460 likes | 598 Views
School of Computer Science. CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012. Monday, Jan. 23, 2012. Hacker steals $6.7M from bank. http://www.pcworld.com/article/248340/hackers_steal_67_million_in_cyber_bank_robbery.html#tk.rss_main Jan. 18, 2012
E N D
School of Computer Science CS 445 / 645 Internet Security Mon & Wed, 11:30 AM ~ 12:45 PM @ SEB 1240 Spring, 2012 Monday, Jan. 23, 2012 CS 445 – Internet Security
Hacker steals $6.7M from bank • http://www.pcworld.com/article/248340/hackers_steal_67_million_in_cyber_bank_robbery.html#tk.rss_main • Jan. 18, 2012 • Hackers used stolen login details for a Postbank teller and a call center agent to transfer about $6.7 million into multiple bank accounts that were opened across the country late last year. (South Africa) • Lessons: • Every employees’ personal information must be guarded no matter how low level they are. • Enforce limited privilege (better security policy) • E.g., use only normal user account for running web server CS 445 – Internet Security
Seminar next week • Brookings Mountain West pubic lecture on “The Economics of Cybersecurity: A National Dilemma” • January 31, Tuesday, 5:30 pm • Greenspun Hall Auditorium (By Student Union) • Speaker: Allan A. Friedman • Fellow, Governance Studies • Research Director, Center for Technology Innovation • More on • http://brookingsmtnwest.unlv.edu/events/lectures-upcoming.html CS 445 – Internet Security
Review CS 445 – Internet Security
Computer Security goals - CIA Triad CS 445 – Internet Security
CIA Triad • Confidentiality • Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. • A loss of confidentiality is the unauthorized disclosure of information. • Integrity • Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. • A loss of integrity is the unauthorized modification or destruction of information. • Availability • Ensuring timely and reliable access to and use of information. • A loss of availability is the disruption of access to or use of information or an information system. CS 445 – Internet Security
Additional security concepts • Authenticity • The property of being genuine and being able to be verified and trusted; • Confidence in the validity of a transmission, a message, or message originator. • Accountability • The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. CS 445 – Internet Security
A Threat is blocked by Controlof a Vulnerability Security system Control Vulnerability Threat Threats, Controls, and Vulnerabilities. CS 445 – Internet Security
Passive vs. Active Attacks CS 445 – Internet Security
Passive vs. Active Attacks • The opposite characteristics • Passive attacks • Whereas passive attacks are difficult to detect, measures are available to prevent their success • Active attacks • On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. • Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. CS 445 – Internet Security
Chapter 2. Symmetric Encryption and Message Confidentiality CS 445 – Internet Security
Terminology • Encryption (E) • The process of encoding a message, so that its meaning is not obvious • Why Encrypt? Enemy may try to • Block, Intercept, Modify, and Fabricate a message • Decryption (D) • Reverse process of encryption • Relations • Plaintext (or cleartext): P = <p1, p2,…., pn> • Ciphertext: C = <c1, c2,…., cm> • C = E(P) and P = D(C) • P = D(E(P)) CS 445 – Internet Security
Encryption with keys • key - info used in cipher known only to sender/receiver • An encryption algorithms may not use a key (K), but • Difficult to keep an algorithm secret, if it is widely used • Difficult to devise new algorithms • Difficult to explain a new algorithm to the counterpart • A key, on the other hand, is easier to change or manage. • C = E (K, P) • Any algorithm without a key? Sure! • Keyless cipher: Caesar cipher CS 445 – Internet Security
Types of keys – Symmetric Key • Same key for decryption and encryption • P = D(K, E (K, P)) • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key CS 445 – Internet Security
Problems • Key distribution • must be done secretly • difficult when parties are geographically distant, or don't know each other • Massive key requirements • Need a key for each pair of users • n users need n*(n-1)/2 keys • Unlimited compromising power once broken • If the secret key is compromised, the adversary can decrypt all traffic and produce fake messages CS 445 – Internet Security
