SlideShare a Scribd company logo

MyTutorialON Cryptography.ppt

Download as PPT, PDF
H
halosidiq1

cryptography is the essential of computer security

Technology
1 of 34
1/17/2024 Tutorial on Network Security: Sep 2003 1 Network Security Bijendra Jain (bnj@cse.iitd.ernet.in)
1/17/2024 Tutorial on Network Security: Sep 2003 2 Lecture 1: Introduction
1/17/2024 Tutorial on Network Security: Sep 2003 3 Top-level issues  Safety, security and privacy  Security policy – threats, both external and internal – economic gains – cost of securing resources – cryptographic methods vs. physical security  Information security: – nature of resources (HW, SW, information) – during storage, access and communication – limited to a single computer vs. network security – various layers (physical through application layers)
1/17/2024 Tutorial on Network Security: Sep 2003 4 Security threats  Intentional vs. accidental  Various forms of violations: – Non-destructive – Destructive – Repudiation – Denial of service  Threat techniques: – crypt-analysis – snooping – masquerading – replay attacks – virus, worms – etc.
1/17/2024 Tutorial on Network Security: Sep 2003 5 Security services  Services (or functions) vs. mechanisms  Security functions: – confidentiality – authentication – integrity – non-repudiation – access control – availability
1/17/2024 Tutorial on Network Security: Sep 2003 6 Security mechanisms  Physical controls  Audit trails  Fraud detection (data mining)  Steganography  Encryption: – private-key vs. public-key encryption – key generation, exchange, and management – certification  Firewalls  etc.
1/17/2024 Tutorial on Network Security: Sep 2003 7 Lecture 2: Symmetric-key encryption
1/17/2024 Tutorial on Network Security: Sep 2003 8 Cryptographic systems  Symmetric vs. asymmetric encryption  Number of keys used  Key lengths  Block vs. stream cipher  Crypt-analysis (assume algorithm is known) – ciphertext (only) – plaintext + ciphertext – chosen plaintext + ciphertext – chosen ciphertext + plaintext Key size Possible no. of keys Time to crack (1 encryption/microsec) Time to crack (106 encryptions/microsec) 32 109 36 min 2. msec 56 1016 1100 years 10 hrs 128 1038 5 x 1024 years 5 x 1018 years 26 character permutation 1026 6 x 1012 years 6 x 106 years
1/17/2024 Tutorial on Network Security: Sep 2003 9 Symmetric cryptographic system  Symmetric encryption – Plaintext, X – Ciphertext, Y – Secret keys for encryption, decryption, K Secret key, K Encrypt EK(X) Decrypt DK(X) Crypt- analysis X Y X K K Secure channel Insecure channel
1/17/2024 Tutorial on Network Security: Sep 2003 10 Asymmetric cryptographic system  Asymmetric encryption – Plaintext, X – Ciphertext, Y – Two keys K1, and K2. One is secret, other is public – One of them (secret or public) is used to encrypt, the other for decryption – Helps with confidentiality, digital signatures Key generation, management Encrypt EK(X) Decrypt DK(X) Crypt- analysis X Y X K1 K2 Insecure channel
1/17/2024 Tutorial on Network Security: Sep 2003 11 Symmetric encryption  Substitution cipher  Transposition cipher  DES  Triple DES  Blowfish, RC5, RC4, etc.
1/17/2024 Tutorial on Network Security: Sep 2003 12 Substitution cipher  Ceasar cipher – encrypt C  (p+k) mod n – decrypt p  (C-k) mod n – assumes set of n characters – easily breakable in n-1 steps  Substitute using n x n table – encrypt Ci  lookup_encrypt(pi) – decrypt pj  lookup_decrypt(Cj) – 26! Different keys – may be broken using known “relative frequency” of each character – To counter:  use multiple symbols to substitute  substitute multiple symbols at a time – e.g. two letter strings at a time
