CYBER SECURITY

UNIT 1 Introduction
 OSI Security Architecture
 Classical Encryption techniques
 Cipher Principles
 Data Encryption Standard -Triple DES
 Block Cipher Design Principles and Modes of Operation
-Evaluation criteria for AES -AES Cipher
 Placement of Encryption Function
 Traffic Confidentiality
 OSI Security Architecture

The Open Systems Interconnection (OSI) security architecture provides a

systematic framework for defining security attacks, mechanisms, and services.
SECURITY ATTACK

Attack: An assault on system security that derives from an intelligent

threat; that is, an intelligent act that is a deliberate attempt (especially in
the sense of a method or technique) to evade security services and
violate the security policy of a system.
Any action that compromises the security of information owned by an
organization.
Security attacks are classified as
1. passive attack
2. Active attack
PASSIVE ATTACK

A passive attack is a network attack in which a system is

monitored and sometimes scanned for open ports and
vulnerabilities.
 The purpose is solely to gain information about the target and
no data is changed on the target.
 In passive reconnaissance, an intruder monitors systems for
vulnerabilities without interaction, through methods like
session capture. In active reconnaissance, the intruder engages
with the target system through methods like port scans.
Interception
 The phenomenon of confidentiality
plays an important role in this type
of attack.
 The data or message which is sent by
the sender is intercepted by an
unauthorized individual where the
message will be changed to the
different form or it will be used by
the individual for his malicious
process.
 So the confidentiality of the message
is lost in this type of attack.
 It is also known as “Release of
message contents”.
 Traffic Analysis
 Traffic analysis is the process of intercepting and examining
messages in order to deduce information from patterns in
communication.
 It can be performed even when the messages are encrypted and
cannot be decrypted.
 In general, the greater the number of messages observed, or even
intercepted and stored, the more can be inferred from the traffic.
 Traffic analysis can be performed in the context of military
intelligence or counter-intelligence, and is a concern in computer
security.
ACTIVE ATTACK
 An active attack is a network exploit in which a hacker
attempts to make changes to data on the target or data en-route
to the target.
• The purpose is to gain information about the target and no data
is changed. However, passive attacks are often preparatory
activities for active attacks.
TYPES OF ACTIVE ATTACK
Masquerade
 In a masquerade attack, the intruder pretends to be a particular user of a
system to gain access or to gain greater privileges than they are authorized
for.
 A masquerade may be attempted through the use of stolen login IDs and
passwords, through finding security gaps in programs or through bypassing
the authentication mechanism.
 Session Replay
 In a session replay attack, a hacker steals an authorized user’s
log in information by stealing the session ID.
 The intruder gains access and the ability to do anything the
authorized user can do on the website.
Modification
 In a message modification attack, an intruder alters packet
header addresses to direct a message to a different destination or
modify the data on a target machine.
Denial of Service (DOS)
 In a denial of service (DoS) attack, users are deprived of access
to a network or web resource.
 This is generally accomplished by overwhelming the target with
more traffic than it can handle.
SECURITY MECHANISMS
Specific security mechanisms
1. Encipherment: Converting data into form that is not readable

2. Digital signatures: To check authenticity and integrity of data

3. Access controls: Enforcing access rights to resources

4. Data integrity

5. Authentication exchange

6. Traffic padding: Insertion of bits to frustrate traffic analysis

7. Routing control: Selection of secure routes

8. Notarization: Use of trusted third party for data exchange

 Pervasive security mechanisms

1. trusted functionality: perceived to be correct with respect to

some criteria

2. security labels

3. event detection: detection of security relevant events

4. security audit trails

5. security recovery
SECURITY SERVICES
X.800 defines security services in 5 major categories
 Authentication: assurance that the communicating entity is the one
claimed
 Access Control: prevention of the unauthorized use of a resource

