Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security

Description:

Blowfish, RC5, RC4, etc. 8/25/09. Tutorial on Network Security: Sep 2003 ... Blowfish. Developed in 1993. block cipher. up to 448 bit keys. no known attacks ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 35
Provided by: bijend
Category:

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
  • Bijendra Jain
  • (bnj_at_cse.iitd.ernet.in)

2
Lecture 1 Introduction
3
Top-level issues
  • Safety, security and privacy
  • Security policy
  • threats, both external and internal
  • economic gains
  • cost of securing resources
  • cryptographic methods vs. physical security
  • Information security
  • nature of resources (HW, SW, information)
  • during storage, access and communication
  • limited to a single computer vs. network security
  • various layers (physical through application
    layers)

4
Security threats
  • Intentional vs. accidental
  • Various forms of violations
  • Non-destructive
  • Destructive
  • Repudiation
  • Denial of service
  • Threat techniques
  • crypt-analysis
  • snooping
  • masquerading
  • replay attacks
  • virus, worms
  • etc.

5
Security services
  • Services (or functions) vs. mechanisms
  • Security functions
  • confidentiality
  • authentication
  • integrity
  • non-repudiation
  • access control
  • availability

6
Security mechanisms
  • Physical controls
  • Audit trails
  • Fraud detection (data mining)
  • Steganography
  • Encryption
  • private-key vs. public-key encryption
  • key generation, exchange, and management
  • certification
  • Firewalls
  • etc.

7
Lecture 2 Symmetric-key encryption
8
Cryptographic systems
  • Symmetric vs. asymmetric encryption
  • Number of keys used
  • Key lengths
  • Block vs. stream cipher
  • Crypt-analysis (assume algorithm is known)
  • ciphertext (only)
  • plaintext ciphertext
  • chosen plaintext ciphertext
  • chosen ciphertext plaintext

9
Symmetric cryptographic system
  • Symmetric encryption
  • Plaintext, X
  • Ciphertext, Y
  • Secret keys for encryption, decryption, K

10
Asymmetric cryptographic system
  • Asymmetric encryption
  • Plaintext, X
  • Ciphertext, Y
  • Two keys K1, and K2. One is secret, other is
    public
  • One of them (secret or public) is used to
    encrypt, the other for decryption
  • Helps with confidentiality, digital signatures

11
Symmetric encryption
  • Substitution cipher
  • Transposition cipher
  • DES
  • Triple DES
  • Blowfish, RC5, RC4, etc.

12
Substitution cipher
  • Ceasar cipher
  • encrypt C ? (pk) mod n
  • decrypt p ? (C-k) mod n
  • assumes set of n characters
  • easily breakable in n-1 steps
  • Substitute using n x n table
  • encrypt Ci ? lookup_encrypt(pi)
  • decrypt pj ? lookup_decrypt(Cj)
  • 26! Different keys
  • may be broken using known relative frequency of
    each character
  • To counter
  • use multiple symbols to substitute
  • substitute multiple symbols at a time
  • e.g. two letter strings at a time

13
Transposition cipher
  • Transposition example
  • To make it more secure
  • transposition it multiple times
  • combine it with substitution ciphers

14
DES
  • Combination of several substitution and
    transposition ops
  • Applied to each block of size 64 bits
  • Key is 56 bits
  • Uses portions of key at different steps
  • Uses techniques referred to by diffusion and
    confusion
  • Developed by IBM 1971-73, accepted by NBS (USA)
    as a standard in 1977
  • Primarily a block cipher

15
DES encryption algorithm
16
Cipher Block Chaining
  • Primarily a block cipher
  • May be used in block chaining mode

17
Strength of DES
  • Key size of 56 bits appears to be too small
  • In 1993 Weiner developed HW device for 100K with
    5760 search engines to break it in 35 hours
  • In 1997, 70,000 systems on Internet discovered
    the key in less than 96 days (part of plaintext
    is given)
  • Automating the process is difficult, unless
    plaintext is known
  • Perhaps breakable by studying and exploiting
    weakness
  • Differential cryptanalysis
  • Linear cryptanalysis
  • Trapdoor
  • US Govt changed the original design
  • Continues to enjoy wide acceptibility
  • Particularly with triple-DES (used in PGP)

