1 / 66

Introduction

Introduction. ECE 424 / CS 463: Computer Security. Administrative Aspects. Course web page: http://www.crhc.uiuc.edu/~yihchun/424 Syllabus: Midterm date TBA. Please report any conflicts. Probably around 10/16 or later Project: Free-form, groups of 1-3 Make-up Classes.

oriana
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction ECE 424 / CS 463: Computer Security

  2. Administrative Aspects • Course web page: • http://www.crhc.uiuc.edu/~yihchun/424 • Syllabus: • Midterm date TBA. Please report any conflicts. • Probably around 10/16 or later • Project: • Free-form, groups of 1-3 • Make-up Classes

  3. Computer Security: 10,000’ View Material borrowed from Matt Bishop’s sample slides for Computer Security: Art and Science

  4. Basic Components • Confidentiality • Keeping data and resources hidden • Integrity • Data integrity (integrity) • Origin integrity (authentication) • Availability • Enabling access to data and resources

  5. Classes of Threats • Disclosure • Snooping • Deception • Modification, spoofing, repudiation of origin, denial of receipt • Disruption • Modification • Usurpation • Modification, spoofing, delay, denial of service

  6. Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities

  7. Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds

  8. Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly

  9. Types of Mechanisms secure broad precise set of reachable states set of secure states

  10. Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design

  11. Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them?

  12. Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering

  13. Tying Together Threats Policy Specification Design Implementation Operation

  14. Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor

  15. Chapter 9: Basic Cryptography • Classical Cryptography • Public Key Cryptography • Cryptographic Checksums

  16. Overview • Classical Cryptography • Cæsar cipher • Vigènere cipher • DES • Public Key Cryptography • Diffie-Hellman • RSA • Cryptographic Checksums • HMAC

  17. Cryptosystem • Quintuple (E, D, M, K, C) • M set of plaintexts • K set of keys • C set of ciphertexts • E set of encryption functions e: M KC • D set of decryption functions d: C KM

  18. Example • Example: Cæsar cipher • M = { sequences of letters } • K = { i | i is an integer and 0 ≤ i ≤ 25 } • E = { Ek | kK and for all letters m, Ek(m) = (m + k) mod 26 } • D = { Dk | kK and for all letters c, Dk(c) = (26 + c – k) mod 26 } • C = M

  19. Attacks • Opponent whose goal is to break cryptosystem is the adversary • Assume adversary knows algorithm used, but not key • Three types of attacks: • ciphertext only: adversary has only ciphertext; goal is to find plaintext, possibly key • known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key • chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key

  20. Basis for Attacks • Mathematical attacks • Based on analysis of underlying mathematics • Statistical attacks • Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. • Called models of the language • Examine ciphertext, correlate properties with the assumptions.

  21. Classical Cryptography • Sender, receiver share common key • Keys may be the same, or trivial to derive from one another • Sometimes called symmetric cryptography • Two basic types • Transposition ciphers • Substitution ciphers • Combinations are called product ciphers

  22. Transposition Cipher • Rearrange letters in plaintext to produce ciphertext • Example (Rail-Fence Cipher) • Plaintext is HELLO WORLD • Rearrange as HLOOL ELWRD • Ciphertext is HLOOL ELWRD

  23. Attacking the Cipher • Anagramming • If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition • Rearrange letters to form n-grams with highest frequencies

  24. Substitution Ciphers • Change characters in plaintext to produce ciphertext • Example (Cæsar cipher) • Plaintext is HELLO WORLD • Change each letter to the third letter following it (X goes to A, Y to B, Z to C) • Key is 3, usually written as letter ‘D’ • Ciphertext is KHOOR ZRUOG

  25. Attacking the Cipher • Exhaustive search • If the key space is small enough, try all possible keys until you find the right one • Cæsar cipher has 26 possible keys • Statistical analysis • Compare to 1-gram model of English

  26. Cæsar’s Problem • Key is too short • Can be found by exhaustive search • Statistical frequencies not concealed well • They look too much like regular English letters • So make it longer • Multiple letters in key • Idea is to smooth the statistical frequencies to make cryptanalysis harder

  27. Vigènere Cipher • Like Cæsar cipher, but use a phrase • Example • Message THE BOY HAS THE BALL • Key VIG • Encipher using Cæsar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG

  28. Attacking the Cipher • Approach • Establish period; call it n • Look for repetitions in ciphertext • Break message into n parts, each part being enciphered using the same key letter • Just like attacking Cæsar • Solve each part • You can leverage one part from another

  29. One-Time Pad • A Vigenère cipher with a random key at least as long as the message • Provably unbreakable • Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters • Warning: keys must be random, or you can attack the cipher by trying to regenerate the key • Approximations, such as using pseudorandom number generators to generate keys, are not random

