1 / 47

CSC 382: Computer Security

CSC 382: Computer Security. Modern Cryptography. Overview. Cryptographic Checksums Hash Functions HMAC Number Theory Review Public Key Cryptography One-Way Trapdoor Functions Diffie-Helman RSA Modern Steganography. Hash Functions. Checksum to verify data integrity.

debbyj
Download Presentation

CSC 382: Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 382: Computer Security Modern Cryptography CSC 382: Computer Security

  2. Overview • Cryptographic Checksums • Hash Functions • HMAC • Number Theory Review • Public Key Cryptography • One-Way Trapdoor Functions • Diffie-Helman • RSA • Modern Steganography CSC 382: Computer Security

  3. Hash Functions Checksum to verify data integrity. Hash Function h: AB • Input A: variable length • Output B: fixed length “fingerprint” of input Many inputs produce same output. Example Hash Function • Sum 32-bit words of message mod 232. CSC 382: Computer Security

  4. Hash Function: ASCII Parity ASCII parity bit • ASCII has 7 bits; 8th bit is for “parity” • Even parity: even number of 1 bits • Odd parity: odd number of 1 bits Bob receives “10111101” as bits. • Sender is using even parity; 6 1 bits, so character was received correctly • Note: could be garbled, but 2 bits would need to have been changed to preserve parity • Sender is using odd parity; even number of 1 bits, so character was not received correctly CSC 382: Computer Security

  5. Cryptographic Checksums Hash with authentication/integrity protection • Cannot obtain original message from hash. • Cannot find another message with same hash. Additional Names • Message Authentication Code • Message Digest CSC 382: Computer Security

  6. One-Way Function Function f easy to compute, hard to reverse • Given x, easy to calculate f(x). • Given f(x), hard to compute x. What’s easy and what’s hard? • easy: polynomial time • hard: exponential time • Are there any one-way functions? CSC 382: Computer Security

  7. Cryptographic Checksum Definition A function h: AB such that: • For any x IN A, h(x) is easy to compute. • For any y IN B, it is computationally infeasible to find x IN A such that h(x) = y. • It is computationally infeasible to find x, x´ IN A such that x ≠ x´ and h(x) = h(x´). CSC 382: Computer Security

  8. Collisions If x ≠ x´ and h(x) = h(x´), x and x´ collide. • Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. • Application: suppose n = 5 and k = 3. Then there are 32 elements of A and 8 elements of B, so at least one element of B has at least 4 corresponding elements of A. CSC 382: Computer Security

  9. Hash Function Examples Input • “Cryptography” Output (base64 encoded): • http://www.xml-dev.com/blog/sha1.php • MD5 (128-bit) • 64ef07ce3e4b420c334227eecb3b3f4c • SHA1 (160-bit) • b804ec5a0d83d19d8db908572f51196505d09f98 CSC 382: Computer Security

  10. Keyed Hash Function Hash function + secret key Why? • Authentication How? • Symmetric encryption algorithm • Use last 64 bits of DES in CBC mode. • HMAC algorithm • Incorporate key into a keyless hash algorithm. • Created to avoid export restrictions on encryption algorithms. CSC 382: Computer Security

  11. HMAC HMAC = Hash Function + Key Inputs: • h: keyless cryptographic checksum function that takes data in blocks of b bytes and outputs blocks of l bytes. • k:cryptographic key. • k´: k modified to be of length b. • If short, pad with 0 bytes. • If long, hash to length b. CSC 382: Computer Security

  12. HMAC HMAC-h(k, m) = h(k´  opad || h(k´  ipad || m)) •  exclusive or • || concatenation • ipad is 00110110 repeated b times. • opad is 01011100 repeated b times. Security depends on security of hash function h. CSC 382: Computer Security

