internet security 1
play

Internet Security [1] VU 184.216 Engin Kirda - PowerPoint PPT Presentation

Oct 20, 2022 •525 likes •957 views

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at News from the Lab Challenge 4 deadline is next week (31st May) 1/3 of the students have successfully submitted

  1. Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at

  2. News from the Lab • Challenge 4 – deadline is next week (31st May) – 1/3 of the students have successfully submitted so far – we have observed many programming problems – please start early • Challenge 5 – issued next week (probably on 31st May) – deciphering encrypted texts – both private and public key schemes Internet Security 1 2

  3. Administration • DIMVA 2005 ( Detection of Intrusions and Malware & Vulnerability Assessment) – security conference co-organized by Engin and myself – held in Vienna on 7.-8. July 2005 – early registration until 2. June 2005 – student fee is 75 Euro • Benefits – listen to security research talks given by international experts – proceedings book – dinner reception at the Rathaus – food and gimmicks • Information and Registration http://www.dimva.org/dimva2005/ Internet Security 1 3

  4. Cryptography

  5. Cryptography • (One) definition of cryptography Mathematical techniques related to aspects of information security such as – confidentiality • keep content of information from all but authorized entities – integrity • protect information from unauthorized alteration – authentication • identification of data or communicating entities – non-repudiation • prevent entity from denying previous commitments or actions Internet Security 1 5

  6. History • Classic cryptography – Ancient Egypt • non-standard hieroglyphs – Hebrew scholars • Atbash - mono-alphabetic substitution (reverse of Hebrew alphabet) – Greek • Steganography (under wax on table, hair of slaves) – Roman • Caesar cipher - mono-alphabetic substitution (letters are shifted by fixed offset) – Alberti (1465) • poly-alphabetic substitution Internet Security 1 6

  7. Terminology • Alphabet of definition A – finite set of symbols, e.g., binary alphabet {0,1} • Message space M – set that contains strings from symbols of an alphabet A 1 – elements of M are called plaintext messages • Ciphertext space C – set that contains strings from symbols of an alphabet A 2 – elements of C are called ciphertext messages • Key space K – each element e ∈ K uniquely determines bijective mapping E e : M → C (called encryption function) – each element d ∈ K uniquely determines bijective mapping D d : M → C (called decryption function) Internet Security 1 7

  8. Terminology • Keys (e,d) – not necessarily identical – referred to as key pair • Fundamental – all alphabets and the encryption/decryption functions are public knowledge – only the selection of the key pair remains secret • System is breakable – if a third party can (without the knowledge of the key pair) systematically recover plaintext from corresponding ciphertext within some appropriate time frame – exhaustive key search must be made impossible • Cryptanalysis – study of techniques to defeat cryptographic techniques Internet Security 1 8

  9. Taxonomy • Unkeyed primitives – hash functions – random sequences • Symmetric-key primitives – block ciphers – stream ciphers – signatures – pseudorandom sequences • Public-key primitives – public-key ciphers – signatures Internet Security 1 9

  10. Symmetric-key Cryptography • Consider an encryption scheme with key pair (e,d) – scheme is called a symmetric-key scheme if it is “relatively” easy to obtain d when e is know – often e = d • Block cipher – break up plaintext into strings (blocks) of fixed length t – encrypt one block at a time – uses substitution and transposition (permutation) techniques • Stream Cipher – special case of block cipher with block length t = 1 – however, substitution technique can change for every block – key stream (e 1 , e 2 , e 3 , … ) Internet Security 1 10

  11. Block Ciphers • Simple (mono-alphabetic) substitution cipher – for each symbol m k ∈ A of the plaintext, substitute another symbol e(m k ) according to the permutation p defined by the key e – E e (m) = (p(m 1 ), p(m 2 ), p(m 3 ), … ) • Example – p: map each letter to the letter three positions on the right in the alphabet A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C plaintext : THISC IPHER ISCER TAINL YNOTS ECURE ciphertext: WKLVF LSKHU LVFHU WDLQO BQRWV HFXUH Internet Security 1 11

  12. Block Ciphers • Poly-alphabetic substitution (Vigenere) cipher – for each symbol m k ∈ A of the plaintext, substitute another symbol e(m k ) according to one of several permutations p i defined by the key e – for two permutations p 1 and p 2 : E e (m) = (p 1 (m 1 ), p 2 (m 2 ), p 1 (m 3 ), … ) • Example – using three permutations (mappings) • p 1 : map to letter that is three positions to the right • p 2 : map to letter that is seven positions to the right • p 3 : map to letter that is ten positions to the right plaintext : THISC IPHER ISCER TAINL YNOTS ECURE ciphertext: WOSVJ SSOOU PCFLB WHSQS IQVDV LMXYO Internet Security 1 12

  13. Block Ciphers • Transposition cipher – for each block of symbols (m 1 , … , m t ) ∈ A of the plaintext, the key e defines a permutation on the set {1, …, t } = { p(1), p(2), …, p(t) } – E e (m) = (m p(1) , m p(2) , …, m p(t) ,) • Example – t = 5, permutation is { 3, 4, 5, 1, 2 } plaintext : THISC IPHER ISCER TAINL YNOTS ECURE ciphertext: ISCTH HERIP CERIS INLTA OTSYN UREEC Internet Security 1 13

