Textbook

Cryptography and Network Security:

Principles and Practice (second/third edition)

by William Stalling

密码学与网络安全：原理与实践（第 3 版）-- 刘玉珍 等译

电子工业出版社

Arrangement of this course

18 Weeks: 1th~18th WeekOnce a week Wednesday 8:00-9:40 D-202

Introduction to information security

Dr. Shengli Liu Email: liu-sl@cs.sjtu.edu.cn

Tel: 62932135-3(O)Cryptography and Information Security Lab.

http://sec.sjtu.edu.cnDept. of Computer Science and Engineering

Shanghai Jiao Tong University

Why Security? Explosive growth in

Computer systems Interconnections of computer systems via network

Dependence of both organizations and individuals on Information stored in computer systems Communications between these systems

computer use requires automated tools to protect files and other stored information and to protect systems from network-based attacks

Need To protect data and resources from disclosure To guarantee the authenticity of data and messages

Objective

Principles of Cryptography Secret key cryptosystem Public key cryptosystem/Digital signature systems ……

Practice of Cryptography Kerboros—application-level authentication service X.509-- Directory Authentication Service PGP--Electronic mail security ……

What is Security?

“If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That is obscurity.

If I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism—and you still can't open the safe and read the letter--that 's security. ”

---Bruce Schneier

Information Security

Information Security requirements have changed in recent times. Traditionally provided by physical and administrative

mechanisms Now we use computer to store data and network for

communications Computer use requires automated tools to protect

files and other stored information Use of networks and communications links requires

measures to protect data during transmission

Information Security

Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers

Network Security - measures to protect data during their transmission

Security Attack (Security Threat)

Attack: any action that compromises the security of information owned by an organization;

Information security: how to prevent attacks, and to detect attacks on information-based systems;

AttackSource Destination

Normal flow

Destination

Interruption

Source Destination

Interception

Source Destination

Modification

Source Destination

Febrication

Security Mechanism

A mechanism that is designed to detect, prevent, or recover from a security attack;

No single mechanism that will support all functions required;

However one particular element underlies many of the security mechanisms in use: cryptographic techniques;

Hence, our focus is cryptographic techniques.

Security Service Service is something that enhances the security of t

he data processing systems and the information transfers of an organization;

Service intends to counter security attacks; Service makes use of one or more security mechan

isms to provide the service; Service replicates functions normally associated wi

th physical documents. eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed;

Security Services [Data Confidentiality] - protection of data from

unauthorized disclosure [Authentication] - assurance that the communicating

entity is the one claimed [Data Integrity] - assurance that data received is as

sent by an authorized entity [Non-Repudiation] - protection against denial by one

of the parties in a communication [Access Control] - prevention of the unauthorized

use of a resource

Security Mechanisms

Cryptagraphic techniques. Block cipher Stream cipher Public key algorithms Digital signature algorithms MAC codes Hash functions

Security Attacks

passive attacks Eavesdropping on, or monitoring of, transmissions to

obtain message contents Monitor traffic flows

active attacks Modification of data stream to Masquerade of one entity as some other; Replay previous messages; Modify messages in transit; Denial of service;

Model for Network Security

What to be done?

Design a suitable algorithm for the security transformation;

Generate the secret information (keys) used by the algorithm;

Develop methods to distribute and share the secret information;

Specify a protocol enabling the principals to use the transformation and secret information for a security service.

Model for Network Access Security

Select appropriate gatekeeper functions to identify users

Implement security controls to ensure only authorized users access designated information or resources

Trusted computer systems can be used to implement this model

Summery

We have considered the following stuff. Computer security, network security Definitions of security services, mechanisms,

attacks Models for network (access) security

A Cipher System: to provide confidentiality

Cryptoanal ysi s

Plaintext M Plaintext M

Secure Channel

Ciphertext C

Key space

M̂

K̂

KKey

Encrypti on Decrypti on

KAlice Bob

Eve (attacker, opponent, adversary, eavesdropper, intruder)

Five elements in a cipher systems{M, C, KK, EKK, DKK}

Plaintext (cleartext) M: the message to be sent to the receiver.Plaintext space M: the set of possible values of plaintext.

Ciphertext C: an encrypted message.Ciphertext space C :the set of possible values of ciphertext.

Key KK: the secret information involves encryption and decryption. Key space KK : the set of possible values of key.

Encryption (encipher): the process of disguising a message in such way as to hide its substance. C =EKK(M)

Decryption (decipher): The process of turning ciphertext back into plaintext. M=DKK (C)

Cryptology

Cryptography: the art and science of keeping messages secure;

Cryptanalysis /codebreaking: the art and science of breaking ciphertext.

Other services

[Authentication][Authentication] The receiver of a message to ascertain its origin. An intruder should not be able to masquerade as someone else;

[Integrity][Integrity] The receiver of a message to verify that it has not been modified in transit. An intruder should not be able to substitute a false message for a legitimate one.

[Non-repudiation][Non-repudiation] A sender should not be able to falsely deny later that he sent a message.

Algorithms and keys Cryptographic algorithm: the mathematical functions used

to provide security services with cryptographic techniques. If the system relies on the secrecy of the algorithm. Each

group must have their own unique algorithm. No group can use off-the-shelf hardware or software product, or an

eavesdropper can buy the same product and learn the algorithm. The group must design and implement the algorithm on their own. When a group uses an algorithm for communication security, any

member's leaving leads to switch to a new algorithm. If any member accidentally reveals the algorithm, the group must

switch to a new algorithm.

Kerckhoffs’ principleKerckhoffs’ principle

The security of a cipher system depends on the secrecy of the key, instead of the secrecy of the algorithm.

Symmetric cryptosystem also called conventional cryptosystem,

secret key cryptosystem, symmetric cryptosystem

single-key cryptosystem - encryption key and decryption key are the same, or the decryption key can be derived from the encryption key.

The sender and receiver must agree on a key before their secret communication.

The security of the system relies on the secrecy of the key. Divulging the key means that anyone could encrypt and decrypt messages.

Two kinds of ciphers: stream cipher and block cipher.

Asymmetric cryptosystem

also called Public-key cryptosystem. Decryption key is different from encryption key; Decryption key cannot be derived from the

encryption key within any reasonable amount of time;

The encryption key is public, hence is called public public keykey;

The decryption key is private, hence is called private private keykey;

Attack/Cryptanalysis Cryptanalysis is the science of recovering the plainte

xt of a message without access to the key; Attacker, opponent, enemy, adversary, eavesdroppe

r There are several general types of cryptanalytic atta

cks. Brute force attack: simply by trying every possible key

one by one and checking the resulting plaintext is meaningful.

Cipher-only attack: Given C1=EK(M1), C2=EK(M2),..., Ci

=EK(Mi), Deduce either M1, M2,…, Mi, K, or an algorithm to infer Mi+1 from Ci+1=EK(Mi+1).

Known-plaintext attack: Given M1, C1=EK(M1), M2 , C2=E

K(M2),..., Ci=EK(Mi), Deduce: either K or an algorithm to infer Mi+1 from Ci+1

=EK(Mi+1),

Chosen-plaintext attack Given M1, C1=EK(M1), M2, C2=EK

(M2),..., Mi, Ci=EK(Mi), where the attacker gets to choose M1, M2, …, Mi, Deduce: either K or an algorithm to infer Mi+1 from Ci+1=EK(Mi+1).

Chosen-ciphertext attack

Security

Unconditional security: no matter how much ciphertext an attacker has, there is not enough information to recover the plaintext.

Computational security: the system cannot be broken with available resources.