jiricejka, profile picture
Uploaded byjiricejka
969 views

Evolution of Network, Internet, Security and Public cryptography

This document provides an extensive overview of the internet and security, covering key concepts such as communication theory, network models, internet architecture, security methods, and cryptography. It discusses both public and private cryptography, including their algorithms, standards, and applications in securing communications. Additionally, it touches upon historical developments in cryptographic techniques and standards, as well as privacy and public policy implications related to digital communications.

Embed presentation

Downloaded 28 times
Jiri J. Cejka Internet and Security  I. Communication Introduction  II. Internet Introduction  III. Security Introduction  IV. Cryptography  V. Public Cryptography
Jiri J. Cejka Chapter 1 Internet and Security  Communication Introduction – Communication Theory – Communication OSI Model
Jiri J. Cejka Communication theory Case 1  Two army problem  Time Synchronisation  Solution ? Red Army B Red Army A Blue Army
Jiri J. Cejka Communication theory Case 2  Connection Management  Telephone call simulation  Protocol A B Connect request Connect response Connect indication Connect confirm Connect responseConnect confirm Data request Data request (Acknowledgment) Data indication Data indication Disconnect response Disconnect indication Disconnect request time
Jiri J. Cejka Communication Model - 1  Network topology  Interconnection 1 2 3 4 5
Jiri J. Cejka Communication Model - 2  OSI Standard compared with TCP/IP Seven Layers: 7. Application 6. Presentation 5. Session 4. Transport Datagram TCP (Internet Control Protocol) 3. Network Packet IP(ARP),X.25 2. Link Frames CSMA/CD 1. Physical Bits, modems 10011100001000100001 Frame Data AreaFrame Header Datagram Data AreaDatagram Header ICMP Header ICMP Data
Jiri J. Cejka Communication Model - 3  Layer Two - Data Link - Frames Frame-level 1 2 3 4 6 7 Host Frame-level Access Node Node Switcher Bridge Host Access Node 5 Frame-level
Jiri J. Cejka Communication Model - 4  Layer Three - Data Packets 1 2 3 4 5 6 7 Host Packet level 1-3-4-7 Access Node Node Switcher Router Host Access Node Packet level 2-3-4-5-6 Acknowledgment Acknowledgment
Jiri J. Cejka Communication Model - 5  Sliding windows – Datagram – Transport – Data Link Acknowledged Sent Not Sent Messages Source 1 2 3 4 56 4Ack 2 3 4 5 1 Acknowledged 7 6Sent Not Sent Destination Messages Packets Frames
Jiri J. Cejka Chapter 2 Internet and Security  Internet Introduction – What is Internet- history, popularity of usage – Role of Internet - security
Jiri J. Cejka Internet Introduction  What is Internet?  Why has it become so popular?  Is Internet secure enough to build business on it?  If Yes: – HOW do I guarantee Security and Privacy – WHEN should I start to invest into it?
Jiri J. Cejka What is Internet  Definition of Internet  Development 1970 - DARPA  Two fundamental design observation: – No single network can serve all users – Users desire universal interconnections 1 2 3 4 5
Jiri J. Cejka Internet Architecture  User’s view – each computer appears to attach to a single network  Structure of networks and gateways Address assignment: IP Address: <net-id> <host-id> Host : 193.73.248.10 Network: 193.73.248.0 Gateway: 193.73.248.1 Host Host Gateway Physical network INTERNET
Jiri J. Cejka The reasons for the worldwide use  The Flexibility of underlying protocols  Public and free Access – bright spectrum of users – modern design methods  Progress in computing technology  Development of modern GUI driven languages – usage of HTTP, HTML, URL
Jiri J. Cejka Chapter 3 Internet and Security  Security Introduction – Security Methods – Security Model
Jiri J. Cejka Security Introduction  “Public” Internet access versus “Security” – Privacy and Integrity – Authentication and Availability – Data Integrity and Audit techniques – Physical security and Management practices.
Jiri J. Cejka Security Methods  Optimal combination of tools and methods  Cryptography – Transaction security  Firewalls and routers – Unauthorised access  Operating systems – Internal sources 1. Intruder has access to Your system 4. Intercepted on the destination INTERNET 2. Wiretapped during the transmission 3.Stolen while waiting at server Message Origination Message Destination 2. Wiretapped during the transmission INTERNET
Jiri J. Cejka Security Methods  Usage of: – Firewalls – Filtering routers Filtering Router INTERNET External User(s) Firewall Proxy Server DNS Functions Bank Internal Networks Server of Service Provider Internal User Internal System Filtering Router of Service Provider Secured Area
Jiri J. Cejka Security Methods INTERNET External Network External User(s) POLICIES, PROCEDURES, ADMINISTRATION PHYSICALSECURITY Network Access Layer WORKSTATION SECURITY System Access Layer Application Access Layer AUDIT TRIAL SECURITY MONITORING HOST Data Software CHANGE CONTROL Access Control Tables Software
Jiri J. Cejka Security Methods  WEB Security Control Points C2 Firewall #2 INTERNET B2 External Web Server E1 Any External Company Web Server A1 Web Client Browser D1 Any External Internet User’s Web Client Browser COMPANY INTERNAL NETWORK A Company E2 Any Web Server C1 Firewall #1 B1 Internal Web Server
Jiri J. Cejka Chapter 4 Internet and Security  Cryptography Basics – History and different Kinds of security  Cryptography Standards – Private Cryptography – Public Cryptography
Jiri J. Cejka Cryptography Basics  How does simple cryptography works – Message to be encrypted (plaintext) – Message after it is encrypted (ciphertext) – Encryption Algorithm (mathematical function) – Key (number, password, phrase)  Cryptography goal – impossible: plaintext from ciphertext Encryption Algorithm Plaintext Ciphertext Key
