2. Outlines Discover System.Security.Cryptography(How To Ensure Secure Layer for our
Applications)
Understand Security Objectives (Security Requirements) , Security
Mechanism .
Explaining Security Requirements such as :
Confidentiality
Data Integrity
Availability
Authentications
None Repudiation .
Symmetric Encryption(Such as : AES) .
Asymmetric Encryption(Such as : RSA).
05 2 تشرين الثاني، 14
3. Course Outlines
Hash Functions(Such as , MD5 ,SHA-n)
Message Authentication ways.
Digital Signature ,What is it ? , Why do we need? , How is it used?
Entity Authentication (Such as : by Random Numbers !)
PKI
CA
…
05 3 تشرين الثاني، 14
4. Introduction
What is Security?
What is Information Security?
Why We Need to Information security ?
security requirements
Security Mechanisms
05 4 تشرين الثاني، 14
5. What is Security?
What is Security?
Protecting general assets
can be realized through:
Prevention
Detection
Reaction
Example : Private property
Prevention: locks at doors, window bars, walls around the property.
Detection: stolen items aren’t there any more, burglar alarms, CCTV, …
Reaction: call the police,…
05 5 تشرين الثاني، 14
6. What is Information Security ?
Information security
Protecting information and information resources such as:
books, faxes, computer data, voice communications, etc.
Information security
What needs to be protected ? , i.e., assets
Why (Security requirements which include CIA),
What we need to protect from (Threats, vulnerabilities, risks),
and how (Security measures) to protect it for as long as it exists
Security measures are implemented according to security policies
05 6 تشرين الثاني، 14
7. 7
What is Information Systems Security?
Information
Systems
Security (assets)
Measures
Attackers
Policies
8. security requirements
Most important security requirements are:
Confidentiality: keeping information secret from
all but those who are authorized to see it.
Integrity: ensuring information has not been
altered by unauthorized or unknown means.
Availability: keeping information accessible by
authorized users when required
05 8 تشرين الثاني، 14
10. security requirements
Other requirements:
Entity authentication: corroboration of the identity of an
entity (e.g., a person, a credit card)
Identification, identity verification
Message authentication: corroborating the source of
information; also known as data origin authentication.
Message authentication implicitly provides data integrity
Non-repudiation: preventing the denial of previous
commitments or actions
05 10 تشرين الثاني، 14
11. Security Mechanisms
Cryptography
Using Hashing (One Way Function) Functions For Data
Integrity
Using Random Numbers for Authentication
Using Digital Signature For None –Repudiation
05 11 تشرين الثاني، 14
16. Symmetric Cryptography
Example
Characteristics :
Using The Same Key , for Encryption and Decryption
Relatively small size of the key
Key must be kept secret
In a multiuser environment, there are heaters in the
process of key management
Relatively Fast.
Prefer to use for encrypting the massive information.
05 16 تشرين الثاني، 14
18. Asymmetric Cryptography
Alice wants to send a secret message m to Bob
Bob should have 2 keys: public KUb and private KRb
Prior to message encryption, Alice gets by some means an
authentic copy of Bob’s public key (i.e., the encryption
key)
05 18 تشرين الثاني، 14
20. Asymmetric Cryptography
Example
Characteristics :
Two keys are used.
The size of the keys is too large(over 1024 bit)
Does not need the public key to any confidential
Relatively Slow.
Preferably be used in data encryption small size
(asymmetric keys algorithms, such as AES Key)
05 20 تشرين الثاني، 14
23. Attacking RSA
RSA claims that 1024-bit keys are likely to
become crackable some time between 2006
and 2010 and that 2048-bit keys are
sufficient until 2030.
An RSA key length of 3072 bits should be
used if security is required beyond 2030.
05 23 تشرين الثاني، 14
24. One-Way Functions (OWF)
A one-way function is a function that is “easy” to compute
and “difficult” to reverse (Such as : MD5,SHA-n)
H(m) provides error-detection capability(Data Integrity)
Example.
05 24 تشرين الثاني، 14
25. Message Authentication
Message authentication is a procedure to verify that
received messages come from the pretended source
and have not been altered.
Also called data origin authentication
It provides integrity.
05 25 تشرين الثاني، 14
26. Message Authentication
Message Authentication Can be done by:
Message encryption:
Symmetric encryption: if the encryption/decryption key is not known to any other
party (except the sender and receiver)
Asymmetric encryption:
the sender should uses its private key to encrypt the message,
the sender’s public key is then used to decrypt the message.
This helps providing only authentication !
Hash code:
H(m||S), where S is secret key shared between the sender and receiver.
No encryption
05 تشرين الثاني، 14
26
28. Digital signature
The purpose of a digital signature is thus for an entity to bind
its identity to a message.
We use the term:
signer for an entity who creates a digital signature
verifier for an entity who receives a signed message and attempts to
check whether the digital signature is “correct” or not.
A digital signature on a message provides:
Message authentication : message’s origin is known + integrity
Non-repudiation
05 28 تشرين الثاني، 14