Cryptography and Network Security - 1

advertisement
Cryptography and Security Services:
Mechanisms and Applications
Chapter 1 and 2
Classic Cryptography and
Information Assurance
Manuel Mogollon
m_mogollon@verizon.net
M. Mogollon – 0
Session 1 – Contents
• Introduction
• Classical Cipher Techniques
—
—
—
—
Substitution Ciphers
Monoalphabetic Substitution
Polyalphabetic Substitution
Transposition Ciphers
• Early Cipher Machines
— The Saint Cyr Slide
— The Jefferson Cylinder
— Vernam Cipher
• The Rotor Crypto Machines
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 1
1
Introduction
• Scribes in the Egyptian civilization used unusual
hieroglyphics to tell the story of their masters' lives.
— The inscriptions were not secret writing, but incorporated one of the
essential elements of cryptography: an intentional transformation of
writing so that only certain people could read it
• The Spartans were probably the first to use
cryptography for military purposes.
— Their crypto device was called the
scytale (stick).
We need to proceed with the plan
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 2
2
Crypto Analysis Rules
• The Arab civilization, with its advanced mathematics,
was the first to establish specific rules to cryptanalyze
written messages. These rules were the following:
— The cryptanalyst must know the language in which the crypto
message is written and its linguistic characteristics.
— In every language, there are letters that are never found together in
one word, letters that rarely come together in a word, and
combinations of letters that are not possible.
— All letters are not used equally in any language, and the proportions
in which the letters occur remain constant.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 3
3
Classical Cipher Techniques
• Too weak for serious applications; however, many of
their basic principles are still used in modern
cryptography.
• Substitution Ciphers
Plain
Cipher
a b c d e f g h i j k l m n o p q r s t u v w x y z
d e f g h i j k l m n o p q r s t u v w x y z a b c
• Monoalphabetic Substitution
Plain
Cipher
a b c d e f g h i j k l m n o p q r s t u v w x y z
h o s b r g v k w c y f p j t a z m x i q d l u e n
— The number of possible substitutions is 26! or 4.0329 x 1026.
— It is a very weak cipher; in any language there are some letters that
occur more often than others.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 4
4
Polyalphabetic Substitution
•
Introduced by Blaise de
Vigenere in the 16th
century.
•
Uses one alphabet for each
of the plain letters.
•
Has several key methods,
such as words, phrases,
and a running key in which
the message itself is its
own key —the so-called
autokey.
Key
Plain
Cipher
D N O W I S T H E T I M
N O W I S T H E T I M E
Q B K E A L A L X B U Q
Cipher
Key
Plain
Q B K E A L A L X B U Q
D N O W I S T H E T I M
N O W I S T H E T I M E
Introduction
Classic Cryptography
The Vigenere Tableau
(Plain Text)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
IA
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
OSI/TCP Stack
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
m
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
n
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
o
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
p
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
q
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
s
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
t
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
u
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
v
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
w
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
x
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
y
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
Security Services & Mechanisms
M. Mogollon – 5
5
Transposition Ciphers
• Successive letters of the plaintext are arranged
according to the key.
• The key is a group of sequential numbers arranged at
random.
• The plaintext is separated into groups of letters in which
each group has the same number of letters as the
number chosen as a key.
Plaintext
Key
Ciphertext
Introduction
Classic Cryptography
nowis/theti/mefor/allxx/
51342
snwio
iteth
rmfoe
xalxl
snwioitethrmfoexalxl
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 6
6
Early Cipher Machines
• The Saint Cyr Slide
A
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC
GHIJHLMNOPQRSTUVWXYZ
• 18th Century Wheel Cipher
Picture from:
http://www.nsa.gov/museum/wheel.html
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 7
7
Early Cipher Machines
• The Vernam Cipher was designed in 1917 by Gilbert Vernam
• Is a bit-by-bit combination of random characters (keystream) with
characters of plaintext using modulo-2 addition (the XOR function)
1+0=1
1+1=0
0+1=1
0+0=0
Enciphering
Deciphering
Plaintext
10011000101000110
Ciphertext
00101011001100101
Keystream
10110011100100011
────────────────────
Keystream
10110011100100011
────────────────────
Ciphertext
00101011001100101
Plaintext
10011000101000110
Key
Stream
Key
Stream
Plaintext
+
Ciphertext
Encryption Algorithm
Modulo 2 Adder
Encipher
Introduction
Classic Cryptography
IA
+
Plaintext
Decryption Algorithm
Modulo 2 Adder
Decipher
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 8
8
The Rotor Crypto Machines
•
Rotor Crypto Machines implement
polyalphabetic substitution ciphers with
long periods.
