This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Security in Computing – CSC 607
Wireless Security – WCM 605
Meeting 1 Tuesday, January 5, 2010 1/5/2010
1/5/2010 1 My Background US Army Materiel Command, Washington, DC (196978)
•
• 1/5/2010
1/5/2010 Vice President, Russia and Eastern Europe • Pursued a wide range of networking issues • Introduced email and office automation during Developed webbrowser tablet for K12 classroom(20002005) Northern Telecom (later Nortel Networks) (197895)
Qualcomm (199599) CEO/Founder, SegWave, Inc. (200005) Chair, Department of Computer Science and Information Systems, SOET, National University (current)
• Lead Faculty, Wireless Communications
Chaired International Federation for Information Processing (IFIP) Technical Committee on Communication Systems (TC6) 19851991
• Founded & Chaired Email Working Group (19791985) A “father of email”
• Chairman Program Committee, World Computer Congress, Hamburg, Germany 1994
President, International Council for Computer Communication (ICCC) 199296
2 Week 1 Schedule
Tuesday 1/5 The Security Problem in Computing and Networks Security and Cryptography I Video – Decoding Nazi Secrets Form teams for Week 1 Small Groups
Thursday 1/7 Security and Cryptography II Program Security Operating System Security Small group work on Week 1 Projects
Week 1 Viewing and Reading – http://www.youtube.com/watch?v=ITPAbYScIw&feature=related View Part 1 of 12 and continue through the middle of Part 5. (see next chart)
Pfleeger & Pfleeger 4th Edition Chapters 1, 3 and 4
Chandra pp xixxiv and Chapter 1
1/5/2010
1/5/2010 3 Complete Links to Video
Complete The complete video is a 1999 Public Broadcasting System documentary – “Decoding Nazi Secrets”
http://www.youtube.com/watch?v=ITPAbYScIw&feature=relat
http://www.youtube.com/watch?v=ITPAbYScIw&feature=rela Part 1 of 12
http://www.youtube.com/watch?v=Jlnc9yVKu0k&feature=relat Part 2 of 12
http://www.youtube.com/watch?v=AXwaqtLuZmI&feature=rela Part 3 of 12
http://www.youtube.com/watch?v=xv7OJe8wYsU&feature=rela
http://www.youtube.com/watch?v=xv7OJe8wYsU&feature=rel Part 4 of 12
http://www.youtube.com/watch?v=ZTp_hmHAo&feature=rela Part 5 of 12 1/5/2010 4 The Security Problem In
The
Computers and Networks
Computers 1/5/2010
1/5/2010 5 Outline The Meaning of Security
Attacks on Security • Threats, Vulnerabilities and Controls
• Method, Opportunity and Motive The Meaning of COMPUTER Security
• Computer Security Goals 1/5/2010
1/5/2010 Computer Criminals
Methods of Defense 6 What Does “Secure” Mean? Assets (things we want to secure)
•
•
•
• Physical things (house, car, etc.)
Money
Identity/Reputation
Data What can happen to our assets? (Threats/Vulnerabilities)
• Theft
• Deterioration
• Loss of integrity Physical protection mechanisms (Controls)
•
•
•
• Banks
Safes
Locks
Burglar Alarms How does your bank store your money? A) Gold? B) $1000 bills? C) Bits in a computer?
