1 / 54

Algorithms and Software Tools for Learning Mathematical Fundamentals of Computer Security (with demonstration of the Ja

Central Connecticut State University March 6, 2012 . Algorithms and Software Tools for Learning Mathematical Fundamentals of Computer Security (with demonstration of the Java Applets). Vladimir V. Riabov, Ph.D. Professor of Computer Sciences & Mathematics

bellona
Download Presentation

Algorithms and Software Tools for Learning Mathematical Fundamentals of Computer Security (with demonstration of the Ja

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Central Connecticut State University March 6, 2012 Algorithms and Software Tools for Learning Mathematical Fundamentals of Computer Security (with demonstration of the Java Applets) Vladimir V. Riabov, Ph.D. Professor of Computer Sciences & Mathematics Rivier College, Nashua, New Hampshire, USA E-mail: vriabov@rivier.edu Web: http://www.rivier.edu/faculty/vriabov/cs572aweb/

  2. Mathematical Fundamentals of Computer Security: CHALLENGES • Many computer security topics involve Math concepts that are not often taught, or inadequately covered, in curricula, including sets, permutations, combinations, and probability; number theory (divisibility, primes, groups, rings, and fields); modular arithmetic; and computability theory (the reasonableness of an algorithm). • The challenge is how to introduce these topics to a typically Math-phobic audience, without eliciting a “deer in the headlights” response. • We try to motivate coverage based on simple, real-world applications of these topics. Math Fundamentals of Computer Security

  3. Non-Trivial Motivational Study Cases: Puzzling vs. Drilling Warm-Up Study Case: • What is the last digit of the number 25975927[mod(10)]? • Using MSExcel™ spreadsheet, find the last digit of the number 719 [mod(10)]? • How to use your findings in these two cases for encrypting e-messages? “The whole art of teaching is only the art of awakening the natural curiosity of the young mind for the purpose of satisfying it afterwards,” – Anatole France “The important thing is not to stop questioning... Never lose a holy curiosity,” – Albert Einstein Math Fundamentals of Computer Security

  4. What is the last digit of the number25975927[mod(10)]? • It’s enough to consider the last digit of a simpler number 75927; • Do your experiments! (see Table) • “LAST” can be 7, 9, 3, or 1 only; therefore, it is a cycle of four cases; • The power, 5927 can be represented as 5927 = 4*1481+3; • Therefore, “LAST” of 75927 is the same as the “LAST” of 73, which is “3”. • Answer: “3”. • Try MS Excel™Spreadsheets!(see Table) • Why the last digit of the number 7N at N > 18 is 0 there? • HINT: Consider the number of “valuable” digits in large natural numbers calculated with MS Excel™! Math Fundamentals of Computer Security

  5. Assignment-1: Cracking a Simple Cipher The course textbook (Network Security: Private Communi-cation in a Public Worldby Charlie Kaufman, Radia Perlman, Mike Speciner, 2nd edition, 2004) contains two ciphers: On the page immediately following the title page: Si spy net work, big fedjaw iog link kyxogy On page 44: Cf lqr'xs xsnyctm n eqxxqgsy iqul qf wdcp eqqh, erl lqrx qgt iqul! These ciphers are simple substitution ciphers of the type that newspapers often publish daily as crypto-puzzles. Math Fundamentals of Computer Security

  6. What to Submit in Assignment-1 Report? • What plan of attack have you used? This may actually be more than one plan of attack, if one or more plans failed to produce results. I want to hear about all the unsuccessful attempts as well as the successful one(s) – this is often more illuminating than just discussing the successful approaches.  (You learn a lot more from your mistakes than from your successes!) • What assumptions you made; what deductions you made? • How long it took you to solve each of the puzzles. HINT: Edgar Allan Poe's The Gold Bug and Sir Arthur Conan Doyle's The Adventure of the Dancing Men show examples of explanations of how their characters solved ciphers. Math Fundamentals of Computer Security

  7. Examples of Student’s Assignment-1 Reports Math Fundamentals of Computer Security

  8. Examples of Student’s Assignment-1 Reports Math Fundamentals of Computer Security

  9. Lectures • History of cryptography; • Sets, permutations, combinations, and probability; • Number theory and modular arithmetic; • Classical cryptosystems; • Symmetric block ciphers; • Public key cryptography; • Message authentication codes; • Hashes and message digests; • Web security and privacy for users; • Firewalls, tunneling and virtual private networks (VPNs); • Malware. Math Fundamentals of Computer Security

