1 / 121

CS363

Week 15 - Wednesday. CS363. Last time. What did we talk about last time? Finished ethics Reviewed some of the material before Exam 1. Questions?. Project 3. Security Presentation. Richard Fenoglio. Finishing Week 3 Review. Public key cryptography.

yazid
Download Presentation

CS363

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 15 - Wednesday CS363

  2. Last time • What did we talk about last time? • Finished ethics • Reviewed some of the material before Exam 1

  3. Questions?

  4. Project 3

  5. Security Presentation Richard Fenoglio

  6. Finishing Week 3 Review

  7. Public key cryptography • Sometimes, we need something other than a shared secret • We want a public key that anyone can use to encrypt a message to Alice • Alice has a private key that can decrypt such a message • The public key can only encrypt messages, it cannot be used to decrypt messages

  8. Prime • RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes) • An integer p is prime if • p > 1 • p is not divisible by any positive integers other than 1 and itself

  9. Fundamental theorem of arithmetic • Any integer greater than 1 can be factored into a unique series of prime factors: • Example: 52 = 22 ∙ 13 • Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b

  10. Euclid's algorithm • The greatest common divisor or GCD of two numbers gives the largest factor they have in common • For large numbers, we can use Euclid's algorithm to determine the GCD of two numbers • Algorithm GCD( a, b) • If b = 0 • Return a • Else • temp = a mod b • a = b • b = temp • Goto Step 1 • Example: GCD( 1970, 1066)

  11. Week 4 Review

  12. Fermat’s Little Theorem • If p is prime and a is a positive integer not divisible by p, then: ap –1 1 (mod p)

  13. Euler's in the mix too • Euler’s totient function (n) • (n) = the number of positive integers less than n and relatively prime to n (including 1) • If p is prime, then (p) = p – 1 • If we have two primes p and q (which are different), then: (pq) = (p)∙(q) = (p – 1)(q – 1)

  14. Take that, Fermat • Euler’s Theorem: For every a and n that are relatively prime, a(n)  1 (mod n) • This generalizes Fermat’s Theorem because (p) = p – 1 if p is prime

  15. RSA Algorithm • Named for Rivest, Shamir, and Adleman • Take a plaintext M converted to an integer • Create an ciphertextC as follows: C = Me mod n • Decrypt C back into M as follows: M = Cd mod n = (Me)d mod n = Med mod n

  16. The pieces

  17. How it Works • To encrypt: C = Me mod n • e is often 3, but is always publically known • To decrypt: M = Cd mod n = Med mod n • We get d by finding the multiplicative inverse of e mod (n) • So, ed  1 (mod (n))

  18. Why it Works • We know that ed  1 (mod (n)) • This means that ed = k(n) + 1 for some nonnegative integer k • Med= Mk(n) + 1  M∙(M(n))k (mod n) • By Euler’s Theorem M(n)  1 (mod n) • So, M∙(M(n))k  M (mod n)

  19. Why it’s safe • You can’t compute the multiplicative inverse of e mod (n) unless you know what (n) is • If you know p and q, finding (n) is easy • Finding (n) is equivalent to finding p and q by factoring n • No one knows an efficient way to factor a large composite number

  20. Key management • Once you have great cryptographic primitives, managing keys is still a problem • How do you distribute new keys? • When you have a new user • When old keys have been cracked or need to be replaced • How do you store keys? • As with the One Time Pad, if you could easily send secret keys confidentially, why not send messages the same way?

  21. Notation for sending • We will refer to several schemes for sending data • Let X and Y be parties and Z be a message • { Z } k means message Z encrypted with key k • Thus, our standard notation will be: • X Y: { Z } k • Which means, X sends message Z, encrypted with key k, to Y • X and Y will be participants like Alice and Bob and k will be a clearly labeled key • A || B means concatenate message A with B

  22. Kinds of keys • Typical to key exchanges is the idea of interchange keys and session keys • An interchange key is a key associated with a particular user over a (long) period of time • A session key is a key used for a particular set of communication events • Why have both kinds of keys?

  23. Classical exchange: Attempt 0 • If Bob and Alice have no prior arrangements, classical cryptosystems require a trusted third party Trent • Trent and Alice share a secret key kAlice and Trent and Bob share a secret key kBob • Here is the protocol: • Alice  Trent: {request session key to Bob} kAlice • Trent  Alice: { ksession } kAlice || { ksession } kBob • Alice  Bob: { ksession } kBob

  24. Classical key exchange • Purpose • Exchange a session key between two parties • Weaknesses • A trusted third party is required • Protocols are complicated • Some protocols have hard to spot security risks • Practice looking for the holes in the protocols • They always have a "man in the middle" aspect • Always assume that Eve can completely control all communication

  25. Public key exchange • Suddenly, the sun comes out! • Public key exchanges should be really easy • The basic outline is: • Alice  Bob: { ksession } eBob • eBob is Bob's public key • Only Bob can read it, everything's perfect! • Problems can still happen if parties cannot get each other’s public keys reliably

  26. Hash function definition • A cryptographic (or one-way) hash function(called a cryptographic checksum in the book) takes a variable sized message M and produces a fixed-size hash code H(M) • Not the same as hash functions from data structures • The hash code produced is also called a digest • It can be used to provide authentication of both the integrity and the sender of a message • It allows us to store some information about a message that an attacker cannot use to recover the message

  27. Collisions • When two messages hash to the same value, this is called a collision • Because of the pigeonhole principle, collisions are unavoidable • The key feature we want from our hash functions is that collisions are difficult to predict

  28. Crucial properties

  29. Additional properties

  30. Password dilemma resolved • Instead of storing the actual passwords, Windows and Unix machines store the hash of the passwords • When someone logs on, the operating system hashes the password and compares it to the stored version • No one gets to see your original password!

