The Definition of Computer Security
• Security is a state of well-being of information
and infrastructures in which the possibility of
successful yet undetected theft, tampering,
and disruption of information and services is
kept low or tolerable
• Security rests on confidentiality, authenticity,
integrity, and availability
1
The Basic Components
• Confidentiality is the concealment of information or
resources.
– E.g., only sender, intended receiver should “understand” message
contents
• Authenticity is the identification and assurance of the
origin of information.
• Integrity refers to the trustworthiness of data or
resources in terms of preventing improper and
unauthorized changes.
• Availability refers to the ability to use the information
or resource desired.
2
Security Threats and Attacks
• A threat/vulnerability is a potential violation of
security.
– Flaws in design, implementation, and operation.
• An attack is any action that violates security.
– Active adversary
• An attack has an implicit concept of “intent”
– Router mis-configuration or server crash can also
cause loss of availability, but they are not attacks
3
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages
Alice
data
channel
secure
sender
Bob
data, control
messages
secure
receiver
data
Trudy
4
Eavesdropping - Message Interception
(Attack on Confidentiality)
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs
B
A
Eavesdropper
5
Integrity Attack - Tampering
With Messages
• Stop the flow of the message
• Delay and optionally modify the message
• Release the message again
B
A
Perpetrator
6
Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
identity
A
B
Masquerader: from A
7
Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit
A
B
• Blatant denial of service (DoS):
– Crashing the server
– Overwhelm the server (use up its resource)
8
Classify Security Attacks as
• Passive attacks - eavesdropping on, or
monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• Active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
9
Outline
• Overview of Cryptography
• Symmetric Cipher
– Classical Symmetric Cipher
– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher
• One-way Hash Functions and Message Digest
Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and
cryptanalysis
Classification of Cryptography
• Number of keys used
– Hash functions: no key
– Secret key cryptography: one key
– Public key cryptography: two keys - public, private
• Way in which plaintext is processed
– block / stream
Secret Key vs. Secret Algorithm
• Secret algorithm: additional hurdle
• Hard to keep secret if used widely:
– Reverse engineering, social engineering
• Commercial: published
– Wide review, trust
• Military: avoid giving enemy good ideas
Unconditional vs. Computational Security
• Unconditional security
– No matter how much computer power is available, the
cipher cannot be broken
– The ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
– Only one-time pad scheme qualifies
• Computational security
– The cost of breaking the cipher exceeds the value of
the encrypted info
– The time required to break the cipher exceeds the
useful lifetime of the info
Brute Force Search
• Always possible to simply try every key
• Most basic attack, proportional to key size
• Assume either know / recognise plaintext
Key Size (bits)
Number of
Alternative Keys
Time required at 1
decryption/µs
Time required at 106
decryptions/µs
32
232 = 4.3  109
231 µs
= 35.8 minutes
2.15 milliseconds
56
256 = 7.2  1016
255 µs
= 1142 years
10.01 hours
128
2128 = 3.4  1038
2127 µs
years
= 5.4  1024
5.4  1018 years
168
2168 = 3.7  1050
2167 µs
years
= 5.9  1036
5.9  1030 years
26! = 4  1026
2  1026 µs = 6.4  1012
years
26 characters
(permutation)
6.4  106 years
Outline
• Overview of Cryptography
• Classical Symmetric Cipher
– Substitution Cipher
– Transposition Cipher
• Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher
• One-way Hash Functions and Message Digest
Symmetric Cipher Model
Requirements
• Two requirements for secure use of symmetric
encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)
• Assume encryption algorithm is known
• Implies a secure channel to distribute key
Block vs Stream Ciphers
• Block ciphers process messages in into blocks,
each of which is then en/decrypted
• Like a substitution on very big characters
– 64-bits or more
• Stream ciphers process messages a bit or byte
at a time when en/decrypting
• Many current ciphers are block ciphers, one of
the most widely used types of cryptographic
algorithms
Feistel Cipher
Structure
• Process through
multiple rounds which
– partitions input block
into two halves
– perform a substitution
on left data half
– based on round function
of right half & subkey
– then have permutation
swapping halves
20
Feistel
Cipher
Decryption
21
DES (Data Encryption Standard)
• Published in 1977, standardized in 1979.
