why computer security
DESCRIPTION
Why Computer Security. The past decade has seen an explosion in the concern for the security of information Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007 Security specialists markets are expanding ! - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/1.jpg)
Why Computer Security• The past decade has seen an explosion in the
concern for the security of information– Malicious codes (viruses, worms, etc.) caused
over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007
• Security specialists markets are expanding !– “ Full-time information security professionals will
rise almost 14% per year around the world, going past 2.1 million in 2008” (IDC report)
![Page 2: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/2.jpg)
Why Computer Security (cont’d)
• Internet attacks are increasing in frequency, severity and sophistication
• Denial of service (DoS) attacks– Cost $1.2 billion in 2000– 1999 CSI/FBI survey 32% of respondents detected
DoS attacks directed to their systems– Thousands of attacks per week in 2001– Yahoo, Amazon, eBay, Microsoft, White House,
etc., attacked
![Page 3: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/3.jpg)
Why Computer Security (cont’d)• Virus and worms faster and powerful
– Melissa, Nimda, Code Red, Code Red II, Slammer …– Cause over $28 billion in economic losses in 2003,
growing to over $75 billion in economic losses by 2007.– Code Red (2001): 13 hours infected >360K machines -
$2.4 billion loss– Slammer (2003): 15 minutes infected > 75K machines
- $1 billion loss• Spams, phishing …• New Internet security landscape emerging:
BOTNETS !
![Page 4: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/4.jpg)
Outline• History of Security and Definitions• Overview of Cryptography• Symmetric Cipher
– Classical Symmetric Cipher– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 5: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/5.jpg)
The History of Computing• For a long time, security was largely ignored in
the community– The computer industry was in “survival mode”,
struggling to overcome technological and economic hurdles
– As a result, a lot of comers were cut and many compromises made
– There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful
• E.g., ADA language vs. C (powerful and easy to use)
![Page 6: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/6.jpg)
Computing Today is Very Different
• Computers today are far from “survival mode”– Performance is abundant and the cost is very
cheap– As a result, computers now ubiquitous at every
facet of society• Internet
– Computers are all connected and interdependent– This codependency magnifies the effects of any
failures
![Page 7: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/7.jpg)
Biological Analogy• Computing today is very homogeneous.
– A single architecture and a handful of OS dominates• In biology, homogeneous populations are in
danger– A single disease or virus can wipe them out overnight
because they all share the same weakness– The disease only needs a vector to travel among hosts
• Computers are like the animals, the Internet provides the vector.– It is like having only one kind of cow in the world, and
having them drink from one single pool of water!
![Page 8: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/8.jpg)
The Spread of Sapphire/Slammer Worms
![Page 9: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/9.jpg)
The Flash Worm• Slammer worm infected 75,000 machines in
<15 minutes• A properly designed worm, flash worm, can
take less than 1 second to compromise 1 million vulnerable machines in the Internet – The Top Speed of Flash Worms. S. Staniford, D.
Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004.
– Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.
![Page 10: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/10.jpg)
The Definition of Computer Security
• Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable
• Security rests on confidentiality, authenticity, integrity, and availability
![Page 11: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/11.jpg)
The Basic Components• Confidentiality is the concealment of information or
resources.– E.g., only sender, intended receiver should “understand”
message contents• Authenticity is the identification and assurance of
the origin of information.• Integrity refers to the trustworthiness of data or
resources in terms of preventing improper and unauthorized changes.
• Availability refers to the ability to use the information or resource desired.
![Page 12: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/12.jpg)
Security Threats and Attacks• A threat/vulnerability is a potential violation
of security.– Flaws in design, implementation, and operation.
