Cryptography and Security Services: Mechanisms and Applications Chapter 1 and 2 Classic Cryptography and Information Assurance Manuel Mogollon m_mogollon@verizon.net M. Mogollon – 0 Session 1 – Contents • Introduction • Classical Cipher Techniques — — — — Substitution Ciphers Monoalphabetic Substitution Polyalphabetic Substitution Transposition Ciphers • Early Cipher Machines — The Saint Cyr Slide — The Jefferson Cylinder — Vernam Cipher • The Rotor Crypto Machines Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 1 1 Introduction • Scribes in the Egyptian civilization used unusual hieroglyphics to tell the story of their masters' lives. — The inscriptions were not secret writing, but incorporated one of the essential elements of cryptography: an intentional transformation of writing so that only certain people could read it • The Spartans were probably the first to use cryptography for military purposes. — Their crypto device was called the scytale (stick). We need to proceed with the plan Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 2 2 Crypto Analysis Rules • The Arab civilization, with its advanced mathematics, was the first to establish specific rules to cryptanalyze written messages. These rules were the following: — The cryptanalyst must know the language in which the crypto message is written and its linguistic characteristics. — In every language, there are letters that are never found together in one word, letters that rarely come together in a word, and combinations of letters that are not possible. — All letters are not used equally in any language, and the proportions in which the letters occur remain constant. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 3 3 Classical Cipher Techniques • Too weak for serious applications; however, many of their basic principles are still used in modern cryptography. • Substitution Ciphers Plain Cipher a b c d e f g h i j k l m n o p q r s t u v w x y z d e f g h i j k l m n o p q r s t u v w x y z a b c • Monoalphabetic Substitution Plain Cipher a b c d e f g h i j k l m n o p q r s t u v w x y z h o s b r g v k w c y f p j t a z m x i q d l u e n — The number of possible substitutions is 26! or 4.0329 x 1026. — It is a very weak cipher; in any language there are some letters that occur more often than others. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 4 4 Polyalphabetic Substitution • Introduced by Blaise de Vigenere in the 16th century. • Uses one alphabet for each of the plain letters. • Has several key methods, such as words, phrases, and a running key in which the message itself is its own key —the so-called autokey. Key Plain Cipher D N O W I S T H E T I M N O W I S T H E T I M E Q B K E A L A L X B U Q Cipher Key Plain Q B K E A L A L X B U Q D N O W I S T H E T I M N O W I S T H E T I M E Introduction Classic Cryptography The Vigenere Tableau (Plain Text) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z IA b c d e f g h i j k l m n o p q r s t u v w x y z a c d e f g h i j k l m n o p q r s t u v w x y z a b d e f g h i j k l m n o p q r s t u v w x y z a b c e f g h i j k l m n o p q r s t u v w x y z a b c d f g h i j k l m n o p q r s t u v w x y z a b c d e g h i j k l m n o p q r s t u v w x y z a b c d e f h i j k l m n o p q r s t u v w x y z a b c d e f g i j k l m n o p q r s t u v w x y z a b c d e f g h j k l m n o p q r s t u v w x y z a b c d e f g h i OSI/TCP Stack k l m n o p q r s t u v w x y z a b c d e f g h i j l m n o p q r s t u v w x y z a b c d e f g h i j k m n o p q r s t u v w x y z a b c d e f g h i j k l n o p q r s t u v w x y z a b c d e f g h i j k l m o p q r s t u v w x y z a b c d e f g h i j k l m n p q r s t u v w x y z a b c d e f g h i j k l m n o q r s t u v w x y z a b c d e f g h i j k l m n o p r s t u v w x y z a b c d e f g h i j k l m n o p q s t u v w x y z a b c d e f g h i j k l m n o p q r t u v w x y z a b c d e f g h i j k l m n o p q r s u v w x y z a b c d e f g h i j k l m n o p q r s t v w x y z a b c d e f g h i j k l m n o p q r s t u w x y z a b c d e f g h i j k l m n o p q r s t u v x y z a b c d e f g h i j k l m n o p q r s t u v w y z a b c d e f g h i j k l m n o p q r s t u v w x z a b c d e f g h i j k l m n o p q r s t u v w x y Security Services & Mechanisms M. Mogollon – 5 5 Transposition Ciphers • Successive letters of the plaintext are arranged according to the key. • The key is a group of sequential numbers arranged at random. • The plaintext is separated into groups of letters in which each group has the same number of letters as the number chosen as a key. Plaintext Key Ciphertext Introduction Classic Cryptography nowis/theti/mefor/allxx/ 51342 snwio iteth rmfoe xalxl