•
These machines consist of several “t”
rotary discs, each one with 26 electrical
contacts called studs.
•
Each stud is connected at random by wire
to another stud on the other side of the
disc.
•
After each letter is enciphered, one or more
of the rotors are rotated one step.
•
A machine with “t” rotors does not return
to its starting position until after 26t
successive steps.
•
A five-rotor machine has a period of
265 = 11,881,376 different alphabets before
it repeats itself.
A
B
C
D
E
F
Plaintext G
H
I
A
B Ciphertext
C
D
E
F
G
H
I
Encryption
A
B Ciphertext
C
D
E
F
G
H
I
A
B
C
D
E
F
Plaintext G
H
I
Decryption
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 9
9
The M 209
The Enigma
• Used by the U.S. Army until the
early 1950s.
• Polyalphabetic ciphertext with
a period of 26 x 25 x 23 x 21 x
19 x 17 = 101,405,850, nearly
ten times greater than a fiverotor machine.
Picture from
http://www.nsa.gov/museum/enigma.html
Picture from
http://www.maritime.org/csp1500.htm
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 10
10
Information Assurance
and Security Services
& Mechanisms
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 11
11
Session 1a – Contents
• Introduction
• OSI and TCP/IP Stack
• Crypto Terminology
• Security Services and Security Mechanisms
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 12
12
NSA Terminology
COMSEC / (1960s) Communications security which provided protection
against disclosure to unauthorized parties when information was
transmitted or broadcasted from point-to-point.
COMPUSEC / (Late 1970s) Computer security which provided
protection against unauthorized disclosure of information,
injection of malicious code, or the theft of data on magnetic
media.
INFOSEC / (Early 1980s) Information security which was the result of
the convergence of COMSEC and COMPUSEC.
IA / (Late 1990s) Information Assurance which deals with providing
protection against unauthorized disclosure of information
(confidentiality), modification of information (integrity), denial of
service (availability), authenticity, and non-repudiation.
Definitions taken from Daniel G. Wolf, NSA Director of Information Assurance statement
before the House Select Committee of Homeland Security on July 22, 2003, pages 4 and 5.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 13
13
OSI and TCP/IP Stacks
Layer 7
Application
Layer 6
Presentation
Layer 5
Session
Layer 4
Transport
Transport Layer
TCP
Layer 3
Network
Network Layer
IP
Layer 2
Data Link
Layer 1
Physical
Application Layer
Data Layer
OSI Stack
Introduction
Classic Cryptography
SMTP, Telnet, FTP, Gopher
UDP
ARP
RARP
Ethernet, Token-Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer
TCP/IP Stack
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 14
14
TCP/IP
•
•
•
TCP/IP — Transmission Control Protocol/Internet Protocol.
•
TCP/IP has two parts, TCP and IP.
TCP/IP is the protocol suite used by the Internet.
TCP/IP is based on a connectionless networking. Eliminates the need for
the network to support signaling and maintain connections (and thus state
information). All aspects of a reliable connection are moved to Layer 4 and
supported in the endpoints.
— TCP perform the functions of the transport layer in the OSI model (e.g., breaking the
data into smaller packets, numbering them, ensuring each packet is reliably delivered
and putting them in the proper order).
— IP performs the role of the network layer in the OSI model (e.g., routing and
addressing).
•
Some of the protocols used in the TCP/IP suite are:
—
—
—
—
Data Layer: Frame Relay, ATM, IEEE 802.3, PPP PPP EAP (among others)
Network Layer: IP
Transport Layer: User Data Protocol (UDP), Transmission Control Protocol (TCP)
Applications Layer Applications: HTTP, FTP, SMTP, SNMP
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 15
15
TCP/IP Protocol Stack
Data
TH
NH
DH
Payload
Payload
Application Layer
Application Layer
Transport Layer
Transport Layer
Network Layer
Data Layer
NH
DH
Data
TH
Network Layer
Payload
Data Layer
NH
DH
Payload
Payload
Router
•
Application Layer: Provides services for a user to send and received data over the
network, such as web browsers (HTTP), FTP, SMTP, SNMP, and emails.
•
•
•
Transport Layer: Provides connection, error and flow control (TCP or UDP), and security.
Network Layer: Responsible for addressing (IP) and routing the packets.