Jiri J. Cejka Cryptography Basics  Unbreakable Codes – Code Word - Code Meaning – one shot – restricted to simple information  Ciphers – Technique of scrambling Message – Truly cryptography
Jiri J. Cejka History of Cryptography  Substitution ciphers – Earliest ciphers 2000 B.C. – Julius Ceasar - Shift alphabet – Rennaisance Freemasons -Secret cipher – G. Washington - Assigned numbers  One-Time Pads - Vernam cipher – Each page used once – “Hotline” Stream of numbers as pads –each number defines shift of a letter –fix length numbers: Cryptographic Key A B C D E 0 1 2 3 4 N O P 1. Launch 2. Target 05 08 14 20 01
Jiri J. Cejka Breaking the code  Key Length Length: Variants: Efficiency: – Eurocard 4 digits 10.000 14 bits – UNIX password 8 char 6.3x10^16 56 bits  Breaking the code – Brute force attack – Cryptanalysis –Know plaintext attack –Chosen plaintext attack –Differential Cryptanalysis Plaintext Ciphertext Key
Jiri J. Cejka Private Cryptography  Algorithms  Private Key Algorithms – Key distribution – Types of Private Cryptography –DES, Triple DES 1977 : 56-bit key length –RC2, RC4 Rivest code: 1-1024 bit length –IDEA 1990 Zurich: 128 bit key
Jiri J. Cejka  Sending secret message only after prior arrangement - key exchange  Number of the keys: n*(n-1)/2  Key could be intercepted  Distribution of Keys – Key Distribution Center – (session key) Problems with Private Cryptography A’s private Key Session Key B’s private Key Key Distribution Center KDC
Jiri J. Cejka Public Cryptography  1970 Breakthrough - Asymmetric Algorithms  Generate Keys – Public Key – Private Key Public Key from person B INTERNET Own Secret Key from person B Person A Person B 1. Message is Encrypted 2. Message is Decrypted
Jiri J. Cejka Public Key Systems  1974 Ralph Merkle “Jigsaw puzzle” – Secure communication over insecure channels  1975 Diffie-Hellman – Exponential Key exchange – Multi-user cryptographic techniques – (1975 Private system as Standard DES)  1977 Rivest, Shamir, Adleman: RSA – Easy to multiply two large prime numbers – Difficult to find its prime factors.
Jiri J. Cejka Ralph Merkle’s Puzzles 1. Alice send open message to Bob. 2. Alice creates 1.000000 Encryption Keys. 3. Each key is hidden in one puzzle. -each Puzzle takes 2 Minutes to solve. 4. All puzzles are sent to Bob. 5. Bob chooses one puzzle and unscrambles one key. 6. Bob encrypts previous message with his key. 7. Message is sent to Alice. 8. Alice tries all keys until one fits.(850). Eavesdropper has to try all 1000000 puzzleseach taking him two minutes to solve! Alice 1. 2. : 1000.000 Bob 850 850 1 2. 3. 4. 5. 6. 7. 8.
Jiri J. Cejka Diffie-Hellman Multi-user 1. Alice and Bob agrees on two numbers. They are known and public: a, q. 2. Each part chooses a secret number X: X1, X2 and transmits the results of mathematical formula involving a, q, and X. 3. Both participants compute number K as function of (X1 and Y2) or (X2, Y1). Eavesdropper knows a,q,Y1 and Y2 nut does not know X1 or X2: he cannot compute number K. K is used as a session key for private key encryption algorithm such as DES. Alice BobNumbers a, q K =Y2(exp( X1)(mod q) 1. 2. 3. X1 Y1 = a(exp(X1))(mod q) X2 Y2=f(a,q,X2) K=f(X2,Y1)
Jiri J. Cejka Data Encryption Standard DES  Description of nationwide Standard System  1960 IBM Private encryption system – Lucifer 1974 on a chip for market – length set to 128 bits  1975 NSA and NIST design of DES  Architecture of DES : P-box, S-box  DES controversy 128 Bits-> 56 bit Key – How secure is DES now
Jiri J. Cejka Rivest, Shamir, Adelman: RSA  1977 U.S. patent to MIT  Company RSA DSI marketing – computation intensive – chip production unsuccessful – RSA Bidzos MailSafe  Phil Zimmermann PGP – Encryption on microprocessor – PGP Public key algorithm on PC – Export law, International Version
Jiri J. Cejka How Does RSA works? Each the person has to create key pair consisting of public and secret key. 1. Alice chooses very large two prime numbers P and Q per random. P=47, Q=71. 2. Encryption modulus is created multiplying: N = P * Q. N=3337. 3. The encryption key is created : e is prime to (P-1) * (Q-1) e = 3220 4. Using Euclid algorithm decryption key d is found : d = e(exp-1) *(mod ((P-1) * (Q-1))) d = 1019 5. Then Public key = (N,e) Secret key = d. Then Bob encrypts number X: X(exp e)(mod N) -> A Alice decrypts A: A(exp d)(mod N) -> X
Jiri J. Cejka Privacy and Public Policy  FBI’s Digital Telephony Plan – History if wiretapping – 1995 Cryptography and Constitution  NSA’s Clipper Chip – After DES a new public technology standard – Algorithm “Skipjack” 80 bits – Escrowed Encryption Standard EES –Using Family Key, Chip Key and Session Key – Public usage Administration - Market
Jiri J. Cejka Clipper Chip EES 1. Session Key Conversation - different for each conversation - SKIPJACK (NSA algorithm) 2. Clipper Chip Telephone Session 2.1 UniqueChip A Key 2.2. Chip A Serial Nr 2.3 Checksum 2.4 Family key common to all chips creates Law Enforcement Access Field 3. Escrowed Encryption Standard EES 3.1 Family Key Master Key held by government 3.2. Decrypts LEAF and gives Serial Number 3.3. Two companies give two fragment of Chips key 3.4. Agent creates Chip key and under permission decrypts Session key ChipB Key14365275890364789 14365275890364789 Serial Nr B Checksum BA LEAF A LEAF B Family Key
Jiri J. Cejka Digital Signature Standard - DSS  Proposed by NIST in 1991  Federal Information Process. Standard FIPS – Developed in fact by NSA  Digital Signature Algorithm - DSA – Slower then RSA – Opposition against DSA might contain back door – Used as digital signature only – Using Secure Hash Algorithm SHA 160 bit length