snwioitethrmfoexalxl IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 6 6 Early Cipher Machines • The Saint Cyr Slide A ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC GHIJHLMNOPQRSTUVWXYZ • 18th Century Wheel Cipher Picture from: http://www.nsa.gov/museum/wheel.html Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 7 7 Early Cipher Machines • The Vernam Cipher was designed in 1917 by Gilbert Vernam • Is a bit-by-bit combination of random characters (keystream) with characters of plaintext using modulo-2 addition (the XOR function) 1+0=1 1+1=0 0+1=1 0+0=0 Enciphering Deciphering Plaintext 10011000101000110 Ciphertext 00101011001100101 Keystream 10110011100100011 ──────────────────── Keystream 10110011100100011 ──────────────────── Ciphertext 00101011001100101 Plaintext 10011000101000110 Key Stream Key Stream Plaintext + Ciphertext Encryption Algorithm Modulo 2 Adder Encipher Introduction Classic Cryptography IA + Plaintext Decryption Algorithm Modulo 2 Adder Decipher OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 8 8 The Rotor Crypto Machines • Rotor Crypto Machines implement polyalphabetic substitution ciphers with long periods. • These machines consist of several “t” rotary discs, each one with 26 electrical contacts called studs. • Each stud is connected at random by wire to another stud on the other side of the disc. • After each letter is enciphered, one or more of the rotors are rotated one step. • A machine with “t” rotors does not return to its starting position until after 26t successive steps. • A five-rotor machine has a period of 265 = 11,881,376 different alphabets before it repeats itself. A B C D E F Plaintext G H I A B Ciphertext C D E F G H I Encryption A B Ciphertext C D E F G H I A B C D E F Plaintext G H I Decryption Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 9 9 The M 209 The Enigma • Used by the U.S. Army until the early 1950s. • Polyalphabetic ciphertext with a period of 26 x 25 x 23 x 21 x 19 x 17 = 101,405,850, nearly ten times greater than a fiverotor machine. Picture from http://www.nsa.gov/museum/enigma.html Picture from http://www.maritime.org/csp1500.htm Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 10 10 Information Assurance and Security Services & Mechanisms Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 11 11 Session 1a – Contents • Introduction • OSI and TCP/IP Stack • Crypto Terminology • Security Services and Security Mechanisms Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 12 12 NSA Terminology COMSEC / (1960s) Communications security which provided protection against disclosure to unauthorized parties when information was transmitted or broadcasted from point-to-point. COMPUSEC / (Late 1970s) Computer security which provided protection against unauthorized disclosure of information, injection of malicious code, or the theft of data on magnetic media. INFOSEC / (Early 1980s) Information security which was the result of the convergence of COMSEC and COMPUSEC. IA / (Late 1990s) Information Assurance which deals with providing protection against unauthorized disclosure of information (confidentiality), modification of information (integrity), denial of service (availability), authenticity, and non-repudiation. Definitions taken from Daniel G. Wolf, NSA Director of Information Assurance statement before the House Select Committee of Homeland Security on July 22, 2003, pages 4 and 5. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 13 13 OSI and TCP/IP Stacks Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Transport Layer TCP Layer 3 Network Network Layer IP Layer 2 Data Link Layer 1 Physical Application Layer Data Layer OSI Stack Introduction Classic Cryptography SMTP, Telnet, FTP, Gopher UDP ARP RARP Ethernet, Token-Ring, FDDI, X.25, Wireless, Async, ATM, SNA...Data Layer TCP/IP Stack IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 14 14 TCP/IP • • • TCP/IP — Transmission Control Protocol/Internet Protocol. • TCP/IP has two parts, TCP and IP. TCP/IP is the protocol suite used by the Internet. TCP/IP is based on a connectionless networking. Eliminates the need for the network to support signaling and maintain connections (and thus state information). All aspects of a reliable connection are moved to Layer 4 and supported in the endpoints. — TCP perform the functions of the transport layer in the OSI model (e.g., breaking the data into smaller packets, numbering them, ensuring each packet is reliably delivered and putting them in the proper order). — IP performs the role of the network layer in the OSI model (e.g., routing and addressing). • Some of the protocols used in the TCP/IP suite are: — — — — Data Layer: Frame