470 likes | 484 Views
CSC 382: Computer Security. Modern Cryptography. Overview. Cryptographic Checksums Hash Functions HMAC Number Theory Review Public Key Cryptography One-Way Trapdoor Functions Diffie-Helman RSA Modern Steganography. Hash Functions. Checksum to verify data integrity.
E N D
CSC 382: Computer Security Modern Cryptography CSC 382: Computer Security
Overview • Cryptographic Checksums • Hash Functions • HMAC • Number Theory Review • Public Key Cryptography • One-Way Trapdoor Functions • Diffie-Helman • RSA • Modern Steganography CSC 382: Computer Security
Hash Functions Checksum to verify data integrity. Hash Function h: AB • Input A: variable length • Output B: fixed length “fingerprint” of input Many inputs produce same output. Example Hash Function • Sum 32-bit words of message mod 232. CSC 382: Computer Security
Hash Function: ASCII Parity ASCII parity bit • ASCII has 7 bits; 8th bit is for “parity” • Even parity: even number of 1 bits • Odd parity: odd number of 1 bits Bob receives “10111101” as bits. • Sender is using even parity; 6 1 bits, so character was received correctly • Note: could be garbled, but 2 bits would need to have been changed to preserve parity • Sender is using odd parity; even number of 1 bits, so character was not received correctly CSC 382: Computer Security
Cryptographic Checksums Hash with authentication/integrity protection • Cannot obtain original message from hash. • Cannot find another message with same hash. Additional Names • Message Authentication Code • Message Digest CSC 382: Computer Security
One-Way Function Function f easy to compute, hard to reverse • Given x, easy to calculate f(x). • Given f(x), hard to compute x. What’s easy and what’s hard? • easy: polynomial time • hard: exponential time • Are there any one-way functions? CSC 382: Computer Security
Cryptographic Checksum Definition A function h: AB such that: • For any x IN A, h(x) is easy to compute. • For any y IN B, it is computationally infeasible to find x IN A such that h(x) = y. • It is computationally infeasible to find x, x´ IN A such that x ≠ x´ and h(x) = h(x´). CSC 382: Computer Security
Collisions If x ≠ x´ and h(x) = h(x´), x and x´ collide. • Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. • Application: suppose n = 5 and k = 3. Then there are 32 elements of A and 8 elements of B, so at least one element of B has at least 4 corresponding elements of A. CSC 382: Computer Security
Hash Function Examples Input • “Cryptography” Output (base64 encoded): • http://www.xml-dev.com/blog/sha1.php • MD5 (128-bit) • 64ef07ce3e4b420c334227eecb3b3f4c • SHA1 (160-bit) • b804ec5a0d83d19d8db908572f51196505d09f98 CSC 382: Computer Security
Keyed Hash Function Hash function + secret key Why? • Authentication How? • Symmetric encryption algorithm • Use last 64 bits of DES in CBC mode. • HMAC algorithm • Incorporate key into a keyless hash algorithm. • Created to avoid export restrictions on encryption algorithms. CSC 382: Computer Security
HMAC HMAC = Hash Function + Key Inputs: • h: keyless cryptographic checksum function that takes data in blocks of b bytes and outputs blocks of l bytes. • k:cryptographic key. • k´: k modified to be of length b. • If short, pad with 0 bytes. • If long, hash to length b. CSC 382: Computer Security
HMAC HMAC-h(k, m) = h(k´ opad || h(k´ ipad || m)) • exclusive or • || concatenation • ipad is 00110110 repeated b times. • opad is 01011100 repeated b times. Security depends on security of hash function h. CSC 382: Computer Security
Current State of Hash Functions MD4, MD5, SHA-0 Collisions (2004) SHA-1 Collisions (2005) • Effort required is 269 instead of 280. No effective pre-image attacks discovered yet. What’s the impact? • Attacker could create two documents. • Document A requires payment of $500. • Document B requires payment of $50,000. • Digital signatures sign MAC, not document. • Both documents have same MAC. Use SHA-256 for now. CSC 382: Computer Security
Number Theory Review • Prime Numbers • Fundamental Theorem of Arithmetic • Greatest Common Divisors • Relatively Prime Numbers • Modular Inverses • Euler’s Totient Function CSC 382: Computer Security
Fundamental Thm of Arithmetic Definition: An integer n > 1 is prime if its only factors are 1 and n. Definition: An integer n > 1 that is not prime is composite. Theorem: An integer n > 1 can be written as a product of prime numbers. n = p1a p2b p3c p4d … CSC 382: Computer Security
Greatest Common Divisor Definition: The greatest common divisor of integers a and b > 0, gcd(a,b) is the largest number that divides both a and b. Definition: Two integers a and b > 0 are relatively prime if gcd(a,b) = 1. Theorem: If n is prime, then every integer from 1 to n-1 is relatively prime to n. CSC 382: Computer Security
Modular Inverses Multiplicative Inverse: The inverse of a number x is a number x-1 such that xx-1 = 1. Modular Inverse: An integer x-1 such that 1 = (x x-1) mod n There is not always a solution. 2 has no inverse mod 16 A unique solution exists if x and n are relatively prime. CSC 382: Computer Security