Jiri J. Cejka Comparison Public-Secret Cryptography  Advantages: – Increased security: Secret key is not transmitted –Secret key : sharing the secrecy with other side – Authentication: method for digital signatures – Legal binding for Public-key –Authentication of signature: non-repudiation –Kerberos authenticate only access: not legally bounded  Disadvantages – Speed: solution is combination of secret-public key
Jiri J. Cejka Cryptography  “Without strong cryptography no one will have the confidence – to use networks to conduct business – to engage in commercial transactions electronically – to transmit sensitive personal information”.
Jiri J. Cejka Chapter 5 Internet and Security  Public Cryptography PGP – Public and Secret Key – Pass Phrase – Random Bit & Session Key generation – Digital Signature – Key Rings & Key Certification – Web of Trust
Jiri J. Cejka Public Cryptography Pretty Good Privacy PGP  Generating of Keys – Public Key – Secret Key  Distribution of Keys – Public key ring – Trust – Validity Own Secret Key from person B Public Key from person B INTERNET Person A Person B 1. Message is Encrypted 2. Message is Decrypted
Jiri J. Cejka PGP - Public and Secret key Generating of Public and Secret key: pgp -kg 1. Set-up the length : 512, 1024 bits: 1,2,3 2. Define User ID: <name@comp.com> 3. Defined he Pass Phrase : Text string 4. Generate random number: Text, time Key identifications: Type Bits keyID Date User ID pub 512 C7A966DD 1996/10/09 name@company.com added to pubring.asc sec 512 HIAF12EG 1996/10/09 name@company.com added to secring.asc Public Key from person B INTERNET Own Secret Key from person B Person A Person B 1. Message is Encrypted 2. Message is Decrypted
Jiri J. Cejka PGP- Session Key Encrypting the message using Session Key: pgp -eat <file name> <public key id> - e Session key automatically - a Result as text file - t Source as text file <filename.asc> 1.Session Key is randomly generated Own Secret Key from person B Person A Person B 4. Both encryption are bundled together and sent to person B 5. Message is Decrypted 2. Message is encrypted using IDEA algorithm 3. Session Key encrypted using RSA algorithm and B’s Public Key INTERNET
Jiri J. Cejka PGP-Pass Phrase Decrypting the message Secret Key decryption/encryption pgp <file name.asc> - Secret Key is required to read file - Pass Phrase is needed to unlock RSA key - Using MD5 hash function 128-bit code is generated from the Pass Phrase - IDEA algorithm decrypts Secret Key Local usage of Pass Phrase 1. Encrypting of text file pgp -c <your file> -Pass Phrase required 2. Decrypting of text file pgp <your file.pgp> -Pass Phrase required INTERNET Person A Person B 2.Secret Key is decrypted after encrypted message came 1.Secret Key is encrypted during generation Public/Private key using Pass Phrase 3. Message is decrypted using B’s Secret Key
Jiri J. Cejka INTERNET 4. Seal is encrypted using A’s Public Key Person A Person B 2. The number is encrypted using secret key into a “seal” 1. MessageDigest function is run over the message producing 128-bit number 6. Both digest numbers are compared - if they are same message is authentic. 14365275890364789 3. The signature block “seal” is added to the message ready to be sent in readable form 1436527589036478914365275890364789 5. Message Digest function creates new 128-bit number PGP-Digital Signature Authentication of message - Message Digest Function MD5 unique 128 bit code created - Code encrypted with Secret Key - Pass Phrase is required pgp -sta <file name> - result in <file name.asc> - Signature decrypted with Public Key pgp <file name.asc> - Automatic check with text file Signing and Encrypting -most secure pgp -se <file name>
Jiri J. Cejka Locally created keys stored on Secret Ring 14365275890364789 1. Pass Phrase opens secret key-ring to change any identifications: - From Path Phrase MD5 function counts 128 bit code to decrypt IDEA encryption 2. To Encrypt Text file a random bit generates a Session key to Encrypt file using IDEA 3. Message is encrypted using Session Key and conventional IDEA algorithm 4. The Session Key is encrypted using RSA and Recipient’s Public key 5. Using MD5 Function and Secret Key generates Digital Signature PGP- Key Rings Received keys stored on Public Ring Random bit generator “Any secret text..” MD5 RSA IDEA MD5
Jiri J. Cejka PGP- Key Certification Public Key Certification is built into PGP: - Validity - Identification that the key received really belongs to the person to whom it says it belongs. - Trust - Measure of how much you believe honesty and judgment of the person created the key. INTERNET Person A Person B 14365275889 143652758901436524789
Jiri J. Cejka John John does not believe Phil’s certification John trusts Jane John does not trust Chris. John does not trust any person certification by Chris Jane certifies Phil Certifying and Distributing of Public Keys: - John’s trusts - John’s belief of identity - No trust, no belief of identify Jane Phil Phil certifies Lori Lori PGP-Web of Trust John believes Jane’s certification of Phil Chris
Jiri J. Cejka Adding Key with Signatures on Public ring pgp -ka <file name.pgp> Key Fingeprint is displayed - Key’s unique Digest of 128 bits code Key can be certified personally - RSA Secret Key has to be unlocked - Pass Phrase is needed Level of Trust has to be added: 1= Not known, 2= No, 3=Usually, 4= Always. Viewing Public key ring and Signatures pgp -kc Type bits/KeyID Date User ID pub 512/ 33681029 1994/08/28 Name1 <name1@.comp1.com> sig! A71712F9 1994/12/28 Name2 <name2@.comp2.com> Key ID Trust Validity User ID 33681029 marginal complete Name1 <name1@comp1.com> complete complete Name2<name2@comp2.com> pgp -kvv Viewing Fingerprint PGP- Adding Public Key
Jiri J. Cejka “Only those defenses are good, certain and durable, which depend on yourself alone and your own ability”. The Prince - Nicollo Machiavelli Internet Security Resume

