This ppt describes network security concepts and the role of cryptography. Difference in Symmetric Key Cryptography and Public Key Cryptography. Uses of Digital Certificates. What is the use of Digital Signature and how it ensure authenticity, Integrity and Non-repudiation. How security features should be ensured for any transactions using cryptography.
2.
Need for Network security
Classification of Network Attacks
◦
Possible Attacks
Security Features
Security Mechanism: Cryptography
Types of Encryption-Decryption techniques
◦ Symmetric: Shared Key Type
◦ Asymmetric: Public/Private Key Type
Public Key Infrastructure
Digital Signature
Public Key Infrastructure implementation and its factors
◦
◦
◦
◦
Generation of key pair
Obtain Digital certificate
Encryption/Decryption analysis
Digital certificate role
Conclusion
Raj Kumar Rampelli
3/3/2014
2
3.
What is a Network ?
◦ Data Carrier
Data ?
◦ Anything which conveys something between
1st person (sender/receiver) and
2nd person (receiver/sender)
Categories of Data ?
◦ Normal
◦ Confidential Data can’t be enclosed to 3rd person.
Goal ?
◦ Protection of DATA i.e. Information Security.
◦ Preventing compromise or loss of DATA from
unauthorized access
Raj Kumar Rampelli
3/3/2014
3
4.
What is Network Attack ?
Categories of Attacks
◦ An action that compromises the security of DATA
◦ Passive
Learn from DATA and make use of system information
Do not alter the DATA
Very difficult to identify the attack
Ex: Eavesdropping (Interception)
◦ Active
Modifies the DATA
Ex: Denial of Service
Possible Attacks
◦
◦
◦
◦
Interruption
Interception
Modification
Fabrication
Raj Kumar Rampelli
3/3/2014
4
6.
Interception (No Privacy)
Intruder
Sender
Receiver
◦ Attack on “confidentiality”
◦ Packet Analyzer software
Intercept and log traffic passing over a network
Captures each Packet and decodes the data
Ex: Microsoft Network Monitor
◦ Man in the middle attack
◦ Wiretapping: capture the data
◦ Intruder can be a person or a program or a computer
Raj Kumar Rampelli
3/3/2014
6
7.
Modification
◦ Attacker modifies the data sent by the sender
◦ Gain access to a system and make changes
Alter programs so that it performs differently
◦ Attack on “Integrity”
Fabrication
◦ Attacker acts like Sender
◦ Gain access to a person’s email and sending
messages
◦ Attack on “Authenticity”
◦ Lack of mutual authentication
Raj Kumar Rampelli
3/3/2014
7
8.
A Transaction/Communication (or a service)
is secure if and only if the following security
features are provided
◦
◦
◦
◦
Confidentiality
Integrity
Authenticity (Mutual Authentication)
Non-repudiation
Cryptography
◦ Symmetric key Cryptography
◦ Public Key Infrastructure
Raj Kumar Rampelli
3/3/2014
8
9. String of information that binds the unique identifier
of each user to his/her corresponding public key.
Services
•Provide
security
features
Digital
Certificate
Symmetric Key
Cryptography
•Data Encryption
Standard (DES)
•Triple DES
•Advanced ES
Cryptography
Public Key
Infrastructure
Digital
Signature
•Public-Private
Key
•RSA
A mathematical scheme for demonstrating the
authenticity, non-repudiation and integrity of a
digital message
Encryption and
Decryption
•ECC
•Cypher Text
Raj Kumar Rampelli
3/3/2014
9
11. • Generation of Public-Private key pair
Performance
factors at
client
• Generation of certificate request
message
• Receive and store digital certificates
• Encryption and Decryption
• Generation and verification of digital
signature message
• Verification of Digital certificate
Raj Kumar Rampelli
3/3/2014
11
12.
Generate public and private key pair at client
Check the following details using different
Public Key Cryptography (PKC) algorithms
◦ Time taken for key pair generation
◦ Storage space required for storing the key pair
◦ Repeat above two steps by changing the key size in
the algorithm
◦ Analyze the results and choose optimal algorithm
suitable for your application.
PKC algorithms
◦ RSA
◦ ECC
Raj Kumar Rampelli
3/3/2014
12
13.
Generate certificate request message (CRM) using
public-private key pair
Apply for new Digital Certificate
CA verifies the requester credentials
◦ Send CRM and user/app credentials to Certificate
Authority (CA)
◦ Approves/Rejects the application
◦ If approved,
Generate Digital Certificate using requester credential with public
key information
Store it in Digital certificate data base locally
Send Digital certificate to requester
Receive Digital certificate from CA and store
locally.
Raj Kumar Rampelli
3/3/2014
13
14.
String of information that binds the unique identifier of each client
to his/her corresponding public key.
Pre-requite for obtaining Digital certificate
◦ Generate public-private key pair locally
◦ Generate certificate request message
Digital certificate used to authenticate server credentials during
mutual authentication process
Mutual authentication process:
◦ a client authenticating themselves to a server and that server
authenticating itself to the user in such a way that both parties are
assured of the others' identity [wiki]
Authenticating an entity using its Digital certificate:
◦ Check the validity period of certificate
◦ Verify the digital signature of CA on the certificate using CA’s
public key
Raj Kumar Rampelli
3/3/2014
14
15.
Client encrypts the message using server’s public
key
The time taken for encryption of fixed size
message
◦ Using server’s ECC public key
◦ Using server’s RSA public key
◦ Analyze the results.
Client decrypts the received message (from
server) using client’s private key
The time taken for decryption of fixed size
message
◦ Using client’s ECC private key
◦ Using client’s RSA private key
◦ Analyze the results.
Raj Kumar Rampelli
3/3/2014
15
16. Performance factor-4:
Digital signature generation & verification
A valid digital signature gives a recipient reason to believe that the message was created by a
known sender (Authenticity), such that the sender cannot deny having sent the message
(Non-repudiation) and that the message was not altered in transit (Integrity).
Raj Kumar Rampelli
3/3/2014
16
17.
A method to Secure “Data transactions” between
users is needed
◦ Should ensure all desired security features for any
transaction.
Cryptography: collections of standards/techniques
for securing the Data.
◦ PKI ensures all security features
As the key size increases, the more difficult to crack
the data.
Analyze PKI Implementation factors using different
cryptographic algorithms with different key sizes
Digital certificate: Mainly used for authenticity
Digital signature: Mainly used for Integrity of data
Raj Kumar Rampelli
3/3/2014
17
18.
Have a Look at:
My PPTs:
http://www.slideshare.net/rampalliraj/
My Tech Blog:
http://practicepeople.blogspot.in/
Raj Kumar Rampelli
3/3/2014
18