COMPUTER SECURITY

  • Published on
    29-Oct-2014

  • View
    139

  • Download
    2

Embed Size (px)

DESCRIPTION

COMPUTER SECURITY

Transcript

<p>Computer Networks and Security</p> <p>Crypto "" Graph ""Cryptography </p> <p>Plain Text Cipher Text Algorithm </p> <p>Encryption Decryption </p> <p>Key Cryptography Encryption Decryption</p> <p>Cryptanalysis Cryptography Sensitive Data </p> <p>Cryptography 2 1. ( Classic) 2. (Modern) </p> <p> Cryptography 2 1. Data Encryption : 2. Data Decryption : Cryptography </p> <p>Cryptography</p> <p>Encryption + Decryption</p> <p>1.1 Caesar cipher Caesar cipher 50-70 Julius Caesar Caesar cipher A D B E Caesar cipher (Shiftment, n = 3) </p> <p> Caesar cipher</p> <p>Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC Caesar cipher Fox Code </p> <p>Plaintext: the quick brown fox jumps over the lazy dog Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ</p> <p>Fox Code the quick brown fox jumps over the lazy dog 26 Augustus ( Caesar 12 Caesars) Julius Caesar A C B D (Shiftment, n = 2) </p> <p> (Break) ( ) Caesar cipher Shiftment n=1, n=2, n=3, ... n=26 26 ( 26 ) </p> <p> Monoalphabetic Cipher ( Monoalphabetic substitution ciphers) 1 1 () Monoalphabetic ciphers Atbash A Z B Y C X </p> <p>Plain: abcdefghijklmnopqrstuvwxyz Cipher: ZYXWVUTSRQPONMLKJIHGFEDCBA</p> <p> Monoalphabetic ciphers</p> <p> Monoalphabetic ciphers Caesar cipher 26 26 26! (26! = 26 x 25 x 24 x 23 x x 1)</p> <p> Monoalphabetic ciphers (frequency analysis) e t e 13% t 9%</p> <p> e, t, a, i, o, n, s, h, y, d l Monoalphabetic ciphers Monoalphabetic ciphers e </p> <p> ( )</p> <p>Polyalphabetic Encryption Blaise De Vignere 500 Multiple Monoalpha Cipher Monoalphabetic ciphers n = 7 C1 n = 15 C2 (Pattern) C1, C2, C2, C1, C2 </p> <p> 1 Polyalphabetic Encryption Friedrich Kasiski 1863 Cipher Text Pattern Cipher text Frequency Analysis </p> <p>-</p> <p>One-Time Pad Gilbert Vernam 1 Polyalphabetic Encryption 1 Key Plain Text Cipher Text Plain Text L N () L V Opration + - XOR </p> <p> One-Time Pad Cipher Text Random Random Key One-Time Pad ( L N L V </p> <p> One-Time Pad Key Plain Text Key Key ( Key ) Key Key </p> <p>Playfair cipher Block Cipher .. 1854 Sir Charles Wheatstone Baron Playfair Albert Load Palmerston Playfair cipher 1 </p> <p>(1) Key 5 x 5 = 25 Q Key 5x5</p> <p>P I B J T</p> <p>L R C K U</p> <p>A E D N V</p> <p>Y X G O W</p> <p>F M H S Z</p> <p>(2) Plain Text X Z "Hide the gold in the tree stump" HI DE TH EG OL DI NT HE TR EX ES TU MP ^ X E </p> <p>(3) Column HI (H I H Column I) BM (H I B M)(4) 2 Column ( ) DE ND D N E D</p> <p>(5) 2 ( ) TU UV T U U V Plain Text: HI DE TH EG OL DI NT HE TR EX ES TU MP Cipher Text: BM ND ZB XD KY BE JV DM UI XM MN UV IF</p> <p> Playfair cipher 1. Computer Network and Security 2. Informatics 3. Mahasarakham University 4. () </p> <p>P I B J T</p> <p>L R C K U</p> <p>A E D N V</p> <p>Y X G O W</p> <p>F M H S Z</p> <p>1.2. 3. 4. 5.</p> <p> (Cryptography) 5 20 .. 2552</p> <p>2.1 DES (Data Encryption Standard) DES Block cipher Lucifer IBM Lucifer DES US NIST (US National Institute of Standards and Technology) </p> <p> DES 64 64 ( ) 2 ( 32 ) ( f) Key 16 ( 16) 64 </p> <p> DES</p> <p> f Key 48 56 (32 ) 48 48 ( ) XOR 48 8 32 </p> <p> f 4 XOR </p> <p> f DES</p> <p> DES RSA 10,000 US$ Distribution.net 41 DES EFF 56 Distribution.net EFF 100,000 DES 22 15 Key DES 64 Bit 128 Bit </p> <p> DES DES 64 Bit DES 128 Bit 128 bit DES Tripple-DES (3DES) </p> <p>Triple-DES DES Triple-DES DES Triple-DES 3 ( 56 ) Triple-DES </p> <p> Tripple-DES</p> <p>AES (Advance Encryption Standard) DES DES AES 1997 NIST ( 1998) NIST 128 Bit 256 Bit</p> <p> 