1/17/2024 Tutorial on Network Security: Sep 2003 13 Transposition cipher  Transposition example:  To make it more secure: – transposition it multiple times – combine it with substitution ciphers Key 4 3 1 2 5 6 7 Plaintext a t t a c k p o s t p o n e d u n t I l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
1/17/2024 Tutorial on Network Security: Sep 2003 14 DES  Combination of several substitution and transposition ops – Applied to each block of size 64 bits – Key is 56 bits – Uses portions of key at different steps – Uses techniques referred to by “diffusion and confusion”  Developed by IBM 1971-73, accepted by NBS (USA) as a standard in 1977  Primarily a block cipher Decrypt DK(X) P1 K C1 Encypt EK(X) C1 K P1
1/17/2024 Tutorial on Network Security: Sep 2003 15 DES encryption algorithm Initial permutation Round 1 Round 2 Round 16 32-bit swap Inverse permute K1 K2 K16 Permuted key Permuted key Permuted key Left circular shift Left circular shift Left circular shift Permuted key 64-bit plaintext 64-bit ciphertext 56-bit key
1/17/2024 Tutorial on Network Security: Sep 2003 16 Cipher Block Chaining Encrypt EK(X) C1 IV K + P1 Encrypt EK(X) C2 + P2 K Decrypt DK(X) P1 IV K + C1 P2 C2 Decrypt DK(X) K + Primarily a block cipher –May be used in “block chaining mode”
1/17/2024 Tutorial on Network Security: Sep 2003 17 Strength of DES  Key size of 56 bits appears to be too small – In 1993 Weiner developed HW device for $100K with 5760 search engines to break it in 35 hours – In 1997, 70,000 systems on Internet discovered the key in less than 96 days (part of plaintext is given) – Automating the process is difficult, unless plaintext is known  Perhaps breakable by studying and exploiting weakness – Differential cryptanalysis – Linear cryptanalysis  Trapdoor – US Govt changed the original design  Continues to enjoy wide acceptibility – Particularly with triple-DES (used in PGP)
1/17/2024 Tutorial on Network Security: Sep 2003 18 Double-DES  Two stages of encryption, using two different keys Decrypt EK2(X) X K2 Encypt EK1(X) C P K1
1/17/2024 Tutorial on Network Security: Sep 2003 19 Double-DES  “two stages cannot be reduced to one stage”: – for given K1, K2, there is no K s.t. EK2(EK1(P)) = EK(P)  Meet-in-the-middle attack – Let C = EK2(EK1(P)), and X = EK1(P) = DK2(C) – Let known P and C – Search for K1 and K2 such that X = EK1(P) = DK2(C) – Complexity is O(256 + 256), not O(2128)
1/17/2024 Tutorial on Network Security: Sep 2003 20 Triple-DES  Three stages of encryption, using two different keys Decrypt EK2(X) X1 K2 Encypt EK1(X) C P K1 X2 Decrypt EK3(X) K3
1/17/2024 Tutorial on Network Security: Sep 2003 21 IDEA  International data encryption algorithm (IDEA)  developed in 1991, gaining ground  block cipher  better understood  US government has had no role in its design  design principle: – block size 64 bits – key length 128 bits – more emphasis on “diffusion” and “confusion”  uses three operations: – “exclusive-OR”, “addition”, “multiplication” – some effort to make HW implementation easier
1/17/2024 Tutorial on Network Security: Sep 2003 22 RC5  developed by Rivest, in 1994  suitable for HW or SW implementation on microprocessors – simple – different word length – low memory  high level of security – simpler determination of strength – variable no. of “rounds”, key length
1/17/2024 Tutorial on Network Security: Sep 2003 23 Blowfish  Developed in 1993  block cipher  up to 448 bit keys  no known attacks  simple, fast and compact algorithm cycles/"round" No. of rounds cycles/byte encrypted Blowfish 9 16 18 RC5 12 16 23 DES 18 16 45 IDEA 50 8 50 Triple-DES 18 48 108