  31. Any Problems? • What’s the probability that Ahmad has the same password (or a password that hashes to the same value) as Bai Li? • Very small! • What’s the probability that anyone has the same password (or a password that hashes to the same value) as anyone else? • Not nearly as small!

  32. Common Hash Functions

  33. MD5 • Message Digest Algorithm 5 • Very popular hashing algorithm • Designed by Ron Rivest (of RSA fame) • Digest size: 128 bits • Security • Completely broken • Reasonable size attacks (232) exist to create two messages with the same hash value • MD5 hashes are still commonly used to check to see if a download finished without error

  34. SHA family • Secure Hash Algorithm • Created by NIST • SHA-0 was published in 1993, but it was replaced in 1995 by SHA-1 • The difference between the two is only a single bitwise rotation, but the NSA said it was important • Digest size: 160 bits • Security • Mostly broken • Attacks running in 251 - 257 time exist • SHA-2 is a successor family of hash functions • 224, 256, 384, 512 bit digests • Better security, but not as widely used • Designed by the NSA

  35. The future of hash functions • NIST is currently having a contest for SHA-3 • It’s down to five finalists: • BLAKE • Grøstl • JH • Keccak • Skein • The winner is Keccak!

  36. Week 5 Review

  37. Birthday attack’s revenge • If a hash value is made up of k bits • 2k can be big • So, we need to check one hash against 2k - 1 other hashes to have a 50% probability of matching • But, by the birthday paradox • We need a much smaller number to get a collision!

  38. Program Security

  39. Buffer overflow • A buffer overflow happens when data is written past the end (or beginning) of an array • It could overwrite: • User data • User code • System data • System code User Data User Data User Code User Data System Data User Data System Code

  40. Incomplete mediation • Incomplete mediation happens with a system does not have complete control over the data that it processes • Example URL: • http://www.security.com/query.php?date=2012March20 • Wrong URL: • http://www.security.com/query.php?date=2000Hyenas • The HTML generates the URL, but the URL can be entered manually

  41. Time-of-check to time-to-use • A time-of-check to time-to-use flaw is one where one action is requested, but before it can be performed, the data related to the action is changed • The book’s example is a man who promises to buy a painting for $100 who puts five $20 bills on the counter and pulls one back when the clerk is turning to wrap up the painting • In this flaw, the first action is authorized, but the second may not be

  42. Viruses • Terminology is inconsistent • Popular culture tends to call everything a virus • Sometimes we will too, but here are some other terms: • Almost all of these are, by definition, Trojan horses • Worms differ from viruses primarily because they spread across networks

  43. Where Viruses Live • One-time execution • Boot sector • The part of a hard drive that says what code to load to start your OS • Memory resident • Sometimes called TSR (terminate and stay resident) • Inside documents • A few other places that are sensible: • Applications • Libraries • Compilers (infect programs as you create them) • Antivirus software

  44. Virus Signatures • Storage patterns • The size of a file • Compare against a hash digest for the program • Execution patterns • Viruses are also suspicious because of the way they execute • The functioning of the code compared to some standard • Suspicious execution patterns (weird JUMP commands)

  45. Polymorphic viruses • Because virus scanners try to match strings in machine code, virus writers design polymorphic viruses that change their appearances • No-ops, code that doesn’t have an impact on execution, can be used for simple disguises • Clever viruses can break themselves apart and hide different parts in randomly chosen parts of code • Similar to code obfuscation • Advanced polymorphic viruses called encrypting viruses encrypt parts of themselves with randomly chosen keys • A scanner would have to know to decrypt the virus to detect it • Virus scanners cannot catch everything

  46. Targeted malicious code • Trapdoors • A way to access functionality that is not documented • Often inserted during development for testing purposes • Salami attacks • Steal tiny amounts of money when a cent is rounded in financial transactions • Or, steal a few cents from millions of people • Rootkits • Privilege escalation • Keystroke logging

  47. Testing to prevent programming flaws • Unit testing tests each component separately in a controlled environment • Integration testing verifies that the individual components work when you put them together • Function and performance tests sees if a system performs according to specification • Acceptance testing give the customer a chance to test the product you have created • The final installation testing checks the product in its actual use environment

  48. Testing methodologies • Regression testing is done when you fix a bug or add a feature • We have to make sure that everything that used to work still works after the change • Black-box testing uses input values to test for expected output values, ignoring internals of the system • White-box or clear box testing uses knowledge of the system to design tests that are likely to find bugs • You can only prove there are bugs. It is impossible to proves that aren’t bugs.

  49. OS Security

  50. Separation • OS security is fundamentally based on separation • Physical separation: Different processes use different physical objects • Temporal separation: Processes with different security requirements are executed at different times • Logical separation: Programs cannot access data or resources outside of permitted areas • Cryptographic separation: Processes conceal their data so that it is unintelligible

More Related