CSC 607 Meeting 1 Charts

CSC 607 Meeting 1 Charts - Security in Computing – CSC...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Security in Computing – CSC 607 Wireless Security – WCM 605 Meeting 1 Tuesday, January 5, 2010 1/5/2010 1/5/2010 1 My Background US Army Materiel Command, Washington, DC (1969­78) • • 1/5/2010 1/5/2010 Vice President, Russia and Eastern Europe • Pursued a wide range of networking issues • Introduced email and office automation during Developed web­browser tablet for K­12 classroom(2000­2005) Northern Telecom (later Nortel Networks) (1978­95) Qualcomm (1995­99) CEO/Founder, SegWave, Inc. (2000­05) Chair, Department of Computer Science and Information Systems, SOET, National University (current) • Lead Faculty, Wireless Communications Chaired International Federation for Information Processing (IFIP) Technical Committee on Communication Systems (TC­6) 1985­1991 • Founded & Chaired Email Working Group (1979­1985) A “father of email” • Chairman Program Committee, World Computer Congress, Hamburg, Germany 1994 President, International Council for Computer Communication (ICCC) 1992­96 2 Week 1 Schedule Tuesday 1/5 The Security Problem in Computing and Networks Security and Cryptography I Video – Decoding Nazi Secrets Form teams for Week 1 Small Groups Thursday 1/7 Security and Cryptography II Program Security Operating System Security Small group work on Week 1 Projects Week 1 Viewing and Reading – http://www.youtube.com/watch?v=­ITPAbYScIw&feature=related View Part 1 of 12 and continue through the middle of Part 5. (see next chart) Pfleeger & Pfleeger 4th Edition Chapters 1, 3 and 4 Chandra pp xi­xxiv and Chapter 1 1/5/2010 1/5/2010 3 Complete Links to Video Complete The complete video is a 1999 Public Broadcasting System documentary – “Decoding Nazi Secrets” http://www.youtube.com/watch?v=­ITPAbYScIw&feature=relat http://www.youtube.com/watch?v=­ITPAbYScIw&feature=rela Part 1 of 12 http://www.youtube.com/watch?v=Jlnc9yVKu0k&feature=relat Part 2 of 12 http://www.youtube.com/watch?v=AXwaqtLuZmI&feature=rela Part 3 of 12 http://www.youtube.com/watch?v=xv7OJe8wYsU&feature=rela http://www.youtube.com/watch?v=xv7OJe8wYsU&feature=rel Part 4 of 12 http://www.youtube.com/watch?v=Z­T­p_hmHAo&feature=rela Part 5 of 12 1/5/2010 4 The Security Problem In The Computers and Networks Computers 1/5/2010 1/5/2010 5 Outline The Meaning of Security Attacks on Security • Threats, Vulnerabilities and Controls • Method, Opportunity and Motive The Meaning of COMPUTER Security • Computer Security Goals 1/5/2010 1/5/2010 Computer Criminals Methods of Defense 6 What Does “Secure” Mean? Assets (things we want to secure) • • • • Physical things (house, car, etc.) Money Identity/Reputation Data What can happen to our assets? (Threats/Vulnerabilities) • Theft • Deterioration • Loss of integrity Physical protection mechanisms (Controls) • • • • Banks Safes Locks Burglar Alarms How does your bank store your money? A) Gold? B) $1000 bills? C) Bits in a computer? 1/5/2010 1/5/2010 7 Characteristics of Computer Intrusion Any part of a computing system can be attacked • • • • • Hardware Software Storage media Data People Would you try to attack through: A) The door? or B) The window? Principle #1 ­ Easiest Penetration: An intruder must be expected to use any means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed 1/5/2010 1/5/2010 8 Threat Key Definitions • A set of circumstances that has the potential to cause loss or harm Vulnerability • A weakness in the security system Attack • Something done by a human to exploit a vulnerability in a system • Example: Denial of Service – flooding a server with messages Control • A protective measure Control Vulnerability A threat is blocked by control of a vulnerability 1/5/2010 1/5/2010 Threat 9 Kinds of Attack Interception • Unauthorized party gains access Interruption • Asset becomes unavailable, unusable, lost Modification • Asset has been tampered with Fabrication • A counterfeit object has been created 1/5/2010 1/5/2010 10 Method, Opportunity