1 / 32

IE MS5710 Cryptography, security, and privacy: B asic concepts and current frontiers

IE MS5710 Cryptography, security, and privacy: B asic concepts and current frontiers. 15 January 20 13 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong. Oracle Corp to fix Java security flaw shortly.

lydie
Download Presentation

IE MS5710 Cryptography, security, and privacy: B asic concepts and current frontiers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEMS5710Cryptography, security, and privacy: Basic concepts and current frontiers 15 January 2013 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong

  2. Oracle Corp to fix Java security flaw shortly “Hackers figured out how to exploit the bug in a version of Java used with Internet browsers to install malicious software on PCs.” Report of the related (?) bug last August, 2011: http://www.ctvnews.ca/sci-tech/computer-security-experts-warn-about-java-vulnerability-1.933119 IEMS5710 - Lecture 1

  3. August 2011 IEMS5710 - Lecture 1

  4. Much of the current rioting and lootingin London (in August 2011) has been coordinated not just via Facebook and Twitter, but also via BlackBerry smartphones that use encrypted communications, according to British authorities. IEMS5710 - Lecture 1

  5. Encryption and Implementation: (Delov & Yao, 1983) • (Delov and Yao, 1983) • In a public key system, every user X has an encryption function Ex and a decryption function Dx, both mappings from {0,1}* (the set of all finite binary sequences) into {0,1}*. • A secure public directory contains all the (X, Ex) pairs, while decryption function Dx is known only to user X. • The main requirements on Ex, Dx are: • ExDx = DxEx = 1, and • Knowing Ex(M) and the public directory does not reveal anything about the value M. • Thus everyone can send X a message Ex(M), X will be able to decode it by forming Dx(Ex(M)) = M, but nobody other than X will be able to find M even if Ex(M) is available to them IEMS5710 - Lecture 1

  6. Encryption and Implementation: An Example • Consider the following protocol for sending a plaintext M between A and B: • The above protocol is a common way of authentication IEMS5710 - Lecture 1

  7. Encryption and Implementation: An Example • But it can be broken by Z in the following way • Z abuses the above protocol to decrypt other people’s ciphertext IEMS5710 - Lecture 1

  8. Encryption and Implementation: An Example • One way to overcomethe weaknessin the aboveprotocolis to encode the name of the sender together with theplaintext in the encrypted text. • Consider the following protocol (MA denotesconcatenation of M and A), (Needham and Schroeder): • Upon security proves, the above protocol is secure against attacks. IEMS5710 - Lecture 1

  9. Encryption and Implementation: An Example • What will happen if one tries to improve the above protocol by adding another layer of encryption? IEMS5710 - Lecture 1

  10. Surprisingly, this variationis breakable again! IEMS5710 - Lecture 1

  11. A tripartite relationship between Cryptography, Security, and Privacy • The aim of this course is to study cryptography primitives and protocols and their applications in ICT security and privacy ICT Environment (Machines and Human) Security Privacy Update Cryptography IEMS5710 - Lecture 1

  12. Computer Security Concepts • Definition of Computer Security • US National Institute of Standards & Technology (NIST) The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) IEMS5710 - Lecture 1

  13. Computer Security Concepts • Confidentiality • Data confidentiality • Privacy for individuals • Integrity • Data integrity: data is not altered/changed without authorization • System integrity: system perform intent functions • Availability • System available for legitimate requests IEMS5710 - Lecture 1

  14. OSI Security Architecture • The OSI Security Architecture (ITU-T X.800) • The International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) • Open Systems Interconnection (OSI) • Security attack: any action that compromises the security of information owned by an organization • Security mechanism: a process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack • Security service: a processing or communication service that enhances the security of the system or communication channels IEMS5710 - Lecture 1

  15. OSI Security Architecture • Threat • A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm • A threat is a possible danger that might exploit a vulnerability • Attack • An action that is deliberate attempt to evade security services and violate the security policy of a system IEMS5710 - Lecture 1

  16. Security Attacks • Passive attack • Eavesdrop / monitor on transmissions • Does not affect system resources • Attempts to learn or make use of information from the system • Traffic analysis: does not read the data contents but study about the pattern IEMS5710 - Lecture 1