1/5/2010
1/5/2010 7 Characteristics of Computer Intrusion Any part of a computing system can be attacked
•
•
•
•
• Hardware
Software
Storage media
Data
People Would you try to attack through: A) The door? or B) The window? Principle #1 Easiest Penetration: An intruder must be expected to use any means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed 1/5/2010
1/5/2010 8 Threat Key Definitions • A set of circumstances that has the potential to cause loss or harm Vulnerability • A weakness in the security system Attack • Something done by a human to exploit a vulnerability in a system
• Example: Denial of Service – flooding a server with messages Control • A protective measure Control
Vulnerability A threat is blocked by control of a vulnerability
1/5/2010
1/5/2010 Threat 9 Kinds of Attack Interception • Unauthorized party gains access Interruption • Asset becomes unavailable, unusable, lost Modification • Asset has been tampered with Fabrication • A counterfeit object has been created 1/5/2010
1/5/2010 10 Method, Opportunity and Motive Method • The skills, knowledge, tools and other things with which to be able to pull off an attack Opportunity • Time and access to accomplish an attack Motive • A reason to want to carry out an attack against a particular system A malicious attacker must have all three 1/5/2010
1/5/2010 11 Computer/Network Security Purpose of Computer/Network Security • Devise ways to keep weaknesses from being exploited Secure
Confidentiality
and
NonRepudiation Integrity 1/5/2010
1/5/2010 Four Goals of Computer/Network Security: • Confidentiality Access restricted to authorized people
• Integrity Data is precise, accurate, unmodified or modified only in acceptable ways by authorized people or processes, consistent, internally consistent, meaningful and usable
• Availability Accessible to authorized persons at appropriate times
• NonRepudiation Sender can never deny having sent the data Availability Need for balance! Can be independent, can overlap, can even be mutually exclusive 12 How much should you spend on protection? Pfleeger & Pfleeger, Security in Computing, Figure 14, page 13 A) $100 to protect $10,000? B) $1000 to protect $1000? C) $1000 to protect $10? Principle #2 Adequate Protection: Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value
1/5/2010
1/5/2010 13 Other Exposed Assets Networks • Specialized collections of hardware, software, and data
• Networks multiply the problems of computer security
• More detailed discussion in Meeting 2 Access
•
•
• Intruder may steal time
Intruder may destroy software or data
Intruder may deny service to legitimate user Key People • Can be crucial weak points in computer security 1/5/2010
1/5/2010 14 Computer Criminals Amateurs • Most computer crimes are committed by amateurs
• Mostly ordinary computer professionals who discover they have access to something valuable Crackers • Enjoy the challenge of seeing whether it can be done
• Computer crime often seen as the ultimate victimless crime
• Motivations range from curiosity, and self satisfaction to causing chaos, loss or harm
• Often highschool or university students Career Criminals
•
•
• They understand the target
Organized crime is getting started
Corporate espionage is big Companies are often reluctant to prosecute amateurs and crackers
1/5/2010
1/5/2010 15 Your Old Hard Drive
By John Soat DREDGING UP DATA. O&O Software, a developer of harddrive utilities, last week released the results of a study it conducted recently in which O&O researchers bought 200 used hard drives on onlineauction site eBay, then examined them for recoverable data. According to O&O, almost three
quarters of the disks held data the company couldand didrebuild, including the internal memos and legal correspondence of an unnamed government agency, credit ratings from a major German bank, and documents related to accusations of fraud and embezzlement at a midsize company. But dataprotection practices are getting better, O&O says. In a similar study conducted last year, researchers discovered that 88% of the 100 disks they bought on eBay contained recoverable data. SMASH THAT HARD DRIVE! Ironically (or perhaps not), under a new Disposal Rulepart of the Fair and Accurate Credit Transactions Act of 2003
that took effect last week, companies that use data derived from consumer reports for business purposes must dispose of those records in such a way as to ensure that they cannot be misappropriated or misused. Extract from Information Week, June 6, 2005
1/5/2010
1/5/2010 16 Methods of Defense – Important
Methods
Definitions
Definitions Harm occurs when a threat is realized against a vulnerability
Protect by:
• Neutralizing the threat
• Closing the vulnerability
• Both Computer Security Controls
•
•
•
•
•
• 1/5/2010
1/5/2010 Encryption
Software Controls
Hardware Controls
Policies and Procedures
Physical Controls
Legal & Ethical Controls 17 Effectiveness of Controls Users need to be convinced of the need for controls
• Cooperation will be lax if the need is not understood
• Many users are simply unaware of the dangers Principle #3 Effectiveness: Controls must be used and used properly to be effective. They must be efficient, easy to use, and appropriate 1/5/2010
