Documente Academic
Documente Profesional
Documente Cultură
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Basic Encryption and Decryption
Understand the concept of encryption/decryption
Describe the different types of ciphers
Identify the characteristics of good cipher
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Basic Concept
E
Cipher Algorithm
Cipher Algorithm
C
Encrypted Data
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Cipher Algorithm
Encrypting algorithm: a mathematical function
having the following form:
C = E (P, Ke) where Ke encryption key
Decryption algorithm: a mathematical function
having the following form:
P = D (C, Kd) where Kd encryption key
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Cryptanalysis
Attacker (cryptanalysis, intruder) - person that tries
to discover C (compromise the encryption
algorithm)
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Ciphertext only
Full or partial plaintext
Ciphertext of any plain text
Algorithm of ciphertext
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Time required at
106 Decryption/s
32
2.15 milliseconds
56
10 hours
128
168
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
10
UCSC
kasun@ucsc.cmb.ac.lk
11
Machine ciphers
The Enigma Rotor Machine (WW2)
UCSC
kasun@ucsc.cmb.ac.lk
Plain Text
:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Ci = E(Pi)= Pi+3
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
13
Monoalphabetic Substitutions
Plain Text
:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : K E Y G H I J K L M N O P Q R S T U V W X Y Z A B C
Letter Frequency
AB C D E FG H I J K LM N O PQ R STUVWXYZ
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
14
Polyalalphabetic Substitutions
Table for Odd Positions
Plain Text
:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : A D G J N O S V Y B E H K N Q T W Z C F I L O R U X
Table for Even Positions
Plain Text
:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : N S X C H M R W B G I Q V A F K P U Z E J O T Y D I
Plain Text
: SSIBL
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
15
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
16
:V E R NA M C
Numeric Equivalent : 21 4 17 13 0 12 2
I P H E R
8 15 7 4 17
+Random Number : 76 48 16 82 44 3 58 11 60 5 48 88
= Sum
: 97 52 33 95 44 15 60 19 75 12 52 105
=Mod 26
: 19 0
17 18 15 8 19 23 12 0 1
Cipher text
: t
s p I t
m a b
:101000111001101
+ Random Stream : 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1
Cipher text
UCSC
kasun@ucsc.cmb.ac.lk
:111110010111000
All rights reserved. No part of this material may be reproduced and sold.
17
All rights reserved. No part of this material may be reproduced and sold.
18
Transpositions (Permutation)
Columnar Transposition
c1
c6
c11
c2
c7
c12
c3
c8
etc.
c4
c9
c5
c10
c1
c6
c11
UCSC
kasun@ucsc.cmb.ac.lk
c2
c7
c12
c3
c8
etc.
c4
c9
c5
c10
All rights reserved. No part of this material may be reproduced and sold.
19
All rights reserved. No part of this material may be reproduced and sold.
20
Stream Cipher
Key (Optional)
ISSOPMI
Plain text
WEHTUA..
Cipher text
Cipher
Advantage
Speed of transformation
Low error propagation
Cipher text(F)
Plain text (A)
Disadvantage
Low diffusion
Susceptibility to malicious insertion and modifications
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
21
Block Cipher
XN
OI
TP
YR
CN
ES
Key (Optional)
BA
QC
KD
EM
MC
Disadvantage
Plain text
Cipher text
Cipher
Slowness of encryption
Error propagation
Cipher text(FRWSU)
Advantage
Plain text
(AKEDF)
Diffusion
Immunity to insertion
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
22
Block Ciphers
Substitution-Permutation Ciphers
Product cipher
S-P networks is the basis of modern
symmetric cryptography
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
24
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
25
Kerckhoffs Principle
The security of the encryption scheme must depend
only on the secrecy of the key and not on the secrecy
of the algorithms.
Reasons:
Algorithms are difficult to change
Cannot design an algorithm for every pair of users
Expert review
No security through obscurity!
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
26
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
27
Confusion
Confusion
The interceptor should not be able to predict
what changing one character in the plaintext
will do to the ciphertext
Plaintext
Ciphertext
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
28
Diffusion
Diffusion
The characteristics of distributing the
information from single plaintext letter over
the entire ciphertext
Plaintext
KAS U N
ANHYJ
Ciphertext
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
29
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Handle properties of arithmetic, which are the
fundamental of encryption systems
Recognize the concept of symmetric and
asymmetric key cryptography
Describe the different symmetric and asymmetric
key and hash algorithms
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
All rights reserved. No part of this material may be reproduced and sold.
Prime Numbers
Prime numbers only have divisors of 1 and self they
cannot be written as a product of other numbers
E.g. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53
59 61 67 71 73 79 83 89 97 101 103 107 109
113 127 131 137 139 149 151 157 163 167 173
179 181 191193 197 199
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Prime Factorization
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Primality Testing
In Cryptography, we often need to find large prime
numbers
Traditionally method using trial division
i.e. divide by all numbers (primes) in turn less than
the square root of the number
only works for small numbers
Alternatively can use statistical primality tests based
on properties of primes
for which all primes numbers satisfy property but
some composite numbers, called pseudo-primes, also
satisfy the property
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
if r=1
if r is even
if r is odd and r = 1
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Euclidean Algorithm
gcd(a,b)=gcd(b,r) a>b>r>=0
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
All rights reserved. No part of this material may be reproduced and sold.
