Lecture Network security: Chapter 32 - Dr. Munam Ali Shah
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.02 MB, 60 trang )
Network Security
Lecture 32
Presented by: Dr. Munam Ali Shah
Course Revision
Security Threats in Mobile devices Environment
1. Lack of Physical security control
4
4
4
4
4
User can use in different location other than
organization premises
Even if within organization, the user may move the
device within secure and non-secured locations
This can lead towards theft and tempering
A malicious party attempt to recover sensitive data
from the device itself
May use the device to gain access to the
organization’s resources
Security Threats in Mobile devices Environment
2. Use of untrusted mobile devices
3. Use of untrusted networks
4. Use of applications created by unknown parties
5. Interaction with other systems
4 Automatically,
synchronizing data with other
computing or cloud storage devices
6. Use of untrusted content such as Quick Response
Barcode
7. Use of location services
4 GPS capability on mobile devices can be used to
maintain a knowledge of the physical location of the
device.
Cryptography
The art of secret writing
Cryptography
■ Cryptography is the art and science of secrecy
■ Hiding one’s secrets has always been human’s desire
■ Historically, cryptography has been associated with
military
● But now its everywhere
Cryptography
■ 3 interrelated terms
●
●
●
Cryptology
Cryptography
Cryptanalysis
What is cryptology?
■ Cryptology – science of hiding
● Cryptography, Cryptanalysis – hide meaning of a
message
● Steganography, Steganalysis – hide existence of a
message
■ Cryptography – secret writing
■ Cryptanalysis – analyzing (breaking) secrets
Cryptanalysis is what attacker does
Decipher or Decryption is what legitimate receiver does
Terminology
■ Characters
●
Alice
● Bob
● Eve
● Trent
● ………
■ Plaintext/message
■ Ciphertext
Terminology
■ Key
●
Single/secret/symmetric key
● Two/public/asymmetric key
■ Encryption/encipherment
4 The conversion of data into ciphertext, that cannot
be easily understood by unauthorized people.
■ Decryption/decipherment
4 The process of converting encrypted data back into
its original form so that it can be understood.
Cryptography
Encryption
plaintext
message
ciphertext
message
Decryption
Encrypted(Information) cannot be read
Decrypted(Encrypted(Information)) can be
11
Cryptography
Insecure Channel
Plaintext
Alice
Encrypt
Ciphertext
Eve
(active attacker)
Decrypt
Plaintext
Bob
A simple example
More simple example
Another way to represent the concept of Cryptography
Goals of the Adversary
■ Get the key (ideally)
■ Get the message
■ Get part of the message/some information about the
message
Cryptography
■ Cryptographic systems are characterized along three
independent dimensions:
4 The type of operations used for transforming
plaintext to ciphertext.
4 The number of keys used.
4 The way in which the plaintext is processed.
Unconditional Security Vs
Computational Security
■ Unconditional Security
●
The cipher cannot be broken no matter how much computer power or
time is available
●
The only example is OTP (one time passwords)
■ Computational Security
●
The cipher cannot be broken given limited computing resources
●
The examples are DES, AES, RC4, etc.
Secret Vs Public Algorithm
■ Benefits of having algorithm secret
●
Two levels of secrecy
■ Benefits of having algorithm public
●
Peer review, evaluation and cryptanalysis
Cryptanalysis and Brute-Force Attack
■ Typically, the objective of attacking an encryption system
is to recover the key in use rather than simply to recover
the plaintext of a single ciphertext. There are two general
approaches to attacking a conventional encryption
scheme:
Cryptanalysis
Cryptanalytic attacks rely on the nature of the algorithm
plusperhaps some knowledge of the general characteristics
of the plaintext oreven some sample plaintext–ciphertext
pairs.
This type of attack exploits the characteristics of the
algorithm to attempt to deduce a specific plaintext or to
deduce the key being used.
Brute-force attack
■ The attacker tries every possible key on a piece of
ciphertext until an intelligible translation into plaintext is
obtained. On average, half of all possible keys must be
tried to achieve success.
Ciphers
Substitution
Cipher
Transposition
Cipher
Other Ciphers
Classical Ciphers
Shift Cipher
(Ceaser Cipher)
Rail Fence Cipher
Monoalphabetic
Cipher
Row Transposition
Polyalphabetic
Cipher (Vigenere)
Hill Cipher
Auto Key
Product Cipher
Caesar Cipher
■ If each letter is assigned a number (a=0, z=25),
Encryption/Decryption defined as:
C = E(p) = (P + 3) mod (26)
P = D(c) = (C – 3) mod (26)
■ Example:
meet me after the toga party
phhw ph diwhu wkh wrjd sduwb
Monoalphabetic Cipher
■ Instead of substituting each letter in a sequential order
(shift), substitute the letters arbitrarily
■ Each plaintext letter maps to a unique ciphertext letter
■ Hence key is 26 letters long