1/5/2010 Overlapping controls provide the highest level of effectiveness
18 Overlapping Controls Provide the
Overlapping
Strongest Protection
Strongest But …
Principle #4 – Weakest Link: Security can be no stronger than its weakest link 1/5/2010
1/5/2010 19 Security in Computing and Networks Security
Summary
Summary The bad news: • There are many vulnerabilities and threats. The good news: • There are powerful controls to address the vulnerabilities and control the threats 1/5/2010
1/5/2010 20 Security and Cryptography –
Security
Part I
Part 1/5/2010
1/5/2010 21 Sender (A) 1/5/2010
1/5/2010 Decryption Transmission Medium (T)
•Interceptor (I) may try to:
–Block
–Intercept
–Modify
–Fabricate Original
Message
M=D(C) Encryption Ciphertext
C=E(M) Message Terminology
Terminology Receiver (B) 22 Encryption Original
Plaintext Plaintext Key Ciphertext Encryption Algorithms Decryption Encryption Kd
Original
Plaintext Plaintext Ke Ciphertext Symmetric Cryptosystem D (E (M))=M
K
K Decryption Asymmetric Cryptosystem D (E (M))=M
Kd
ke
1/5/2010
1/5/2010 23 Steps in Symmetric Key Cryptography
Steps
(SKC)
(SKC)
1. 2. 3. 4. (Alice)
1/5/2010
1/5/2010 A and B agree on a cryptosystem (cipher to be used)
A and B agree on the key to be used
A encrypts messages using negotiated cipher and sends to B
B decrypts ciphertext using negotiated key and cipher What is the most dangerous step? (Bank)
24 Issues in SKC If Step #2 is not secure: • “Eve” (Eavesdropper) gets access to the channel during step #2
• As a result, Eve learns the key A and B decide to use Symmetric keys must be DISTRIBUTED in secret
• There is no inherent support for key distribution
• Distribution process tends to be insecure If key is stolen the whole security system fails • No graceful degradation, i.e. it doesn’t fail gradually 1/5/2010
1/5/2010 25 Illustration of Key Growth
Symmetric Key System For 6 users:
•Symmetric Key System requires 15 keys
•Public Key Encryption System needs only 12 keys
1/5/2010
1/5/2010 26 The Key Distribution Issue The number of keys required in a Symmetric Key System can quickly become unmanageable • Number of keys required grows according to the square of the number of users Number of keys needed is n * (n1) / 2 where n= No. of users Key distribution in a Public Key (Asymmetric Key) System is more manageable
• Number of keys needed = 2n, where n = No. of users 1/5/2010
1/5/2010 For 5 users, both Symmetric and Public Key systems require 10 keys
For anything more than 5 users, less keys are required with a Public Key system
27 In Class Exercise
In Using the formulas just discussed, calculate how many keys are needed for 10 users for:
A symmetric key system?
A public key system?
Submit your answer using the DyKnow submit button when you have finished your calculations.
You have two minutes to complete this exercise 1/5/2010 28 So why would you ever use SKC?
Number of Keys
Protection of Key
Best Uses Key Distribution
Speed
1/5/2010
1/5/2010 Secret Key (Symmetric) Public Key (Asymmetric) 1 2 Must be kept secret One key must be kept secret; the other is published Cryptographic workhorse: secrecy and integrity of datasingle characters to blocks of data, messages, files Key exchange, authentication Must be outofband Public key can be used to distribute other keys Fast The Solution The Problem Slow; typically 10,000 times slower than secret key
29 Principles of Asymmetric Key
Principles
Cryptography (ASK)
Cryptography Mathematical Representation of ASK:
• •
•
• DKd(EKe(M))=M Easy to compute f(x), if you know x
Extremely difficult to compute x if you know f(x)
Example: f(x) = x2 Exploits math of trapdoor oneway functions
Property of one way function f(x) f(x) = x2 is much too easy for use in cryptography Properties of trapdoor oneway function
•
•
• Easy to compute f(x), IF you know x Extremely difficult to compute x if you know f(x) UNLESS you know some secret y
Example: f(x) = Large Prime Number 1 X Large Prime Number 2 • • Knowing one of the primes is the “trapdoor” secret Mathematical Representation of Trapdoor Functions 1/5/2010
1/5/2010 The larger the primes, the harder it is to factor the product If you know one of the large primes, it is easy to compute the other x f(x) :: Easy
f(x) x :: Very Difficult
f(x) + Y x :: Easy 30 Five Minute Exercise See if you can factor 47,411,053 into its two primes during the next five minutes 1/5/2010
1/5/2010 31 Public Key Cryptography (PKC) Mathematical Representation of ASK:
• DKd(EKe(M))=M
• Kd ≠ Ke • Kd should NOT be derivable from Ke Public Key Cryptography • Either key may be chosen as the public key The other key is then chosen as the private key • For nonrepudiation make Ke the private key If receiver can decrypt with the public key, that guarantees that M came from the person holding the private key • For confidentiality, encrypt with the receivers public key Guarantees that nobody but the receiver can decrypt
• ONLY the receiver has the private key 1/5/2010
1/5/2010 32 Public Key Cryptography (PKC)
Public
Confidentiality Example
Confidentiality
1. 2.