• An attack is any action that violates security.– Active adversary
• An attack has an implicit concept of “intent”– Router mis-configuration or server crash can also
cause loss of availability, but they are not attacks
![Page 13: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/13.jpg)
Friends and enemies: Alice, Bob, Trudy• well-known in network security world• Bob, Alice (lovers!) want to communicate “securely”• Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, control messages
data data
Alice Bob
Trudy
![Page 14: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/14.jpg)
Eavesdropping - Message Interception (Attack on
Confidentiality)• Unauthorized access to information• Packet sniffers and wiretappers• Illicit copying of files and programs
A B
Eavesdropper
![Page 15: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/15.jpg)
Integrity Attack - Tampering With Messages
• Stop the flow of the message• Delay and optionally modify the message• Release the message again
A B
Perpetrator
![Page 16: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/16.jpg)
Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity• Generate and distribute objects under this
identity
A B
Masquerader: from A
![Page 17: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/17.jpg)
Attack on Availability• Destroy hardware (cutting fiber) or software• Modify software in a subtle way (alias commands)• Corrupt packets in transit
• Blatant denial of service (DoS):– Crashing the server– Overwhelm the server (use up its resource)
A B
![Page 18: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/18.jpg)
Classify Security Attacks as• Passive attacks - eavesdropping on, or
monitoring of, transmissions to:– obtain message contents, or– monitor traffic flows
• Active attacks – modification of data stream to:– masquerade of one entity as some other– replay previous messages– modify messages in transit– denial of service
![Page 19: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/19.jpg)
Outline• Overview of Cryptography• Symmetric Cipher
– Classical Symmetric Cipher– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 20: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/20.jpg)
Basic Terminology• plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key• cryptology - the field of both cryptography and
cryptanalysis
![Page 21: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/21.jpg)
Classification of Cryptography• Number of keys used
– Hash functions: no key– Secret key cryptography: one key– Public key cryptography: two keys - public,
private• Type of encryption operations used
– substitution / transposition / product• Way in which plaintext is processed
– block / stream
![Page 22: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/22.jpg)
Secret Key vs. Secret Algorithm
• Secret algorithm: additional hurdle• Hard to keep secret if used widely:
– Reverse engineering, social engineering• Commercial: published
– Wide review, trust• Military: avoid giving enemy good ideas
![Page 23: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/23.jpg)
Unconditional vs. Computational Security
• Unconditional security – No matter how much computer power is available,
the cipher cannot be broken – The ciphertext provides insufficient information to
uniquely determine the corresponding plaintext – Only one-time pad scheme qualifies
• Computational security – The cost of breaking the cipher exceeds the value
of the encrypted info– The time required to break the cipher exceeds the
useful lifetime of the info
![Page 24: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/24.jpg)
Brute Force Search
Key Size (bits) Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106 decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years
5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years
5.9 1030 years
26 characters (permutation)
26! = 4 1026 2 1026 µs = 6.4 1012 years
6.4 106 years
• Always possible to simply try every key • Most basic attack, proportional to key size • Assume either know / recognise plaintext
![Page 25: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/25.jpg)
Outline• Overview of Cryptography• Classical Symmetric Cipher
– Substitution Cipher– Transposition Cipher
• Modern Symmetric Ciphers (DES and AES)• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 26: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/26.jpg)
Symmetric Cipher Model
![Page 27: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/27.jpg)
Requirements• Two requirements for secure use of
symmetric encryption:– a strong encryption algorithm– a secret key known only to sender / receiver
Y = EK(X)X = DK(Y)
• Assume encryption algorithm is known• Implies a secure channel to distribute key
![Page 28: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/28.jpg)
Classical Substitution Ciphers• Letters of plaintext are replaced by other
letters or by numbers or symbols• Plaintext is viewed as a sequence of bits,
then substitution replaces plaintext bit patterns with ciphertext bit patterns
![Page 29: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/29.jpg)
Caesar Cipher• Earliest known substitution cipher• Replaces each letter by 3rd letter on• Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
![Page 30: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/30.jpg)
Caesar Cipher• Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Mathematically give each letter a numbera b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
• Then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
![Page 31: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/31.jpg)
Cryptanalysis of Caesar Cipher • Only have 25 possible ciphers
– A maps to B,..Z • Given ciphertext, just try all shifts of letters• Do need to recognize when have plaintext• E.g., break ciphertext "GCUA VQ DTGCM“
• How to make it harder?
![Page 32: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/32.jpg)
Monoalphabetic Cipher• Rather than just shifting the alphabet • Could shuffle (jumble) the letters arbitrarily • Each plaintext letter maps to a different
random ciphertext letter • Key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
![Page 33: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/33.jpg)
Monoalphabetic Cipher Security
• Now have a total of 26! = 4 x 1026 keys • Is that secure? • Problem is language characteristics
– Human languages are redundant – Letters are not equally commonly used
![Page 34: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/34.jpg)
English Letter Frequencies
Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies.