10
Example: GCD(1970,1066)
1970 = 1 x 1066 + 904
1066 = 1 x 904 + 162
904 = 5 x 162 + 94
162 = 1 x 94 + 68
94 = 1 x 68 + 26
68 = 2 x 26 + 16
26 = 1 x 16 + 10
16 = 1 x 10 + 6
10 = 1 x 6 + 4
6 = 1 x 4 + 2
4 = 2 x 2 + 0
UCSC
kasun@cmb.ac.lk
gcd(1066, 904)
gcd(904, 162)
gcd(162, 94)
gcd(94, 68)
gcd(68, 26)
gcd(26, 16)
gcd(16, 10)
gcd(10, 6)
gcd(6, 4)
gcd(4, 2)
gcd(2, 0)
All rights reserved. No part of this material may be reproduced and sold.
11
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
12
Finding Inverse
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
13
Finding Inverses
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
14
Modular Arithmetic
Property
Example
Associatively
Commutativity
Distributivity
Reducibility
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
15
Fermats Theorem
ap mod p = a
or
ap-1 mod p = 1
1
2
ax mod p =1
Combine with equation 2,
ax mod p =1= ap-1 mod p
x= ap-2 mod p
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
16
Discrete Logarithms
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
17
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
18
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
19
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
20
Public--Key Cryptography
Public
Very significant advance in the history of cryptography
Uses two keys a public and a private key
Asymmetric since parties are not equal
Uses clever application of number theoretic concepts to
function
Complements rather than replaces symmetric key
cryptography
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
21
UCSC
kasun@cmb.ac.lk
Plaintext
Encryption algorithm
Public and private key
Ciphertext
Decryption algorithm
All rights reserved. No part of this material may be reproduced and sold.
22
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Public Key of B
A-Sender
Private Key of B
B-Recipient
Decryption
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
23
Signing
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Public Key of A
Private Key of A
A-Sender
B-Recipient
Decryption
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
24
Public--Key Cryptography
Public
Public-key/two-key/asymmetric cryptography involves
the use of two keys:
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
25
All rights reserved. No part of this material may be reproduced and sold.
26
All rights reserved. No part of this material may be reproduced and sold.
27
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
28
Diffie-Hellman
Echange a secret key securely
Compute discrete logarithms
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
29
All rights reserved. No part of this material may be reproduced and sold.
Revest--ShamirRevest
Shamir-Adelman (RSA)
By Rivest, Shamir and Adelman in 1978
1. Find 2 large prime numbers p and q (100 digits=512bits)
2. Calculate the product n=p*q (n is around 200 digits)
3. Select large integer e relatively prime to (p-1)(q-1)
Relatively prime means e has no factors in common with (p-1)(q-1).
Easy way is select another prime that is larger than both(p-1) and (q-1).
4. Select d such that e*d mod (p-1)*(q-1)=1
Encryption
C=Pe mod n
Decryption
P=Cd mod n
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
31
Plaintext:
M<n
Ciphertext:
C = Me (mod n)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
32
Ciphertext:
Plaintext:
M = Cd (mod n)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
33
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
34
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
35
El Gamal Algorithm
In 1984 by El Gamal
This algorithm relies on the difficulty of computing
discrete logarithm over finite field
1. First choose a prime p and two integers, a and x, such that a<p and x<p
2. The prime p should be chosen so that (p-1) has a large prime factor q
3. Calculate y=ax mod p
4. The private key is x and public key is y, along with parameter p and a
5. To sign a message m, choose a random integer k ,
0<k<p-1, which has not used before, and which is relatively prime to (p-1)
6. Compute
r = ak mod p
s = k-1 (m-xr) mod (p-1)
Signature is r and s
7. To verify the signature compute yr rx mod p and determine that it is
equivalent to am mod p
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
36
All rights reserved. No part of this material may be reproduced and sold.
37
Hash
UCSC
kasun@cmb.ac.lk
Key
DSA
Signature
All rights reserved. No part of this material may be reproduced and sold.
38
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
39
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
40
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
41
Message
8
MAC Algorithm
MAC
8
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
42
MAC Properties
A MAC is a cryptographic checksum
MAC = CK(M)
condenses a variable-length message M
using a secret key K to a fixed-sized authenticator
It is a many-to-one function
potentially many messages have same MAC but
finding these needs to be very difficult
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
43
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
44
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
45
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
46
Hash Functions
All rights reserved. No part of this material may be reproduced and sold.
47
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
48
All rights reserved. No part of this material may be reproduced and sold.
49
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
50
MD5
Designed by Ronald Rivest (the R in RSA)
Latest in a series of MD2, MD4
Produces a 128-bit hash value
Until recently was the most widely used hash algorithm
in recent times have both brute-force & cryptanalytic
concerns
Specified as Internet standard RFC1321
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
51
MD5 Overview
1. Pad message so its length is 448 mod 512
2. Append a 64-bit length value to message
3. Initialize 4-word (128-bit) MD buffer (A,B,C,D)
4. Process message in 16-word (512-bit) blocks:
using 4 rounds of 16 bit operations on message block & buffer
add output to buffer input to form new buffer value
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
52
MD5 Overview
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
53
Strength of MD5
MD5 hash is dependent on all message bits
Rivest claims security is good as can be
Known attacks are:
Berson (92) attacked any 1 round using differential
cryptanalysis (but cant extend)
Boer & Bosselaers (93) found a pseudo collision (again unable
to extend)
Dobbertin (96) created collisions on MD compression function
(but initial constants prevent exploit)
Crypto 2004 attacks on SHA-0 and MD5
All rights reserved. No part of this material may be reproduced and sold.
54
1.
2.
3.
4.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
55
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
56
MD5
RIPEMD
RIPEMD--160
Digest length
160 bits
128 bits
160 bits
Basic unit of
processing
512 bits
512 bits
512 bits
Number of steps
80 (4 rounds of
20)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
57
All rights reserved. No part of this material may be reproduced and sold.
58
All rights reserved. No part of this material may be reproduced and sold.
