1 / 55

Modeling Security Threats to Cryptographically Protected Data

Modeling Security Threats to Cryptographically Protected Data. Alexandra A. Savelieva Supervisor: Prof. Sergey M. Avdoshin. State University – Higher S с hool of Economics, Russia Software Engineering Department. Old Chinese Curse. 寧為太平犬,不做亂世人 *. *May you live in interesting times.

adair
Download Presentation

Modeling Security Threats to Cryptographically Protected Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modeling Security Threats to Cryptographically Protected Data Alexandra A. Savelieva Supervisor: Prof. Sergey M. Avdoshin State University –Higher Sсhool of Economics, RussiaSoftware Engineering Department

  2. Old Chinese Curse 寧為太平犬,不做亂世人* *May you live in interesting times Higher School of Economics - 2009

  3. Data Protection and Financial Chaos • Human factor • Malicious insiders • Fired employees • Hardware loss • Laptop theft • Storage theft • And this means good crypto! CIO challenge: how to select an appropriate information security strategy within budget limitations and growing risks of unauthorized access to information assets? Higher School of Economics - 2009

  4. Agenda 1. Analysis of relevant approaches 2. Problem statement 3. Solution 4. Conclusions Higher School of Economics - 2009

  5. Evaluation Methods • Cryptographic Security Analysis • Mathematical model designed by V.P. Ivanov • Formalized security risk analysis and management methodologies • Various tools for cryptographic protocols analysis Higher School of Economics - 2009

  6. Evaluation Methods • CryptographicSecurityAnalysis • Mathematical model designed by V.P. Ivanov • Formalized security risk analysis and management methodologies • Various tools for cryptographic protocols analysis Higher School of Economics - 2009

  7. Cryptographic Security Analysis • «… it becomes increasingly clear that the term "security" doesn't have meaning unless also you know things like "Secure from whom?" or "Secure for how long?“» Higher School of Economics - 2009

  8. Evaluation Methods • Cryptographic Security Analysis • Mathematical model designed by V.P. Ivanov • Formalized security risk analysis and management methodologies • Various tools for cryptographic protocols analysis Higher School of Economics - 2009

  9. Mathematical model designed by V.P. Ivanov • The problem of breaking a cipher is reduced to engineering analysis of the program implementing the encryption mechanism • This allows the time to be measured by means of Halstead complexity metrics • Average timeT for analyzing of the enciphering mechanism implementation: T = 3N3 , whereNisprogram length (bytes) Higher School of Economics - 2009

  10. Mathematical model designed by V.P. Ivanov • Drawbacks: • The technique can only apply to the so-called restricted-use cryptographic systems whose security depends on keeping both the encryption and decryption algorithms secret (contradicts Kerckhoffs’s fundamental principle) • The context of a cryptosystemusage is not taken into account Higher School of Economics - 2009

  11. Evaluation Methods • Cryptographic Security Analysis • Mathematical model designed by V.P. Ivanov • Formalized security risk analysis and management methodologies • British CRAMM (by Insight Consulting, Siemens) • American RiskWatch (by RiskWatch) • RussianGRIF (by Digital Security) • Various tools for cryptographic protocols analysis Higher School of Economics - 2009

  12. Formalized security risk analysis: CRAMM • A comprehensive risk assessment method with the ability to carry out various functions including: • Pre-defined risk assessments coveringgeneric information systems • BS7799: 2005 Compliance • Production of Security Documentation • Investigation against Standards • Drawbacks: • peculiarities of cryptographic systems are not taken into account! Higher School of Economics - 2009

  13. Evaluation Methods • Cryptographic Security Analysis • Mathematical model designed by V.P. Ivanov • Formalized security risk analysis and management methodologies • Various tools for cryptographic protocols analysis Higher School of Economics - 2009

  14. Tools for cryptographic protocols analysis • Main classes: • Deductive methods • Static analysis methods • State exploration methods • Drawbacks: • the supposition that cryptographic algorithms satisfy perfect encryption assumptions, so the strength of ciphers remains out of scope Higher School of Economics - 2009

  15. Comparative analysis Higher School of Economics - 2009

  16. In our paper, we aim to… • formulate the steps of cryptographic systems evaluation process; • develop a mathematical model of security threats; • design software tools to facilitate the process of cryptosystem efficiency assessment by a computer security specialist; • select appropriate economic indicators as a basis to build an economic rationale for investments to cryptographic systems and to provide sound arguments for implementing an information security strategy Higher School of Economics - 2009

