Security - PowerPoint PPT Presentation

About This Presentation
Title:

Security

Description:

Computers and their accessories, data, and information are available to the genuine users ... Rhine doll] Joan Daemen and Vincent Rijmen of Belgium was ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 40
Provided by: teac155
Category:
Tags: security

less

Transcript and Presenter's Notes

Title: Security


1
Security
2
Security Needs
Security policy is to ensure that
  • Computers and data are used by the authorized
    persons
  • Computers and their accessories, data, and
    information are available to the genuine users

3
Security Services
  • Authentication
  • Access control
  • Data confidentiality
  • Data integrity
  • Non-repudiation

4
Security Services
Authentication
  • A user proves its identity to another party
  • A data sender proves that the data is actually
    sent by him/her

5
Security Services
Access control
  • Guard against unauthorized use of resources

6
Security Services
Data confidentially
  • Data and its meanings are only available to those
    who are the genuine receivers
  • For other parties, the data would appear to be
    rubbish

7
Security Services
Data integrity
  • Guards against active attack modification,
    insertion, deletion, replay
  • If a piece of data is changed, such a change can
    be detected

8
Security Services
Non-repudiation
  • When a party sends a piece of information, it can
    be proved that the sender is actually that party
  • The sender cannot subsequently deny the act of
    having sent a piece of information

9
Security Mechanisms
To provide security services, some specific
security mechanisms may be implemented
  • Encipherment
  • Digital signature
  • Access control

10
DES
  • The Data Encryption Standard (DES) is a private
    key encryption system developed by the U.S.
    government in the 1970s
  • It was based on a previous IBM encryption system
    called Lucifer
  • It was adopted as a U.S. federal standard in
    1976, and then as an international standard

11
DES Overview
  • Plaintext size 64 bits
  • Key size 64 bits input, only 56 bits are used
  • Ciphertext size 64 bits

64 bit ciphertext
12
Strength of DES
  • DES has been cryptanalyzed for many years by many
    people, no serious flaws have been revealed up to
    now
  • The 56-bit key size there are 2567.2x1016
    different possible keys
  • May not be sufficient to resist brute-force key
    search attack

13
Strength of DES
  • If it takes 1 sec to test 1 key then 228 million
    years are needed to test all keys
  • If it takes 1 µsec to test 1 key then 2,280 years
    to test all keys
  • If there are 1 million machines working in
    parallel then the key can be found in a day!

14
Triple DES
  • Triple DES employs the Encrypt-Decrypt-Encrypt
    (EDE) mode of operation with two different keys
    equivalent to a key of 112 bits

15
Triple DES
  • The decryption process is

16
Triple DES
  • Triple DES can use the existing DES block
  • When K2K1, the triple DES system falls back to
    the single DES system
  • It is backward compatible with single key DES

17
AES
  • AES stands for Advanced Encryption System
  • NIST (National Institute of Standards and
    Technology) of USA announced AES in 1997, and
    then called for algorithms from the public on 12
    Sept 1997

18
AES
  • Researchers from 12 different countries submitted
    15 algorithms for the AES
  • As at Aug 1999, 5 algorithms have been chosen by
    NIST for further consideration
  • On 3-Oct-2000, the proposal by Rijdael pro.
    Rhine doll Joan Daemen and Vincent Rijmen of
    Belgium was selected

19
Public Key Encryption
20
Public Key Encryption
  • Each user will have a pair of keys K1 K2
  • Use keys K1 to encrypt and K2 to decrypt
  • Keep K1 private and top secret
  • Gives out K2 to anybody who needs it
  • K1 is called the private key
  • K2 is called the public key

21
Two Keys
  • In a public key encryption system, the encryption
    key and the decryption key are different

22
Proof of Identity
  • Alice sends a message to Bob
  • Bob can prove that the message could only have
    been created by Alice

23
Confidentiality Identity
  • Alice sends an encrypted message to Bob so that
    only Bob can decrypt the message and Bob can
    later prove that the creator was Alice

24
RSA Algorithm
  • The most widely used public key algorithm
  • Proposed by Rivest, Shamir, and Adleman
  • Security is based on the difficulty in
    factorizing a large integer that is the product
    of two large prime numbers
  • E.g. 437 ? x ?
  • 437 19 x 23
  • Reference web page http//www.rsa.comhttp//www
    .orst.edu/dept/honors/makmur/

25
Hash Function
  • A Hash Functionis a one-way function yH(x),
    designed to produced a fixed length message
    digest or a fingerprint of a variable-length
    message

26
MD5
  • MD5 Message Digest 5
  • Designed by Prof. R. Rivest of MIT
  • Internet standard RFC1321
  • Thought to be a strong hash function
  • The message digest is 128 bits
  • Message is processed in 512-bit blocks

27
Secure Hash Algorithm (SHA)
  • SHA was FIPS PUB 180-1, designed by the U.S.
    National Security Agency (NSA)
  • To be used in the Digital Signature Algorithm
    (DSA) part of the Digital Signature Standard
    (DSS)
  • Input data length is less than 264 bits
  • Message digest is 160 bits

28
Digital Signature
  • A digital signature has functions similar to
    those of conventional signature
  • Support authentic messages
  • Signer of document can be confirmed
  • Contents of a signed document can be verified

29
Digital Signature Generation
  • A widely adopted scheme is based on hash function
    and public key encryption

30
Digital Signature Verification
31
Public Key Infrastructure
  • How to give your public key to your friend?
  • How can you be sure that the public key you
    obtain is indeed your friends public key?
  • For a small number of mutually trusted users, a
    web of trust system is O.K.

32
Web of Trust
33
Certification Authority
  • For a large population of users, a central
    trusted party can act as a Certification
    Authority (CA)
  • Users may deposit their public keys in a CA who
    they trust
  • The CA may pass out the public keys to any user
    who need them in certificates

34
A CA Supporting Many Users
35
Certificate
  • A certificate for a user (also called a
    subscriber) contains the users particulars and
    the users public key
  • The certificate is an electronic document signed
    by the CA who issue it

36
Certificate
37
Revocation
  • A user may revoke the validity of his/her
    certificate before the actual expiry date
  • Revocation information about a CAs subscribers
    are published in a Certificate Revocation List
    (CRL)

38
Public Key Infrastructure
  • When there are many CAs and many subscribers, a
    hierarchy can be formed linking all the CAs and
    the subscribers
  • This form a public key infrastructure
  • The subscribers can communicate securely by using
    digital signature techniques

39
Public Key Infrastructure
CA 3
CA 2
CA 4
CA 1
user 6
user 1
user 2
user 3
user 4
user 5
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!