Data Security

LECTURE 2
Security Services
1. Data Confidentiality
Data confidentiality is designed to protect data from disclosure attack
and also protection against traffic analysis.

2. Data Integrity
Data integrity is designed to protect data from modification, insertion,
deletion, and replaying by an adversary. It may protect the whole
message or part of the message.


Security Services

3. Authentication
This service provides the authentication of the party at the other end of the line
(sender or receiver).

4. Nonrepudiation
Nonrepudiation service protects against repudiation by either the sender or the
receiver of the data. The sender of data can later prove that data were delivered to
the intended recipient.

5. Access Control
Access control provides protection against unauthorized access to data.
Security Mechanisms
Encipherment
Encipherment, hiding or covering data, can provide confidentiality , cryptography
and steganography are used for enciphering.

Data Integrity
The data integrity mechanism appends to the data a short check value that has been
created by a specific process from the data itself.

Digital Signature
A digital signature is a means by which the sender can electronically sign the data
and the receiver can electronically verify the signature.
Security Mechanisms
Authentication Exchange
In authentication exchange, two entities exchange some messages to prove their identity to
each other.

Traffic Padding
Traffic padding means inserting some bogus data into the data traffic to thwart the
adversary’s attempt to use the traffic analysis.

Routing Control
Routing control means selecting and continuously changing different available routes
between the sender and the receiver to prevent the opponent from eavesdropping on a
particular route.
Security Mechanisms

Notarization
Notarization means selecting a third trusted party to control the communication
between two entities. This can be done, for example, to prevent repudiation.

Access Control
Access control uses methods to prove that a user has access right to the data or
resources owned by a system. Examples of proofs are passwords and PINs.
Cryptography

 Cryptography is the science of using mathematics to encrypt and

decrypt data. Cryptography enables storing sensitive information or
transmit it across insecure networks .

 The roots of cryptography are found in Roman and Egyptian

civilizations.
Cryptography
The most common Traditional Cryptographic Technique:
• Hieroglyph − The Oldest Cryptographic Technique
The first known evidence of cryptography can be traced to the use of ‘hieroglyph’.
Some 4000 years ago, the Egyptians used to communicate by messages written in
hieroglyph.

• Later, the scholars moved on to using simple mono-alphabetic

substitution ciphers during 500 to 600 BC. This involved
replacing alphabets of message with other alphabets with some
secret rule.
Cryptography

• Caesar Shift Cipher

The earlier Roman method of cryptography,
relies on shifting the letters of a message by an
agreed number (three was a common choice.

• Steganography
 In this method, people not only want to
protect the secrecy of an information by
concealing it, but they also want to make
sure any unauthorized person gets no
evidence that the information even exists
 Cryptography
• Improved coding techniques such as Vigenere Coding
came into existence in the 15th century, which offered
moving letters in the message with a number of variable
places instead of moving them the same number of places.

• In the early 20th century, the invention of mechanical and

electromechanical machines, such as the Enigma rotor
machine, provided more advanced and efficient means of
coding the information.

• During the period of World War II, both cryptography and

cryptanalysis became excessively mathematical.
Cryptanalysis

 The design of the new cryptographic techniques to test their security strengths.
 It involves the study of cryptographic mechanism with the intention to break
them.

 A cryptographic algorithm, or cipher, is a mathematical function used in the

encryption and decryption process.
Cryptosystem Model
Cryptographic Systems

The type of
operations used for The number of keys The way in which the
transforming plaintext used plaintext is processed
to ciphertext

Symmetric, single-
key, secret-key,
Substitution Block cipher
conventional
encryption

Asymmetric, two-
Transposition key, or public-key Stream cipher
encryption
Cryptosystems

