CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1
Mi Midterm rm Revi view (Le Lectures 1-8) 8) 2
Co Comp mputer r Se Securi rity: y: Th The Ca Cast of of C Characters Attacker or Adversary Your Computer/Phone/Tablet Your data: financial, health records, intellectual property … Can be: individuals, organizations, nations … 3
Ne Network S Secu curity: Th The Cast of of Ch Characters communication channel Bob Alice Eve(sdropper) 4
Te Terminology (Cr (Cryp yptogr graphy) y) • Cryptology, Cryptography, Cryptanalysis • Cipher, Cryptosystem, Encryption scheme • Encryption/Decryption, Encipher/Decipher • Privacy/Confidentiality, Authentication, Identification • Integrity • Non-repudiation • Freshness, Timeliness, Causality • Intruder, Adversary, Interloper, Attacker • Anonymity, Unlinkability/Untraceability 5
Te Terminology (S (Security) ) • Access Control & Authorization • Accountability • Intrusion Detection • Physical Security • Tamper-Resistance • Certification & Revocation 6
At Attacks, Se Services, an and Mec echan anis isms • Security Attack: Any action (or event) that aims to compromise (undermine) the security of information • Security Mechanism: A measure (technique or method) designed to detect, prevent, or recover from, a security attack • Security Service: something that enhances the security of data processing systems and information transfers. A “security service” makes use of one or more “security mechanisms” • Example: – Security Attack: Eavesdropping (Interception) – Security Mechanism: Encryption – Security Service: Confidentiality 7
Se Securi rity Attacks • Interruption: attack on availability • Interception: attack on confidentiality • Modification: attack on integrity • Fabrication: attack on authenticity 8
Ma Main Se Securi rity Goals Confidentiality Authenticity Integrity Availability 9
Security Th Threats: Th Threat vs Attack? By Injection By Deletion 10
Ex Exampl ple Secur urity y Services • Confidentiality: to assure information privacy and secrecy • Authentication: to assert who created or sent data • Integrity: to show that data has not been altered • Access control: to prevent misuse of resources • Availability: to offer access to resources, permanence, non- erasure Examples of attacks on Availability: – Denial of Service (DoS) Attacks • e.g., against a name server – Malware that deletes or encrypts files 11
So Some me Me Methods of Defense • Cryptography à confidentiality, authentication, identification, integrity, etc. • Software Controls (e.g., in databases, operating systems) à protect users from each other • Hardware Controls (e.g., smartcards, badges) à authenticate holders (users) • Policies (e.g., frequent password changes, separations of duty) à prevent insider attacks • Physical Controls (doors, guards, etc.) à control physical access 12
Cryp Cr yptography y can be use sed at di differ eren ent level els • Algorithms: encryption, signatures, hashing, Random Number Generator (RNG) • Protocols (2 or more parties): key distribution, authentication, identification, login, payment, etc. • Systems: electronic cash, secure filesystems, smartcards, VPNs, e-voting, etc. • Attacks: on all the above 13
Ty Types of Attainable Security • Perfect, unconditional or “information theoretic”: the security is evident free of any (computational/hardness) assumptions • Reducible or “provable”: security can be shown to be based on some common (often unproven) assumptions, e.g., the conjectured difficulty of factoring large integers • Ad hoc: the security seems good often -> “snake oil”… Take a look at: http://www.ciphersbyritter.com/GLOSSARY.HTM 14
So Some me Applications of Cr Cryptography • Network, operating system security • Protect Internet, phone, space communication • Electronic payments (e-commerce) • Database security • Software/content piracy protection • Pay TV (e.g., satellite) • Military communications • Voting 15
His Historic ical al (Prim imitiv itive) e) Cipher iphers • Shift (e.g., Caesar): Enc k (x) = x+k mod 26 • Affine: Enc k1,k2 (x) = k1 *x + k2 mod 26 • Substitution: Enc perm (x) = perm(x) • Vigenere: Enc K (x) = ( X[0]+K[0], X[1]+K[1], … ) • Vernam: One-Time Pad (OTP) 16