and Motive Method • The skills, knowledge, tools and other things with which to be able to pull off an attack Opportunity • Time and access to accomplish an attack Motive • A reason to want to carry out an attack against a particular system A malicious attacker must have all three 1/5/2010 1/5/2010 11 Computer/Network Security Purpose of Computer/Network Security • Devise ways to keep weaknesses from being exploited Secure Confidentiality and Non­Repudiation Integrity 1/5/2010 1/5/2010 Four Goals of Computer/Network Security: • Confidentiality Access restricted to authorized people • Integrity Data is precise, accurate, unmodified or modified only in acceptable ways by authorized people or processes, consistent, internally consistent, meaningful and usable • Availability Accessible to authorized persons at appropriate times • Non­Repudiation Sender can never deny having sent the data Availability Need for balance! Can be independent, can overlap, can even be mutually exclusive 12 How much should you spend on protection? Pfleeger & Pfleeger, Security in Computing, Figure 1­4, page 13 A) $100 to protect $10,000? B) $1000 to protect $1000? C) $1000 to protect $10? Principle #2 ­ Adequate Protection: Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value 1/5/2010 1/5/2010 13 Other Exposed Assets Networks • Specialized collections of hardware, software, and data • Networks multiply the problems of computer security • More detailed discussion in Meeting 2 Access • • • Intruder may steal time Intruder may destroy software or data Intruder may deny service to legitimate user Key People • Can be crucial weak points in computer security 1/5/2010 1/5/2010 14 Computer Criminals Amateurs • Most computer crimes are committed by amateurs • Mostly ordinary computer professionals who discover they have access to something valuable Crackers • Enjoy the challenge of seeing whether it can be done • Computer crime often seen as the ultimate victimless crime • Motivations range from curiosity, and self satisfaction to causing chaos, loss or harm • Often high­school or university students Career Criminals • • • They understand the target Organized crime is getting started Corporate espionage is big Companies are often reluctant to prosecute amateurs and crackers 1/5/2010 1/5/2010 15 Your Old Hard Drive By John Soat DREDGING UP DATA. O&O Software, a developer of hard­drive utilities, last week released the results of a study it conducted recently in which O&O researchers bought 200 used hard drives on online­auction site eBay, then examined them for recoverable data. According to O&O, almost three­ quarters of the disks held data the company could­­and did­­rebuild, including the internal memos and legal correspondence of an unnamed government agency, credit ratings from a major German bank, and documents related to accusations of fraud and embezzlement at a midsize company. But data­protection practices are getting better, O&O says. In a similar study conducted last year, researchers discovered that 88% of the 100 disks they bought on eBay contained recoverable data. SMASH THAT HARD DRIVE! Ironically (or perhaps not), under a new Disposal Rule­­part of the Fair and Accurate Credit Transactions Act of 2003­­ that took effect last week, companies that use data derived from consumer reports for business purposes must dispose of those records in such a way as to ensure that they cannot be misappropriated or misused. Extract from Information Week, June 6, 2005 1/5/2010 1/5/2010 16 Methods of Defense – Important Methods Definitions Definitions Harm occurs when a threat is realized against a vulnerability Protect by: • Neutralizing the threat • Closing the vulnerability • Both Computer Security Controls • • • • • • 1/5/2010 1/5/2010 Encryption Software Controls Hardware Controls Policies and Procedures Physical Controls Legal & Ethical Controls 17 Effectiveness of Controls Users need to be convinced of the need for controls • Cooperation will be lax if the need is not understood • Many users are simply