  13. Current State of Hash Functions MD4, MD5, SHA-0 Collisions (2004) SHA-1 Collisions (2005) • Effort required is 269 instead of 280. No effective pre-image attacks discovered yet. What’s the impact? • Attacker could create two documents. • Document A requires payment of $500. • Document B requires payment of $50,000. • Digital signatures sign MAC, not document. • Both documents have same MAC. Use SHA-256 for now. CSC 382: Computer Security

  14. Number Theory Review • Prime Numbers • Fundamental Theorem of Arithmetic • Greatest Common Divisors • Relatively Prime Numbers • Modular Inverses • Euler’s Totient Function CSC 382: Computer Security

  15. Fundamental Thm of Arithmetic Definition: An integer n > 1 is prime if its only factors are 1 and n. Definition: An integer n > 1 that is not prime is composite. Theorem: An integer n > 1 can be written as a product of prime numbers. n = p1a p2b p3c p4d … CSC 382: Computer Security

  16. Greatest Common Divisor Definition: The greatest common divisor of integers a and b > 0, gcd(a,b) is the largest number that divides both a and b. Definition: Two integers a and b > 0 are relatively prime if gcd(a,b) = 1. Theorem: If n is prime, then every integer from 1 to n-1 is relatively prime to n. CSC 382: Computer Security

  17. Modular Inverses Multiplicative Inverse: The inverse of a number x is a number x-1 such that xx-1 = 1. Modular Inverse: An integer x-1 such that 1 = (x x-1) mod n There is not always a solution. 2 has no inverse mod 16 A unique solution exists if x and n are relatively prime. CSC 382: Computer Security

  18. Euler Totient Function Euler’s totient function (n) Number of positive integers less than n and relatively prime to n. Example:(10) = 4 1, 3, 7, 9 are relatively prime to 10 Theorem: If gcd(a,b)=1, (ab) = (a) (b) Note: If n is prime, (n) = n – 1 Result: If a, b prime, (ab) = (a-1)(b-1) CSC 382: Computer Security

  19. Euler’s Totient Theorem Theorem: If n > 1 and gcd(a,n) = 1, then a(n) mod n = 1. Corollary: If n > 1 and gcd(a,n) = 1, then a(n)-1 mod n is the modular inverse of a mod n. CSC 382: Computer Security

  20. Why do we need PK Cryptography? Classical cryptography session: • Alice and Bob agree on algorithm. • Alice and Bob agree on key. • Alice encrypts her message with agreed upon algorithm and key. • Alice sends ciphertext message to Bob. • Bob decrypts ciphertext with same algorithm and key as Alice used. CSC 382: Computer Security

  21. Public Key Cryptography Two keys • Private key known only to owner. • Public key available to anyone. Applications • Confidentiality: • Sender enciphers using recipient’s public key, • Receiver deciphers using their private key. • Integrity/authentication: • Sender enciphers using own private key, • Recipient deciphers using sender’s public key. CSC 382: Computer Security

  22. Requirements • It must be computationally easy to encipher or decipher a message given the appropriate key. • It must be computationally infeasible to derive the private key from the public key. • It must be computationally infeasible to determine the private key from a chosen plaintext attack. CSC 382: Computer Security

  23. One-Way Trapdoor Functions Trapdoor one-way Function: One-way function whose inverse is easy to calculate only if given a special piece of information. Example: Prime factoring • Easy to calculate product. • Difficult to calculate prime factors from product. • Easy to calculate one prime factor, given others. CSC 382: Computer Security

  24. Diffie-Hellman Compute a common, shared key • Called a symmetric key exchange protocol. Based on discrete logarithm problem • Given integers n and g and prime number p, compute k such that n = gk mod p. • Solutions known for small p. • Computationally infeasible for large p. CSC 382: Computer Security

  25. Algorithm Shared Constants • prime modulus p, • integer base g ≠ {0, 1, p–1} Procedure • User A(lice) chooses a private key k. • Computes public key K = gk mod p. • Enciphers user B(ob) public key using own private key to obtain the shared key S. • Encrypt msgs w/ symmetric cipher using S key. CSC 382: Computer Security