VE VERNAM One-Ti Time Pad (OTP TP): Wo World’s Best Cipher = Plaintext { p ,..., p } - 0 n 1 = One - time pad stream { otp ,..., otp } - 0 n 1 = Ciphertext { c ,..., c } - 0 n 1 where : = Å " < < c p otp 0 i n i i i = Å C A B Å = C B A 17
VE VERNAM One-Ti Time Pad (OTP TP): Wo World’s Best Cipher Vernam offers perfect information-theoretic • security, but: How long does the OTP keystream need to be? • How do Alice and Bob exchange the keystream? • 18
Cryptosystems Classified along three dimensions: • Type of operations used for transforming plaintext into ciphertext – Binary arithmetic: shifts, XORs, ANDs, etc. • Typical for conventional encryption – Integer arithmetic • Typical for public key encryption • Number of keys used – Symmetric or conventional (single key used) – Asymmetric or public-key (2 keys: 1 to encrypt, 1 to decrypt) • How plaintext is processed: – One bit at a time – A string of any length – A block of bits 19
Co Conventional (S (Symme ymmetri ric) ) Cr Cryp yptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB • Alice and Bob share a key K AB which they somehow agree upon (how?) • key distribution / key management problem • ciphertext is roughly as long as plaintext • examples: Substitution, Vernam OTP, DES, AES 20
Us Uses es of Conven entio tional al Cryptograp aphy • Message transmission (confidentiality): • Communication over insecure channels • Secure storage: crypt on Unix • Strong authentication: proving knowledge of a secret without revealing it: • See next slide • Eve can obtain chosen <plaintext, ciphertext> pair • Challenge should be chosen from a large pool • Integrity checking: fixed-length checksum for message via secret key cryptography • Send MAC along with the message MAC=H(m,K) 21
Challenge-Re Ch Response Authentication Ex Exampl ple K AB K AB r a challenge K AB (r a ) challenge reply r b challenge K AB (r b ) challenge reply 22
Co Conventional Cr Cryp yptography Advantages • high data throughput • relatively short key size • primitives to construct various cryptographic • mechanisms Disadvantages • key must remain secret at both ends • key must be distributed securely and efficiently • relatively short key lifetime • 23
Generic Example of Block k Encryp yption 20
Cl Classi ssic Fe Feistel Ne Network “Round Keys” are generated from original key via subkey generation algorithm 25
Fe Feistel Ci Cipher St Stru ructure • Block Size: larger block sizes mean greater security • Key Size: larger key size means greater security • Number of Rounds: multiple rounds offer increasing security • Subkey Generation Algorithm: greater complexity will lead to greater difficulty of cryptanalysis • Fast Software En/De-cryption: speed of execution of the algorithm becomes a concern 26
Bl Block k Ci Ciphers • Originated with early 1970's IBM effort to develop banking security systems • First result was Lucifer, most common variant has 128- bit key and block size • Was not secure in any of its variants • Called a Feistel or product cipher • F()-function is a simple transformation, does not have to be reversible • Each step is called a round; the more rounds, the greater the security (to a point) • Most famous example of this design is DES 27
Co Conventional Enc Encryp yption St Standard • Data Encryption Standard (DES) • Most widely used encryption method (AES is probably taking over by now) • Block cipher (in native ECB mode) • Plaintext processed in 64-bit blocks • Key is 56 bits 28
Da Data E a Encr cryptio ion S Stan andar ard ( (DE DES) Su Summa mmary • Permutation/substitution block cipher • DES “aging” • 64-bit data blocks • 2-DES: rendezvous attack • 56-bit keys (8 parity bits) • 3-DES: 112-bit security • 16 rounds (shifts, XORs) • DESx : 118-bit security • Key schedule • S-box selection secret … 46
Ba Basi sic St Stru ructure of of DE DES 26
Enc Encryp yption vs vs De Decr cryptio ion in in DE DES 31
DES S DE System Encryption Process Key Schedule 64 Bit Plaintext 64 Bit Key Initial Permutation Permutation Choice 1 Building 32 Bit L 0 32 Bit R 0 56 Bit Key Blocks + F(R 0 ,K 1 ) 28 Bit C 0 28 Bit D 0 Left Shift Right Shift 32 Bit L 1 32 Bit R 1 K 1 (48 bits) C 1 D 1 32 Bit L 15 32 Bit R 15 Permuted Choice 2 + F(R 15 ,K 16 ) C 16 D 16 K 16 (48 bits) 32 Bit L 16 32 Bit R 16 Permuted Choice 2 Final Permutation 64 Bit Ciphertext 27
Recommend
More recommend