• Key: 64 bit quantity=8-bit parity+56-bit key
– Every 8th bit is a parity bit.
• 64 bit input, 64 bit output.
64 bit M
64 bit C
DES
Encryption
56 bits
DES Top View
56-bit Key
64-bit
48-bitInput
K1
Generate keys
Permutation
Round 1
Round 2
…...
Round 16
Swap
Permutation
64-bit Output
Initial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
DES Summary
• Simple, easy to implement:
– Hardware/gigabits/second,
software/megabits/second
• 56-bit key DES may be acceptable for noncritical applications but triple DES (DES3)
should be secure for most applications today
• Supports several operation modes (ECB CBC,
OFB, CFB) for different applications
Avalanche Effect
• Key desirable property of encryption alg
• Where a change of one input or key bit
results in changing more than half output bits
• DES exhibits strong avalanche
Strength of DES – Key Size
• 56-bit keys have 256 = 7.2 x 1016 values
• Brute force search looks hard
• Recent advances have shown is possible
– in 1997 on a huge cluster of computers over the
Internet in a few months
– in 1998 on dedicated hardware called “DES cracker”
by EFF in a few days ($220,000)
– in 1999 above combined in 22hrs!
• Still must be able to recognize plaintext
• No big flaw for DES algorithms
DES Replacement
• Triple-DES (3DES)
– 168-bit key, no brute force attacks
– Underlying encryption algorithm the same, no
effective analytic attacks
– Drawbacks
• Performance: no efficient software codes for DES/3DES
• Efficiency/security: bigger block size desirable
• Advanced Encryption Standards (AES)
– US NIST issued call for ciphers in 1997
– Rijndael was selected as the AES in Oct-2000
AES
• Private key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger & faster than Triple-DES
• Provide full specification & design details
• Evaluation criteria
– Security: effort to practically cryptanalysis
– Cost: computational efficiency and memory
requirement
– Algorithm & implementation characteristics:
flexibility to apps, hardware/software suitability,
simplicity
Outlines
• Symmetric Cipher
– Classical Symmetric Cipher
– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher
• One-way Hash Functions and Message Digest
Private-Key Cryptography
• Private/secret/single key cryptography uses one
key
• Shared by both sender and receiver
• If this key is disclosed communications are
compromised
• Also is symmetric, parties are equal
• Hence does not protect sender from receiver
forging a message & claiming is sent by sender
Public-Key Cryptography
• Probably most significant advance in the 3000
year history of cryptography
• Uses two keys – a public & a private key
• Asymmetric since parties are not equal
• Uses clever application of number theoretic
concepts to function
• Complements rather than replaces private key
crypto
Public-Key Cryptography
• Public-key/two-key/asymmetric cryptography
involves the use of two keys:
– a public-key, which may be known by anybody, and can
be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
• Asymmetric because
– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
Public-Key Cryptography
Public-Key Characteristics
• Public-Key algorithms rely on two keys with the
characteristics that it is:
– computationally infeasible to find decryption key
knowing only algorithm & encryption key
– computationally easy to en/decrypt messages when
the relevant (en/decrypt) key is known
– either of the two related keys can be used for
encryption, with the other used for decryption (in
some schemes)
• Analogy to delivery w/ a padlocked box
Public-Key Cryptosystems
• Two major applications:
– encryption/decryption (provide secrecy)
– digital signatures (provide authentication)
RSA (Rivest, Shamir, Adleman)
• The most popular one.
• Support both public key encryption and digital
signature.
• Assumption/theoretical basis:
– Factoring a big number is hard.
• Variable key length (usually 1024 or 2048 bits).
• Variable plaintext block size.
– Plaintext must be “smaller” than the key.
– Ciphertext block size is the same as the key length.
Is RSA Secure?
• Factoring 512-bit number is very hard!
• But if you can factor big number n then given public
key <e,n>, you can find d, hence the private key by:
– Knowing factors p, q, such that, n = p*q
– Then ø(n) =(p-1)(q-1)
– Then d such that e*d = 1 mod ø(n)
• Threat
– Moore’s law
– Refinement of factorizing algorithms
• For the near future, a key of 1024 or 2048 bits
needed
Symmetric (DES) vs. Public Key (RSA)
• Exponentiation of RSA is expensive !
• AES and DES are much faster
– 100 times faster in software
– 1,000 to 10,000 times faster in hardware
• RSA often used in combination in AES and DES
– Pass the session key with RSA
– SSL/TLS handshaking
Outline
• History of Security and Definitions
• Overview of Cryptography
• Symmetric Cipher
– Classical Symmetric Cipher
– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher
• One-way Hash Functions and Message Digest
Confidentiality => Authenticity ?
• Symmetric cipher ?
– Shared key problem
– Plaintext has to be intelligible/understandable
• Asymmetric cipher?
– Too expensive
– Plaintext has to be intelligible/understandable
– Desirable to cipher on a much smaller size of data
which uniquely represents the long message
Hash Functions
• Condenses arbitrary message to fixed size
h = H(M)
• Usually assume that the hash function is
public and not keyed
• Hash used to detect changes to message
• Can use in various ways with message
• Most often to create a digital signature
Hash Functions & Digital Signatures
Requirements for Hash Functions
1.
Can be applied to any sized message M
2. Produces fixed-length output h
3. Is easy to compute h=H(M) for any message M
4. Given h is infeasible to find x s.t. H(x)=h
•
One-way property
5. Given x is infeasible to find y s.t. H(y)=H(x)
•
Weak collision resistance
6. Is infeasible to find any x,y s.t. H(y)=H(x)
•
Strong collision resistance
How Many Bits for Hash?
• m bits, takes 2m/2 to find two with the same
hash
• 64 bits, takes 232 messages to search
(doable)
• Need at least 128 bits
General Structure of Secure Hash Code
• Iterative compression function
– Each f is collision-resistant, so is the resulting hashing
MD5: Message Digest Version 5
input Message
Output 128 bits Digest
• Until recently the most widely used hash algorithm
– in recent times have both brute-force & cryptanalytic
concerns
• Specified as Internet standard RFC1321
MD5 Overview
Secure Hash Algorithm
• Developed by NIST, specified in the Secure
Hash Standard (SHS, FIPS Pub 180), 1993
• SHA is specified as the hash algorithm in the
Digital Signature Standard (DSS), NIST
General Logic
• Input message must be < 264 bits
– not really a problem
• Message is processed in 512-bit blocks
sequentially
• Message digest is 160 bits
• SHA design is similar to MD5, a little slower,
but a lot stronger
SHA-1 verses MD5
• Brute force attack is harder (160 vs 128 bits for
MD5)
• A little slower than MD5 (80 vs 64 steps)
– Both work well on a 32-bit architecture
• Both designed as simple and compact for
implementation
• Cryptanalytic attacks
– MD4/5: vulnerability discovered since its design
– SHA-1: no until recent 2005 results raised concerns on
its use in future applications
Revised Secure Hash Standard
• NIST have issued a revision FIPS 180-2 in 2002
• Adds 3 additional hash algorithms
• SHA-256, SHA-384, SHA-512
– Collectively called SHA-2
• Designed for compatibility with increased
security provided by the AES cipher
• Structure & detail are similar to SHA-1
• Hence analysis should be similar, but security
levels are rather higher
Backup Slides
What Is RSA?
• To generate key pair:
– Pick large primes (>= 256 bits each) p and q
– Let n = p*q, keep your p and q to yourself!
– For public key, choose e that is relatively prime to
ø(n) =(p-1)(q-1), let pub = <e,n>
– For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv =
<d,n>
RSA Example
1.
Select primes: p=17 & q=11
2.
Compute n = pq =17×11=187
3.
Compute ø(n)=(p–1)(q-1)=16×10=160
4.
Select e : gcd(e,160)=1; choose e=7
5.
Determine d: de=1 mod 160 and d < 160 Value is
d=23 since 23×7=161= 10×160+1
6.
Publish public key KU={7,187}
7.
Keep secret private key KR={23,17,11}
How Does RSA Work?
• Given pub = <e, n> and priv = <d, n>
– encryption: c = me mod n, m < n
– decryption: m = cd mod n
– signature: s = md mod n, m < n
– verification: m = se mod n
• given message M = 88 (nb. 88<187)
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88