Security Services, attacks and mechanisms | CS 55500, Study notes of Cryptography and System Security

Material Type: Notes; Class: Cryptography; Subject: CS-Computer Sciences; University: Purdue University - Main Campus; Term: Fall 2005;

Typology: Study notes

Pre 2010

Uploaded on 07/30/2009

koofers-user-4tz
koofers-user-4tz 🇺🇸

7 documents

1 / 43

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cristina Nita-Rotaru Fall 2005/Lecture1 1
Cryptography CS 555
Lecture 1: Security services, attacks
and mechanisms
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b

Partial preview of the text

Download Security Services, attacks and mechanisms | CS 55500 and more Study notes Cryptography and System Security in PDF only on Docsity!

Cryptography CS 555

Lecture 1: Security services, attacks

and mechanisms

Course Information

  • Meetings
    • M&We 4:30-5:45 PM
  • Professor contact info:
    • Office: REC 217D/CS
    • Email: crisn@cs
    • Office hours: MW 4-4:30 & 5:45-6:30 PM in CS
  • TA: Jayesh Pandey
    • Office: MATH B
    • Office hours: Th 10 - 12
    • Email: jpandey@cs
  • Class webpage http://www.cs.purdue.edu/homes/crisn/courses/cs555_Fall_ 2005

Class Attendance

  • Undergrads are required to attend every

lecture (email me if you missed a lecture and

explain what is the reason)

  • Grads, you are not required to attend to class,

but if you miss a lecture it is your

responsibility to find out what happened, I am

not going to repeat what was done in class in

office hours

  • Please join the mailing list, I am not going to

repeat information that was sent to the

mailing list

Homework

  • Homework must by TYPED.
  • Homework is due and will be returned in class at 4:30. Bring the printed copy.
  • Every student has 3 extra days for all the written assignments pr projects that he can use. Email me and the TA with name and number of extra days used for an assignment. After using your 3 extra days, no late homework will be accepted.
  • You must work alone on the assignments.
  • CHEATING WILL NOT BE TOLERATED!

Course Overview (1)

  • Concepts and principles of cryptography: security services, attacks and mechanisms.
  • Classical cryptographic systems: shift cipher, Vigenere and Vernam ciphers, Jefferson wheel cipher and the Enigma machine.
  • Block ciphers: DES, Blowfish, RC5, IDEA, AES.
  • Stream ciphers: SEAL, RC4. CS

Course Overview (2)

  • Public-key encryption: RSA, ElGamal, Rabin. Probabilistic cryptosystems: Goldwasser-Micali.
  • Data integrity: hash functions, MD5, SHA1, HMAC.
  • Digital signatures: RSA, ElGamal, DSA, Schnorr.
  • Authentication protocols, data and entity authentication. One time passwords, Lamport's scheme, challenge-response schemes, Kerberos. CS

Reference Material

  • Textbooks
    • D. R. Stinson, Cryptography (Theory and Practice), Second Edition, CRC Press 2002.
    • W. Stallings, Cryptography and Network Security, Principles and Practice, Third Edition, Prentice Hall, 2002.
  • Recommended reading
    • Handbook of Applied Cryptography (HAC) Menezes, Oorschot, Vanstone, CRC Press (http://www.cacr.math.uwaterloo.ca/hac/)
    • Cryptanalysis of Number Theoretic Ciphers. S. S., Wafstaff, Jr, CRC Press

Academic Integrity

  • Purdue University Academic Integrity:

http://www.purdue.edu/ODOS/administra

tion/integrity.htm

  • Class policy

http://www.cerias.purdue.edu/homes/spa

f/cpolicy.html

Lecture Outline

  • Security services.
  • Security attacks.
  • Security mechanisms.
  • Terminology.
  • Attacks of ciphers and

cryptographic

protocols.

Recommended Reading

  • Stallings: Chapter 1
  • HAC: Chapter 1
  • Wagstaff: Chapter 1

Information Security

NETWORK

SECURITY

COMPUTER

SECURITY

INFORMATION

SECURITY

What is Security?

  • Security means different things for different

protocols or applications: security goals

  • An attacker can do many things: attacker model
  • How to achieve security: security mechanisms to

achieve the goals

  • How do you know that indeed the system is

secure? Show that under the considered attack

model, security goals are achieved

Security Services

  • 1) Confidentiality: information is available for reading only to authorized parties. Example: Alice sends a message to Bob, only Alice and Bob can understand the content of the message.
  • 2) Authentication:
    • Data source authentication: the data is coming from an authorized party. Example: Alice receives a message from Bob. This service ensures that the message is from Bob and not from Carl.
    • Entity authentication: the entity is who it says it is. Example: When Alice tries to obtain access to her bank account, an authentication operation is performed to ensure that Alice asks for the information.

Security Services (2)

  • 3) Integrity: detect if data was modified, from the source to the destination. Example: Alice sends an email to Bob. Carl intercepts the message and modifies it. Data integrity allows for Bob to detect that the message was modified on the way from Alice to him.
  • 4) Non-repudiation: neither the sender, nor the receiver of a message are able to deny the transmission. Example: Alice sends Bob a contract, signed. The non- repudiation service ensures that Alice can not claim that the signature was produced by somebody else.