Unit I{1.Security Attacks & Services}

8/10/2019 Unit I{1.Security Attacks & Services}

http://slidepdf.com/reader/full/unit-i1security-attacks-services 1/28

IT2352 CRYPTOGRAPHY &NETWORK SECURITY

UNIT I

OUTLINE

Security Attacks & Services.

Basic Number Theory.

Classical Cryptosystems.



1. Security Attacks &1. Security Attacks &ServicesServices

• Security Attack : Any action that compromises thesecurity of information.

• Security Mechanism : A mechanism that is designed todetect, prevent, or recover from a security attack.

• Security Service : A service that enhances the security ofdata processing systems and information transfers. Asecurity service makes use of one or more securitymechanisms .



Security AttacksSecurity Attacks



Security AttacksSecurity Attacks

• Interruption: This is an attack onavailability.

• Interception: This is an attack onconfidentiality.

• Modification: This is an attack onintegrity.

• Fabrication: This is an attack onauthenticity.



Security ServicesSecurity Services

• Confidentiality {privacy}

• Authentication {who created or sent the data}

• Integrity {Content has not been altered}

• Non-repudiation {the order is final}

• Access control {prevent misuse of resources}

• Availability {permanence, non erasure}

! "enial of #ervice$"o#% Attacks.

! &iruses that deletes files.



CryptographyCr yptography

• Classified along three independent dimensions'! The type of operations used for transforming

plainte(t to cipherte(t

! The number of keys used• symmetric $single key%• asymmetric $two keys, or public key encryption%

! The way in which the plainte(t is processed



Conventional Encryption PrinciplesConventional Encryption Principles

• An encryption scheme has )*&+ ingredients'! lainte(t! +ncryption algorithm

! #ecret -ey! Cipherte(t! "ecryption algorithm

• #ecurity depends on the secrecy of the key, notthe secrecy of the algorithm.



General idea of a cryptosystem



*f is the plainte(t, C is the cipherte(t, and - is the*f is the plainte(t, C is the cipherte(t, and - is thekey,key,



Possible Attacks

ossible attacks are classified into categories and they/reas follows'



Ciphertext only ' +ve has only a copy of the cipherte(t.

Known plaintext ' +ve has a copy of a cipherte(t andthe corresponding plainte(t. )or e(ample, suppose +veintercepts an encrypted press release, then sees thedecrypted release the ne(t day. *f she can deduce thedecryption key, and if Alice doesn0t change the key, +vecan read all future messages. 1r, if Alice always starts

her messages with 2"ear 3ob,4 then +ve has a smallpiece of cipherte(t and corresponding plainte(t. )ormany weak cryptosystems, this suffices to find the key.



Chosen plaintext ' +ve gains temporary access to theencryption machine. #he cannot open it to find the key5however, she can encrypt a large number of suitablychosen plainte(ts and try to use the resultingcipherte(ts to deduce the key.

Chosen ciphertext ' +ve obtains temporary access tothe decryption machine, uses it to /6decrypt70 severalstrings of symbols, and tries to use the results to

deduce the key.



Attacks

Attacks can be also classified as'

1.Passive Attacks

assive attacks are in the nature of eavesdroppingon,ormonitoring of,transmissions.The goal of theopponent is to obtain information that is beingtransmitted.

2.Active Attacks Active attacks involve some modification of the data

stream or the creation of a false stream.



Passive Attacks

assive attacks are of T81 types'

9elease of :essage Contents.

Traffic Analysis.



Release of Message Contents

An form of attack where the contents of amessage;data being transmitted is read.



Traffic Analysis

A subtler form of attack whereby the pattern ofmessaging is observed even if the message contentcannot be understood.



assive attacks are very difficult to detect,because they do not involve any alteration ofthe data.Typically,the message traffic is sentand received in an apparently normalfashion,and neither the sender nor receiver isaware that a third party has read the messagesor observed the traffic pattern.

<owever,it is feasible to prevent the success ofthese attacks,usually by means of encryption.Thus,the emphasis in dealing with passiveattacks is on prevention rather than detection.



Active Attacks

Active attacks are of )1=9 types'

:as>uerade.9eplay.:odification of :essages.

"enial of #ervice{"o#}.



Masquerade

A mas>uerade takes place when one entity pretends tobe a different entity;another entity.



Replay

9eplay involves the passive capture of a data unit andits subse>uent retransmission to produce anunauthori?ed effect.



Modification of Messages

:odification of messages simply means that someportion of a legitimate message is altered,or thatmessages are delayed or reordered,to produce anunauthori?ed effect.



Denial of Service{DoS}

The denial of service prevents or inhibits the normaluse or management of communications facilities.



Active attacks present the opposite characteristics ofpassive attacks.8hereas passive attacks are difficult todetect,measures are available to prevent their success.

1n the other hand,it is >uite difficult to prevent activeattacks absolutely because of the wide variety ofpotential physical,software,and network

vulnerabilities.*nstead, the goal is to detect activeattacks and to recover from any disruption or delayscaused by them.*f the detection has a deterrenteffect,it may also contribute to prevention.



Kerckhoff’s Principle

3ased on -erckhoff0s principle, one should alwaysassume that the adversary, +ve, knows theencryption;decryption algorithm. The resistance of

the cipher to attack must be based only on thesecrecy of the key.



Unconditional security @o matter how much computer power ortime is available, the cipher cannot bebroken since the cipherte(t providesinsufficient information to uni>uelydetermine the corresponding plainte(t.

Computational security iven limited computing resources $eg time

needed for calculations is greater than age ofuniverse%, the cipher cannot be broken.



!ffect of "ey #engt$ on Attacks

The security of cryptographic algorithms is a difficultproperty to measure. :ost algorithms employ keys, andthe security of the algorithm is related to how difficultit is for an adversary to determine the key. The mostobvious approach is to try every possible key and seewhich ones yield meaningful decryptions. #uch anattack is called a brute force attack .*n a brute forceattack, the length of the key is directly related to howlong it will take to search the entire keyspace.

)or e(ample, if a key is 7B bits long, then there are7B DBEEFB keys.



%rute &orce Searc$

• always possible to simply try every key.• most basic attack, proportional to key si?e.• assume either know ; recognise plainte(t.

Key Size (bits) Number of AlternativeKeys

Time required at 1decryption/ µ s

Time required at 10 6 decryptions/ µ s

32 232 = 4.3 × 10 9 231 µ s = 35.8 minutes 2.15 milliseconds

56 256 = 7.2 × 10 16 255 µ s = 1142 years 10.01 hours

128 2128 = 3.4 × 10 38 2127 µ s = 5.4 × 10 24 years 5.4 × 10 18 years

168 2168 = 3.7 × 10 50 2167 µ s = 5.9 × 10 36 years 5.9 × 10 30 years

26 characters(permutation)

26! = 4 × 10 26 2 × 10 26 µ s = 6.4 × 10 12 years 6.4 × 10 6 years

Unit I{1.Security Attacks & Services}

Documents

Transcript of Unit I{1.Security Attacks & Services}