle this scenario during initial handshake.  It may turn out that they do not have sufficient algorithms in common, and in that case the connection attempt will fail
  • 45. 12/6/2017 45 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS protocol stack
  • 46. 12/6/2017 46 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS consists of two layers:  TLS Record Protocol layer: which implements a secure channel, encrypting and authenticating messages transmitted through any connection-oriented protocol  handshake layer: containing the TLS handshake protocol and two other related protocols that establish and maintain a TLS session (that is, a secure channel) between a client and a server • The TLS record protocol is a session-level layer; it can be used to transport application level data transparently between a pair of processes while guaranteeing its secrecy, integrity and authenticity • It is probably most widely used to secure HTTP interactions for use in Internet commerce and other security-sensitive applications
  • 47. 12/6/2017 47 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS handshake protocol
  • 48. 12/6/2017 48 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS supports a variety of options for the cryptographic functions to be used known as a cipher suite
  • 49. 12/6/2017 49 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS record protocol
  • 50. 12/6/2017 50 Summary • It is essential to protect the resources, communication channels and interfaces of distributed systems and applications against attacks • This is achieved by the use of access control mechanisms and secure channels • Public-key and secret-key cryptography provide the basis for authentication and for secure communication • Kerberos and SSL are widely-used system components that support secure and authenticated communication.
  • 51. 12/6/2017 51 End of Presentation Thank You !