Fundamentals of SecuritySlide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Cryptography DefinitionEncryption ModelCryptography ClassificationEncryption techniques: Caesar CipherSlide 19Encryption techniques: Mono-alphabetic CipherSlide 21Encryption techniques: Hill CipherSlide 23Slide 24Block Cipher Modes of OperationsElectronic Code Mode (ECB)Cipher Block Chaining Mode (CBC)Cipher Block Chaining Mode (CBC) (continue)Output Feedback Mode (OFB)Output Feedback Mode (OFB)-EncryptionOutput Feedback Mode (OFB)-DecryptionCipher Feedback Mode (CFB)Cipher Feedback Mode (OFB)-EncryptionCipher Feedback Mode (OFB)-DecryptionCounter Mode (CTR)Counter Mode (CTR) (continue)Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Slide 72Slide 73Slide 74Slide 75Slide 76Slide 77Slide 78Slide 79Slide 80Slide 81Slide 82Slide 83Slide 84Slide 85Slide 86Slide 87Slide 88Slide 89Slide 90Slide 91Slide 92Slide 93Slide 94Slide 95Slide 96Slide 97Slide 98Slide 99Slide 100IPv4-Transport ModeIPv6-Transport ModeSlide 103Slide 104Slide 105Slide 106IPv4-Tunnel ModeIPv6-Tunnel ModeSlide 109Slide 110Slide 111Slide 112Slide 113Slide 114Slide 115IKEv2IKEv2-IKE_SA-Phase 1IKEv2-IKE_SA_INIT (Phase 1)IKEv2-IKE_AUTH (Phase 1)IKEv2-CREATE_CHILD_SA (Phase 2)IKE_SA-Generating Keying MaterialIKE_SA-Generating Keying Material (continue)Slide 123CHILD_SA-Generating Keying MaterialIKE Header FormatAuthentication of IKE_SAIKEv2- Authentication with EAPIKEv2-Rekeying using CREATE_CHILD_SAIKEv2- Requesting an Internal Address on Remote NetworkCryptography And Network Security William Stallings01/14/19 Mohamed Khalil, Ph.D. 1Fundamentals of Security01/14/19 Mohamed Khalil, Ph.D. 2Security AttacksPassive Attacks Active Attacks01/14/19 Mohamed Khalil, Ph.D. 3Passive AttacksInterception (confidentiality)01/14/19 Mohamed Khalil, Ph.D. 4InterceptionRelease Of Message ContentsTraffic Analysis• learn sensitive information•Determine the identity and location of the host01/14/19 Mohamed Khalil, Ph.D. 5Active AttacksInterruption(availability)Modification(integrity)Fabrication(authenticity)01/14/19 Mohamed Khalil, Ph.D. 6Modification (integrity) Modify the contents of the message or a file. It is an attack on integrity01/14/19 Mohamed Khalil, Ph.D. 7Interruption (availability) Try to break the system to make out of service. It is an attack on Availability.01/14/19 Mohamed Khalil, Ph.D. 8Fabrication (Authenticity) Insert messages to system or object to files. Try to fool the system. It is attack on authenticity.01/14/19 Mohamed Khalil, Ph.D. 9Security ServiceConfidentialityAuthentication IntegrityNonrepudiation Aviliability01/14/19 Mohamed Khalil, Ph.D. 10ConfidentialityIs the protection of transmission from passive attacks444-21-8888 444-21-8888***-**-****01/14/19 Mohamed Khalil, Ph.D. 11AuthenticationThe authentication service assures that the recipient receive information from reliable source.I am friendOk-let us talk01/14/19 Mohamed Khalil, Ph.D. 12Integrity Buy 1000 stocksBuy 1000 stocks,Buy 1000 stocksBroker He/She Make sure that the message is received as it is sent without modification, duplication, insertion, reordering,or reply.01/14/19 Mohamed Khalil, Ph.D. 13Nonrepudiation I am John, buy 1000 stocksYou are not john, I can’t do that. Broker He/She Nonrepudiation prevents either sender or receiver from denying a transaction.01/14/19 Mohamed Khalil, Ph.D. 14AvailabilityProtect against Denial Of Service attacks.01/14/19 Mohamed Khalil, Ph.D. 15Cryptography Definition•A process associated with scrambling plaintext (ordinary text, or clear text) into cipher text (a process called encryption), then back again (known as decryption). Cryptography concerns itself with four objectives:1. Confidentiality (the information cannot be understood by anyone for whom it was unintended)2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected).3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information).4. Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.01/14/19 Mohamed Khalil, Ph.D. 16Encryption ModelPlainTextEncryption AlgorithmDecryption AlgorithmPlainTextcryptanalystXX’K’XYKeySecure ChannelCipherText01/14/19 Mohamed Khalil, Ph.D. 17Cryptography Classification Cryptographic systems are generally classified along three independent dimensions:•The type of operation used for transforming plaintext to ciphertext:: all encryption algorithms are based on two general principles:1. Substitution: in which each element in the plain text (bit, letter, group of bits or letters) is mapped into another elements.2. Transposition: in which elements in the plaintext are rearranged.The fundamental requirements that all operations must be reversible. Most system involves multiple stages of substitution and transposition. •The number of keys used: 1. Symmetric: If both sender and receiver use the same key, the system referred to be symmetric, single-key, secret-key, or conventional encryption. 2. Asymmetric: if both sender and receiver each uses a different key, the system is referred to be as asymmetric, two-key, or public-key encryption.•The way in which the plaintext is processed: 1. Block ciphering: processes the input one block of elements at a time, producing an output block for each input block.2. Stream ciphering: processes the input elements continuously, producing output one elements at a time.01/14/19 Mohamed Khalil, Ph.D. 18Encryption techniques: Caesar CipherSubstitution cipher:Plain: meet me after the partyCipher: PHHW PH DIWHU WKH SDUMBC = E(p) = (p+3) % 26p = D(C) = (C-3) % 2601/14/19 Mohamed Khalil, Ph.D. 19Encryption techniques: Caesar CipherCryptanalysis :p = D(C) = (C-i) % 26Try all the different 25 keys.01/14/19 Mohamed Khalil, Ph.D. 20Encryption techniques: Mono-alphabetic CipherSubstitution cipher:Plain:a b c d e f g h I j k l m n o p q r s t u v w x y z Cipher:D E F G H I J K L M N O P Q R S T U V W X Y