![Page 35: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/35.jpg)
Example Cryptanalysis• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• Count relative letter frequencies (see text)• Guess P & Z are e and t• Guess ZW is th and hence ZWP is the• Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
![Page 36: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/36.jpg)
Transposition Ciphers• Now consider classical transposition or
permutation ciphers • These hide the message by rearranging
the letter order, without altering the actual letters used
• Any shortcut for breaking it?• Can recognise these since have the same
frequency distribution as the original text
![Page 37: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/37.jpg)
Rail Fence Cipher• Write message letters out diagonally over
a number of rows • Then read off cipher row by row• E.g., write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• Giving ciphertextMEMATRHTGPRYETEFETEOAAT
![Page 38: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/38.jpg)
Product Ciphers• Ciphers using substitutions or transpositions
are not secure because of language characteristics
• Hence consider using several ciphers in succession to make harder, but: – Two substitutions make another substitution – Two transpositions make a more complex
transposition – But a substitution followed by a transposition
makes a new much harder cipher • This is bridge from classical to modern ciphers
![Page 39: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/39.jpg)
Rotor Machines• Before modern ciphers,
rotor machines were most common complex ciphers in use
• Widely used in WW2– German Enigma, Allied
Hagelin, Japanese Purple
• Implemented a very complex, varying substitution cipher
![Page 40: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/40.jpg)
Outline• Overview of Cryptography• Classical Symmetric Cipher• Modern Symmetric Ciphers (DES/AES)• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 41: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/41.jpg)
Block vs Stream Ciphers• Block ciphers process messages in into
blocks, each of which is then en/decrypted • Like a substitution on very big characters
– 64-bits or more • Stream ciphers process messages a bit or
byte at a time when en/decrypting• Many current ciphers are block ciphers, one
of the most widely used types of cryptographic algorithms
![Page 42: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/42.jpg)
Block Cipher Principles• Most symmetric block ciphers are based on a
Feistel Cipher Structure• Block ciphers look like an extremely large
substitution • Would need table of 264 entries for a 64-bit
block • Instead create from smaller building blocks • Using idea of a product cipher
![Page 43: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/43.jpg)
Ideal Block Cipher
![Page 44: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/44.jpg)
Substitution-Permutation Ciphers• Substitution-permutation (S-P) networks
[Shannon, 1949]– modern substitution-transposition product cipher
• These form the basis of modern block ciphers • S-P networks are based on the two primitive
cryptographic operations – substitution (S-box)– permutation (P-box)
• provide confusion and diffusion of message
![Page 45: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/45.jpg)
Feistel Cipher Structure• Feistel cipher implements Shannon’s S-P
network concept– based on invertible product cipher
• Process through multiple rounds which – partitions input block into two halves– perform a substitution on left data half– based on round function of right half & subkey– then have permutation swapping halves
![Page 46: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/46.jpg)
Feistel Cipher
Structure
![Page 47: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/47.jpg)
Feistel Cipher
Decryption
![Page 48: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/48.jpg)
DES (Data Encryption Standard)• Published in 1977, standardized in 1979.• Key: 64 bit quantity=8-bit parity+56-bit
key– Every 8th bit is a parity bit.
• 64 bit input, 64 bit output.
DESEncryption
64 bit M 64 bit C
56 bits
![Page 49: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/49.jpg)
DES Top View
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keysInitial Permutation48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K164-bit Input56-bit Key
…...
