Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Basic Terms Threat,vulnerability,attack,and intrusion Threat:attackers,angry employees,etc. Vulnerability:weakness of a system Attack:actions to make harm to a system by modifying the system,reading information from the system,or stopping the system from serving its legitimate users -Passive attacks:read information in a system ●e.g,Eavesdropping -Active attacks:modify a system e.g.,message modification,insertion,deletion,replay Intrusion:successfully modifying a system or reading information from the system 2
2 Basic Terms Threat, vulnerability, attack, and intrusion Threat: attackers, angry employees, etc. Vulnerability: weakness of a system Attack: actions to make harm to a system by modifying the system, reading information from the system, or stopping the system from serving its legitimate users ─ Passive attacks: read information in a system ● e.g., Eavesdropping ─ Active attacks: modify a system ● e.g., message modification, insertion, deletion, replay Intrusion: successfully modifying a system or reading information from the system
Seven Security Properties Authentication ■ Confidentiality ■Integrity ·Non-repudiation Authorization ■Freshness Availability 3
3 Seven Security Properties Authentication Confidentiality Integrity Non-repudiation Authorization Freshness Availability
Security Property 1:Authentication Authentication(authenticity) -Verify an identity claimed to be -Mechanisms: ·Something the user is -e.g.,fingerprint or retinal pattern,DNA sequence,unique bio-electric signals produced by the living body,or other biometric identifier Something the user has -e.g.,ID card,security token,software token or cell phone Something the user knows -e.g.,a password,a pass phrase or a personal identification number(PIN) Something the user does -e.g.,voice recognition,signature,or gait 4
4 Security Property 1: Authentication Authentication (authenticity) ─ Verify an identity claimed to be ─ Mechanisms: ● Something the user is – e.g., fingerprint or retinal pattern, DNA sequence, unique bio-electric signals produced by the living body, or other biometric identifier ● Something the user has – e.g., ID card, security token, software token or cell phone ● Something the user knows – e.g., a password, a pass phrase or a personal identification number (PIN) ● Something the user does – e.g., voice recognition, signature, or gait
Security Property 2:Confidentiality Confidentiality (secrecy) -Protect information from leaking. Two types: Message content confidentiality Message header confidentiality:who talks to whom is secret. -Mechanisms ●Encryption ●Traffic padding 5
5 Security Property 2: Confidentiality Confidentiality (secrecy) ─ Protect information from leaking. ─ Two types: ● Message content confidentiality ● Message header confidentiality: who talks to whom is secret. ─ Mechanisms ● Encryption ● Traffic padding