15 5 Rijndeal RFC 3826 2004 AES Key 128 Bit, 192 Bit 256 Bit </p> <p> AES 3 Initial Round, Rounds Final Round (1) Initial Round - AddRoundKey (2) Rounds - SubBytes: non-linear substitution lookup table ( 7) - ShiftRows: 2, 3 4</p> <p>- MixColumns: 4 - AddRoundKey Cipher Text Key ( key schedule) Cipher Text (3) Final Round (no MixColumns) - SubBytes - ShiftRows - AddRoundKey</p> <p> SubBytes, ShiftRows, MixColumns AddRoundKey</p> <p> AES</p> <p> " " (Symatric Key Cryptography) Key DES AES Blowfish IDEA AES Key 128 bit </p> <p>- Key Key Key Cipher Text - N N x (N-1) / 2 " " Asymatric Key Cryptography</p> <p> (Asymatric Key Cryptography) Asymatric Key Encryption Public Key Encryption Public Key Infrastructure (PKI) Public-Key Cryptography</p> <p> Whit Diffie Marty Hellman 1976 ( ) Key Key Key Key Key </p> <p> - Key1 Key2 - Key2 Key1 - Key1 Key1 - Key2 Key2 </p> <p> Key Private Key Key Key Public Key Private Key Public Key Private Key Private Key Public Key () </p> <p>RSA 1978 Ron Rivest, Adi Shamir Leonard Adleman RSA e-commerce </p> <p>(1) p q (2) n = pq (3) m = (p-1)(q-1) (4) e 1 &lt; e &lt; m m e 1 ( e m e 1) (5) d ed mod m = 1 (6) Public key (e,n) (7) Private key (d,n) (8) M () M &lt; n (9) =&gt; C = M^e mod n (10) =&gt; M = C^d mod n</p> <p> RSA Public Key (e,n) Message (M) Cipher (C) Private Key (d) </p> <p>(1) p q p=7 q = 17(2) n = pq n = 7*17 = 119 </p> <p>(3) m = (p-1)(q-1) m = 6*16 = 96 </p> <p>(4) e 1 &lt; e &lt; m m e 1 ( e m e 1) e = 5 96 5 1 (5) d ed mod m = 1 d = 77 5*77 mod 96 1</p> <p>(6) Public key (e,n) Public key (5,119) (7) Private key (d,n) Private key (77,119) </p> <p>(8) M () M &lt; n M = 19 (9) =&gt; C = M^e mod n C = 19^5 mod 119 = 66 (10) =&gt; M = C^d mod n M = 66^77 mod 119 = 19</p> <p>ECC Elliptic Curves Cryptography Neal Koblitz Victor S. Miller 1985 ECC </p> <p>y^2= x^3 + ax + b</p> <p> Elliptic Curves</p> <p>ECC RSA RSA RSA Brute Force RSA ECC Key RSA ECC Pocket PC PDA </p> <p> ECC RSA</p> <p> Hash (Cryptographic hash) (Message Digest) Hash MD4, MD5, SHA-1 SHA-2</p> <p> thawatchai abc123 Database ( SQL Injection) Hash MD5 abc123 e99a18c428cb38d5f260853678922e03 Databse Database abc123 (e99a18c428cb38d5f260853678922e03)</p> <p> Hash MD5 Databse Linux (/etc/shadow) MD5 Web Application Moodle Mambo</p> <p> MD5 Ron Rivest 1 3 RSA</p> <p> MD5 Digital Signature ecommerce MD5 (Professor Dr. Xiaoyun Wang) 2004 IBM P690 1 Notebook 1.6 GHz MD5 8 </p> <p> md5 Linux $ md5 exim-4.43.tar.bz2 MD5 (exim-4.43.tar.bz2) = f8f646d4920660cb5579becd9265a3bf $</p> <p>SHA0 SHA1 MD5 MD5 Output Random Collision SHA1</p> <p>SHA0 SHA1 (Professor Dr. Xiaoyun Wang) MD5 SHA2 SHA2 </p> <p> (Non-repudiation) (Authentication) Asymatric Key Cryptography Private Key A Private Key B C B C Public Key A A Private Key A</p> <p> " " Private Key ( ) CPU CPU Hash </p> <p>SenderMessageHash Function</p> <p>RecipientMessage Signature MessageHash Function</p> <p>+ SignaturePrivate key</p> <p>+ SignaturePublic key</p> <p>Digest</p> <p>? Digest =</p> <p>Digest</p> <p> Message digest Oneway hash function message digest (Digital Signature) Public key </p> <p> - message digest - message digest - </p> <p>- message digest - - ( ) message digest - message digest </p> <p>1. () Hash ( MD5 SHA1) Message Digest 2 . Message Digest Private Key "Digital Signatures" 3 . () Plain Text Digital Signatures ( 2 (a) (b) Digital Signatures)</p> <p>4 . Digital Signatures Public Key Message Digest 5 . Hash ( MD5 SHA1) Message Digest 6 . Message Digest </p> <p> - Digital Signatures Public Key Private Key Key - Hash Plain Text Digital Signatures </p> <p> Data, Digital Signature, Public Key