![Page 1: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/1.jpg)
CMSC 414Computer (and Network) Security
Lecture 2
Jonathan Katz
![Page 2: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/2.jpg)
Two papers linked from webpage
“Reflections on trusting trust”
“Managed security monitoring”
Both leave a fairly negative impression of security…
…at the very least, they show that security is not easy, and cannot just be applied as a “magic bullet”
![Page 3: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/3.jpg)
“Managed security monitoring”
(Summarize article)– Is the state of network security really this bad?
(Arguably, yes)– Although network monitoring and risk
management are important, security is too– Security is not an ends unto itself
• If you really want to be secure, disconnect yourself from the Internet
![Page 4: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/4.jpg)
An Overview of ComputerSecurity
![Page 5: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/5.jpg)
Basic components
Confidentiality
Integrity
Availability
![Page 6: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/6.jpg)
Policy vs. mechanism
Security policy– Statement of what is and is not allowed
Security mechanism– Method for enforcing a security policy
One is meaningless without the other…
Problems when combining security policies of multiple organizations
![Page 7: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/7.jpg)
Security goals
Prevention
Detection
Response/recovery
![Page 8: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/8.jpg)
Assumptions and trust
Example: assume that all employees are trustworthy, and do not represent a threat
Assumptions underlie any security mechanism – Important to recognize and evaluate these
assumptions
![Page 9: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/9.jpg)
Example
Assumption: locks cannot be picked– What if a locksmith is around?– What if this locksmith is trustworthy?– Why do we assume that she is trustworthy?
![Page 10: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/10.jpg)
More assumptions
Two assumptions are (almost) always made:– Policy defines the intended level of security– Mechanism correctly implements policy
![Page 11: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/11.jpg)
System development
Determine threats; develop policy
Give specification of the system– Desired functionality of the system
– If specification is ambiguous, vulnerabilities can result
– An imprecise specification is useless…
Design the system– Design system satisfying the specification
– Difficult (but not impossible) to verify
![Page 12: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/12.jpg)
System development, cont’d…
Implementation– Create a system satisfying the design– Impossible to fully verify correctness
• Software complexity
• Unknown inputs
• Unverified tools
– “Testing” after the fact• Subject to limitations of the tests
![Page 13: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/13.jpg)
System development (summary)
1. Threat analysis
2. Policy
3. Specification
4. Design
5. Implementation
6. (Operation/maintenance/monitoring?)
![Page 14: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/14.jpg)
Cost-benefit analysis
Important to evaluate what level of security is necessary/appropriate– Cost of mounting a particular attack vs. value
of attack to an adversary– Cost of damages from an attack vs. cost of
defending against the attack– Likelihood of a particular attack
![Page 15: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/15.jpg)
Human factors
E.g., passwords…
Outsider vs. insider attacks
Software misconfiguration
Not applying security patches
Social engineering
![Page 16: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/16.jpg)
Everything you wanted to know about cryptography*
*But perhaps were afraid to ask…
![Page 17: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/17.jpg)
Caveat
Everything I present will be (relatively) informal– But I will try not to say anything that is an
outright lie…
Cryptography is about precise definitions, formal models, and rigorous proofs of security (which we will not cover here)– If you want more details, take CMSC 456!
![Page 18: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/18.jpg)
Attacks
Crypto deals primarily with three goals:– Confidentiality– Integrity (of data)– Authentication (of resources, people, systems)
Other goals also considered– E.g., non-repudiation– E-cash (e.g., double spending)– General secure multi-party computation
![Page 19: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/19.jpg)
Private- vs. public-key
For many security goals, there are two types of cryptographic algorithms– Private-key / shared-key / symmetric-key /
secret-key– Public-key
![Page 20: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/20.jpg)
Private-key cryptography
The parties communicating share a completely random and secret key– Main point: key is not known to an attacker– This key must be shared (somehow) before they
communicate
All “classical” cryptosystems are private-key based
Can also be used for secure storage
![Page 21: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/21.jpg)
Private-key cryptography
For confidentiality:– Private-key (symmetric-key) encryption
For data integrity:– Message authentication codes– (sometimes called cryptographic checksums)
![Page 22: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/22.jpg)
Public-key cryptography
One party (Alice) generates both a public key and a private key (or secret key)
The public key is published; the private key is kept secret– An attacker knows the public key!
The other communicating party (Bob) need not have any key of his own; knows Alice’s key
Techniques for this first developed in the 70’s
![Page 23: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/23.jpg)
Public-key cryptography
For confidentiality:– Public-key encryption
For data integrity:– Digital signatures
![Page 24: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/24.jpg)
To review…
Confidentiality:– Private-key encryption (schemes)– Public-key encryption (schemes)
Integrity:– Message authentication (codes)– Digital signature (schemes)
We will discuss authentication later
![Page 25: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/25.jpg)
Private- vs. public-key I
Disadvantages of private-key– Need to securely share a key
• If you can share a key securely, why not just share the message itself?
• What if not possible?
• Need to know who you want to communicate with in advance!
– O(n2) blowup in storage
![Page 26: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/26.jpg)
Private- vs. public-key II
Why study private-key at all?– Private-key is much more efficient (3 orders of
magnitude)– Public-key crypto is “harder” to get right
• Needs stronger assumptions, more math
– Can combine private-key with public-key to get the best of both worlds (for encryption)
![Page 27: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/27.jpg)
Private- vs. public-key III
More disadvantages of public-key crypto– Public-key crypto still requires secure
distribution and binding of public keys (PKI)• May (sometimes) be just as hard as sharing a key
– Not clear who you are communicating with (for public-key encryption)
![Page 28: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/28.jpg)
Confidentiality
![Page 29: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/29.jpg)
Overview
Private-key encryption– Attack model– “Trivial” systems
• Show why the problem is hard
• Show methods of attack
• Convince you not to use “home-brewed” techniques
– What do we mean by security?– Block ciphers and modern-day techniques
![Page 30: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/30.jpg)
Overview, continued…
Public-key cryptography– A word about security– Some basic number theory– RSA and El Gamal– Some attacks…and some fixes
![Page 31: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/31.jpg)
Alice Bob
shared infoK K
Alice
K
Bob
K
mC = EK(m)
C1
m = DK(C)
![Page 32: CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz](https://reader031.vdocuments.net/reader031/viewer/2022032309/56649d405503460f94a19765/html5/thumbnails/32.jpg)
In more detail…
Alice and Bob share a key K– Must be shared securely– Must be completely random– Must be kept completely secret from attacker– We don’t discuss (for now) how they do this
Plaintext - encryption - ciphertext - decryption
Decryption must recover the message!