unaware of the dangers Principle #3 ­ Effectiveness: Controls must be used ­ and used properly ­ to be effective. They must be efficient, easy to use, and appropriate 1/5/2010 1/5/2010 Overlapping controls provide the highest level of effectiveness 18 Overlapping Controls Provide the Overlapping Strongest Protection Strongest But … Principle #4 – Weakest Link: Security can be no stronger than its weakest link 1/5/2010 1/5/2010 19 Security in Computing and Networks Security Summary Summary The bad news: • There are many vulnerabilities and threats. The good news: • There are powerful controls to address the vulnerabilities and control the threats 1/5/2010 1/5/2010 20 Security and Cryptography – Security Part I Part 1/5/2010 1/5/2010 21 Sender (A) 1/5/2010 1/5/2010 Decryption Transmission Medium (T) •Interceptor (I) may try to: –Block –Intercept –Modify –Fabricate Original Message M=D(C) Encryption Ciphertext C=E(M) Message Terminology Terminology Receiver (B) 22 Encryption Original Plaintext Plaintext Key Ciphertext Encryption Algorithms Decryption Encryption Kd Original Plaintext Plaintext Ke Ciphertext Symmetric Cryptosystem D (E (M))=M K K Decryption Asymmetric Cryptosystem D (E (M))=M Kd ke 1/5/2010 1/5/2010 23 Steps in Symmetric Key Cryptography Steps (SKC) (SKC) 1. 2. 3. 4. (Alice) 1/5/2010 1/5/2010 A and B agree on a cryptosystem (cipher to be used) A and B agree on the key to be used A encrypts messages using negotiated cipher and sends to B B decrypts ciphertext using negotiated key and cipher What is the most dangerous step? (Bank) 24 Issues in SKC If Step #2 is not secure: • “Eve” (Eavesdropper) gets access to the channel during step #2 • As a result, Eve learns the key A and B decide to use Symmetric keys must be DISTRIBUTED in secret • There is no inherent support for key distribution • Distribution process tends to be insecure If key is stolen the whole security system fails • No graceful degradation, i.e. it doesn’t fail gradually 1/5/2010 1/5/2010 25 Illustration of Key Growth Symmetric Key System For 6 users: •Symmetric Key System requires 15 keys •Public Key Encryption System needs only 12 keys 1/5/2010 1/5/2010 26 The Key Distribution Issue The number of keys required in a Symmetric Key System can quickly become unmanageable • Number of keys required grows according to the square of the number of users Number of keys needed is n * (n­1) / 2 where n= No. of users Key distribution in a Public Key (Asymmetric Key) System is more manageable • Number of keys needed = 2n, where n = No. of users 1/5/2010 1/5/2010 For 5 users, both Symmetric and Public Key systems require 10 keys For anything more than 5 users, less keys are required with a Public Key system 27 In Class Exercise In Using the formulas just discussed, calculate how many keys are needed for 10 users for: A symmetric key system? A public key system? Submit your answer using the DyKnow submit button when you have finished your calculations. You have two minutes to complete this exercise 1/5/2010 28 So why would you ever use SKC? Number of Keys Protection of Key Best Uses Key Distribution Speed 1/5/2010 1/5/2010 Secret Key (Symmetric) Public Key (Asymmetric) 1 2 Must be kept secret One key must be kept secret; the other is published Cryptographic workhorse: secrecy and integrity of data­single characters to blocks of data, messages, files Key exchange, authentication Must be out­of­band Public key can be used to distribute other keys Fast The Solution The Problem Slow; typically 10,000 times slower than secret key 29 Principles of Asymmetric Key Principles Cryptography (ASK) Cryptography Mathematical Representation of ASK: • • • • DKd(EKe(M))=M Easy to compute f(x), if you know x Extremely difficult to compute x if you know f(x) Example: f(x) = x2 Exploits math of trapdoor one­way functions Property of one way function f(x) f(x) = x2 is much too easy for use in cryptography Properties of trapdoor one­way function • • • Easy to compute f(x), IF you know x Extremely difficult to compute x if you know f(x) UNLESS you