![Page 50: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/50.jpg)
DES Summary• Simple, easy to implement:
– Hardware/gigabits/second, software/megabits/second
• 56-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today
• Supports several operation modes (ECB CBC, OFB, CFB) for different applications
![Page 51: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/51.jpg)
Avalanche Effect • Key desirable property of encryption alg• Where a change of one input or key bit
results in changing more than half output bits
• DES exhibits strong avalanche
![Page 52: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/52.jpg)
Strength of DES – Key Size• 56-bit keys have 256 = 7.2 x 1016 values• Brute force search looks hard• Recent advances have shown is possible
– in 1997 on a huge cluster of computers over the Internet in a few months
– in 1998 on dedicated hardware called “DES cracker” by EFF in a few days ($220,000)
– in 1999 above combined in 22hrs!• Still must be able to recognize plaintext• No big flaw for DES algorithms
![Page 53: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/53.jpg)
DES Replacement• Triple-DES (3DES)
– 168-bit key, no brute force attacks– Underlying encryption algorithm the same, no
effective analytic attacks– Drawbacks
• Performance: no efficient software codes for DES/3DES• Efficiency/security: bigger block size desirable
• Advanced Encryption Standards (AES) – US NIST issued call for ciphers in 1997– Rijndael was selected as the AES in Oct-2000
![Page 54: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/54.jpg)
AES• Private key symmetric block cipher • 128-bit data, 128/192/256-bit keys • Stronger & faster than Triple-DES • Provide full specification & design details • Evaluation criteria
– Security: effort to practically cryptanalysis– Cost: computational efficiency and memory
requirement– Algorithm & implementation characteristics:
flexibility to apps, hardware/software suitability, simplicity
![Page 55: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/55.jpg)
AES Shortlist• After testing and evaluation, shortlist in Aug-
99: – MARS (IBM) - complex, fast, high security margin – RC6 (USA) - v. simple, v. fast, low security margin – Rijndael (Belgium) - clean, fast, good security
margin – Serpent (Euro) - slow, clean, v. high security margin – Twofish (USA) - complex, v. fast, high security
margin • Then subject to further analysis & comment
![Page 56: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/56.jpg)
Outlines• Symmetric Cipher
– Classical Symmetric Cipher– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 57: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/57.jpg)
Private-Key Cryptography• Private/secret/single key cryptography
uses one key • Shared by both sender and receiver • If this key is disclosed communications are
compromised • Also is symmetric, parties are equal • Hence does not protect sender from receiver
forging a message & claiming is sent by sender
![Page 58: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/58.jpg)
Public-Key Cryptography• Probably most significant advance in the
3000 year history of cryptography • Uses two keys – a public & a private key• Asymmetric since parties are not equal • Uses clever application of number theoretic
concepts to function• Complements rather than replaces private
key crypto
![Page 59: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/59.jpg)
Public-Key Cryptography• Public-key/two-key/asymmetric
cryptography involves the use of two keys: – a public-key, which may be known by anybody,
and can be used to encrypt messages, and verify signatures
– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
• Asymmetric because– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
![Page 60: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/60.jpg)
Public-Key Cryptography
![Page 61: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/61.jpg)
Public-Key Characteristics• Public-Key algorithms rely on two keys with
the characteristics that it is:– computationally infeasible to find decryption key
knowing only algorithm & encryption key– computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known– either of the two related keys can be used for
encryption, with the other used for decryption (in some schemes)
• Analogy to delivery w/ a padlocked box
![Page 62: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/62.jpg)
Public-Key Cryptosystems
• Two major applications:– encryption/decryption (provide secrecy)– digital signatures (provide authentication)
![Page 63: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/63.jpg)
RSA (Rivest, Shamir, Adleman)• The most popular one.• Support both public key encryption and digital
signature.• Assumption/theoretical basis:
– Factoring a big number is hard.• Variable key length (usually 512 bits).• Variable plaintext block size.
– Plaintext must be “smaller” than the key.– Ciphertext block size is the same as the key length.
