Textbook
Cryptography and Network Security:
Principles and Practice (second/third edition)
by William Stalling
密码学与网络安全:原理与实践(第 3 版)-- 刘玉珍 等译
电子工业出版社
Arrangement of this course
18 Weeks: 1th~18th WeekOnce a week Wednesday 8:00-9:40 D-202
Introduction to information security
Dr. Shengli Liu Email: [email protected]
Tel: 62932135-3(O)Cryptography and Information Security Lab.
http://sec.sjtu.edu.cnDept. of Computer Science and Engineering
Shanghai Jiao Tong University
Why Security? Explosive growth in
Computer systems Interconnections of computer systems via network
Dependence of both organizations and individuals on Information stored in computer systems Communications between these systems
computer use requires automated tools to protect files and other stored information and to protect systems from network-based attacks
Need To protect data and resources from disclosure To guarantee the authenticity of data and messages
Objective
Principles of Cryptography Secret key cryptosystem Public key cryptosystem/Digital signature systems ……
Practice of Cryptography Kerboros—application-level authentication service X.509-- Directory Authentication Service PGP--Electronic mail security ……
What is Security?
“If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That is obscurity.
If I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism—and you still can't open the safe and read the letter--that 's security. ”
---Bruce Schneier
Information Security
Information Security requirements have changed in recent times. Traditionally provided by physical and administrative
mechanisms Now we use computer to store data and network for
communications Computer use requires automated tools to protect
files and other stored information Use of networks and communications links requires
measures to protect data during transmission
Information Security
Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
Network Security - measures to protect data during their transmission
Security Attack (Security Threat)
Attack: any action that compromises the security of information owned by an organization;
Information security: how to prevent attacks, and to detect attacks on information-based systems;
AttackSource Destination
Normal flow
Destination
Interruption
Source Destination
Interception
Source Destination
Modification
Source Destination
Febrication
Security Mechanism
A mechanism that is designed to detect, prevent, or recover from a security attack;
No single mechanism that will support all functions required;
However one particular element underlies many of the security mechanisms in use: cryptographic techniques;
Hence, our focus is cryptographic techniques.
Security Service Service is something that enhances the security of t
he data processing systems and the information transfers of an organization;
Service intends to counter security attacks; Service makes use of one or more security mechan
isms to provide the service; Service replicates functions normally associated wi
th physical documents. eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed;
Security Services [Data Confidentiality] - protection of data from
unauthorized disclosure [Authentication] - assurance that the communicating
entity is the one claimed [Data Integrity] - assurance that data received is as
sent by an authorized entity [Non-Repudiation] - protection against denial by one
of the parties in a communication [Access Control] - prevention of the unauthorized
use of a resource
Security Mechanisms
Cryptagraphic techniques. Block cipher Stream cipher Public key algorithms Digital signature algorithms MAC codes Hash functions
Security Attacks
passive attacks Eavesdropping on, or monitoring of, transmissions to
obtain message contents Monitor traffic flows
active attacks Modification of data stream to Masquerade of one entity as some other; Replay previous messages; Modify messages in transit; Denial of service;
Model for Network Security
What to be done?
Design a suitable algorithm for the security transformation;
Generate the secret information (keys) used by the algorithm;
Develop methods to distribute and share the secret information;
Specify a protocol enabling the principals to use the transformation and secret information for a security service.
Model for Network Access Security
Select appropriate gatekeeper functions to identify users
Implement security controls to ensure only authorized users access designated information or resources
Trusted computer systems can be used to implement this model
Summery
We have considered the following stuff. Computer security, network security Definitions of security services, mechanisms,
attacks Models for network (access) security
A Cipher System: to provide confidentiality
Cryptoanal ysi s
Plaintext M Plaintext M
Secure Channel
Ciphertext C
Key space
M̂
K̂
KKey
Encrypti on Decrypti on
KAlice Bob
Eve (attacker, opponent, adversary, eavesdropper, intruder)
Five elements in a cipher systems{M, C, KK, EKK, DKK}
Plaintext (cleartext) M: the message to be sent to the receiver.Plaintext space M: the set of possible values of plaintext.
Ciphertext C: an encrypted message.Ciphertext space C :the set of possible values of ciphertext.
Key KK: the secret information involves encryption and decryption. Key space KK : the set of possible values of key.
Encryption (encipher): the process of disguising a message in such way as to hide its substance. C =EKK(M)
Decryption (decipher): The process of turning ciphertext back into plaintext. M=DKK (C)
Cryptology
Cryptography: the art and science of keeping messages secure;
Cryptanalysis /codebreaking: the art and science of breaking ciphertext.
Other services
[Authentication][Authentication] The receiver of a message to ascertain its origin. An intruder should not be able to masquerade as someone else;
[Integrity][Integrity] The receiver of a message to verify that it has not been modified in transit. An intruder should not be able to substitute a false message for a legitimate one.
[Non-repudiation][Non-repudiation] A sender should not be able to falsely deny later that he sent a message.
Algorithms and keys Cryptographic algorithm: the mathematical functions used
to provide security services with cryptographic techniques. If the system relies on the secrecy of the algorithm. Each
group must have their own unique algorithm. No group can use off-the-shelf hardware or software product, or an
eavesdropper can buy the same product and learn the algorithm. The group must design and implement the algorithm on their own. When a group uses an algorithm for communication security, any
member's leaving leads to switch to a new algorithm. If any member accidentally reveals the algorithm, the group must
switch to a new algorithm.
Kerckhoffs’ principleKerckhoffs’ principle
The security of a cipher system depends on the secrecy of the key, instead of the secrecy of the algorithm.
Symmetric cryptosystem also called conventional cryptosystem,
secret key cryptosystem, symmetric cryptosystem
single-key cryptosystem - encryption key and decryption key are the same, or the decryption key can be derived from the encryption key.
The sender and receiver must agree on a key before their secret communication.
The security of the system relies on the secrecy of the key. Divulging the key means that anyone could encrypt and decrypt messages.
Two kinds of ciphers: stream cipher and block cipher.
Asymmetric cryptosystem
also called Public-key cryptosystem. Decryption key is different from encryption key; Decryption key cannot be derived from the
encryption key within any reasonable amount of time;
The encryption key is public, hence is called public public keykey;
The decryption key is private, hence is called private private keykey;
Attack/Cryptanalysis Cryptanalysis is the science of recovering the plainte
xt of a message without access to the key; Attacker, opponent, enemy, adversary, eavesdroppe
r There are several general types of cryptanalytic atta
cks. Brute force attack: simply by trying every possible key
one by one and checking the resulting plaintext is meaningful.
Cipher-only attack: Given C1=EK(M1), C2=EK(M2),..., Ci
=EK(Mi), Deduce either M1, M2,…, Mi, K, or an algorithm to infer Mi+1 from Ci+1=EK(Mi+1).
Known-plaintext attack: Given M1, C1=EK(M1), M2 , C2=E
K(M2),..., Ci=EK(Mi), Deduce: either K or an algorithm to infer Mi+1 from Ci+1
=EK(Mi+1),
Chosen-plaintext attack Given M1, C1=EK(M1), M2, C2=EK
(M2),..., Mi, Ci=EK(Mi), where the attacker gets to choose M1, M2, …, Mi, Deduce: either K or an algorithm to infer Mi+1 from Ci+1=EK(Mi+1).
Chosen-ciphertext attack
Security
Unconditional security: no matter how much ciphertext an attacker has, there is not enough information to recover the plaintext.
Computational security: the system cannot be broken with available resources.