More Related Content

PPTX
Cryptography and Network Security
byPa Van Tanku
 
PPTX
Cryptography
byRutuja Solkar
 
PPS
Itt project
byHarish Kumar
 
PDF
Hybrid Cryptography with examples in Ruby and Go
byEleanor McHugh
 
PPTX
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
PPTX
Cryptography
byokolo chukwudumebi prince
 
PPTX
Network security and cryptography
byPavithra renu
 
PPTX
Encryption And Decryption Using AES Algorithm
byAhmed Raza Shaikh
 
Cryptography and Network Security
byPa Van Tanku
 
Cryptography
byRutuja Solkar
 
Itt project
byHarish Kumar
 
Hybrid Cryptography with examples in Ruby and Go
byEleanor McHugh
 
Basic Cryptography unit 4 CSS
byDr. SURBHI SAROHA
 
Cryptography
byokolo chukwudumebi prince
 
Network security and cryptography
byPavithra renu
 
Encryption And Decryption Using AES Algorithm
byAhmed Raza Shaikh
 

What's hot

PPT
6. cryptography
by7wounders
 
PPTX
Intro to modern cryptography
byzahid-mian
 
PPT
Cryptography
byamiable_indian
 
PPTX
Cryptography
byShivanand Arur
 
PPT
Data encryption, Description, DES
byHuawei Technologies
 
PPTX
Cryptography
bysubodh pawar
 
PPTX
Information and network security 31 public key cryptography
byVaibhav Khanna
 
PPTX
Basic cryptography
byPerfect Training Center
 
PPTX
Cryptography - 101
byn|u - The Open Security Community
 
PPTX
Symmetric and asymmetric key
byTriad Square InfoSec
 
PPTX
Encryption
bykeith dias
 
PPT
Encryption
byNaiyan Noor
 
PPTX
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
DOCX
Data encryption standard
byPrasad Prabhu
 
PPT
Encryption
byIGZ Software house
 
PDF
Data Encryption Standard
byAmirul Wiramuda
 
PPTX
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
bySwati Nagpal
 
PPT
Cryptography
byPPT4U
 
ODP
Encryption Techniques
byDel Elson
 
6. cryptography
by7wounders
 
Intro to modern cryptography
byzahid-mian
 
Cryptography
byamiable_indian
 
Cryptography
byShivanand Arur
 
Data encryption, Description, DES
byHuawei Technologies
 
Cryptography
bysubodh pawar
 
Information and network security 31 public key cryptography
byVaibhav Khanna
 
Basic cryptography
byPerfect Training Center
 
Cryptography - 101
byn|u - The Open Security Community
 
Symmetric and asymmetric key
byTriad Square InfoSec
 
Encryption
bykeith dias
 
Encryption
byNaiyan Noor
 
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
Data encryption standard
byPrasad Prabhu
 
Encryption
byIGZ Software house
 
Data Encryption Standard
byAmirul Wiramuda
 
Encryption/Decryption Algorithm for Devanagri Script(Affine Cipher)
bySwati Nagpal
 
Cryptography
byPPT4U
 
Encryption Techniques
byDel Elson
 

Viewers also liked

PPTX
Presentación1
byArchi Teachers
 
PDF
Inwizards Home based Websites
byAnuj Singh
 
PDF
Getxoko Liburutegien txostena 2016
byGETXOKO LIBURUTEGIAK
 
DOCX
тести за повістю Нечуя-Левицького
byМихаил Ярыш
 
PPTX
Pechacucha ley de protección de datos
bypvarela46
 
DOCX
приклад. курс
byoquzaman
 
PPTX
Les écosystèmes. lucía g., blanca y ana
byjlealleon
 
PDF
A Review on Channel Capacity Enhancement in OFDM
bypaperpublications3
 
PDF
Allen Bradley PLC V/S Siemens PLC
bypaperpublications3
 
PPTX
пэп En 23.03
byTianDe
 
PPTX
Reproducció humana, Hugo, Roureda
byceiproureda
 
PDF
De harde en hardnekkige kanten van RCA
byCoThink
 
PDF
Integrating daylight in interiors
byAzra Maliha
 
PDF
A Review of Maximum Power Point Tracking: Design and Implementation
bypaperpublications3
 
