i-4 security. security taxonomy physical security resource exhaustion key-based security...

i-4 security

Security taxonomy

• Physical security

• Resource exhaustion

• Key-based security

• cryptography

Security dichotomy • Computer (system) Security

– automated tools and mechanisms to protect data in a computer, even if the computers are connected to a network

• against hackers (intrusion)• against viruses• against Denial of Service attacks

– Access control, authorization, …

• Internet (network) Security– measures to prevent, detect, and correct security violations that

involve the transmission of information in a network or interconnected network

– Everything on the network can be a target– Every transmitted bit can be tapped

Friends and enemies: Alice, Bob, Trudy

• well-known in network security world• Bob, Alice want to communicate “securely”• Trudy (intruder) may tap, delete, add, modify messages

securesender

securereceiver

channel data, control messages

data data

Alice Bob

Trudy

Source: Kurose at UMass

There are bad guys (and girls) out there!

Q: What can a “bad guy” do?A: A lot!

– eavesdrop: intercept messages– Insert/modify/delete messages into connection– impersonation: can fake (spoof) source address in packet

(or any field in packet)– hijacking: “take over” ongoing connection by removing

sender or receiver, inserting himself in place– denial of service: prevent service from being used by others

(e.g., by overloading resources)

Source: Kurose at UMass

Thwart the attacks! • Basic Security services

– authentication• Access control

– confidentiality– Data (or message) integrity– Non-repudiation

More Security services

• Anonymity• Availability • Accountability• Privacy • forensics

Security mechanisms

• Encipherment– Encryption and decryption– Keys

• Message digest– Hash function characteristics

• it is easy to compute the hashed value for any given message,

• it is infeasible to find a message that has a given hash,

• it is infeasible to find two different messages with the same hash

– Can have a key (Cryptographic)

• Digital Signatures– demonstrating the authenticity of a digital message or document

Meaning of Cryptography

• from Greek– Cryptos: secret, hidden– graphos: writing– cryptography: study of secret writing

Basics

Encryption(Encipherment)

Message(plaintext,cleartext)

Encryption key

Ciphertext(cryptogram)

Decryption(Decipherment)

Decryption key

plaintext

cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintextcryptography - study of encryption principles/methodscryptanalysis (codebreaking) - the study of principles/methods of deciphering

ciphertext without knowing key

Classification of Cryptosystems

• The way in which keys are used– Symmetric cryptography

• Single key– Public key cryptography

• Two keys

• the way in which plaintext is processed– Block cipher– Stream cipher

Symmetric cryptography

Symmetric Encryption

• also known as – Classical, conventional – private-key – single-key– Secret key

• sender and recipient share a common key• was only type prior to invention of public-key

cryptography– until second half of 1970’s

Symmetric Cipher Model

there must be a secure mechanism

for the distribution of this key a priori

Requirements

• two requirements for secure use of symmetric encryption:– a strong encryption algorithm– a secret key known only to sender / receiver

Y = EK(X)

X = DK(Y)

• assume encryption algorithm is known• imply a secure channel to distribute the key

X-or() in cryptography• Sender wants to send M to receiver• M (Original plaintext): 1010• K (Key): 0011• M K = 1001 (Encrypted ciphertext)

1001 transmitted

• Receiver already knows K• (M K) K= 1001 0011 = 1010 = M

-> original message is restored!

Some primitives

• Substitution• Permutation

Two types of symmetric ciphers

• Stream cipher– Encrypts one bit at a time– RC4

• Block cipher– Encrypts a block of bits at a time– DES, AES

Asymmetric cryptography

Or Public key cryptography (PKC)

PKC – General Characteristics

• public-key/two-key/asymmetric cryptography• uses 2 keys

– public-key• may be known by anybody, and can be used to encrypt

messages, and verify signatures – private-key

• known only to the recipient, used to decrypt messages, and sign (create) signatures

• keys are related to each other but it is not feasible to find out private key from the public one– Modular arithmetic

PKC – General Characteristics

• It is computationally easy to en/decrypt messages when the relevant keys are known

– RSA

• Trap-door one-way function– ku: public-key, kr: private key

Y=fku(X) easy, if ku and X are known

X=fkr-1(Y)easy, if kr and Y are known,

but infeasible if Y is known but kr is not known

Public-Key Cryptography: Encryption

Bob Alice

Another notation

• Alice has a public key, kp, and a secret key, ks

• Alice’s public key is known to Bob

• Asymmetric Cipher: F-1(F(m,kp),ks) = m

Bob Alice1. Construct

m2. Compute c=

F(m,kp)3. Send c to Bobc

4. Receive c from Alice5. Compute d=F-1(c,ks)

6. m = d

Public-Key Cryptography - Authentication

Bob Alice

Commutative!

Why PKC?

• Initially developed to address two challenging issues:– key distribution

• symmetric crypto requires how to securely share the key

• in PKI you do not need to distribute/know secret keys, but you need trusted third parties

– digital signatures (non-repudiation)• not possible with symmetric crypto

26

Diffie-Hellman (D-H) Algorithm

• D-H model’s primary contribution:– Take a prime p and a primitive element g

• Cyclic group in finite field

– Publicize both g and p

– Alice chooses some x Zp* and sends (gx mod p) to Bob

– Bob chooses some y Zp* and sends (gy mod p) to Alice

– Eve can see both (gx mod p) and (gy mod p) but she cannot calculate x or y

• Discrete logarithm problem

27

D-H Algorithm

• Alice calculates the key; k = (gy)x mod p • Bob calculates the same key; k = (gx)y mod p• Since Eve does not know x or y, she cannot calculate the

key k• Diffie and Hellman developed this method to share a key

using some publicly available information

gx mod p

gy mod pAlice Bob

PKC Applications

• 3 categories– encryption/decryption

• to provide secrecy

– digital signatures • to provide authentication and non-repudiation

– key exchange• to agree on a session key (symmetric cipher) to encrypt

data packets• Why not use public/private keys?

MESSAGE INTEGRITY

Message Digest

• Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”

• Note that H( ) is a many-to-1 function

• H( ) is often called a “hash function”

– MD5, SHA-1

• Desirable properties:– Easy to calculate

– Irreversibility: Can’t determine m from H(m)

– Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)

– Seemingly random output

large message

m

H: HashFunction

H(m)

Source: Kurose at UMass

Message Authentication Code (MAC)m

essa

ge

H( )

s

mes

sage

mes

sage

s

H( )

compare

s = shared secret

• Authenticates sender• Verifies message integrity• No encryption !• Also called “keyed hash”• Notation: MDm = H(s||m) ; send m||MDm • HMAC (Hash-based Message Authentication Code)

Source: Kurose at UMass

Digital Signatures

• data integrity, non-repudiation, authentication• Basic idea

– use private key on the message to generate a piece of information that can be generated only by yourself

• because you are the only person who knows your private key

– public key can be used to verify the signature• so everybody can verify

• Generally signatures are created and verified over the hash of the message– Not over the original message. Why?

Digital Signature – RSA approach

M: message to be signed H: Hash function

E: RSA Private Key Operation KRa: Sender’s Private Key

D: RSA Public Key OperationKUa: Sender’s Public Key

EKRa[H(M)] Signature of A over hash of M

Sender a Receiver