10 system.security.cryptography
Download as PPTX, PDF1 like2,234 views
This document outlines concepts related to system security and cryptography. It discusses security requirements like confidentiality, integrity, and authentication. It also explains different security mechanisms like symmetric and asymmetric encryption, hash functions, digital signatures, and their uses in message authentication and non-repudiation. Public key infrastructure and entity authentication using random numbers are also mentioned.
10 system.security.cryptography
- 2. Outlines Discover System.Security.Cryptography(How To Ensure Secure Layer for our Applications) Understand Security Objectives (Security Requirements) , Security Mechanism . Explaining Security Requirements such as : Confidentiality Data Integrity Availability Authentications None Repudiation . Symmetric Encryption(Such as : AES) . Asymmetric Encryption(Such as : RSA). 05 2 تشرين الثاني، 14
- 3. Course Outlines Hash Functions(Such as , MD5 ,SHA-n) Message Authentication ways. Digital Signature ,What is it ? , Why do we need? , How is it used? Entity Authentication (Such as : by Random Numbers !) PKI CA … 05 3 تشرين الثاني، 14
- 4. Introduction What is Security? What is Information Security? Why We Need to Information security ? security requirements Security Mechanisms 05 4 تشرين الثاني، 14
- 5. What is Security? What is Security? Protecting general assets can be realized through: Prevention Detection Reaction Example : Private property Prevention: locks at doors, window bars, walls around the property. Detection: stolen items aren’t there any more, burglar alarms, CCTV, … Reaction: call the police,… 05 5 تشرين الثاني، 14
- 6. What is Information Security ? Information security Protecting information and information resources such as: books, faxes, computer data, voice communications, etc. Information security What needs to be protected ? , i.e., assets Why (Security requirements which include CIA), What we need to protect from (Threats, vulnerabilities, risks), and how (Security measures) to protect it for as long as it exists Security measures are implemented according to security policies 05 6 تشرين الثاني، 14
- 7. 7 What is Information Systems Security? Information Systems Security (assets) Measures Attackers Policies
- 8. security requirements Most important security requirements are: Confidentiality: keeping information secret from all but those who are authorized to see it. Integrity: ensuring information has not been altered by unauthorized or unknown means. Availability: keeping information accessible by authorized users when required 05 8 تشرين الثاني، 14
- 9. Security Goals Integrity Confidentiality Avaliability Henric Johnson 9
- 10. security requirements Other requirements: Entity authentication: corroboration of the identity of an entity (e.g., a person, a credit card) Identification, identity verification Message authentication: corroborating the source of information; also known as data origin authentication. Message authentication implicitly provides data integrity Non-repudiation: preventing the denial of previous commitments or actions 05 10 تشرين الثاني، 14
- 11. Security Mechanisms Cryptography Using Hashing (One Way Function) Functions For Data Integrity Using Random Numbers for Authentication Using Digital Signature For None –Repudiation 05 11 تشرين الثاني، 14
- 12. Cryptography Encryption algorithms have the following schema: 05 12 تشرين الثاني، 14
- 13. Cryptography algorithms Types of cryptographic algorithms: Symmetric Cryptography Stream Cipher . Block Cipher (Such as , DES ,3DES,AES) Asymmetric (Public Key) Cryptography(RSA,ElGamal) 05 13 تشرين الثاني، 14
- 15. 15 Symmetric Cryptography Encryption key = Decryption key ciphertext Encryption Algorithm Decryption plaintext algorithm plaintext AES Block of plaintext 128 Block of ciphertext 128 Encryption key 128, 192, or 256
- 16. Symmetric Cryptography Example Characteristics : Using The Same Key , for Encryption and Decryption Relatively small size of the key Key must be kept secret In a multiuser environment, there are heaters in the process of key management Relatively Fast. Prefer to use for encrypting the massive information. 05 16 تشرين الثاني، 14
- 17. Asymmetric Cryptography 05 17 تشرين الثاني، 14
- 18. Asymmetric Cryptography Alice wants to send a secret message m to Bob Bob should have 2 keys: public KUb and private KRb Prior to message encryption, Alice gets by some means an authentic copy of Bob’s public key (i.e., the encryption key) 05 18 تشرين الثاني، 14
- 19. Asymmetric Cryptography Decryption KRb Key Source Message Source Encryption m Alice Message Source m Bob KUb 05 19 تشرين الثاني، 14
- 20. Asymmetric Cryptography Example Characteristics : Two keys are used. The size of the keys is too large(over 1024 bit) Does not need the public key to any confidential Relatively Slow. Preferably be used in data encryption small size (asymmetric keys algorithms, such as AES Key) 05 20 تشرين الثاني، 14
- 21. Public Keys Distribution By the hand 05 21 تشرين الثاني، 14
- 22. Attacking RSA 05 22 تشرين الثاني، 14
- 23. Attacking RSA RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030. 05 23 تشرين الثاني، 14
- 24. One-Way Functions (OWF) A one-way function is a function that is “easy” to compute and “difficult” to reverse (Such as : MD5,SHA-n) H(m) provides error-detection capability(Data Integrity) Example. 05 24 تشرين الثاني، 14
- 25. Message Authentication Message authentication is a procedure to verify that received messages come from the pretended source and have not been altered. Also called data origin authentication It provides integrity. 05 25 تشرين الثاني، 14
- 26. Message Authentication Message Authentication Can be done by: Message encryption: Symmetric encryption: if the encryption/decryption key is not known to any other party (except the sender and receiver) Asymmetric encryption: the sender should uses its private key to encrypt the message, the sender’s public key is then used to decrypt the message. This helps providing only authentication ! Hash code: H(m||S), where S is secret key shared between the sender and receiver. No encryption 05 تشرين الثاني، 14 26
- 27. Message Authentication Example . 05 27 تشرين الثاني، 14
- 28. Digital signature The purpose of a digital signature is thus for an entity to bind its identity to a message. We use the term: signer for an entity who creates a digital signature verifier for an entity who receives a signed message and attempts to check whether the digital signature is “correct” or not. A digital signature on a message provides: Message authentication : message’s origin is known + integrity Non-repudiation 05 28 تشرين الثاني، 14
- 29. Digital signature using hash algorithms 05 29 تشرين الثاني، 14
- 30. RSA Signature message Hash Function Hash (RSA) signature Signer’s private key message Signed signature message 05 30 تشرين الثاني، 14
- 31. Verification of a RSA Signature Signer’s public key Hash Function message signature = ? Decision (RSA) 05 31 تشرين الثاني، 14
- 32. 32 •Traditional method of using a password (PAP) Password1 User Name +Password Network
- 33. 33 • CHAP Method Network Client1 P1 Client2 P2 Client3 P3 P1 Rand1 Hash(Rand1,P1)
- 34. 05 34 تشرين الثاني، 14
- 35. 05 35 تشرين الثاني، 14