1/17/2024 Tutorial on Network Security: Sep 2003 24 Summary: symmetric key encryption  Since the same key is used to encrypt and decrypt, the system is also know as private-key encryption  Symmetric key encryption – uses shared secret keys – also known as “private-key” encryption  Primarily used for purpose of confidentiality – but may be used to authenticate as well, but may be “repudiated”  Key sharing or management is an issue – particularly when the no. of clients sharing the key is “large”
1/17/2024 Tutorial on Network Security: Sep 2003 25 Application to confidentiality  Private-key encryption may be used to provide confidentiality of messages during transfer over LANs and/or WANs  At issue: – what information:  User data vs. headers  Identity of correspondents vs. node/route identity – in what layer, and between what points  Link-layer vs. end-to-end vs. application level  Assumption: data over physical network is accessible – Wireless links – Employee of the network service provider – Your own colleagues
1/17/2024 Tutorial on Network Security: Sep 2003 26 Link-level vs. end-to-end confidentiality Host A Host B R R R Link-level enrypt/ decrypt End-to-end enrypt/ decrypt
1/17/2024 Tutorial on Network Security: Sep 2003 27 Link-level vs. end-to-end confidentiality Link-level encryption End-to-end encryption Security within nodes, hosts Exposed in intermediate nodes Exposed in end hosts Encrypted in intermediate nodes Encrypted/Decrypted by end hosts Role of end devices, intermediate nodes Intermediate nodes require encryption One key for each link Done in hardware Only end hosts need encryption One key per session/connection Perhaps done in software
1/17/2024 Tutorial on Network Security: Sep 2003 28 Traffic confidentiality  Issues: – Identity of communicating entities – Identity of hosts, routers – Traffic volumes, patterns  Link-level encryption offers better confidentiality  Padding may be used to “hide” patterns and volumes
1/17/2024 Tutorial on Network Security: Sep 2003 29 Key distribution  Secret key must be distributed between the communicating entities, say A and B  Link level encryption requires L number of keys to be distributed, one for each device at the end of a link  Host-to-host encryption requires N*(N-1)/2 keys to be distributed  Two techniques: – Physical delivery (works only in a very limited environs)  A delivers it to B  A trusted third party C delivers the key to A and to B – Electronic delivery using an established secure connection or session  A delivers it to B after suitably encrypting it  A trusted third party C delivers the key to A and to B using secure channels to A and to B.
1/17/2024 Tutorial on Network Security: Sep 2003 30 Key distribution  Electronic distribution by B to A, though process initiated by A  Above: – N1 and N2 are “nonce”, – MKm is the “master key” used by A and B – KS is the new “session key” – F is a well-known function, such as ADD 1
1/17/2024 Tutorial on Network Security: Sep 2003 31 Key distribution  Electronic distribution by trusted third party C to A and to B
1/17/2024 Tutorial on Network Security: Sep 2003 32 Key distribution  Above: – KA and KB are keys used by A and B, respectively, to communicate with C – IDA identifies entity A
1/17/2024 Tutorial on Network Security: Sep 2003 33 Key distribution  Secure operation of these schemes, against: – Masquerade – replay attacks  Other issues: – Hierarchy of keys – Lifetime of a session key – Generation of Nonce or Random numbers
1/17/2024 Tutorial on Network Security: Sep 2003 34 Thanks