59
HMAC
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
60
HMAC Structure
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
61
HMAC Security
know that the security of HMAC relates to that of
the underlying hash algorithm
attacking HMAC requires either:
brute force attack on key used
birthday attack (but since keyed would need to observe a
very large number of messages)
All rights reserved. No part of this material may be reproduced and sold.
62
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
63
All rights reserved. No part of this material may be reproduced and sold.
64
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Decryptio
n
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
65
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
66
Overview of DES
Plain text is encrypted as block of 64 bits
Normal key length 56 bits
Algorithm derived from two concepts of Shannons theory, confusion and
diffusion
Confusion - Piece of information changed,
so that the output bits have no relationship to input bits
Diffusion - Attempts to spread the effect of one plain test bit to
other bits in the cipher text
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
67
DES
Input
Key
Initial Permutation
Left Half L0 Right Half R0
Substitution
Substitution
Permutation
Permutation
Permutation
+
Left Half L16 Right Half R16
Inverse Initial Permutation
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Output
68
All rights reserved. No part of this material may be reproduced and sold.
69
Complements
Weak Keys
Eg:
0101 0101 0101 0101
FEFE FEFE FEFE FEFE
1F1F 1F1F 1F1F 1F1F
E0E0 E0E0 E0E0 E0E0
Semi-Weak Keys
Design Weakness
Key Clustering
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
70
Triple DES
Clear Text
K1
DES
K2
DES
K3
DES
Cipher Text
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
71
C = EK1[DK2[EK1[P]]]
Note: encrypt & decrypt equivalent in security
if K1=K2 then can work with single DES
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
72
DES-- AES
DES
Clearly, a replacement for DES was needed
have theoretical attacks that can break it
have demonstrated exhaustive key search attacks
Can use Triple-DES but slow with small blocks
NIST issued a call for ciphers in 1997
15 candidates accepted in June 1998
5 were short listed in August 1999
Rijndael was selected as the AES in October 2000
Issued as FIPS PUB 197 standard in November 2001
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
73
AES Requirements
Private key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger & faster than Triple-DES
Active life of 20-30 years (+ archival use)
Provide full specification & design details
Both C & Java implementations
NIST has released all submissions &
unclassified analyses
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
74
AES Shortlist
After testing and evaluation, shortlist in August 1999:
MARS (IBM) - complex, fast, high security margin
RC6 (USA) - v. simple, v. fast, low security margin
Rijndael (Belgium) - clean, fast, good security margin
Serpent (Euro) - slow, clean, v. high security margin
Twofish (USA) - complex, v. fast, high security margin
All rights reserved. No part of this material may be reproduced and sold.
75
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
76
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
77
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
78
DES
DES
DES
DES
Cipher text
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
79
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
80
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
81
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
82
IV
K
DES
DES
DES
DES
Cipher text
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
83
Message
8
IV
DES
DES
DES
DES
MAC
864
UCSC
kasun@cmb.ac.lk
864
864
All rights reserved. No part of this material may be reproduced and sold.
8
84
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
85
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
86
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
87
Skipjack
Encryption
Escrow
Agency
Cipher Text
Decryption
Decryption
32 rounds
80 bit key
64 bit block of plain text
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Clear Text
88
Blowfish
Easy to implement
High execution speed
Run in less than 5K of memory
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
89
90
Stream Ciphers
Process the message bit by bit (as a stream)
Typically have a (pseudo) random stream key
Combined (XOR) with plaintext bit by bit
Randomness of stream key completely destroys any
statistically properties in the message
Ci = Mi XOR StreamKeyi
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
91
All rights reserved. No part of this material may be reproduced and sold.
92
RC4
A proprietary cipher owned by RSA DSI
Another Ron Rivest design, simple but effective
Variable key size, byte-oriented stream cipher
Widely used (web SSL/TLS, wireless WEP)
Key forms random permutation of all 8-bit
values
Uses that permutation to scramble input
information processed a byte at a time
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
93
RC4 Security
Claimed secure against known attacks
have some analyses, none practical
Result is very non-linear
Since RC4 is a stream cipher, must never reuse a key
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
94
Disadvantages
Key is revealed, the interceptors can decrypt
all encrypted information
Key distribution problem
Number of keys increases with the square of the
number of people exchanging secret information
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
95
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
T n =O[ ln n ]
All rights reserved. No part of this material may be reproduced and sold.
Questions???
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
99
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Applied Cryptography, Protocol and Practice
Describe different key management protocols
Understand the concept of public key
infrastructure and related technologies
Describe the advance cryptographic protocols
Understand the legal issues related to security of
information systems
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Applied Cryptography
Protocols and Practice
3.1
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Amal
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
X
Y
X=gx mod n
k=Yx mod n= gxy mod n
UCSC
kasun@cmb.ac.lk
Y=gy mod n
k=Xy mod n= gxy mod n
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
A B
All rights reserved. No part of this material may be reproduced and sold.
A
Key
A
UCSC
kasun@cmb.ac.lk
(Digital Envelope)
All rights reserved. No part of this material may be reproduced and sold.
A
Key
B
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Authenticity of Sender
A B
Key
A
UCSC
kasun@cmb.ac.lk
(Digital Signature)
All rights reserved. No part of this material may be reproduced and sold.
10
Verification of Signature
A B
A
Key
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
11
A
UCSC
kasun@cmb.ac.lk
Key
A
All rights reserved. No part of this material may be reproduced and sold.
12
Full Verification
(Senders/Receivers
Authenticity, Message
Protection and Integrity
A B
)
A
B
Key
A
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
B
13
Applied Cryptography
Protocols and Practice
3.2
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
14
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Certificate Authority
ACertificates
Keys
Server
CA
MAC
UCSC
kasun@cmb.ac.lk
MAC
All rights reserved. No part of this material may be reproduced and sold.
