cyber attacks and cryptography overview. security objectives confidentiality integrity availability...
Post on 21-Jan-2016
246 Views
Preview:
TRANSCRIPT
Cyber Attacks and Cyber Attacks and Cryptography OverviewCryptography Overview
Security ObjectivesSecurity Objectives
ConfidentialityIntegrityAvailabilityAuthenticationNon-repudiation
Internet Security - Farkas 2
How can we define theseconcepts wrt. the
Internet?
Types of Attacks (1)Types of Attacks (1)
Interruption – an asset is destroyed, unavailable or unusable (availability)
Interception – unauthorized party gains access to an asset (confidentiality)
Modification – unauthorized party tampers with asset (integrity)
Fabrication – unauthorized party inserts counterfeit object into the system (authenticity)
Denial – person denies taking an action (authenticity)
Internet Security - Farkas 3
Types of Attacks (2)Types of Attacks (2) Passive attacks:
Eavesdropping Monitoring
Active attacks: Masquerade – one entity pretends to be a different entity Replay – passive capture of information and its
retransmission Modification of messages – legitimate message is altered Denial of service – prevents normal use of resources
Internet Security - Farkas 4
ProtectionProtection
Protection at storage– Inactive (e.g., databases storage, file system)– During processing (e.g., DBMS access, application
access)
Protection during transmission– Level of protection (e.g., content vs. header info)– Aim of protection (e.g., confidentiality, integrity,
privacy, etc.)
Internet Security - Farkas 5
Basic Defense MechanismsBasic Defense Mechanisms
Identification and AuthenticationAuthorizationCryptographyHardware, software security
– Tampering avoidance– Information leakage prevention– Input validation
Network-protection: communication, firewall, IDS, etc.
Internet Security - Farkas 6
Usable security!
Attacks Against Attacks Against Communication ChannelsCommunication Channels
Internet Security - Farkas 7
Internet Security - Farkas 8
Insecure communicationsInsecure communications
Sender
Recipient
Insecure channel
Confidential
Encryption: confidential communication
EncryptionEncryption
Does it support?ConfidentialityIntegrityAvailabilityAuthentication (pair-wise, third party)Non-repudiation
Internet Security - Farkas 9
Internet Security - Farkas 10
Terminology
Plaintext (cleartext): a message in its original form
Ciphertext (cyphertext): an encrypted message Encryption: transformation of a message to hide
its meaning Cipher: cryptographic algorithm. A mathematical
function used for encryption (encryption algorithm) and decryption (decryption algorithm).
Internet Security - Farkas 11
Terminology
Decryption: recovering meaning from ciphertext
Cryptography: art and science of keeping messages secure
Cryptanalysis: art and science of breaking ciphertext
Cryptology: study of both cryptography and cryptanalysis
CONTINUE FROM 08/29CONTINUE FROM 08/29
Internet Security - Farkas 12
Internet Security - Farkas 13
Encryption and Decryption
Encryption DecryptionPlaintext Ciphertext Plaintext
Internet Security - Farkas 14
Conventional (Secret Key) Conventional (Secret Key) CryptosystemCryptosystem
Encryption Decryption
Plaintext PlaintextCiphertext
K
Sender Recipient
C=E(K,M)M=D(K,C)
K needs secure channel
Internet Security - Farkas 15
Public Key Cryptosystem
Encryption Decryption
Plaintext PlaintextCiphertext
Sender Recipient
C=E(Kpub,M)M=D(Kpriv,C)
Recipient’s public Key (Kpub)
Recipient’s private Key (Kpriv)
Kpub needs reliable channel
Internet Security - Farkas 16
Summary: Secret-Key Summary: Secret-Key EncryptionEncryption
Single, secret key Key distribution problem of secret key systems
– Establish key before communication– Need n(n-1)/2 keys with n different parties
Do NOT provide electronic signatures Faster than public-key encryption
Internet Security - Farkas 17
Summary: Public Key Summary: Public Key EncryptionEncryption
Supports confidentiality and authenticationNeed reliable channel for key distribution2n keys for n users (public, private pairs)Digital certificatePKI
Internet Security - Farkas 18
Simple secret key distributionSimple secret key distribution
Sender Recipient
1. KE-S ||ID-S
2. E KE-S(Ksession)
Vulnerable to active attack!
HOW?
Internet Security - Farkas 19
With confidentiality and authenticationWith confidentiality and authentication
Sender Recipient
1. E KE-R[N1||ID-S]
2. E KE-S[N1||N2]
3. E KE-R[N2-1]
4. E KE-R E KD-S(Ksession)What are thebasic requirementsfor this protocolto be correct?
WHAT IS A PROTOCOL?WHAT IS A PROTOCOL?
Internet Security - Farkas 20
Internet Security - Farkas 21
ProtocolProtocolSequence of interactions between entities to
achieve a certain endTypes of protocols:
– Diplomatic– Communication– Graduation– Security– Etc.
What is TCP/IP?
Internet Security - Farkas 22
Reading AssignmentReading Assignment
Recommended Reading: P.Y.A. Ryan, S.A. Schneider, M.H. Goldsmith, G. Lowe and A.W. Roscoe, The Modelling and Analysisof Security Protocols: the CSP Approach, Section 0. Introduction, pages: 1 – 37, http://www.computing.surrey.ac.uk/personal/st/S.Schneider/books/MASP.pdf
Internet Security - Farkas 23
Security ProtocolsSecurity Protocols
Cryptographic protocolsServices: secrecy, integrity, authentication,
key exchange, non-repudiation, etc.Components: communicating parties
(nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.
