1 today’s topics security –demo from rsa security () –slides taken from kevin wayne &...

1

Today’s topics

• Security– Demo from RSA Security (www.rsa.com)– Slides taken from Kevin Wayne & Robert

Sedgewick at Princeton University– For further reference “Applied Cryptography” by

Bruce Schneier• Upcoming

– Complexity• Reading

– Sections 4.6 and 11 in Brookshear.– Chapters 11,13 in Great Ideas.

2

Security• Computer Security is the prevention of, or protection

against:– Access to information by unauthorized recipients– Intentional but unauthorized destruction or

alteration of that information.• Authentication: verifying the identity of a person or

system– Username and Password– What is an example of a good password?– Change your password often. A particular

implementation of this idea is ONE-TIME PASSWORDS.

– Physical security of the system is also important.

3

Cryptography

Cryptography: science of creating secret codes.

Cryptanalysis : science of code breaking

Cryptology: science of secret communication.

Goal: Information Security in presence of malicious adversaries.– Confidentiality…– Integrity…– Authentication…– Authorization…– Non-repudiation…

RSA PRESENTATION

4

Algorithms & KeysRestricted Algorithm• If the security depends on keeping the working of the

algorithm secret.• Can’t support a large or changing group of users…Why?• No quality control.Modern cryptology solves this with a KEY (K).• Key might be any of a large number of values.• Range of possible values called a keyspace.• Now security depends on the security of the Key.• The algorithms for encrypting and decrypting can be mass

produced and optimized.

5

Algorithms & Keys

Two general types of Key based algorithms

• Symmetric Algorithms– Symmetric => same key for encryption and

decryption– Also called Private key algorithms.

• Public-Key Algorithms– Different encryption and decryption keys.

6

Attacks!

• Ciphertext-only Attack..

• Known-plaintext Attack..

• Chosen-plaintext Attack..

• Chosen-ciphertext Attack..

• Rubber-hose cryptanalysis..

7

Security levels ?

• Total Break!– Cryptanalyst find the key.

• Global Deduction.– Cryptanalyst finds alternate algorithm equivalent to the decrypting (or

encrypting) algorithm without the key.• Local Deduction.

– Cryptanalyst finds plaintext of a particular intercepted ciphertext.• Information Deduction

– Cryptanalyst gains some incomplete knowledge about the key or plaintext.

• Unconditionally Secure.– Not breakable by even brute-force attack..EVER..

• Computationally secure.– Can’t be broken given the current available resourses.

8

Private Key EncryptionAssume message is encoded as binary string.ASCI

9

Public Key Encryption

10

Public Key EncryptionBob has N-Bit message to send to Alice.• Alice has public and secret key.

– PUBLIC key = published on Web in digital phonebook (VERISIGN).

– PRIVATE key = known only by Alice.

• Bob encrypts message using Alice’s public key.• Alice decrypts message using her private key.

To achieve security, need following properties:• Can encrypt message efficiently with public key.• Can decrypt message efficiently with private key.• CANNOT decrypt message efficiently with public key alone.

11

Factoring!Factoring of large numbers is HARD.• This is the underlying assumption in RSA and

many other public key algorithms.

Is it hard?...• Review the process for factoring a number.• The one we follow is Brute-force approach!• Will be extremely hard even for a computer if

the number is (say) 200 digits or more.

12

RSA Public-Key CryptosystemRSA cryptosystem (Rivest-Shamir-Adleman,1978).• Most widely used public-key cryptosystem (500 million users).• Sun, Microsoft, Apple, browsers, cell phones, ATM machines,…

Key generations.• Select two large prime numbers p and q at random.• Compute n= pq, and = (p-1)(q-1).• Choose integer e such that it is relatively prime to .• Compute d such that d e = e d = 1 (mod ).• Publish (e , n) as Public key.• Keep (d, n ) as Secret key.

Note: Don’t even need to store p, q, or . only needed to compute d.• Saving p, q speeds up decryption (Chinese Remainder Theorem).

13

RSA DetailsHow large should n = p q be?• 1,024 bits for long term security. • IE, Netscape: 40, 56 , 128 bit.• Too small => easy to break.• Too large => time consuming to encrypt/decrypt.

Number Theory => n / logen prime numbers between 2 and n.

How to compute d efficiently ?• Existence guaranteed since gcd(e,) = 1.• Fancy version of Euclid’s algorithm.

14

RSA AttacksFactoring.• Factor n = pq.• Then compute .• Then compute e.

Timing attacks.• Reconstruct d by sending C and monitoring

how long it takes to compute Cd(mod n).

Other means?• Long-standing open research question.

15

Digital SignatureAlice sends Bob a response.• Bob wants to be really sure Alice really sent it, and not

some imposter.

16

RSA Digital SignatureAlice wants to send Bob a response S.• Alice uses private key d and computes: S’= Sd (mod n).• Alice sends ( S, S’).

Bob receives digital signed response ( S, S’) .• Bob uses Alice’s public key e and checks if S = (S’)e (mod n ).• If yes, then Bob concludes S sent by Alice.• If no, then Bob concludes S or S’ corrupted in transmission, or

message is forgery.

Third party.• Bob verifies Alice’s signature on digitally signed message (e.g.

electronic check).• Bob forwards digitally signed message to bank.• Bank re-verifies Alice’s signature.

17

RSA ApplicationsSecure Internet Communication.• Browsers.• S/MIME, SSL, S/WAN.• PGP.• Microsoft Outlook.

Operating Systems.• Sun, Microsoft, Apple, Novel.

Hardware.• Cell phones.• ATM machines.• Wireless Ethernet cards.• Smart cards.• Palm Pilots.

18

Bad Cryptology.Good introductory explanation & details on Gregory Kesden’s site

(CMU)http://www-2.cs.cmu.edu/~dst/DeCSS/Kesden/

Content Scrambling System (CSS).• Use to encrypt DVD’s.• Each disc has 3 40-bit keys.• Each DVD decoder (software/hardware) has unique 40-bit key.• “Not possible” to play back on computer without disc.

DeCSS. (Canman and SoupaFrog, 1999).• Decryption algorithm written by two Norwegians.• Used “in-circuit emulator” to monitor hardware activity.

Why CSS is fatally flawed. (Policy and Legal issues..)