Sie sind auf Seite 1von 47

Overview of

Modern
Cryptography
Prepared By: Shaikh Amrin

Cryptography
Its

a Greek origin having


meaning of secret writing.

Should
easily be
available to
authorized
user.

3.
Availability
Hello

Receive
r

Sender
Eavesdropper

Preventing
Information
from
unauthorize
d
modification

Hiding
Information
from
unauthorize
d person

1.
Confidentialit

2.

Goals of Cryptography
Confidentiality
2. Integrity
3. Availability
1.

1. Confidentiality
Information

is exchanged over
un-trusted
network
While
exchange, Information should
remain secret.
When
we
are
storing
an
information it should not open up
by eve.

Confidentiality=
information

storage

transmission

of

2. Integrity
Information

is always changing
but can changed by only
authorized user.
ex: bank account withdraw can
performed by account holder.

3. Availability
Data

must be available to
authorized user.
Confidentiality
and
integrity
should not hinder the availability
of data.

Attacks, Services and


Mechanisms
Security Attacks:
Action that compromise security.
Security Services:
Services are designed to prevent security
attacks.
Enhance the security of data processing
and transferring.
Security Mechanism:
Mechanism is used to provide security
services.
Detect, prevent and recover from security
attack.

Cryptographic Attacks
Cryptanalytic attack
2. Non-Cryptanalytic attack
1.

1. Cryptanalytic attack
Cryptography: Science of making cipher.
Cryptanalysis: Science of breaking cipher.
Cryptology: cryptography+ Cryptanalysis.
These

attacks
are
combination
of
statistical and algebraic techniques to
retrieve secret key of a cipher.

Ex: Brute force attack, Character frequency

2. Non-Cryptanalytic attack

Thread to Confidentiality
1.

Snooping
hello

hello

Alice sends hello to


Bob and if Eve retrieves
hello so, we can say
Eve is snooping over the
channel or having control
on channel.

Solution:
Use encryption to make
intelligible for snooper

information

non-

2. Traffic Analysis
E(hello
)

E(hello
)

even an encrypted message can be analyzed to


obtain sender id, receiver id , nature of content
(audio/video/text/music) from packet.

Thread to Integrity

i,
H
E(
1)
k

E(
2) E(
Hi
,
k1
),k

1. Modification

Here Confidentiality is maintained but integrity


not.
Eve can modify data without knowing data for

bank

2. Masquerading or spoofing
Fake
bank

Eve impersonate somebody else.


Eve can modify information to spoof as a legal sender o
receiver to obtain the information which he cant access.
Eve takes your all data and give message like timeout.

3. Replaying
Eve copies a message sent by
different user and later tries to
replay it.
Solution: Timestamp, Sequence
number

4. Repudiation:
Alice or Bob may later deny that
message sent by him/her.
Ex: you purchase a product &
does online payment but you are
claiming bank that you did not
purchase or attempted any
product or you did not do any
online transaction.

Thread to Availability
1. Denial

of service
Slow down or totally disable the
system
so
no
authenticate
person can access it.
Ex:
.Sent so many bogus requests
to server.
.Delete servers response to
client.
.Feel client that server is not

Categorization of attacks
Passive Attack
2. Active Attack
1.

1. Passive Attack
Eves

goal is just to obtain


information not modification or to
harm system
System continues its operation
May harm Alice or Bob

2. Active Attack
May

change message
May Harm system

Attacks

Passive/Active

Goals Threatened

Snooping

Passive

Confidentiality

Traffic Analysis

Passive

Modification

Active

Masquerading

Active

Replaying

Active

Repudiation

Active

Denial of service

Active

Integrity

Availability

How to achieve
this security goals?

Security Services
ITU-T(X.800)
International
Telecommunication
UnionTelecommunication Standardization Sector has
defined Five services and some mechanisms to
implement those services.

Data

Confidentiality
Data Integrity
Non Repudiation
Authentication
Access Control

Data

Confidentiality

Provide services to part or full message


to prevent snooping and traffic analysis.
Data

Integrity

Protect
data
from
modification,
insertion, deletion & replay.
Non

Repudiation:

Protects by providing proofs against


repudiation by either sender or receiver.

Authentication

Ensure that authenticate Sender &


Receiver are communicating.
Provides peer entity and data origin
authentication.
Sender & Receiver build up a trust among
each
other
that
they
are
not
masquerading.
Access

Control:

Provide protection against un-authorized


use of data. (use password, pin number)

Security Mechanism
It

is used to provide security


services.