  10. Java Applets Security Tools Students have used these tools for reviewing topics on probabilities and combinatorics, as well as for deciphering simple Shift Substitution ciphertexts, MonoAlphabetic substitution ciphers, Playfair and Vigenère ciphers, as well as for exploring modular arithmetic and message digests. Web: http://www.rivier.edu/faculty/vriabov/webresos.htm Math Fundamentals of Computer Security

  11. Assignment-2: Cracking Classic Ciphers • Here's the ciphertext for a message enciphered by using the Shift Substitution Cipher (known as Caesar's Cipher): Qeb bkbjv mixkp ql xqqxzh lk Qrbpaxv jlokfkd Q: Given the approach described above, for a Shift Substitution Cipher, how many possibilities are there for a shift value? Is this a feasible task? Ans: … Math Fundamentals of Computer Security

  12. MonoAlphabetic Substitution Ciphers • MonoAlphabetic Substitution Ciphers employ another approach:  Instead of using a simple shift to determine the letter mapping, they select an individual mapping for each character, where the relative position of the corresponding characters is, in general, different for all characters. • Q: How many possibilities are there for character mappings in this approach? Is this a feasible task? • Ans: …… • Assumptions about the plaintext: • That the plaintext consists of characters, not some kind of binary code. • That it is written in some known natural language (e.g., English). • That we know the frequency of letters in a typical piece of text in that language. • That the plaintext is typical of normal English text, and so we expect the same frequencies of letters (approximately, within statistical fluctuations). Math Fundamentals of Computer Security

  13. Student’s Report on Assignment-2: Cracking Classic Ciphers Math Fundamentals of Computer Security

  14. MonoAlphabetic Substitution Ciphers Letter Frequencies Analysis Decrypt the cipher text-1 (3 pages, 620 words, 2,685 characters), where the original word spacing, punctuation, and style is retained. Math Fundamentals of Computer Security

  15. Student’s Report on Assignment-2: MonoAlphabetic Substitution Ciphers Math Fundamentals of Computer Security

  16. Polygram Substitution Ciphers • Mapping single letters to single letters is not secure, so cryptographers came up with the concept of mapping entire blocks of plaintext letters to blocks of ciphertext letters. • For example, using a block size of 8, we could map blocks of 8 letters at a time: AAAAAAAA through ZZZZZZZZ -- there are 268 distinct possibilities. • To break such a cipher, you would have to have a table of size 268 = 208,827,064,576 blocks, and also know the relative frequencies of the occurrence of 8-letter blocks in the plaintext. Math Fundamentals of Computer Security

  17. Exploring the Playfair Cipher In 1854, Sir Charles Wheatstone invented the Playfair Cipher, which is a polygram substitution cipher using a block size of 2. Based on the use of a 5 × 5 square matrix of letters, constructed starting from a keyword or keyphrase. Each unique letter from the phrase is inserted into the square, until there are no more letters, and then the remaining letters of the alphabet are added to fill the square. For example, the phrase "Cynicism is the last refuge of the romantic" produces the matrix shown below. Math Fundamentals of Computer Security

  18. Exploring the Playfair Cipher (continue) • Here are the rules to encipher a piece of plaintext: Massachusetts goes Republican! • First, eliminate all non-letter characters, and upcase all letters: MASSACHUSETTSGOESREPUBLICAN • Then, arrange the plaintext in pairs of letters. If any pair of letters contains the same letter (for example, 'SS'), then insert an 'X': MA SX SA CH US ET TS GO ES RE PU BL IC AN • If there is a last character not paired, add an 'X'. Math Fundamentals of Computer Security

  19. Exploring the Playfair Cipher (continue) • For each pair of plaintext characters, call the first p, and the second q; the corresponding ciphertext characters c and d: • If p and q are in the same row of the matrix, c is the letter to the right ofp, and d is the letter to the right of q, wrapping around if necessary • If p and q are in the same column of the matrix, c is the letter belowp, and d is the letter belowq, wrapping around if necessary • If p and q share neither the same row nor column, they define the corners of a square. The other two corners of the square are c and d, with c being the letter in the same column as p. MA SX SA CH US ET TS GO ES RE PU BL IC AN AO ZI GC MN IG LH YL PA IL TU GK TP SY CF How would you decipher this message? Math Fundamentals of Computer Security

