390 likes | 538 Views
Summary From the Last Lecture. Security is multifaceted phenomenon Confidentiality, integrity, availability We spoke about various security threats And some general defense approaches Prevention Detection and response (sustain the attack or get rid of it)
E N D
Summary From the Last Lecture • Security is multifaceted phenomenon • Confidentiality, integrity, availability • We spoke about various security threats • And some general defense approaches • Prevention • Detection and response (sustain the attack or get rid of it) • Learn from mistakes, improve prevention • Now we’ll talk about challenges in the defense field
What Are the Challenges? • Your security frequently depends on others • Tragedy of commons • A good solution must • Handle the problem to a great extent • Handle future variations of the problem, too • Be inexpensive • Have economic incentive • Require a few deployment points • Require non-specific deployment points
What Are the Challenges? • Fighting a live enemy • Security is an adversarial field • No problem is likely to be completely solved • New advances lead to improvement of attack techniques • Researchers must play a double game
What Are the Challenges? • Attack patterns change • Often there is scarce attack data • Testing security systems requires reproducing or simulating legitimate and traffic • No agreement about realistic traffic patterns • No agreement about metrics • There is no standardized evaluation procedure • Some security problems require a lot of resources to be reproduced realistically
Practical Considerations • Risk analysis and risk management • How important it is to enforce a policy • Which threats matter • Legislation may play a role • The role of trust • Assumptions are necessary • Human factors • The weakest link
In The Shoes of an Attacker • Motivation • Bragging Rights • Profit (Spam, Scam, Phishing, Extortion) • Revenge / to inflict damage • Terrorism, politics • Risk to the attacker • Usually small • Can play a defensive role
Why We Aren’t Secure • Buggy code • Protocol design failures • Weak crypto • Social engineering/human factor • Insider threats • Poor configuration • Incorrect policy specification • Stolen keys or identities • Misplaced incentives (DoS, spoofing, tragedy of commons)
The Role Of Policy • Policy defines what is allowed and how the system and security mechanisms should act • Policy is enforced by mechanism which interprets and enforces it, e.g. • Firewalls • IDS • Access control lists • Implemented as • Software (which must be implemented correctly and without vulnerabilities)
Some Security Mechanisms • VPNs • Intrusion Detection • Intrusion Response • Development tools • Virus scanners • Policy managers • Trusted hw • Encryption • Checksums • Key management • Authentication • Authorization • Accounting • Firewalls
What Is Cryptography? • Goal: Protect private communication in the public world • Alice and Bob are shouting messages over a crowded room • Everyone can hear what they are saying but no one can understand (except them) • We have to scramble the messages so they look like nonsense or alternatively like innocent text • Only Alice and Bob know how to get the real messages out of the scramble
Cryptography Is Also Useful For … • Authentication • Bob should be able to verify that Alice has created the message • Integrity checking • Bob should be able to verify that message has not been modified • Non-repudiation • Alice cannot deny that she indeed sent the message
Cryptography Is Also Useful For … • Exchanging a secret with someone you have never met, shouting in a room full of people • Proving to someone you know some secret without giving it away • Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot • Sending a secret message so that it can be retrieved only if m out of npeople agree to retrieve it
So, How Do We Scramble Messages? • Alice could give a message covertly “Meeting at the old place” • Doesn’t work for arbitrary messages and • Doesn’t work if Alice and Bob don’t know each other • Alice could hide her message in some other text – steganography • Alice could change the message in a secret way • Bob has to learn a new algorithm • Secret algorithms can be broken by bad guys Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!!
Sample Crypto Scheme: Ceasar’s Cipher • Substitute each letter with a letter which is 3 letters later in the alphabet • HELLO becomes KHOOR • Instead of using number 3 we could use n[1,25]. nwould be our key • How can we break this cipher? Can you decipher this: Bpqakzgxbwozixpgammuazmitmiag. Emeivbuwzm!
Sample Crypto Scheme: Ceasar’s Cipher • We can also choose a mapping for each letter:(H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabeticcipher. • HELLO becomes AMKKY • How can we break this cipher?
