1 / 44

CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012

School of Computer Science. CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012. Wednesday, Feb. 1, 2012. Cyber war between Israeli and Saudi hackers (Jan 21, 2012).

nicki
Download Presentation

CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. School of Computer Science CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012 Wednesday, Feb. 1, 2012 CS 448/648 – Computer Security

  2. Cyber war between Israeli and Saudi hackers (Jan 21, 2012) • http://tech2.in.com/news/general/israeli-and-saudi-hackers-wage-cyber-war-against-each-other/274832 • Israeli credit card company was hacked with 20,000 cards compromised - by a Saudi hacker, 0xOmar. • Arab hackers hacked into the servers of Israel’s Anti Drug Authority • Israeli hackers retaliated by hacking the websites of two major Arab banks. (Central Bank of the United Arab Emirates, Arab Bank) • Pro-Palestinian hackers hacked the websites of the Tel Aviv Stock Exchange, El Al Airlines, three other Israeli banks • Pro-Israel hackers hack banks in Saudi Arabia. CS 448/648 – Computer Security

  3. The war is still going on… • Pro-Israel hackers published the log-in details of 20,000 Arab Facebook users • Pro-Palestinian hackers attacked the websites of two Israeli hospitals (Jan 25, 2012.) CS 448/648 – Computer Security

  4. Review Quiz at the end of class CS 448/648 – Computer Security

  5. 1. Electronic Code Book (ECB) • Each block is encrypted independently of the other • Easy to use in parallel , higher performance. • But identical blocks of plaintext  same cipher text • Repetitions in message may appear in the ciphertext • Easier cryptanalysis • Uses: secure transmission of a few block of data CS 448/648 – Computer Security

  6. Block1 Block2 Block3 Block4 IV + + + + DES DES DES DES Cipher1 Cipher2 Cipher3 Cipher4 2. Cipher Block Chaining (CBC) • Message blocks are linked together • Each previous cipher blocks is chained with current plaintext block • A change in the message affects all ciphertext blocks after the change (good!) • But difficult to parallelize • Uses Initialization Vector (IV) to start process • IV: a random number generated by sender and sent together with the ciphertext • Uses: bulk data encryption CS 448/648 – Computer Security

  7. One-way Hash Function • Secure hash or cryptographic hash • One-way • easy to generate a code, but computationally infeasible to find data mapping to specific hash value • Collision Free • computationally infeasible to find two data to same hash value • Note • in h = f (M), M is called preimage • M can be multiple CS 448/648 – Computer Security

  8. One way hash function requirements CS 448/648 – Computer Security

  9. One-way (Secure) hash functions • SHA • Developed by NIST in 1993 and SHA-1 in 1995 • 160 bit Message digest • Every bit of hash code is a function of every bit of input • SHA-2 (SHA-224, 256, 384, and 612) in 2002 • MD5 (RFC 1321) • Developed by Ron Rivest in 1991 • Generates 128-bit MD • RIPEMD-160 • Developed under EUROPEAN RACE Integrity Primitives Evaluation project (1996) • Generates 160-bit MD CS 448/648 – Computer Security

  10. Level of Safety • For n-bit hash, the possible outcomes are 2n (= H). • Since it would take roughly trials to find a collision with 50% chance, (or 2n/2) messages should be checked before finding two messages with the same hash value (level of safety) • It requires O(2n/2) evaluations of H to find two messages m and m’ that have a collision, H(m)=H(m’). • Level of safety for SHA-1 : 280 (half of 160 bits) • Level of safety for MD5 : 264 (half of 128 bits) • N = number of bits in digest CS 448/648 – Computer Security

  11. Message Authentication Code (MAC) • Why don’t we use one-way hash as MAC? • Hash-based MAC (HMAC) • Faster than block cipher algorithms • But hash functions do not take keys  need to add key • Keyed Hash • Using a shared secret key, generate a Message Authentication Code (MAC) • HMAC (RFC 2104, in 1996) • HMAC (Key, message) • Any hash function can be used • Used for IP security, TLS, SSL CS 448/648 – Computer Security