Presentación1
byArchi Teachers
 
Inwizards Home based Websites
byAnuj Singh
 
Getxoko Liburutegien txostena 2016
byGETXOKO LIBURUTEGIAK
 
тести за повістю Нечуя-Левицького
byМихаил Ярыш
 
Pechacucha ley de protección de datos
bypvarela46
 
приклад. курс
byoquzaman
 
Les écosystèmes. lucía g., blanca y ana
byjlealleon
 
A Review on Channel Capacity Enhancement in OFDM
bypaperpublications3
 
Allen Bradley PLC V/S Siemens PLC
bypaperpublications3
 
пэп En 23.03
byTianDe
 
Reproducció humana, Hugo, Roureda
byceiproureda
 
De harde en hardnekkige kanten van RCA
byCoThink
 
Integrating daylight in interiors
byAzra Maliha
 
A Review of Maximum Power Point Tracking: Design and Implementation
bypaperpublications3
 

Similar to Evolution of Network, Internet, Security and Public cryptography

PPT
Network security
byRamasubbu .P
 
PPTX
cyber security attacks cyber security attacks
byNiharikaGuptas
 
PPTX
Net
byRaviteja
 
PPTX
IEDA 3302 e-commerce_secure-communications.pptx
byssuser6d0da2
 
PPT
MyTutorialON Cryptography.ppt
byhalosidiq1
 
PPT
Network Security Presentation Stallings.
byAratiKothari2
 
PPT
CS553 ST7 Ch21 Network Security chapter 21
byKhaledMohammadSoradi
 
PPT
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
byBinyamBekeleMoges
 
PPTX
chapter 7.pptx
byMelkamtseganewTigabi1
 
PDF
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
PPTX
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
PPTX
jim kurose cn bookChapter_8new_v8.1.pptx
bySabeehAhmad10
 
PPTX
Chapter security of computer_8_v8.1.pptx
by78linux78
 
ODP
Network Security
byhj43us
 
PPTX
Cryptography Security by IITs profs.pptx
by24je0468
 
PPT
Hardware Network Trojans for neural Networks
bygayathrid55
 
PPT
Network Security and Cryptography
byAdam Reagan
 
PDF
CNIT 123 12: Cryptography
bySam Bowne
 
PPTX
cryptographic basics updated by IIT.pptx
by24je0468
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY [Autosaved].pptx
byasjadzaki2021
 