Recommended

Network security
Network securityNetwork security
Network security
Ramasubbu .P
 
07security
07security07security
07security
douglaslyon
 
Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452
IOSR Journals
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic Techniques
IRJET Journal
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)
Aaron Zauner
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
CAS
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 Powerpoint
Janet Robinson
 

Recommended

Network security
Network securityNetwork security
Network security
Ramasubbu .P
 
07security
07security07security
07security
douglaslyon
 
Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452Implementation of AES Algorithm in MicroController Using PIC18F452
Implementation of AES Algorithm in MicroController Using PIC18F452
IOSR Journals
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic Techniques
IRJET Journal
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)
Aaron Zauner
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
CAS
 
Nt1310 Unit 6 Powerpoint
Nt1310 Unit 6 PowerpointNt1310 Unit 6 Powerpoint
Nt1310 Unit 6 Powerpoint
Janet Robinson
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
Amirul Wiramuda
 
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6
FRSecure
 
Confidential data storage and deletion
Confidential data storage and deletionConfidential data storage and deletion
Confidential data storage and deletion
vitam,berhampur
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
Information Security Awareness Group
 
Secure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy PreservingSecure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy Preserving
IRJET Journal
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsx
BrenoMeister
 
Advanced Encryption Standard (AES) with Dynamic Substitution Box
Advanced Encryption Standard (AES) with Dynamic Substitution BoxAdvanced Encryption Standard (AES) with Dynamic Substitution Box
Advanced Encryption Standard (AES) with Dynamic Substitution Box
Hardik Manocha
 
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
IJECEIAES
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
Sylvain Maret
 
Evolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptographyEvolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptography
jiricejka
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
Pandiya Rajan
 
Wireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption ModelWireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption Model
IOSR Journals
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
Nune SrinivasRao
 
Improving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA AlgorithmImproving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA Algorithm
paperpublications3
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
Hardik Manocha
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
ijsrd.com
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
Nagendra Um
 
my net security and its models which are explained here
my net security and its models which are explained heremy net security and its models which are explained here
my net security and its models which are explained here
halosidiq1
 
new.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.pptnew.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.ppt
halosidiq1
 

More Related Content

Similar to MyTutorialON Cryptography.ppt

Confidential data storage and deletion
Confidential data storage and deletionConfidential data storage and deletion
Confidential data storage and deletion
vitam,berhampur
 
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
IJECEIAES
 
Wireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption ModelWireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption Model
IOSR Journals
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
Nune SrinivasRao
 
Improving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA AlgorithmImproving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA Algorithm
paperpublications3
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
ijsrd.com
 

Similar to MyTutorialON Cryptography.ppt (20)

Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
 
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 6 – FRSecure CISSP Mentor Program 2017
 
Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6
 
Confidential data storage and deletion
Confidential data storage and deletionConfidential data storage and deletion
Confidential data storage and deletion
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
Secure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy PreservingSecure Data Storage on Cloud System for Privacy Preserving
Secure Data Storage on Cloud System for Privacy Preserving
 
Linux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsxLinux for Cybersecurity CYB110 - Unit 7.ppsx
Linux for Cybersecurity CYB110 - Unit 7.ppsx
 
Advanced Encryption Standard (AES) with Dynamic Substitution Box
Advanced Encryption Standard (AES) with Dynamic Substitution BoxAdvanced Encryption Standard (AES) with Dynamic Substitution Box
Advanced Encryption Standard (AES) with Dynamic Substitution Box
 
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
 
Evolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptographyEvolution of Network, Internet, Security and Public cryptography
Evolution of Network, Internet, Security and Public cryptography
 
SSH.ppt
SSH.pptSSH.ppt
SSH.ppt
 
Wireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption ModelWireless Network Security Architecture with Blowfish Encryption Model
Wireless Network Security Architecture with Blowfish Encryption Model
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
 
Improving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA AlgorithmImproving Network Security by Modifying RSA Algorithm
Improving Network Security by Modifying RSA Algorithm
 
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
 
Analysis of Cryptographic Algorithms
Analysis of Cryptographic AlgorithmsAnalysis of Cryptographic Algorithms
Analysis of Cryptographic Algorithms
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 

More from halosidiq1

my lecture 21.network security.2023.ppt
my lecture 21.network security.2023.pptmy lecture 21.network security.2023.ppt
my lecture 21.network security.2023.ppt
halosidiq1
 
my.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptxmy.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptx
halosidiq1
 

More from halosidiq1 (11)

my net security and its models which are explained here
my net security and its models which are explained heremy net security and its models which are explained here
my net security and its models which are explained here
 
new.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.pptnew.technique.column transposional CTi college.ppt
new.technique.column transposional CTi college.ppt
 
row.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.pptrow.coliumn,transitio,.Polyetchnical.colleage.ppt
row.coliumn,transitio,.Polyetchnical.colleage.ppt
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
 
CTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptxCTI.Vigenir Cipher.pptx
CTI.Vigenir Cipher.pptx
 
my lecture 21.network security.2023.ppt
my lecture 21.network security.2023.pptmy lecture 21.network security.2023.ppt
my lecture 21.network security.2023.ppt
 
My Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.pptMy Project on Cryptograpghy.2023.ppt
My Project on Cryptograpghy.2023.ppt
 
my.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptxmy.Light weight cryptography.2023.pptx
my.Light weight cryptography.2023.pptx
 
MyCryptography.2023.ppt
MyCryptography.2023.pptMyCryptography.2023.ppt
MyCryptography.2023.ppt
 
new.deadlock.ppt
new.deadlock.pptnew.deadlock.ppt
new.deadlock.ppt
 
CNF.Chap.5.pptx
CNF.Chap.5.pptxCNF.Chap.5.pptx
CNF.Chap.5.pptx
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

MyTutorialON Cryptography.ppt

  • 1. 1/17/2024 Tutorial on Network Security: Sep 2003 1 Network Security Bijendra Jain (bnj@cse.iitd.ernet.in)
  • 2. 1/17/2024 Tutorial on Network Security: Sep 2003 2 Lecture 1: Introduction
  • 3. 1/17/2024 Tutorial on Network Security: Sep 2003 3 Top-level issues  Safety, security and privacy  Security policy – threats, both external and internal – economic gains – cost of securing resources – cryptographic methods vs. physical security  Information security: – nature of resources (HW, SW, information) – during storage, access and communication – limited to a single computer vs. network security – various layers (physical through application layers)
  • 4. 1/17/2024 Tutorial on Network Security: Sep 2003 4 Security threats  Intentional vs. accidental  Various forms of violations: – Non-destructive – Destructive – Repudiation – Denial of service  Threat techniques: – crypt-analysis – snooping – masquerading – replay attacks – virus, worms – etc.
  • 5. 1/17/2024 Tutorial on Network Security: Sep 2003 5 Security services  Services (or functions) vs. mechanisms  Security functions: – confidentiality – authentication – integrity – non-repudiation – access control – availability
  • 6. 1/17/2024 Tutorial on Network Security: Sep 2003 6 Security mechanisms  Physical controls  Audit trails  Fraud detection (data mining)  Steganography  Encryption: – private-key vs. public-key encryption – key generation, exchange, and management – certification  Firewalls  etc.
  • 7. 1/17/2024 Tutorial on Network Security: Sep 2003 7 Lecture 2: Symmetric-key encryption
  • 8. 1/17/2024 Tutorial on Network Security: Sep 2003 8 Cryptographic systems  Symmetric vs. asymmetric encryption  Number of keys used  Key lengths  Block vs. stream cipher  Crypt-analysis (assume algorithm is known) – ciphertext (only) – plaintext + ciphertext – chosen plaintext + ciphertext – chosen ciphertext + plaintext Key size Possible no. of keys Time to crack (1 encryption/microsec) Time to crack (106 encryptions/microsec) 32 109 36 min 2. msec 56 1016 1100 years 10 hrs 128 1038 5 x 1024 years 5 x 1018 years 26 character permutation 1026 6 x 1012 years 6 x 106 years
  • 9. 1/17/2024 Tutorial on Network Security: Sep 2003 9 Symmetric cryptographic system  Symmetric encryption – Plaintext, X – Ciphertext, Y – Secret keys for encryption, decryption, K Secret key, K Encrypt EK(X) Decrypt DK(X) Crypt- analysis X Y X K K Secure channel Insecure channel
  • 10. 1/17/2024 Tutorial on Network Security: Sep 2003 10 Asymmetric cryptographic system  Asymmetric encryption – Plaintext, X – Ciphertext, Y – Two keys K1, and K2. One is secret, other is public – One of them (secret or public) is used to encrypt, the other for decryption – Helps with confidentiality, digital signatures Key generation, management Encrypt EK(X) Decrypt DK(X) Crypt- analysis X Y X K1 K2 Insecure channel
  • 11. 1/17/2024 Tutorial on Network Security: Sep 2003 11 Symmetric encryption  Substitution cipher  Transposition cipher  DES  Triple DES  Blowfish, RC5, RC4, etc.