  12. Public Key Algorithm • Proposed by Diffie and Hellman in 1976 • Each use has a public key (kPUB) and a private key (kPRIV) • One key is kept secret, the other is public • Now only two keys are needed per user • P = D(kPRIV, E(kPUB, P)and • P = D(kPUB, E(kPRIV, P)with RSA Plaintext Plaintext Internet Encrypt with public key Decrypt with private key Ciphertext Asymmetric key cryptography CS 448/648 – Computer Security

  13. Public Key Algorithms • RSA (1978) • By Rivest, Shamir,Adleman • Flexible key length (512-bits, 1024-bits common) • Diffie-Hellman (1976) • Does not transmit symmetric session keys • Instead, it combines the receiver’s private key and the sender’s public key to generate symmetric session key • Elliptic Curve (1985) • Neal Koblitz (UW) and Victor Miller (IBM Watson) • Since then many were developed • To this date, usages are • 1st: RSA • 2nd: DH • 3rd: Elliptic curves CS 448/648 – Computer Security

  14. Public Key Algorithms RSA

  15. RSA • Best known & widely used public-key scheme • Based on exponentiation in a finite (Galois) field over integers modulo a prime (Modulo exponentiation) • 35 = 243, 243 % 7 = 5 • Easy • Security due to cost of factoring large numbers • Hard CS 448/648 – Computer Security

  16. RSA Encryption and Decryption • Encryption • Plaintext M < n • Ciphertext C= Me (mod n) • Decryption • Ciphertext C • Calculate Cdmod n = (Me)dmod n = Medmod n = M CS 445 – Internet Security

  17. Background in RSA - I • How many numbers (less than n) are relatively prime to n? • E.g, 5 is relatively prime (or coprime) to 12 • The answers are, • (n-1), if n is prime • (p-1)(q-1), if n = pq, and p,q are prime numbers • Number of relatively prime = n – (# not prime) • Numbers not relatively prime: p, 2p,… qp, q, 2q, ,,,, pq  total of q + p - 1 • Then, n – (# not relatively prime) = pq - (p+q-1) = (p-1)(q-1) • Euler totient function: (n) • (n) = (p-1) * (q-1) • E.g., (10) = 4, because 10 = 2*5, and (n) = (2-1)*(5-1) : i.e., {1,3,7,9} CS 445 – Internet Security

  18. Background in RSA - II • Modular exponentiation • 46 = 4096 = 6 (mod 10) • Magic formula: xy % n = x(y mod (n)) % n • e.g. (recall (10) = 4 ) • 37 mod 10 = 2187 mod 10 = 7 mod 10 • 3(7 mod 4) mod 10 = 27 mod 10 = 7 mod 10 • 34 mod 10 = 81 mod 10 = 1 mod 10 • 3(4 mod 4) mod 10 = 1 mod 10 = 1 mod 10 • 35 mod 10 = 243 mod 10 = 3 mod 10 • 3(5 mod 4) mod 10 = 3 mod 10 = 3 mod 10 same Our particular interest. Why? CS 445 – Internet Security

  19. Background in RSA - III • Magic formula: xy % n = x(y mod (n)) % n • A special case of this where y = 1 mod (n) • Then, xy % n = x(y mod (n)) % n = x( ((n) * k + 1) mod (n)) % n • For any number x, xy = xmod n e.g. (take any y,1 greater than 4 * k, i.e., 5, 9, 13, 17…) y = 5, then 35 = 243 = 3 mod 10 y = 5, then 75 = 16807 = 7 mod 10 y = 5, then 95 = 59049 = 9 mod 10 y = 9, then 89 = 134217728 = 8 mod 10 y = 13, then 813 = 549755813888 = 8 mod 10 =1 CS 445 – Internet Security