Types Of Cryptographic Functions • Symmetric key crypto: one key • We will call this secret key or shared key • Both Alice and Bob know the same key • Asymmetric key crypto: two keys • Alice has public key and private key • Everyone knows Alice’s public key but only Alice knows her private key • One can encrypt with public key and decrypt with private key or vice versa • Hash functions: no key
Uses Of Symmetric Key Crypto • Symmetric key crypto: one key • Transmitting over an insecure channel • Classic use: Alice and Bob encrypt messages they exchange • Secure storage on insecure media • Encrypt stored data so someone who breaks in cannot read it
Uses Of Symmetric Key Crypto • Authentication – prove the identity • Pass phrase – what if Mallory asks for the pass phrase • Strong authentication without revealing the secret • Integrity check • Calculate the checksum and encrypt it – MIC: message integrity code Bob Alice RA KAB(RA) RB KAB(RB) M MIC = EAB(check(M))
Uses Of Asymmetric Key Crypto • Asymmetric key crypto can do everything symmetric key crypto can but much (about 1,500 times) slower • However, it can do some things better! • However, it can do some extra things! • Transmitting over an insecure channel • If Alice wants to talk to Bob and Carol using symmetric key crypto she either has to remember two keys or run a risk that Bob can impersonate her when talking to Carol • With asymmetric keys, Bob and Carol know Alice’s public key and Alice knows her private key
Uses Of Asymmetric Key Crypto • Secure storage on insecure media • Same as with symmetric key crypto • Authentication • Alice wants to verify Bob’s identity • She sends to Bob EPubBob(RA) • Bob decrypts and sends back RA • This can be done with symmetric keys too but if Bob wanted to authenticate himself to Carol he would need to remember a new key. Not so with asymmetric keys. • Alice doesn’t need to store any secret info which is good if she is a computer
Uses Of Asymmetric Key Crypto • Digital signatures • Alice orders books online from Bob • She signs every order using her private key • If she claims she didn’t place the order Bob can prove she did – non-repudiation • Can symmetric key crypto do this?
Hash Algorithms • Known also as one-way functions or message digests • Take an arbitrary-length message M and transform it into fixed-length hash h(M) • Properties: • Knowing M is easy to calculate h(M), but it is very hard to calculate M knowing h(M) • It is very hard to find M1 M so that h(M1) =h(M), this is collision-free property • E.g., take the message M as a number, add a large constant to it, square it, and take middle ndigits as the hash
Uses Of Hash Algorithms • Storing hashed password info • Message integrity • Use message M and a shared secret S, run this through hash function and produce MIC • Send only M and MIC • Why do we need a shared secret? • Message fingerprint • Hash the files to detect tampering • Works for download security too • Signing message hash instead of the whole message is faster
Let’s Formalize A Little … M C M Bob Alice EK1(M) DK2(C) K1 K2 M – message K1 – encryption key EK1(M) – message M is encrypted using key K1 C – ciphertext K2 – decryption key DK2(C) – ciphertext C is decrypted using key K2 If K1=K2 this is symmetric (secret key) encryption If K1K2 this is asymmetric (public key) encryption
Attacks M C M Bob Alice EK1(M) DK2(C) K1 K2 Eve Cyphertext-only attack: Eve can gather and analyze C’s to learn K2 How does Eve know she got the right key?Eve has to have enough ciphertext – having XYZ withmonoalphabeticcipher would not be enoughWhat if K2 depends on a password in a known way?
Attacks M C M Bob Alice EK1(M) DK2(C) K1 K2 Eve Known-plaintext attack: Eve can attempt to learn K2 by observing manyciphertextsC for known messages M How does Eve obtain the plaintext?
Attacks M C M Bob Alice EK1(M) DK2(C) K1 K2 Mallory Chosen-plaintext attack: Mallory can feed chosen messages M into encryption algorithm and look at resulting ciphertexts C. Learn either K2 or messages M that produce C. Assumption is that extremely few messages M can produce same C. For a monoalphabetic cipher she could feed a message containing all the letters of the alphabet What if Alice has a limited vocabulary?
Attacks M C M Bob Alice EK1(M) DK2(C) K1 K2 Mallory • Man-in-the-middle attack: • Mallory can substitute messages • Mallory can modify messages • So that they have different meaning • So that they are scrambled • Mallory can drop messages • Mallory can replay messages to Alice, Bob or the third party
Attacks M C M Bob Alice EK1(M) DK2(C) K1 K2 Eve Brute-force attack: Eve has caught a ciphertext and will try every possible key to try to decrypt it. This can be made infinitely hard by choosing a large keyspace.
Cryptographic Techniques • Substitution • Goal: obscure relationship between plaintext and ciphertext • Substitute parts of plaintext with parts of ciphertext • Transposition (shuffling) • Goal: dissipate redundancy of the plaintext by spreading it over ciphertext • This way changing one bit of plaintext affects many bits of the ciphertext (if we have rounds of encryption)
Substitution • Monoalphabetic – each character is replaced with another character • Ceasar’s cipher – each letter is shifted by 3, a becomes d, b becomes e , etc. • Keep a mapping of symbols into other symbols • Drawback: frequency of symbols stays the same and can be used to break the cipher
Substitution • Homophonic– each character is replaced with a character chosen randomly from a subset • Ciphertext alphabet must be larger than plaintext alphabet – we could replace letters by two-digit numbers • Number of symbols in the subset depend on frequency of the given letter in the plaintext • The resulting ciphertext has all alphabet symbols appearing with the same frequency
Substitution • Polygram– each sequence of characters of length n is replaced with another sequence of characters of length n • Like monoalphabetic cipher but works on n-grams