Cryptography & Network Security Introduction

1 Cryptography & Network SecurityIntroductionCRIntroductionCheste r RebeiroIIT MadrasThe Connected WorldCR2 Information StorageCR3 Increased Security BreachesCR81% more in 2015 Threats(why difficult to prevent?)Networks / Communication linksHardwareSystem Software CRAttackers need to target the weakest link in the chainPeripheralsSystem Software (Operating Systems / Hypervisor)Applications5 Security Studies (Research)(an ocean)Networks / Communication linksHardwareSystem Software Network SecurityHardware SecuritySystem SecurityCRPeripheralsSystem Software (Operating Systems / Hypervisor)

2 ApplicationsSystem SecurityOS SecurityCloud SecurityWeb SecurityDBMS SecurityEmbedded SecurityCryptography6 Cryptography A crucial component in all Security systems Fundamental component to achieve ConfidentialityCRAllows only authorized users access to data7 Cryptography (its use) A crucial component in all Security systems Fundamental component to achieve Confidentiality Data IntegrityCR Data IntegrityCryptography can be used to ensure that only authorized users can make modifications(for instance to a bank account number)8 Cryptography (its use) A crucial component in all Security systems Fundamental component to achieve Confidentiality Data IntegrityCR Data Integrity AuthenticationCryptography helps prove identities9 Cryptography (its use)

3 A crucial component in all Security systems Fundamental component to achieve Confidentiality Data IntegrityI did notsend thatCR Data Integrity Authentication Non-repudiationThe sender of a message cannot claim that she did not send itsend that10 Scheme for ConfidentialityAliceBobmessageAttack at Dawn!!untrusted communication linkCRAttack at Dawn!!MalloryProblem : Alice wants to send a messageto Bob (and only to Bob) through an untrusted communication link11 EncryptionAliceBobmessageuntrusted communication linkEDKEKD Attack at Dawn!

4 ! encryptiondecryption#%AR3Xf34^$(cipherte xt)CRmessage Attack at Dawn!! MallorySecrets Only Alice knows the encryption key KE Only Bob knows the decryption key KDOnly sees ciphertext. cannot get the plaintext messagebecause she does not know the keys12 Encryption AlgorithmsAliceBobuntrusted communication linkEDKEKD Attack at Dawn!! encryptiondecryption#%AR3Xf34($(cipherte xt)CR Should be easy to computefor Alice / Bob (who know the key) Should be difficult to compute for Mallory (who does not know the key) What is difficult ?)

5 Ideal case : Prove that the probability of Mallory determining the encryption / decryption key is no better than a random guess Computationally : Show that it is difficultfor Mallory to determine the keys even if she has massive computational power13 Algorithmic Attacks Can Mallory use tricks to break the algorithmCR There by reducing the difficulty of getting the KeysAliceBobuntrusted communication linkEDKEKD Attack at Dawn!! encryptiondecryption#%AR3Xf34($(cipherte xt)CR How are keys managed How does Alice & Bob select the keys?)

6 Need algorithms for key exchange 15 Ciphers Symmetric Algorithms Encryption and Decryption use the same key KE= KD Examples: Block Ciphers : DES, AES, PRESENT, etc. Stream Ciphers : A5, Grain, Stream Ciphers : A5, Grain, etc. Asymmetric Algorithms Encryption and Decryption keys are different KE KD Examples: RSA ECC16 Cipher ImplementationsCryptography is always an overhead !! For Security , the algorithms need to be computation Often require large numbers, complex mathematical operations. Design Challenges: Performance, Size, Power.

7 Algorithms to achieve this17 Encryption DevicesAliceBobmessageuntrusted communication linkEDKEKD Attack at Dawn!! encryptiondecryption#%AR3Xf34($(cipherte xt)CRmessage Attack at Dawn!! MallorySide ChannelsEg. Power consumption / radiationof device, execution time, information about the keys by monitoringSide channels of the device18 Side Channel AnalysisAlicemessageE00111encryptionCR19 Radiation from Device0111 Secret information01message Attack at Dawn!! Ciphers Design ChallengesWe want crypto algorithms to be fast and smallTradeoffs between Security , Speed, Side-Channel Attacks CRFor Security , the algorithms are computationally intensive.)

8 Typically use large numbers, complex operationsNeed to protect against side channel Study Mathematics + Engineering MathematicsElectrical Hot Research Trendslight weight cryptographypost-quantum cryptographyefficient implementationscryptanalysisprivacy enhancing securityCR22light weight cryptographypost-quantum cryptographyLeakage resilient cryptographyside channel analysiscloud securityhomomorphic encryptionThe Plan Ahead How are ciphers designed? Ideal Security vs Computational Security Block ciphers / Stream ciphers Asymmetric key ciphers Trade offs between Security and implementationCR Trade offs between Security and implementation Attacks Algorithmic / Side Channel Analysis Applications How are they used to achieve confidentiality, integrity, authentication, non-repudiation Case Studies Network Security aspects, Bitcoins23 Course Structure Classical Cryptography Shannon s Theory Block Ciphers DES, AES.

9 Their implementations and their attacks Stream CiphersCRStream Ciphers Digital Signatures and Authentication Hash functions Public key ciphers RSA, implementations, and attacks Side channel analysis Network Security aspects Case Studies : Bitcoins24 Expected Learning Outcomes What you would learn by the end of the course Distinguish between cipher algorithms- Where to use what algorithm? Evaluate ciphers and their implementations for securityCR25 Evaluate ciphers and their implementations for Security - Mathematical cryptanalysis of some algorithms- Side channel based attacks on cipher implementations Apply algorithms to solve Security problems in networks and real-world systemsBooks / ReferencesTextbooks(STINSON)''Cryptograp hy: Theory and Practice", Third Edition, by Douglas R.

10 Stinson, CRC Press, Taylor and Francis GroupReferencesCR26 References(STALLINGS) '' Cryptography and Network Security : Principles and Practices'', Sixth Edition, by William Stallings(HANDBOOK)''Handbook of Applied Cryptography '', Fifth Printing, by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, CRC Press(HARDSEC)''Hardware Security : Design, Threats, and Safeguards", by Debdeep Mukhopadhyay and Rajat Subhra Chakraborty, CRC Press, Taylor and Francis GroupGrading Quiz 1 : 20% Quiz 2 : 20% End semester : 40% Assignments : 20%CR Assignments : 20% Surprise tests / Tutorials / Programming assignments / minute papers / Google groups / Study vs Attending Classes Same tutorials / assignments / quizzes / etc.