Introduction to Cryptography

Adri Jovin J J, M.Tech., Ph.D.

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY

 Introduction

Why cryptography and network security?

Figure: Attack sophistication vs. intruder technical knowledge

Image source: 2016s1-160a Cyber Security - IoT and CAN Bus Security, University of Adelaide
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 2
Introduction

• Cryptography, initially an art of writing and solving codes

• Evolved to be a part of engineering since the late 1980s (Bishop, 2002)

• Basically a part of Mathematics (mostly Discrete Mathematics)

• Evidences have been revealed about the deployment of cryptography since the emergence of the Egyptian civilization

• Commonly required for diplomacy, during war and for individual or corporate privacy (Vaudenay, 2006)

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 3

Important Keywords (RFC 2828)

• Confidentiality, secrecy • Cryptosystem

• Privacy • Cleartext
• Cryptanalysis, cryptographic

• Coding theory • Plaintext analysis, crypto-analysis

• Encode, Decode • Ciphertext, cryptogram • Breaking a cryptosystem

• Cryptography • Encryption • Cryptology

• Cipher • Decryption • Steganography

• Cryptographic system • Decipherment

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 4

The OSI Security Architecture

Security attack:
Any action that compromises the security of information owned by an organization.

Security mechanism:
A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security
attack.

Security service
A processing or communication service that enhances the security of the data processing systems and the
information transfers of an organization. The services are intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service.

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 5

The OSI Security Architecture (Contd..)
Threat
A potential for violation of security, which
exists when there is a circumstance, capability,
action, or event that could breach security and
cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
Image source: http://clipart-library.com/clipart/72070.htm
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY
Attack
An assault on system security that derives from
an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the
sense of a method or technique) to evade
security services and violate the security policy
of a system.
6
Security Attacks

Passive attacks Active attacks

Attempts to learn or make use of information Involve some modification of the data stream
from the system but does not affect system or the creation of a false stream.
resources. An active attack attempts to alter
1. Masquerade
system resources or affect their operation.
2. Replay
1. Release of message content
3. Modification of messages

2. Traffic Analysis 4. Denial of service

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 7

Release of message content

Internet or
other communication facility

BOB ALICE

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 8

Traffic analysis

Internet or
other communication facility

BOB ALICE

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 9

Masquerade

Internet or
other communication facility

Message from Darth

that appears to be from Bob

BOB ALICE

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 10

Replay

Internet or
other communication facility

BOB ALICE

Capture message from Bob to Alice;

later replay message to Alice

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 11

Modification of messages

Internet or
other communication facility

BOB ALICE

Darth modifies message from Bob to Alice

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 12

Denial of Service

Internet or
other communication facility Server

BOB

Darth disrupts service provided by server

DARTH

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 13

Security Services

AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be.

ACCESS CONTROL
The prevention of unauthorized use of a resource

DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure.

DATA INTEGRITY
The assurance that data received are exactly as sent by an authorized entity

NONREPUDIATION
Provides protection against denial by one of the entities involved in a communication of having participated in all or
part of the communication.

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 14

Security Mechanisms
SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS

May be incorporated into the appropriate protocol layer Mechanisms that are not specific to any particular OSI
in order to provide some of the OSI security services. security service or protocol layer.
• Encipherment • Trusted Functionality
• Digital Signature • Security Label
• Access Control • Event Detection
• Data Integrity • Security Audit Trail
• Authentication Exchange • Security Recovery
• Traffic Padding
• Routing Control
• Notarization

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 15

Relationship between Security services and mechanisms

Mechanism
Service Digital Access Data Authentication Traffic Routing
Encipherment Notarization
Signature Control Integrity Exchange Padding Control

Peer entity authentication Y Y     Y      

Data origin authentication Y Y            

Access control     Y          

Confidentiality Y           Y  

Traffic flow confidentiality Y         Y Y  

Data integrity Y Y   Y        

Nonrepudiation   Y   Y       Y

Availability       Y Y      

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 16

References

Bishop, M. A. (2002). The art and science of computer security.

Vaudenay, S. (2006). A classical introduction to cryptography: Applications for communications security. Springer Science
& Business Media.

Internet Security Glossary (RFC 2828), Internet Society

UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 17

 ?
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 18