1 / 27

UNIT – 6 PRIVACY AND SECURITY

UNIT – 6 PRIVACY AND SECURITY. Software Complexity. Contributing Factors .

aderyn
Download Presentation

UNIT – 6 PRIVACY AND SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNIT – 6PRIVACY AND SECURITY

  2. Software Complexity

  3. Contributing Factors Due to the inherent complexity of large software systems, such as those used for the internet, it is difficult to make them completely secure & error-free. By their very nature, they could have a no. of susceptible points. • Program Size : A browser may consists of as many as 75000 lines of source code. The latest browser may contain even more features, resulting in even larger programs. The executable file for a browser is usually on the order of 5 to 7 megabytes. It is very difficult to eliminate all errors in such an immense program.

  4. Continued.. • Software Interfaces : The need for browsers to interface with other software creates an even larger code base & more potential problems areas. • Market Forces : Products must often be hurried to market in order to maintain a competitive edge. It is often challenging to test all parts of them thoroughly before release. One reason why new versions of large software systems come out so frequently is that bugs are addressed in newer releases.

  5. Encryption Schemes

  6. Basic Conepts • An encryption scheme is a method of encoding information. • By using encryption scheme, a plain text can be converted into an encrypted version of same message. • The encrypted version is called ciphertext and the encryption scheme is called cipher.

  7. Concepts of Plaintext, Cipher, and Ciphertext Plaintext Cipher Ciphertext • l Zabxyabcegtum pa wclfp Buy 1,000 shares of IGCO now. ------------------------------------------------

  8. Continued.. • We can not make sense of ciphertext without knowing the cipher and the encryption key. • The goal of encryption schemes in most cases is to develop a scheme that allows information to be exchanged securely between two parties.

  9. Illustration of an Encrypted Message Sent from Sender to Receiver Plaintext private key spy intercepts ciphertext cipher text arrives Private key What does paqqmcxrtuwfoolrg mu mean? My bank account no. is 47 Processed by cipher A Paqmcxrtuwfoolrg mu n/w Send ciphertext Paqmcxrtuwfoolrg mu Decrypt B My bank account no. is 47 Plaintext

  10. Continued.. • In the above diagram sender A encrypts the plaintext message of “My bank account no. is 47” To a cipher text of “paqmcxrtuwfoolrg mu” • Sender A sends the ciphertext over the network to B. • While the message is being transmitted, a spy or hacker intercepts(obtains a copy of the message) it; the message is still transmitted to receiver B. • If the cipher sender A is using is secure, spy will have a difficult time understanding the message. • When B receives the message, he decrypts it, using the scheme he and party A had previously agreed to. • Party B then determines the plaintext of the ciphertext.

  11. Private Key Cryptography • In private key cryptography, both the sender & the receiver share the same private key. • Both the key & the encryption scheme is used to encrypt the plaintext & also to decrypt the ciphertext. • The key must be kept private(secure) to ensure the system security. • If a spy obtains the key, they too will likely be able to decrypt encoded message. • Private key cryptography provides confidentiality.

  12. Continued.. A simple example of private key cryptography: • Suppose party A wants to send a message: “meet me at the roadhouse at the noon urgent” to party B. • The Cipher that is used is: • Write down the characters of plaintext in rows. • Each row will contain the no. of characters equals to the private key’s value. • Here lets say the private key is 5. • So each row will contain 5 characters. • The ciphertext is then constructed by listing the characters in order in which they appear in the columns.

  13. Continued.. • By applying the cipher to the plaintext we obtains the following row-format of the message: meetm eatth eroad house atnoo nurge nt • Now by listing the characters column wise we can obtain the following ciphertext: “meehannearotutetounrttasogmhdeoe”

  14. Continued.. • When party B receives the ciphertext, it decrypts it using the private key, 5. • First, party B counts the no. of characters in the ciphertext, which in this case is 32. • Since there are 5 characters per row, based on the agreed-upon cipher and key. • Party B realizes that the message is 7 rows long– six full rows and one row containing 2 characters. • Party B writes down the message column wise. • And then read the text row-by-row, and obtains the following text: “meetmeattheroad house atnoonurgent” • Reading from left to right, party B is able to determine the original message. • If a spy knew the cipher and the private key, he or she could also decrypt the intercepted message.

  15. Public Key Cryptography • Public key cryptography is used to address one of the major security issue that is ‘problem of authentication’. • When party B receives a message, how can it be sure that party A sent it? That is, how can it be sure that the message is authentic. • In public key cryptographic systems, every person that intends to send a message has a private key. • In addition every person has a public key that matches up with their private key. • The private is used to encrypt messages, and those messages can only be decrypted using the matching public key. • As the name implies, public keys are not kept secret.

  16. Continued.. • Suppose party A sends B a message that it has encrypted using its private key. • When B receives the ciphertext, it tries to decrypt it using A’s public key, which is available to everyone. • If B is able to decrypt the message, it knows that it must have come from A. • Because A’s public key can only decrypt messages encrypted by her private key, and only A knows her private key. • Notice that if A’s message has been intercepted, anyone could have decrypt it by using her public key. • Privacy is not provided by public key cryptography, only authentication.