3. 4. (Alice) 1/5/2010
1/5/2010 A and B agree on a cryptosystem (cipher to be used)
B sends public key to A
A encrypts messages using negotiated cipher and B’s public key and sends to B
B decrypts ciphertext using B’s private key and the negotiated cipher •Private key is NEVER transmitted
•Only B can decrypt the message (Bank) 33 Public Key Cryptography (PKC) Digital
Public
Signature (NonRepudiation) Example
Signature
1. 2.
3. 4. (Alice) A and B agree on a cryptosystem (cipher to be used)
B sends public key to A
B encrypts messages using negotiated cipher key and B’s private key and sends to A
A decrypts ciphertext using B’s public key and the negotiated cipher
(Bank) If it decrypts correctly, only B could have sent it
1/5/2010
1/5/2010 34 PKC Summary Each user maintains a pair of keys
• Alice – KApub , KApriv
• Bob (or Bank) KBpub , KBpriv Eavesdropper (Eve) could encrypt message with either public key
Eve cannot decrypt any messages encrypted with either public key, because Eve does not have either private key
PKC is computationally intensive!
• A major problem for limited handset processing power • Even as cell phone processing power increases, SKC will maintain a 1000:1 to 10,000 to 1 edge over PKC 1/5/2010
1/5/2010 35 PKC Limitation Assume a rogue agent gets hold of B’s public key
Assume A transmits a limited set of encrypted messages to B
• Example: Assume A is an ATM machine communicating with a central database Rogue uses B’s public key to encrypt all possible messages that A is expected to send to B • This gives rogue a set of encrypted messages that can be matched with whatever A encrypts and sends Using this mapping, the rogue can figure out what A is sending PKC is susceptible to chosen plaintext attacks 1/5/2010
1/5/2010 36 Hint for the exercise: See if you can factor 47,411,053 into its two primes during the next five minutes Please submit your answer now.
One of the primes is 5987. Compute the other.
Please resubmit your answer. 1/5/2010
1/5/2010 37 The Concept Behind Secure Key
The
Distribution
Distribution A and B agree on a 1.
2. 3. 4. 5. Source: Pfleeger and Pfleeger, Security in Computing 3rd Edition, Prentice Hall, Fig. 0211 •Step 3, successful decryption of EKApriv(Ks) by B using A’s public key guarantees non repudiation. Only A could have sent Ks
•Step 4 guarantees confidentiality. Only B can decrypt EKBpub(EKApriv(KS)) to obtain EKApriv(Ks)
1/5/2010
1/5/2010 A and B agree on a symmetric cryptosystem
B sends it’s public key, KBpub, to A
A generates random symmetric key (KS) (Ks is the info to be kept confidential)
A encrypts the symmetric key with KApriv (A’s private key) resulting in EKApriv(KS)
A encrypts EKApriv(KS) with receiver B’s public key resulting in EKBpub(EKApriv(KS)) and sends the whole thing to B
38 Hybrid Cryptography combines PKC
Hybrid
with SKC
with
Number of Keys
Protection of Key
Best Uses Key Distribution
Speed
1/5/2010
1/5/2010 Secret Key (Symmetric) Public Key (Asymmetric) 1 2 Must be kept secret One key must be kept secret; the other is published Cryptographic workhorse: Key exchange, secrecy and integrity of authentication
datasingle characters to blocks of data, messages, files
Must be outofband Fast The Solution The Problem Public key can be used to distribute other keys
Slow; typically 10,000 times slower than secret key
39 Hybrid Cryptography (per textbook)
2. A and B agree on a symmetric cryptosystem
B sends it’s public key, KBpub, to A 3. A generates random symmetric key (KS) (Ks is the info to be kept 1. 4. confidential)
A encrypts the symmetric key with K (A’s private key) resulting in • PKC for Key Distribution
• SKC for message encryption
• A new Ks for every new session
• IMPORTANT CONCEPT FOR SECURE WIRELESS COMMUNICATIONS
1/5/2010
1/5/2010 40 PKC: A Good Basis for Digital Signatures
A Digital Signature Must be:
• Unforgeable
•
• • A encrypts the message with KApriv (A’s private key) resulting in EKApriv(M)
B saves EKApriv(M) as proof. Anybody can decrypt the message with A’s public key Authentic
• That B can decrypt the message with A’s public key guarantees that the message is authentic. Only A could generate an encryp
tion that makes sense when it is decrypted with A’s public key A Digital Signature Should:
•Not be Alterable •Use hash functions to guarantee message integrity •Not be Reusable. No replays! (B can’t cash the check twice)
•A adds a time stamp to message before hash and encryption by A 1/5/2010
1/5/2010 41 Integrity
Problem: A is sending encrypted messages to B E can’t decrypt but starts adding random bits B can’t detect random bits added B’s decryption may result in either a different message or a garbled message (lost integrity)
Solution: Cryptographic Hash Functions (Message Authentication Code or MAC) for Network Integrity
• Used to “seal” a message to ensure integrity of message
• One way function; easy to compute, hard to reverse
• Depends on all the bits in the message being “sealed” A change in even a single bit will significantly alter the hash result • The probability of two different messages producing the same hash should be extremely low (“Collision free”) 1/5/2010
1/5/2010 42 Message Authentication Code (MAC)
Message
Example
Example
1. 2. A and B agree on a hash function they will use. Before sending a message, A computes hash and attaches Eve eavesdrops 1.