18
Double-DES
  • Two stages of encryption, using two different keys

19
Double-DES
  • two stages cannot be reduced to one stage
  • for given K1, K2, there is no K s.t. EK2(EK1(P))
    EK(P)
  • Meet-in-the-middle attack
  • Let C EK2(EK1(P)), and X EK1(P) DK2(C)
  • Let known P and C
  • Search for K1 and K2 such that X EK1(P)
    DK2(C)
  • Complexity is O(256 256), not O(2128)

20
Triple-DES
  • Three stages of encryption, using two different
    keys

21
IDEA
  • International data encryption algorithm (IDEA)
  • developed in 1991, gaining ground
  • block cipher
  • better understood
  • US government has had no role in its design
  • design principle
  • block size 64 bits
  • key length 128 bits
  • more emphasis on diffusion and confusion
  • uses three operations
  • exclusive-OR, addition, multiplication
  • some effort to make HW implementation easier

22
RC5
  • developed by Rivest, in 1994
  • suitable for HW or SW implementation on
    microprocessors
  • simple
  • different word length
  • low memory
  • high level of security
  • simpler determination of strength
  • variable no. of rounds, key length

23
Blowfish
  • Developed in 1993
  • block cipher
  • up to 448 bit keys
  • no known attacks
  • simple, fast and compact

24
Summary symmetric key encryption
  • Since the same key is used to encrypt and
    decrypt, the system is also know as private-key
    encryption
  • Symmetric key encryption
  • uses shared secret keys
  • also known as private-key encryption
  • Primarily used for purpose of confidentiality
  • but may be used to authenticate as well, but may
    be repudiated
  • Key sharing or management is an issue
  • particularly when the no. of clients sharing the
    key is large

25
Application to confidentiality
  • Private-key encryption may be used to provide
    confidentiality of messages during transfer over
    LANs and/or WANs
  • At issue
  • what information
  • User data vs. headers
  • Identity of correspondents vs. node/route
    identity
  • in what layer, and between what points
  • Link-layer vs. end-to-end vs. application level
  • Assumption data over physical network is
    accessible
  • Wireless links
  • Employee of the network service provider
  • Your own colleagues

26
Link-level vs. end-to-end confidentiality
27
Link-level vs. end-to-end confidentiality
28
Traffic confidentiality
  • Issues
  • Identity of communicating entities
  • Identity of hosts, routers
  • Traffic volumes, patterns
  • Link-level encryption offers better
    confidentiality
  • Padding may be used to hide patterns and
    volumes

29
Key distribution
  • Secret key must be distributed between the
    communicating entities, say A and B
  • Link level encryption requires L number of keys
    to be distributed, one for each device at the end
    of a link
  • Host-to-host encryption requires N(N-1)/2 keys
    to be distributed
  • Two techniques
  • Physical delivery (works only in a very limited
    environs)
  • A delivers it to B
  • A trusted third party C delivers the key to A and
    to B
  • Electronic delivery using an established secure
    connection or session
  • A delivers it to B after suitably encrypting it
  • A trusted third party C delivers the key to A and
    to B using secure channels to A and to B.

30
Key distribution
  • Electronic distribution by B to A, though process
    initiated by A
  • Above
  • N1 and N2 are nonce,
  • MKm is the master key used by A and B
  • KS is the new session key
  • F is a well-known function, such as ADD 1

31
Key distribution
  • Electronic distribution by trusted third party C
    to A and to B

32
Key distribution
  • Above
  • KA and KB are keys used by A and B, respectively,
    to communicate with C
  • IDA identifies entity A

33
Key distribution
  • Secure operation of these schemes, against
  • Masquerade
  • replay attacks
  • Other issues
  • Hierarchy of keys
  • Lifetime of a session key
  • Generation of Nonce or Random numbers

34
Thanks
Write a Comment
User Comments (0)
About PowerShow.com