16
Certificates
A certificate binds an entity with its public key.
Its just a digitally signed piece of data.
digital ID card
Certificate =
an entitys description (name, etc.)
+
entitys public key
+
expiration date, serial number, etc.
+
CAs name
+
a signature issued by a CA
UCSC
kasun@cmb.ac.lk
Digital signature:
CA signature = certificate hash,
encrypted with CAs private key
All rights reserved. No part of this material may be reproduced and sold.
17
UCSC
kasun@cmb.ac.lk
MAC
All rights reserved. No part of this material may be reproduced and sold.
18
Country Name
State and Province Name
Locality Name
Organization Name
Organization Unit Name
Common Name
Email Address
URL
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
19
Certificate Types
Digital Signature
Key Encipherment
Data Encipherment
Key Certificate Signature
CRL Signature
Object Signing
MAC
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
20
Root Certificate
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
21
Certificate Hierarchy
CA
CA
UCSC
kasun@cmb.ac.lk
CA
All rights reserved. No part of this material may be reproduced and sold.
22
CA Hierarchy in Practice
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
23
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
24
Cross Certification
RCA
RCA
BCA
BCA
CCA
GCA
GCA
CCA
UCSC
kasun@cmb.ac.lk
B
All rights reserved. No part of this material may be reproduced and sold.
25
Bridge CA
CRL:
Justice User 6
Justice User 88
Coast Guard
CRL
BCA (L1)
CML Validates
Certificate Path
Justice
Armed Forces
ICA
FBI
CRL:
FBI User 6
FBI User 8
Army CA
Navy CA
AF CA
CPDL Builds
Certificate Path
FBI User 5
UCSC
kasun@cmb.ac.lk
Navy User 7
JASDFL;K
Original
ASDFL;KJA
Message
SD2
(Decrypted,
Sig Verified)
04978AS
All rights reserved. No part of this material may be reproduced and sold.
26
Certificate Revocation
Revocation is managed with a Certificate Revocation List
(CRL), a form of anti-certificate which cancels a certificate
Equivalent to 1970s-era credit card blacklist booklets
Relying parties are expected to check CRLs before using
a certificate
This certificate is valid unless you hear somewhere that it isnt
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
27
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
28
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
29
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
30
OCSP Problems
Problems are due in some extent to the CRL-based origins
of OCSP
CRL can only report a negative result
Not revoked doesnt mean a cert was ever issued
Some OCSP implementations will report I cant find a
CRL as Good
Some relying party implementations will assume revoked
not good, so any other status = good
Much debate among implementors about OCSP semantics
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
31
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
32
Applied Cryptography
Protocols and Practice
3.3 Legal Issues
Copyrights
Patents
Trade Secrets
Computer Crime
Cryptography and the Law
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
33
Legal Issues
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
34
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
35
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
36
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
37
Copyrights
Copyrights are designed to protect the expression of
ideas. Thus, a copyright applies to a creative work, suc
h as a story, photograph, song, or pencil sketch. The ri
ght to copy an expression of an idea is protected by a c
opyright.
Copyright gives the author/programmer exclusive
right to make copies of the expression and sell them to
the public. That is, only the author can sell copies of th
e authors book (except, of course, for booksellers or ot
hers working as the agents of the author).
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
38
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
39
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
40
Copyright - Infringement
The infringement must be substantial, and it must
be copying, not independent work.
In theory, two people might write identically the
same song independently, neither knowing the othe
r. These two people would both be entitled to copyr
ight protection for their work.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
41
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
42
Patents
Patents are unlike copyrights in that they protect
inventions, not works of the mind.
The distinction between patents and copyrights is
that patents were intended to apply to the results of
science, technology, and engineering, whereas copy
rights were meant to cover works in the arts, literat
ure, and written scholarship.
The patents law excludes newly discovered laws of
nature [and] mental processes.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
43
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
44
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
45
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
46
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
47
Trade Secret
A trade secret is information that gives one company a
competitive edge over others. For example, the
formula for a soft drink is a trade secret, as is a maili
ng list of customers, or information about a product d
ue to be announced in a few months.
The distinguishing characteristic of a trade secret is
that it must always be kept secret. The owner must ta
ke precautions to protect the secret, such as storing it
in a safe, encrypting it in a computer file, or making e
mployees sign a statement that they will not disclose t
he secret.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
48
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
49
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
50
Comparisons
Copyright
Protects
Expression of idea,
not idea itself
Patent
Invention; the way
something works
Trade Secret
A secret competive
advantage
No
Requirement to
distribute
Yes
No
No
Ease of filing
Very easy,
do-it-yourself
Very complicated;
specialist lawyer
suggested
No filing
Duration
Life of human
19 years
originator or 75
years for a company
UCSC
kasun@cmb.ac.lk
Sue if invention
copied
Indefinite
Sue of secret
improperly obtained
All rights reserved. No part of this material may be reproduced and sold.
51
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
52
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
53
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
54
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
55
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
56
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
57
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
58
Embezzlement
It involves using the computer to steal or divert funds
illegally.
Hacking
It denotes a compulsive programmer or user who
explores, tests, and pushes computers and communicati
ons system to their limits - often illegal activities.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
59
Records Tampering
It involves the alteration, loss, or destruction of
computerised records.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
60
Drug Crimes
Drug dealers use computers to communicate
anonymously with each other and to keep records of dr
ug deals.
Organised Crime
For all kinds of crime, the computer system may be
used as their tools.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
61
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
62
Questions?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
63
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Operating systems, database and program
security:
Identify the security features of ordinary and trusted
operating system
Evaluate the operating system security
Understand the security requirement of databases
Describe the types of computer virus and protection
methods
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Operating system
Applications programs
Users
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Operating System
Operating systems provide the fundamental
mechanisms for securing computer processing. Since
the 1960s, operating systems designers have explored
how to build secure operating systems operating
systems whose mechanisms protect the system
against a motivated adversary. Recently, the
importance of ensuring such security has become a
mainstream issue for all operating systems.