1. 1.
2. (Alice) (Eve) Eve modifies message and sends it on to B
B drops B calculates hash. It message
doesn’t match. Message is untampered
MAC computed by B matches MAC attached by A B accepts message (Bank) Can be made even stronger by appending a secret key (SKC or PKC) to the message and calculating the hash of the combination
1/5/2010
1/5/2010 43 Commonly Used Message
Commonly
Authentication Codes (MACs or Hash
Functions)
Functions)
MD4
• Condenses message of any size to 128 bit digest
• Example MD5 Hash of "The quick brown fox jumps over the lazy dog") = 1BEE69A46BA811185C194762ABAEAE90 (Hexadecimal*)
Hash of ("The quick brown fox jumps over the lazy cog") = B86E130CE7028DA59E672D56AD0113DF (Hexadecimal*) • Improved version of MD4
• Condenses message of any size to 128 bit digest SHA/SHS (Secure Hash Algorithm or Standard)
• Produces 160 bit digest SKC and PKC can also be used, but they require more computation Recall that each Hexadecimal Character = 4 bits. 2 characters = 8 bits/1 byte 32 characters = 16 bytes = 128 bits
* 1/5/2010
1/5/2010 44 Digital Signature for Authentication
1. 2.
3. 4. (Alice) A and B agree on a cryptosystem (cipher to be used)
B sends public key to A
B encrypts hash of message using negotiated cipher key and B’s private key and sends to A
A decrypts hash, using B’s public key, computes the hash itself, and compares to authenticate (Bank) Encrypting hash is much faster than encrypting message
1/5/2010
1/5/2010 45 Challenge/Response Authentication
1. 2.
3.
4. (Alice) A and B agree on a cryptosystem (cipher to be used)
A sends public key, K1 to B
B sends random number to A
A encrypts random number using A’s private key and sends to B. B decrypts using A’s public key. If the result matches what B sent, it is authenticated.
(Bank) Challenge/Response and Digital Signatures are variations of the same thing
1/5/2010
1/5/2010 46 Masquerading
1. 1. E generates a key pair, (K2,K4) and sends K2 to A. A thinks it received KBpub from B 1. 1. (Alice)
•
• Eve eavesdrops A and B agree on a crypto system using hybrid crypto and MACs for message integrity A generates random SKC key K3, and sends EK2(K3) to E, thinking it has sent EKBpub(K3) to B. E uses K4, to decrypt EK2(K3) , getting K3 E asks A to send encrypted (ID, Password). A sends, using K3, thinking request came from B 1. 1. 1. B sends KBpub to A, but E intercepts and holds (B doesn’t know about E) E generates random SKC key K6, and sends EKBpub(K6) to B. B thinks K6 came from A B asks A to send, encrypted (ID, Password) using K6 E decrypts A’s (ID, Password) using K3. Then E sends (ID,PW) to B, encrypted using K6 (Eve) (Bank) At the end, A and B think they have a secure session with each other E has tricked both of them
Solution: Hybrid cryptography plus MACs for message integrity
1/5/2010
1/5/2010 47 Substitution Ciphers
Substitution
A
0
J
9
S
18 B
1
K
10
T
19 C
2
L
11
U
20 D
3
M
12
V
21 E
4
N
13
W
22 F
5
O
14
X
23 G
6
P
15
Y
24 H
7
Q
16
Z
25 I
8
R
17 Simple Substitution: One letter exchanged for another
ci = E(pi) = pi + n
•Goal: Confusion
•Advantage: Simple to encipher
•Disadvantage: Obvious patterns
1/5/2010
1/5/2010 48 In Class Exercise
In Encrypt the following plaintext using E(pi) = pi + 5 I enjoy the San Diego Zoo
Write your encrypted text in the space below and submit it. 1/5/2010 49 Confusion vs. Diffusion An algorithm providing good confusion makes it take a long time for any interceptor to determine relationship between plaintext, key and ciphertext