know some secret ­ y Example: f(x) = Large Prime Number 1 X Large Prime Number 2 • • Knowing one of the primes is the “trapdoor” secret Mathematical Representation of Trapdoor Functions 1/5/2010 1/5/2010 The larger the primes, the harder it is to factor the product If you know one of the large primes, it is easy to compute the other x f(x) :: Easy f(x) x :: Very Difficult f(x) + Y x :: Easy 30 Five Minute Exercise See if you can factor 47,411,053 into its two primes during the next five minutes 1/5/2010 1/5/2010 31 Public Key Cryptography (PKC) Mathematical Representation of ASK: • DKd(EKe(M))=M • Kd ≠ Ke • Kd should NOT be derivable from Ke Public Key Cryptography • Either key may be chosen as the public key The other key is then chosen as the private key • For non­repudiation make Ke the private key If receiver can decrypt with the public key, that guarantees that M came from the person holding the private key • For confidentiality, encrypt with the receivers public key Guarantees that nobody but the receiver can decrypt • ONLY the receiver has the private key 1/5/2010 1/5/2010 32 Public Key Cryptography (PKC) Public Confidentiality Example Confidentiality 1. 2. 3. 4. (Alice) 1/5/2010 1/5/2010 A and B agree on a cryptosystem (cipher to be used) B sends public key to A A encrypts messages using negotiated cipher and B’s public key and sends to B B decrypts ciphertext using B’s private key and the negotiated cipher •Private key is NEVER transmitted •Only B can decrypt the message (Bank) 33 Public Key Cryptography (PKC) Digital Public Signature (Non-Repudiation) Example Signature 1. 2. 3. 4. (Alice) A and B agree on a cryptosystem (cipher to be used) B sends public key to A B encrypts messages using negotiated cipher key and B’s private key and sends to A A decrypts ciphertext using B’s public key and the negotiated cipher (Bank) If it decrypts correctly, only B could have sent it 1/5/2010 1/5/2010 34 PKC Summary Each user maintains a pair of keys • Alice – KApub , KApriv • Bob (or Bank) ­ KBpub , KBpriv Eavesdropper (Eve) could encrypt message with either public key Eve cannot decrypt any messages encrypted with either public key, because Eve does not have either private key PKC is computationally intensive! • A major problem for limited handset processing power • Even as cell phone processing power increases, SKC will maintain a 1000:1 to 10,000 to 1 edge over PKC 1/5/2010 1/5/2010 35 PKC Limitation Assume a rogue agent gets hold of B’s public key Assume A transmits a limited set of encrypted messages to B • Example: Assume A is an ATM machine communicating with a central database Rogue uses B’s public key to encrypt all possible messages that A is expected to send to B • This gives rogue a set of encrypted messages that can be matched with whatever A encrypts and sends Using this mapping, the rogue can figure out what A is sending PKC is susceptible to chosen plaintext attacks 1/5/2010 1/5/2010 36 Hint for the exercise: See if you can factor 47,411,053 into its two primes during the next five minutes Please submit your answer now. One of the primes is 5987. Compute the other. Please resubmit your answer. 1/5/2010 1/5/2010 37 The Concept Behind Secure Key The Distribution Distribution A and B agree on a 1. 2. 3. 4. 5. Source: Pfleeger and Pfleeger, Security in Computing 3rd Edition, Prentice Hall, Fig. 02­11 •Step 3, successful decryption of EKApriv(Ks) by B using A’s public key guarantees non­ repudiation. Only A could have sent Ks •Step 4 guarantees confidentiality. Only B can decrypt EKBpub(EKApriv(KS)) to obtain EKApriv(Ks) 1/5/2010 1/5/2010 A and B agree on a symmetric cryptosystem B sends it’s public key, KBpub, to A A generates random symmetric key (KS) (Ks is the info to be kept confidential) A encrypts the symmetric key with KApriv (A’s private key) resulting in EKApriv(KS) A encrypts EKApriv(KS) with receiver B’s public key resulting in EKBpub(EKApriv(KS)) and sends the whole thing to B 38 Hybrid Cryptography combines PKC Hybrid with SKC with Number of Keys Protection