 In symmetric encryption, there is only one key, and all

communicating parties use the same (secret) key for both
encryption and decryption.
 In asymmetric, or public key, encryption, there are two keys:
one key is used for encryption, and a different key is used for
decryption. The decryption key is kept private ,while the
encryption key is shared publicly, for anyone to use (hence
the "public key" name).
Symmetric Cryptosystem
Symmetric Cryptosystem
 The salient features of cryptosystem based on symmetric key encryption are :
• Persons using symmetric key encryption must share a common key prior to exchange
of information.
• Keys are recommended to be changed regularly to prevent any attack on the system.
• A robust mechanism needs to exist to exchange the key between the communicating
parties. As keys are required to be changed regularly.
• In a group of n people, to enable two-party communication between any two persons,
the number of keys required for group is n × (n – 1)/2.
• Length of Key (number of bits) in this encryption is smaller and hence, process of
encryption-decryption is faster than asymmetric key encryption.
• Processing power of computer system required to run symmetric algorithm is less.
Symmetric Cryptosystem

 There are two restrictive challenges of employing symmetric key

cryptography.
• Key establishment − Before any communication, both the sender and the
receiver need to agree on a secret symmetric key. It requires a secure key
establishment mechanism in place.
• Trust Issue − Since the sender and the receiver use the same symmetric
key, there is an implicit requirement that the sender and the receiver ‘trust’
each other. For example, it may happen that the receiver has lost the key
to an attacker and the sender is not informed.
Asymmetric Cryptosystem
Asymmetric Cryptosystem
 The salient features Asymmetric of encryption scheme are as follows:
• Every user in this system needs to have a pair of dissimilar keys, private key
and public key. These keys are mathematically related.
• It requires to put the public key in public repository and the private key as a
well-guarded secret. Hence, this scheme of encryption is also called Public Key
Encryption.
• Though public and private keys of the user are related, it is computationally not
feasible to find one from another.
• Length of Keys (number of bits) in this encryption is large and hence, the
process of encryption-decryption is slower than symmetric key encryption.
• Processing power of computer system required to run asymmetric algorithm is
higher.
Asymmetric Cryptosystem
 Public-key cryptosystems have one significant challenge:

 The user needs to trust that the public key that he is using in communications
with a person really is the public key of that person and has not been spoofed by a
malicious third party.

 This is usually accomplished through a Public Key Infrastructure (PKI)

consisting a trusted third party. The third party securely manages and attests to the
authenticity of public keys. The most common method of making the verified
public keys available is to embed them in a certificate which is digitally signed by
the trusted third party.
Cryptographic Attack
• Ciphertext Only Attacks (COA) − In this method, the attacker has access to a set of
ciphertext(s). He does not have access to corresponding plaintext. COA is said to be
successful when the corresponding plaintext can be determined from a given set of
ciphertext.
• Known Plaintext Attack (KPA) − In this method, the attacker knows the plaintext for
some parts of the ciphertext. The task is to decrypt the rest of the ciphertext using this
information.
• Chosen Plaintext Attack (CPA) − In this method, the attacker has the text of his
choice encrypted. So he has the ciphertext-plaintext pair of his choice. This simplifies
his task of determining the encryption key.
• Dictionary Attack − In simplest method of this attack, attacker builds a dictionary of ciphertexts and
corresponding plaintexts that he has learnt over a period of time.
• Brute Force Attack (BFA) − In this method, the attacker tries to determine the key by attempting all
possible keys. If the key is 8 bits long, then the number of possible keys is 28 = 256.
Cryptographic Attack
• Birthday Attack − It is used against the cryptographic hash function. If the attacker is able to
find two different inputs that give the same hash value, it is a collision and that hash function is
said to be broken.
• Man in Middle Attack (MIM) − The targets of this attack are mostly public key cryptosystems
where key exchange is involved before communication takes place.
• Side Channel Attack (SCA) − It is launched to exploit the weakness in physical
implementation of the cryptosystem.
• Timing Attacks − They exploit the fact that different computations take different times to
compute on processor. By measuring such timings, it is be possible to know about a particular
computation the processor is carrying out.
• Power Analysis Attacks − These attacks are similar to timing attacks except that the amount of
power consumption is used to obtain information about the nature of the underlying
computations.
• Fault analysis Attacks − In these attacks, errors are induced in the cryptosystem and the
attacker studies the resulting output for useful information.