Relay, ATM, IEEE 802.3, PPP PPP EAP (among others) Network Layer: IP Transport Layer: User Data Protocol (UDP), Transmission Control Protocol (TCP) Applications Layer Applications: HTTP, FTP, SMTP, SNMP Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 15 15 TCP/IP Protocol Stack Data TH NH DH Payload Payload Application Layer Application Layer Transport Layer Transport Layer Network Layer Data Layer NH DH Data TH Network Layer Payload Data Layer NH DH Payload Payload Router • Application Layer: Provides services for a user to send and received data over the network, such as web browsers (HTTP), FTP, SMTP, SNMP, and emails. • • • Transport Layer: Provides connection, error and flow control (TCP or UDP), and security. Network Layer: Responsible for addressing (IP) and routing the packets. Data Link Layer: Defines the electrical, mechanical, and physical interfaces to the network. It frames the packets for transmission over the physical media, such as Ethernet, Token Ring, Frame Relay, Asynchronous Transfer Mode (ATM). Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 16 16 TCP/IP Stack and Security Related Protocols Application Layer Transport Layer Network Layer SMTP, Telnet, FTP, Gopher TCP IP UDP ARP RARP • S/MIME • S-HTTP • PGP • SET • IPSec (ISAKMP) • SOCKS V5 • SSL, TLS • IPSec (AH, ESP) • Packet filtering • Tunneling Protocols Ethernet, Token-Ring, FDDI, X.25, Wireless, Async, ATM, SNA...Data Layer PPP-EAP, IEEE Data Layer 802.1X, CHAP, PAP, MS-CHAP The Data Layer is also called Network Interface Layer, Link Layer, or Data-Link Layer. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 17 17 What is Cryptography? • cryptography / The art or science that treats of the principles, means, and methods to render information unintelligible to all but the intended receiver. The sender enciphers a message into an unintelligible form, and the receiver deciphers it into intelligible form. The word "cryptology" is derived from the Greek “kryptos” (hidden) and “logos” (word). Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 18 18 What is Cryptology? • cryptology / The scientific study of cryptography and cryptanalysis. • cryptanalysis / The process of deducting the plaintext from the ciphertext (breaking a code) without being in possession of the key or the system (codebreaking). Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 19 19 Crypto Terminology Cryptographic Variables (CV), Secret Keys, Private Keys Key Generator Synchronization Key Stream Key Stream Message Plaintext As the market requirements for secure products has exponentially increased, our strategy will be to …. Encryption Algorithm Encipher Key Generator Cryptographic Variables (CV), Secret Keys, Public Keys Ciphertext Asdfe8i4*(74mjsd( 9&*nng654mKhna mshy75*72mnasja dif3%j*j^3cdf(#421 5kndh_!8g,kla/”2a cd:{qien*38mnap4 *h&fk>0820&ma01 2M Encryption Algorithm Decipher Plaintext Message As the market requirements for secure products has exponentially increased, our strategy will be to …. Security is based on the crypto variable, not on the encryption algorithm. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 20 20 Crypto Terminology Cryptographic Variables (CV), Secret Keys, Private Keys Message Plaintext As the market requirements for secure products has exponentially increased, our strategy will be to …. Introduction Cryptographic Variables (CV), Secret Keys, Public Keys Synchronization Encryption Algorithm (Block Cipher) Encipher Classic Cryptography Ciphertext Asdfe8i4*(74mjsd( 9&*nng654mKhna mshy75*72mnasja dif3%j*j^3cdf(#421 5kndh_!8g,kla/”2a cd:{qien*38mnap4 *h&fk>0820&ma01 2M IA Encryption Algorithm (Block Cipher) Decipher OSI/TCP Stack Plaintext Message As the market requirements for secure products has exponentially increased, our strategy will be to …. Security Services & Mechanisms M. Mogollon – 21 21 Security Services Security Mechanisms Confidentiality Encryption Integrity Hash Functions Authentication Digital Signatures Access Security Tokens Non-Repudiation Digital Signatures Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 22 22 Typical Protections - Need Many Tools Used in Concert • Physical Security — — — • Information Assurance — — — — • Management tools (sniffers, scanners, profilers, honeypots, shunts, program registers, etc.) Database security Disaster Recovery Planning — — • • Access controls authentication (firewalls, passwords, biometrics, etc.) Virus protection tools Operation system protection (Windows, Unix, Linux) Network Security — — • Confidentiality (symmetric and asymmetric encryption) Integrity (hash functions) Authentication (digital certificates, tokens, digital signatures, passwords, biometrics, etc.) Non-Repudiation (public key encryption, digital signatures, System Security — — — • Physical access (guards, fences, alarms, locks,, etc.) Environment risk security (power Filtering and UPS devices surge protectors Fire and flooding protection Contingency plans Security policies. EMI/RFI Shielding Training and Education Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 23 23 Security Services • Confidentiality — Protection against unauthorized individuals reading information that is supposed to be kept private. • Data Integrity — Assurance that a message was not accidentally or deliberately modified in transit by replacement, insertion, or deletion. • Authentication — Assurance that the message is coming from the source from which it claims to come. • Non-Repudiation of Origin — Protection against an individual denying sending or receiving a message. • Access Control — The prevention of the unauthorized use of a resource by identifying or verifying the eligibility of a station, originator or individual to access specific categories of information. A security policy is implemented using security mechanisms to provide security services. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 24 24 IA Security Policy When is Electronic Information Collected, Used, Processed, Transmitted, or Stored, the provide Security Mechanisms Confidentiality, Integrity, Availability, Authenticity, Non-repudiation. Security Mechanisms must be: Comprehensive, Coordinated, Scaleable, & Technology Agnostic Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 25 25 Confidentiality and its Security Mechanisms Confidentiality Protection of data from unauthorized disclosure Encryption Algorithms Symmetric Asymmetric Stream Ciphers Synchronous SelfSynchronous Block Cipher Public-Key DES AES 3DES Blowfish MARS RC5 CAST IDEA OFB Pohlig Hellman RSA ElGamal CFB Schnorr ECC RC4 Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 26 26 Integrity and its Security Mechanisms Assurance that a message was not accidentally or deliberately modified in transit by replacement, insertion, or deletion. Integrity Hash Functions SHA Digital Signature MD5 MAC Encryption HMAC SHA-1 SHA-384 DES CBC HMAC-SHA-1-96 SHA-256 SHA-512 AES-XCBCMAC-96 HMAC-MD5-96 Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 27 27 Authentication and its Security Mechanisms Authentication Digital Signatures MD5 ElGamal RSA Assurance that the message is coming from the source from which it claims to be. Digital Signatures provide authentication, nonrepudiation, and integrity. SHA DSA RSA SHA DSA Hash Functions ECDSA A Digital Signature is created by taking the message’s hash and encrypting it with the sender’s private key. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 28 28 Access Authentication Access Authentication Protocol IEEE 802.1X EAP Method Mechanism EAP-TLS EAP-SIM CHAP OTP EAP-TTLS EAP-AKA GTC MS-CHAP v2 EAP-PEAP EAP-PSK Digital Certificates IEEE 802.1X: Port-based Access Control Protocol EAP: Extensible Authentication Protocol TLS: Transport Layer Security TTLS: Tunneled Transport Layer Security Introduction The prevention of the unauthorized use of a resource. Classic Cryptography IA PEAP: Protected EAP CHAP: Challenge-Handshake Authentication Protocol OTP: One-Time Password GTC: Generic Token Card OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 29 29 Non-Repudiation and its Security Mechanisms NonRepudiation Public-Key Schnorr ElGamal Protection against an individual denying sending a message. Digital Signature RSA Encryption ECC Sender enciphers the message with his private key and recipient deciphers the message with sender’s public key. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 30 30 Example: Ecommerce – SSL Application Intranet or DMZ • Firewall • SSL Accelerator Web Servers Internet Buyer • • • • Seller SSL Accelerator • SSL traffic is encrypted • Offloads expensive public key operation from backend servers • Normally, 250,000 transactions/sec Authenticates seller. Enciphers information. Clientless Access from any computer Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 31 31 Example: Remote Access Application – VPNs VoIP Authentication Server VPN Gateway Internet Home office Intranet Firewall Remote End Introduction • Firewall • VPN Gateway • Authenticates remote access user. • Creates tunnel for VPN connection • Enciphers communications using IPSec. Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 32 32 Example: Remote Wireless Access Application – VPNs VoIP Authentication Server VPN Gateway Internet Home office Intranet Firewall Remote End Wireless Point Security Wireless Security Switch WifiVoIP Introduction • Firewall • VPN Gateway Classic Cryptography • • • • Authenticate wireless remote access user. Create tunnel for VPN connection Encipher communications using IPSec. Access to all applications through client desktop software. IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 33 33 Remote Wireless/Wireline Access Application – SSL VPNs VoIP Authentication Server Home office Internet Intranet Router • Firewall • SSL VPN Router Remote End Wireless Point Security • • • • Introduction Authenticate wireless/wireline remote access user. Secure communications using SSL IPSec. Access to selected applications through a web portal. Erase any connection information in the access point after log-out. Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 34 34 Authentication Authentication Server Radius, Kerberos, PKI, OTP, Token EAP over Internet EAP Method Password Authentication Database Authenticator Token Authentication Database X.509 Directory Kerberos Ticket Granting Server Supplicants Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 35 35 Placeholder Names Used in Cryptography Alice Participant in all protocols Bob Participant in two-, three-, and four-party protocols. Carol Participant in three- and four-party protocols Dave Participant in four-party protocols Eve Passive eavesdropper, Eve, while she can listen in on messages between Alice and Bob, she cannot modify them. Mallet Malicious active attacker. Mallet, also called Mallory, can modify messages, substitute his own messages, replay old messages, and so on. The problem of securing a system against Mallory is much greater than against Eve. Peggy Prover Victor Verifier . Victor, a verifier, and Peggy, a prover, must interact in some way to show that the intended transaction between Alice and Bob has actually taken place. Trent Trusted Arbitrator Trudy Intruder. Trudy can modify messages in transit, therefore, she is more dangerous than Eve. Bob and Alice ideally should use some integrity protocols to be able to detect any such modification and either ignore the changed message, or retrieve the correct message despite the intrusion. Walter Warden. He guards Alice and Bob in some protocols. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 36 36 IETF, RFCs, FIPS • The Internet Engineering Task Force (IETF) is a group of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. http://www.ietf.org/ • The Request for Comments (RFC) consist of the IETF working documents of approved standards and protocols for the Internet. This web site is the RFC repository and it lists all the RFCs. http://www.ietf.org/rfc.html • The Computer Security Resource Center of the National Institute of Standards and Technology, develops standards and metrics to test and validate computer security. http://csrc.nist.gov/ • Federal Information Processing Standards Publications (FIPS PUBS) home web page. http://www.itl.nist.gov/fipspubs/ • Federal Information Processing Standards Publications (FIPS PUBS) web page associated with Computer Security. http://csrc.nist.gov/publications/fips/ • Internet Security Glosary, RFC 4949 http://www.ietf.org/rfc/rfc4949.txt?number=4949 Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 37 37 References Classic Cryptography • Bamford, J. (1982). The Puzzle Palace, A Report on NSA America's Most Secret Agency (p 35). Boston: Houghton, Mifflin Co. • • Lexicon Universal Encyclopedia, Volume 5. (1987) (p 371). New York: Lexicon Publications Inc. • Way, P (1977). The Encyclopedia of Espionage, Codes and Ciphers (pp 62-92). London: The Danbury Press, Published by Aldus Book. Khan, D. (1967). The Codebreakers (pp. 394-398, 411-426). New York: Macmillan Publishing Co., Inc. Information Assurance • Abbruscato, C.R. Data Encryption Equipment, IEEE Communications Magazine, Volumen 22, No. 9 (September 1984) • • • International Standards Organization (ISO), ISO 7498-2-1988 (E) Security Architecture. • • • Tanenbaum, A. (1981). Computer Networks.., Englewood Cliffs, New Jersey : Prentice-Hall, Inc. Muftic, S. (1989). Security Mechanisms for Computer Networks. New York: John Wiley & Sons. National Bureau of Standard, Federal Information Processing Standards (FIPS), Publication 113, Computer Data Authentication. Tanenbaum, A. (1981) Networks Protocols. Computing Surveys, Vol. 13, No. 4. Wolf, D (2003). Cybersecurity Getting it Right. Statement by the Director of Information Assurance National Security Agency Before The House Select Committee on Homeland Security Subcommittee on Cybersecurity, Science and Research & Development hearing on July 22, 2003 to the House of Representatives Select Committee on Homeland Security. Introduction Classic Cryptography IA OSI/TCP Stack Security Services & Mechanisms M. Mogollon – 38 38