of Key Best Uses Key Distribution Speed 1/5/2010 1/5/2010 Secret Key (Symmetric) Public Key (Asymmetric) 1 2 Must be kept secret One key must be kept secret; the other is published Cryptographic workhorse: Key exchange, secrecy and integrity of authentication data­single characters to blocks of data, messages, files Must be out­of­band Fast The Solution The Problem Public key can be used to distribute other keys Slow; typically 10,000 times slower than secret key 39 Hybrid Cryptography (per textbook) 2. A and B agree on a symmetric cryptosystem B sends it’s public key, KBpub, to A 3. A generates random symmetric key (KS) (Ks is the info to be kept 1. 4. confidential) A encrypts the symmetric key with K (A’s private key) resulting in • PKC for Key Distribution • SKC for message encryption • A new Ks for every new session • IMPORTANT CONCEPT FOR SECURE WIRELESS COMMUNICATIONS 1/5/2010 1/5/2010 40 PKC: A Good Basis for Digital Signatures A Digital Signature Must be: • Unforgeable • • • A encrypts the message with KApriv (A’s private key) resulting in EKApriv(M) B saves EKApriv(M) as proof. Anybody can decrypt the message with A’s public key Authentic • That B can decrypt the message with A’s public key guarantees that the message is authentic. Only A could generate an encryp­ tion that makes sense when it is decrypted with A’s public key A Digital Signature Should: •Not be Alterable •Use hash functions to guarantee message integrity •Not be Reusable. No replays! (B can’t cash the check twice) •A adds a time stamp to message before hash and encryption by A 1/5/2010 1/5/2010 41 Integrity Problem: A is sending encrypted messages to B E can’t decrypt but starts adding random bits B can’t detect random bits added B’s decryption may result in either a different message or a garbled message (lost integrity) Solution: Cryptographic Hash Functions (Message Authentication Code or MAC) for Network Integrity • Used to “seal” a message to ensure integrity of message • One way function; easy to compute, hard to reverse • Depends on all the bits in the message being “sealed” A change in even a single bit will significantly alter the hash result • The probability of two different messages producing the same hash should be extremely low (“Collision free”) 1/5/2010 1/5/2010 42 Message Authentication Code (MAC) Message Example Example 1. 2. A and B agree on a hash function they will use. Before sending a message, A com­putes hash and attaches Eve eavesdrops 1. 1. 1. 2. (Alice) (Eve) Eve modifies message and sends it on to B B drops B calculates hash. It message doesn’t match. Message is untampered MAC computed by B matches MAC attached by A B accepts message (Bank) Can be made even stronger by appending a secret key (SKC or PKC) to the message and calculating the hash of the combination 1/5/2010 1/5/2010 43 Commonly Used Message Commonly Authentication Codes (MACs or Hash Functions) Functions) MD4 • Condenses message of any size to 128 bit digest • Example MD5 Hash of "The quick brown fox jumps over the lazy dog") = 1BEE69A46BA811185C194762ABAEAE90 (Hexadecimal*) Hash of ("The quick brown fox jumps over the lazy cog") = B86E130CE7028DA59E672D56AD0113DF (Hexadecimal*) • Improved version of MD4 • Condenses message of any size to 128 bit digest SHA/SHS (Secure Hash Algorithm or Standard) • Produces 160 bit digest SKC and PKC can also be used, but they require more computation Recall that each Hexadecimal Character = 4 bits. 2 characters = 8 bits/1 byte 32 characters = 16 bytes = 128 bits * 1/5/2010 1/5/2010 44 Digital Signature for Authentication 1. 2. 3. 4. (Alice) A and B agree on a cryptosystem (cipher to be used) B sends public key to A B encrypts hash of message using negotiated cipher key and B’s private key and sends to A A decrypts hash, using B’s public key, computes the hash itself, and compares to authenticate (Bank) Encrypting hash is much faster than encrypting message 1/5/2010 1/5/2010 45 Challenge/Response Authentication 1. 2. 3. 