Euler Totient Function Euler’s totient function (n) Number of positive integers less than n and relatively prime to n. Example:(10) = 4 1, 3, 7, 9 are relatively prime to 10 Theorem: If gcd(a,b)=1, (ab) = (a) (b) Note: If n is prime, (n) = n – 1 Result: If a, b prime, (ab) = (a-1)(b-1) CSC 382: Computer Security
Euler’s Totient Theorem Theorem: If n > 1 and gcd(a,n) = 1, then a(n) mod n = 1. Corollary: If n > 1 and gcd(a,n) = 1, then a(n)-1 mod n is the modular inverse of a mod n. CSC 382: Computer Security
Why do we need PK Cryptography? Classical cryptography session: • Alice and Bob agree on algorithm. • Alice and Bob agree on key. • Alice encrypts her message with agreed upon algorithm and key. • Alice sends ciphertext message to Bob. • Bob decrypts ciphertext with same algorithm and key as Alice used. CSC 382: Computer Security
Public Key Cryptography Two keys • Private key known only to owner. • Public key available to anyone. Applications • Confidentiality: • Sender enciphers using recipient’s public key, • Receiver deciphers using their private key. • Integrity/authentication: • Sender enciphers using own private key, • Recipient deciphers using sender’s public key. CSC 382: Computer Security
Requirements • It must be computationally easy to encipher or decipher a message given the appropriate key. • It must be computationally infeasible to derive the private key from the public key. • It must be computationally infeasible to determine the private key from a chosen plaintext attack. CSC 382: Computer Security
One-Way Trapdoor Functions Trapdoor one-way Function: One-way function whose inverse is easy to calculate only if given a special piece of information. Example: Prime factoring • Easy to calculate product. • Difficult to calculate prime factors from product. • Easy to calculate one prime factor, given others. CSC 382: Computer Security
Diffie-Hellman Compute a common, shared key • Called a symmetric key exchange protocol. Based on discrete logarithm problem • Given integers n and g and prime number p, compute k such that n = gk mod p. • Solutions known for small p. • Computationally infeasible for large p. CSC 382: Computer Security
Algorithm Shared Constants • prime modulus p, • integer base g ≠ {0, 1, p–1} Procedure • User A(lice) chooses a private key k. • Computes public key K = gk mod p. • Enciphers user B(ob) public key using own private key to obtain the shared key S. • Encrypt msgs w/ symmetric cipher using S key. CSC 382: Computer Security
Algorithm Alice chooses private key kAlice, computes public key KAlice = gkAlice mod p. To communicate with Bob, Alice computes Kshared = KBobkAlice mod p To communicate with Alice, Bob computes Kshared = KAlicekBob mod p Modular exponentiation ensures SA,B = SB,A. For practical use, p must be very large. CSC 382: Computer Security
Example Assume p = 53 and g = 17 Alice chooses kAlice = 5 • Then KAlice = 175 mod 53 = 40 Bob chooses kBob = 7 • Then KBob = 177 mod 53 = 6 Shared key: • KBobkAlice mod p = 65 mod 53 = 38 • KAlicekBob mod p = 407 mod 53 = 38 CSC 382: Computer Security
RSA Exponentiation cipher, not just key exchange. Relies on the difficulty of determining the number of numbers relatively prime to a large integer n. CSC 382: Computer Security
Algorithm Choose two large prime numbers p, q • Let n = pq; then (n) = (p–1)(q–1) • Choose e < n such that e relatively prime to (n). • Compute inverse of e, d • ed mod (n) = 1 Public key: (e, n) Private key: d Encipher: c = me mod n Decipher: m = cd mod n CSC 382: Computer Security
Example: Confidentiality Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Bob wants to send Alice secret message HELLO (07 04 11 11 14) • 0717 mod 77 = 28 • 0417 mod 77 = 16 • 1117 mod 77 = 44 • 1117 mod 77 = 44 • 1417 mod 77 = 42 Bob sends 28 16 44 44 42 CSC 382: Computer Security
Example Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: • 2853 mod 77 = 07 • 1653 mod 77 = 04 • 4453 mod 77 = 11 • 4453 mod 77 = 11 • 4253 mod 77 = 14 Alice translates message to letters to read HELLO • No one else could read it, as only Alice knows her private key and that is needed for decryption. CSC 382: Computer Security
Ex: Integrity/Authentication Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated) • 0753 mod 77 = 35 • 0453 mod 77 = 09 • 1153 mod 77 = 44 • 1153 mod 77 = 44 • 1453 mod 77 = 49 Alice sends 35 09 44 44 49 CSC 382: Computer Security
Example Bob receives 35 09 44 44 49 Bob uses Alice’s public key, e = 17, n = 77, to decrypt message: • 3517 mod 77 = 07 • 0917 mod 77 = 04 • 4417 mod 77 = 11 • 4417 mod 77 = 11 • 4917 mod 77 = 14 Bob translates message to letters to read HELLO • Alice sent it as only she knows her private key • If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly CSC 382: Computer Security