![Page 64: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/64.jpg)
What Is RSA?• To generate key pair:
– Pick large primes (>= 256 bits each) p and q– Let n = p*q, keep your p and q to yourself!– For public key, choose e that is relatively prime to
ø(n) =(p-1)(q-1), let pub = <e,n>– For private key, find d that is the multiplicative
inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let priv = <d,n>
![Page 65: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/65.jpg)
RSA Example1. Select primes: p=17 & q=112. Compute n = pq =17×11=1873. Compute ø(n)=(p–1)(q-1)=16×10=1604. Select e : gcd(e,160)=1; choose e=75. Determine d: de=1 mod 160 and d < 160 Value
is d=23 since 23×7=161= 10×160+16. Publish public key KU={7,187}7. Keep secret private key KR={23,17,11}
![Page 66: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/66.jpg)
How Does RSA Work?• Given pub = <e, n> and priv = <d, n>
– encryption: c = me mod n, m < n
– decryption: m = cd mod n– signature: s = md mod n, m < n– verification: m = se mod n
• given message M = 88 (nb. 88<187)• encryption:
C = 887 mod 187 = 11 • decryption:
M = 1123 mod 187 = 88
![Page 67: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/67.jpg)
Is RSA Secure?• Factoring 512-bit number is very hard!• But if you can factor big number n then given
public key <e,n>, you can find d, hence the private key by:– Knowing factors p, q, such that, n = p*q– Then ø(n) =(p-1)(q-1)– Then d such that e*d = 1 mod ø(n)
• Threat– Moore’s law– Refinement of factorizing algorithms
• For the near future, a key of 1024 or 2048 bits needed
![Page 68: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/68.jpg)
Symmetric (DES) vs. Public Key (RSA)
• Exponentiation of RSA is expensive !• AES and DES are much faster
– 100 times faster in software– 1,000 to 10,000 times faster in hardware
• RSA often used in combination in AES and DES– Pass the session key with RSA
![Page 69: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/69.jpg)
Outline• History of Security and Definitions• Overview of Cryptography• Symmetric Cipher
– Classical Symmetric Cipher– Modern Symmetric Ciphers (DES and AES)
• Asymmetric Cipher• One-way Hash Functions and Message
Digest
![Page 70: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/70.jpg)
Confidentiality => Authenticity ?
• Symmetric cipher ?– Shared key problem– Plaintext has to be intelligible/understandable
• Asymmetric cipher?– Too expensive– Plaintext has to be intelligible/understandable– Desirable to cipher on a much smaller size of
data which uniquely represents the long message
![Page 71: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/71.jpg)
Hash Functions• Condenses arbitrary message to fixed size
h = H(M) • Usually assume that the hash function is
public and not keyed• Hash used to detect changes to message• Can use in various ways with message• Most often to create a digital signature
![Page 72: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/72.jpg)
Hash Functions & Digital Signatures
![Page 73: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/73.jpg)
Requirements for Hash Functions1. Can be applied to any sized message M2. Produces fixed-length output h3. Is easy to compute h=H(M) for any message M4. Given h is infeasible to find x s.t. H(x)=h
• One-way property5. Given x is infeasible to find y s.t. H(y)=H(x)
• Weak collision resistance6. Is infeasible to find any x,y s.t. H(y)=H(x)
• Strong collision resistance
![Page 74: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/74.jpg)
Birthday Problem• How many people do you need so that the probability of
having two of them share the same birthday is > 50% ?• Random sample of n birthdays (input) taken from k (365,
output)• kn total number of possibilities• (k)n=k(k-1)…(k-n+1) possibilities without duplicate birthday• Probability of no repetition:
– p = (k)n/kn 1 - n(n-1)/2k• For k=366, minimum n = 23• n(n-1)/2 pairs, each pair has a probability 1/k of having the
same output• n(n-1)/2k > 50% n>k1/2
![Page 75: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/75.jpg)
How Many Bits for Hash?• m bits, takes 2m/2 to find two with the
same hash• 64 bits, takes 232 messages to search
(doable)• Need at least 128 bits
![Page 76: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/76.jpg)
Using Hash for Authentication
Assuming share a key KAB • Alice to Bob: challenge rA
• Bob to Alice: MD(KAB|rA)• Bob to Alice: rB
• Alice to Bob: MD(KAB|rB)• Only need to compare MD results
![Page 77: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/77.jpg)
General Structure of Secure Hash Code
• Iterative compression function– Each f is collision-resistant, so is the resulting hashing
![Page 78: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/78.jpg)
MD5: Message Digest Version 5
input Message
Output 128 bits Digest
