ByC.KRISHNAPRASADII Year MBA-BT

BOUNDARY CONTROLS

Boundary subsystem establishes interface between the would-be user of a computer system and the computer system itself.

Three major purposes

To establish the identity and authenticity of would-be users of a computer system To establish the identity and authenticity of the resources that users wish to employ To restrict users who obtain computer resources to a set of authorised actions First boundary controls were not considered important

INTRODUCTION

Continued……

Two factors led to a marked increase in the use and strength of boundary controls

First is widespread deployment of distributed systems resulting in many users dispersed physically

eg: wide area network, local area network, client-server Computing Second, rapid growth of electronic commerce systems In boundary subsystem there are some major types of controls

exercised and we are going to discuss about cryptographic controls

Cryptographic controls are designed to protect the privacy of data and to prevent unauthorized modifications of data

It has become important to prevent unauthorised access of data

Used in several subsystems as there are important controls like passwords, PINs and digital signatures.

NATURE OF CRYPTOGRAPHY Cryptology is the science of secret codes and it incorporates

the study of cryptography and cryptanalysis Cryptography deals with transformation of data into codes and

cryptanalysis deals with recovering of data from cryptograms.

CRYPTOGRAPHIC CONTROLS

CRYPTOGRAPHIC TECHNIQUES Cryptographic technique encrypts cleartext data into

cryptograms known as cipher text Three types of encipherment techniques 1.Transposition ciphers 2.Substitution ciphers 3.Product ciphers

TRANSPOSITION CIPHERS Transposition ciphers use some rule to change the order of characters within a string of dataEg: Simple transposition rule is to swap the position of characters in consecutive pairs PEACE IS OUR OBJECTIVE would be coded as EPCA ESIO RUO JBCEITEV

SUBSTITUTION CIPHERS Substitution ciphers retain the position of characters within a

message and hide the identity of the characters by replacing them with other characters according to some rule

Eg: Caesar Cipher- In the word IDEOGRAPHY(key) Clear text : ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: IDEOGRAPHYBCFJKLMNQSTUVWXZ PEACE IS OUR OBJECTIVE will be coded as LGIEG HQ KTN KDYGESHUG Many other complex substitution ciphers were widely used

before advent of computers but now it can be easily broken using a computer

PRODUCT CIPHERS Product ciphers use a combination of transposition and

substitution methods Research has shown that they are resistant to cryptanalysis, so

product ciphers are now the major methods of encryption used

CHOOSING A CIPHER SYSTEM A cipher system has two components 1.An encipherment method or algorithm that constitutes

basic cryptographic technique 2.A cryptographic key upon which the algorithm operates

in conjunction with clear text to produce ciphertext Shannon(1949) listed five properties of a cipher system

PROPERTIES High work factor- cipher should be difficult for the cryptanalyst to

break Small key- cryptographic key should be small so it can be changed

frequently and easily Simplicity- complex cipher systems can be costly Low error propagation- some ciphertext depends on previous

ciphertext generated for a message, so corruption to single bit will cause error for decryption

Little expansion of message- some cipher systems use noise in the message to protect from breaking of codes

Shanon shows that properties cannot be achieved simultaneously The systems use a simple algorithm and a long key are called long-

key systems

Continued…..

The cipher systems that rely on known algorithm for their strength are called strong-algorithm systems

IBM developed a standard algorithm for cryptographic system in 1977 accepted by National Bureau of Standards(NBS) in US known as Data Encryption Standards(DES)

DES uses 64 bit key in which algorithm uses 56 bits and 8 bits for parity

PUBLIC KEY CRYPTOSYSTEMS Diffie and Hellman(1976) proposed asymmetric key

cryptography Public key is a common key known in public while private key

is secured not to be distributed. By this we can send and receive message without any tampering Most widely used scheme is Rivest, Shamir and Adleman

(1978) called as RSA algorithm Major disadvantage is that public key cryptosystems is slow

compared to private key cryptosystems

KEY MANAGEMENT To maintain cryptographic key securely is important so key

management involves three functions, key generation, key distribution and key installation

KEY GENERATION Key generation is based on three questions First, what keys must be generated?

◦ For which multiple key must be generated because it is secure compared to single key but the only disadvantage is that it is complex for generation

Second, how should these keys must be generated?◦ The most critical keys must be generated via complete

random process while less critical keys must be generated via pseudorandom number generator

Third, how long must the keys be?◦ As computers become faster and more powerful, the keys

must be lengthened to protect them against brute force attacks

KEY DISTRIBUTION The keys must be distributed to different locations as the key

generated and key distributed place must not be same.Distribution can be done by two ways• The key might be carried physically but it must be broken into

fragments and distributed in order to enhance security.• It can also be distributed electronically using public key

cryptosystems.

KEY INSTALLATION The key is not generated internally it must be installed from

external source The cryptographic devices developed by organisations can be used

to generate and install keys in another device which is held in secure memory and can only be transferred physically

The key gets installed and handshaking procedure is done if the key is transferred electronically to ensure both has same key

THANK YOU