940 likes | 1.13k Views
“He, who wants to defend everything, defends nothing.” --- Frederick, the Great. Focus of a Security Plan Reference: Thomas Calabrese,”Information Security Intelligence,” Thomson Delmar learning, 2004, pp 4. Scope: restricting the scope as much as possible
E N D
“He, who wants to defend everything, defends nothing.” --- Frederick, the Great
Focus of a Security PlanReference: Thomas Calabrese,”Information Security Intelligence,” Thomson Delmar learning, 2004, pp 4 • Scope: restricting the scope as much as possible • Prioritization • Practicability Some Examples of Attacks and a Hint about technologies
Example of a Security Incident: Phishing Phishing (mis)uses the following rule: If ASCII 00 and 01 characters are used just prior to @ character, IE would not display the rest of the URL. Example: http://www.whitehouse.gov%01%00@www.hacker.com/...... will show up as http://www.whitehouse.gov in the status bar, indicating as if the message is from the White House. However the response will go to the Hacker.
Anti-Phishing.org • A Web site www.antiphishing.org, for reporting incidents, set up by a group of global banks and technology companies, led by Secure-messaging firm Tumbleweed Communications Corp • Fast Response required; The phishing Web sites: often only in place for a day. • Example: Dec 2003: Phishing e-mail appeared to come from the U.K. bank NatWest. Anti-Phishing.org tracked the IP address to a spoofed home computer in San Francisco. "The owner of the computer probably had no idea he'd been hijacked," says Dave Jevans, Tumbleweed's senior vice president of marketing.
Common attacks on Financial Institutions like Banksthrough Internet Common attacks: • phishing (attempts to trick account holders to give their account authentication details away), • fraudulent association with the bank as part of investment scams, and • trademark violation Losses due to attacks: "The major banks don't want to divulge the amount of losses. But just to give one example, a major Australian bank has put several million dollars in reserve since August 2003 to cover damages due to Internet frauds.“– Dave Jevans, eWeek, Dec 2003
An Example:time-to-market for Internet Security products • 16 December, 2003: Discovery of the problem of Phishing • 5 January 2004: Announcement of development of a new Anti-phishing service by Netcraft, of Bath, England. Netcraft says that the service is mainly for banks and other financial organizations
General Strategies for security • Continuous vigilance by monitoring and analysis • reduce size of target: disable unneeded services • limit access of attacker to target systems • hardening the OS and applications • Use technologies, which cannot be hacked easily
General Strategies for security: Technologies • Confidentiality: encrypting sensitive data • Integrity: Hashing, Digital Signatures • Authentication: Digital certificates • Non-repudiation: Trusted Digital 3rd part signatures
“Using encryption on the Internet is the equivalent of using an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.“ --- Professor Eugene Spafford Purdue University
CRYPTOGRAPHY • Cryptography (from two words in Greek): means secret writing. • Cryptoanalysis: breaking of a cryptographic code • CRYPTOGRAPHY: process data into unintelligible form, • reversibly/irreversibly • without data loss • usually one-to-one in size /compression
Cryptography Services, provided by cryptographic tools: • Encoding information into a form which makes the information unintelligible to an unauthorized person • integrity checking: no tampering • authentication: not an impostor • Encryption or Enciphering Encryption Algorithm Ciphertext Plaintext Key
Why encrypt? • A few valid reasons for (reversibly) encrypting data are: • To prevent casual browsers from viewing sensitive data files • To prevent accidental disclosure of sensitive data • To prevent privileged users (e.g., system administrators) from viewing private data files • To complicate matters for intruders who attempt to search through a system's files
Kerckhoff’s principle The security of an encryption scheme should depend upon only the secrecy of the key, and NOT on the secrecy of the algorithm.
Classification • Two types of Encryption Algorithms • Reversible • Irreversible • Two types of Keys • Symmetric • Asymmetric
Types of Cryptographic Algorithms: Cryptographic Algorithms: • Secret Key • Example: DES, AES (Rijndael) • Public Key • Example: RSA, Rabin, El Gamal • Message Digest (Hash or cryptographic checksum) Example : SHA 256 • Message Authentication Codes
Reversible Encryption Reversible ENCRYPTION: cleartext ENCRYPTION DEVICE encryption key cleartext • can be used only when the same type of encryption software/equipment is available at both the ends ciphertext Decryption key Decryption Device
Decryption • Decryption or Deciphering Decryption Algorithm Plaintext Ciphertext Key
Fingerprinting Data Irreversible Encryption Hash Functions Encryption Algorithm Hash Plaintext Collisions in the output?