  17. Security Attacks • Active attack • Attempts to alter system resources or affect their operation; involve modification of the data stream or the creation of a false stream • Masquerade: an entity pretend to be another entity in an authentication • Replay: (can also be used to masquerade) capture the authentication / authorization token for later use • Modification of message: alter part of the message • Denial of service: prevent normal operation of a system by sending excessive requests • DDoS of HKEx IEMS5710 - Lecture 1

  18. Security Services (X.800) • Authentication • Assure the communication is authentic • Entity authentication: the corroboration of the identity of an entity • Data origin authentication: the corroboration of the source of data • Access Control • The ability to limit and control the access to host systems and applications (the entity need to be authentication / identified first) • Data Confidentiality • The protection of transmitted data from passive attacks • Cannot be read by unauthorized parties • Data Integrity • The data stream are received as sent with no duplication, insertion, modification, reordering, or replays IEMS5710 - Lecture 1

  19. Security Services (X.800) • Non-repudiation • Prevents either sender or receiver from denying a transmitted message • Availability Service • A property, resource, or service of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system IEMS5710 - Lecture 1

  20. Security Mechanisms • Feature designed to detect, prevent, or recover from a security attack • Some of them can be implemented by cryptographic techniques For communication protocols • Encipherment • Digital Signature • Access control • Data integrity • Authentication exchange • Traffic padding • Routing control: apply when security breach is suspected • Notarization: use of trusted third party IEMS5710 - Lecture 1

  21. Security Mechanisms For operation / organization management • Trusted functionality • Security label: marking of physical properties • Event detection • Security audit trail • Security recovery IEMS5710 - Lecture 1

  22. Model for Network Security IEMS5710 - Lecture 1

  23. Model for Network Security • using this model requires us to: • design a suitable algorithm for the security transformation • generate the secret information (keys) used by the algorithm • develop methods to distribute and share the secret information • specify a protocol enabling the principals to use the transformation and secret information for a security service Needs Cryptography IEMS5710 - Lecture 1

  24. Cryptographic Algorithm and Protocols • Cryptography has a broad range of applications in network and internet security, e.g. • Symmetric encryption • DES, 3DES, AES • Used in SSL • Asymmetric encryption • Public key cryptosystem, RSA, ElGamal, Elliptic curves • Used in SSL handshakes • Data integrity • Hash functions, Message Authentication Codes • SHA, MD4, MD5 • Authentication • RSA, various other authentication protocols built from cryptographic algorithems • Use in SSL handshakes IEMS5710 - Lecture 1

  25. Cryptographic Algorithm and Protocols • Digital Signatures • ElGamal, Schnorr, DSS (Digital Signature Standard) • (public key encryption algorithms can also be used for signing) • Key Exchange • Diffie Hellman, Station-to-Station key exchange • Used in IKE (Internet Key Exchange in IPSec) • Zero-knowledge proofs • (use in E-Voting and E-Cash) IEMS5710 - Lecture 1

  26. Current Frontiers – Top Security Conferences, Journals, and Magazines • IEEE • IEEE Symposium on Security and Privacy • IEEE Transactions on Information Forensics and Security • IEEE Transactions on Dependable and Secure Computing • IEEE Security and Privacy Magazine • ACM • ACM Transactions on Information and System Security • ACM Conference on Computer and Communications Security • USENIX • USENIX Security IEMS5710 - Lecture 1

  27. Selected Papers from ACM CCS 2012 (Oct, 12) • Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software • SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes: • Amazon’s EC2 Java library and all cloud clients based on it; Amazon’s and PayPal’s merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as osCommerce, ZenCart, Ubercart, and PrestaShop; AdMob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; Java Web-services middleware—including Apache Axis, Axis 2, Codehaus XFire, and Pusher library for Android—and all applications employing this middleware. • Any SSL connection from any of these programs is insecure against a man-in-the-middle attack. The root causes of these vulnerabilities are badly designed APIs of SSL implementations (such as JSSE, OpenSSL, and GnuTLS) and data-transport libraries (such as cURL) which present developers with a confusing array of settings and options. We analyze perils and pitfalls of SSL certificate validation in software based on these APIs and present our recommendations. IEMS5710 - Lecture 1

