Introduction to Cryptography and Network Security

Bimal Kumar Meher Dept. of CSE/IT Silicon Institute of Technology

Your Text Book for this Course

Cryptography and Network SecurityB.A. Forouzan & D. Mukhopadhyay, McGraw Hill Special Indian Edition.

Objectives of Introduction
To define three security goals

To define security attacks that threaten security goal To define security services and how they are related to the three security goals To define security mechanisms to provide security services To introduce two techniques, cryptography and steganography, to implement security mechanisms.

Taxonomy of security goals

Confidentiality
Confidentiality is probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information.

Integrity
Information needs to be changed constantly. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms.

Availability
The information created and stored by an organization needs to be available to authorized entities. Information needs to be constantly changed, which means it must be accessible to authorized entities.

ATTACKS The three goals of securityconfidentiality, integrity, and availabilitycan be threatened by security attacks.
1. 2. 3. 4. Attacks Threatening Confidentiality Attacks Threatening Integrity Attacks Threatening Availability Passive versus Active Attacks

Taxonomy of attacks with relation to security goals

Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or interception of data.

Traffic analysis refers to obtaining some other type of information by monitoring online traffic.

Attacks Threatening Integrity

Modification means that the attacker intercepts the message and changes it.

Masquerading or spoofing happens when the attacker impersonates somebody else.

Attacks Threatening Integrity

Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. Repudiation means that sender of the message might later deny that he has sent the message; the receiver of the message might later deny that he has received the message.

Attacks Threatening Availability

Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.

Passive versus Active Attacks

Security Services

Security Mechanism

Relation between Services and Mechanisms

Relation between Services and Mechanisms

Mechanisms Services
Peer-Entity Auth. Data Origin Auth. Access Control Confidentiality Traffic Flow Conf. Data Integrity Nonrepudiation Availability
Enciph Digital Access Data Auth. erment Sign. Control Integrity Exch. Traffic Routing Pad. Control Notari zation

TECHNIQUES Mechanisms discussed in the previous sections are only theoretical recipes to implement security. The actual implementation of security goals needs some techniques. Two techniques are prevalent today: Cryptography and Steganography.

Cryptography
Cryptography, a word with Greek origin, means secret writing. Now this term is used as the science and art of transforming messages to make them secure and immune to attacks.

Cryptography(contd)
Although Cryptography, earlier referred to encryption/decryption, but now it is defined as three distinct mechanisms: Symmetric key Encipherment Asymmetric key Encipherment Hashing

Symmetric Key Encipherment

Also sometimes called Symmetric key cryptography Or Secret Key Cryptography The sender of the message uses some predefined algorithm and a shared secret key for encryption. The receiver uses the same algorithm and secret key for decryption. It is something like Alice puts the message in a box and locks the box using a key whose duplicate key is available with Bob who is supposed to open the box and takes the message from the box.

Asymmetric Key Encipherment

Also sometimes called Public key encipherment Or public key cryptography Unlike symmetric, it uses two keys They are named as:public key & private key To send a message to Bob, Alice first encrypts the message by using Bobs public key. To decrypt the message, Bob uses his own private key. The algorithm used here is more complex than the previous one.

Hashing
It is a process by which a fixed length message digest is created out of a variable length message. It is much smaller than the message to be sent. This is essential in data integrity and digital signature services discussed earlier.

Steganography
The word steganography, with origin in Greek, means covered writing, in contrast with cryptography, which means secret writing.
Example: covering data with text

Continued

Example: using dictionary

Example: covering data under color image

THE REST OF YOUR SYLLABUS

The rest of your text book is divided into four parts. Part One: Symmetric-Key Encipherment Part Two: Asymmetric-Key Encipherment Part Three: Integrity, Authentication, and Key Management Part Four: Network Security