• Hard for interceptor to predict impact on ciphertext from one character change in plaintext Diffusion makes the cipher spread information from the plaintext across the entire ciphertext • Change in plaintext affects many parts of the ciphertext
• An interceptor needs access to a lot of ciphertext to try to figure out the encryption algorithm 1/5/2010
1/5/2010 50 Transpositions (Permutations) Transposition (or permutation): an encryption in which the letters of the message are rearranged
Goal: Diffusion – widely spreading the information from the message or key across the ciphertext
Columnar Transposition example: P
R
O
C
E
E
D
T
O
L 1/5/2010
1/5/2010 A
T
T
H
R
E
E
T
H
R E
E
D
E
G
T
W
O
O
N E
M
I
N
N
O
N
E
O
N E
E
I
G
H
T
D
E
G
O Resultant ciphertext: paeee rteme otdii cheng ergnh eetot dewnd ttoee ohoog lrnno 51 In Class Exercise
In You have intercepted the following ciphertext: TIIEMT HSMPUI IAPETO SSLRAN. You guess correctly that it is a simple transposition. Decrypt it and write the plaintext below and submit it. 1/5/2010 52 Combinations of Approaches Substitution and Transposition (also called “Permutation”) are building blocks
Multiple approaches can be combined to strengthen the encryption
A combination of two ciphers is called a “Product Cipher”
Combination of multiple ciphers is NOT necessarily stronger
• Combination may even be weaker 1/5/2010
1/5/2010 53 Stream Ciphers vs. Block Ciphers Stream ciphers convert one symbol of plaintext into one symbol of ciphertext
Block ciphers convert groups (or blocks) of plaintext symbols into groups (or blocks) of ciphertext
• Columnar transposition is an example of a block cipher Advantages Disadvantages 1/5/2010
1/5/2010 Stream Encryption
Block Encryption
Faster  no delay to combine High Diffusion  one
characters into blocks
ciphertext block may depend
on several plaintext
characters
Low error propagation  error Immune to insertion of
affects one cipher character symbols  impossible to
insert a single symbol into a
ciphertext block
Low Diffusion  each symbol Slower  a whole block of
is separately enciphered
plaintext must be read
before encryption can start
Susceptible to malicious
Error propagation  an error
insertions and modifications affects transformation of all
other characters in the same
block
54 Block Ciphers Blocks may be any length
• 64 bits (8 bytes) is typical A general substitution for k bits has 2k possibilities (impractical)
In practice substitutions are specified for 8bit blocks
• k X 2k possibilities A completely random permutation of k bits has ~k X log(k) possibililties 1/5/2010
1/5/2010 55 Diffusion vs. Confusion The aim of substitution is confusion
• Stream ciphers have good confusion
• Stream ciphers have null diffusion The aim of permutation (also called “transposition”) is diffusion • Block ciphers usually give significant amount of diffusion Changing 1 bit in plaintext typically changes ~half the bits in the ciphertext Confusion hides the correlation between plaintext and ciphertext
1/5/2010
1/5/2010 56 Iterated Block Ciphers Break plaintext into 8 bit blocks
Do a substitution on each 8bit block
Run the output of all substitutions through a permuter
• Permuter should be as big as the total input bits Take the result as new input of 8bit blocks and repeat the whole process multiple times (multiple rounds) Produces both confusion and diffusion