UCSC
kasun@cmb.ac.lk
memory protection
processor modes
authentication
file access control
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Authentication
Access Control
Logging & Auditing
Intrusion Detection
Recovery
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
fence
relocation
base/bounds register
segmentation
paging
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
User mode
access to memory is limited, cannot execute some instructions
Reading: http://en.wikipedia.org/wiki/CPU_modes
UCSC
All rights reserved. No part of this material may be reproduced and sold.
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
10
UCSC
kasun@cmb.ac.lk
Three rules:
1.
Keep the security kernel of an operating system as simple as possible.
2.
Users must not be able to modify the operating system.
3.
Operating system has to prevent users from accidentally or
intentionally accessing other users data.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
12
Access Control
An access enforcement mechanism authorizes requests
from multiple subjects (e.g. users, processes, etc.) to
perform operations (e.g., read, write, etc.) on
objects (e.g., files, sockets, etc.).
An operating system provides an access enforcement
mechanism.
Two fundamental concepts of access control:
kasun@cmb.ac.lk
Protection system
A protection system consists of a protection state, which describes the
operations that system subjects can perform on system objects, and a
set of protection state operations, which enable modification of that
state.
A protection system enables the definition and management of a
protection state. A protection state consists of the specific system
subjects, the specific system objects, and the operations that those
subjects can perform on those objects.
The access matrix is used to define the protection domain of a process.
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
Trusted administrators define the access matrixs labels and set the
operations that subjects of particular labels can perform on objects of
particular labels. Such protection systems are mandatory access control
(MAC) systems because the protection system is immutable to untrusted
processes.
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
Microkernel
implement many services as processes
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
20
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
21
Security Evaluation
Users of secure systems need some kind of
assurance that the products they use
provide adequate security. They could:
1. Rely on the word of the
manufacturer/service provider?
2. Test the system themselves.
3. Rely on an impartial assessment by
an independent body (evaluation).
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
22
Evaluation Criteria
The Trusted Computer Security Evaluation Criteria (TCSEC,
Orange Book) were the first evaluation criteria to gain wide
acceptance.
A number of other criteria have since been developed to improve
on the Orange Book and to unify different criteria which have
arisen:
Information Technology Security Evaluation (ITSEC)
Canadian Trusted Computer Product Evaluation Criteria
Federal Criteria
Common Criteria
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
23
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
24
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
25
Orange Book
Although the efforts were concentrated in the national security
in USA, the document also provides:
A yardstick for users to assess the degree of trust that can
be placed in a computer security system.
Guidance for manufacturers of computer security systems
A basis for specifying security requirements when
acquiring a computer security system.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
26
Classification of OS Security
D Minimal Protection
C1 Discretionary Security Protection: intended for an environment
where co-operating users process the data at the same level of integrity.
C2 Controlled Access Protection: make users individually accountable
for their actions. Most reasonable class for commercial applications.
B1 Labelled Security Protection: intended to handle classified data
and enforce mandatory policies. Include thorough security testing.
B2 Structured Protection: Increases assurance by adding
requirements to the design. e.g. Covert channel analysis.
B3 Security Domains: Highly resistant to penetration.
A1 Verified Design: Adds formal model for security policy.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
27
Common Criteria
Starting in late 90s, the Common Criteria merges ideas from its
various predecessors. The ultimate goal is an internationally set
of criteria in the form of an ISO standard.
It separates functional and security requirements from the
intensity of required testing.
Evaluation assurance levels from 1 to 7.
EAL1: Tester reads documentation and performs some tests to
confirm documented functionality.
EAL7: Developer provides formal functional specification and
high-level design, security functions must be simple enough for
formal analysis.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
28
Red Book
Red Book attempts to address network security with the
concepts and terminology of Orange Book.
Q: Are computer networks simply a specific example for computer
systems?
A: We must distinguish two different types of networks:
1.
Networks of independent components.
2.
Centralised networks (only this one is considered in Red Book).
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
29
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
30
Security Features
Identification and Authentication
Object Reuse Protection
Prevent leaks via reallocation
Clean before re-use
Complete Mediation
Mediate all means of access
File access plus direct memory access if possible
Mediate on each access, not generally done for files
UCSC
kasun@cmb.ac.lk
31
kasun@cmb.ac.lk
32
Log growth
Originally assumed security officer would review directly
Can by used for backing evidence
UCSC
kasun@cmb.ac.lk
33
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
34
Database Security
Database system security is more than securing
the database
Secure database
Secure DBMS
Secure applications
Secure operating system in relation to database system
Secure web server in relation to database system
Secure network environment in relation to database
system
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
35
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Securing Database
Users, Passwords
Default users/passwords
sys, system accounts privileged, change default passwords
scott account well-known account and password, change it
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
37
Data Confidentiality
AES
Files
encryption
Key
Fields encryption
Enc
UCSC
kasun@cmb.ac.lk
Enc
Enc
Clear
All rights reserved. No part of this material may be reproduced and sold.
AE
S
Key
* searching
* updates
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
MAC
UCSC
kasun@cmb.ac.lk
DBM
S
Data
processing
All rights reserved. No part of this material may be reproduced and sold.
AE
S
XXX
UCSC
kasun@cmb.ac.lk
Key
All rights reserved. No part of this material may be reproduced and sold.
MAC
Access control
Who can do ...
what ...
with which resource ?
Read
UCSC
kasun@cmb.ac.lk
File A
Copy
All rights reserved. No part of this material may be reproduced and sold.