Internet Security - Farkas 24
Security Properties – Secrecy Security Properties – Secrecy
Non-interference: Intruder should not be able to deduce anything about the legitimate users’ activities
Message confidentiality: intruder cannot derive the plaintext of messages passed between two legitimate nodes
Internet Security - Farkas 25
Security Properties – Security Properties – Authentication of Origin Authentication of Origin
Verify – Who sent the message?– Who sent the message to whom?– Who sent the message to whom and how many
times?
Internet Security - Farkas 26
Security Properties – Entity Security Properties – Entity AuthenticationAuthentication
Similar to authentication of origin but has timeliness
Repeated form of origin authentication
Internet Security - Farkas 27
Security Properties – IntegritySecurity Properties – Integrity
Data cannot be corruptedContent of output messages match the
content of the input message
Internet Security - Farkas 28
Security Properties – Authenticated Security Properties – Authenticated Key-ExchangeKey-Exchange
Share a secret key with another person and know for sure who this other person is
I’m calling from your utilitiescompany. We need your SSN, billing address, and …
Internet Security - Farkas 29
Security Properties – Non-Security Properties – Non-repudiationrepudiation
Legitimate participantsAgainst possible cheating Signature-type mechanism
Internet Security - Farkas 30
Security Properties – FairnessSecurity Properties – Fairness
Legitimate participantsPrevents one of the participants to gain
advantage over another by halting the protocol part-way through
Internet Security - Farkas 31
Security Properties – AnonymitySecurity Properties – Anonymity
Over some sets of eventsShuffling the events will not change an
observer’s view
Occurrence of events?Accountability
Internet Security - Farkas 32
Security Properties – Availability Security Properties – Availability
To be able to achieve the goals
More Examples of Crypto More Examples of Crypto protocolsprotocols
Read on your own Read on your own
Internet Security - Farkas 33
Internet Security - Farkas 34
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Proposed in 1976 First public key algorithm Allows group of users to agree on secret key over
insecure channel Cannot be used to encrypt and decrypt messages
Internet Security - Farkas 35
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Protocol for A and B want to agree on shared secret key: A and B agree on two large numbers n and g, such that
1<g<n A chooses random x and computes X=gx mod n and sends
X to B B chooses random y and computes Y=gy mod n and sends
Y A computes k= Yx mod n B computer k’= Xy mod n Note: k =k’= gyx mod n
Internet Security - Farkas 36
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Requires no prior communication between A and B
Security depends on difficulty of computing x given X=gx mod n
Choices for g and n are critical: both n and (n-1)/2 should be prime, n should be large
Susceptible to intruder in the middle attack (active intruder)
Internet Security - Farkas 37
Intruder in the Middle AttackIntruder in the Middle Attack
John RoseIntruderHi Rose, I’m John.
Hi John, I’m Rose. Hi John, I’m Rose.
Hi Rose, I’m John.
Intruder and John Uses Diffie-HellmanTo agree on key K.
Intruder and RoseUses Diffie-HellmanTo agree on key K’.
K and K’ may be the same
Internet Security - Farkas 38
Asymmetric-Key ExchangeAsymmetric-Key ExchangeWithout server
– Broadcasting– Publicly available directory
With server– Public key distribution center– Certificates
Internet Security - Farkas 39
Public announcementPublic announcement
John Smith
KE-J.S.
KE-J.S.
KE-J.S.
KE-J.S.
KE-J.S.
KE-J.S.
Bad: Uncontrolled distribution easy to forge
Internet Security - Farkas 40
Publicly available directoryPublicly available directory
PublicKeyDirectory
John Smith Mary Rose
KE-J.S. KE-M.R..
Better but notGood enough Directory could Be compromised
Internet Security - Farkas 41
Public-key authorityPublic-key authority
Public-Key Authority
Sender Recipient
1. Request || Time1
2. EKD-Auth[KE-R||Request||Time1]
3. EKE-R(ID-S||N1)
4. Request || Time2
5. EKD-Auth[KE-S||Request||Time2]
6. EKE-S(N1||N2)
7. EKE-R(N2)
Internet Security - Farkas 42
Public-key certificatesPublic-key certificates
Certificate Authority
Sender Recipient
KE-S
C-S=EKD-CAuth[Time1,ID-S,KE-S]
1. C-S
2. C-R
KE-R
CR=EKD-CAuth[Time2,ID-R,KE-R]
Internet Security - Farkas 43
CertificatesCertificates
Guarantees the validity of the informationEstablishing trustPublic key and user identity are bound
together, then signed by someone trustedNeed: digital signature
Internet Security - Farkas 44
Digital SignatureDigital SignatureNeed the same effect as a real signature
– Un-forgeable– Authentic– Non-alterable– Not reusable
Internet Security - Farkas 45
Digital signatureDigital signature
Direct digital signature: public-key cryptography based
Arbitrated digital signature:– Conventional encryption:
Arbiter sees message Arbiter does not see message
– Public-key based Arbiter does not see message
Internet Security - Farkas 46
Digital Signatures in RSA
Sender Recipient
Insecure channel
Plaintext PlaintextSigned plaintext
Encryption Alg.
Decryption Alg.
S’s public keyS’s private key(need reliable channel)
Sign Verify
Internet Security - Farkas 47
Non-repudiationNon-repudiation
Requires notarized signature, involving a third party
Large system: hierarchies of notarization
NEXT CLASSNEXT CLASSTCP/IP OVERVIEWTCP/IP OVERVIEW
Internet Security - Farkas 48
top related