[attachment=13020]
Overview of Cryptography & Its Applications:
People want and need privacy and security while communicating.
In the past, cryptography is heavily used for military applications to keep sensitive information secret from enemies (adversaries). Julius Caesar used a simple shift cipher to communicate with his generals in the battlefield.
Now a days, with the technologic progress as our dependency on electronic systems has increased we need more sophisticated techniques.
Cryptography provides most of the methods and techniques for a secure communication.
Overview of Information Security & Its Applications:
Security attacks:
Any action that comprises the security of information wont by an organization.
Normal Information Flow
The 4 general categories of attacks are namely,
Interruption: This is an attack on availability in which the resources of a computer system are damaged or becomes unavailable.
Interception: It affects the confidentiality of information in which an unauthorized person or program gets the access or control to some system resource.
Modification: It is an attack against the integrity of the Information. i.e., modifying the values in a data file
Fabrication: This is an attack on the authenticity of a message in which an unauthorized party adds fake objects into the system.
Security attacks(contd.):
There are 2 types of attacks, namely
Passive Attack: It refers to the process of monitoring or wiretapping of the ongoing transmission. It includes
1. Release of message contents
2. Traffic Analysis
Active Attack: An Attacker can alter the information or sometimes generates fraudulent information into the network. It includes
1. Masuerade
2. Replay
3. Modification
4. Denial of service
Security Services:
Security Mechanisms:
The security mechanisms in x.800 are categorized into 2 types,namely
Specific security mechanisms: The Mechanisms that are executed in a particular protocol layer. It includes,
1. Encipherment
2. Digital Signatures
3. Access Controls
4. Data Integrity
5. Authentication Exchange
6. Traffic Padding
7. Routing Control
8. Notarization
Security Mechanismscontd.)
Pervasive Mechanisms: The Mechanisms that are not specific to any
protocol layer. It includes,
1. Trusted functionality
2. Security Labels
3. Event Detection
4. Security Audit Trails
5. Security Recovery
A Model For Network Security:
(Secret Information) (Opponent) (Secret Information)
Terminology Related To Cryptography:
Secure Communications:
Eve’s Goals:
Read the message
Figure out the key Alice is using and read all the messages encrypted with that key
Modify the content of the message in such a way that Bob will think Alice sent the altered message.
Impersonate Alice and communicate with Bob who thinks he is communicating with Alice.
Oscar is a passive observer who is trying to perform (1) and (2).
Mallory is more active and evil who is trying to perform
(3) And (4).
Attack Methods:
Cryptographic Algorithms:
Often grouped into two broad categories, symmetric and asymmetric; today’s popular cryptosystems use hybrid combination of symmetric and asymmetric algorithms
Symmetric and asymmetric algorithms distinguished by types of keys used for encryption and decryption operations
Cryptographic Algorithms (continued):
Symmetric encryption: uses same “secret key” to encipher and decipher message
Encryption methods can be extremely efficient, requiring minimal processing
Both sender and receiver must possess encryption key
If either copy of key is compromised, an intermediate can decrypt and read messages
Cryptographic Algorithms (continued):
Data Encryption Standard (DES): one of most popular symmetric encryption cryptosystems
64-bit block size; 56-bit key
Adopted by NIST in 1976 as federal standard for encrypting non-classified information
Triple DES (3DES): created to provide security far beyond DES
Advanced Encryption Standard (AES): developed to replace both DES and 3DES
Cryptographic Algorithms (continued):
Asymmetric Encryption (public key encryption):
Uses two different but related keys; either key can encrypt or decrypt message
If Key A encrypts message, only Key B can decrypt
Highest value when one key serves as private key and the other serves as public key
Fundamental Cryptographic Applications:
Other Cryptographic Applications:
Digital Signatures: allows electronically sign (personalize) the electronic documents, messages and transactions
Identification: is capable of replacing password-based identification methods with more powerful (secure) techniques.
Key Establishment: To communicate a key to your correspondent (or perhaps actually mutually generate it with him) whom you have never physically met before.
Secret Sharing: Distribute the parts of a secret to a group of people who can never exploit it individually.
E-commerce: carry out the secure transaction over an insecure channel like Internet. (E-cash and Games)
Protocols for Secure Communications:
Protocols for Secure Communications (continued):
Securing E-mail with S/MIME, PEM, and PGP
Secure Multipurpose Internet Mail Extensions (S/MIME): builds on Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication
Privacy Enhanced Mail (PEM): proposed as standard to function with public key cryptosystems; uses 3DES symmetric key encryption
Pretty Good Privacy (PGP): uses IDEA Cipher for message encoding
Protocols for Secure Communications (continued):
Securing Web transactions with SET, SSL, and S-HTTP
Secure Electronic Transactions (SET): developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud
Uses DES to encrypt credit card information transfers
Provides security for both Internet-based credit card transactions and credit card swipe systems in retail stores
Advantages& Disadvantages of Cryptography and Information Security:
Advantages: There will be a perfect security to the secret writing.
Disadvantages: There will be hacking problems, i.e., There is a problem to secret writing.
Future of Cryptography & Information Security:
There will be Technology like Quantum Computing, where quantum computer would deal with quantum bits (qubits) that can simultaneously represent both 0 and 1 by simultaneously spinning in different directions.
Conclusion:
Information security is increasingly important
Have varying degrees of sensitivity of information
--cf military info classifications: confidential, secret etc
Subjects (people or programs) have varying rights of access to objects (information)
Cryptography and encryption provide sophisticated approach to security
Many security-related tools use embedded encryption technologies
Encryption converts a message into a form that is unreadable by the unauthorized
Many tools are available and can be classified as symmetric or asymmetric, each having advantages and special capabilities