Confidentiality

Integrity
Availability
CIA
Secret codes
Cryptography
Passwords (hard to implement a strong password policy)
Biometrics, smartcards
Authentication
Different people have different roles and levels of control
Authorization
Eg. firewalls
Access control
Eg. Secure Socket Layer (SSL)
Protocols
Cryptography, Protocols, Access control
Large, complex, bugs
Security flaws
Viruses and worms
Software
Authentication --- Identifying users
Authorization --- Checking permission
Auditing --- Tracking users actions
Confidentiality --- Privacy Preservation
Integrity --- Avoid accidental or malicious data changes/deletion
Availability --- Keeping the system on line for legitimate users.
Services of Security
Interruption, Fabrication, Modification, Interception
Types of attacks
interrupt availability
Eg. WikiLeaks was disrupted by DoS attacks when U.S. diplomatic cables were about be released
Disruption --- denial of service
Eg. WikiLeaks release of diplomatic cables
Disclosure --- release of potentially confidential data
Deception --- acceptance of false data
Usurpation --- unauthorized assumption of control
e.g. sniffing packets for passwords
Snooping or Eavesdropping --- interception of confidential data
e.g. change a salary by editing the payroll file
Modification or Alteration --- changing data
e.g. identity theft (charging stuff to someone else's credit card)
Masquerading or Spoofing --- forging data about origin
Threats
02 Cryptography
Thursday, March 03, 2011
9:42 AM
2011 Spring Page 1
e.g. identity theft (charging stuff to someone else's credit card)
e.g. bad guy order's stuff and refuses to pay claiming he never ordered it
Repudiation of origin --- false denial of creation
e.g. bad guy orders stuff but refuses payment on first shipment claiming it never arrived
Denial of receipt --- falsely claim of nondelivery
Delay (or replay) --- cause a legitimate message to arrive at a later time
Prevention --- Makes an attack fail if attempted
Detection --- Alerts defender of attack
Offline --- Stop an attack, assess and repair damage
Online --- Maintain system functioning during compromise and repair
Recovery --- Reaction to attack
Security System requirements
scramble a message (plaintext)
Use a key and an encryption algorithm
Scrambled message is called ciphertext
Unscramble by using a decryption algorithm (reverse of encryption)
Only holders of key can unscramble
Very old idea has been around for thousands of years (Greek word means secret writing)

a b c d e f g h i j k l m n o p (input)
d e f g h i j k l m n o p q r s (output- cipher)
Replace each input letter with 3 letters to the right (also known as simple substitution cryptography)
Key is 3, encryption algorithm is shift right
receiver reverses it (same key)
Caesar Cipher (used by Julius Caesar) :
Main idea of cryptography
Ceasar cipher is shift by 3
Eg.
plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Shift by n
Eg.
plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext: Z P B Y J R G K F L X Q N W V D H M S U T O I A E C
26! ~= 2
88
possible keys
Exhaustive key search (brute force approach)to break the code not be possible within reasonable amount of
time

Can use statistical data on frequency of occurrence for letters to break the code much faster
Any permutation of the letters
Simple substitution cryptography
Write plain text into an array of given size and then permute the rows and columns according to specified
permutations

Plain text: attackatdawn

Rows (1,2,3)->(3,2,1) and then columns (1,2,3,4)->(4,2,1,3)
Ciphertext: NADWTKCAATAT
Decrypt by (1,2,3,4)-->(3,2,,4,1) and (1,2,3)-->(3,2,1)
Eg.
Double Transposition Cipher
Classic Cryptography
Cryptography
2011 Spring Page 2
Not trivial to break
Mapping between letters and bits not secret (just like ASCII)
A random key of length equal to the length of the message used
XOR key with message to encrypt and XOR with key again to decrypt
Encryption
Decryption
If a different key is used to decrypt, a different, but meaningful message can be there
Example:
This system is as secure as a code can be (provably secure)
Key length = message length
If key can be sent securely why not send the message itself?
Will make the code less secure and easier to break
Cannot use the same key more than once
Not practical
Drawbacks:
One-time pad (Vernam cipher)
Dictionary like book containing words and there corresponding codewords
If codebook is found, possible to decrypt all messages
Codebook cipher
Message in bits
Random number generated
applied to the message bits
Modern cryptographic techniques

All data (plain text, cipher text) in bits instead of alphanumeric

Random number K generated (key)
Complex Function applied to the message bits (I..e., added, subtracted, orred, exclusive orred, shifted) Encryption
Algorithm
Modern Cryptography - main idea
Private key (Symmetric )cryptography
Public key (Asymmetric) cryptography
Hash functions
Types of modern Cryptography
Same key used for encryption/decryption
Initial approaches were variants of Caesars cipher:
Private key (Symmetric) encryption
Modern Cryptograypy
2011 Spring Page 3
Key can be n, left or right
Can replace alphabets with numbers and special characters
Can change the shifts periodically
Initial approaches were variants of Caesars cipher:
DES (Data Encryption Standard) is most common Algorithm (64 bit key)
Very fast, efficient
Advantages
If someone finds out the key then can decrypt the ciphers
How the senders and receiver find the key
Not a good idea to send the key plus cipher in same message
Should be separate messages
Key can be generated by software (usual) or hardware (card)
Disadvantages
Trap the messages
Try to understand them (mostly not encrypted)
If encrypted, try to guess key (sophisticated unscramblers that run forever and try to guess the keys by using
different combinations)