  17. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 Higher School of Economics - 2009

  18. Code-Breaker uses Attack to break Cryptosystem ABC-Model of Security Threats • “A”forAttack • “B”forcode-Breaker • “C”forCryptosystem Higher School of Economics - 2009

  19. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 Higher School of Economics - 2009

  20. Classification of cryptosystems • Ueli Maurer's idea is to distinguish cryptosystems by the number of keys used for data processing • unkeyed • single-keyed • double-keyed • Gilles Brassard's scheme [4] has to do with the secrecy of algorithm • Restricted-use • General Higher School of Economics - 2009

  21. Classification of cryptosystems • By secrecy of the algorithm • Restricted ▪ General • By the number of keys • Unkeyed ▪ Single-keyed ▪ Double-keyed ▪ Multiple-keyed • By breakability • Theoretically unbreakable • Provably unbreakable • Supposedly unbreakable • By the type of key storage • Smart-card ▪ e-token ▪ Windows register ▪ File system • By the means of implementation • Software ▪ Hardware ▪ Software and hardware • By certification • Certified ▪ Uncertified Higher School of Economics - 2009

  22. Classification of codebreakers • Bruce Schneier suggests using motivation as a key parameter to identifying an adversary; this results in the following classification scheme: • opportunists: • emotional attackers • friends and relatives • industrial competitors • the press • lawful governments • the police • national intelligence organizations Higher School of Economics - 2009

  23. Classification of codebreakers • By equipment • PC • Network • Supercomputer • By expertise • PC user • Mathematician • Software developer • Physicist/electrical engineer • Psychologist aware of social engineering techniques • By initial knowledge on the cryptosystem • User of the cryptosystem • Designer of the cryptosystem • By final objective • Discovering a vulnerability • Total break • By access • Insider • Outsider • By manpower • Individual • Team Higher School of Economics - 2009

  24. Classification of Attacks • The fundamental classification of attacks by access to plaintext and ciphertext introduced by Kerckhoffs is no longer complete since it does not include a new powerful cryptanalysis technique called Side-Channel attacks • Modern schemes for computer system attack classification • Landwehr C.E., Bull A.R. A taxonomy of computer program security flaws, with examples // ACM Computing Surveys, 26(3): p. 211–254, September 1994. • Lindqvist U., Jonsson E. How to systematically classify computer security intrusions. // IEEE Symposium on Security and Privacy, p. 154–163, Los Alamitos, CA, 1997. • Paulauskas N., Garsva E. Computer System Attack Classification // Electronics and Electrical Engineering 2006. nr. 2(66) • Weber D. J. A taxonomy of computer intrusions. Master’s thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1998. Are not suitable for cryptoattacks identification! Higher School of Economics - 2009

  25. Classification of Attacks (1/2) • By access to plaintext and ciphertext • Ciphertext-only • Known-plaintext • Chosen-plaintext • Adaptive-chosen-plaintext • Side-channel • By control over the enciphering/deciphering process • Passive • Active • By the outcome • Total break • Global deduction • Instance (local) deduction • Information deduction • Distinguishing algorithm • By the level of automation • Manual • Semi-automatic • Automatic Higher School of Economics - 2009

  26. Classification of Attacks(2/2) • By critical amount of resources • Memory • Time • Data • By applicability to various ciphers • Multi-purpose • For a certain type of ciphers • For a certain cipher • By tools and techniques • Mathematics • Special-purpose devices taking physical measurements during computations • Evolution programming techniques • Quantum computers • By consequences • Breach in confidentiality • Breach in integrity • Breach in accessibility • By parallelizing feasibility • Distributed • Non-distributed Higher School of Economics - 2009

  27. Classification Schemes • Classification of Сryptosystems • By secrecy of the algorithm • By the number of keys • By breakability • By the type of key storage • By the means of implementation • By certification • Classification of Attacks • By critical amount of resources • By applicability to various ciphers • By tools and techniques • By consequences • By parallelizing feasibility • By access to plaintext and ciphertext • By control over the enciphering/deciphering process • By the outcome • By the level of automation • Classification of Codebreakers • By equipment • By expertise • By initial knowledge on the cryptosystem • By final objective • By access • By manpower Higher School of Economics - 2009

  28. Parametric models of Attacks, Code-Breakers and Cryptosystems • Let be a set of parametric models of attacks, where represents a domain for the i - th parameter as per our taxonomy; • Let be a set of parametric models of codebreakers, where represents a domain for the j - th parameter as per our taxonomy; • Let be a set of parametric represents models of cryptosystems, where a domain for the j - th parameter as per our taxonomy; Higher School of Economics - 2009