  • 12. 1/17/2024 Tutorial on Network Security: Sep 2003 12 Substitution cipher  Ceasar cipher – encrypt C  (p+k) mod n – decrypt p  (C-k) mod n – assumes set of n characters – easily breakable in n-1 steps  Substitute using n x n table – encrypt Ci  lookup_encrypt(pi) – decrypt pj  lookup_decrypt(Cj) – 26! Different keys – may be broken using known “relative frequency” of each character – To counter:  use multiple symbols to substitute  substitute multiple symbols at a time – e.g. two letter strings at a time
  • 13. 1/17/2024 Tutorial on Network Security: Sep 2003 13 Transposition cipher  Transposition example:  To make it more secure: – transposition it multiple times – combine it with substitution ciphers Key 4 3 1 2 5 6 7 Plaintext a t t a c k p o s t p o n e d u n t I l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
  • 14. 1/17/2024 Tutorial on Network Security: Sep 2003 14 DES  Combination of several substitution and transposition ops – Applied to each block of size 64 bits – Key is 56 bits – Uses portions of key at different steps – Uses techniques referred to by “diffusion and confusion”  Developed by IBM 1971-73, accepted by NBS (USA) as a standard in 1977  Primarily a block cipher Decrypt DK(X) P1 K C1 Encypt EK(X) C1 K P1
  • 15. 1/17/2024 Tutorial on Network Security: Sep 2003 15 DES encryption algorithm Initial permutation Round 1 Round 2 Round 16 32-bit swap Inverse permute K1 K2 K16 Permuted key Permuted key Permuted key Left circular shift Left circular shift Left circular shift Permuted key 64-bit plaintext 64-bit ciphertext 56-bit key
  • 16. 1/17/2024 Tutorial on Network Security: Sep 2003 16 Cipher Block Chaining Encrypt EK(X) C1 IV K + P1 Encrypt EK(X) C2 + P2 K Decrypt DK(X) P1 IV K + C1 P2 C2 Decrypt DK(X) K + Primarily a block cipher –May be used in “block chaining mode”
  • 17. 1/17/2024 Tutorial on Network Security: Sep 2003 17 Strength of DES  Key size of 56 bits appears to be too small – In 1993 Weiner developed HW device for $100K with 5760 search engines to break it in 35 hours – In 1997, 70,000 systems on Internet discovered the key in less than 96 days (part of plaintext is given) – Automating the process is difficult, unless plaintext is known  Perhaps breakable by studying and exploiting weakness – Differential cryptanalysis – Linear cryptanalysis  Trapdoor – US Govt changed the original design  Continues to enjoy wide acceptibility – Particularly with triple-DES (used in PGP)
  • 18. 1/17/2024 Tutorial on Network Security: Sep 2003 18 Double-DES  Two stages of encryption, using two different keys Decrypt EK2(X) X K2 Encypt EK1(X) C P K1
  • 19. 1/17/2024 Tutorial on Network Security: Sep 2003 19 Double-DES  “two stages cannot be reduced to one stage”: – for given K1, K2, there is no K s.t. EK2(EK1(P)) = EK(P)  Meet-in-the-middle attack – Let C = EK2(EK1(P)), and X = EK1(P) = DK2(C) – Let known P and C – Search for K1 and K2 such that X = EK1(P) = DK2(C) – Complexity is O(256 + 256), not O(2128)
  • 20. 1/17/2024 Tutorial on Network Security: Sep 2003 20 Triple-DES  Three stages of encryption, using two different keys Decrypt EK2(X) X1 K2 Encypt EK1(X) C P K1 X2 Decrypt EK3(X) K3
  • 21. 1/17/2024 Tutorial on Network Security: Sep 2003 21 IDEA  International data encryption algorithm (IDEA)  developed in 1991, gaining ground  block cipher  better understood  US government has had no role in its design  design principle: – block size 64 bits – key length 128 bits – more emphasis on “diffusion” and “confusion”  uses three operations: – “exclusive-OR”, “addition”, “multiplication” – some effort to make HW implementation easier
  • 22. 1/17/2024 Tutorial on Network Security: Sep 2003 22 RC5  developed by Rivest, in 1994  suitable for HW or SW implementation on microprocessors – simple – different word length – low memory  high level of security – simpler determination of strength – variable no. of “rounds”, key length
