Goals of Cryptography Confidentiality Data integrity Authentication Nonrepudiation

  • Slides: 15
Download presentation
Goals of Cryptography • • Confidentiality Data integrity Authentication Non-repudiation

Goals of Cryptography • • Confidentiality Data integrity Authentication Non-repudiation

Classify Security Attacks as • passive attacks - eavesdropping on, or monitoring of, transmissions

Classify Security Attacks as • passive attacks - eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows

Passive Attacks

Passive Attacks

Active attacks • active attacks – modification of data stream to: – – masquerade

Active attacks • active attacks – modification of data stream to: – – masquerade of one entity as some other replay previous messages modify messages in transit denial of service

Active Attacks

Active Attacks

Model for Network Security

Model for Network Security

Symmetric Cipher Model

Symmetric Cipher Model

Requirements and assumptions • two requirements for secure use of symmetric encryption: – a

Requirements and assumptions • two requirements for secure use of symmetric encryption: – a strong encryption algorithm – a secret key known only to sender / receiver Y = EK(X) X = DK(Y) • assume encryption algorithm is known. Kerckhoff principle • assume that secret key is known only to sender and receiver

Private-Key Cryptography • Up to know we considered a traditional private/secret/single key cryptography when

Private-Key Cryptography • Up to know we considered a traditional private/secret/single key cryptography when the same key is shared by both sender and receiver • If this key is disclosed communications are compromised • It is called also symmetric since parties are equal in the sense that they share the same key hence does not protect sender from receiver forging a message & claiming is sent by sender

Public-Key Cryptography • public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key,

Public-Key Cryptography • public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures – a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures • is asymmetric because – those who encrypt messages or verify signatures cannot decrypt messages or create signatures

Public-Key Cryptography

Public-Key Cryptography

Diffie-Hellman Setup • all users agree on global parameters: – large prime integer or

Diffie-Hellman Setup • all users agree on global parameters: – large prime integer or polynomial q – α a primitive root mod q • each user (eg. A ) generates their key – chooses a secret key (number): x. A < q x. A – compute their public key: y. A = α mod q • each user makes public that key y. A

Diffie-Hellman Key Exchange • shared session key for users A & B is KAB:

Diffie-Hellman Key Exchange • shared session key for users A & B is KAB: x. A ∙ x. B KAB = α mod q x = y. A B mod q (which B can compute) x. A = y. B mod q (which A can compute) • KAB is used as session key in private-key encryption scheme between Alice and Bob • if Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys • In order to get a session key attacker must solve discrete log problem

Diffie-Hellman Example • users Alice & Bob who wish to swap keys: • agree

Diffie-Hellman Example • users Alice & Bob who wish to swap keys: • agree on prime q=353 and α=3 • select random secret keys: – A chooses x. A=97, B chooses x. B=233 • compute public keys: 97 – y. A = 3 mod 353 = 40 233 – y. B = 3 mod 353 = 248 (Alice) (Bob) • compute shared session key as: x. A 97 KAB= y. B mod 353 = 248 = 160 x. B 233 KAB= y. A mod 353 = 40 = 160 (Alice) (Bob)

COEN 351 NonRepudiation NonRepudiation A nonrepudiation service providesCOEN 351 NonRepudiation NonRepudiation A nonrepudiation service provides
Security Privacy Authentication Integrity Nonrepudiation Privacy Continue SecretSecurity Privacy Authentication Integrity Nonrepudiation Privacy Continue Secret
Confidentiality Integrity Authentication Confidentiality Symmetric Key Encryption nConfidentiality Integrity Authentication Confidentiality Symmetric Key Encryption n
Authentication Cristian Solano Authentication Cryptography Cryptography is theAuthentication Cristian Solano Authentication Cryptography Cryptography is the
INTEGRITY POLICIES Goals Biba Integrity Model ClarkWilson IntegrityINTEGRITY POLICIES Goals Biba Integrity Model ClarkWilson Integrity
unforgeable u user authentication u nonrepudiation u unalterableunforgeable u user authentication u nonrepudiation u unalterable
Digital Signature Integrity Authenticity Unforgeability Nonrepudiation Irreusability ConventionalDigital Signature Integrity Authenticity Unforgeability Nonrepudiation Irreusability Conventional
i XBRL report indexer with integrity nonrepudiation securedi XBRL report indexer with integrity nonrepudiation secured
LECTURE 4 Data Integrity Authentication Message Authentication CodesLECTURE 4 Data Integrity Authentication Message Authentication Codes
v CIA Confidentiality Integrity Availability v AAA Authenticationv CIA Confidentiality Integrity Availability v AAA Authentication
Security Building Blocks CIA Confidentiality cryptography Integrity digitalSecurity Building Blocks CIA Confidentiality cryptography Integrity digital
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Authentication Authentication Basics Definition 11 1 Authentication isAuthentication Authentication Basics Definition 11 1 Authentication is
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication