COMPUTER SECURITY
LECTURE 2
Cryptography and Symmetric
Key Encryption
Security needs / objectives
Elements of common understanding of security:
• confidentiality (risk of disclosure)
• integrity (data altered  data worthless)
• authentication (who is the person, server, software etc.)
Also:
•
•
•
•
•
•
authorization (what is that person allowed to do)
privacy (controlling one’s personal information)
anonymity (remaining unidentified to others)
non-repudiation (user can’t deny having taken an action)
availability (service is available as desired and designed)
audit (having traces of actions in separate systems/places)
Table 1.1
Threats and Attacks (RFC 4949)
Security
Attacks
•A means of classifying security
attacks, used both in X.800 and RFC
4949, is in terms of passive attacks and
active attacks
•A passive attack attempts to learn or
make use of information from the
system but does not affect system
resources
•An active attack attempts to alter
system resources or affect their
operation
Passive
Attacks
• Are in the nature of
eavesdropping on, or
monitoring of, transmissions
• Goal of the opponent is to
obtain information that is
being transmitted
• Two types of passive
attacks are:
• The release of message
contents
• Traffic analysis
Active Attacks
• Involve some modification of the
data stream or the creation of a
false stream
• Difficult to prevent because of the
wide variety of potential physical,
software, and network
vulnerabilities
• Goal is to detect attacks and to
recover from any disruption or
delays caused by them
Masquerade
• Takes place when one entity
pretends to be a different entity
• Usually includes one of the other
forms of active attack
Replay
• Involves the passive capture of a
data unit and its subsequent
retransmission to produce an
unauthorized effect
Modification
of messages
• Some portion of a legitimate
message is altered, or messages
are delayed or reordered to
produce an unauthorized effect
Denial of
service
• Prevents or inhibits the normal
use or management of
communications facilities
Security Services
• Defined by X.800 as:
• A service provided by a protocol layer of communicating open
systems and that ensures adequate security of the systems or of
data transfers
• Defined by RFC 4949 as:
• A processing or communication service provided by a system
to give a specific kind of protection to system resources
X.800 Service Categories
• Authentication
• Access control
• Data confidentiality
• Data integrity
• Nonrepudiation
Table 1.2
Security
Services
(X.800)
(This table is found on
page 12 in the textbook)
Threat Modeling and Risk
Assessment
• Threat modeling: what threats will the system face?
• what could go wrong?
• how could the system be attacked and by whom?
• Risk assessment: how much to worry about them?
• calculate or estimate potential loss and its likelihood
• risk management – reduce both probability and
consequences of a security breach
Threat Modeling and Risk
Assessment
• Secure against what and from whom?
• who will be using the application?
• what does the user (and the admin) care about?
• where will the application run?
(on a local system as Administrator/root? An intranet
application? As a web service available to the public? On
a mobile phone?)
• what are you trying to protect and against whom?
• Steps to take
• Evaluate threats, risks and consequences
• Address the threats and mitigate the risks
How much security?
• Total security is unachievable
• A trade-off: more security often means
• higher cost
• less convenience / productivity / functionality
• Security measures should be as invisible as possible
• cannot irritate users or slow down the software (too much)
• example: forcing a password change everyday
• users will find a workaround, or just stop using it
• Choose security level relevant to your needs
How to get secure?
• Protection, detection, reaction
• Know your enemy: types of attacks, typical tricks,
commonly exploited vulnerabilities
• Attackers don’t create security holes and vulnerabilities
• they exploit existing ones
• Software security:
• Two main sources of software security holes:
architectural flaws and implementation bugs
• Think about security in all phases
of software development
• Follow standard software development procedures
Protection,
detection, reaction
An ounce of prevention
is worth a pound of cure
• better to protect that to recover
Detection is necessary
because total prevention
is impossible to achieve
Without some kind of reaction,
detection is useless
• like a burglar alarm
that no-one listens and responds to
Protection,
detection, reaction
• Each and every of the three elements is very important
• Security solutions focus too often on prevention only
• (Network/Host) Intrusion Detection Systems –
tools for detecting network and system level attacks
• For some threats, detection (and therefore reaction)
is not possible, so strong protection is crucial
• example: eavesdropping on Internet transmission
Security through
obscurity … ?
• Security through obscurity – hiding design
or implementation details to gain security:
• keeping secret not the key, but the encryption
algorithm,
• hiding a DB server under a name different from “db”, etc.
• The idea doesn’t work
• it’s difficult to keep secrets (e.g. source code gets stolen)
• if security of a system depends on one secret, then,
once it’s no longer a secret, the whole system is compromised
• secret algorithms, protocols etc. will not get reviewed  flaws
won’t be spotted and fixed  less security
• Systems should be secure by design, not by obfuscation
• Security AND obscurity
How cryptography can
help?
• Cryptography algorithms
• encryption (symmetric and asymmetric algorithms),
hash functions, digital signatures, random numbers …
• Cryptography protocols
• SSL, SSH, Kerberos, PKI …
• A lock in a door – lets only the chosen ones in
• allows authenticated, confidential communications etc.
• Encrypted data is only as secure as the decryption key
• strong lock in the door, and the key under the door mat
• protecting a 1024bit private key with a 4-digit pin code
• encrypted doesn’t automatically mean secure
Cryptography is not a
magic cure
• Many security problems cannot be solved with
cryptography
• e.g. buffer overflows bugs, users choosing bad passwords, DoS
attacks
• E-signature – how do you know what you really sign?