1/5/2010
1/5/2010 57 Feistel Networks I
Plaintext: 2w bits
w bits L0 w bits R0
K1 ≈ L1 F R1 Feistel Networks are Iterated Block Ciphers where:
Li=Ri1
Ri=Li1 XOR F(Ri1, Ki) [F( ) may be complicated]
1/5/2010
1/5/2010 58 Feistel Networks II
Li Ri
Ki ≈ F Li+1 … … Ri+1 Kn ≈ F
Rn Ln Rn+1 Ln+1
Ciphertext: 2w bits
1/5/2010
1/5/2010 59 Block Ciphers: Mode of Use We will return to Feistel Networks when we discuss the Data Encryption Standard (DES) and Advanced Encryption Standard (AES) Meanwhile … “Cryptographic Mode” = How an encryption algorithm is used
• “Strength” of algorithm depends on the mode
• Mode of use MUST not compromise security of algorithm 1/7/2010
1/7/2010 60 ECB: Electronic Code Book Mode
P1 Ek Ek C1 P2 C2 Pn1 Pn Pn+1 Ek Ek Ek Ek … Cn1 Cn Cn+1 … Ek Ek Ek Pi = 64 bit block; Ci = 64 bit block; Ci=Ek(Pi)
Each block is encrypted separately
•
•
•
• 1/7/2010
1/7/2010 Can be done in parallel Simple
Can be parallelized
No error propagation (error in one block does not affect other blocks) Biggest Advantages Biggest Disadvantage: One to one mapping between Pi and Ci
• Repeats in plaintext cause repeats in ciphertext
Mode is vulnerable to splicing, reordering and replay attacks 61 CBC: Cipher Block Chaining Mode
Pn Pn+1 XOR XOR XOR XOR XOR Ek Ek Ek Ek Ek Ek Cn1 Cn Cn+1 P1 XOR XOR XOR XOR Ek Ek C1 … Ek IV P2 Pn1 C2 … Pi = 64 bit block; Ci = 64 bit block; Ci=Ek(Pi XOR Ci1)
Each Ciphertext block depends on both Pi plus all previous plaintext blocks
Biggest Advantages
•
•
• 1/7/2010
1/7/2010 Very difficult to attack Messages that begin the same map to same ciphertext
Solution: Use a random Initialization Vector (IV) (64 bits) Biggest Disadvantage: Identical sessions still map to same ciphertext session •Loophole: Flipping a bit in Ci flips the corresponding bit in Pi+1
•Message Integrity can still be a problem 62 OFB: Output Feed Back Mode
P1 P2 … XOR XOR XOR Ek(S0)=S1 Ek(S1)=S2 C1 C2 Pn1
XOR Ek(Sn2)=Sn1 … Cn1 Pn Pn+1 XOR XOR Sn Sn+1 Cn Sn=Ek(Sn1)
Cn=Pn XOR Sn
Or
Pn=Cn XOR Sn Cn+1 Pi = 64 bit block; Ci = 64 bit block; S0= Ek(IV); Encryption of chain of Sn can be done “off line” (no message needed)
Biggest Advantages: • Fast to compute Keystream can be precomputed •
•
• Errors in ciphertext cause limited errors in plaintext
Not self synchronizing
Susceptible to known plaintext attacks Biggest Disadvantages: •Variations of OFB are the closest to mechanisms used for Wireless Security
1/7/2010
1/7/2010 63 Block Size Considerations Block length is a measure of the strength of the cipher
Example: Assume 8 bit block
• No matter what key is used, there are only 256 possible combinations of 8 bits (28)
• If attacker can map all possible input blocks with all possible output blocks, the cipher has been broken 1/7/2010
1/7/2010 64 Substitution Ciphers Simple alphabetic substitution cipher has 26! combinations
• 1000 years to test all at one permutation/μsec With computer programs and enough ciphertext, using patterns and good guesses: • A good cryptanalyst can break a substitution cipher in 1 hour
• Even an untrained, but diligent interceptor can probably do it in a day But … • Substitution cipher can be very effective for short messages
• With a long enough key, a substitution cipher can be very effective for long messages 1/7/2010
1/7/2010 65 OneTime Pads Large, nonrepeating set of keys
Used by sender exactly once, then destroyed
Considered to be “the perfect cipher”
Receiver must have pad identical to sender