 Data Confidentiality: protection of data from unauthorized disclosure

 Data Integrity: assurance that data received is as sent by an

authorized entity
 Non-Repudiation: protection against denial by one of the parties in a
communication
KEY WORDS
 CIPHER TEXT - the coded message
 CIPHER - algorithm for transforming plaintext to ciphertext
 KEY - info used in cipher known only to sender/receiver
 ENCIPHER (ENCRYPT) - converting plaintext to ciphertext
 DECIPHER (DECRYPT) - recovering ciphertext from
plaintext
 CRYPTOGRAPHY - study of encryption principles/methods
 CRYPTANALYSIS (CODEBREAKING) - the study of
principles/ methods of deciphering ciphertext without knowing
key
 CRYPTOLOGY - the field of both cryptography and
cryptanalysis
CLASSICAL ENCRYPTION
TECHNIQUES
 Two basic components in classical ciphers: substitution and
transposition
 Substitution ciphers - letters replaced by other letters
 Transposition ciphers – same letters, but arranged in a
different order
 These ciphers may be:
 Mono alphabetic - only one substitution / transposition is used
 Poly alphabetic - where several substitutions / transpositions
are used
 Several such ciphers may be concatenated together to form a
product cipher
THE CAESER CIPHER
 2000 years ago Julius Caesar used a simple substitution
cipher, now known as the Caesar cipher
 First attested use in military affairs (e.g. Gallic Wars)
 Concept: replace each letter of the alphabet with another letter
that is k letters after original letter
 Example: replace each letter by 3rd letter after

I CAME I SAW I CONQUERED

L FDPH L VDZ L FRQTXHUHG

 Can describe this mapping (or translation alphabet) as:

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
GENERAL CAESAR CIPHER
 Can use any shift from 1 to 25
I.e. replace each letter of message by a letter a fixed distance
away
 Specify key letter as the letter a plaintext A maps to
E.g. a key letter of F means A maps to F, B to G, ... Y to
D, Z to E ,I.e. shift letters by 5 places
 Hence have 26 (25 useful) ciphers
Hence breaking this is easy. Just try all 25 keys one by one.
MATHEMATICS
 If we assign the letters of the alphabet the numbers from
0 to 25, then the Caesar cipher can be expressed
mathematically as follows:
For a fixed key k, and for each plaintext letter p, substitute
the ciphertext letter C given by
C = (p + k) mod(26)
Decryption is equally simple:
p = (C – k) mod (26)
CRYPTANALYSIS OF THE CAESAR CIPHER

 Only have 26 possible ciphers

A maps to A,B,..Z
 Could simply try each in turn
 Called an exhaustive key search
 Given some ciphertext, just try every shift of letters:
MIXED MONOALPHABETIC CIPHER

 Rather than just shifting the alphabet, could shuffle (jumble)

the letters arbitrarily
 Each plaintext letter maps to a different random ciphertext
letter, or even to 26 arbitrary symbols
 Key is 26 letters long
SECURITY OF MIXED MONOALPHABETIC
CIPHER