Data Link Layer: Defines the electrical, mechanical, and physical interfaces to the network.
It frames the packets for transmission over the physical media, such as Ethernet, Token
Ring, Frame Relay, Asynchronous Transfer Mode (ATM).
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 16
16
TCP/IP Stack and Security Related Protocols
Application Layer
Transport Layer
Network Layer
SMTP, Telnet, FTP, Gopher
TCP
IP
UDP
ARP
RARP
• S/MIME
• S-HTTP
• PGP
• SET
• IPSec
(ISAKMP)
• SOCKS V5
• SSL, TLS
• IPSec (AH,
ESP)
• Packet filtering
• Tunneling
Protocols
Ethernet, Token-Ring, FDDI,
X.25, Wireless, Async, ATM,
SNA...Data Layer
PPP-EAP, IEEE
Data Layer
802.1X, CHAP,
PAP, MS-CHAP
The Data Layer is also called Network Interface Layer, Link Layer, or
Data-Link Layer.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 17
17
What is Cryptography?
• cryptography / The art or science that treats of the
principles, means, and methods to render information
unintelligible to all but the intended receiver. The
sender enciphers a message into an unintelligible
form, and the receiver deciphers it into intelligible
form. The word "cryptology" is derived from the
Greek “kryptos” (hidden) and “logos” (word).
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 18
18
What is Cryptology?
• cryptology / The scientific study of cryptography and
cryptanalysis.
• cryptanalysis / The process of deducting the plaintext
from the ciphertext (breaking a code) without being in
possession of the key or the system (codebreaking).
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 19
19
Crypto Terminology
Cryptographic
Variables (CV),
Secret Keys,
Private Keys
Key
Generator
Synchronization
Key Stream
Key Stream
Message
Plaintext
As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….
Encryption
Algorithm
Encipher
Key
Generator
Cryptographic
Variables (CV),
Secret Keys,
Public Keys
Ciphertext
Asdfe8i4*(74mjsd(
9&*nng654mKhna
mshy75*72mnasja
dif3%j*j^3cdf(#421
5kndh_!8g,kla/”2a
cd:{qien*38mnap4
*h&fk>0820&ma01
2M
Encryption
Algorithm
Decipher
Plaintext
Message
As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….
Security is based on the crypto variable, not on the encryption
algorithm.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 20
20
Crypto Terminology
Cryptographic
Variables (CV),
Secret Keys,
Private Keys
Message
Plaintext
As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….
Introduction
Cryptographic
Variables (CV),
Secret Keys,
Public Keys
Synchronization
Encryption
Algorithm
(Block
Cipher)
Encipher
Classic Cryptography
Ciphertext
Asdfe8i4*(74mjsd(
9&*nng654mKhna
mshy75*72mnasja
dif3%j*j^3cdf(#421
5kndh_!8g,kla/”2a
cd:{qien*38mnap4
*h&fk>0820&ma01
2M
IA
Encryption
Algorithm
(Block
Cipher)
Decipher
OSI/TCP Stack
Plaintext
Message
As the market
requirements
for secure
products has
exponentially
increased, our
strategy will be
to ….
Security Services & Mechanisms
M. Mogollon – 21
21
Security Services
Security Mechanisms
Confidentiality
Encryption
Integrity
Hash Functions
Authentication
Digital Signatures
Access
Security Tokens
Non-Repudiation
Digital Signatures
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 22
22
Typical Protections - Need Many Tools Used
in Concert
•
Physical Security
—
—
—
•
Information Assurance
—
—
—
—
•
Management tools (sniffers, scanners, profilers, honeypots, shunts, program registers, etc.)
Database security
Disaster Recovery Planning
—
—
•
•
Access controls authentication (firewalls, passwords, biometrics, etc.)
Virus protection tools
Operation system protection (Windows, Unix, Linux)
Network Security
—
—
•
Confidentiality (symmetric and asymmetric encryption)
Integrity (hash functions)
Authentication (digital certificates, tokens, digital signatures, passwords, biometrics, etc.)
Non-Repudiation (public key encryption, digital signatures,
System Security
—
—
—
•
Physical access (guards, fences, alarms, locks,, etc.)
Environment risk security (power Filtering and UPS devices surge protectors
Fire and flooding protection
Contingency plans
Security policies.
EMI/RFI Shielding
Training and Education
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 23
23
Security Services
• Confidentiality
— Protection against unauthorized individuals reading information that is
supposed to be kept private.
• Data Integrity
— Assurance that a message was not accidentally or deliberately modified in
transit by replacement, insertion, or deletion.
