Introduction to Cryptography and Computer Security

 

 

  • Cryptology: is the study of techniques for ensuring the secrecy and/or authenticity of information. Two main branches of Cryptology are:
    • Cryptography: This is the study of the design of such techniques.
    • Cryptanalysis: This deals with defeating such techniques, to recover information or forging (تزوير) information that will be accepted as authentic.
  • Network Security: This area covers the use of cryptographic algorithms in network protocols and network applications.
  • Computer Security: area of securing computers against intruders (e.g. hackers) and malicious software (e.g. viruses).
  • Security Attack is any action that compromises the security of information. It’s classified into:
    • Passive Attack: attempts to make use of information from the system without modification.
      • Examples: eavesdropping and monitoring of transmissions.
      • Passive attack types:
        • Release message contents: Learning contents of information sent between two parties.
        • Traffic analysis:
          • Suppose that the sent message is encrypted so, that opponents, even if they captured the message could not extract information from it.
          • Observing the encrypted message to analyze and guess about the encryption pattern is called traffic analysis.
      • Why passive attacks are very difficult to detect?
      • Dealing with passive attacks is on prevention not detection.
    • Active Attack: attempts to modify system resources or effect their operation.
    • Active attacks types:
      • Masquerade: happens when an entity pretends to be different entity.
        • Example: obtaining extra privileges for few privileged users.
      • Replay: involves passive capturing of data unit and its subsequent retransmission to produce an unauthorized effect.
      • Modification of messages.
      • Denial of services: prevents or inhibits the normal use or management of communication facilities.
        • Example: suppression of messages, disruption of entire network
    • Active attacks are easy to detect.
    • Here we are concerned with detection and recovering of active attacks.
  • Security mechanism is a process that is designed to detect, prevent or recover from a security attack.
  • Security service is a processing or communication service that enhances the security of data processing systems and the information transfers of an organization. Services usually use one or more security mechanism to provide the service.
  • Threat is a potential for violation of security which exists when an action that could breach security and cause harm.
  • Attack is an intelligent threat; that is an intelligent action that is a deliberate to evade security services and violate the security policy of a system.
  • Difference between internet and Internet!
  • Major requirements for security services:
    • Confidentiality.
    • Authentication.
    • Nonrepudiation.
    • Integrity.
  • Why Internetwork security is both complex and fascinating?
    • Complexity of meeting security services.
    • Considering the potential attacks on used algorithms.
    • Hardness of picking best suit algorithm for current situation because there is no general one.
    • Designing various security mechanisms and decide where to use them from physical (e.g. at what points in a network are certain security mechanisms are needed) and logical manner (e.g. what layer of an architecture such as TCP/IP should mechanisms be placed).
    • Limitations and constraints sometimes make the used algorithm meaningless.
  • IP spoofing, is about creating packets with false IP addresses and exploit applications that use authentication based on IP
  • Security service is a processing or communication service that is provided by a system to give a specific kind of protection to system resources.
  • Security Services:
    • Authentication: The assurance that the communicating entity is the one that it claims to be.
      • Peer Entity Authentication: provide confidence in the identity of the entities connected.
      • Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed.
    • Access Control: Prevention of unauthorized use of a resource
      • Service controls who can have access to a resource.
      • Under what conditions access can occur.
      • What those accessing the resource are allowed to do?
    • Data Confidentiality: protection of data from unauthorized disclosure (passive attacks).
      • Connection Confidentiality: protection of all user data on a connection.
      • Connectionless Confidentiality: protection of all user data in single data block.
      • Selective Field Confidentiality: protection of selected fields within the user data on a connection or in a single data block
      • Traffic Flow Confidentiality: protection of the information that might be derived from observation of traffic flows.
    • Data Integrity: assurance that data received are exactly as sent by an authorized entity (i.e. contain no modification, insertion, deletion or replay).
      • Connection Integrity with Recovery: provides integrity for all user data on a connection and detects any violations with a recovery attempted.
      • Connection Integrity without Recovery: as above without recovery.
      • Selective Field Connection Integrity.
      • Connectionless Integrity: as first type but with limited replay detection on connectionless data block.
      • Selective Field Connectionless Integrity.
    • Nonrepudiation: provides protection against denial by one of the entities involved in the communication.
      • Nonrepudiation, Origin: proof that the message was sent by the specified party.
      • Nonrepudiation, Destination: proof that the message was received by the specified party.
  • Reversible encipherment mechanism is an encryption algorithm that allows data to be encrypted and decrypted.
  • Irreversible encipherment mechanism includes hash algorithms and message authentication codes.
  • Security Mechanisms:
    • Specific Security Mechanisms:
      • Involved into protocol layer in order to provide some of the OSI security services.
      • Encipherment:
        • The use of math algorithms to transform data into a form that is not readily intelligible.
      • Digital Signature:
        • Data appended to cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of it.
      • Access Control.
      • Data Integrity.
      • Authentication Exchange.
      • Traffic Padding:
        • Insertion of bits into gaps in a data stream to frustrate traffic analysis attempt.
      • Routing Control:
        • Enables selection for particular physically secure routes for certain data and allows routing changes especially when a breach of security is suspected.
      • Notarization:
        • The use of a trusted third party to assure certain properties of a data exchange.
    • Pervasive Security Mechanisms:
      • Trusted Functionality.
      • Security Label.
      • Event Detection.
      • Security Audit Trail.
      • Security Recovery.
  • 21-Relationship between security services and mechanisms.
  • All the techniques for providing security have two components:
    • Security-related transformation on the information to be sent (encrypted data).
    • Some secret information shared by two principals and it’s hoped, unknown to the opponent (key).
  • Four basic security tasks in designing security service:
    • Design an algorithm for performing the security related transformation.
    • Generate the secret information to be used with the algorithm.
    • Develop methods for the distribution and sharing of the secret information.
    • Specify a protocol to be used by the principals. That makes use of the security algorithm and the secret information to achieve a particular security service.    
  • Programs can present two kinds of threats:
    • Information access threats:
      • intercept or modify data on behalf of users who should not have access to that data
    • Service threats:
      • Exploit service flaws in computer to inhibit use of legitimate users.


  • Questions:
    • I need an example of denial attack.
      • Physical denial attack: cutting of the network cable.
      • Logical denial attack: routing a message from receiver to another receiver.
    • Need to understand replay more.
      • Sending message more than one time.
      • Delaying message.
    • What’s meant by pervasive security mechanisms?
      • Basic and general mechanism for any security system.
    • Explanation of pervasive security mechanisms.

3 thoughts on “Introduction to Cryptography and Computer Security

  1. Good points…I would note that as someone who really doesn’t write on blogs much (in fact, this may be my first post), I don’t think the term “lurker” is very becoming to a non-posting reader. It’s not your fault really , but perhaps the blogosphere could come up with a better, non-creepy name for the 90% of us that enjoy reading the posts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s