  26. Algorithm Alice chooses private key kAlice, computes public key KAlice = gkAlice mod p. To communicate with Bob, Alice computes Kshared = KBobkAlice mod p To communicate with Alice, Bob computes Kshared = KAlicekBob mod p Modular exponentiation ensures SA,B = SB,A. For practical use, p must be very large. CSC 382: Computer Security

  27. Example Assume p = 53 and g = 17 Alice chooses kAlice = 5 • Then KAlice = 175 mod 53 = 40 Bob chooses kBob = 7 • Then KBob = 177 mod 53 = 6 Shared key: • KBobkAlice mod p = 65 mod 53 = 38 • KAlicekBob mod p = 407 mod 53 = 38 CSC 382: Computer Security

  28. RSA Exponentiation cipher, not just key exchange. Relies on the difficulty of determining the number of numbers relatively prime to a large integer n. CSC 382: Computer Security

  29. Algorithm Choose two large prime numbers p, q • Let n = pq; then (n) = (p–1)(q–1) • Choose e < n such that e relatively prime to (n). • Compute inverse of e, d • ed mod (n) = 1 Public key: (e, n) Private key: d Encipher: c = me mod n Decipher: m = cd mod n CSC 382: Computer Security

  30. Example: Confidentiality Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Bob wants to send Alice secret message HELLO (07 04 11 11 14) • 0717 mod 77 = 28 • 0417 mod 77 = 16 • 1117 mod 77 = 44 • 1117 mod 77 = 44 • 1417 mod 77 = 42 Bob sends 28 16 44 44 42 CSC 382: Computer Security

  31. Example Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: • 2853 mod 77 = 07 • 1653 mod 77 = 04 • 4453 mod 77 = 11 • 4453 mod 77 = 11 • 4253 mod 77 = 14 Alice translates message to letters to read HELLO • No one else could read it, as only Alice knows her private key and that is needed for decryption. CSC 382: Computer Security

  32. Ex: Integrity/Authentication Take p = 7, q = 11, so n = 77 and (n) = 60 Alice chooses e = 17, making d = 53 Alice wants to send Bob message HELLO (07 04 11 11 14) so Bob knows it is what Alice sent (no changes in transit, and authenticated) • 0753 mod 77 = 35 • 0453 mod 77 = 09 • 1153 mod 77 = 44 • 1153 mod 77 = 44 • 1453 mod 77 = 49 Alice sends 35 09 44 44 49 CSC 382: Computer Security

  33. Example Bob receives 35 09 44 44 49 Bob uses Alice’s public key, e = 17, n = 77, to decrypt message: • 3517 mod 77 = 07 • 0917 mod 77 = 04 • 4417 mod 77 = 11 • 4417 mod 77 = 11 • 4917 mod 77 = 14 Bob translates message to letters to read HELLO • Alice sent it as only she knows her private key • If (enciphered) message’s blocks (letters) altered in transit, would not decrypt properly CSC 382: Computer Security

  34. Example: Both Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked) • Alice’s keys: public (17, 77); private: 53 • Bob’s keys: public: (37, 77); private: 13 Alice enciphers HELLO (07 04 11 11 14): • (0753 mod 77)37 mod 77 = 07 • (0453 mod 77)37 mod 77 = 37 • (1153 mod 77)37 mod 77 = 44 • (1153 mod 77)37 mod 77 = 44 • (1453 mod 77)37 mod 77 = 14 Alice sends 07 37 44 44 14 CSC 382: Computer Security

  35. Security Services Confidentiality • Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key. Authentication • Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner. CSC 382: Computer Security

  36. More Security Services Integrity • Enciphered letters cannot be changed undetectably without knowing private key. Non-Repudiation • Message enciphered with private key came from someone who knew it. CSC 382: Computer Security