  20. Trying the Playfair Cipher Java Applet Math Fundamentals of Computer Security

  21. PolyAlphabetic Substitution Ciphers • Because monoalphabetic substitution ciphers are so notoriously insecure, cryptographers invented PolyAlphabetic Substitution Ciphers • A PolyAlphabetic Substitution Cipher has: • A set of related monoalphabetic substitution rules, and • A key to determine which particular rule is chosen for a given transformation Math Fundamentals of Computer Security

  22. The Vigenère Cipher • The best known (and one of the simplest) polyalphabetic substitution cipher is the Vigenère Cipher It uses a Vigenère Tableau (table in French) or Vigenère Square Math Fundamentals of Computer Security

  23. The Vigenère Cipher • To encrypt a plaintext message: • Choose a key. • Extract the first letter in the plaintext, p, and the first letter in the key, q. • Use p to select a column in the tableau and q to select a row in the tableau. The character in the corresponding cell is the ciphertext character. • Repeat for the second plaintext character, and second key letter, and so on. When you come to the end of the key, you wrap around to the first letter of the key. • The length of the key is called the period of the cipher. Math Fundamentals of Computer Security

  24. The Vigenère Cipher • The strength of this cipher is that there are multiple ciphertext letters for each plaintext letter, and so the letter frequency information is obscured. • For a long time, the Vigenère Cipher was considered unbreakable. • Then a retired Prussian cavalry officer named Kasiski noticed that repetitions occur in the ciphertext when characters of the key appear over the same characters in the ciphertext. The number of characters between the repetitions is a multiple of the period. • The longer the period, the more secure is the cipher -- preferably the key value should be chosen to be as long as the plaintext, and should have no statistical relationship with it. Math Fundamentals of Computer Security

  25. Variations of the Vigenère Cipher: • The Full Vigenère Cipher • Use of a tableau with each line representing a permutation of the alphabet, not just a simple shift • The Auto-Key Vigenère Cipher • Both the key and [part of] the plaintext are the used as the real key • The Running Key Vigenère Cipher (Vernam Cipher) • Makes use of a very long key — for example, a passage from a book, or a running loop of tape. but each one of them is still vulnerable to a letter frequency analysis. Math Fundamentals of Computer Security

  26. The One-Time Pad Cipher • A U.S. Army Signal Officer, Joseph Mauborgne, proposed an improvement on the Vernam Cipher -- the One-Time Pad. • Uses a random key that is truly as long as the message, with no repetitions. • This type of cipher is provably unbreakable. • It produces random output that bears no statistical relationship to the plaintext, and so there is no way to break the cipher. • In practice, the one-time pad has problems: • No practical way of making large quantities of random keys. • Key distribution is a truly daunting task. • For these reasons, the one-time pad is not used today Math Fundamentals of Computer Security

  27. Exploring Probabilities: Simulating a Coin Toss • 50%-50% chance the coin will land with heads facing up in a large number (N) of tosses; • Error is proportional to ~ 1/SQRT(N). Math Fundamentals of Computer Security

  28. Exploring Probabilities: Factorial, Power, Permutation, and Combination Utility of Java Applets Math Fundamentals of Computer Security

  29. Exploring Prime Numbers: The Sieve of Eratosthenes Java Applet Math Fundamentals of Computer Security

  30. Exploring Modular Arithmetic: Multiplicative Inverse a-1 ≡ x (mod p) has a solution iff a and p are relatively prime. The only rows and columns in the Multiplication Table that contain a 1 are for values that are relatively prime to p = 10: 1, 3, 7, 9. Math Fundamentals of Computer Security

  31. Modular Arithmetic: Finite, or Galois Fields • A finite field (also known as a Galois* Field) is a field with a finite number of elements. Finite fields are critical to the success of many cryptographic algorithms. • The finite fields are completely known: • It can be shown that the order of a finite field (number of elements in the field) must be a power of a prime, pn, where n is a positive integer. • For a given prime, p, the finite field of order p, GF(p) is defined as the set Zp of integers {0, 1, ... , p - 1}, together with the arithmetic operations modulo p. *Evariste Galois (1811-1832), French mathematician Math Fundamentals of Computer Security