• Until recently the most widely used hash algorithm– in recent times have both brute-force & cryptanalytic
concerns• Specified as Internet standard RFC1321
![Page 79: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/79.jpg)
MD5 Overview
![Page 80: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/80.jpg)
MD5 Overview1. Pad message so its length is 448 mod 512 2. Append a 64-bit original length value to
message 3. Initialise 4-word (128-bit) MD buffer (A,B,C,D) 4. Process message in 16-word (512-bit) blocks:
– Using 4 rounds of 16 bit operations on message block & buffer
– Add output to buffer input to form new buffer value
5. Output hash value is the final buffer value
![Page 81: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/81.jpg)
Processing of Block mi - 4 Passes
ABCD=fF(ABCD,mi,T[1..16])
ABCD=fG(ABCD,mi,T[17..32])
ABCD=fH(ABCD,mi,T[33..48])
ABCD=fI(ABCD,mi,T[49..64])
mi
+ + + +
A B C D
MDi
MD i+1
![Page 82: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/82.jpg)
Secure Hash Algorithm• Developed by NIST, specified in the Secure
Hash Standard (SHS, FIPS Pub 180), 1993• SHA is specified as the hash algorithm in
the Digital Signature Standard (DSS), NIST
![Page 83: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/83.jpg)
General Logic• Input message must be < 264 bits
– not really a problem• Message is processed in 512-bit blocks
sequentially• Message digest is 160 bits• SHA design is similar to MD5, a little
slower, but a lot stronger
![Page 84: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/84.jpg)
SHA-1 verses MD5• Brute force attack is harder (160 vs 128 bits
for MD5) • A little slower than MD5 (80 vs 64 steps)
– Both work well on a 32-bit architecture• Both designed as simple and compact for
implementation• Cryptanalytic attacks
– MD4/5: vulnerability discovered since its design– SHA-1: no until recent 2005 results raised concerns SHA-1: no until recent 2005 results raised concerns
on its use in future applicationson its use in future applications
![Page 85: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/85.jpg)
Revised Secure Hash Standard• NIST have issued a revision FIPS 180-2 in
2002• Adds 3 additional hash algorithms • SHA-256, SHA-384, SHA-512
– Collectively called SHA-2• Designed for compatibility with increased
security provided by the AES cipher• Structure & detail are similar to SHA-1• Hence analysis should be similar, but security
levels are rather higher
![Page 86: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/86.jpg)
Backup Slides
![Page 87: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/87.jpg)
Cryptanalysis Scheme• Ciphertext only:
– Exhaustive search until “recognizable plaintext”– Need enough ciphertext
• Known plaintext:– Secret may be revealed (by spy, time), thus
<ciphertext, plaintext> pair is obtained– Great for monoalphabetic ciphers
• Chosen plaintext:– Choose text, get encrypted– Pick patterns to reveal the structure of the key
![Page 88: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/88.jpg)
One-Time Pad• If a truly random key as long as the message is
used, the cipher will be secure - One-Time pad• E.g., a random sequence of 0’s and 1’s XORed
to plaintext, no repetition of keys• Unbreakable since ciphertext bears no
statistical relationship to the plaintext• For any plaintext, it needs a random key of the
same length– Hard to generate large amount of keys
• Have problem of safe distribution of key
![Page 89: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/89.jpg)
Confusion and Diffusion• Cipher needs to completely obscure statistical
properties of original message• A one-time pad does this• More practically Shannon suggested S-P
networks to obtain:• Diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext• Confusion – makes relationship between
ciphertext and key as complex as possible
![Page 90: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/90.jpg)
Bit Permutation (1-to-1)
…….
……..
1 2 3 4 32
22 6 13 32 3
Input:
Output
0 0 1 0 1
1 0 1 1 1
1 bit
![Page 91: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/91.jpg)
Per-Round Key Generation
28 bits 28 bits
48 bitsKi
Oneround
Circular Left Shift Circular Left Shift
28 bits 28 bits
Permutationwith Discard
Initial Permutation of DES key
C i-1 D i-1
C i D i
Round 1,2,9,16: single shiftOthers: two bits
![Page 92: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/92.jpg)
A DES Round
48 bits
32 bits
32 bits Ln 32 bits Rn
32 bits Ln+1 32 bits Rn+1
E
S-Boxes
P
48 bitsKi
One RoundEncryption
ManglerFunction
![Page 93: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/93.jpg)
Mangler Function4444444 4
6666666 6
+ + +++ ++ +
6666666 6
S8S1 S2 S7S3 S4 S5 S6
4444444 4
Permutation
The permutation produces “spread” among the chunks/S-boxes!
![Page 94: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/94.jpg)
Bits Expansion (1-to-m)
…….
