Classical Encryption Techniques

CSE 651:

Introduction to Network Security

Steve Lai

Spring 2010

1

Syllabus

• Instructor: Steve Lai

• Office: DL 581

• Office hours: MWF 2:30-3:30

• Email: lai@cse.ohio-state.edu

• Home page: www.cse.ohiostate.edu/~lai

2

Text (required)

• William Stallings

Cryptography and Network Security:

Principles & Practice (5th edition)

Pearson/Prentice Hall, 2010.

• http://www.amazon.com/Cryptography-

Network-Security-Principles-

Practice/dp/0136097049

3

Prerequisite

• CSE 677

• Some maturity in mathematical reasoning

4

Content of Course

• Will cover the first 17 chapters of Stallings with many sections skipped.

5

Topics

• Introduction (Ch. 1)

• Symmetric-key encryption

– Classical encryption techniques (Ch. 2)

– Block ciphers and data encryption standard (Ch. 3)

– Advanced encryption standard (Ch. 5)

– Block cipher operation (Ch. 6)

– Stream ciphers (Ch. 7)

• Public-key cryptography and RSA (Ch. 9)

6

Topics (cont.)

• Cryptographic hash functions (Ch. 11)

• Message Authentication (Ch. 12)

• Digital Signatures (Ch. 13)

• Key management and distribution (Ch. 14)

• User authentication protocols (Ch. 15)

• Web Security: SSL (Ch 16)

• IEEE 802.11 Wireless LAN Security (Ch.

17)

7

Grading plan

• Assignments: 20%

• Midterm exam I: 25% ( Monday, April 26 )

• Midterm exam II: 25% ( Monday, May 17 )

• Final exam: 30% (Wed, June 9, 9:30)

• Late homework will NOT be accepted.

8

Three related courses

• CSE 551 : Introduction to Information

Security

• CSE 652: Applied Information Security

Project

• CSE 794Q: Introduction to Cryptography

9

Introduction

CSE 651: Introduction to Network

Security

What is Network Security?

• Network Security – measures to protect data during their transmission over a network or internet.

• Internet Security

11

Aspects of Network Security

• ITU-T Recommendation X.800 “Security

Architecture for OSI” describes network security in three aspects:

– security attack

– security service

– security mechanism

12

Security Attack

• Attack: any action that compromises the security of information

• Many different types of attacks

• Can be generally classified as

– Passive attacks

– Active attacks

13

Passive Attacks

• Reading contents of messages

• Also called eavesdropping

• Difficult to detect passive attacks

• Defense: to prevent their success

14

Active Attacks

• Modification or creation of messages (by attackers)

• Four categories: modification of messages, replay, masquerade, denial of service

• Easy to detect but difficult to prevent

• Defense: detect attacks and recover from damages

15

16

17

18

Security Services (Goals)

• Data Confidentiality: protecting data from unauthorized disclosure.

• Data Integrity:

– assuring that data received is as sent

(w/o modification)

– or detecting its non-integrity.

19

• Authentication:

– (from dictionary: the action of confirming someone or something as authentic.)

– (Peer) entity authentication: When establishing a logical connection, assure that the other party is as claimed.

– Data origin authentication: In a connectionless transfer, assure that the source of received data is as claimed.

20

• Message Authentication

– Data origin authentication

– Data integrity

• Entity Identification

– Entity authentication

21

• Non-Repudiation:

– Origin non-repudiation: preventing sender from denying that he has sent a message

– Destination non-repudiation: preventing receiver from denying that she has received a message

22

• Access Control: preventing unauthorized use of a resource.

• Availability: making systems or resources available upon demand by legitimate users.

23

Security Mechanisms

• Means to implement security services:

– Encryption

• Symmetric-key encryption

• Public-key encryption

• Key management

– Hash functions

– Message authentication codes

– Digital signatures

– Entity authentication protocols

24