Example: Both Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked) • Alice’s keys: public (17, 77); private: 53 • Bob’s keys: public: (37, 77); private: 13 Alice enciphers HELLO (07 04 11 11 14): • (0753 mod 77)37 mod 77 = 07 • (0453 mod 77)37 mod 77 = 37 • (1153 mod 77)37 mod 77 = 44 • (1153 mod 77)37 mod 77 = 44 • (1453 mod 77)37 mod 77 = 14 Alice sends 07 37 44 44 14 CSC 382: Computer Security
Security Services Confidentiality • Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key. Authentication • Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner. CSC 382: Computer Security
More Security Services Integrity • Enciphered letters cannot be changed undetectably without knowing private key. Non-Repudiation • Message enciphered with private key came from someone who knew it. CSC 382: Computer Security
Warnings Encipher message in blocks considerably larger than the examples here • If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems.) • Attacker cannot alter letters, but can rearrange them and alter message meaning. • Ex: reverse ciphertext of message ON to get NO CSC 382: Computer Security
Using gpg Generate a public/private keypair zappa> gpg --gen-key Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? 1 CSC 382: Computer Security
Using gpg: exchanging keys Giving someone your public key gpg --export --armor your_email_addr Adding someone’s public key to your key ring gpg --import jameskey.pub Confirming that you’ve got their key gpg --fingerprint james Trusting their key gpg –edit-key james > sign CSC 382: Computer Security
Using gpg: encryption Encryption: Import public key of recipient gpg --output file.gpg --encrypt --armor --recipient waldenj@nku.edu file.txt Decryption: gpg --output file.txt --decrypt file.gpg CSC 382: Computer Security
Using gpg: digital signatures Digitally sign a file using your key gpg --output file.sig --armor --sign file.txt Verify a digital signature gpg --verify file.sig gpg: Signature made Sat Feb 28 14:54:30 2004 EST using DSA key ID 74291942 gpg: Good signature from "James Walden <waldenj@nku.edu>" CSC 382: Computer Security
Steganography Hiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent. • Wax Tablets: In ancient times, messages were written in wax poured on top of a stone or wood tablet. Messages were hidden by engraving them in the stone then pouring wax over them. • Invisible Ink: Write message using lemon juice on paper. Write covertext in regular ink after dries. Heat to view hidden message. • Null Cipher: Hide message in ordinary text, using nth letter of each word, or every nth word of the message. CSC 382: Computer Security
Digital Steganography • Choose a cover medium file. • JPEG, MP3, etc. • Identify redundant bits in cover medium. • Low order bits in image and audio files. • Replace subset of redundant data with secret message. • Send steganographic file to recipient. CSC 382: Computer Security
JSteg: JPEG Steganography JPEG image format • For each color component, a discrete cosine transform (DCT) transforms successive 8x8 pixel blocks into 64 DCT coefficients. • Quantize DCT coefficients. Derek Upham’s JSteg algorithm • LSBs of DCT coefficients are redundancy. • Modification of a single DCT coef affects all 64 pixels. • Frequency domain changes are not visually observable. CSC 382: Computer Security
Steganalysis Compare steganographic file with original. • 100% effective at identifying presence. • Original file is “secret key” of steganography. Statistical analysis • Inserting high entropy changes histogram of color frequencies in predictable ways. • Reduces frequency difference between adjacent colors. Countermeasures • Insert less information to reduce impact. • Choose DCT coefficients to modify at random. • Alternate +/- DCT coefficient value to encode bits. • Use parity of groups of DCT LSBs to encode a message. CSC 382: Computer Security
Key Points • Two types of cryptosystems: • classical (symmetric) • public key (asymmetric) • Cryptographic checksums provide integrity check. • One-way functions. • Keyed hash functions. • Public Key Cryptography • One-way trapdoor functions. • Confidentiality: encipher with public, deciper with private • Integrity: encipher with private, decipher with public • Steganography • Hiding existence of message inside other data. CSC 382: Computer Security
References • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. • Cryptography Research, “Hash Collision FAQ,” http://www.cryptography.com/cnews/hash.html, 2005. • Paul Garrett, Making, Breaking Codes: An Introduction to Cryptology, Prentice Hall, 2001. • Steven Levy, Crypto, Penguin Putnam, 2002. • Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall, 2004. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, CRC Press, 1996. • Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996. • NIST, FIPS-198a, “The Keyed-Hash Message Authentication Code (HMAC)”,http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf • Niels Provos and Peter Honeyman, “Hide and Seek: An Introduction to Steganography,” IEEE Security & Privacy, May/June 2003. • John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2002. CSC 382: Computer Security