Learning Outcome

• Obtaining some type of information by monitoring online traffic • By analyzing the information packets, the opponent can make guesses about the cont...

0 downloads 4 Views 993KB Size
22-Feb-16

Cryptography MCS 1413 Semester 2, 2015/16 Lecturer:

Associate Prof. Dr Mazleena Salleh Department of Computer Science Faculty of Computing  [email protected]

 07-55 38720

1

Learning Outcome • At the end of the course, students should have the following knowledge, skills and attitude to: – Illustrate the fundamental concepts in cryptography. – Apply the necessary theory to perform encryption and decryption processes. – Differentiate techniques used in cryptography which relate to their different uses. – Recommend tools, techniques and trends of cryptography for data security. – Formulate data security strategies using latest cryptography technique. 2

1

22-Feb-16

References

3

Topic 1 Introduction and Security Requirements

2

22-Feb-16

Topic Learning Outcomes •

Define security goals



Differentiate the differences of security attacks, security services and security mechanisms



Define security attacks that threaten security goals



Define security services and how they are related to the three security goals



Identify security mechanisms to provide a particular security service



Differentiate cryptography, steganography and watermarking

Background Three categories of Security ■ Computer Security: – Security measures designed to protect data stored in computers. ■ Network (Internet) Security: – Security measures designed to protect data during their transmission over networks (like Internet). ■ Information Security: – A generic term, including both of computer security and network security (and cryptography).

6

3

22-Feb-16

Security Goals Security Goals

Confidentiality

Integrity

Availability

Need to guard against any disclosure of information to unauthorized parties

Need to guard against any attempts by unauthorized parties to modify information

Information created and stored needs to be available to authorized parties

7

Security Services (1/5) Security Services

Confidentiality

NonRepudiation

Integrity

Authentication

Access Control

Availability

8

4

22-Feb-16

Security Services (2/5) •

Data confidentiality



Data integrity

– Protect data from disclosure attack – Protect data from modification, insertion, deletion and replay



Authentication – Authentication of sender/receiver – Authenticate the source of data origin



Non-repudiation – Protects against repudiation by either the sender/receiver



Access Control – Protect against unauthorized access to data (write, read, modify, execute etc.)

9

Security Services (3/5) • Confidentiality – Keeping information secret from all but those who are authorized to see it: during transmission or storage – Designed to protect data from disclosure attack

• Integrity – Designed to protect data from modification, insertion, deletion and replaying by an adversary Enemy changes the message

10

5

22-Feb-16

Security Services (4/5) • Authentication – Entity is verified before gaining access to assets – Can you be sure that a message comes from an expected person – Authenticates sender/receiver/source of data Enemy intercepts the message, modify it and claims that A sends it to C

11

Security Services (5/5) • Non-Repudiation – Entity cannot deny his previous commitments or actions eg. has sent/receive a message • Proof of origin : receiver prove the identity of sender • Proof of delivery: sender prove data was delivered to intended recipient

• Availability – Information need to be available to authorized party at the required time and capacity

• Access Control – Assets can only be accessible to authorized party – Controls who can have access to an asset, what is allowed to do with the asset and under what conditions access can occur 12

6

22-Feb-16

Security Attack

Security Attacks

Threat to Integrity

Threat to Confidentiality • Snooping • Traffic analysis

• • • •

Modification Masquerading Replaying Repudiation

Threat to Availability • Denial of Service

13

Attacks Threatening Confidentiality •

Snooping •





Unauthorized access to or interception of data Eg. Intercept the transmission of information and use the contents for his own benefit

Traffic analysis • •



Obtaining some type of information by monitoring online traffic By analyzing the information packets, the opponent can make guesses about the content of the message even though it is encrypted Eg. Through monitoring the traffic, the third party can determine email address.

14

7

22-Feb-16

Attacks Threatening Integrity •

Message modification – Attacker intercepts the message and some portion of a legitimate message is altered. – Eg. Modify bank transaction



Masquerade or spoofing – One entity pretends to be a different entity (impersonation). – Eg. You use your father’s ATM card to take out money



Replay – The attacker obtains a copy of a message sent by a user and later tries to replay it so that the retransmission produce an authorized effect. – An attacker intercepts a bank payment transaction and sends the information again to get the payment



Repudiation – Sender/receiver deny that he/she has sent/receive a message – Eg. A bank customer denies that he has made a bank transaction

15

Attack Threatening Availability 

Denial of service attack  Slow down or totally interrupt the service of a system



Eg. Delete a server’s response to client Source

Destination

16

8

22-Feb-16

Security Risks of Digital Information • Passive attacks – Attack done by interception – Difficult to detect – Eg. unauthorised access to information

• Active attacks – – – –

Involves data modification or counterfeit data Attack done by interruption, modification or fabrication Easy to detect Eg. Unauthorised alteration, deletion, transmission, Falsification of origin of information, unauthorised prevention of access to information

17

Passive vs. Active Attacks Attacks • • • • • • •

Snooping Traffic analysis Modification Masquerading Replaying Repudiation Denial of Service

Passive/Active

Threat

Passive

Confidentiality

Active

Integrity

Active

Availability

18

9

22-Feb-16

Activity 1a: 10 minutes • Form a group of only 2 students: – Elect a recorder. – Discuss the answer to the questions. – Recorder writes the answer.

19

Security Mechanism (1/2) • Encipherment/Encryption – A technique for hiding or covering data – Eg. Cryptography and steganography

• Data Integrity (Hashing/message authentication) – A technique that appends a short check value to data/message that is used to check the integrity of the message.

• Digital signature – A means by which the sender can electronically sign the data and the receiver can electronically verify the signature

• Authentication exchange – Exchange some messages to prove identity to communicating party

20

10

22-Feb-16

Security Mechanism (2/2) • Traffic padding – Insert some bogus data into data traffic to thwart against traffic analysis

• Routing control – Select and continuously change different route for communication to prevent attacker from eavesdropping

• Notarization – Select trusted third party to control communications between two parties – To prevent repudiation

• Access control – Methods to prove users has access rights to resources – Passwords, PINS

21

Relation Between Services & Mechanisms Security Service Data Confidentiality Data Integrity Authentication Non-repudiation Access Control

Security Mechanisms Encryption and routing control Encryption , digital signature Encryption , digital signature, authentication exchanges Digital signature, data integrity, and notarization Access control mechanism

22

11

22-Feb-16

Basic Security Requirement • The basic security requirement is the need for the translation of the basic security mechanisms used in the physical world into mechanisms suitable for application in an electronic environment. • A central aim of this course is to demonstrate precisely what role cryptography plays in this translation process.

23

Steganography vs Cryptography • Cryptography – A word is Greek origin which means “secret writing” – A technique to provide information confidentiality, authentication and integrity by converting the format of information into something that cannot be understood . • Steganograhy – A word is Greek origin which means “covered writing”. – A technique to hide information so that an unintended recipient is not aware of its existence. – Secret data is hidden inside a digital media such as image, video or audio. 24

12

22-Feb-16

Steganography vs Cryptography Plaintext: cryptography Key: 9A005DE2

Encryption Algorithm

Ciphertext: #!%@*+?< #^&:

My Secret

25

Steganography vs Cryptography Cryptography Make the secret data unreadable by third party

Steganography Hide the presence of a secret data in a cover-object from a third party The goal of cryptography is aim The goal of steganography is to for a strong encryption so that conceal a secret data so that an attacker will face difficulty any unauthorized party will not to decrypt the cipher text detect the stego-object The encrypted data appear in The stego-object looks similar the form of scrambled message with the original cover-object , which may arouse suspicion thus will not arouse suspicion 26

13

22-Feb-16

Steganography vs. Watermarking • • • •

Watermarking is closely related to steganography. Watermarking embeds a mark in an object. The mark is used to protect copyright. Watermark can be visible or invisible (in steganography the message should be invisible) • The watermark should be robust against any manipulation

27

14