Typical hacker practice:

Key must be very difficult to guess
Sophisticated key processing adds significant overhead
Stream crypto operate on continuous bits (usually implemented in hardware)
Block Crypto operate on blocks (usually implemented in software)
Two types of crypto algorithms
Operates on blocks of text usually in multiple of 8 bits (character length)
The key (cipher variable) is 64 bits
Plain text is divided into 64 bit blocks, processed in several iterations
Each block is divided into 2 parts: L
0
and R
0
(left and right bits)
R
i
= L
i-1
+ f(R
i-1
, K
i
)
The block is processed several times and new R is computed from L plus a complex function of R
and key K

Encryption algorithm:
DES (Data Encryption Standard) algorithm
Example

Public key everyone knows (used for encryption)

Private key only the receiver knows (used for decryption)
Even if someone knows the key used for encryption, cannot use it for decryption (hence asymmetric)
Very suitable for the Internet- Anyone can send a message, only one can decrypt
Every user has two keys:
Definition:
M: Message (plain text)
E: algorithm uses public key (e) -everyone knows it (used for Encryption)
D: algorithm uses private key (d) - only receiver knows (used for decryption)
Given:
1. D(E(M) = M
2. E(D(M) = M
3. Given E, it is not possible to determine D
4. Given D, it is not possible to determine E
The following relationships hold
Each person (A, B,,) has two keys (EA , DA), (EB , DB),,
Gets EA
Encrypts M using E
A
(i.e., calculate E
A
(M) )
Sends it to A
A decrypts EA(M)by using DB (i.e., calculates DB (EA(M)) = M)
Sender B sends M to A

RSA (Rivest, Shamir,Adelman) is most common algorithm - complicated

Example
Public key (Asymmetric) cryptography
2011 Spring Page 4
RSA (Rivest, Shamir,Adelman) is most common algorithm - complicated

Start with 2 large prime numbers: p and q (contain hundreds of digits)

prime numbers (no divisors other than itself and 1). Examples: 2, 3, 7, 11, 13, 17, 19
Define
n = p.q
and
Example: For p = 3, q =7, we get n =21, t =12
t = (p-1).(q-1)
Now choose an integer e that has no common divisor with t , and 1<e<t (we can choose e=5)

e.d = 1 (mod t ) {mod - Modular multiplicative inversion}

(e.d-1 is divisible by t) ( we can choose d =5)
choose integer d such that 1<d<t
Numbers d, p,q,t are kept secret (used to build D)

Public key = (n,e)

Private key = (n,d)
n - modulus
e - public (encryption) exponent
d - secret (decryption) exponent
Numbers e and n are public (used to build E)

Obtains the recipient B's public key (n, e).

If the message m is larger than n, break into smaller massages such that 1<mi<n
Represents the plaintext message as a positive integer m
i
Computes the ciphertext c
i
= m
i
e
(mod n).
Sends the ciphertext ci to B.
Sender A does the following:-
Encryption

Uses his private key (n, d) to compute mi = ci

d
(mod n).
Extracts the plaintext from the message representative m
i
.
Recipient B does the following:-
Decryption
Example: Note that "phi" is used instead of "t" in the following example
Simplified RSA algorithm:
Its security is based on the difficulty of factoring large integers.

RSA algorithm is very complex (large prime numbers)

Primary advantage of private key cryptography is efficiency (fast)

Performance is very slow (can be up to 1000 times slower than private key cryptography)
Performance degrades with message size

No shared key is necessary

E(D(M) = M
Anyone can decrypt, but only the user can encrypt
Like a signature
Encrypt with user's private key
Can not repudiate
Can be used as a digital signature
Major advantages of public key cryptography
Performance of Public Key Systems
2011 Spring Page 5
Can not repudiate

similar to digital signature

generate a secret key (called a session key)
encrypt the message by using the session key and symmetric algorithm(e.g., DES)
encrypt the session key with the recipients' public key (this is digital signature)
send the digital envelop plus the encrypted message to the receiver
Digital envelope (use public key to encrypt keys only)
Compromise: Hybrid Crypto system

Everything required to securely use public key crypto

Generation and management of public and private keys

Key generation and management

User's name + public key (+ any other information of value)

Issued with an expiration date
Digital certificate (public key certificate)

A trusted third party (TTP) that confirms the identity in the certificate

Anyone can verify the signature using CA's public key

Certificate must be signed by the CA
Eg. VeriSign
Certificate Authority (CA)
Certificate authorities (CAs)

Issued by mistake or if the private key is compromised

A list of invalid certificates
Certificate revocation lists (CRLs)
PKI deals with
Public Key Infrastructure (PKI)
2011 Spring Page 6