  • 23. 1/17/2024 Tutorial on Network Security: Sep 2003 23 Blowfish  Developed in 1993  block cipher  up to 448 bit keys  no known attacks  simple, fast and compact algorithm cycles/"round" No. of rounds cycles/byte encrypted Blowfish 9 16 18 RC5 12 16 23 DES 18 16 45 IDEA 50 8 50 Triple-DES 18 48 108
  • 24. 1/17/2024 Tutorial on Network Security: Sep 2003 24 Summary: symmetric key encryption  Since the same key is used to encrypt and decrypt, the system is also know as private-key encryption  Symmetric key encryption – uses shared secret keys – also known as “private-key” encryption  Primarily used for purpose of confidentiality – but may be used to authenticate as well, but may be “repudiated”  Key sharing or management is an issue – particularly when the no. of clients sharing the key is “large”
  • 25. 1/17/2024 Tutorial on Network Security: Sep 2003 25 Application to confidentiality  Private-key encryption may be used to provide confidentiality of messages during transfer over LANs and/or WANs  At issue: – what information:  User data vs. headers  Identity of correspondents vs. node/route identity – in what layer, and between what points  Link-layer vs. end-to-end vs. application level  Assumption: data over physical network is accessible – Wireless links – Employee of the network service provider – Your own colleagues
  • 26. 1/17/2024 Tutorial on Network Security: Sep 2003 26 Link-level vs. end-to-end confidentiality Host A Host B R R R Link-level enrypt/ decrypt End-to-end enrypt/ decrypt
  • 27. 1/17/2024 Tutorial on Network Security: Sep 2003 27 Link-level vs. end-to-end confidentiality Link-level encryption End-to-end encryption Security within nodes, hosts Exposed in intermediate nodes Exposed in end hosts Encrypted in intermediate nodes Encrypted/Decrypted by end hosts Role of end devices, intermediate nodes Intermediate nodes require encryption One key for each link Done in hardware Only end hosts need encryption One key per session/connection Perhaps done in software
  • 28. 1/17/2024 Tutorial on Network Security: Sep 2003 28 Traffic confidentiality  Issues: – Identity of communicating entities – Identity of hosts, routers – Traffic volumes, patterns  Link-level encryption offers better confidentiality  Padding may be used to “hide” patterns and volumes
  • 29. 1/17/2024 Tutorial on Network Security: Sep 2003 29 Key distribution  Secret key must be distributed between the communicating entities, say A and B  Link level encryption requires L number of keys to be distributed, one for each device at the end of a link  Host-to-host encryption requires N*(N-1)/2 keys to be distributed  Two techniques: – Physical delivery (works only in a very limited environs)  A delivers it to B  A trusted third party C delivers the key to A and to B – Electronic delivery using an established secure connection or session  A delivers it to B after suitably encrypting it  A trusted third party C delivers the key to A and to B using secure channels to A and to B.
  • 30. 1/17/2024 Tutorial on Network Security: Sep 2003 30 Key distribution  Electronic distribution by B to A, though process initiated by A  Above: – N1 and N2 are “nonce”, – MKm is the “master key” used by A and B – KS is the new “session key” – F is a well-known function, such as ADD 1
  • 31. 1/17/2024 Tutorial on Network Security: Sep 2003 31 Key distribution  Electronic distribution by trusted third party C to A and to B
  • 32. 1/17/2024 Tutorial on Network Security: Sep 2003 32 Key distribution  Above: – KA and KB are keys used by A and B, respectively, to communicate with C – IDA identifies entity A
  • 33. 1/17/2024 Tutorial on Network Security: Sep 2003 33 Key distribution  Secure operation of these schemes, against: – Masquerade – replay attacks  Other issues: – Hierarchy of keys – Lifetime of a session key – Generation of Nonce or Random numbers
  • 34. 1/17/2024 Tutorial on Network Security: Sep 2003 34 Thanks