  20. RSA Principle • A special case of this where y = 1 mod (n) • Then, for any number x, xy = xmod n • RSA principle • Let y =e * d • Choose e, d such that e*d = 1 mod (n), then xed = x mod n • e: encryption key, d: decryption key, • x=plaintext (<n), xe % n = ciphertext, xed % n = decrypted text (=x) • Note: xde= xed • This gives the interchangeability of public and private keys • Why secure? (N and e are known to public!) • It takes long time to find out d given e, if you don’t know (n). • Easy, if you know (n) = (p-1)(q-1). • But to get (n), you need to know p and q. • So, it depends on the difficulty of factoring n into p and q CS 445 – Internet Security

  21. RSA factoring challenge • It is now closed (1991 – 2007) • RSA-768 is factored in Dec. 2009 • http://www.rsa.com/rsalabs/node.asp?id=2094 • http://en.wikipedia.org/wiki/RSA_Factoring_Challenge CS 448/648 – Computer Security

  22. RSA Algorithm: Key Generation • Select p, q (p,q are both primes) (secret) • Calculate n = p * q (public) • Calculate (n) = (p-1)(q-1) (secret) Euler totient of n (number of positive integers less than and relatively prime to n) • Chose e (public key) and d(private key) • Select integer e • e is usually a prime larger than (p-1) or (q-1) • Relatively prime to (n) and 1 < e < (n • Calculate d = e-1mod (n) (from de = 1 mod (n) ) • Public Key KS = {e, n} • Private Key K-1S = {d, n} CS 445 – Internet Security

  23. RSA Encryption and Decryption • Encryption • Plaintext M < n • Ciphertext C= Me (mod n) • Decryption • Ciphertext C • Calculate Cd mod n = (Me)dmod n = Medmod n = M • Why? • xde = x mod n, if (d * e) = 1 mod (n) CS 445 – Internet Security

  24. RSA Example • Select p=7, q=17 • Calculate n = pq = 7*17 = 119 • Calculate (n) = (p-1)(q-1) = 96 • Select e, relatively prime to (n) and less than (n) • e = 5 • Determine d such that de = 1 mod 96 • d = 77 because 77*5 = 385 = 4*96+1 • Created Keys: • KA = {5,119}, K-1A = (77,119} • Encryption: Message = 19 • 195 = 2476099 = 66 mod 119 • Ciphertext = 66 • Decryption • 6677 = 19 mod 119 CS 445 – Internet Security

  25. Finding the Inverse – example • Given e = 5, (n) = 96, find smallest d such that de = 1 mod 96 • 96 * i = 96, 192, 288, 384, 480, … • 96 * i + 1 = 97, 193, 289, 385, 481,… • Check them if they are divisible by e (=5) • 97, 193, 289: obviously no • 385 = 77 * 5 • So, d = 77 Candidates for d * e CS 445 – Internet Security

  26. Cryptool • Educational tool for cryptograph, originally developed by German Universities • https://www.cryptool.org/en/ CS 448/648 – Computer Security

  27. Tool to generate RSA Keys • Use PuTTygen • http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe • Usage: http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html CS 448/648 – Computer Security

  28. RSA discussions • N is known to be product of two primes, p, q • N is large > 100 digits (or even 600 digits at 2048 bits) • It is even impractical to verify whether p and q are prime: 1050 possible factors • How do you choose p and q? • Heuristic algorithm by Solovay and Strassen • Fermat’s primality test (used in PGP) • And many other (Miller-Rabin primality test, deterministic tests, number theoretic methods…) CS 445 – Internet Security

  29. Public Key Algorithm Diffie Hellman

  30. Diffie-Hellman Key Exchange • Cannot be used to exchange an arbitrary message • Rather it can establish a common key • Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) – easy • Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard CS 448/648 – Computer Security

  31. Diffie-Hellman Key Exchange • Depends on the difficulty of computing discrete logarithms • First, what is exponentiation and logarithm? • 24 = 16, log216 = log2 24 = 4 • Then, what is discrete exponentiation? • Find k-th power as an integer and find the remainder of modulo p. E.g., • 35 = 243, 243 % 7 = 5 • Discrete logarithm is the inverse operation • E.g., find the smallest k for 3k 5 (mod 7) CS 448/648 – Computer Security