Types of keys – Asymmetric Key • Solving the symmetric key problem • After a few thousand years of search, a solution was found in 1970’s • Different keys for encryption and decryption • Encryption key: KE • Decryption key: KD • P = D(KD, E (KE, P)) • Asymmetric key CS 445 – Internet Security
Stream vs. Block cipher • Stream cipher • Converts one symbol of plaintext immediately into a symbol of ciphertext • Block cipher • Encrypts a group of plaintext symbols as one block • many current ciphers are block ciphers CS 445 – Internet Security
Types of Attack - I • Ciphertext only attack • Key is not known. No algorithm may be known. Most difficult. • Based on probability, distribution, characteristics of available ciphertext • Must have enough cipher text (“xz03b” is not enough) • If algorithm is known • Try all the possible keys Important to be able to recognize when succeeded (a.k.a. recognizable plaintext attack) Plaintext Ciphertext Key CS 445 – Internet Security
Types of Attack - II • Known plaintext attack (pre-determined) • Full plaintext or partial plaintext is known, along with the ciphertext • e.g., attacking a city city name is known after the attack • Probable plaintext can be used instead • E.g. terrorist messages may indicate city names • Sales memo has a particular form • Find the key Plaintext Ciphertext Key CS 445 – Internet Security
Types of Attack - III • Chosen plaintext attack (Variable) • Ciphertext of any plaintext is available • Analysts can insert the plaintext and get the matching ciphertext • E.g., insert record into a database and observe the change in statistics (An insider can do this easily) • Favored method for cryptanalysts Plaintext Ciphertext Ciphertext Plaintext Ciphertext Plaintext Key CS 445 – Internet Security
Chosen Plaintext Attack • During WWII, US almost broke the Japanese code before the Midway combat except one word “AF”. (BTW, Pearl harbor was “AH”) • The situation indicated AF to be either Oahu or Midway, but they had no clue. • They sent a plaintext message from midway “we ran out of water….” • After 48 hours, they intercepted “AF does not have fresh water”, which changed the history of the world CS 445 – Internet Security
Types of Attack - IV • Chosen ciphertext • Analyst has both encryption algorithm and ciphertext • Analysts can feed chosen ciphertext and cause decryption with an unknown key • Find the key, then using the recovered key, decrypt future messages • A cryptosystem should resist all those attacks Plaintext Plaintext Plaintext Ciphertext Ciphertext Ciphertext Key CS 445 – Internet Security
Brute Force Key Search • always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext CS 445 – Internet Security
Representing characters • PLAINTEXT (UPPERCASE) vs. ciphertext (lowercase) • Letters = numeric code • A = 0, B = 1, …, Z = 25 • Modulo 26 operation • Two primitive encryption • Substitution: one letter is exchanged with another • Caesar cipher, one-time pad, Vernam cipher, book cipher • Transposition: order of the letters are rearranged • Columnar Transposition CS 445 – Internet Security
Substitution cipher • Units of plaintext are substituted with ciphertext according to a regular system • The "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth • The receiver deciphers the text by performing an inverse substitution CS 445 – Internet Security
Substitution Cipher - Caesar cipher • ci= E(pi) = pi + 3 TREATY IMPOSSIBLE Wuhdwb lpsrvvleoh • Can be broken easily by frequency analysis CS 445 – Internet Security
Breaking Caesar Cipher frequency analysis p (c) Caesar’s cipher can be easily solved (i.e., finding i) by calculating (i) = 0 ≤ c ≤ 25f(c) p(c – i), where f(c) is the freq of cipher text letter CS 445 – Internet Security
Substitution cipher example • Gold Bug, by Edgar Allan Poe, 1843 • http://www.eapoe.org/works/tales/goldbga2.htm 53‡‡†305))6*;4826)4‡.)4‡);806*;48†8¶60))85;1‡ (;:‡*8†83(88)5*†;46(;88*96*?;8)*‡(;485);5*†2:*‡ (;4956*2(5*— 4)8¶8*;4069285);)6†8)4‡‡;1(‡9;480 81;8:8‡1;48†85;4)485†528806*81(‡9;48;88;4(‡?34;48)4‡;161;:188;‡?; CS 445 – Internet Security
Decryption in Gold Bug • Frequency analysis Of the character 8 there are 33. ; " 26. 4 " 19. ‡ ) " 16. * " 13. 5 " 12. 6 " 11. †1 " 8. 0 " 6. 9 2 " 5. : 3 " 4. ? " 3. ¶ " 2. —. " 1. CS 445 – Internet Security
Decryption in Gold Bug - Clues • "Now, in English, the letter which most frequently occurs is e. Afterwards, the succession runs thus: a o i d h n r s t u y c f g l m w b k p q x z.” • "Let us assume 8, then, as e. Now, of all words in the language, 'the' is most usual; • we find no less than seven such arrangements, the characters being ;48. We may, therefore, assume that ; represents t, 4 represents h, and 8 represents e • t eeth • t ee r • thr…h oug CS 445 – Internet Security
