Quiz 4 Lectures
Cryptosystem
From a user perspective, this is a 5-tuple consisting of *(E, D, M, K, C)* Where, *E* is the set of *encryption* algorithms *D* is the set of *decryption* algorithms *M* is the set of *plaintexts* *K* is the set of *keys* *C* is the set of *ciphertexts* ^all *Publicly Known* Below is *Secret* *E: M x K -> C* *D: C x K -> M* The principle: hide the key, not the algorithm
IPSEC Main Protocols
*Authentication Header (AH)* • Provides source authentication • Protects against source spoofing • Provides data integrity • Protects against replay attacks • Use monotonically increasing sequence numbers • Protects against denial of service attacks * • No protection for confidentiality!* *Encapsulating Security Payload (ESP)* • Provides source authentication • Provides data integrity • Provides data confidentiality • Uses symmetric key encryption
Symmetric Key Distribution
Requires each pair of communication parties to share a (separate) secret key This requires n(n-1)/2 keys • n = 4 • 4(4-1)/2 = 4(3)/2 = 12/2 = 6 keys have to be distributed and shared
Caesar Cypher
letter-by-letter method to make a cipher. For example, for each letter, substitute another letter 4 letters ahead. For "a", write "d". (Just an example, L or R is a thing as well).
Digital Certificate (Pt3?)
• Each digital certificate has its own digital signature, signed (encrypted) by the private key of the certificate authority • Certificate authorities may revoke digital certificates before the expiration date listed in the digital certificate • Revoked certificate ID numbers are placed in a certificate revocation list (CRL) • Verifier must check with the certificate authority to determine if a digital certificate is on the CRL • *Without the CRL check, digital certificates do not support authentication*
Block Cipher Modes
• Electronic CodeBook mode (ECB) • Cipher Block Chaining mode (CBC) • Cipher FeedBack Mode (CFB) • Output FeedBack mode (OFB) • Others - COunter mode (CTR), Propagating CBC (PCBC), ...
AES
• In 1997, NIST called for algorithms to replace DES for both government and private-sector encryption • Symmetric • Block sizes of 128-bits • Key sizes of 128, 192, and 256 bits • In 1998, 15 AES candidate algorithms are selected by NIST • In 2000, NIST selected Rijndael as the standard AES • Designed to be efficient in both hardware and software across various platforms • No known weaknesses Aug 2011 = "AES encryption is cracked!" - weakness found in AES algorithm
Defining Digital Certificates
• Information Contained in Digital Certificate • Version Number • Serial Number • Signature Algorithm ID • Issuer Name • Validity period • Not Before • Not After • Subject name • Subject Public Key Info • Public Key Algorithm • Subject Public Key • Issuer Unique Identifier (optional) • Subject Unique Identifier (optional) • Extensions (optional) • ... • Certificate Signature Algorithm • Certificate Signature
Symmetric Encryption for NPEs
• Kerberos • Network authentication protocol • Developed at MIT in the mid 1980s • Available as open source or in supported commercial software (Images)
MACs & HMACs
• Message Authentication Codes (MACs) combine a "shared secret key" along with the message • Used to provide message authentication • MAC does not encrypt the message itself • Hashed Message Authentication Codes (HMACs) use a hash function that is applied to both the key and the message • Provides the integrity piece • Provides the equivalent of a digital signature for a symmetric based encryption
TLS Handshake
• Most complex part of TLS • Is used before any application data are transmitted • Compromises a series of messages exchanged by the client and server • Exchange has four phases • Allows server and client to: • Negotiate the cipher suite Extensible Authentication Protocol (EAP) - Provides common functions to negotiate authentication methods to be used • Establishes a shared session key • Using nounces and pre-master secret keys • Authenticate the server (optional) • How? • Authenticate the client (optional) • How? • Authenticate previously exchanged data
Public Key Distribution
• Only one key is needed for each recipient ("n key pairs" with image showing each person has a private key but the arrows pointing to other people are all public)
Public Key (Asymmetric) Encryption
• Publicly proposed by Diffie and Hellman in 1976 • Objective - provide solutions for 2 major symmetric encryption shortfalls • Key distribution • Authenticity - aka digital signature • Based on mathematical functions • Asymmetric • Uses two separate, but related keys • Public key and private key • Public key is made public for others to use • Private key is known only by its owner • Some form of protocol is needed for distribution
Asymmetric Cryptographic Algorithms
• Quantum cryptography • Exploits the properties of microscopic objects such as photons • Does not depend on difficult mathematical problems • NTRUEncrypt • Uses lattice-based cryptography which relies on a set of points in space • Faster than RSA and ECC • More resistant to quantum computing attacks
Digital Certificates (Pt4?)