Public Key Certificate (Public Key CA ) Digital Signatures 6 Apply 3 5 </p> <p> 3 ( ) ( ) Plain Text Public Key Cipher Text Cipher Text Digital Signatures ( 2 (a) Cipher Text (b) Digital Signatures)</p> <p> 5 ( ) Cipher Text Pivate Key Plain Text Hash ( MD5 SHA1) Message Digest ( 3 5 1,2,4,6 )</p> <p> - - </p> <p> (Asymatric Key Cryptography) Public Key MITM: Man In The Middle Key Public Key Private Key Digital Signatures Private Key Public Key</p> <p> Asymatric Key Cryptography MITM https ( hotmail, Gmai e-commerce ) BackTrack Cain Pulic Key https Public Key ( hotmail) Private Key Public Key Public Key </p> <p> Public Key Public Key Public Key ( Session Key https) Public Key Public Key </p> <p> Public Key Asymatric Key Cryptography Public Key Infrastructure (PKI) Public Key / / CA (Certificate Authority)</p> <p> CA Root CA Public Key Root CA Windows XP Public Key Root CA Public Key Root CA Internet Explorer ( Tools-&gt;Internet Options-&gt;Content-&gt;Certificates-&gt;Trusted Root Certification Authority)</p> <p>CA Public Key ( / CA ) Digital Signatures CA ( Public Key Private Key CA Digital Signatures) (Public Key ) Digital Signatures Certificate</p> <p> CA (Certificate Authority) </p> <p> Public Key www.google.com CA Thawte SGC Thawte SGC Certificate ( Digital Signatures CA Public Key www.google.com ) Thawte SGC Certificate Root CA VeriSign Thawte SGC www.google.com</p> <p> Public Key VeriSign (Root CA) Windows Public Key Thawte SGC Public Key www.google.com </p> <p>Certificate www.google.com</p> <p> (Identity) 2 - (Identification) (username) - (Authentication) </p> <p> 2 - Actual identity - Electronic identity </p> <p> ( Authentication mechanisms) 3 - (Possession factor) - (Knowledge factor) (passwords) (PINs) - (Biometric factor) (retinal patterns) (voice patterns) </p> <p>1.1 (Authentication by Passwords) </p> <p>PIN (Personal Identification Number) PIN ATM PIN PIN </p> <p>Authenticator Token " (dynamic password)" 2 1.3.1 1.3.2 </p> <p> 2 - (Event synchronous authentication) Token Token Token </p> <p>- ( Timesynchronous authentication) Token </p> <p> "challenge-response" " " challenge string Token Token </p> <p>One-Time Password OTP OTP challenge string challenge string response </p> <p> (Authentication) </p> <p> (Digital Signature) 1. " " (Message Digest) 2. </p> <p>3. </p> <p>SenderMessageHash Function</p> <p>RecipientMessage Signature MessageHash Function</p> <p>+ SignaturePrivate key</p> <p>+ SignaturePublic key</p> <p>Digest</p> <p>? Digest =</p> <p>Digest</p> <p> - </p> <p> Secure Socket Layer (SSL) Secure Shell (SSH) Internet Security (IPSEC) Kerberos</p> <p>Secure Sockets Layer (SSL) Netscape Communications Hypertext Transfer Protocol (HTTP) SSL </p> <p> SSL </p> <p> SSL 4 - - - - </p> <p> SSH Telnet R Utilities SSH - SSH SSH - </p> <p>- - DiffieHellman - </p> <p> SSH </p> <p>IPsec Internet Protocol (IP) TCP/IP IPv6 IPv4 RFC RFC24011 IPsec 2 Authentication Header (AH) Encapsulated Security Payload (ESP) (Authentication) (Integrity) (Confidentiality) IP IPsec 2 </p> <p>- Tunnel mode IP IPsec IP AH - Transport mode IP Transport (TCP UDP) AH IP IPsec</p> <p> IP (IP Datagram) IPsec Hash Message Authentication Codes HMAC MD5 SHA-1 HMAC IP 3DES AES Blowfish </p> <p> Kerberos Massachusetts Institute of Technology (MIT) Kerberos - Ticket - Authenticator Ticket Ticket </p> <p>Kerberos - Authentication service (AS) Kerberos - Ticket Granting Service (TGS) Ticket </p> <p> Kerberos - Authentication service Kerberos - Ticket Ticket Granting Service Ticket - Ticket </p> <p> Kerberos Kerberos Kerberos Kerberos Single Sign-On </p>

Recommended

View more >