Network Management and Security Professor Katz Session 1.
-
date post
21-Dec-2015 -
Category
Documents
-
view
215 -
download
1
Transcript of Network Management and Security Professor Katz Session 1.
![Page 1: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/1.jpg)
Network Management and Security
Professor KatzSession 1
![Page 2: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/2.jpg)
Hackers and Cryptanalysts Rule 1: Hackers exist and will
exploit your mistakes Network control and security must
be maintained at all times What is safe by today’s standards
may not be safe tomorrow. The amount of time to perform a brute force attack changes.
![Page 3: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/3.jpg)
Security Goals
Authentication Authorization Receipt Privacy Certification of originality Availability
![Page 4: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/4.jpg)
Methods of attack Interruption Interception Modification Fabrication
![Page 5: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/5.jpg)
Interruption A part of a system becomes lost or
unusable for example by network congestion, interruption of communication lines, destruction of hardware.
An attacker causes the system to become inaccessible by valid users
![Page 6: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/6.jpg)
Interception An Attacker has gained
unauthorized access to data by a method similar to wiretapping
The system will remain operational however privacy has been compromised and system integrity can no longer be trusted
![Page 7: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/7.jpg)
Modification An unauthorized party has
accessed and/or modified a message.
Also known as “Man-in-The-Middle” attack
Data security and system integrity have been compromised
![Page 8: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/8.jpg)
Fabrication An intruder may fabricate or fake
the identity of a valid user. Data security and system security
have been compromised
![Page 9: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/9.jpg)
Cryptography
Encryption and Authenticaiton
![Page 10: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/10.jpg)
Terminology Plaintext Cyphertext Secret Key Algorithm
![Page 11: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/11.jpg)
Concept of Encryption Cyphertext = Encryption(Plaintext) Plaintext = Decryption(Cyphertext) P = (D(E(P))
![Page 12: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/12.jpg)
Methods for implementing encryption Protect the Encryption Algorithm Create a shared Key Create a complex algorithm with
multiple keys
![Page 13: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/13.jpg)
Caesar Cypher Represent the letters of the
alphabet by sequential numbers Shift the letters by a specified
amount (use wrapping where necessary)
The key is the number of letters you shifted
E = (P +k) mod N
![Page 14: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/14.jpg)
Other Monoalphabetic Cyphers Map each letter of the alphabet to
another letter or number Theoretically there are 26!
possible keys so brute force is difficult.
![Page 15: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/15.jpg)
Problems with Monoalphabetic cyphers Frequency of common letters Two and Three letter combinations
remain intact Only solves the problem of privacy
of data
![Page 16: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/16.jpg)
Transposition Cypher The key is the number of columns. Encryption: write the plain text
across, read the cyphertext down
![Page 17: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/17.jpg)
Data Encryption Encryption is the process of encoding a message
such that its meaning is not obvious. Decryption is the reverse process, ie,
transforming an encrypted message to its original form.
We denote plaintext by P and ciphertext by C. C = E(P), P = D(C) and P = D(E(P)), where E() is
the encryption function (algorithm) and D() the decryption function.
Encryption DecryptionPlaintext PlaintextCiphertext
![Page 18: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/18.jpg)
Kerckhoff’s Principle How do you prevent and eavesdropper
from computing P, given C? Keep the encryption algorithm E() secret.
BAD IDEA!! Choose E() (and corresponding D()) from a
large collection, based on secret key. GOOD IDEA!! Kerckhoff’s principle.
C = E(K, P) and P = D(K, C)
Encryption DecryptionPlaintext Plainte
xtCiphertext
Secret Key
![Page 19: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/19.jpg)
Symmetric and Asymmetric Cryptosystems Just by changing key we have different
encryptions of one plaintext. If the encryption key and the decryption key are
the same then we have a symmetric encryption scheme (also private key, one-key).
If the encryption key and the decryption key are different then we have an asymmetric encryption scheme (also public key, two-key).
A cryptosystem then a five-tuple consisting of 1) The set of all plaintexts 2) The set of all ciphertexts 3) The set of all keys 4) A family of encryption functions 5) A family of decryption functions.
![Page 20: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/20.jpg)
Cryptanalysis A cryptosystem had to be secure against the
following kinds of attacks: Ciphertext only attack. Known plaintext attack. Chosen plaintext attack. Adaptive chosen plaintext attack. Chosen ciphertext attack. Chosen key attack.
Of course there is one attack against which no cryptosystem can offer protection – Brute Force attack.