  29. Mathematical Model for Cryptosystem Efficiency Assessment Risk Impact Probability Higher School of Economics - 2009

  30. Mathematical Model for Cryptosystem Efficiency Assessment Higher School of Economics - 2009

  31. Efficiency Criterion Satisfied when a cryptosystemthatconsists of subsystemsbeing exposed to codebreakerscan resist the attacks out of the set: where - admissible risk level Higher School of Economics - 2009

  32. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 Higher School of Economics - 2009

  33. Available tools for cryptanalysis • C/C++ Multiprecision libraries • Mathematical packagesMaple andMathematica Higher School of Economics - 2009

  34. Available tools for cryptanalysis • Mathematical packagesMaple andMathematica • “+”: unlimited precision • “+”: easy-to-program algorithms • “-”: extremely low efficiency of number-theoretical computations Higher School of Economics - 2009

  35. Available tools for cryptanalysis • Cand C++ built-in types have limited precision • long – 32 bits • long long – 64 bits • double: 53 bits – mantissa, 11 bits – characteristic • long double:64 bits – mantissa, 15 bits – characteristic • Javahas multiprecision capabilities • Highlyportable • Not so efficient Higher School of Economics - 2009

  36. Available tools for cryptanalysis • Multiprecision mathematical libraries • «+»: high performance • «+»: wide range of solutions freely available(LIP, LiDIA, CLN, PARI, GMP, MpNT) Higher School of Economics - 2009

  37. LIP (Large Integer Package) • One of the first libraries for long integer computations • Written by ArjenK. Lenstraand later maintained by Paul Leyland • ANSI C • “+”: Highly portable • “-”: Not efficient Higher School of Economics - 2009

  38. CLN (a Class Library for Numbers) • Written by Bruno Haibleand currently maintained by Richard Kreckel • C++ library that implements elementary arithmetical, logical and transcendental functions • Rich set of classes • Integers • Rational numbers • Floating-point numbers • Complex numbers • Modular integers • Univariatepolynomials etc. • “-”: high universality =>low efficiency for number-theoretical problem solving Higher School of Economics - 2009

  39. LiDIA • Developed at the Technical University of Darmstadt (Thomas Papanikolau) • C++ library • Highly optimized implementations • Multiprecision data types • Time-intensive algorithms • Can use different integer packages (like Berkley MP, GMP, CLN, libI, LIP etc.) • «-»: not portable to Windows platform Higher School of Economics - 2009

  40. GMP (GNU Multiple Precision arithmetic library) • Developed by Torbjord Granlund and the GNU free software group • C library for arbitrary precision arithmetic • General emphasis on speed • Highly optimized ASM • for the most common inner loops • for a lot of CPUs • Faster than most multiprecision libraries • Its advantage increases with the operand sizesFaculty • «-»: not portable to Windows platform • «-»: lack of primitives to support integer factorization and DLP methods Higher School of Economics - 2009

  41. NTL (a Library for doing Number Theory) • Written and maintained mainlyby Victor Shoup • C++ library • High performance • Polynomial arithmetic • •Lattice reduction • Portable • outperforms other libraries in terms of big integer operations • «-»: lack of algorithms for index-calculus, sieve, factorization Higher School of Economics - 2009

  42. Available tools for cryptanalysis • C/C++ Multiprecision libraries • Mathematical packagesMaple andMathematica Higher School of Economics - 2009

  43. CRYPTO high-level structure Higher School of Economics - 2009

  44. Implementation Higher School of Economics - 2009

  45. User Interface Higher School of Economics - 2009

  46. Certificates of Authorship Higher School of Economics - 2009

  47. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 Higher School of Economics - 2009

  48. ROI, NPV, IRR Metrics Usage* * Source: CSI Computer Crime & SecuritySurvey 2008, http://www.gocsi.com/ Higher School of Economics - 2009

  49. Key Financial Metrics Overview Higher School of Economics - 2009

  50. Discounted Cash Flow • Net present value (NPV): the sum of the present values of all cash inflows minus the sum of the present values of all cash outflows. • The internal rate of return (IRR): • (1) the discount rate that equates the sum of the present values of all cash inflows to the sum of the present values of all cash outflows; • (2) the discount rate that sets the net present value equal to zero. • The internal rate of return measures the investment yield. • Profitability index (PI) Higher School of Economics - 2009

More Related