  14. Block Ciphers • Product cipher – combination of substitution and transposition (permutation) – often organized in multiple rounds of alternating techniques called a SPN (substitution-permutation-network) or Feistel network – aims to achieve confusion and diffusion • Confusion – refers to making the relationship between the key and the ciphertext as complex and involved as possible (achieved via substitution) • Diffusion – refers to the property that redundancy in the statistics of the plaintext is dissipated in the statistics of the ciphertext (via transposition) Internet Security 1 14

  15. Block Ciphers • Many block ciphers are based on the SPN design • Data Encryption Standard (DES) is most well-known – 64 bit block size – 56 bit keys – 16 rounds – S 1 - S 8 • S-Boxes • non-linear mapping – P • permutation network Internet Security 1 15

  16. Stream Ciphers • Block ciphers with t = 1 • E e (m) = (e 1 (m 1 ), e 2 (m 2 ), e 1 (m 3 ), …, e i (m i )) • Sequence of keys e 1 , e 2 , …, e i ∈ K is a called a keystream • Vernam cipher – m 1 , m 2 , …, m t ∈ {0,1} – e 1 , e 2 , …, e t ∈ {0,1} – c i = m i ⊕ e i – when e i are generated randomly and used only once → one-time pad – in practice, keystream is often generated from a pseudo-random generator, using a secret seed as the actual key • RC4 – used in 802.11 networks for WEP (Wired Equivalent Privacy) Internet Security 1 16

  17. Public-key Cryptography • Consider an encryption scheme with key pair (e,d) – scheme is called a public-key scheme if it is computationally infeasible to determine d when e is known • In public-key schemes, E e is usually a trapdoor one-way function and d is the trapdoor • One-way function – A function f: X → Y is called a trapdoor function, if f(x) is “easy” to compute for all x ∈ X, but for most y ∈ Y, it is infeasible to find a x such that f(x) = y. calculating the exponentiation of an element a in a finite field [ a p (mod n) ] – – multiplication of two large prime numbers [ n = p*q ] Internet Security 1 17

  18. Public-key Cryptography • Trapdoor one-way function – A trapdoor function f: X → Y with the additional property that given some additional information (called the trapdoor information) it becomes feasible for all y ∈ Y to find a x such that f(x) = y. • No longer necessary to transfer a secret key over a secure channel • Significant problem is binding of public key to a certain person (authentication) – otherwise, an attacker can substitute his own public key for the victim’s key • Key certificates are needed – public key infrastructure (PKI) – idea is to cryptographically bind a public key to a certain entity via certificates – certificates commonly issued by certification authorities (CAs) – chain of trust is traced to a root CA (whose public key must be known by all participants) Internet Security 1 18

  19. RSA RSA (named after its inventors Rivest, Shamir, and Adleman) • Suppose user Alice wishes to allow Bob to send her a private message over an insecure transmission medium. She takes the following four steps to generate a public key and a private key: 1. Choose two large prime numbers p , q randomly and independently of each other. Compute N = p * q . 2. Compute φ (N) = ( p -1)( q -1) 3. Choose an integer 1 < e < φ (N) that is coprime to φ (N) 4. Compute d such that d *e ≡ 1 (mod φ (N)) • Public key = (e, N) • Private key = (d, N) • φ (N) cannot be easily computed from n, but easy from p and q Internet Security 1 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

294 views • 10 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

433 views • 29 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org 703-907-7028 202-236-0001 Cyber Security and the Economy The state of Internet security is eroding quickly. Trust in online transactions is evaporating,

321 views • 18 slides
CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Security Basics Trent Jaeger Systems and Internet

397 views • 28 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter

Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter

Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

766 views • 21 slides
Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Special Topics in Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational assumptions Pseudorandom generators How to encrypt longer messages in an ind-secure way using a PRG Today How to make PRGs

501 views • 16 slides
Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against

Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against

Lecture 2: Introduction to Computer Security RK Shyamasundar Dangers Being Protected Against Damage to information Integrity Disruption of service Availability Theft of physical Integrity resources like money Theft of

588 views • 41 slides
Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain Fouque Asiacrypt 01 Gold Coast - Australia December 2001 David Pointcheval Dpartement dInformatique ENS - CNRS David.Pointcheval@ens.fr

436 views • 9 slides
Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on

Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on

Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on material by Amos Fiat Good crypto courses on the Web with interesting material on web site of: Ron Rivest, MIT Dan Boneh, Stanford. Phil

895 views • 27 slides
Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Objectives Models for Cryptanalysis Cryptanalysis of Monoalphabetic Ciphers

Cryptanalysis of Classical Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Models for Cryptanalysis Cryptanalysis of

657 views • 20 slides
Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Policy Cryptography Network Security Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen Penultimate Review Policy Cryptography Network Security 1 Policy Information Security Framework Defining

538 views • 32 slides

More recommend