  32. DH Key Exchange Algorithm - I • Alice and Bob can determine same secret key • Start by agreeing on a large prime number N (public) • Then choose a generator G, where G<N (public) • Each follows these steps • Each chooses a large random number X < N • (X is the private key) • Each calculates the value Y = Gx % N. • (Y is the public key and sent to the other party) • Y’ = GX’ % N • Each computes the K = Y’X % N = GX’X % N • (Y’ is the other party’s public key) • K is the shared secret key • X = own private key, X’ is the other’s private key • Y = own public key, Y’ is the other’s public key CS 448/648 – Computer Security

  33. DH Key Exchange Algorithm - II • Note K = Y’X mod N = (GX’ mod N)X mod N = GXX’ mod N • GXX’ and GX’X are equal !!! • Alice and Bob know it • But intermediaries only know N, G, Y (=Gx % N) and Y’ (=Gx’ % N) • Nobody can calculate GXX’ in a reasonable amount of time • Why? Because the intermediaries must know X or X’. • But it is difficult to compute discrete logarithm, i.e., figuring out X from GX % N (or X’ from GX’ % N) CS 448/648 – Computer Security

  34. Diffie-Hellman Example • N=11, G=2 • Alice picks 4 for K-1A • Bob picks 3 for K-1B • Alice computes • (24 mod 11) = (16 mod 11)= 5 • Sends this to Bob • Bob computes • (23 mod 11) = (8 mod 11) = 8 • Sends this to Alice • Bob computes • (53 mod 11) = (125 mod 11) = 4 • Alice computes • (84 mod 11) = (4096 mod 11)= 4 CS 448/648 – Computer Security

  35. Speed comparison RSA Enc ~ 1024 bit/8 * 1000/0.18 = 711 KB/sec RSA Dec ~ 1024 bit/8 * 1000/4.77 = 27 KB/sec http://www.cryptopp.com/benchmarks.html CS 448/648 – Computer Security

  36. Other public key algorithms • NTRU • Short for N-th degree truncated polynomial ring, R[x] / (xN − 1) • Created by four math professors at Brown University • http://securityinnovation.com/cryptolab/index.shtml • Speed • NTRUEncrypt-263 vs. RSA-1024: 27.6 times faster • NTRUEncrypt key pair generation takes about 3.0 milliseconds, while Crypto++ takes over 1 second to generate an RSA key pair (on 300 MHz machines)  300 times faster CS 448/648 – Computer Security

  37. Cryptographic Algorithms Digital signature

  38. Digital signature • This? • No, but this. CS 448/648 – Computer Security

  39. Digital Signature • Digital signatures provide the ability to: • verify author, date & time of signature • authenticate message contents • be verified by third parties to resolve disputes • No need for confidentiality • How? Use public key algorithm • Under RSA, public key and private keys are commutative D ( E (M, Kpub), Kpriv) = M = D ( E(M, Kpriv), Kpub) • Encrypt with sender’s private key, receiver decrypt it with sender’s public key • In practice, the message could be big, so sign the hash value of the message instead CS 448/648 – Computer Security

  40. Confirming Digital Signature • Receiver verifies that: • Sender signed M ANDno one else signed M • Non-repudiation: • Receiver can take the message and the signature to court and prove that Sender signed M • The purported maker of a statement will not be able to successfully challenge the validity of the statement CS 448/648 – Computer Security

  41. Digital Signature Usage • US Government Printing Office Deploys Digital Signatures for FY2009 Budget • http://blogs.adobe.com/security/2008/02/us_government_printing_office.html CS 448/648 – Computer Security

  42. Digital Signature Usage • Microsoft Word • http://www.ehow.com/how_4925786_install-digital-signature-microsoft-word.html • PowerPoint • http://www.brighthub.com/computing/windows-platform/articles/8398.aspx CS 448/648 – Computer Security

  43. Digital Signature Usage • View code signature with Process Explorer • Signed software is more trustworthy • http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx CS 448/648 – Computer Security

  44. Wrapping up • Public key algorithms • RSA • DH • Digital signature • Next class • Digital certificate • Computer Networks review • Quiz now! CS 448/648 – Computer Security

More Related