• Recap • A digital certificate gives the public key of a named party • This is needed for public key authentication, to prevent public key deception • However, a digital certificate alone does NOT provide authentication
SSL Integrated Security System (ISS)
• SSL • Secure Sockets Layer • Developed by Netscape • TLS (now) • Netscape gave IETF control over SSL • IETF renamed it TLS (Transport Layer Security) • Still referred to as SSL
Uses of Hash Functions
• Software Integrity • E.g., open source tripwire (https://en.wikipedia.org/wiki/Open_Source_Tripwire) • Open Source Tripwire functions as a host-based IDS vice a network IDS • Detects changes to file system objects • Stores information (cryptographic hash) on each file scanned in a database • Later, same files are scanned and the results compared against the stored values in the database • Changes are reported to the user • Message authentication • One-time Passwords • Digital Signature
Public Key Deception
What is the BIG weakness or vulnerability of using Public/Private Key systems to authenticate or verify an entity's identity? 2 Types of Entities PE - person entities NPE - non-person entities • Imposter Claims to be a True Party • True party has a public and private key • Imposter also has a public and private key • Imposter sends imposter's own public key to the verifier • Says, "This is the true party's public key" • This is the critical step in the deception • If verifier accepts the imposter's public key as the true party's public key, • Imposter will be authenticated through any public key authentication method, because their private key will work • Imposter can also decrypt messages sent by the verifier if these messages are encrypted with the imposter's public key • Moral: • Public key encryption for privacy, confidentiality, authentication, and message integrity only works if • The verifier gets the true party's public key independently of the applicant, • From a trusted third party • Trusted third party • Used to solve the problem of verifying identity • Verifies the owner and that the public key belongs to that owner • Helps prevent man-in-the-middle attack that impersonates owner of public key • A *digital certificate is a technology used to associate a user's identity to a public key ... that has been "digitally signed" by a trusted third party
3 Popular Symmetric Encryption Algorithms
DES = Data Encryption Standard AES = Advanced Encryption Standard All 3 are block ciphers Order for "table" beneath: DES, 3DES, AES Plaintext block size (bits): 64, 64, 128 Ciphertext block size (bits): 64, 64, 128 Key size (bits): 56; 112 or 168; 128, 192, or 256
Requirements for Public-Key Cryptosystems
-Computationally easy to create key pairs -Computationally easy for sender knowing public key to encrypt messages -Computationally easy for receiver knowing private key to decrypt ciphertext -Computationally infeasible for opponent to determine private key from public key -Computationally infeasible for opponent to otherwise recover original message -Useful if either key can be used for each role
Digital Signatures
A digital signature (not to be confused with a digital certificate) is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. http://searchsecurity.techtarget.com/definition/digital-signature A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it. http://computer.howstuffworks.com/digital-signature.htm • Public-key encryption provides a method for doing digital signatures • To sign a message, M, Alice just encrypts it with her private key, SA, creating C = E_SA_(M). • Anyone can decrypt this message using Alice's public key, as M' = D_PA_(C), and compare that to the message M.
Cypher Types Synopsis
*Block Cyphers* • Symmetric cipher • Handles large chunks of data at one time • More susceptible to noise in transmission • Requires higher memory requirements because of data block sizes • Certain modes provide integrity and authentication protection in addition to confidentiality • Best when amount(s) of data is known ahead of time or are using protocols where message lengths are known ahead of time ... e.g. HTTP *Stream Cyphers* • Symmetric cipher • Typically faster than block ciphers • Relatively low memory requirements • Better support for "disadvantaged devices" • Better support for embedded computing needs • More difficult to implement because of very strict requirements wrt keystream generation, key usage, etc.