  30. Overview of the DES • A block cipher: • encrypts blocks of 64 bits using a 64 bit key • outputs 64 bits of ciphertext • A product cipher • basic unit is the bit • performs both substitution and transposition (permutation) on the bits • Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key

  31. Round Key Generation • 48-bit round keys are selected based on permutations of the key • Each key bit shows up in around 14 round keys Image Source: Wikipedia

  32. Feistel Structure • Each “round” processes half of the block • Easy to invert, even if f is hard to invert (why?) Image Source: Wikipedia

  33. The f Function • E is the expansion function: replicates some of the input bits • S boxes are implemented as a lookup table • Designed to be nonlinear • P is a permutation

  34. Controversy • Considered too weak • Diffie, Hellman said in a few years technology would allow DES to be broken in days • Design using 1999 technology published • Design decisions not public • S-boxes may have backdoors

  35. Undesirable Properties • 4 weak keys • They are their own inverses • 12 semi-weak keys • Each has another semi-weak key as inverse • Complementation property • DESk(m) = c DESk(m) = c • S-boxes exhibit irregular properties • Distribution of odd, even numbers non-random • Outputs of fourth box depends on input to third box

  36. Differential Cryptanalysis • A chosen ciphertext attack • Requires 247 plaintext, ciphertext pairs • Revealed several properties • Small changes in S-boxes reduce the number of pairs needed • Making every bit of the round keys independent does not impede attack • Linear cryptanalysis improves result • Requires 243 plaintext, ciphertext pairs

  37. DES Modes • Electronic Code Book Mode (ECB) • Encipher each block independently

  38. What’s Wrong With ECB • Electronic Code Book Mode (ECB) • Encipher each block independently

  39. DES Modes • Electronic Code Book Mode (ECB) • Encipher each block independently • Cipher Block Chaining Mode (CBC) • Xor each block with previous ciphertext block • Requires an initialization vector for the first one • Encrypt-Decrypt-Encrypt Mode (2 keys: k, k) • c = DESk(DESk–1(DESk(m))) • Encrypt-Encrypt-Encrypt Mode (3 keys: k, k, k) • c = DESk(DESk(DESk(m)))

  40. init. vector m1 m2 …   DES DES … c1 c2 … sent sent CBC Mode Encryption

  41. CBC Mode Decryption init. vector c1 c2 … DES DES …   m1 m2 …

  42. Self-Healing Property • Initial message • 3231343336353837 3231343336353837 3231343336353837 3231343336353837 • Received as (underlined 4c should be 4b) • ef7c4cb2b4ce6f3b f6266e3a97af0e2c 746ab9a6308f4256 33e60b451b09603d • Which decrypts to • efca61e19f4836f1 3231333336353837 3231343336353837 3231343336353837 • Incorrect bytes underlined • Plaintext “heals” after 2 blocks

  43. Current Status of DES • Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998 • Several challenges to break DES messages solved using distributed computing • NIST selected Rijndael as Advanced Encryption Standard, successor to DES • Designed to withstand attacks that were successful on DES

  44. Public Key Cryptography • Two keys • Private key known only to individual • Public key available to anyone • Public key, private key inverses • Idea • Confidentiality: encipher using public key, decipher using private key • Integrity/authentication: encipher using private key, decipher using public one

  45. Requirements • It must be computationally easy to encipher or decipher a message given the appropriate key • It must be computationally infeasible to derive the private key from the public key • It must be computationally infeasible to determine the private key from a chosen plaintext attack

  46. Diffie-Hellman • Compute a common, shared key • Called a symmetric key exchange protocol • Based on discrete logarithm problem • Given integers n and g and prime number p, compute k such that n = gk mod p • Solutions known for small p • Solutions computationally infeasible as p grows large

  47. Algorithm • Constants: prime p, integer g ≠ 0, 1, p–1 • Known to all participants • Anne chooses private key kAnne, computes public key KAnne = gkAnne mod p • To communicate with Bob, Anne computes Kshared = KBobkAnne mod p • To communicate with Anne, Bob computes Kshared = KAnnekBob mod p • It can be shown these keys are equal

  48. Example • Assume p = 53 and g = 17 • Alice chooses kAlice = 5 • Then KAlice = 175 mod 53 = 40 • Bob chooses kBob = 7 • Then KBob = 177 mod 53 = 6 • Shared key: • KBobkAlice mod p = 65 mod 53 = 38 • KAlicekBob mod p = 407 mod 53 = 38

  49. RSA • Exponentiation cipher • Relies on the difficulty of determining the number of numbers relatively prime to a large integer n

More Related