  37. Warnings Encipher message in blocks considerably larger than the examples here • If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems.) • Attacker cannot alter letters, but can rearrange them and alter message meaning. • Ex: reverse ciphertext of message ON to get NO CSC 382: Computer Security

  38. Using gpg Generate a public/private keypair zappa> gpg --gen-key Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? 1 CSC 382: Computer Security

  39. Using gpg: exchanging keys Giving someone your public key gpg --export --armor your_email_addr Adding someone’s public key to your key ring gpg --import jameskey.pub Confirming that you’ve got their key gpg --fingerprint james Trusting their key gpg –edit-key james > sign CSC 382: Computer Security

  40. Using gpg: encryption Encryption: Import public key of recipient gpg --output file.gpg --encrypt --armor --recipient waldenj@nku.edu file.txt Decryption: gpg --output file.txt --decrypt file.gpg CSC 382: Computer Security

  41. Using gpg: digital signatures Digitally sign a file using your key gpg --output file.sig --armor --sign file.txt Verify a digital signature gpg --verify file.sig gpg: Signature made Sat Feb 28 14:54:30 2004 EST using DSA key ID 74291942 gpg: Good signature from "James Walden <waldenj@nku.edu>" CSC 382: Computer Security

  42. Steganography Hiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent. • Wax Tablets: In ancient times, messages were written in wax poured on top of a stone or wood tablet. Messages were hidden by engraving them in the stone then pouring wax over them. • Invisible Ink: Write message using lemon juice on paper. Write covertext in regular ink after dries. Heat to view hidden message. • Null Cipher: Hide message in ordinary text, using nth letter of each word, or every nth word of the message. CSC 382: Computer Security

  43. Digital Steganography • Choose a cover medium file. • JPEG, MP3, etc. • Identify redundant bits in cover medium. • Low order bits in image and audio files. • Replace subset of redundant data with secret message. • Send steganographic file to recipient. CSC 382: Computer Security

  44. JSteg: JPEG Steganography JPEG image format • For each color component, a discrete cosine transform (DCT) transforms successive 8x8 pixel blocks into 64 DCT coefficients. • Quantize DCT coefficients. Derek Upham’s JSteg algorithm • LSBs of DCT coefficients are redundancy. • Modification of a single DCT coef affects all 64 pixels. • Frequency domain changes are not visually observable. CSC 382: Computer Security

  45. Steganalysis Compare steganographic file with original. • 100% effective at identifying presence. • Original file is “secret key” of steganography. Statistical analysis • Inserting high entropy changes histogram of color frequencies in predictable ways. • Reduces frequency difference between adjacent colors. Countermeasures • Insert less information to reduce impact. • Choose DCT coefficients to modify at random. • Alternate +/- DCT coefficient value to encode bits. • Use parity of groups of DCT LSBs to encode a message. CSC 382: Computer Security

  46. Key Points • Two types of cryptosystems: • classical (symmetric) • public key (asymmetric) • Cryptographic checksums provide integrity check. • One-way functions. • Keyed hash functions. • Public Key Cryptography • One-way trapdoor functions. • Confidentiality: encipher with public, deciper with private • Integrity: encipher with private, decipher with public • Steganography • Hiding existence of message inside other data. CSC 382: Computer Security

  47. References • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. • Cryptography Research, “Hash Collision FAQ,” http://www.cryptography.com/cnews/hash.html, 2005. • Paul Garrett, Making, Breaking Codes: An Introduction to Cryptology, Prentice Hall, 2001. • Steven Levy, Crypto, Penguin Putnam, 2002. • Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall, 2004. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, CRC Press, 1996. • Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996. • NIST, FIPS-198a, “The Keyed-Hash Message Authentication Code (HMAC)”,http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf • Niels Provos and Peter Honeyman, “Hide and Seek: An Introduction to Steganography,” IEEE Security & Privacy, May/June 2003. • John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2002. CSC 382: Computer Security

More Related