  28. Selected Papers from ACM CCS 2012 • Why Eve and Mallory Love Android:An Analysis of Android SSL (In)Security • Many Android apps have a legitimate need to communicateover the Internet and are then responsible for protecting potentially sensitive data during transit. The paper seeks tobetter understand the potential security threats posed bybenign Android apps that use the SSL/TLS protocols toprotect data they transmit. • Since the lack of visual security indicators for SSL/TLS usage and the inadequate useof SSL/TLS can be exploited to launch Man-in-the-Middle(MITM) attacks, an analysis of 13,500 popular free appsdownloaded from Google's Play Market is presented. IEMS5710 - Lecture 1

  29. Selected Papers from ACM CCS 2012 (Con’t) • The author found that1,074 (8.0%) of the apps examined contain SSL/TLS codethat is potentially vulnerable to MITM attacks. • Variousforms of SSL/TLS misuse were discovered during a furthermanual audit of 100 selected apps that allowed the authors to successfully launch MITM attacks against 41 apps and gathera large variety of sensitive data. • An online survey was conducted to evaluate users' perceptions of certificate warnings and HTTPS visual security indicators in Android's browser, showing that half of the 754 participatingusers were not able to correctly judge whether their browsersession was protected by SSL/TLS or not. • They also introduced MalloDroid, a tool to detect potential vulnerability against MITM attacks. IEMS5710 - Lecture 1

  30. ACM CCS 2012 Keynote • 2012 : Virgil D. Gligor, Carnegie Mellon University • On the foundations of trust in networks of humans and computers • A general theory of trust in networks of humans and computers must be built on both a theory of behavioral trust and a theory of computational trust. • This argument is motivated by increased participation of people in online social networking, crowdsourcing, human computation, and socio-economic protocols • e.g., protocols modeled by trust and gift-exchange games, norms-establishing contracts, and scams/deception. • The speaker illustrated a class of interactive social protocols that relies both on trustworthy properties of commodity systems (e.g., verifiable end-to-end trusted path) and participant trust, since on-line verification of protocol compliance is often impractical • e.g., it can lead to undecidable problems, co-NP complete test procedures, and user inconvenience. IEMS5710 - Lecture 1

  31. ACM CCS 2012 Keynote (Con’t) • Trust is captured by participant preferences (i.e., risk and betrayal aversion) and beliefs in the trustworthiness of other protocol participants. • Both preferences and beliefs can be enhanced whenever protocol non-compliance leads to punishment of untrustworthy participants; • i.e., it seems natural that betrayal aversion can be decreased and belief in trustworthiness increased by properly defined punishment • Similarly, risk aversion can be decreased and trustworthiness increased by feasible recovery from participant non-compliance • General theory of trust: To focuses on the establishment ofnew trust relations where none were possible before • New trust relations wouldincrease the pool of services available to users, removecooperation barriers, and enable the “network effect” where itreally matters; i.e., at the application level. • Hence, it seemsimportant that security research should enable and promote trustenhancementinfrastructures in human and computer networks; • e.g., trust networks. • The speaker also argued that a general theory of trustshould mirror human expectations and mental models withoutrelying on false metaphors and analogies with the physical world IEMS5710 - Lecture 1

  32. References • D. Dolev and A. Yao, On the security of public key protocols, IEEE Transactions on Information Theory vol. 29, no. 2, 198-208, 1983. • R. M. Needham and M. D. Schroeder, “Using encryption for authentication in large networks of computers,” Comm. ACM, vol. 2, pp. 993-999, 1978. • V. D. Gligor, On the foundations of trust in networks of humans and computers. In Proceedings of ACM CCS 2012, 1-1, 2012. • M. Georgiev. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proceedings of ACM CCS 2012, 38-49, 2012. • S. Fahl, Why eve and mallory love android: an analysis of android SSL (in)security. In Proceedings of ACM CCS 2012, 50-61, 2012. • William Stallings, Cryptography and Network Security Principles and Practices, 5/e, Pearson • Chapter 1 IEMS5710 - Lecture 1

More Related