1.Encipherment
Hiding

information by encryption
or
by
other
means
like
steganography.
It can provide confidentiality.
Two
techniques
enciphering
1. Cryptography
2. steganography

used

for

2. Data Integrity
A

small checksum or hash value for a


message is appended and sent and Bob
checks validity of message with checksum or
hash value.

If

Eve receives cipher with hash value then he


can change cipher and sent to bob.
Bob can verify cipher by calculating hash
value.
Condition:

resistant.

hash function must be collision

3. Digital signature
Sender

can electronically sign


the message and receiver can
electronically verify the
signature.

4. Authentication
Exchange
Alice

and
Bob
exchange
information to prove each other
that they are communicating and
not being masquerading

5. Traffic Padding
Inserting

bogus data to prevent


traffic analysis.

6. Routing Control
Continuously

changing different
available routes between Alice
and Bob to prevent Bob from
eavesdropping on a particular
route. So, the task of Eve will be
harder.

7. Notarization
Select

Trusted 3rd party to control


communication.
It provides tickets or keys.
To achieve repudiation it stores
all the information passed by
Alice and Bob.
Cost of Communication.

8. Access Control
It

uses methods to prove that


user
has
right
to
access
information using password or pin
number.

Relation between services and


Mechanism
Services
Data
Confidentiali
ty
Data
Integrity
NonRepudiation
Authenticati
on
Access
Control

Mechanism

Encipherment
Data Integrity
Digital signature
Authentication
Exchange
Traffic Padding
Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali
ty
Data
Integrity

Encipherment

NonRepudiation
Authenticati
on
Access
Control

Encipherment

Data Integrity
Digital signature
Authentication
Exchange
Traffic Padding
Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali
ty
Data
Integrity

Encipherment
Data Integrity

NonRepudiation

Data Integrity

Authenticati
on

Encipherment

Access
Control

Digital signature
Authentication
Exchange
Traffic Padding
Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali
ty
Data
Integrity

Encipherment
Data Integrity
Digital signature

NonRepudiation

Data Integrity
Digital signature

Authenticati
on

Encipherment
Digital signature

Access
Control

Authentication
Exchange
Traffic Padding
Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali
ty
Data
Integrity

Encipherment
Data Integrity
Digital signature

NonRepudiation

Data Integrity
Digital signature

Authenticati
on

Encipherment
Digital signature
Authentication
Exchange

Access
Control

Traffic Padding
Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali Traffic Padding
ty
Data
Integrity

Encipherment
Data Integrity
Digital signature

NonRepudiation

Data Integrity
Digital signature

Authenticati
on

Encipherment
Digital signature
Authentication
Exchange

Access
Control

Routing Control
Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali Traffic Padding
ty
Routing Control
Data
Integrity

Encipherment
Data Integrity
Digital signature

NonRepudiation

Data Integrity
Digital signature

Authenticati
on

Encipherment
Digital signature
Authentication
Exchange

Access
Control

Notarization
Access Control

Relation between services and


Mechanism
Services

Mechanism

Data
Encipherment
Confidentiali Traffic Padding
ty
Routing Control
Data
Integrity

Encipherment
Data Integrity
Digital signature

NonRepudiation

Data Integrity
Digital signature
Notarization

Authenticati
on

Encipherment
Digital signature
Authentication
Exchange

Access
Control

Access Control

Relation between services and


Mechanism
Services

Mechanism

Data Confidentiality

Encipherment
Traffic Padding
Routing Control

Data Integrity

Encipherment,
Data Integrity
Digital signature

Non-Repudiation

Data Integrity
Digital signature
Notarization

Authentication

Encipherment
Digital signature
Authentication Exchange

Access Control

Access Control

Security

mechanisms are
theoretical recipes to implement
security.
Actually security goals need
some techniques
1. Cryptography (Secret Writing)
1. Symmetric key Encipherment
2. Asymmetric key Encipherment
3. Hashing
2.

Steganography (Cover writing)

Cryptography vs
Steganography
Cryptography

Steganography

Secret writing

Cover writing

Concealing the content of


message via enciphering

Concealing the message itself


by covering it with something
else

Use Symmetric or Asymmetric


key cryptography.

History:
Message is carved on wood
that were later dipped into
wax to cover writing.
Use invisible ink.
Modern:
Text/audio/video/image can
be digitized and covered with
message.

Thank you