南京大学：《网络安全与入侵检测 Network Security and Intrusion Detection》课程教学资源（课件讲稿）03 Symmetric Key Cryptography

Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University

Symmetric Key Cryptography Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University

Basic Terms Threat,vulnerability,attack,and intrusion Threat:attackers,angry employees,etc. Vulnerability:weakness of a system Attack:actions to make harm to a system by modifying the system,reading information from the system,or stopping the system from serving its legitimate users -Passive attacks:read information in a system ●e.g,Eavesdropping -Active attacks:modify a system e.g.,message modification,insertion,deletion,replay Intrusion:successfully modifying a system or reading information from the system 2

2 Basic Terms  Threat, vulnerability, attack, and intrusion  Threat: attackers, angry employees, etc.  Vulnerability: weakness of a system  Attack: actions to make harm to a system by modifying the system, reading information from the system, or stopping the system from serving its legitimate users ─ Passive attacks: read information in a system ● e.g., Eavesdropping ─ Active attacks: modify a system ● e.g., message modification, insertion, deletion, replay  Intrusion: successfully modifying a system or reading information from the system

Seven Security Properties Authentication ■ Confidentiality ■Integrity ·Non-repudiation Authorization ■Freshness Availability 3

3 Seven Security Properties  Authentication  Confidentiality  Integrity  Non-repudiation  Authorization  Freshness  Availability

Security Property 1:Authentication Authentication(authenticity) -Verify an identity claimed to be -Mechanisms: ·Something the user is -e.g.,fingerprint or retinal pattern,DNA sequence,unique bio-electric signals produced by the living body,or other biometric identifier Something the user has -e.g.,ID card,security token,software token or cell phone Something the user knows -e.g.,a password,a pass phrase or a personal identification number(PIN) Something the user does -e.g.,voice recognition,signature,or gait 4

4 Security Property 1: Authentication  Authentication (authenticity) ─ Verify an identity claimed to be ─ Mechanisms: ● Something the user is – e.g., fingerprint or retinal pattern, DNA sequence, unique bio-electric signals produced by the living body, or other biometric identifier ● Something the user has – e.g., ID card, security token, software token or cell phone ● Something the user knows – e.g., a password, a pass phrase or a personal identification number (PIN) ● Something the user does – e.g., voice recognition, signature, or gait

Security Property 2:Confidentiality Confidentiality (secrecy) -Protect information from leaking. Two types: Message content confidentiality Message header confidentiality:who talks to whom is secret. -Mechanisms ●Encryption ●Traffic padding 5

5 Security Property 2: Confidentiality  Confidentiality (secrecy) ─ Protect information from leaking. ─ Two types: ● Message content confidentiality ● Message header confidentiality: who talks to whom is secret. ─ Mechanisms ● Encryption ● Traffic padding

Security Property 3:Integrity Integrity -Protect system/data from being modified. -System integrity Prevent modification to system e.g.,communication system:message modification,insertion,deletion,and replay (integrity of communication channels) -Data integrity Prevent modification to data e.g.,communication system:message modification -Mechanisms: ●Message Digest 6

6 Security Property 3: Integrity  Integrity ─ Protect system/data from being modified. ─ System integrity ● Prevent modification to system – e.g., communication system: message modification, insertion, deletion, and replay (integrity of communication channels) ─ Data integrity ● Prevent modification to data – e.g., communication system: message modification ─ Mechanisms: ● Message Digest

Security Property 4:Non-repudiation Non-repudiation -Prevent someone from denying their action. .E.g.,creating a message. -Mechanisms: ●Message Digest 7

7 Security Property 4: Non-repudiation  Non-repudiation ─ Prevent someone from denying their action. ● E.g., creating a message. ─ Mechanisms: ● Message Digest

Security Property 5:Authorization Authorization -Give someone permission to do something(such as access a resource) and enforce that they don't do anything beyond their permission -Mechanisms: ●Access Control 8

8 Security Property 5: Authorization  Authorization ─ Give someone permission to do something (such as access a resource) and enforce that they don’t do anything beyond their permission ─ Mechanisms: ● Access Control

Security Property 6:Freshness Freshness -Verify that message is recent,is not replayed -e.g.,a check becomes invalid if not cashed within 6 months The expired check still has integrity,but not freshness -Mechanisms ●Nonce ●Expiration time 9

9 Security Property 6: Freshness  Freshness ─ Verify that message is recent, is not replayed ─ e.g., a check becomes invalid if not cashed within 6 months ● The expired check still has integrity, but not freshness. ─ Mechanisms ● Nonce ● Expiration time

Security Property 7:Availability Availability: -Keep service available to legitimate users -Deny of Service attacks 10

10 Security Property 7: Availability  Availability: ─ Keep service available to legitimate users ─ Deny of Service attacks