File B
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
* Authorized users
* Unauthorized users
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
File A
Read
Subjects
UCSC
kasun@cmb.ac.lk
Access
requests
Reference
monitor
All rights reserved. No part of this material may be reproduced and sold.
Objects
Authorization Schemes
* ID-based
* Role-based
* User ID
* Role
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
?
Identity
John Smith
3423342
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
r, w
x, d
l, c
All rights reserved. No part of this material may be reproduced and sold.
orders
candidates
customers
employees
asoks schema
alices schema
all_users
Public objects
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
49
Doctor
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
grant LECTURER to
USER1;
DBA
candidates
employees
hrdata schema
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
51
Attrib cert
Doctor
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
53
Public Key
PKC binds a subject
and a public key
UCSC
kasun@cmb.ac.lk
Version
Version
Serial Number
Serial Number
Signature ID
Signature ID
Subject
Holder
Issuer
Issuer
Validity Period
Validity Period
Attributes
Signature
Extensions
Signature
All rights reserved. No part of this material may be reproduced and sold.
No Public Key
AC binds a holder
and attributes
54
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
55
SQL Injection
Example: SQL Injection Attack through Web Application
Application tracks own usernames and passwords in database
Client accepts username and password, passes as parameters
Application Java code contains SQL statement:
String query = "SELECT * FROM users_table " +
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
56
Data Inference
A .....
10
B .....
20
UCSC
kasun@cmb.ac.lk
A+B
All rights reserved. No part of this material may be reproduced and sold.
A-B
Data Dependency
Avg(A1,A2,A3)*3=16=A1+A2+A3
A1=5,A2=
3,
A3=8
UCSC
kasun@cmb.ac.lk
Avg(A2,A3)*2=11=A2+A3
All rights reserved. No part of this material may be reproduced and sold.
Data Classification
10
A .....
10
B .....
20
UCSC
kasun@cmb.ac.lk
15
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
$
123
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Database Queries
UCSC
kasun@cmb.ac.lk
123
4
John
All rights reserved. No part of this material may be reproduced and sold.
$
123
1
UCSC
Kamala
Professor
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
1
UCSC
Kamala
Professor
UCSC
kasun@cmb.ac.lk
20K < Rs
<30K
All rights reserved. No part of this material may be reproduced and sold.
To avoid disasters:
Back-up files
Store backups securely:
off-site, locked
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
Why backup?
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
68
Backup Policy
Frequency of backups - Identifies how often
backups actually occur.
Storage of backups - Defines how to store backups
in a secure location. It also states the mechanism
for requesting and restoring backups.
Information to be backed up - Identifies which
data needs to be backed up more frequently.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
69
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
70
Malicious Software
Malicious code often masquerades as good
software or attaches itself to good software
Some malicious programs need host
programs
Trojan horses, logic bombs, viruses
Others can exist and propagate
independently
Worms, automated viruses
There are many infection vectors and
propagation mechanisms
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
71
Malicious Software
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
72
Trojan Horses
A trojan horse is malicious code hidden in an
apparently useful host program
When the host program is executed, trojan
does something harmful or unwanted
Trojans do not replicate
This is the main difference from worms and
viruses
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
73
Zombie
program which secretly takes over
another networked computer
then uses it to indirectly launch
attacks
often used to launch distributed
denial of service (DDoS) attacks
exploits known flaws in network
systems
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
74
kasun@cmb.ac.lk
Viruses
Virus propagates by infecting other programs
Automatically creates copies of itself, but to propagate, a
human has to run an infected program
Self-propagating malicious programs are usually called
worms
kasun@cmb.ac.lk
Non-destructive viruses
Destructive viruses
Destroy data and files
Examples: Michelangelo, Dark Avenger, Joshi,
Stealth (makes hard disk inoperable) etc.
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
DONT PANIC
Work systematically. DONT RUSH
Tell system manager - IT Services
Clean up
Disinfect and Retrieve clean files
Destroy disk
Ask for help if you are not sure!
UCSC
kasun@cmb.ac.lk
Cryptovirus
A cryptovirus is a virus embedding and using a
public-key (http://www.cryptovirology.com/)
First Technique
Use the private key to encrypt the payload
Second Technique
Use a symmetric key to encrypt payload
Use the private key to encrypt the symmetric key
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
80
Worms
replicating but not infecting program
typically spreads over a network
cf Morris Internet Worm in 1988, led to creation of
CERTs
kasun@cmb.ac.lk
81
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
82
Anti-Virus Technologies
Simple anti-virus scanners
Look for signatures (fragments of known viruses)
Heuristics for recognizing code associated with viruses
For example, polymorphic viruses often use decryption
loops
Integrity checking to find modified files
Record file sizes, checksums, MACs (keyed hashes of
contents)
kasun@cmb.ac.lk
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
84
Applets
An applet is a typically small program embedded in
another application, generally a Web browser that
provides a JVM.
An applets host program provides an applet context
in which the applet executes.
An applet is generally launched from an HTML
document with an APPLET tag that specifies the
URL for the applet bytecodes
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
85
Applet security
Applets typically execute under a strict
security manager that prevents an applet
from
Accessing the local disk to read, write, delete,
or execute files.
Loading nonstandard libraries.
Opening connections to arbitrary hosts.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
86
Applet security
The tight applet security is sometimes
described as sandbox security to suggest
that an applet must play within a
confined area from which it must not
venture.