![Page 21: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/21.jpg)
Brute Force Attacks. Since the key space is finite, given a ciphertext a
cryptanalyst can try and check all possible keys. For above to be not feasible, key space should be
large!! How large? How about 256?
Large enough to make it impractical for an adversary. But what is impractical today, may not be so tomorrow.
In practice, for a “good” cryptosystem, the only possible attack should be the brute force attack, which should be impractical into the foreseeable future, as slong as message may have value.
![Page 22: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/22.jpg)
Encryption by Mono-alphabetic Substitution.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
P O L Y T E C H N I U V R S B K W A D F G J M Q X Z
P O K E M O N M A S T E R
K B U T R B S R P D F T A
Key space is large 26! (How do you remember a key? See example).However, mono-alphabetic substitution is easy to break as it preserves source first order statistics.Large key space is necessary but not sufficient condition for security!
![Page 23: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/23.jpg)
Encryption by Poly-alphabetic Substitution.
Encrypt plaintext a pair at a time. Two letters specify a rectangle. Substitute by opposite corner pair. Eg: VX -> SM.
If they fall in same row or column, then using next pair in circular manner. Eg: LY -> TP.
Repeated letters are broken by filler letter. I/J chosen randomly.
P O L Y T
E C H N I/J
U V R S B
K W A D F
G M Q X Z
• Playfair cipher. • Used by British Army in WW1 and WW2.• Can be broken easily today with only a ciphertext of length about 100.
![Page 24: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/24.jpg)
Poly-alphabetic Cipher – Vigenere. Use K mono-alphabetic ciphers – E1, E2, … Ek. In position i, of plaintext, use cipher Ei. Example using Caesar ciphers …
Plaintext: helloiloveyouwontyoutellmeyourname Key: polytechnicpolytechnicpolytechnicpoly Ciphertext: wswjhmnv………………………………
coxc
A little harder to break but trivial once you know key length!
Some well known techniques for determining key length – See text.
![Page 25: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/25.jpg)
Vernam – The Perfect Substitution Cipher. If we use Vigenere with key length as long as plaintext,
then cryptanalysis will be difficult! If we change key every time we encrypt then
cryptanalyst’s job becomes even more difficult. One-time pad or Vernam Cipher.
How do we get such long keys? A large book shared by transmitter and receiver. Initial key followed by previous messages
themselves!! Random number sequence based on common shared
and secret seed. Such a cipher is difficult to break but not very practical.
![Page 26: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/26.jpg)
Binary Vernam – Unconditional Security. If plaintext is binary string and key is binary
string of equal length then encryption can be done by a simple exclusive or operation.
Plaintext: 01010000010001010011Key: 11010101001001100111Ciphertext: 10000101011000110100
If plaintexts are uniformly distributed and keys are random then such a system offers unconditional security – perfect secrecy! (Under the right mathematical formulation and assumptions).
How do we obtain “random” bit-strings for shared secret keys?
Again system is not practical.
![Page 27: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/27.jpg)
Encryption by Transposition
Harder to break than substitution ciphers Preserve first order statistics One can arrange plaintext in table and sort
rows and columns.
P O K E M O N M A S T E R
1 2 3 4 5 6 7 8 9 10
11
12
13
7 1 8 2 6 10
3 9 11
12
4 5 13O E N T E M P K M O A S R
![Page 28: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/28.jpg)
Product Ciphers To get improved security one can encrypt the
ciphertext again. If one uses same algorithm – super encryption.
May or may not be useful. For example, super-encryption with Caesar cipher is as good as single encryption!
If one uses different algorithms – product cipher. Product ciphers based on sequence of
substitutions and transpositions are very popular.
You will see one next week – DES.
![Page 29: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/29.jpg)
Shannon Characteristics of Good Ciphers The amount of secrecy needed should determine
the amount of labor appropriate for encryption and decryption.
The set of keys and enciphering algorithms should be free from complexity.
The implementation of the process should be as simple as possible.
Errors in ciphering should not propagate and cause corruption of future information in the message.
The size of enciphered text should be no longer than the text of the original message.
![Page 30: Network Management and Security Professor Katz Session 1.](https://reader036.fdocuments.in/reader036/viewer/2022062516/56649d5c5503460f94a3b304/html5/thumbnails/30.jpg)
Confusion and Diffusion Confusion: The cryptanalyst should
not be able to predict what changing one character in the plaintext will do to the ciphertext.
Diffusion: Changes in the plaintext should affect many parts in the ciphertext.