Security � The security environment � Basics of cryptography � User authentication Chapter 9: Security � Attacks from inside the system � Attacks from outside the system � Protection mechanisms � Trusted systems CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) 2 Chapter 9: Security Security environment: threats What kinds of intruders are there? � Casual prying by nontechnical users Goal Threat � Curiosity Data confidentiality Exposure of data � Snooping by insiders Data integrity Tampering with data � Often motivated by curiosity or money System availability Denial of service � Determined attempt to make money � May not even be an insider � Operating systems have goals � Commercial or military espionage � Confidentiality � This is very big business! � Integrity � Availability � Someone attempts to subvert the goals � Fun � Commercial gain CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) Chapter 9: Security 3 Chapter 9: Security 4 Accidents cause problems, too… Cryptography � Acts of God � Goal: keep information from those who aren’t � Fires supposed to see it � Earthquakes � Do this by “scrambling” the data � Wars (is this really an “act of God”?) � Use a well-known algorithm to scramble data � Hardware or software error � Algorithm has two inputs: data & key � CPU malfunction � Key is known only to “authorized” users � Disk crash � Relying upon the secrecy of the algorithm is a very bad � Program bugs (hundreds of bugs found in the most recent idea (see WW2 Enigma for an example…) Linux kernel) � Human errors � Cracking codes is very difficult, Sneakers and other � Data entry movies notwithstanding � Wrong tape mounted � rm * .o CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) Chapter 9: Security 5 Chapter 9: Security 6 1
Cryptography basics Secret-key encryption � Algorithms (E, D) are widely known � Also called symmetric-key encryption � Keys (K E , K D ) may be less widely distributed � Monoalphabetic substitution � Each letter replaced by different letter � For this to be effective, the ciphertext should be the only information that’s available to the world � Vignere cipher � Use a multi-character key � Plaintext is known only to the people with the keys (in an THEMESSAGE ideal world…) ELMELMELME K E K D XSQQPEWLSI Encryption Decryption � Both are easy to break! key key C=E(P,K E ) � Given the encryption key, easy to generate the decryption key E D P P � Alternatively, use different (but similar) algorithms for Plaintext Ciphertext Plaintext encryption and decryption Encryption Decryption CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) 7 CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) 8 Chapter 9: Security Chapter 9: Security Modern encryption algorithms Unbreakable codes � Data Encryption Standard (DES) � There is such a thing as an unbreakable code: one-time pad � Uses 56-bit keys � Use a truly random key as long as the message to be encoded � XOR the message with the key a bit at a time � Same key is used to encrypt & decrypt � Code is unbreakable because � Keys used to be difficult to guess � Needed to try 2 55 different keys, on average � Key could be anything � Modern computers can try millions of keys per second with � Without knowing key, message could be anything with the correct special hardware number of bits in it � For $250K, EFF built a machine that broke DES quickly � Difficulty: distributing key is as hard as distributing message � Current algorithms (AES, Blowfish) use 128 bit keys � Difficulty: generating truly random bits � Adding one bit to the key makes it twice as hard to guess � Can’t use computer random number generator! � Must try 2 127 keys, on average, to find the right one � May use physical processes � At 10 15 keys per second, this would require over 10 21 � Radioactive decay seconds, or 1000 billion years! � Leaky diode � Lava lamp (!) [http://www.sciencenews.org/20010505/mathtrek.asp] � Modern encryption isn’t usually broken by brute force… CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) Chapter 9: Security 9 Chapter 9: Security 10 Public-key cryptography The RSA algorithm for public key encryption � Instead of using a single shared secret, keys come in � Public, private key pair consists of K p = (d,n) K s = (e,n) � n = p x q (p and q are large primes) pairs � d is a randomly chosen integer with GCD (d, (p-1) x (q-1)) = 1 � One key of each pair distributed widely ( public key ), K p � e is an integer such that (e x d) MOD (p-1) x (q-1) = 1 � One key of each pair kept secret ( private or secret key ), K s � p & q aren’t published, and it’s hard to find them: factoring � Two keys are inverses of one another, but not identical large numbers is thought to be NP-hard � Encryption & decryption are the same algorithm, so � Public key is published, and can be used by anyone to send a E(K p ,E(K s ,M) = E(K s ,E(K p ,M) = M message to the private key’s owner � Currently, most popular method involves primes and � Encryption & decryption are the same algorithm: E(K p ,M) = M d MOD n (similar for K s ) exponentiation � Methods exist for doing the above calculation quickly, but... � Difficult to crack unless large numbers can be factored � Exponentiation is still very slow � Very slow for large messages � Public key encryption not usually done with large messages CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) CS 1550, cs.pitt.edu (originaly modified by Ethan L. Miller and Scott A. Brandt) Chapter 9: Security 11 Chapter 9: Security 12 2
Recommend
More recommend