An applet is allowed to open a socket to
the server from which is downloaded, thus
enabling socket-based communications.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
87
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
E:\JavaExamples>javac writeFile.java
E:\JavaExamples>jar -cvf writeFile.jar
writeFile.class
added manifest adding: writeFile.class(in =
1747) (out= 984)(deflated 43%)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Signing a Applet:
E:\JavaExamples\SSL>keytool -genkey -alias
kasun -keystore writeFile
E:\JavaExamples\SSL>jarsigner -keystore
writeFile writeFile.jar kasun
Enter Passphrase for keystore: writeFile
E:\JavaExamples\SSL>jarsigner -verify
writeFile.jar
jar verified.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Questions?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
92
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Security in networks and distributed systems:
Describe the authentication mechanisms and protocols in
open network environment
Design security polices and network protection systems
to prevent unauthorized access in open network
environment
Identify the security requirement of the Internet
Describe the existing security solutions and protocols
Design new solutions to address the security problems in
open network environment
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
IP Security Overview
Benefits of IPSec
Transparent to applications (below transport layer
(TCP, UDP)
Provide security for individual users
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Authentication
Integrity
Access control
Confidentiality
Replay protection (Partial)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Types of communications
Host To Host
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
IPsec (SA)
No
IPse
Host B
sec
P
I
o
N
Other Hosts
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Host A
Security
Gateway
IPsec (SA)
No IPsec
Other Hosts
UCSC
kasun@cmb.ac.lk
OR
NAT
ROUTE
Internal
Network
All rights reserved. No part of this material may be reproduced and sold.
Security
Gateway
IPsec (SA)
Security
Gateway
OR
Internal
Network
UCSC
kasun@cmb.ac.lk
IPC-NAT
ROUTE
Internal
Network
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
10
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
11
Tunnel Mode
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
12
Tunnel Mode
SA
AH
Authenticates IP payload
and selected portions of IP
header and IPv6 extension
headers
Authenticates entire
inner IP packet plus
selected portions of
outer IP header
ESP
ESP with
authentication
Encrypts inner IP
packet. Authenticates
inner IP packet.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
13
OR
Frame Hdr
UCSC
kasun@cmb.ac.lk
IP Hdr
TCP/UDP
Data
All rights reserved. No part of this material may be reproduced and sold.
14
AH (Authentication Header)
IP Protocol 51
Provides authentication of packets
Does not encrypt the payload
Transport Mode
IP Hdr
AH
TCP/UDP
Data
AH
Org. IP Hdr
TCP/UDP
Tunnel Mode
New
IP IP
HdrHdr
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Data
15
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
16
IP Protocol 50
Encrypts the Payload
Provides Encryption and Authentication
Transport Mode
IP Hdr
AH
ESP
TCP/UDP
AH
ESP
Org. IP
Hdr
Data
Tunnel Mode
New IP Hdr
UCSC
kasun@cmb.ac.lk
TCP/UDP
All rights reserved. No part of this material may be reproduced and sold.
Data
17
IPSec Pitfalls
Too complicated, many different ways to
configure
Can be configured insecurely
Client security is an issue
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
18
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
19
What is VPN ?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
20
Types of VPN
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
21
When to VPN ?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
22
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
23
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Security Problems
Unauthorized or rogue access points on trusted
networks
Access to network by unauthorized clients (theft of
service, "war driving")
Interception and monitoring of wireless traffic
range can be hundreds of feet
packet analyser software freely available
Jamming is easy, unlicensed frequency
UCSC
kasun@cmb.ac.lk
25
UCSC
kasun@cmb.ac.lk
26
(In)Security in 802.11b
UCSC
kasun@cmb.ac.lk
27
WEP
UCSC
kasun@cmb.ac.lk
28
UCSC
kasun@cmb.ac.lk
29
Recommendations: General
Get informed about risks!
Regular security audits and penetration assessments
Require "strong" passwords, limit number of login
attempts
Disable ad hoc mode
invites access by unauthorized nodes to your
computer
UCSC
kasun@cmb.ac.lk
30
Recommendations:WLAN Security
WEP (fair)
enable wireless frame encryption
use longest key
change the WEP key regularly (manually)
UCSC
kasun@cmb.ac.lk
31
What is Kerberos?
Used in:
Client/Server
Peer-to-Peer
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
32
Kerberos Message 1
Authentication Server
User
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Kerberos Message 2
Authentication Server
User
Application
Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Kerberos Message 3
Authentication Server
User
WS prompts user for userID
and a password, decrypts and
verifies the ticket, and sends
new request to the TGS
Application
Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Kerberos Message 4
Authentication Server
User
TGS decrypts ticket and
authenticator, verifies
request
and creates ticket for the
requested server
Application
Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Kerberos Message 5
Authentication Server
User
Application
Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Kerberos Message 6
Authentication Server
User
Application
Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Generates an
authentication token
(Step 1)
Verifies the
authentication token
(Step 6)
Generates new
authentication token
(Step 7)
UCSC
kasun@cmb.ac.lk
Verifier
Sends the
authentication token
Verifies the
authentication token
(Step 2)
(Step 3)
Sends the
authentication token
(Step 5)
Sends the
authentication token
(Step 8)
Generates new
authentication token
(Step 4)
Verifies the
authentication token
(Step 9)
All rights reserved. No part of this material may be reproduced and sold.
39
S
S
?
S A
A
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
CA A
UCSC
kasun@cmb.ac.lk
CA
CA B
All rights reserved. No part of this material may be reproduced and sold.
Remote Authentication
CA
Registration
Administration
Application
Server
User
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
42
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
What is a Firewall?
A choke point of control and monitoring
interconnects networks with differing trust
imposes restrictions on network services
only authorized traffic is allowed
auditing and controlling access
can implement alarms for abnormal behavior
is (supposedly) itself immune to penetration
provides perimeter defense
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
44
Purpose of a Firewall
Basically, a firewall does three things to protect
the network:
It blocks incoming data that might contain a
hacker attack.
Hide internal addresses from Internet hackers.
This is called NAT.