……..
1 2 3 4 5 32Input:
Output
0 0 1 0 1 1
1 2 3 4 5 6 7 8 48
1 0 0 1 0 1 0 1 1 0
![Page 95: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/95.jpg)
S-Box (Substitute and Shrink)• 48 bits ==> 32 bits. (8*6 ==> 8*4)• 2 bits used to select amongst 4
substitutions for the rest of the 4-bit quantity
2 bitsrow
S i
i = 1,…8.
I1I2I3I4I5I6
O1O2O3O4
4 bitscolumn
![Page 96: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/96.jpg)
S-Box Examples
0 1 2 3 4 5 6 7 8 9…. 15
0 14 4 13 1 2 15 11 8 3
1 0 15 7 4 14 2 13 1 10
2 4 1 14 8 13 6 2 11 15
3 15 12 8 2 4 9 1 7 5
Each row and column contain different numbers.
Example: input: 100110 output: ???
![Page 97: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/97.jpg)
Padding Twist• Given original message M, add padding
bits “10*” such that resulting length is 64 bits less than a multiple of 512 bits.
• Append (original length in bits mod 264), represented in 64 bits to the padded message
• Final message is chopped 512 bits a block
![Page 98: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/98.jpg)
Why Does RSA Work?• Given pub = <e, n> and priv = <d, n>
– n =p*q, ø(n) =(p-1)(q-1) – e*d = 1 mod ø(n)– xed = x mod n– encryption: c = me mod n– decryption: m = cd mod n = med mod n = m mod
n = m (since m < n)– digital signature (similar)
![Page 99: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/99.jpg)
Using Hash to Encrypt
• One-time pad with KAB
– Compute bit streams using MD, and K• b1=MD(KAB), bi=MD(KAB|bi-1), …
with message blocks– Is this a real one-time pad ?– Add a random 64 bit number (aka IV)
b1=MD(KAB|IV), bi=MD(KAB|bi-1), …
![Page 100: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/100.jpg)
MD5 Process• As many stages as the number of 512-bit
blocks in the final padded message• Digest: 4 32-bit words: MD=A|B|C|D• Every message block contains 16 32-bit
words: m0|m1|m2…|m15
– Digest MD0 initialized to: A=01234567,B=89abcdef,C=fedcba98, D=76543210
– Every stage consists of 4 passes over the message block, each modifying MD
• Each block 4 rounds, each round 16 steps
![Page 101: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/101.jpg)
Different Passes...Each step i (1 <= i <= 64):• Input:
– mi – a 32-bit word from the message With different shift every round
– Ti – int(232 * abs(sin(i)))Provided a randomized set of 32-bit patterns, which eliminate any regularities in the input data
– ABCD: current MD• Output:
– ABCD: new MD
![Page 102: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/102.jpg)
MD5 Compression Function• Each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)
• a,b,c,d refer to the 4 words of the buffer, but used in varying permutations– note this updates 1 word only of the buffer– after 16 steps each word is updated 4 times
• where g(b,c,d) is a different nonlinear function in each round (F,G,H,I)
![Page 103: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/103.jpg)
MD5 Compression Function
![Page 104: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/104.jpg)
Functions and Random Numbers
• F(x,y,z) == (xy)(~x z)– selection function
• G(x,y,z) == (x z) (y ~ z)• H(x,y,z) == xy z• I(x,y,z) == y(x ~z)
![Page 105: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/105.jpg)
Basic Steps for SHA-1Step1: PaddingStep2: Appending length as 64 bit unsignedStep3: Initialize MD buffer 5 32-bit wordsStore in big endian format, most significant bit in low address
A|B|C|D|EA = 67452301B = efcdab89C = 98badcfeD = 10325476E = c3d2e1f0
![Page 106: Why Computer Security](https://reader036.vdocument.in/reader036/viewer/2022081517/56816809550346895ddd8c9d/html5/thumbnails/106.jpg)
Basic Steps...Step 4: the 80-step processing of 512-bit
blocks – 4 rounds, 20 steps each.Each step t (0 <= t <= 79):
– Input: • Wt – a 32-bit word from the message
• Kt – a constant.• ABCDE: current MD.
– Output:• ABCDE: new MD.