Cryptographic Hash Functions (H) • H : A transformation m = variable size input h = hash value : a fixed size string, also known as message digest or fingerprint or compression function. H(m) m h
Message Digest Variable Length Message Fixed Length Digest Hashing Algorithm
Uses of Hash Functions • Integrity check • for getting a document time- stamped without revealing its contents to the time stamp service • Authentication through Digital Signatures • For generation of pseudo-random numbers to generate several keys from a single shared secret Typical output of a Hash: 128 to 512 bits
A Cryptographic Hash function Properties of Cryptographic Hash functions : • One-way functions ‘Hard’ to invert : Computationally infeasible to find some input m such that H(m) = h. • Collision-resistant: a very large number of collisions exist. But these cannot be found. • Should be a random mapping from all possible input values to the set of possible output values
Message Digest (MD) • Consider an algorithm that generates outputs which are randomly distributed. • Let the MD (output) be of n bits • 2n No of possible outputs. • Since these are randomly distributed, the probability is that after 1.2 (2n )1/2 digests are computed, we may find the same value. ( Reference: statistical ideas of Birthday Paradox; Please see the last set of slides on Cryptoanalysis for a statement of the Paradox.) • Thus for n = 128, it would be (1.2)264 .
Definitions WEAKLY COLLISION FREE HASH FUNCTION: Given a message m1. It is computationally infeasible to find m2 such that • m1 is not equal to m2, and, • H(m1) = H(m2). STRONGLY COLLISION FREE HASH FUNCTION: It is computationally infeasible to find any two messages m1 and m2 such that H(m1) = H(m2).
Hash Functions: Collision-free Example Example: Consider a Hash of 128 bits. Weak: The probability of finding a message m2 corresponding to a given hash value H(m1) is 2-128. Strong:The probability of finding two messages with the same hash value (with no constraint on any of the two messages) is 2-64.
Properties of Cryptographic Hash functions (continued) • H(m) is easy to compute. • The input can be of any length. • The output has a fixed length. Notes 1: Consider a transformation of a sequence of length n1 to a sequence of length n2, where n1 > n2. In such a case, there must exist multiple input sequences that map to the same fixed-length hash value.
Notes on hash functions (continued) In the definitions of hash functions, it is only required that ‘to find x’ should be computationally infeasible, even though we know that x exists. 2. Computationally Infeasible (CI) means that the time complexity of the algorithm should grow faster than any polynomial. So CI means that it may take an extremely long time to compute x on even the fastest machine of the day.
Popular Hash Functions • Iterative functions: • Split the message to equal sized blocks m1, m2,…… mk(padding for the last block) • Hi = h(Hi-1, mi), with H0 as a fixed value • MD2 , MD4 and MD5 developed by Rivest. MD2 (1989 ): Optimized for 8 bit machine; MD4 (1990) , MD5 (1991) : Optimized for 32-bit machines . • MD4 and MD5 : Both produce a 128-bit hash value.
Popular Hash Function: MD5 • MD4: • Den Boer and Bosselaers ( in a paper in 1991) discovered weaknesses. • was cracked by Dobbertin. He devised a method to generate collisions in MD4. • MD5 (Ref: RFC 1321) was supposed to be more secure. probability of MD5 collision 1/3x1038 • 1994: A non-fatal flaw discovered. • SHA1 (Secure Hash Algorithm) : Produces a 160 bit hash value from a message of less than 264 bits;
Popular Hash Function: SHA 1 • SHA 1:designed by NSA and standardized by NIST as a part of the Capstone project. (based on MD5 and 2 to 3 times slower than MD5) (Ref: RFC 3174 and FIPS 180-1) • Aug 2004: reported generating collisions in MD4 using "hand calculation", and in the family of MD4/MD5/SHA/RIPEMD. So its usage is now not recommended.* *Reference:Xiaoyun Wang and Dengguo Feng and Xuejia Lai and Hongbo Yu,” Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD,” Cryptology ePrint Archive: Report 2004/199,http://eprint.iacr.org/2004/199.pdf
Popular Hash Functions: To be used today • SHA 256, SHA 384 and SHA 512(Ref: FIPS 180-2) designed for use with AES with 128, 196 and 256 bits. Slower than SHA1; may take nearly as much time as encryption by AES. SHA384 uses SHA 512 method and discards the remaining bits. So though it takes the same time as SHA 512, it is less secure. Others: Snerfu: generates 128 bit or 256 bit hash; Haval: produces 128, 160, 192, 224 or 256 bit hash.