4. (Alice) A and B agree on a cryptosystem (cipher to be used) A sends public key, K1 to B B sends random number to A A encrypts random number using A’s private key and sends to B. B decrypts using A’s public key. If the result matches what B sent, it is authenticated. (Bank) Challenge/Response and Digital Signatures are variations of the same thing 1/5/2010 1/5/2010 46 Masquerading 1. 1. E generates a key pair, (K2,K4) and sends K2 to A. A thinks it received KBpub from B 1. 1. (Alice) • • Eve eavesdrops A and B agree on a crypto system using hybrid crypto and MACs for message integrity A generates random SKC key K3, and sends EK2(K3) to E, thinking it has sent EKBpub(K3) to B. E uses K4, to decrypt EK2(K3) , getting K3 E asks A to send encrypted (ID, Password). A sends, using K3, thinking request came from B 1. 1. 1. B sends KBpub to A, but E intercepts and holds (B doesn’t know about E) E generates random SKC key K6, and sends EKBpub(K6) to B. B thinks K6 came from A B asks A to send, encrypted (ID, Password) using K6 E decrypts A’s (ID, Password) using K3. Then E sends (ID,PW) to B, encrypted using K6 (Eve) (Bank) At the end, A and B think they have a secure session with each other E has tricked both of them Solution: Hybrid cryptography plus MACs for message integrity 1/5/2010 1/5/2010 47 Substitution Ciphers Substitution A 0 J 9 S 18 B 1 K 10 T 19 C 2 L 11 U 20 D 3 M 12 V 21 E 4 N 13 W 22 F 5 O 14 X 23 G 6 P 15 Y 24 H 7 Q 16 Z 25 I 8 R 17 Simple Substitution: One letter exchanged for another ci = E(pi) = pi + n •Goal: Confusion •Advantage: Simple to encipher •Disadvantage: Obvious patterns 1/5/2010 1/5/2010 48 In Class Exercise In Encrypt the following plaintext using E(pi) = pi + 5 I enjoy the San Diego Zoo Write your encrypted text in the space below and submit it. 1/5/2010 49 Confusion vs. Diffusion An algorithm providing good confusion makes it take a long time for any interceptor to determine relationship between plaintext, key and ciphertext • Hard for interceptor to predict impact on ciphertext from one character change in plaintext Diffusion makes the cipher spread information from the plaintext across the entire ciphertext • Change in plaintext affects many parts of the ciphertext • An interceptor needs access to a lot of ciphertext to try to figure out the encryption algorithm 1/5/2010 1/5/2010 50 Transpositions (Permutations) Transposition (or permutation): an encryption in which the letters of the message are rearranged Goal: Diffusion – widely spreading the information from the message or key across the ciphertext Columnar Transposition example: P R O C E E D T O L 1/5/2010 1/5/2010 A T T H R E E T H R E E D E G T W O O N E M I N N O N E O N E E I G H T D E G O Resultant ciphertext: paeee rteme otdii cheng ergnh eetot dewnd ttoee ohoog lrnno 51 In Class Exercise In You have intercepted the following ciphertext: TIIEMT HSMPUI IAPETO SSLRAN. You guess correctly that it is a simple transposition. Decrypt it and write the plaintext below and submit it. 1/5/2010 52 Combinations of Approaches Substitution and Transposition (also called “Permutation”) are building blocks Multiple approaches can be combined to strengthen the encryption A combination of two ciphers is called a “Product Cipher” Combination of multiple ciphers is NOT necessarily stronger • Combination may even be weaker 1/5/2010 1/5/2010 53 Stream Ciphers vs. Block Ciphers Stream ciphers convert one symbol of plaintext into one symbol of ciphertext Block ciphers convert groups (or blocks) of plaintext symbols into groups (or blocks) of ciphertext • Columnar transposition is an example of a block cipher Advantages Disadvantages 1/5/2010 1/5/2010 Stream Encryption Block Encryption Faster - no delay to combine High Diffusion - one characters into blocks ciphertext block may depend on several plaintext characters Low error propagation - error Immune to insertion of affects one cipher character symbols - impossible to insert a single symbol into a ciphertext block Low Diffusion - each symbol Slower - a whole block of is separately enciphered plaintext must be read before