  17. Hashing Algorithms • Hashing algorithms are used to verify message integrity. • Suppose A sent B a message & it was intercepted. The person that intercepted the message might be able to alter its contents before passing it along. • A way to verify that the message received is the same as the message sent involves the use of hashing algorithms. • A hashing algorithm takes a plaintext message as input and then computes a value based on that message. • The length of the computed value is usually much shorter than the length of the original message.

  18. Continued.. • For example, we will define a very simple hashing algorithm. • Our hashing algorithm will multiply the no. of a’s, e’s, and h’s in the message and will then add the no. of o,s to this value. • Suppose the message is— “the combination to the safe is two, seven + thirty-five” • The hash or message digest of this message, using our simple hashing algorithm, is as follows: (2*6*3)+4 = 40 • The message digest or hash of the plain text is sent to B along with the ciphertext. • After B decrypts the message, he computes its hash using the agreed upon hashing algorithm. • If the hash value sent by A does not match with the hash value of decrypted message, B will know that the message has been altered.

  19. Secure Web Documents • If you notice a broken skeleton key or an unlocked padlock displayed in the lower-left corner of the browser window, you are looking at icons that indicate that this document is not secure. • Most documents on the web are not secure. • When the skeleton key is whole or the padlock is locked, you are looking at a secure document. • Secure documents require a secure server, which is a server that uses encryption schemes. • The URL for a secure document usually begins with https, rather than http, where the s means secure. • When a client requests a secure document, the server must first determine if they have the permission required to retrieve the document.

  20. Continued.. • The authentication process may require the use to submit a password. • The server and the client must agree on an encryption scheme, so that all the messages(including passwords) can be transmitted securely. • A high level of security can thus be achieved on the web, using the encryption schemes currently available. • As an example, if you are using a server that is not secure, and you enter a credit card no., it is possible that it could be intercepted. • If the credit card no. were not encrypted & the no. were intercepted, someone can steal & use the no.

  21. Digital Signature • In today’s electronic world, many confidential &important messages are sent via computer. • A digital signature is a mechanism that can be used to sign an electronic document officially. • Because digital signatures are difficult to forge, documents that contains these signatures can be considered authentic. • The details concerning how implemented are complex. They usually involve a combination of the encryption schemes. • Digital signatures provide a way of verifying both the sender of the information and the content of the message, ensuring that it has not been modified. • So, a digital signature is like an official seal on both a document & the envelope that protects the document from being altered.

  22. Example of Digital Signature Matched pair Private key1 Public key Ciphertext of hash Hash Public key encryption scheme Hashing algorithm wr 12 Plaintext Buy gold Alice Ciphertext Private key encryption scheme wr/axzmqtu Bob axzmqtu Message sent over network Private key 2

  23. Continued.. • Suppose Alice wants to send Bob a confidential message, “Buy gold”. • And Bob needs to know for sure that Alice sent the message and that it arrived unaltered. • A combination of three cryptographic schemes we have discussed can be used. • Alice computes the hash of her plaintext message, using a hashing algorithm she & Bob have chosen. • In this example, Alice obtains a value of 12. • She then uses her private key(key1) to her matching public key and an agreed upon public key cryptographic scheme to encrypt the hash of the plaintext, getting “wr”. • Alice then uses a different private key(key2) and an agreed upon private key cryptography scheme to encrypt the plain text. In this case she obtains “axzmqtu”.

  24. Continued.. • She sends Bob the following two items: • The private key encrypted ciphertext of plaintext(“axzmqtu”). • The public key encrypted hash of the plaintext(“wr”). • when Bob receives the message, he essentially needs to reverse the steps that Alice took. • He first splits the message into “axzmqtu” & “wr”. • Bob processes “axzmqtu” using the private key(key2) that he & Alice chose, & he comes up with the original plaintext ”Buy gold”. • Next he uses the hashing algorithm on “Buy gold” and obtains a value of 12. • Bob then uses Alice’s public key to decrypt the ciphertext of the hash “wr”. • He again obtains a value of 12. • Since the two hash values match (12 = 12), Bob can be sure that Alice sent the message & that it arrived intact.

  25. Firewalls • A firewall is a security mechanism used by organizations to protect their LAN’s from the internet. • A firewall keeps private resources confidential and minimizes security risks. • The idea is simply to restrict LAN access to trusted users. • A firewall controls network traffic, in both directions.

  26. Continued.. Following figure shows a sample firewall between a LAN & the internet: Connection to internet LAN Request permitted Trusted users Internet Request denied spy Firewall serves as a filter Restricted Area Unrestricted Area

  27. Continued.. • The users shown in the “restricted area” are trusted users. • Whereas the users in the “unrestricted area” are people who are not to be allowed into the LAN. • The amount of filtering a firewall provides varies. • For example, in one scenario, users in the restricted area may be able to send e-mail to anyone on the the internet, surf the Web, use remote login, and transfer files. • While users in the unrestricted area may not be allowed to do anything except send e-mail to people inside the firewall. • In another situation, using the same firewall, only e-mail might be permitted in either direction.

More Related