•
Authentication
— Assurance that the message is coming from the source from which it claims
to come.
• Non-Repudiation of Origin
— Protection against an individual denying sending or receiving a message.
• Access Control
— The prevention of the unauthorized use of a resource by identifying or
verifying the eligibility of a station, originator or individual to access specific
categories of information.
A security policy is implemented using security mechanisms to provide
security services.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 24
24
IA Security Policy
When
is
Electronic
Information
Collected,
Used,
Processed,
Transmitted,
or Stored,
the
provide
Security
Mechanisms
Confidentiality,
Integrity,
Availability,
Authenticity,
Non-repudiation.
Security Mechanisms must be:
Comprehensive, Coordinated, Scaleable, & Technology Agnostic
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 25
25
Confidentiality and its Security Mechanisms
Confidentiality
Protection of data
from unauthorized
disclosure
Encryption
Algorithms
Symmetric
Asymmetric
Stream Ciphers
Synchronous
SelfSynchronous
Block Cipher
Public-Key
DES
AES
3DES
Blowfish
MARS
RC5
CAST
IDEA
OFB
Pohlig
Hellman
RSA
ElGamal
CFB
Schnorr
ECC
RC4
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 26
26
Integrity and its Security Mechanisms
Assurance that a message was not
accidentally or deliberately modified
in transit by replacement, insertion,
or deletion.
Integrity
Hash Functions
SHA
Digital Signature
MD5
MAC
Encryption
HMAC
SHA-1
SHA-384
DES CBC
HMAC-SHA-1-96
SHA-256
SHA-512
AES-XCBCMAC-96
HMAC-MD5-96
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 27
27
Authentication and its Security Mechanisms
Authentication
Digital Signatures
MD5
ElGamal
RSA
Assurance that the message is
coming from the source from which
it claims to be.
Digital Signatures provide
authentication, nonrepudiation, and integrity.
SHA
DSA
RSA
SHA
DSA
Hash
Functions
ECDSA
A Digital Signature is created by taking the message’s hash and
encrypting it with the sender’s private key.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 28
28
Access Authentication
Access
Authentication
Protocol
IEEE
802.1X
EAP Method
Mechanism
EAP-TLS
EAP-SIM
CHAP
OTP
EAP-TTLS
EAP-AKA
GTC
MS-CHAP
v2
EAP-PEAP
EAP-PSK
Digital
Certificates
IEEE 802.1X: Port-based Access Control Protocol
EAP: Extensible Authentication Protocol
TLS: Transport Layer Security
TTLS: Tunneled Transport Layer Security
Introduction
The prevention of the
unauthorized use of a
resource.
Classic Cryptography
IA
PEAP: Protected EAP
CHAP: Challenge-Handshake Authentication Protocol
OTP: One-Time Password
GTC: Generic Token Card
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 29
29
Non-Repudiation and its Security
Mechanisms
NonRepudiation
Public-Key
Schnorr
ElGamal
Protection against an
individual denying
sending a message.
Digital Signature
RSA
Encryption
ECC
Sender enciphers the message with his private
key and recipient deciphers the message with
sender’s public key.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 30
30
Example: Ecommerce – SSL Application
Intranet or DMZ
• Firewall
• SSL Accelerator
Web
Servers
Internet
Buyer
•
•
•
•
Seller
SSL Accelerator
• SSL traffic is encrypted
• Offloads expensive public key
operation from backend servers
• Normally, 250,000 transactions/sec
Authenticates seller.
Enciphers information.
Clientless
Access from any computer
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 31
31
Example: Remote Access Application – VPNs
VoIP
Authentication
Server
VPN
Gateway
Internet
Home office
Intranet
Firewall
Remote End
Introduction
• Firewall
• VPN Gateway
•
Authenticates remote access user.
•
Creates tunnel for VPN connection
•
Enciphers communications using IPSec.
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 32
32
Example: Remote Wireless Access Application –
VPNs VoIP
Authentication
Server
VPN
Gateway
Internet
Home office
Intranet
Firewall
Remote End
Wireless Point
Security
Wireless Security
Switch
WifiVoIP
Introduction
• Firewall
• VPN Gateway
Classic Cryptography
•
•
•
•
Authenticate wireless remote access user.
Create tunnel for VPN connection
Encipher communications using IPSec.
Access to all applications through client
desktop software.