Network security
byRamasubbu .P
 
cyber security attacks cyber security attacks
byNiharikaGuptas
 
Net
byRaviteja
 
IEDA 3302 e-commerce_secure-communications.pptx
byssuser6d0da2
 
MyTutorialON Cryptography.ppt
byhalosidiq1
 
Network Security Presentation Stallings.
byAratiKothari2
 
CS553 ST7 Ch21 Network Security chapter 21
byKhaledMohammadSoradi
 
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
byBinyamBekeleMoges
 
chapter 7.pptx
byMelkamtseganewTigabi1
 
Fundamentals of Cryptography: Securing Data in the Digital Age
byavengersimran16
 
SEMINAR CRYPTOGRAPHY AND NETWORK BASICS.pptx
byJeevaR43
 
jim kurose cn bookChapter_8new_v8.1.pptx
bySabeehAhmad10
 
Chapter security of computer_8_v8.1.pptx
by78linux78
 
Network Security
byhj43us
 
Cryptography Security by IITs profs.pptx
by24je0468
 
Hardware Network Trojans for neural Networks
bygayathrid55
 
Network Security and Cryptography
byAdam Reagan
 
CNIT 123 12: Cryptography
bySam Bowne
 
cryptographic basics updated by IIT.pptx
by24je0468
 
CRYPTOGRAPHY & NETWORK SECURITY [Autosaved].pptx
byasjadzaki2021
 

Evolution of Network, Internet, Security and Public cryptography

  • 1.
    Jiri J. Cejka Internetand Security  I. Communication Introduction  II. Internet Introduction  III. Security Introduction  IV. Cryptography  V. Public Cryptography
  • 2.
    Jiri J. Cejka Chapter1 Internet and Security  Communication Introduction – Communication Theory – Communication OSI Model
  • 3.
    Jiri J. Cejka Communicationtheory Case 1  Two army problem  Time Synchronisation  Solution ? Red Army B Red Army A Blue Army
  • 4.
    Jiri J. Cejka Communicationtheory Case 2  Connection Management  Telephone call simulation  Protocol A B Connect request Connect response Connect indication Connect confirm Connect responseConnect confirm Data request Data request (Acknowledgment) Data indication Data indication Disconnect response Disconnect indication Disconnect request time
  • 5.
    Jiri J. Cejka CommunicationModel - 1  Network topology  Interconnection 1 2 3 4 5
  • 6.
    Jiri J. Cejka CommunicationModel - 2  OSI Standard compared with TCP/IP Seven Layers: 7. Application 6. Presentation 5. Session 4. Transport Datagram TCP (Internet Control Protocol) 3. Network Packet IP(ARP),X.25 2. Link Frames CSMA/CD 1. Physical Bits, modems 10011100001000100001 Frame Data AreaFrame Header Datagram Data AreaDatagram Header ICMP Header ICMP Data
  • 7.
    Jiri J. Cejka CommunicationModel - 3  Layer Two - Data Link - Frames Frame-level 1 2 3 4 6 7 Host Frame-level Access Node Node Switcher Bridge Host Access Node 5 Frame-level
  • 8.
    Jiri J. Cejka CommunicationModel - 4  Layer Three - Data Packets 1 2 3 4 5 6 7 Host Packet level 1-3-4-7 Access Node Node Switcher Router Host Access Node Packet level 2-3-4-5-6 Acknowledgment Acknowledgment
  • 9.
    Jiri J. Cejka CommunicationModel - 5  Sliding windows – Datagram – Transport – Data Link Acknowledged Sent Not Sent Messages Source 1 2 3 4 56 4Ack 2 3 4 5 1 Acknowledged 7 6Sent Not Sent Destination Messages Packets Frames
  • 10.
    Jiri J. Cejka Chapter2 Internet and Security  Internet Introduction – What is Internet- history, popularity of usage – Role of Internet - security
  • 11.
    Jiri J. Cejka InternetIntroduction  What is Internet?  Why has it become so popular?  Is Internet secure enough to build business on it?  If Yes: – HOW do I guarantee Security and Privacy – WHEN should I start to invest into it?
  • 12.
    Jiri J. Cejka Whatis Internet  Definition of Internet  Development 1970 - DARPA  Two fundamental design observation: – No single network can serve all users – Users desire universal interconnections 1 2 3 4 5
  • 13.
    Jiri J. Cejka InternetArchitecture  User’s view – each computer appears to attach to a single network  Structure of networks and gateways Address assignment: IP Address: <net-id> <host-id> Host : 193.73.248.10 Network: 193.73.248.0 Gateway: 193.73.248.1 Host Host Gateway Physical network INTERNET
  • 14.
    Jiri J. Cejka Thereasons for the worldwide use  The Flexibility of underlying protocols  Public and free Access – bright spectrum of users – modern design methods  Progress in computing technology  Development of modern GUI driven languages – usage of HTTP, HTML, URL
  • 15.
    Jiri J. Cejka Chapter3 Internet and Security  Security Introduction – Security Methods – Security Model
  • 16.
    Jiri J. Cejka SecurityIntroduction  “Public” Internet access versus “Security” – Privacy and Integrity – Authentication and Availability – Data Integrity and Audit techniques – Physical security and Management practices.
  • 17.
    Jiri J. Cejka SecurityMethods  Optimal combination of tools and methods  Cryptography – Transaction security  Firewalls and routers – Unauthorised access  Operating systems – Internal sources 1. Intruder has access to Your system 4. Intercepted on the destination INTERNET 2. Wiretapped during the transmission 3.Stolen while waiting at server Message Origination Message Destination 2. Wiretapped during the transmission INTERNET
  • 18.
    Jiri J. Cejka SecurityMethods  Usage of: – Firewalls – Filtering routers Filtering Router INTERNET External User(s) Firewall Proxy Server DNS Functions Bank Internal Networks Server of Service Provider Internal User Internal System Filtering Router of Service Provider Secured Area
  • 19.
    Jiri J. Cejka SecurityMethods INTERNET External Network External User(s) POLICIES, PROCEDURES, ADMINISTRATION PHYSICALSECURITY Network Access Layer WORKSTATION SECURITY System Access Layer Application Access Layer AUDIT TRIAL SECURITY MONITORING HOST Data Software CHANGE CONTROL Access Control Tables Software
  • 20.
    Jiri J. Cejka SecurityMethods  WEB Security Control Points C2 Firewall #2 INTERNET B2 External Web Server E1 Any External Company Web Server A1 Web Client Browser D1 Any External Internet User’s Web Client Browser COMPANY INTERNAL NETWORK A Company E2 Any Web Server C1 Firewall #1 B1 Internal Web Server
  • 21.
    Jiri J. Cejka Chapter4 Internet and Security  Cryptography Basics – History and different Kinds of security  Cryptography Standards – Private Cryptography – Public Cryptography