Typically used with a Vigenère tableau
Two potential problems the need for: • Absolute synchronization between sender and receiver
• Unlimited number of keys 1/7/2010
1/7/2010 66 Example of One Time Pad: Book Cipher
Example Key: W. Shakespeare (Hamlet: Act 1, Scene 3)
• this above all to thine own self be true and it must follow as the night the day thou canst not be false to any man
Message:
• PROCEED TO LAT THREE THREE DEG TWO ONE MIN N LON ONE ONE EIGHT DEG ONE EIGHT MIN W FOR RENDEVOUS WITH ESCORT AT ONE NINE ZERO ZERO HOURS ZULU
Ciphertext (using Vigenère Tableau:
Key:
thisa bovea lltot hineo wnsel fbetr …
Message:PROCE EDTOL ATTHR EETHR EEDEG TWOON …
Cipher: iywue frosl lemvk lmglf aruir yxshe … “Pad” consists of references to specific passages in a book possessed by both sender and receiver
1/7/2010
1/7/2010 67 Characteristics of Strong Algorithms Patterns in plaintext should be concealed
• The most frequent letters (a, e, i, o, n, t)
• The most common letter pairs (digrams) en, re, er, nt, th, on, in, tf, an, or • The most common triples (trigrams) ent, ion, and, ing, ive, tio, for, our, thi, one Input to the cipher should be randomized • Given the same input, a cipher will ALWAYS produce the same output Math Manipulation of plaintext by introduction of errors in ciphertext should be difficult
It should be possible to encrypt more than one message with one key 1/7/2010
1/7/2010 68 Vigenère Tableau
0 5 10 a e f gh A
B
C
D
E
F
G
H
I
J
K
L
M
N a
b
c
d
e
f
g
h
i
j
k
l
m
n b
c
d
e
f
g
h
i
j
k
l
m
n
o c
d
e
f
g
h
i
j
k
l
m
n
o
p d
e
f
g
h
i
j
k
l
m
n
o
p
q e
f
g
h
i
j
k
l
m
n
o
p
q
r f
g
h
i
j
k
l
m
n
o
p
q
r
s g
h
i
j
k
l
m
n
o
p
q
r
s
t O
P
Q
R
S
T
U
V
W
X
Y
Z
1/7/2010
1/7/2010 bcd
o
p
q
r
s
t
u
v
w
x
y
z p
q
r
s
t
u
v
w
x
y
z
a q
r
s
t
u
v
w
x
y
z
a
b r
s
t
u
v
w
x
y
z
a
b
c s
t
u
v
w
x
y
z
a
b
c
d t
u
v
w
x
y
z
a
b
c
d
e u
v
w
x
y
z
a
b
c
d
e
f 15 20 25 op q r s t u n
o
p
q
r
s
t
u
v
w
x
y
z
a o
p
q
r
s
t
u
v
w
x
y
z
a
b p
q
r
s
t
u
v
w
x
y
z
a
b
c q
r
s
t
u
v
w
x
y
z
a
b
c
d r
s
t
u
v
w
x
y
z
a
b
c
d
e s
t
u
v
w
x
y
z
a
b
c
d
e
f t
u
v
w
x
y
z
a
b
c
d
e
f
g u
v
w
x
y
z
a
b
c
d
e
f
g
h vwxyzπ
vwxyz0
wxyza1
xyzab2
yzabc3
zabcd4
abcde5
bcdef6
cdefg7
defgh8
efghi9
f g h i j 10
g h i j k 11
h i j k l 12
i j k l m 13 b
c
d
e
f
g
h
i
j
k
l
m c
d
e
f
g
h
i
j
k
l
m
n d
e
f
g
h
i
j
k
l
m
n
o e
f
g
h
i
j
k
l
m
n
o
p f
g
h
i
j
k
l
m
n
o
p
q g
h
i
j
k
l
m
n
o
p
q
r h
i
j
k
l
m
n
o
p
q
r
s i
j
k
l
m
n
o
p
q
r
s
t j
k
l
m
n
o
p
q
r
s
t
u i j k lmn h
i
j
k
l
m
n
o
p
q
r
s
t
u i
j
k
l
m
n
o
p
q
r
s
t
u
v j
k
l
m
n
o
p
q
r
s
t
u
v
w k
l
m
n
o
p
q
r
s
t
u
v
w
x l
m
n
o
p
q
r
s
t
u
v
w
x
y m
n
o
p
q
r
s
t
u
v
w
x
y
z v
w
x
y
z
a
b
c
d
e
f
g w
x
y
z
a
b
c
d
e
f
g
h x
y
z
a
b
c
d
e
f
g
h
i y
z
a
b
c
d
e
f
g
h
i
j z
a
b
c
d
e
f
g
h
i
j
k a
b
c
d
e
f
g
h
i
j
k
l k
l
m
n
o
p
q
r
s
t
u
v l
m
n
o
p
q
r
s
t
u
v
w m
n
o
p
q
r
s
t
u
v
w
x n
o
p
q
r
s
t
u
v
w
x
y 14
15
16
17
18
19
20
21
22
23
24
25 •50% of all English text is A, E, I, N, O, or T
•25% pro
bability that any letter in cipher will be one of the shaded boxes 69 In Class Exercise
In You are given the following plaintext to encrypt using a Vigenère Tableau:
“launch at noon”
The one time pad (key) for encrypting this is:
“cdma operates well”
Encrypt the plaintext, write the cyphertext below and submit it. 1/7/2010 70 ...
View Full
Document
 Spring '11
 Dr.PradipP.Dey
 Networking, Hamlet

Click to edit the document details