cryptography and network securityweb.cse.msstate.edu/~ramkumar/cns-intro.pdf · what is security?...

What is Security?Cryptography and Network Security

Cryptography

What is Security?

1 Security is

a state of being free from fear or danger.

(danger in the form of attacks)

2 Security is

ensuring that “all desired assurances” are met

Ramkumar CSE 4383/6383


Cryptography

Security Solutions For Digital Systems

1 Any digital information system is ultimately a set ofbits/data-items

2 Active approaches: (identify, and evade/isolate/neutralizeattacks)

What is the result of an attack?Modern tools: AI (ML, pattern recognition/matching),hypervisors, some cryptography, good programming practices· · ·Impractical to identify every source of threat / danger.Unending evolutionary arms race between attacks and defenses.

3 Passive approaches (check if all desired assurances are met):Desired assurances determine rules for reading/writingdata-itemsThe rules are encapsulated by a system model (or system-statemodel)Goal is to determine if the system data-items always remainconsistent with the model.



Cryptography

Attack Model vs System Model

1 Active approaches are based on attack models (constantlyevolving model of attacks)

2 Passive approaches based on system models (what the systemmust do; it does not change if the system is implemented inLinux or Windows, or Python or C#)

3 Indirectly active approaches also attempt to guarantee“desired assurances”

They operate under the premise that deviation of system fromnormalcy is due to attacks.



Cryptography

Active Measures for Home Safety

1 install a Schlage deadbolt on your door

2 a sophisticated home security system monitored by ADT

3 get a Doberman Pinscher.



Cryptography

Basis for Security

1 Any feeling of security that results from such steps stems from

1 some assumptions: the integrity of Schlage lock / monitoringsystem / your guard dog, etc.

2 a good strategy to make use of the assumptions to design anddeploy a security solution.

2 How reasonable are the assumptions?

3 Is the design correct? Was the deployment done properly?(Can you think of things that can go wrong?)



Cryptography

Shaky Basis :(

1 Not practical to objectively quantify the strength ofassumptions.

1 A Schlage lock may not pose too much of a problem for expertlock-pickers.

2 anyone may have had the opportunity to make a copy of thekey

3 or hack into a database maintained by Schlage to get thespecifications for a key for the lock, or bribe an employee, · · ·

2 Difficult to assess correctness of deployment/design



Cryptography

Active Measures for Network Security

1 Good intrusion detection systems

2 Explicit strategies for blocking access (firewalls, passwordprotection)

3 smart security professionals in the blue team

4 Lot of investment in detecting/removing bugs

5 good process isolation to contain attacks (containers, VMs)

6 Do these measures also rely on a shaky basis?



Cryptography

Network Security

1 How do you secure a network?1 Like the Internet2 We only want to secure interactions over a network3 We are not trying to provide physical security

2 We want to secure different types of interactions over anetwork



Cryptography

Secure Interactions

1 Two types of interactions1 Unicast (single sender, single receiver)2 Broadcast (single sender, multiple receiver)3 (What about Multicast? We will not worry about that in this

course)

2 Secure Interactions? in general, receiver of a message (overthe network) should be confident of

1 integrity : the message was not modified in transit,2 origin : who sent the message? and3 privacy (only for unicast) : no one else except the sender is

privy to the contents of the message



Cryptography

Where does Cryptography come in?

1 Cryptography is a toolbox with sophisticated tools1 Cryptography provides some highly reliable assumptions

(strength of cryptographic primitives)2 and some cool strategies (cryptographic protocols)

2 We will use the assumptions and strategies to provide a solidbasis for securing interactions.



Cryptography

A Useful Perspective

1 Trust and Trust-Amplification

2 Assumptions = trust

3 Strategies = trust amplification

4 For example, trust in lock and key can be amplified to realizetrust in all contents of a home

5 Loosely speaking,1 assumption = integrity of key & lock = integrity of

cryptographic key and cryptographic primitive2 strategy = whatever we do to use the lock = cryptographic

protocols

6 The essence of cryptography: trust in a small amount ofdata (cryptographic key) can be amplified to realizetrust in an unlimited amount of data-items



Cryptography

Cryptography

1 Literal meaning: secret writing2 Modern cryptography is so much more. Deals with

1 construction of cryptographic primitives (tools),2 quantitative analysis of the strengths of cryptographic

primitives, and3 protocols to effectively utilize the tools1.

3 The tools/primitives are deterministic cryptographicalgorithms.

1 encryption/decryption algorithms (like DES, AES, RSA),2 hashing algorithms (like MD5SUM, SHA-1, SHA-2, SHA-3),

and3 digital signature algorithms (like DSA, RSA).

4 The tools serve as building blocks for constructingcryptographic protocols

1This is our main focusRamkumar CSE 4383/6383


Cryptography

Cryptographic Algorithms

1 Two broad categories:1 Symmetric: composed of repetitive simple operations on small

bit-strings — operations like bit-wise logical operations,addition, and rotation / permutation of bits.

2 Asymmetric: composed of modular addition and multiplicationoperations involving large numbers.

2 Symmetric algorithms traditionally used for encryption anddecryption: both encryption and decryption use the same key.

3 Asymmetric algorithms use two different keys — a private key,and a public key.

4 Hashing algorithms do not use secret keys; constructed verysimilar to symmetric algorithms



Cryptography

Scope of This Course

1 Symmetric Cryptography1 Symmetric encryption/decryption2 Hashing

2 Asymmetric Cryptography1 Encryption/Decryption2 Signatures

3 Key Distribution/Establishment

4 Identify types of Internet interactions to be secured

5 Interactions in different layers - MAC, Network, Transport,Application

6 Network security protocols

7 Some active security mechanisms not based on cryptography


cryptography and network securityweb.cse.msstate.edu/~ramkumar/cns-intro.pdf · what is security?...

Documents