encryption can start Susceptible to malicious Error propagation - an error insertions and modifications affects transformation of all other characters in the same block 54 Block Ciphers Blocks may be any length • 64 bits (8 bytes) is typical A general substitution for k bits has 2k possibilities (impractical) In practice substitutions are specified for 8­bit blocks • k X 2k possibilities A completely random permutation of k bits has ~k X log(k) possibililties 1/5/2010 1/5/2010 55 Diffusion vs. Confusion The aim of substitution is confusion • Stream ciphers have good confusion • Stream ciphers have null diffusion The aim of permutation (also called “transposition”) is diffusion • Block ciphers usually give significant amount of diffusion Changing 1 bit in plaintext typically changes ~half the bits in the ciphertext Confusion hides the correlation between plaintext and ciphertext 1/5/2010 1/5/2010 56 Iterated Block Ciphers Break plaintext into 8 bit blocks Do a substitution on each 8­bit block Run the output of all substitutions through a permuter • Permuter should be as big as the total input bits Take the result as new input of 8­bit blocks and repeat the whole process multiple times (multiple rounds) Produces both confusion and diffusion 1/5/2010 1/5/2010 57 Feistel Networks I Plaintext: 2w bits w bits L0 w bits R0 K1 ≈ L1 F R1 Feistel Networks are Iterated Block Ciphers where: Li=Ri­1 Ri=Li­1 XOR F(Ri­1, Ki) [F( ) may be complicated] 1/5/2010 1/5/2010 58 Feistel Networks II Li Ri Ki ≈ F Li+1 … … Ri+1 Kn ≈ F Rn Ln Rn+1 Ln+1 Ciphertext: 2w bits 1/5/2010 1/5/2010 59 Block Ciphers: Mode of Use We will return to Feistel Networks when we discuss the Data Encryption Standard (DES) and Advanced Encryption Standard (AES) Meanwhile … “Cryptographic Mode” = How an encryption algorithm is used • “Strength” of algorithm depends on the mode • Mode of use MUST not compromise security of algorithm 1/7/2010 1/7/2010 60 ECB: Electronic Code Book Mode P1 Ek Ek C1 P2 C2 Pn­1 Pn Pn+1 Ek Ek Ek Ek … Cn­1 Cn Cn+1 … Ek Ek Ek Pi = 64 bit block; Ci = 64 bit block; Ci=Ek(Pi) Each block is encrypted separately • • • • 1/7/2010 1/7/2010 Can be done in parallel Simple Can be parallelized No error propagation (error in one block does not affect other blocks) Biggest Advantages Biggest Disadvantage: One to one mapping between Pi and Ci • Repeats in plaintext cause repeats in ciphertext Mode is vulnerable to splicing, reordering and replay attacks 61 CBC: Cipher Block Chaining Mode Pn Pn+1 XOR XOR XOR XOR XOR Ek Ek Ek Ek Ek Ek Cn­1 Cn Cn+1 P1 XOR XOR XOR XOR Ek Ek C1 … Ek IV P2 Pn­1 C2 … Pi = 64 bit block; Ci = 64 bit block; Ci=Ek(Pi XOR Ci­1) Each Ciphertext block depends on both Pi plus all previous plaintext blocks Biggest Advantages • • • 1/7/2010 1/7/2010 Very difficult to attack Messages that begin the same map to same ciphertext Solution: Use a random Initialization Vector (IV) (64 bits) Biggest Disadvantage: Identical sessions still map to same ciphertext session •Loophole: Flipping a bit in Ci flips the corresponding bit in Pi+1 •Message Integrity can still be a problem 62 OFB: Output Feed Back Mode P1 P2 … XOR XOR XOR Ek(S0)=S1 Ek(S1)=S2 C1 C2 Pn­1 XOR Ek(Sn­2)=Sn­1 … Cn­1 Pn Pn+1 XOR XOR Sn Sn+1 Cn Sn=Ek(Sn­1) Cn=Pn XOR Sn Or Pn=Cn XOR Sn Cn+1 Pi = 64 bit block; Ci = 64 bit block; S0= Ek(IV); Encryption of chain of Sn can be done “off line” (no message needed) Biggest Advantages: • Fast to compute Key­stream can be precomputed • • • Errors in ciphertext cause limited errors in plaintext Not self synchronizing Susceptible to known plaintext attacks Biggest Disadvantages: •Variations of OFB are the closest to mechanisms used for Wireless Security 1/7/2010 1/7/2010 63 Block Size Considerations Block length is a measure of the strength of the cipher Example: Assume 8 bit block • No matter what key is used, there are only 256 possible combinations of 8 bits (28) • If attacker can map all possible input blocks with all possible output blocks, the cipher has been broken 1/7/2010 1/7/2010 64 Substitution Ciphers