  32. Modular Arithmetic: Binary Systems • Here are the values for (a + b) mod 2: • and (a•b) mod 2: Implementation: The field Z2, ({0, 1}), is an important tool to analyze cryptographic algorithms by computer. Math Fundamentals of Computer Security

  33. Modular Arithmetic: • Cryptography uses modular arithmetic a great deal, because: • Calculating discrete logarithms and square roots mod n can be hard problems. • It's easier to work with on computers, because it restricts the range of all intermediate values and results • For a k-bit modulus, n, the intermediate results of any addition, subtraction, or multiplication will not exceed 2k bits in length. • We can perform modular exponentiation without generating huge intermediate results • Arithmetic operations, mod 2, are natural for computers, because of the equivalence of addition with XOR, and multiplication with AND, etc. Math Fundamentals of Computer Security

  34. Modular Arithmetic: Field Zn* • Z is the set of all integers • We've seen that Zn is the set of integers mod n • Z10 = {0,1,2,3,4,5,6,7,8,9} • Zn* is defined as the set of mod n integers that are relatively prime to n • Z10* = {1,3,7,9} (0 is missing because gcd(0, 10) = 10) • The multiplication table for Z10* indicates: Zn* is closed under multiplication mod n Math Fundamentals of Computer Security

  35. Euler's Totient Function • An important quantity in number theory is Euler's Totient Function: • The number of positive integers less than n, that are relatively prime to n. • It is written φ(p): φ(1) = 1 φ(p) = p – 1 (for p prime) φ(m) < m – 1 (for m composite) • In other words, Euler's Totient Function φ(p) is the number of elements inZn* Math Fundamentals of Computer Security

  36. Properties of Euler's Totient Function • Assume we have two distinct prime numbers, p and q, and an integer n = pq • Then: • The set of residues in Zn is {0,1,...,(pq - 1)} • The residues that are not relatively prime to n are: • The set {p, 2p, ... ,(q - 1)p}, the set {q, 2q, ... ,(p - 1)q}, and 0 • So: This fact laid the foundation to various modern encryption algorithms, including the RSA public key encryption (1977). Math Fundamentals of Computer Security

  37. RSA Algorithm (1977) RSA Algorithm was created by Ron Rivest, Adi Shamir, and Len Adleman from MIT Math Fundamentals of Computer Security

  38. RSA Example Math Fundamentals of Computer Security

  39. Triple Data Encryption Algorithm • Original Data Encryption Standard (DES-1977) declared insecure in 1998 • Electronic Frontier Foundation & DES Cracker machine • New DEA Standard (ANSI X9.17 1985) • TDEA Algorithm (1999) uses 3 keys and 3 executions of DEA algorithm • Effective key length 168 bit. Math Fundamentals of Computer Security

  40. Location of Encryption Devices Math Fundamentals of Computer Security

  41. Automatic Key Distribution Traffic Padding: • Produce cipher text continuously • If no plain text to encode, send random data • Make traffic analysis impossible Math Fundamentals of Computer Security

  42. The Advanced Encryption Standard (AES) • In 1997, the National Institute of Standards (NIST) announced a contest to select a new encryption standard to be used for protecting sensitive, non-classified, U.S. government information. • Among 5 finalists, NIST chose a submission called "Rijndael" by two Belgian cryptographers – Joan Daemen and Vincent Rijmen. Rijndael uses arithmetic in the Galois Field GF(28), the finite field of order 256. • The order of a finite field (number of elements in the field) must be a power of a prime, pn, where n is a positive integer. In Rijndaeln = 8, and each element of the field can be represented by an octet. The bits in the octet are the coefficients of a polynomial over Z2 modulo the irreducibleZ2polynomial. Math Fundamentals of Computer Security

  43. Polynomial Algebra • Operation of addition is performed using an XOR operation denoted by . For example, all notations below are equivalent:   (x6 + x4 + x2 + x + 1) + (x7 + x + 1) = x7 + x6 + x4 + x2 + 0 [polynomial notation]; {01010111} {10000011} = {11010100} [binary notation]. • Multiplication in Rijndael is the multiplication of polynomials modulo the irreducible polynomial. For example, in the polynomial notation: (x6 + x4 + x2 + x + 1) • (x7 + x + 1) = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1, and (x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1) mod (x6 + x4 + x2 + x + 1) = x7 + x + 1. The set of 256 possible byte values, with XOR used as addition, and the multiplication defined as above, has the structure of the finite field GF(28). Math Fundamentals of Computer Security