2 types of Cryptosystem
*Symmetric-key cryptosystem*: • Cryptosystem that uses the same key for encryption and decryption *Asymmetric-key cryptosystem*: • Cryptosystem that uses one key for encryption and a different (but related) key for decryption
Asymmetric Encryption *MISCONCEPTIONS*
1. Public-key encryption is more secure from cryptanalysis than symmetric encryption • In fact, the security of any encryption scheme depends on (1) the length of the key and (2) the computational work involved in breaking a cipher. • There is nothing in principle about either symmetric or asymmetric (aka public-key) encryption that makes one superior to another from the point of view of resisting cryptanalysis. 2. Public-key encryption is a general-purpose technique that has made symmetric encryption obsolete • On the contrary, because of the computational overhead of current public-key encryption schemes, there seems no foreseeable likelihood that symmetric encryption will be abandoned 3. There is a feeling that key distribution is trivial when using public-key encryption, compared to the rather cumbersome handshaking involved with key distribution centers for symmetric encryption. • For public-key distribution, some form of protocol is needed, often involving a central agent, and the procedures involved are no simpler or any more efficient than those required for symmetric encryption.
Asymmetric Encryption Algorithms
RSA (Rivest, Shamir, Adleman) • Developed in 1977 • Most widely accepted and implemented approach to public-key encryption • Block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n Diffie-Hellman key exchange algorithm • Enables two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages • Limited to the exchange of the keys Digital Signature Standard (DSS) • Provides only a digital signature function with SHA-1 • Cannot be used for encryption or key exchange Elliptic curve cryptography (ECC) • Security like RSA, but with much smaller keys • Based on algebraic structure of elliptic curves over finite fields • Provides significantly more secure foundation than 1st generation systems(e.g. RSA) • Much more suitable for mobile apps
Data Encryption Standard (DES)
The most widely used encryption scheme • FIPS PUB 46 • Referred to as the Data Encryption Algorithm (DEA) • Uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Strength concerns: • Concerns about algorithm • DES is the most studied encryption algorithm in existence • Use of 56-bit key
Symmetric Encryption
The universal technique for providing confidentiality for transmitted or stored data • Also referred to as conventional encryption or single-key encryption Two requirements for secure use: • Need a strong encryption algorithm • Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure
Benefits of Digital Signatures
These are common reasons for applying a digital signature to communications: • *Authentication* • Digital signatures can be used to authenticate the source of messages. • *Integrity (limited)* • Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it. • Nonmalleable ciphers prevent this • However, if a message is digitally signed (the message is encrypted with a private key), any change in the message will invalidate the signature • Only works for messages of very limited size • Furthermore • There is no efficient way to modify a message and its signature to produce a new message with a valid signature • Still considered to be computationally infeasible by most cryptographic hash functions.
Goal -> guarantee integrity of message
cryptographic hash
Goal -> validate/verify someone's digital signature
digital certificate
Goal -> guarantee the authenticity of a message
digital signature
Goal -> guarantee authenticity and integrity of a mesage
digital signature & cryptographic hash
Goal -> guarantee the confidentiality of a message
encryption
Goal -> guarantee confidentiality and authenticity
encryption & digital signature
Encryption through Software
up • File and File System Cryptography • Encryption software can be used to encrypt or decrypt files one-by-one • Protecting groups of files through file system cryptography can be performed using: • Openssl • Runs on Windows and Linux • Uses different cryptographic tools (crypto hashes, symmetric, & asymmetric tools) • Pretty Good Privacy (PGP) • Widely used asymmetric cryptography system • Used for files and e-mails on Windows systems • GNU Privacy Guard (GPG) • Runs on Windows, UNIX, and Linux operation systems • Microsoft Windows Encrypting File System (EFS) • Cryptography system for Windows that uses NTFS file system • Tightly integrated with the file system • Users can set up encryption attribute for a file in the Advanced Attributes dialog box • Encryption Wizard • Developed by USAF Anti-Tamper / Software Protection program • Supports symmetric and asymmetric encryption -----------------Slide 2 • Whole disk encryption • Protects all data on a hard drive • Example: BitLocker drive encryption software that is included in Microsoft Windows • BitLocker encrypts the entire system volume, including the Windows Registry • Prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer
Types of ciphers
• *What is a "cipher"? (what does the word itself mean)* - - A cipher is any method of encrypting text • *What is "ciphertext"?* - The encrypted text message itself • *What are the two primary types of ciphers?* - Block Cipher - a method of encrypting text using a cryptographic key and algorithm applied to a *block* of data rather than 1 bit at a time - Stream Cipher - a method of encrypting text using a cryptographic key and algorithm applied to each binary digit in a data *stream*, one bit at a time
Cryptographic Hash Functions
• A "checksum" on a message, M, that is: • *Fixed Size*: regardless of input data size, output digest (the hash value) is always the same size • *Deterministic*: the same message always results in the same hash value • *One-way*: it should be easy to compute Y=H(M), but hard to find M given only Y • *Collision-resistant*: it should be hard to find two messages, M and N, such that H(M)=H(N) • *High Fidelity*: a small change to the message should change the hash value so extensively that the new hash value appears uncorrelated with the old • Popular Hash Functions • MD5 • output 128 bits • collision resistance completely broken by Prof. Xiaoyun Wang in China • SHA1 • output 160 bits • no collision found yet, but method exist to find collisions in less than 2^80; considered insecure for collision resistance • the one-way property still holds • SHA2 (SHA-224, SHA-256, SHA-384, SHA-512) • outputs 224, 256, 384, and 512 bits, respectively • Still remains secure and viable Separate lil box: Cryptographic Hash != Checksum • Checksum = verify integrity of data & detect transmission errors • Crypto Hash = create unique digital fingerprint of the data -----------Slide 2 • SHA3 • NIST released final version Aug 2015 • a next-generation tool for securing the integrity of electronic information • 1st ever public competition & vetting • 64 submissions worldwide • Took 9 years to get it done • Family of functions based on Keccak algorithm • Very "dissimilar" to SHA2 class of functions • SHA2 & SHA3 compliment each other, in large part because are so dissimilar • No confusion or competition • Compromising one won't compromise the other ----------------Slide 3 • Whirlpool • A recent cryptographic hash function • Adopted by standards organizations, including the International Organization for Standardization (ISO) • Creates a hash of 512 bits • Race Integrity Primitives Evaluation Message Digest (RIPEMD) • The primary design feature is two different and independent parallel chains of computation • The results are combined at end of process
TLS Overview
• A sends to B a session identifier and nonce (28 random bytes + 4 bytes of time/timestamp) • B sends another nonce and public-key certificate (there are other possibilities). • A generates a pre-master-secret ( = 48-byte random string) & sends it to B encrypted with B's public key and optionally a signed message to authenticate itself. • Both parties calculate the master-secret M from the nonces and the pre-master-secret, using a secure pseudo-random-number function (PRF) • They calculate session keys and MAC secrets from nonces and master-secret. • Each session involves a pair of symmetric keys; A encrypts using one and B encrypts using the other. Similarly, A and B protect message integrity using separate MAC secrets. • Before sending application data, both parties exchange finished messages to confirm all details of Handshake and to check that clear text parts of messages have not been altered.
Other ISSs
• All ISSs have the same general steps • Negotiate security parameters • Authenticate the partners • Exchange a session key • Communicate with message-by-message privacy, authentication, and message integrity • Other ISSs • HTTPS - application layer secure transfer of web content • IPSec - authentication and encryption for IP packets • Kerberos - network authentication using symmetric encryption capabilities - requires ALL KNOWING authentication server • SSH - provide application layer secure remote administration ... extended to support secure file transfer • Federated Identity Management solutions - suite of tools that provide access control, authentication, authorization, & identity management across an enterprise
Digital Certificates(Pt2?)
• Assert that a true party (named) has the public key contained in the digital certificate • Provides a name-public key pair • Therefore prevents public key deception • Fields and content are standardized by the ITU-T X.509 Standard • ITU-T = International Telecommunications Union - Telecommunication Standardization Sector
Location of TLS
• Below the Application Layer • Internet Engineering Task Force (IETF) views it at the transport layer • Protects all application exchanges • Not limited to any single application • WWW transactions, e-mail, etc.