  • 22.
    Jiri J. Cejka CryptographyBasics  How does simple cryptography works – Message to be encrypted (plaintext) – Message after it is encrypted (ciphertext) – Encryption Algorithm (mathematical function) – Key (number, password, phrase)  Cryptography goal – impossible: plaintext from ciphertext Encryption Algorithm Plaintext Ciphertext Key
  • 23.
    Jiri J. Cejka CryptographyBasics  Unbreakable Codes – Code Word - Code Meaning – one shot – restricted to simple information  Ciphers – Technique of scrambling Message – Truly cryptography
  • 24.
    Jiri J. Cejka Historyof Cryptography  Substitution ciphers – Earliest ciphers 2000 B.C. – Julius Ceasar - Shift alphabet – Rennaisance Freemasons -Secret cipher – G. Washington - Assigned numbers  One-Time Pads - Vernam cipher – Each page used once – “Hotline” Stream of numbers as pads –each number defines shift of a letter –fix length numbers: Cryptographic Key A B C D E 0 1 2 3 4 N O P 1. Launch 2. Target 05 08 14 20 01
  • 25.
    Jiri J. Cejka Breakingthe code  Key Length Length: Variants: Efficiency: – Eurocard 4 digits 10.000 14 bits – UNIX password 8 char 6.3x10^16 56 bits  Breaking the code – Brute force attack – Cryptanalysis –Know plaintext attack –Chosen plaintext attack –Differential Cryptanalysis Plaintext Ciphertext Key
  • 26.
    Jiri J. Cejka PrivateCryptography  Algorithms  Private Key Algorithms – Key distribution – Types of Private Cryptography –DES, Triple DES 1977 : 56-bit key length –RC2, RC4 Rivest code: 1-1024 bit length –IDEA 1990 Zurich: 128 bit key
  • 27.
    Jiri J. Cejka Sending secret message only after prior arrangement - key exchange  Number of the keys: n*(n-1)/2  Key could be intercepted  Distribution of Keys – Key Distribution Center – (session key) Problems with Private Cryptography A’s private Key Session Key B’s private Key Key Distribution Center KDC
  • 28.
    Jiri J. Cejka PublicCryptography  1970 Breakthrough - Asymmetric Algorithms  Generate Keys – Public Key – Private Key Public Key from person B INTERNET Own Secret Key from person B Person A Person B 1. Message is Encrypted 2. Message is Decrypted
  • 29.
    Jiri J. Cejka PublicKey Systems  1974 Ralph Merkle “Jigsaw puzzle” – Secure communication over insecure channels  1975 Diffie-Hellman – Exponential Key exchange – Multi-user cryptographic techniques – (1975 Private system as Standard DES)  1977 Rivest, Shamir, Adleman: RSA – Easy to multiply two large prime numbers – Difficult to find its prime factors.
  • 30.
    Jiri J. Cejka RalphMerkle’s Puzzles 1. Alice send open message to Bob. 2. Alice creates 1.000000 Encryption Keys. 3. Each key is hidden in one puzzle. -each Puzzle takes 2 Minutes to solve. 4. All puzzles are sent to Bob. 5. Bob chooses one puzzle and unscrambles one key. 6. Bob encrypts previous message with his key. 7. Message is sent to Alice. 8. Alice tries all keys until one fits.(850). Eavesdropper has to try all 1000000 puzzleseach taking him two minutes to solve! Alice 1. 2. : 1000.000 Bob 850 850 1 2. 3. 4. 5. 6. 7. 8.
  • 31.
    Jiri J. Cejka Diffie-HellmanMulti-user 1. Alice and Bob agrees on two numbers. They are known and public: a, q. 2. Each part chooses a secret number X: X1, X2 and transmits the results of mathematical formula involving a, q, and X. 3. Both participants compute number K as function of (X1 and Y2) or (X2, Y1). Eavesdropper knows a,q,Y1 and Y2 nut does not know X1 or X2: he cannot compute number K. K is used as a session key for private key encryption algorithm such as DES. Alice BobNumbers a, q K =Y2(exp( X1)(mod q) 1. 2. 3. X1 Y1 = a(exp(X1))(mod q) X2 Y2=f(a,q,X2) K=f(X2,Y1)
  • 32.
    Jiri J. Cejka DataEncryption Standard DES  Description of nationwide Standard System  1960 IBM Private encryption system – Lucifer 1974 on a chip for market – length set to 128 bits  1975 NSA and NIST design of DES  Architecture of DES : P-box, S-box  DES controversy 128 Bits-> 56 bit Key – How secure is DES now
  • 33.
    Jiri J. Cejka Rivest,Shamir, Adelman: RSA  1977 U.S. patent to MIT  Company RSA DSI marketing – computation intensive – chip production unsuccessful – RSA Bidzos MailSafe  Phil Zimmermann PGP – Encryption on microprocessor – PGP Public key algorithm on PC – Export law, International Version
  • 34.
    Jiri J. Cejka HowDoes RSA works? Each the person has to create key pair consisting of public and secret key. 1. Alice chooses very large two prime numbers P and Q per random. P=47, Q=71. 2. Encryption modulus is created multiplying: N = P * Q. N=3337. 3. The encryption key is created : e is prime to (P-1) * (Q-1) e = 3220 4. Using Euclid algorithm decryption key d is found : d = e(exp-1) *(mod ((P-1) * (Q-1))) d = 1019 5. Then Public key = (N,e) Secret key = d. Then Bob encrypts number X: X(exp e)(mod N) -> A Alice decrypts A: A(exp d)(mod N) -> X
  • 35.
    Jiri J. Cejka Privacyand Public Policy  FBI’s Digital Telephony Plan – History if wiretapping – 1995 Cryptography and Constitution  NSA’s Clipper Chip – After DES a new public technology standard – Algorithm “Skipjack” 80 bits – Escrowed Encryption Standard EES –Using Family Key, Chip Key and Session Key – Public usage Administration - Market
  • 36.
    Jiri J. Cejka ClipperChip EES 1. Session Key Conversation - different for each conversation - SKIPJACK (NSA algorithm) 2. Clipper Chip Telephone Session 2.1 UniqueChip A Key 2.2. Chip A Serial Nr 2.3 Checksum 2.4 Family key common to all chips creates Law Enforcement Access Field 3. Escrowed Encryption Standard EES 3.1 Family Key Master Key held by government 3.2. Decrypts LEAF and gives Serial Number 3.3. Two companies give two fragment of Chips key 3.4. Agent creates Chip key and under permission decrypts Session key ChipB Key14365275890364789 14365275890364789 Serial Nr B Checksum BA LEAF A LEAF B Family Key
  • 37.
    Jiri J. Cejka DigitalSignature Standard - DSS  Proposed by NIST in 1991  Federal Information Process. Standard FIPS – Developed in fact by NSA  Digital Signature Algorithm - DSA – Slower then RSA – Opposition against DSA might contain back door – Used as digital signature only – Using Secure Hash Algorithm SHA 160 bit length