  44. One-Way Hash Functions • Can be viewed as a variation on a Message Authentication Code (MAC) function: • A Hash Function accepts a variable-size message, M, as input and produces a fixed-size output, referred to as a Hash Code, or Message Digest: h = H(M) • Unlike a MAC function, a hash code: • does not use a key, and so • is a function only of the input message • A change to any bit (or bits) of the message results in a change to the hash code, which can provide an error-detection capability. • A message digest can be used as a fingerprint for a message, to allow detection of message modification. Math Fundamentals of Computer Security

  45. One-Way Hash Functions (continue) • Requirements for a hash function are: • Can be applied to a block of data of any size • Produces a fixed-length output • H(M) is relatively easy to compute for any given M, allowing for both software and hardware implementations • For any given value h, it is computationally infeasible to find M such that h = H(M). This is the One-way Property. • For any given block, M, it is computationally infeasible to find M' != M with H(M') = H(M). • This is called Weak Collision Resistance. • It is computationally infeasible to find any pair (M, M') such that H(M) = H(M'). • This is called Strong Collision Resistance. Math Fundamentals of Computer Security

  46. One-Way Hash Functions (continue) • The drive for hash/message digest algorithms began with public key cryptography • RSA Encryption Algorithm (1977) was invented, but it was slow enough at that time to make it impractical when used alone. • A cryptographically secure message digest algorithm with high performance would make RSA Encryption Algorithm much more useful. Math Fundamentals of Computer Security

  47. One-Way Hash Function: Message Digest (MD) • After several attempts, Ron Rivest (of RSA fame) invented MD5 (defined in RFC 1321) • Produces a 128-bit one-way hash function • The NSA designed the Secure Hash Algorithm (SHA) • The National Institute of Standards and Technology (NIST), made it a standard. • They revised it very late in the game, because of some (unspecified) weakness that had been found, and changed its name to SHA-1. • SHA-1 is a 160-bit hash function based on MD4; • Shares much in common with MD5, but has a much more conservative design; • 2 or 3 times slower than MD5. Math Fundamentals of Computer Security

  48. Exploring Message Digests with Java Applets Math Fundamentals of Computer Security

  49. Typical Usage of Digests • Here's an example of the use of SHA-1 in a real application – Java JAR files: • In the jce.jar (Java Cryptography Extension) JAR file, the manifest contains the following: Manifest-Version: 1.0 Created-By: 1.4.1-internal (Sun Microsystems Inc.) Name: javax/crypto/SealedObject.class SHA1-Digest: R+GWl6Zuqgtty1zOaP5RrRSGfQo= Name: javax/crypto/KeyAgreementSpi.class SHA1-Digest: fdmlqpiTKMzV65+93O4tJ3Uo6wg= Name: javax/crypto/spec/DESedeKeySpec.class SHA1-Digest: Q7UJvLuk8GST42GW6xDlXHe3Xv8= Name: javax/crypto/spec/DHParameterSpec.class SHA1-Digest: y0oY9yd/BQQxEc/2q1Cytta/r2E= Name: javax/crypto/interfaces/DHPrivateKey.class SHA1-Digest: jwgw7pakTyKOlLBNivsp6V6Ad4k= Math Fundamentals of Computer Security

  50. Students' projects implemented in local companies and the community: • Senthil Balakrishnan, “Wireless Encryption Technology” • Tom Borick, “Secure Wi-Fi Technologies for Enterprise LAN Network” • Travis Bryant, “Steganography and Steganalysis” • Soumya Busani, Anitha Karthikeyan, and Sunitha Malipeddi, “Intrusion Prevention System” • Praveen Dandu and Vineeta Sharma, “Security and SQL Injections” • Nigel D'Souza, Charles Heintzelman, and Suresh Kumar Sundaravadivelu, “Virtual Private Networks” • Harika Samudrala, “Firewalls Overview” • Tejinder Singh, Arti Sood, and Daniel Szilagyi, “RADIUS Protocol” • Pratheeba Thangavel and Malathi Thiagarajan, “Secured Communication in Java.” Math Fundamentals of Computer Security

More Related