Network Security

download Network Security

of 23

  • date post

    14-Nov-2014
  • Category

    Technology

  • view

    6.634
  • download

    0

Embed Size (px)

description

 

Transcript of Network Security

  • 1. Network Security Lecture 2

2. Security goals 3. Attacks 4. Security Services 5. Model for Network Security 6. Cryptogrphy

  • Symmetric Encryption and Message Confidentiality.
  • Public Key Cryptography and Message Authentication

7. Symmetric Enryption

  • DES, 3-DES, AES
  • Principles of Encryption
    • Five Ingredients
    • Plain text, Encryption Algorithm, Secret Key, Cipher text, Decryption Algorithm

8. Model for Network Security

  • using this model requires us to:
    • design a suitable algorithm for the security transformation
    • generate the secret information (keys) used by the algorithm
    • develop methods to distribute and share the secret information
    • specify a protocol enabling the principals to use the transformation and secret information for a security service

9. Symmetric Cipher Model 10. Requirements

  • two requirements for secure use of symmetric encryption:
    • a strong encryption algorithm
    • a secret key known only to sender / receiver
  • mathematically have:
    • Y= E K ( X )
    • X= D K ( Y )
  • assume encryption algorithm is known
  • implies a secure channel to distribute key

11. Model of Conventional Crypto System 12. Cryptography

  • characterize cryptographic system by:
    • type of encryption operations used
      • substitution / transposition / product
    • number of keys used
      • single-key or private / two-key or public
    • way in which plaintext is processed
      • block / stream

13. Cryptanalysis

  • objective to recover key not just message
  • general approaches:
    • cryptanalytic attack
    • brute-force attack

14. Cryptanalytic Attacks

  • ciphertext only
    • only know algorithm & ciphertext, is statistical, can identify plaintext
  • known plaintext
    • also have plaintext for the ciphertext
  • chosen plaintext
    • Also can select plaintext and obtain ciphertext
  • chosen ciphertext
    • Also can select ciphertext and obtain plaintext

15. Level of Security

  • unconditional security
    • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext
  • computational security
    • Cost exceed the value of information
    • Time exceeds the useful life of information

16. Brute Force Search

  • always possible to simply try every key
  • most basic attack, proportional to key size
  • assume either know / recognise plaintext

6.410 6years 210 26s = 6.410 12years 26! = 410 26 26 characters permutation 5.910 30years 2 167s = 5.910 36years 2 168 = 3.710 50 168 5.410 18years 2 127s = 5.410 24years 2 128 = 3.410 38 128 10.01 hours 2 55s = 1142 years 2 56 = 7.210 16 56 2.15 milliseconds 2 31s = 35.8 minutes 2 32 = 4.310 9 32 Time required at 10 6decryptions/s Time required at 1 decryption/s Number of Alternative Keys Key Size (bits) 17. Feistel Cipher

  • Many encryption algorithims are based on Feistel Cipher.

18. Confusion and Diffusion

  • cipher needs to completely obscure statistical properties of original message
  • a one-time pad does this
  • diffusion dissipates statistical structure of plaintext over bulk of ciphertext
  • confusion makes relationship between ciphertext and key as complex as possible

19. Feistel Cipher Structure

  • Horst Feistel devised thefeistel cipher
    • based on concept of invertible product cipher
  • partitions input block into two halves
    • process through multiple rounds which
    • perform a substitution on left data half
    • based on round function of right half & subkey
    • then have permutation swapping halves
  • implements Shannons S-P net concept

20. Feistel Cipher Structure 21. Feistel Cipher Design Elements

  • block size
  • key size
  • number of rounds
  • subkey generation algorithm
  • round function
  • fast software en/decryption
  • ease of analysis

22. Feistel Cipher Decryption 23. On the Encryption side