 With a key of length 26, now have a total of 26! ~ 4 x 1026

keys
 With so many keys, might think this is secure, but you’d be
wrong
 Variations of the monoalphabetic substitution cipher were
used in government and military affairs for many centuries
into the middle ages
 The method of breaking it, frequency analysis was discovered
by Arabic scientists
 All monoalphabetic ciphers are susceptible to this type of
analysis
PLAYFAIR CIPHER
 Encrypt multiple letters
 Approach to improving security
 Invented by charles wheatstone in 1854 but named after his
freind baron playfair
 Playfair, which treats digrams in the plaintext as single units
and translates these units into ciphertext digrams
TRANSPOSITION CIPHERS
 Also known as permutation ciphers
 Core idea: hide the message by rearranging the letter order
without altering the actual letters used
 Can recognize these since have the same frequency
distribution as the original text
 Very Simple Example: Mirror Cipher (write message
backwards). Obviously not very secure
But what about mirror image in Russian?!
ROW TRANSPOSITION CIPHERS
 Group the message and shuffle letters within each group
 More formally write letters across rows, then reorder the
columns before reading off the rows
 Always have an equivalent pair of keys (Read vs Write)
CRACKING TRANSPOSITION
CIPHERS
 There are many more transposition ciphers of increasing
complexity.
 Cracking them involves educated guessing at row and column
arrangements with much trial and error
 BUT, there is software that will do a lot of this stuff for you
(and it’s out there and freely available)
 Bottom line, transposition ciphers are no more secure than
pure substitution ciphers. (With the exception of the one-time
pad, of course).
INCREASING CIPHER SECURITY
 Ciphers based on just substitutions or transpositions are not
secure
 Have seen how these can be attacked because they do not
sufficiently obscure the underlying language structure
 Hence consider using several ciphers in succession to make
cryptanalysis harder, but:
 two substitutions are really only one more complex
substitution
 two transpositions are really only one more complex
transposition
 BUT a substitution followed by a transposition makes a new
much harder cipher
PLACEMENT OF ENCRYPTION FUNCTION

 If encryption is to be used to counter attacks on

confidentiality, we need to decide what to encrypt and where
encryption function should be located.
 This section examines
 the potential locations of security attacks
 look at the major approaches to encryption placement
link encryption end to end encryption
LINK ENCRYPTION
 Each switch or node is equipped with an encryption device.
 The traffic between every two nodes is encrypted by a unique
key.
What part of each packet should be encrypted?
 A packet consists of a header and user data.

 The entire packet (header + data) is encrypted.

Disadvantages
 The message is decrypted at each node.

 It requires a lot of encryption devices.

 An encryption device for a node.

 It requires a lot of keys.

 A unique key for a link.

END-TO-END ENCRYPTION
 The source and destination hosts encrypt the data.
 The source and destination share a key
.
End-to-End Encryption
 It is secure against attacks on nodes.

 It provides a degree of source authentication.

 Because only the source host can encrypt the data.

 Link encryption provides host authentication.

What part of each packet should be encrypted?

 A packet consists of a header and user data.

 Encrypting the entire packet?

Impossible. The encrypted packet cannot be routed.

 Encrypting only the user data?

Possible. But the traffic pattern is revealed.

LINK VERSUS END-TO-END
ENCRYPTION
 To achieve greater security, both link and end-to-end
encryption are needed!
1.The source host encrypts the user data portion of a packet
using an end-to-end encryption key.
2. Then, the entire packet is encrypted using a link encryption
key.
3. As the packet traverse the network, each switch decrypts the
entire packet, using a link encryption key to read the header,
and then encrypts the entire packet for sending it out on the
next link.
TRAFFIC CONFIDENTIALITY
Information that can be derived from a traffic analysis
 Identities of partners

 How frequently the partners are communicating.

 Message pattern, message length, or quantity of messages that

suggest important information is being exchanged.
 The events that correlate with special conversations between
particular partners.
Another concern is a covert channel.
Covert channel
 A means of communication unintended by the designers.

 By using the covert channel, a person can send a message to another

person without detection.
 A covert channel can be created by using traffic analysis.

Covert chansnel example

 A wish to send a byte to B without detection.

 A sends 8 legitimate messages to C.

 B analyzes the traffic from A.

 If the message is longer than 100 bytes, it is 1 bit.

 Otherwise, it is 0 bit.

 In this way, B can receive the byte from A without detection.

Counter measures on link encryption
 When plaintext is available, it is encrypted and transmitted.

 When plaintext is not present, random data are encrypted and

transmitted.
 This make it impossible to distinguish between true data flow and
padding.
Countermeasures on end-to-end encryption
 Since header information is not encrypted in end-to-end encryption,
traffic confidentiality is hard to achieve.
 A restricted padding: padding out data units to a uniform length. In
addition, null messages can be inserted randomly into the
stream.These tactics
 deny an opponent knowledge about the amount of data exchanged
between end users and
 obscure the underlying traffic pattern.
THANK YOU