• Private key – will you know when it gets compromised?
• 85% of CERT security advisories could not have been prevented
with cryptography.*
• Cryptography can help, but is neither magic, nor trivial
Symmetric Key
Encryption
.
Some Basic Terminology
• Plaintext - original message
• Ciphertext - coded message
• Cipher - algorithm for transforming plaintext to ciphertext
• Key - info used in cipher known only to sender/receiver
• Encipher (encrypt) - converting plaintext to ciphertext
• Decipher (decrypt) - recovering ciphertext from plaintext
• Cryptography - study of encryption principles/methods
• Cryptanalysis (code breaking) - study of principles/methods of
deciphering ciphertext without knowing key
• Cryptology - field of both cryptography and cryptanalysis
Requirements
• There are two requirements for secure use of symmetric
encryption:
• A strong encryption algorithm
• Sender and receiver must have obtained copies of the secret key
in a secure fashion and must keep the key secure
• The security of symmetric encryption depends on the
secrecy of the key, not the secrecy of the algorithm
• This makes it feasible for widespread use
• Manufacturers can and have developed low-cost chip
implementations of data encryption algorithms
• These chips are widely available and incorporated into a
number of products
Cryptography
Cryptographic
systems are
generically
classified
along three
independent
dimensions:
• The type of operations used for transforming plaintext to
ciphertext
• Substitution
• Each element in the plaintext is mapped into another element
• Transposition
• Elements in the plaintext are rearranged
• Fundamental requirement is that no information be lost
• Product systems
• Involve multiple stages of substitutions and transpositions
• The number of keys used
• Referred to as symmetric, single-key, secret-key, or conventional
encryption if both sender and receiver use the same key
• Referred to as asymmetric, two-key, or public-key encryption if
the sender and receiver each use a different key
• The way in which the plaintext is processed
• Block cipher processes the input one block of elements at a time,
producing an output block for each input block
• Stream cipher processes the input elements continuously,
producing output one element at a time, as it goes along
Table 2.1
Types of Attacks on Encrypted Messages
cryptanalysis
• An encryption scheme is computationally secure if the
ciphertext generated by the scheme meets one or both
of the following criteria:
• The cost of breaking the cipher exceeds the value of the
encrypted information
• The time required to break the cipher exceeds the useful
lifetime of the information
Brute Force attack
• Involves trying every possible key until an intelligible
translation of the ciphertext into plaintext is obtained
• On average, half of all possible keys must be tried to
achieve success
• Unless known plaintext is provided, the analyst must
be able to recognize plaintext as plaintext
• To supplement the brute-force approach
• Some degree of knowledge about the expected plaintext
is needed
• Some means of automatically distinguishing plaintext
from garble is also needed
Feistel Cipher Design
Elements
• Larger block
sizes mean
greater security
but reduced
encryption/decry
ption speed
Block size
• Greater
complexity
generally means
greater resistance
to cryptanalysis
Round function
Key size
• Larger key size
means greater
security but may
decrease
encryption/decrypti
on speed
Subkey generation
algorithm
• The essence of a
symmetric block
cipher is that a
single round offers
inadequate security
but that multiple
rounds offer
increasing security
• Greater
complexity in
this algorithm
should lead to
greater difficulty
of cryptanalysis
Number of rounds
Fast software
encryption/decryp
tion
• In many cases, encryption is
embedded in applications or
utility functions in such a way
as to preclude a hardware
implementation; accordingly,
the seed of execution of the
algorithm becomes a concern
• If the algorithm can be
concisely and clearly
explained, it is easier to
analyze that algorithm
for cryptanalytic
vulnerabilities and
therefore develop a
higher level of assurance
as to its strength
Ease of analysis
Symmetric Block
encryption algorithms
• Block cipher
• The most commonly
used symmetric
encryption algorithms
• Processes the plaintext
input in fixed-sized
blocks and produces a
block of ciphertext of
equal size for each
plaintext block
Data
Encryption
Standard
(DES)
Advanced
Encryption
Standard
(AES)
The three most
important
symmetric
block ciphers
Triple DES
(3DES)
Data Encryption
Standard (DES)
• Most widely used encryption scheme
• Issued in 1977 as Federal Information Processing
Standard 46 (FIPS 46) by the National Institute of
Standards and Technology (NIST)
• The algorithm itself is referred to as the Data
Encryption Algorithm (DEA)
DES algorithm
• Description of the algorithm:
•
•
•
•
•
Plaintext is 64 bits in length
Key is 56 bits in length
Structure is a minor variation of the Feistel network
There are 16 rounds of processing
Process of decryption is essentially the same as the encryption
process
• The strength of DES:
• Concerns fall into two categories
• The algorithm itself
• Refers to the possibility that cryptanalysis is possible by exploiting
the characteristics of the algorithm
• The use of a 56-bit key
• Speed of commercial, off-the-shelf processors threatens the security
Table 2.2
Average Time Required for Exhaustive
Key Search
3DES guidelines
• FIPS 46-3 includes the following guidelines for 3DES:
• 3DES is the FIPS-approved symmetric encryption
algorithm of choice
• The original DES, which uses a single 56-bit key, is
permitted under the standard for legacy systems only;
new procurements should support 3DES
• Government organizations with legacy DES systems are
encouraged to transition to 3DES
• It is anticipated that 3DES and the Advanced Encryption
Standard (AES) will coexist as FIPS-approved
algorithms, allowing for a gradual transition to AES
Thank you
.
Any Questions