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 33
33
Remote Wireless/Wireline Access Application –
SSL VPNs
VoIP
Authentication
Server
Home office
Internet
Intranet
Router
• Firewall
• SSL VPN
Router
Remote End
Wireless Point
Security
•
•
•
•
Introduction
Authenticate wireless/wireline remote access
user.
Secure communications using SSL IPSec.
Access to selected applications through a web
portal.
Erase any connection information in the access
point after log-out.
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 34
34
Authentication
Authentication
Server
Radius, Kerberos, PKI,
OTP, Token
EAP over
Internet
EAP Method
Password
Authentication
Database
Authenticator
Token
Authentication
Database
X.509 Directory
Kerberos
Ticket
Granting
Server
Supplicants
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 35
35
Placeholder Names Used in Cryptography
Alice
Participant in all protocols
Bob
Participant in two-, three-, and four-party protocols.
Carol
Participant in three- and four-party protocols
Dave
Participant in four-party protocols
Eve
Passive eavesdropper, Eve, while she can listen in on messages between
Alice and Bob, she cannot modify them.
Mallet
Malicious active attacker. Mallet, also called Mallory, can modify
messages, substitute his own messages, replay old messages, and so on.
The problem of securing a system against Mallory is much greater than
against Eve.
Peggy
Prover
Victor
Verifier . Victor, a verifier, and Peggy, a prover, must interact in some way
to show that the intended transaction between Alice and Bob has actually
taken place.
Trent
Trusted Arbitrator
Trudy
Intruder. Trudy can modify messages in transit, therefore, she is more
dangerous than Eve. Bob and Alice ideally should use some integrity
protocols to be able to detect any such modification and either ignore the
changed message, or retrieve the correct message despite the intrusion.
Walter
Warden. He guards Alice and Bob in some protocols.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 36
36
IETF, RFCs, FIPS
•
The Internet Engineering Task Force (IETF) is a group of network designers,
operators, vendors, and researchers concerned with the evolution of the
Internet architecture and the smooth operation of the Internet.
http://www.ietf.org/
•
The Request for Comments (RFC) consist of the IETF working documents
of approved standards and protocols for the Internet. This web site is the
RFC repository and it lists all the RFCs. http://www.ietf.org/rfc.html
•
The Computer Security Resource Center of the National Institute of
Standards and Technology, develops standards and metrics to test and
validate computer security.
http://csrc.nist.gov/
•
Federal Information Processing Standards Publications (FIPS PUBS) home
web page. http://www.itl.nist.gov/fipspubs/
•
Federal Information Processing Standards Publications (FIPS PUBS) web
page associated with Computer Security.
http://csrc.nist.gov/publications/fips/
•
Internet Security Glosary, RFC 4949
http://www.ietf.org/rfc/rfc4949.txt?number=4949
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 37
37
References
Classic Cryptography
• Bamford, J. (1982). The Puzzle Palace, A Report on NSA America's Most Secret Agency (p 35).
Boston: Houghton, Mifflin Co.
•
•
Lexicon Universal Encyclopedia, Volume 5. (1987) (p 371). New York: Lexicon Publications Inc.
•
Way, P (1977). The Encyclopedia of Espionage, Codes and Ciphers (pp 62-92). London: The
Danbury Press, Published by Aldus Book.
Khan, D. (1967). The Codebreakers (pp. 394-398, 411-426). New York: Macmillan Publishing Co.,
Inc.
Information Assurance
• Abbruscato, C.R. Data Encryption Equipment, IEEE Communications Magazine, Volumen 22, No.
9 (September 1984)
•
•
•
International Standards Organization (ISO), ISO 7498-2-1988 (E) Security Architecture.
•
•
•
Tanenbaum, A. (1981). Computer Networks.., Englewood Cliffs, New Jersey : Prentice-Hall, Inc.
Muftic, S. (1989). Security Mechanisms for Computer Networks. New York: John Wiley & Sons.
National Bureau of Standard, Federal Information Processing Standards (FIPS), Publication 113,
Computer Data Authentication.
Tanenbaum, A. (1981) Networks Protocols. Computing Surveys, Vol. 13, No. 4.
Wolf, D (2003). Cybersecurity Getting it Right. Statement by the Director of Information Assurance
National Security Agency Before The House Select Committee on Homeland Security
Subcommittee on Cybersecurity, Science and Research & Development hearing on July 22, 2003
to the House of Representatives Select Committee on Homeland Security.
Introduction
Classic Cryptography
IA
OSI/TCP Stack
Security Services & Mechanisms
M. Mogollon – 38
38
Download