Simple alphabetic substitution cipher has 26! combinations • 1000 years to test all at one permutation/μsec With computer programs and enough ciphertext, using patterns and good guesses: • A good cryptanalyst can break a substitution cipher in 1 hour • Even an untrained, but diligent interceptor can probably do it in a day But … • Substitution cipher can be very effective for short messages • With a long enough key, a substitution cipher can be very effective for long messages 1/7/2010 1/7/2010 65 One-Time Pads Large, non­repeating set of keys Used by sender exactly once, then destroyed Considered to be “the perfect cipher” Receiver must have pad identical to sender Typically used with a Vigenère tableau Two potential problems ­ the need for: • Absolute synchronization between sender and receiver • Unlimited number of keys 1/7/2010 1/7/2010 66 Example of One Time Pad: Book Cipher Example Key: W. Shakespeare (Hamlet: Act 1, Scene 3) • this above all to thine own self be true and it must follow as the night the day thou canst not be false to any man Message: • PROCEED TO LAT THREE THREE DEG TWO ONE MIN N LON ONE ONE EIGHT DEG ONE EIGHT MIN W FOR RENDEVOUS WITH ESCORT AT ONE NINE ZERO ZERO HOURS ZULU Ciphertext (using Vigenère Tableau: Key: thisa bovea lltot hineo wnsel fbetr … Message:PROCE EDTOL ATTHR EETHR EEDEG TWOON … Cipher: iywue frosl lemvk lmglf aruir yxshe … “Pad” consists of references to specific passages in a book possessed by both sender and receiver 1/7/2010 1/7/2010 67 Characteristics of Strong Algorithms Patterns in plaintext should be concealed • The most frequent letters (a, e, i, o, n, t) • The most common letter pairs (digrams) en, re, er, nt, th, on, in, tf, an, or • The most common triples (trigrams) ent, ion, and, ing, ive, tio, for, our, thi, one Input to the cipher should be randomized • Given the same input, a cipher will ALWAYS produce the same output Math Manipulation of plaintext by introduction of errors in ciphertext should be difficult It should be possible to encrypt more than one message with one key 1/7/2010 1/7/2010 68 Vigenère Tableau 0 5 10 a e f gh A B C D E F G H I J K L M N a b c d e f g h i j k l m n b c d e f g h i j k l m n o c d e f g h i j k l m n o p d e f g h i j k l m n o p q e f g h i j k l m n o p q r f g h i j k l m n o p q r s g h i j k l m n o p q r s t O P Q R S T U V W X Y Z 1/7/2010 1/7/2010 bcd o p q r s t u v w x y z p q r s t u v w x y z a q r s t u v w x y z a b r s t u v w x y z a b c s t u v w x y z a b c d t u v w x y z a b c d e u v w x y z a b c d e f 15 20 25 op q r s t u n o p q r s t u v w x y z a o p q r s t u v w x y z a b p q r s t u v w x y z a b c q r s t u v w x y z a b c d r s t u v w x y z a b c d e s t u v w x y z a b c d e f t u v w x y z a b c d e f g u v w x y z a b c d e f g h vwxyzπ vwxyz0 wxyza1 xyzab2 yzabc3 zabcd4 abcde5 bcdef6 cdefg7 defgh8 efghi9 f g h i j 10 g h i j k 11 h i j k l 12 i j k l m 13 b c d e f g h i j k l m c d e f g h i j k l m n d e f g h i j k l m n o e f g h i j k l m n o p f g h i j k l m n o p q g h i j k l m n o p q r h i j k l m n o p q r s i j k l m n o p q r s t j k l m n o p q r s t u i j k lmn h i j k l m n o p q r s t u i j k l m n o p q r s t u v j k l m n o p q r s t u v w k l m n o p q r s t u v w x l m n o p q r s t u v w x y m n o p q r s t u v w x y z v w x y z a b c d e f g w x y z a b c d e f g h x y z a b c d e f g h i y z a b c d e f g h i j z a b c d e f g h i j k a b c d e f g h i j k l k l m n o p q r s t u v l m n o p q r s t u v w m n o p q r s t u v w x n o p q r s t u v w x y 14 15 16 17 18 19 20 21 22 23 24 25 •50% of all English text is A, E, I, N, O, or T •25% pro­ bability that any letter in cipher will be one of the shaded boxes 69 In Class Exercise In You are given the following plaintext to encrypt using a Vigenère Tableau: “launch at noon” The one time pad (key) for encrypting this is: “cdma operates well” Encrypt the plaintext, write the cyphertext below and submit it. 1/7/2010 70 ...
View Full Document

Ask a homework question - tutors are online