Secret Key/ Symmetric Cryptography • Simpler and faster (than asymmetric by a factor of 1000) • For Integrity check, a fixed-length checksum for the message may have to be used; CRC* not sufficient *Cyclic Redundancy Check
Symmetric Key Encryption Also called Private/Secret key Encryption Sender-end Message by sender Encrypted Message Pr-key Internet Message at receiver Pr-key Encrypted Message Receiver-end
Symmetric Key Cipher Standards • Data Encryption Standard: • the initial version developed by IBM • as a US standard from 1975 to 1999 • Advanced Encryption Standard • The proposal from two belgian professor accepted in Sept 2000 • Declared in Nov 2001
Theoretical Basis of DESClaude Shannon’s theories: Recapitulation 1945: Introduce diffusion and confusion through cryptographic algorithms. • Diffusion: Use permutation followed by some functional transformation. • So that one ‘character’ in ciphertext = function of a large number of ‘characters’ in the plaintext. • Thus if e is the most commonly used character in English plaintext, it may not be so in the ciphertext. In ciphertext all the characters should have ideally an equal frequency of occurrence.
Diffusion & Confusion : Recapitulation • Diffusion: seeks to make statistical relationship between the plaintext and ciphertext as complex as possible. Diffuses the structure of the plaintext over a large part of the ciphertext. • Confusion: makes the relationship between the statistics of the ciphertext and the encryption key as complex as possible. • Achieved by using a complex substitution algorithm.
Substitution and permutation Substitution or Permutation: easy to break by using statistical analysis For every language: frequency of characters, digrams ( two letter sequences) and trigrams are known. statistical analysis to decipher encrypted information. • English:e: the character with highest frequency • C:#define and #include in the beginning • Protocols and tcpdump: repetitive, fixed sized fields
Kerckhoff’s Rule The strength of an encryption algorithm depends upon: • Design of the algorithm • Key length • Secrecy of the key ( requires proper management of key distribution) 1883: Jean Guillaumen Hubert Victor Fransois Alexandre Auguste Kerckhoff von Nieuwenhof: “ Cryptosystems should rely on the secrecy of the key, but not of algorithm.” Advantages of Openness: 1994: A hacker published the source code of RC4, a secret encryption algorithm, designed by RSA Data security Inc. attacks, that exposed several weaknesses of RC4
Types of Cipher Algorithms • Streaming Cipher: encrypts data bit by bit • Block cipher: encrypts a fixed- sized block of data at a timeBlock ciphers: • For a 64 bit block of plaintext, for encryption to a 64-bit ciphertext, may need a table of 264 = 150 million terabytes. • For a block size of 128 bits, the table would require a memory of 5x1039 bytes.
DES Encryption: DES a public standard. But its design criterion has not been published. 64 bit plaintext goes through • an Initial Permutation (IP). • 16 Rounds of a complex function fk as follows: • Round 1 of a complex function fk with sub key K1 . • Round 2 of a complex function fk with sub key K2. • Round 16 of a complex function fk with sub key K16 Every round ends with a swap of Left-half and Right-half. • an Inverse Initial Permutation (IP-1 ) to produce 64 bit ciphertext.