  • 38.
    Jiri J. Cejka ComparisonPublic-Secret Cryptography  Advantages: – Increased security: Secret key is not transmitted –Secret key : sharing the secrecy with other side – Authentication: method for digital signatures – Legal binding for Public-key –Authentication of signature: non-repudiation –Kerberos authenticate only access: not legally bounded  Disadvantages – Speed: solution is combination of secret-public key
  • 39.
    Jiri J. Cejka Cryptography “Without strong cryptography no one will have the confidence – to use networks to conduct business – to engage in commercial transactions electronically – to transmit sensitive personal information”.
  • 40.
    Jiri J. Cejka Chapter5 Internet and Security  Public Cryptography PGP – Public and Secret Key – Pass Phrase – Random Bit & Session Key generation – Digital Signature – Key Rings & Key Certification – Web of Trust
  • 41.
    Jiri J. Cejka PublicCryptography Pretty Good Privacy PGP  Generating of Keys – Public Key – Secret Key  Distribution of Keys – Public key ring – Trust – Validity Own Secret Key from person B Public Key from person B INTERNET Person A Person B 1. Message is Encrypted 2. Message is Decrypted
  • 42.
    Jiri J. Cejka PGP- Public and Secret key Generating of Public and Secret key: pgp -kg 1. Set-up the length : 512, 1024 bits: 1,2,3 2. Define User ID: <name@comp.com> 3. Defined he Pass Phrase : Text string 4. Generate random number: Text, time Key identifications: Type Bits keyID Date User ID pub 512 C7A966DD 1996/10/09 name@company.com added to pubring.asc sec 512 HIAF12EG 1996/10/09 name@company.com added to secring.asc Public Key from person B INTERNET Own Secret Key from person B Person A Person B 1. Message is Encrypted 2. Message is Decrypted
  • 43.
    Jiri J. Cejka PGP-Session Key Encrypting the message using Session Key: pgp -eat <file name> <public key id> - e Session key automatically - a Result as text file - t Source as text file <filename.asc> 1.Session Key is randomly generated Own Secret Key from person B Person A Person B 4. Both encryption are bundled together and sent to person B 5. Message is Decrypted 2. Message is encrypted using IDEA algorithm 3. Session Key encrypted using RSA algorithm and B’s Public Key INTERNET
  • 44.
    Jiri J. Cejka PGP-PassPhrase Decrypting the message Secret Key decryption/encryption pgp <file name.asc> - Secret Key is required to read file - Pass Phrase is needed to unlock RSA key - Using MD5 hash function 128-bit code is generated from the Pass Phrase - IDEA algorithm decrypts Secret Key Local usage of Pass Phrase 1. Encrypting of text file pgp -c <your file> -Pass Phrase required 2. Decrypting of text file pgp <your file.pgp> -Pass Phrase required INTERNET Person A Person B 2.Secret Key is decrypted after encrypted message came 1.Secret Key is encrypted during generation Public/Private key using Pass Phrase 3. Message is decrypted using B’s Secret Key
  • 45.
    Jiri J. Cejka INTERNET 4.Seal is encrypted using A’s Public Key Person A Person B 2. The number is encrypted using secret key into a “seal” 1. MessageDigest function is run over the message producing 128-bit number 6. Both digest numbers are compared - if they are same message is authentic. 14365275890364789 3. The signature block “seal” is added to the message ready to be sent in readable form 1436527589036478914365275890364789 5. Message Digest function creates new 128-bit number PGP-Digital Signature Authentication of message - Message Digest Function MD5 unique 128 bit code created - Code encrypted with Secret Key - Pass Phrase is required pgp -sta <file name> - result in <file name.asc> - Signature decrypted with Public Key pgp <file name.asc> - Automatic check with text file Signing and Encrypting -most secure pgp -se <file name>
  • 46.
    Jiri J. Cejka Locallycreated keys stored on Secret Ring 14365275890364789 1. Pass Phrase opens secret key-ring to change any identifications: - From Path Phrase MD5 function counts 128 bit code to decrypt IDEA encryption 2. To Encrypt Text file a random bit generates a Session key to Encrypt file using IDEA 3. Message is encrypted using Session Key and conventional IDEA algorithm 4. The Session Key is encrypted using RSA and Recipient’s Public key 5. Using MD5 Function and Secret Key generates Digital Signature PGP- Key Rings Received keys stored on Public Ring Random bit generator “Any secret text..” MD5 RSA IDEA MD5
  • 47.
    Jiri J. Cejka PGP-Key Certification Public Key Certification is built into PGP: - Validity - Identification that the key received really belongs to the person to whom it says it belongs. - Trust - Measure of how much you believe honesty and judgment of the person created the key. INTERNET Person A Person B 14365275889 143652758901436524789
  • 48.
    Jiri J. Cejka John Johndoes not believe Phil’s certification John trusts Jane John does not trust Chris. John does not trust any person certification by Chris Jane certifies Phil Certifying and Distributing of Public Keys: - John’s trusts - John’s belief of identity - No trust, no belief of identify Jane Phil Phil certifies Lori Lori PGP-Web of Trust John believes Jane’s certification of Phil Chris
  • 49.
    Jiri J. Cejka AddingKey with Signatures on Public ring pgp -ka <file name.pgp> Key Fingeprint is displayed - Key’s unique Digest of 128 bits code Key can be certified personally - RSA Secret Key has to be unlocked - Pass Phrase is needed Level of Trust has to be added: 1= Not known, 2= No, 3=Usually, 4= Always. Viewing Public key ring and Signatures pgp -kc Type bits/KeyID Date User ID pub 512/ 33681029 1994/08/28 Name1 <name1@.comp1.com> sig! A71712F9 1994/12/28 Name2 <name2@.comp2.com> Key ID Trust Validity User ID 33681029 marginal complete Name1 <name1@comp1.com> complete complete Name2<name2@comp2.com> pgp -kvv Viewing Fingerprint PGP- Adding Public Key
  • 50.
    Jiri J. Cejka “Onlythose defenses are good, certain and durable, which depend on yourself alone and your own ability”. The Prince - Nicollo Machiavelli Internet Security Resume