NETWORK SECURITY

1012021:- Chiranjeev Shah

1012025:- Dhaval Bhatia

1012027:- Dipesh Ingawle

Introduction to Cryptography

Cryptography is a word from Greek where crpyto means "hidden, secret"; and graphy means "writing" or "study“ . It is the practice and study of techniques for secure communication in the presence of third parties .

More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality, data integrity and authentication.

Applications of Cryptography

Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

German Lorenz cipher machine, used inWorld War II to encrypt very-high-level general staff messages

Cryptography components

ALICE , BOB and EVE

In cryptography, it is customary to use three Characters in an information exchange.

ALICE:- who Needs to send the DATA.

BOB:- recipient of the DATA

EVE:- person who somehow disturbs the communication between Alice and Bob

Categories of cryptography

Symmetric-key cryptography

In symmetric-key cryptography, the In symmetric-key cryptography, the same key is used by the sendersame key is used by the sender

(for encryption) (for encryption) and the receiver (for decryption).and the receiver (for decryption).

The key is shared.The key is shared.

Asymmetric-key cryptography

Keys used in cryptography

Comparison between two categories of cryptography

SECURITY SERVICESSECURITY SERVICES

Network security can provide five services. Four of these Network security can provide five services. Four of these services are related to the message exchanged using the services are related to the message exchanged using the network. The fifth service provides entity authentication network. The fifth service provides entity authentication or identification.or identification.

Message ConfidentialityMessage ConfidentialityMessage IntegrityMessage Integrity

Message AuthenticationMessage AuthenticationMessage NonrepudiationMessage Nonrepudiation

Entity AuthenticationEntity Authentication

Message Confidentiality

The concept of how to achieve message confidentiality or privacy The concept of how to achieve message confidentiality or privacy has not changed for thousands of years. The message must be has not changed for thousands of years. The message must be encrypted at the sender site and decrypted at the receiver site. encrypted at the sender site and decrypted at the receiver site. This can be done using either symmetric-key cryptography or This can be done using either symmetric-key cryptography or asymmetric-key cryptography. asymmetric-key cryptography.

Message confidentiality using symmetric keys in two directions

Message confidentiality using asymmetric keys

MESSAGE INTEGRITYMESSAGE INTEGRITY

Encryption and decryption provide secrecy, or confidentiality, Encryption and decryption provide secrecy, or confidentiality, but not integrity. However, on occasion we may not even need but not integrity. However, on occasion we may not even need secrecy, but instead must have integrity. secrecy, but instead must have integrity.

To preserve the integrity of a document,To preserve the integrity of a document,both the document and the fingerprint are both the document and the fingerprint are

needed.needed.

Message and message digest

The message digest needs to be kept secret.The message digest needs to be kept secret.

MESSAGE AUTHENTICATIONMESSAGE AUTHENTICATION

A hash function per se cannot provide authentication. The A hash function per se cannot provide authentication. The digest created by a hash function can detect any modification digest created by a hash function can detect any modification in the message, but not authentication. in the message, but not authentication.

DIGITAL SIGNATUREDIGITAL SIGNATURE

When Alice sends a message to Bob, Bob needs to check the When Alice sends a message to Bob, Bob needs to check the authenticity of the sender; he needs to be sure that the authenticity of the sender; he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. In other words, an electronic sign the message electronically. In other words, an electronic signature can prove the authenticity of Alice as the sender of signature can prove the authenticity of Alice as the sender of the message. We refer to this type of signature as a digital the message. We refer to this type of signature as a digital signature.signature.

A digital signature needs a public-key system.A digital signature needs a public-key system.

ENTITY AUTHENTICATIONENTITY AUTHENTICATION

Entity authentication is a technique designed Entity authentication is a technique designed to let one party prove the identity of another to let one party prove the identity of another party. An entity can be a person, a process, a party. An entity can be a person, a process, a client, or a server. The entity whose identity client, or a server. The entity whose identity needs to be proved is called the claimant; needs to be proved is called the claimant; the party that tries to prove the identity of the party that tries to prove the identity of the claimant is called the verifier. the claimant is called the verifier.

In challenge-response authentication,the claimant proves that she knows a secret

without revealing it.

KEY MANAGEMENTKEY MANAGEMENT

We never discussed how secret keys in We never discussed how secret keys in symmetric-key cryptography and how public symmetric-key cryptography and how public keys in asymmetric-key cryptography are keys in asymmetric-key cryptography are distributed and maintained. In this section, distributed and maintained. In this section, we touch on these two issues. We first we touch on these two issues. We first discuss the distribution of symmetric keys; discuss the distribution of symmetric keys; we then discuss the distribution of we then discuss the distribution of asymmetric keys.asymmetric keys.

A session symmetric key between two parties is A session symmetric key between two parties is used only once.used only once.

Thank You

K. J. SOMAIYA COLLEGE OF ENGINEERINGElectronics Engineering