DES Round • x: block of plaintext • let x0 = IP (x) = L0:R0 • 16 rounds with f: cipher function Ki: sub-key for the ith round While i ≤ 16, xi = Li:Ri Li = Ri-1 Ri = Li: f(Ri-1 , Ki)
Function • Expansion permutation to get 48 bits from 32 bits of Ri : each input block of 4 bits contributes 2 bits to each output block Avalanche Effect: A small difference in plaintext causes quite different ciphertext • E(Ri-1) Ki • S-boxes for converting 48 bits to 32 bits output: Non-linear; provide major part of the strength of the cipher • Straight permutation • XOR with left half • Switch the left half and the right half
Key Schedule Algorithm • Each sub-key Ki : 48 bits: obtained from a 56 bit key K • Fixed Permutation: PC1(K) = C0:D0 • A left circular shift (of 1 or 2 bits) on the Left-half (C0 ) and Right-half (D0) separately (Output: C1 of 28 bits and D1 of 28 bits) • 2 bits: for rounds 3-8 and 10-15 • Compression permutation PC2 to get 48 bit key Ki from Ci:Di • Round-dependent left shifts different parts of initial key create each sub-key
Sub Key Generation The input key: 56 bits Hardware Design: the 8, 16, 24, 32, 40, 48, 56 and 64th bit is always the odd parity bit. 64 bit key Software design: the key is stated in ASCII code. Each character of 8 bits, with the first bit being zero plus 7 bits of code. (!) Since DES was designed with the viewpoint of hardware implementation, the conversion to 56 bits is done by neglecting every 8th bit. PC1 converts to 56 bits and permutes.
Key Schedule • K: 64 bit key • C0: D0 =PC1(K) , 56 bit key • 16 steps for i = 1-15: A left circular shift (of 1 or 2 bits) on the Left-half (Ci-1) and Right-half (Di-1) separately (Output: Ci of 28 bits and Di of 28 bits) • 16 Subkeys for i = 1-15: Ki = PC2(Ci : Di ) of 48 bits each
PC1: Obtaining C0 and D0 PC1 generates C0 and D0, the left and the right halves respectively. C0 Read the first column of the input 64-bit key from bottom up. Write it row-wise from left to right. Repeat for the second, the third and the lower-half of the fourth column respectively. D0 Read the seventh column of the input 64-bit key from bottom up. Write it row-wise from left to right. Repeat for the sixth, the fifth and the upper-half of the fourth column respectively. Probably the conversion to the two halves was done due to the limitation of the hardware of seventies.
Sub Key Generation: continued Thus DES has a 56 bit key K consisting of C0 and D0. All the sub keys K1 to K16 are of 48 bits. To generate these keys, K goes through • A Permuted Choice (PC-1) (output C0 of 28 bits and D0 of 28 bits). • A left circular shift (of 1 or 2 bits) on the Left-half (C0 ) and Right-half (D0) separately (Output: C1 of 28 bits and D1 of 28 bits) followed by a Permuted Choice (PC-2) which permutes as well as ‘contracts’ to produce a sub-key K1 of 48 bits.
Sub Key Generation (continued) • A left circular shift (of 1 or 2 bits) on the Left-half (C1 ) and Right-half (D1) separately (Output: C2 of 28 bits and D2 of 28 bits) followed by a Permuted Choice (PC-2) which permutes as well as ‘contracts’ to produce a sub-key K2 of 48 bits. • . • . • . • A left circular shift (of 1 or 2 bits) on the Left-half (C15 ) and Right-half (D15) separately (Output: C16 of 28 bits and D16 of 28 bits) followed by a Permuted Choice (PC-2) which permutes as well as ‘contracts’ to produce a sub-key K16 of 48 bits.
Key Schedule • KA = PC1(K) • KB1 = LS-j(KA); LS-j is left circular shift by j bits, on the two halves of the 56 bits separately. j is given by Table 5. KB2 = LS-j(KB1) KB3 = LS-j(KB2) . KBi = LS-j(Kbi-1) . KB16 = LS-j(KB15) • Ki = PC2(KBi)
i-th Round The part in yellow, in the previous slide, shows the sub key generation. After PC1, the circular rotations are independent for the left half and the right-half. ENCRYPTION: In the i-th round, Li = Ri-1 Ri = Li-1 F(Ri-1, Ki) = Li-1P(S( E(Ri-1) Ki )) Where E: expansion from 32 bits to 48 S: Using 8 S-boxes to convert 48 bits to 32 bits – each S box converts 6 bits to 4 bits P: permutation