Security 1

The Secure Environment

Security 2

The Secure Environment

Security goals (C.I.A.) and threats

Security 3

Common Categories

1. Casual prying by nontechnical users

2. Snooping by insiders

3. Determined attempt to make money

4. Commercial or military espionage

5. Others (such as cyber wars)

Intruders

Security 4

Basics of Cryptography

Security 5

Network Is NOT Secure

A

B

C

D

ABC ABCABC

ABCABC

Security 6

A

B

C

D

~!@ ~!@~!@

~!@~!@

Encrypt Your Information

Security 7

Data Encryption Process

Encryption Decryption

Plaintext PlaintextCiphertext

Network

KEY KEY

Security 8

(a) Conventional two-way Cryptography

Encryption Decryption

Plaintext PlaintextCiphertext

Network

KEY

Encryption Decryption

Plaintext PlaintextCiphertext

Network

(b) Public Key Cryptography

KEY1 KEY2

Two Types of Cryptography

Security 9

Conventional two-way Cryptography

Encryption Decryption

Plaintext PlaintextCiphertext

Network

KEY

treaty impossible wuhdwb lpsrvvleoh treaty impossible

abcdefghijklmnopqrstuvwxyzdefghijklmnopqrstuvwxyzabc

Encryption: ci=E(pi) = pi + 3Decryption: pi=D(ci) = ci - 3

KEY:Caesar Cipher

Security 10

Conventional two-way Cryptography

Substitution Cipher•Caesar Cipher•Playfair Cipher•Etc.

Security 11

Conventional two-way Cryptography: Problems

A

B

C

D

Security 12

Public Key Cryptography

Encryption Decryption

Plaintext PlaintextCiphertext

Network

KEY1 KEY2

PublicPrivate

Security 13

Public Key Cryptography: Advantages

A

B

C

D

Private key A

Private key B

Private key D

Private key C

Public key APublic key BPublic key CPublic key D

Security 14

PKI: Certification Authority

What is a certificate? Why do we need Certification Authorities (CA) or trusted third party?

A certificate is a digitally signed statement by a CA that provides independent confirmation of an attribute claimed by a person proffering a digital signature. More formally, a certificate is a computer-based record which: (1) identifies the CA issuing it, (2) names, identifies, or describes an attribute of the subscriber, (3) contains the subscriber's public key, and (4) is digitally signed by the CA issuing it.

Security 15

Trapdoor function

Public Key Cryptography:Some Roads Are One-Way

Easy

Difficulty

N5

N1/5

Prime1 * Prime2 = Composite

Composite = Prime1 * Prime2

Trapdoor characteristics: (1) It is easy to compute f(x) from x.(2) Computation of x from f(x) is likely to be intractable.

Security 16

An Example : Encryption

EB(p) DB(EB(p)) = p

Network

User A User B

A encrypts message p using B’s public key

B decrypts the ciphertext using its own private key

Security 17

Another Example : Digital Signature

EB(DA(p))EA(DB(EB(DA(p)))) =

EA(DA(p)) = p

Network

User A User B

A signs message p using its own private key and encrypts it using B’s public key

B decrypts the ciphertext using its own private key and verifies it using A’s public key

Security 18

Hash functions

……….……….……….………..……….………

HashMessageDigest

The basic requirements for a cryptographic hash function H(x) are as follows.

•The input can be of any length. •The output has a fixed length. •H(x) is relatively easy to compute for any given x. •H(x) is one-way. •H(x) is collision-free.

Security 19

More on Digital Signature……….……….……….………..……….………

HashMessageDigest

Signature

Sign (decrypt)Using Private Key

……….……….……….………..

Signature

Append

Security 20

More on Digital Signature

HashMessageDigest

Verify (Encrypt operation)Using Public Key

……….……….……….………..

SignatureMessageDigest

Security 21

User Authentication

Security 22

Basic Principles. Authentication must identify:

1. Something the user knows

2. Something the user has

3. Something the user is

This is done before user can use the system

User Authentication

Security 23

(a) A successful login

(b) Login rejected after name entered

(c) Login rejected after name and password typed

Authentication Using Passwords

Note: be careful when failed several times.

Security 24

Authentication Using Passwords

How a cracker broke into LBL (source: A.S.Tanenbaum “Modern Operating System” course materials)

• a U.S. Dept. of Energy research lab

Security 25

Login Spoofing

% Login: % Login:

(a) Correct login screen (b) Phony login screen

Security 26

Authentication Using Passwords

The use of salt to defeat precomputation of encrypted passwords

Salt Password

,

,

,

,

Security 27

Authentication Using a Physical Object

Magnetic cards

• magnetic stripe cards

• chip cards: stored value cards, smart cards

Security 28

Authentication Using Biometrics

A device for measuring finger length.

Security 29

Countermeasures

•Limiting times when someone can log in

•Automatic callback at number prespecified

•Limited number of login tries

•A database of all logins

•Simple login name/password as a trap

• security personnel notified when attacker bites

Security 30

Secure Communications Over Insecure Channels

R. C. Merkle’s Puzzle

“secure Communications over Insecure Channels”

Communications of the ACM, 1978, Vol. 21, No. 4.

Security 31

One-way Hash Chain and TESLA•Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In Network and Distributed System Security Symposium, NDSS '01, February 2001.