2. Cryptographic Security
Security Goals
*
Confidentiality : private or confidential
information is not made available or disclosed to
unauthorized individuals.
In industry, hiding some information from competitors
is crucial to the operation of the organization
In banking, customers’ accounts need to be kept
secret.
Integrity : Integrity means changes need to be
done only by authorized entities and through
authorized mechanisms.
In a bank, when a customer deposits or withdraws
money, the balance needs to be changed.
Availability : The information created and stored
by an organization needs to be available to
authorized entities.
3. Cryptographic Security
OSI security Architecture
Security Attack : Any action that compromises
the security of the information.
Security Mechanism : A mechanism that is
designed to detect, prevent or recover from a
security attack.
Security Services : A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.
*
5. Cryptographic Security
Attacks threatening to confidentiality
Snooping : It refers to unauthorized access to or
interception of data. To prevent snooping data
can be made non intelligible by using encryption
techniques.
Traffic analysis : If we had encryption protection
in place, an opponent might still be able to
observe the pattern of these messages. The
opponent could determine the location and
identity of communicating hosts and could
observe the frequency and length of messages
being exchanged. This information might be
useful in guessing the nature of the
communication that was taking place.*
7. Cryptographic Security
Attacks threatening to integrity
Modification : After intercepting or accessing the
information, the attacker modifies the information
to make it beneficial to himself.
A customer sends a message to a bank to do some
transaction. The attacker intercepts the message
and changes the type of transaction to benefit
himself.
Masquerading : Masquerading, or spoofing,
happens when the attacker impersonates
somebody else.
For example, an attacker might steal the bank card
and PIN of a bank customer and pretend that he is
a customer.*
9. Cryptographic Security
Attacks threatening to integrity
Replaying : The attacker obtains a copy of a
message sent by a user and later tries to replay
it.
A person sends a request to his bank to ask for
payment to the attacker, who has done a job for
her. The attacker intercepts the message and sends
it again to receive another payment from the bank.
Repudiation : It is performed by one of the two
parties in the communication. The sender of the
message might later deny that he has sent the
message; the receiver of the message might later
deny that he has received the message.
The sender would be a bank customer asking her
bank to send some money to a third party but later*
11. Cryptographic Security
Attacks threatening to availability
Denial of service : The attacker might intercept
and delete a server’s response to a client, making
the client to believe that the server is not
responding. The attacker may also intercept
requests from clients, causing the clients to send
requests many times and overload the system.
*
12. Cryptographic Security
Passive Vs Active Attacks
Passive attacks : The attacker’s goal is just to
obtain information. He does not modify data or
harm the system.
Active Attacks : An active attack may change
the data or harm the system.
*
Attacks Passive/Active Threatening
Snooping Traffic
analysis
Passive Confidentiality
Modification
Masquerading
Replaying Repudiation
Active Integrity
Denial of Service Active Availability
13. Cryptographic Security
Security Services
ITU-T(X.800)[International Telecommunication
Union-Telecommunication Standardization
Sector] has defined five services related to the
security goals and attacks.
Authentication: This service provides the
authentication of the party at the other end of the
line.
Peer entity authentication: In connection oriented
communication, it provides authentication of the
sender or receiver during the connection
establishment.
Data origin authentication: In connectionless
communication, it authenticates the source of the
data.
*
14. Cryptographic Security
Security Services
Data confidentiality : Data confidentiality is
designed to protect data from disclosure attack. It
is designed to prevent snooping and traffic
analysis attack.
Data integrity : It is designed to protect data from
modification, insertion, deletion and replaying by
an adversary.
Nonrepudiation : Provides protection against
denial by one of the entities involved in a
communication of having participated in all or part
of the communication.
*
15. Cryptographic Security
Security Mechanisms
Encipherment : The use of mathematical
algorithms to transform data into a form that is not
readily intelligible.
Digital Signature : It is a means by which the
sender can electronically sign the data and the
receiver can electronically verify the signature.
Access control : Access control uses methods to
prove that a user has access right to the data or
resources owned by a system. Examples of
proofs are passwords and PIN.
Authentication exchange : In authentication
exchange, two entities exchange some message
to prove their identity to each other.
*
16. Cryptographic Security
Security Mechanisms
Data integrity : The data integrity mechanism
appends to the data a short check value that has
been created by a specific process from he data
itself. The receiver receives the data and the
check value. He creates a new check value from
the received data and compares the newly
created check value with the one received. If the
two check values are the same, the integrity of
data has been preserved.
Traffic Padding : Traffic padding means insertion
of bits into gaps in a data stream to frustrate
traffic analysis attempts.*
17. Cryptographic Security
Security Mechanisms
Routing Control : Routing control means
selecting and continuously changing different
available routes between the sender and the
receiver.
Notarization : The use of a trusted third party to
assure certain properties of a data exchange. The
receiver can involve a trusted party to store the
sender request in order to prevent the sender
from later denying that he has made such a
request.
*
19. Cryptographic Security
Cryptography – Basic Concepts
Cryptography is the study of
Secret (crypto-) writing (-graphy)
Cryptography
The art or science encompassing the principles
and methods of transforming an intelligible
message into one that is unintelligible, and then
retransforming that message back to its original
form.
Plaintext
" The original intelligible message”
Ciphertext
" The transformed message”
*
20. Cryptographic Security
Basic Concepts
Cipher
An algorithm for transforming an intelligible
message into unintelligible by transposition
and/or substitution.
Key
Some critical information used by the cipher,
known only to the sender & receiver.
Encipher (encode)
The process of converting plaintext to ciphertext
Decipher (decode)
The process of converting ciphertext back into
plaintext
*
21. Cryptographic Security
Basic Concepts
Cryptanalysis
The study of principles and methods of
transforming an
unintelligible message back into an intelligible
message without knowledge of the key. Also
called codebreaking.
Cryptology
Both cryptography and cryptanalysis
*