Gold Bug - Decrypted text 5 represents a † " d 8 " e 3 " g 4 " h 6 " i * " n ‡ " o ( " r ; " t A good glass in the Bishop's hostel in the Devil's seat — forty-one degrees and thirteen minutes — northeast and by north — main branch seventh limb east side — shoot from the left eye of the death's-head — a bee-line from the tree through the shot fifty feet out. CS 445 – Internet Security
Another Substitution Cipher- One-Time Pad • One time pad = A large, nonrepeating set of keys • Encrytion and decryption • A section of the key is used once and destroyed • The receiver needs an identical pad to decrypt • It is a perfect cipher • Information-theoretically secure IMPOSSIBLE to break • Data + Random = Random CS 445 – Internet Security
One-time pad concept • Message: 1011 0010 . . . . . • Random number: 0110 1001 . . . . . • Encryption method: Exclusive OR • 0 0 = 0 • 0 1 = 1 • 1 0 = 1 • 1 1 = 0 • Encryption result 1011 0010 0110 1001 1101 1011 • Decryption result 1101 1011 0110 1001 1011 0010 CS 445 – Internet Security
One-time pad problems • But • Need for synchronization between sender and receiver • Need for unlimited number of keys (print/ distribute/ store…) • Can a computer help? • Long random number sequences • But it is only pseudorandom Basis of stream cipher (e.g., RC4) CS 445 – Internet Security
Transposition • Another important encryption technique along with substitution • Rearrangement of symbols • Also called Permutation (because it is a rearrangement of the symbols of a message) • Simple example: Columnar Transposition CS 445 – Internet Security
Columnar Transposition Example THIS IS A SAMPLE MESSAGE T H I S I S A S A M P L E M E S S A G E tsps hals isea samg imee tspsh alsis iasam gimee • Trivial to solve • You only need to know the number of columns CS 445 – Internet Security
Keyed Transposition Example THIS IS A SAMPLE MESSAGE 1 4 2 5 3 Key (or a word) T H I S I S A S A M P L E M E S S A G E tsps isea imee hals samg tspsi seaim eehal ssamg CS 445 – Internet Security
Breaking transposition cipher • Characteristic patterns of adjacent letters • Digram (pairs of letters) • Trigram (triples of letters) • Frequent occurrences • endings: -th, -ing, -ed, -ion, -ation, -tion,… • beginnings: im-, in-, re-, un-, en-, ... • patterns: -eek-, -oot-, -our-, … • words: of, end, to, with, are, is, … • Certain pairs of digrams and trigrams do not appear • E.g., -vk- and –qp- CS 445 – Internet Security
Example - English Digram Frequency TH 3.15% TO 1.11% SA 0.75% MA 0.56% HE 2.51 NT 1.10 HI 0.72 TA 0.56 AN 1.72 ED 1.07 LE 0.72 CE 0.55 IN 1.69 IS 1.06 SO 0.71 IC 0.55 ER 1.54 AR 1.01 AS 0.67 LL 0.55 RE 1.48 OU 0.96 NO 0.65 NA 0.54 ES 1.45 TE 0.94 NE 0.64 RO 0.54 ON 1.45 OF 0.94 EC 0.64 OT 0.53 EA 1.31 IT 0.88 IO 0.63 TT 0.53 TI 1.28 HA 0.84 RT 0.63 VE 0.53 AT 1.24 SE 0.84 CO 0.59 NS 0.51 ST 1.21 ET 0.80 BE 0.58 UR 0.49 EN 1.20 AL 0.77 DI 0.57 ME 0.48 ND 1.18 RI 0.77 LI 0.57 WH 0.48 OR 1.13 NG 0.75 RA 0.57 LY 0.47 • The frequency percentage varies by source CS 445 – Internet Security
Use of Digram • Ciphertext: HLOOLELWRD • E.g., Frequencies of digrams beginning with H • HE = 0.0251 • HO = 0.0043 • HL, HW, HR, HD < 0.0010 • Frequencies of digrams ending in H • WH = 0.0048 • EH, LH, OH, RH, DH ≤ 0.0002 • Implies E follows H HE LL OW OR LD CS 445 – Internet Security
Combination of approaches • Weakness of Transposition • Frequency analysis • If the frequency distribution follows plain text, it is most likely transposition • How about combination of both? • Can avoid weaknesses of both! • Replacing high frequency ciphertext alphabet with plaintext alphabet: Still protected by transposition • Guessing columns and anagramming does not reveal the text due to substitution • This is the building block of modern cryptosystem (product cipher) CS 445 – Internet Security
Claude Shannon and Substitution-Permutation Ciphers • in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks • modern substitution-transposition product cipher form the basis of modern block ciphers • S-P networks are based on the two primitive cryptographic operations: • substitution (S-box) • permutation (P-box) CS 445 – Internet Security
Next class • More on Symmetric Key Cryptography • Feistel Cipher / DES • AES • RC4 CS 445 – Internet Security