It screens outgoing traffic to limit Internet use
and/or access to remote sites.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
45
Limitation of a Firewall
Cannot protect from attacks bypassing it
Cannot protect against internal threats
E.g. disgruntled employee
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
46
Types of Firewall
UCSC
kasun@cmb.ac.lk
Packet Filters
Stateful Packet Filters
Application Level Gateway
Circuit Level Gateway
All rights reserved. No part of this material may be reproduced and sold.
47
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
48
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
49
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
50
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
51
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
52
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
53
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
54
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
55
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
56
Stateless protocol
Problems :
1.
2.
3.
4.
5.
UCSC
kasun@cmb.ac.lk
html
Remote login
Problems :
WWW Server
1. Open system
2. Stateless protocol
3. Single login
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Access Ctrl
Table
WWW Server
Problems :
1. Decisions
2. Administration
3. Enforcement
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Protection of Messages
WWW Server
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Protection of Documents
In transmission
HTML
Doc
WWW Server
In storage
HTML
Doc
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
HTML
Doc
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
62
SSL Architecture
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
63
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
64
Handshake Protocol
The most complex part of SSL.
Allows the server and client to
authenticate each other.
Negotiate encryption, MAC algorithm and
cryptographic keys.
Used before any application data are
transmitted.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
65
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
WWW Server
Phase 1: Hello phase
Phase 2: Keys Exchange phase
Phase 3: Session Key Creation phase
Phase 4: Server Verify phase
Phase 5: Client Authentication phase
Phase 6: Finished phase
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
68
Trust
Now imagine a web browser showing
the lock on a web page. Who says that
the lock represents an SSL or
otherwise encrypted page?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Certificate VerificationTCA
PCA
HCA
PCA
Certification
Infrastructure
HCA
LCA
LCA
Security Protocols
App
client
App
server
kasun@cmb.ac.lk
70
(Un)Trusted Certificates
Pre-installed
trusted certificates
Week key length
certificates
Could be replaced
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
71
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
77
SSL
Merchant
Customer
Problems :
-
customers authenticity
impersonation
servers authenticity
fraud at ME server
non-repudiation
E-Commerce Servers
Transfers :
- Manual/WWW
- proprietary
products
Problems :
- non-standard
- insecure?
UCSC
kasun@cmb.ac.lk
Banking Network
Problems :
Expensive to maintain
Close networks
Insecure
products???
All rights reserved.
No part of this
material may be reproduced and sold.
- private lines
- FTP
- proprietary
products
Problems :
- non-standard
- insecure?
78
Merchant
Cardholder
PInitReq
PInitRes
PReq
AuthReq
AuthRes
PRes
CapReq
CapRes
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
ME
PGW
Order
UCSC
kasun@cmb.ac.lk
Payment
Gateway
Merchant
Cardholder
Order
Sign
CC
Payment (CC)
CC
Sign
All rights reserved. No part of this material may be reproduced and sold.
DoubleSign
Solution
Once login
Multiple services
Single Sign-on
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
81
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
82
Resource
Manager
ion
t
tica
1. Passport authentication
request
1
5
T
Con
tent
hen
Aut
1. Authentication response
1. Authenticated resource
request
6. Content delivery.
User (Browser)
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
83
Risks of Passport?
Global centralization
Lack of documentation
Passport uses a simple password
authentication mechanism
Problem of encryption algorithm
Problems with SSL protocol
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
84
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
85
UCSC
kasun@cmb.ac.lk
http://www.cert.org/homeusers/email_postcard.html
86
E-mail Security
Pretty Good Privacy (PGP) (www.pgp.com)
Philip R. Zimmerman is the creator of PGP.
PGP provides a confidentiality and authentication
service that can be used for electronic mail and file
storage applications.
S/MIME
Secure/Multipurpose Internet Mail Extension
S/MIME will probably emerge as the industry
standard.
PGP for personal e-mail security
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
87
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
88
Operational Description
Consist of five services:
UCSC
kasun@cmb.ac.lk
Authentication
Confidentiality
Compression
E-mail compatibility
Segmentation
All rights reserved. No part of this material may be reproduced and sold.
89
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
90
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
UCSC
kasun@cmb.ac.lk
92
Content type
Content Info
Content
Set of certificates
Version
Set of CRLs
Signer Info
Authenticated Attributes
Digest Encryption Alg.
UCSC
kasun@cmb.ac.lk
93
Version
Recipient ID (issuer and s.no.)
Recipient Info
Encrypted Key
Content type
Content Encryption Alg.
Encrypted Content
UCSC
kasun@cmb.ac.lk
94
S/MIME Functions
Enveloped Data: Encrypted content and
encrypted session keys for recipients.
Signed Data: Message Digest encrypted with
private key of signer.
Clear-Signed Data: Signed but not encrypted.
Signed and Enveloped Data: Various orderings
for encrypting and signing.
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
95
Algorithms Used
Message Digesting: SHA-1 and MDS
Digital Signatures: DSS
Secret-Key Encryption: Triple-DES, RC2/40
(exportable)
Public-Private Key Encryption: RSA with key
sizes of 512 and 1024 bits, and Diffie-Hellman
(for session keys).
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
96
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
97
Attachments
Computer viruses and other malicious software are
often spread through email attachments.
If a file attached to an email contains a virus, it is
often launched when you open (or double-click) the
attachment.
Dont open email attachments unless you know
whom it is from and you were expecting it.
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
What is spam?
Spam is anonymous, unsolicited junk email sent
indiscriminately to huge numbers of recipients.
What for?
Advertising goods and services (often of a dubious
nature)
Quasi-charity appeals
Financial scams
Chain letters
Phishing attempts
Spread malware and viruses
UCSC
kasun@cmb.ac.lk
Questions?
UCSC
kasun@cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
102