This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.

1. Cryptography and Network SecurityAn Overview Nagendra U M namahesh@cisco.com

3. Security Trends

4. ASM: Attacks, Services, Mechanisms

5. A Network Security Model

6. Private-Key Cryptography / Symmetric Ciphers

7. DES, 3DES, AES

8. Private Key Distribution

9. Public-Key Cryptography

10. Mathematical Concepts

11. The RSA Algorithm

12. Key Management

13. Hashing Algorithms

14. Digital Signatures

15. Authentication Protocols

16. Network Security

17. X.509, Public Key Infrastructure (PKI)

18. PGP, S/MIME

19. SSL/TLS

23. Model for Network Security

24. Simplified Model of Conventional Encryption Model of Conventional Cryptosystem

25. Goals of an ‘Unconditionally Secure’ Encryption Algorithm: ● The cost of breaking the cipher exceeds the value of the encrypted information. ● The time required to break the cipher exceeds the useful lifetime of the information. CLASSIC SUBSTITUTION ALGORITHMS: Caesar Cipher: C = E(k, p) = (p + k) mod 26 p = D(k, C) = (C - k) mod 26 where K={1..25} for english Monoalphabetic Ciphers: Substitute one arbitrary alphabet in the place of a particular alphabet For english, it generates a key space of 26! (~4 x 10^26) keys BUT it can be broken by exploiting patterns in language Polyalphabetic Ciphers: Use different monoalphabetic substitutions as one proceeds through the plaintext message. Vignere Cipher

26. CLASSIC TRANSPOSITION ALGORITHMS: Rail-fence Technique: Written as a sequence of diagonals and read off as a sequence of rows Eg: “CiscoSystems” is written as C s o y t m i c S s e s CipherText:CsoytmicSses A more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key to the algorithm. Rotor Machines: Steganography: Strictly speaking, its NOT encryption Conceal the existence of a message JPEG steganography

28. The Fiestel Cipher

30. 56-bit key

31. Same algorithm with the same key is used to decrypt and encrypt

32. Exhibits a strong Avalanche effect

34. Do DES encryption 3 times in an E-D-E sequence

35. C = E(K1, D(K2, E(K1, P)))

37. Extremely strong algorithm

38. 128-bit plaintext blocks => 128-bit ciphertext blocks

40. Unofficially the strongest encryption algorithm

41. 64-bit plaintext blocks => 64-bit ciphertext blocks

42. Variable length keys from 32 to 448 bits

44. CBC – Cipher Block ChainingWhere to do encryption?

45. Centralized Symmetric Key Distribution

47. Discrete LogarithmsAsymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the different keys - one a public key and one a private key. It can be used for confidentiality, authentication or both. Hailed as the greatest revolution in information security – no more substitutions and permutations and the use of 2 keys !!! Attacks 2 problems in symmetric cryptography: Key distribution and digital signatures One way function: Y = f(X) easy X = f^-1(X) infeasible (NP-hard or NP-complete) Public-key algorithms are very slow and resource-consuming to be used for encryption. For practical uses, they are confined to key management and signature applications

48. The Public Key cryptosystem for secrecy The Public Key cryptosystem for authentication, integrity, nonrepudiation

49. Best of both worlds : Authentication/Integrity and Secrecy

52. Choose e such that e and φ(n) are relatively prime

53. d is the private key exponent and e is the public key exponent An Example: 1) Let Plaintext = 88 2) Let p = 17, q = 11 (both primes) 3) n = p*q = 17 * 11 = 187 4) φ(n) = (p-1)(q-1) = 16*10 = 160 5) We choose e = 7 since e < φ(n) and e is relatively prime to φ(n) 6) Choose d such that d = 1(mod φ(n)) / e i.e. de = 1 (mod 160). So, d = 7 Public Key = {7,187} Private Key = {23,187} 7) At the sender’s end: Ciphertext C = P^e (mod n) = 88^7 (mod 187) = 11 8) At the receiver’s end: Plaintext P = C^d (mod n) = 11^7 (mod 187) = 88

56. Hash Functions

57. accepts a variable-size message M as input and produces a fixedsizeoutput, referred to as a hash code H(M) or Message Digest

59. ITU-T X.509 – authentication based on X.500 directory service

60. PKI – Public Key Infrastructure

63. 3 areas – authentication, confidentiality, key management

64. Confidentality in 2 modes : tunnel and transport

65. Higher-level layers may be ignorant of security implications

66. RFC 2401-2408

67. 2 main headers : AH (Authentication Header) and ESP (Encapsulating Security Payload)

72. Detailed Reference