cryptography and network securityweb.cse.msstate.edu/~ramkumar/cns-intro.pdf · what is security?...
TRANSCRIPT
What is Security?Cryptography and Network Security
Cryptography
What is Security?
1 Security is
a state of being free from fear or danger.
(danger in the form of attacks)
2 Security is
ensuring that “all desired assurances” are met
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Security Solutions For Digital Systems
1 Any digital information system is ultimately a set ofbits/data-items
2 Active approaches: (identify, and evade/isolate/neutralizeattacks)
What is the result of an attack?Modern tools: AI (ML, pattern recognition/matching),hypervisors, some cryptography, good programming practices· · ·Impractical to identify every source of threat / danger.Unending evolutionary arms race between attacks and defenses.
3 Passive approaches (check if all desired assurances are met):Desired assurances determine rules for reading/writingdata-itemsThe rules are encapsulated by a system model (or system-statemodel)Goal is to determine if the system data-items always remainconsistent with the model.
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Attack Model vs System Model
1 Active approaches are based on attack models (constantlyevolving model of attacks)
2 Passive approaches based on system models (what the systemmust do; it does not change if the system is implemented inLinux or Windows, or Python or C#)
3 Indirectly active approaches also attempt to guarantee“desired assurances”
They operate under the premise that deviation of system fromnormalcy is due to attacks.
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Active Measures for Home Safety
1 install a Schlage deadbolt on your door
2 a sophisticated home security system monitored by ADT
3 get a Doberman Pinscher.
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Basis for Security
1 Any feeling of security that results from such steps stems from
1 some assumptions: the integrity of Schlage lock / monitoringsystem / your guard dog, etc.
2 a good strategy to make use of the assumptions to design anddeploy a security solution.
2 How reasonable are the assumptions?
3 Is the design correct? Was the deployment done properly?(Can you think of things that can go wrong?)
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Shaky Basis :(
1 Not practical to objectively quantify the strength ofassumptions.
1 A Schlage lock may not pose too much of a problem for expertlock-pickers.
2 anyone may have had the opportunity to make a copy of thekey
3 or hack into a database maintained by Schlage to get thespecifications for a key for the lock, or bribe an employee, · · ·
2 Difficult to assess correctness of deployment/design
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Active Measures for Network Security
1 Good intrusion detection systems
2 Explicit strategies for blocking access (firewalls, passwordprotection)
3 smart security professionals in the blue team
4 Lot of investment in detecting/removing bugs
5 good process isolation to contain attacks (containers, VMs)
6 Do these measures also rely on a shaky basis?
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Network Security
1 How do you secure a network?1 Like the Internet2 We only want to secure interactions over a network3 We are not trying to provide physical security
2 We want to secure different types of interactions over anetwork
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Secure Interactions
1 Two types of interactions1 Unicast (single sender, single receiver)2 Broadcast (single sender, multiple receiver)3 (What about Multicast? We will not worry about that in this
course)
2 Secure Interactions? in general, receiver of a message (overthe network) should be confident of
1 integrity : the message was not modified in transit,2 origin : who sent the message? and3 privacy (only for unicast) : no one else except the sender is
privy to the contents of the message
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Where does Cryptography come in?
1 Cryptography is a toolbox with sophisticated tools1 Cryptography provides some highly reliable assumptions
(strength of cryptographic primitives)2 and some cool strategies (cryptographic protocols)
2 We will use the assumptions and strategies to provide a solidbasis for securing interactions.
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
A Useful Perspective
1 Trust and Trust-Amplification
2 Assumptions = trust
3 Strategies = trust amplification
4 For example, trust in lock and key can be amplified to realizetrust in all contents of a home
5 Loosely speaking,1 assumption = integrity of key & lock = integrity of
cryptographic key and cryptographic primitive2 strategy = whatever we do to use the lock = cryptographic
protocols
6 The essence of cryptography: trust in a small amount ofdata (cryptographic key) can be amplified to realizetrust in an unlimited amount of data-items
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Cryptography
1 Literal meaning: secret writing2 Modern cryptography is so much more. Deals with
1 construction of cryptographic primitives (tools),2 quantitative analysis of the strengths of cryptographic
primitives, and3 protocols to effectively utilize the tools1.
3 The tools/primitives are deterministic cryptographicalgorithms.
1 encryption/decryption algorithms (like DES, AES, RSA),2 hashing algorithms (like MD5SUM, SHA-1, SHA-2, SHA-3),
and3 digital signature algorithms (like DSA, RSA).
4 The tools serve as building blocks for constructingcryptographic protocols
1This is our main focusRamkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Cryptographic Algorithms
1 Two broad categories:1 Symmetric: composed of repetitive simple operations on small
bit-strings — operations like bit-wise logical operations,addition, and rotation / permutation of bits.
2 Asymmetric: composed of modular addition and multiplicationoperations involving large numbers.
2 Symmetric algorithms traditionally used for encryption anddecryption: both encryption and decryption use the same key.
3 Asymmetric algorithms use two different keys — a private key,and a public key.
4 Hashing algorithms do not use secret keys; constructed verysimilar to symmetric algorithms
Ramkumar CSE 4383/6383
What is Security?Cryptography and Network Security
Cryptography
Scope of This Course
1 Symmetric Cryptography1 Symmetric encryption/decryption2 Hashing
2 Asymmetric Cryptography1 Encryption/Decryption2 Signatures
3 Key Distribution/Establishment
4 Identify types of Internet interactions to be secured
5 Interactions in different layers - MAC, Network, Transport,Application
6 Network security protocols
7 Some active security mechanisms not based on cryptography
Ramkumar CSE 4383/6383