Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Basic Terms Threat,vulnerability,attack,and intrusion Threat:attackers,angry employees,etc. Vulnerability:weakness of a system Attack:actions to make harm to a system by modifying the system,reading information from the system,or stopping the system from serving its legitimate users -Passive attacks:read information in a system ●e.g,Eavesdropping -Active attacks:modify a system e.g.,message modification,insertion,deletion,replay Intrusion:successfully modifying a system or reading information from the system 2
2 Basic Terms Threat, vulnerability, attack, and intrusion Threat: attackers, angry employees, etc. Vulnerability: weakness of a system Attack: actions to make harm to a system by modifying the system, reading information from the system, or stopping the system from serving its legitimate users ─ Passive attacks: read information in a system ● e.g., Eavesdropping ─ Active attacks: modify a system ● e.g., message modification, insertion, deletion, replay Intrusion: successfully modifying a system or reading information from the system
Seven Security Properties Authentication ■ Confidentiality ■Integrity ·Non-repudiation Authorization ■Freshness Availability 3
3 Seven Security Properties Authentication Confidentiality Integrity Non-repudiation Authorization Freshness Availability
Security Property 1:Authentication Authentication(authenticity) -Verify an identity claimed to be -Mechanisms: ·Something the user is -e.g.,fingerprint or retinal pattern,DNA sequence,unique bio-electric signals produced by the living body,or other biometric identifier Something the user has -e.g.,ID card,security token,software token or cell phone Something the user knows -e.g.,a password,a pass phrase or a personal identification number(PIN) Something the user does -e.g.,voice recognition,signature,or gait 4
4 Security Property 1: Authentication Authentication (authenticity) ─ Verify an identity claimed to be ─ Mechanisms: ● Something the user is – e.g., fingerprint or retinal pattern, DNA sequence, unique bio-electric signals produced by the living body, or other biometric identifier ● Something the user has – e.g., ID card, security token, software token or cell phone ● Something the user knows – e.g., a password, a pass phrase or a personal identification number (PIN) ● Something the user does – e.g., voice recognition, signature, or gait
Security Property 2:Confidentiality Confidentiality (secrecy) -Protect information from leaking. Two types: Message content confidentiality Message header confidentiality:who talks to whom is secret. -Mechanisms ●Encryption ●Traffic padding 5
5 Security Property 2: Confidentiality Confidentiality (secrecy) ─ Protect information from leaking. ─ Two types: ● Message content confidentiality ● Message header confidentiality: who talks to whom is secret. ─ Mechanisms ● Encryption ● Traffic padding
Security Property 3:Integrity Integrity -Protect system/data from being modified. -System integrity Prevent modification to system e.g.,communication system:message modification,insertion,deletion,and replay (integrity of communication channels) -Data integrity Prevent modification to data e.g.,communication system:message modification -Mechanisms: ●Message Digest 6
6 Security Property 3: Integrity Integrity ─ Protect system/data from being modified. ─ System integrity ● Prevent modification to system – e.g., communication system: message modification, insertion, deletion, and replay (integrity of communication channels) ─ Data integrity ● Prevent modification to data – e.g., communication system: message modification ─ Mechanisms: ● Message Digest
Security Property 4:Non-repudiation Non-repudiation -Prevent someone from denying their action. .E.g.,creating a message. -Mechanisms: ●Message Digest 7
7 Security Property 4: Non-repudiation Non-repudiation ─ Prevent someone from denying their action. ● E.g., creating a message. ─ Mechanisms: ● Message Digest
Security Property 5:Authorization Authorization -Give someone permission to do something(such as access a resource) and enforce that they don't do anything beyond their permission -Mechanisms: ●Access Control 8
8 Security Property 5: Authorization Authorization ─ Give someone permission to do something (such as access a resource) and enforce that they don’t do anything beyond their permission ─ Mechanisms: ● Access Control
Security Property 6:Freshness Freshness -Verify that message is recent,is not replayed -e.g.,a check becomes invalid if not cashed within 6 months The expired check still has integrity,but not freshness -Mechanisms ●Nonce ●Expiration time 9
9 Security Property 6: Freshness Freshness ─ Verify that message is recent, is not replayed ─ e.g., a check becomes invalid if not cashed within 6 months ● The expired check still has integrity, but not freshness. ─ Mechanisms ● Nonce ● Expiration time
Security Property 7:Availability Availability: -Keep service available to legitimate users -Deny of Service attacks 10
10 Security Property 7: Availability Availability: ─ Keep service available to legitimate users ─ Deny of Service attacks