Block Cipher Limitation
• Block ciphers work for *1* fixed block of n-bits • What happens if you have a plaintext that has p-bits (p > n)? • Easy • Divide the p-bits into blocks of n-bits • Pad last set of p-bits (as necessary) to = n-bits • Apply the block cipher again
Managing Digital Certificates
• Certificate Repository (CR) • Publicly accessible centralized directory of digital certificates • Can be used to view certificate status • Can be managed locally by setting it up as a storage area connected to the CA server • Certificate Revocation • Lists of digital certificates that have been revoked • Reasons a certificate would be revoked • Certificate is no longer used • Details of the certificate have changed, such as user's address • Private key has been lost or exposed (or suspected lost or exposed) • Validity / "Good For" range has expired • Certificate Revocation List (CRL) • A list of certificate serial numbers that have been revoked ----------Slide2 • Online Certificate Status Protocol (OCSP) • Performs a real-time lookup of a certificate's status • Called a request-response protocol • The browser sends the certificate's information to a trusted entity known as an OCSP Responder • The OCSP Responder provides immediate revocation information on that certificate
Digital Certificates
• Created by a Certificate Authority • Certificate authority is a trusted third party Certificate Authority -- Digital Certificate -> Authenticated party
Using Cryptography
• Cryptography • Should be used to secure data that needs to be protected • Can be applied through either software or hardware
Summary
• Cryptography is the science of transforming information into a secure form while being transmitted or stored • Symmetric cryptography uses a single key to encrypt and decrypt a message • Stream ciphers and block ciphers • The primary means of encrypting large amounts of data and implementing Confidentiality • Asymmetric cryptography • Public key cryptography • Uses two keys: public and private key • Developed for two primary purposes - key distribution and authenticity (VIP NOTE: large scale encryption IS NOT what asymmetric is used for) • Cryptographic Hashing creates a unique fingerprint that represents contents of original material • Used only for comparison - to ensure integrity of the data • Cryptography can be applied through hardware or software • Hardware encryption cannot be exploited like software cryptography
DES Examples
• Data Encryption Standard (DES) • Block size (64 bits) • Key size (56 bits) • 16 rounds • Designed by IBM • US national standard from 1977 to 2001 The "Modern" Computer Age is ~ 75 years old Alan Turing work late 30s early 40s DES was US national encryption standard for almost 25 years 30+% of Modern Computer Age -------------------------------------------- Example Slide 2 • Vulnerable to brute-force attacks • Key size is small • 1999 - Electronic Foundation collaborated with others and built machine to crack DES for less than $250K Year, Time for Cracking 1992 2^47 Chosen plaintexts, unrealistic 1997 140 days 1998 56 hours 1999 22 hours + 15 minutes
Hardware Encryption
• Software encryption can be subject to attacks to exploit its vulnerabilities • Cryptography can be embedded in hardware • Provides higher degree of security • Can be applied to USB devices and standard hard drive • Hardware encryption options include: • Trusted platform module • Hardware security model • USB device encryption • Encrypted hardware-based flash drives can be used • Will not connect a computer until correct password has been provided •All data copied to the drive is automatically encrypted • Tamper-resistant external cases • Administrators can remotely control and track activity on the devices • Stolen drives can be remotely disabled ------------Slide 2 • Hard disk drive encryption • Self-encrypting hard disk drives protect all files stored on them • The drive and host device perform authentication process during initial power up • If authentication fails, the drive can be configured to deny access or even delete encryption keys so all data is permanently unreadable • Trusted Platform Module (TPM) • A chip on a computer's motherboard that provides cryptographic services • Includes a true random number generator • Entirely done in hardware so it cannot be subject to software attack • Prevents computer from booting if files or data have been altered • Prompts for password if hard drive moved to a new computer • Hardware Security Module (HSM) • A secure cryptographic processor • Includes an onboard key generator and key storage facility • Performs accelerated symmetric and asymmetric encryption • Can provide services to multiple devices over a LAN
Cipher Feedback (CFB) Mode
• The plaintext is a sequence of *segments* of s bits (where s <_ block-size): P1, P2, P3, P4, ... • Encryption is used to generate a sequence of keys, each of s bits: K1, K2, K3, K4, ... • The ciphertext is C1, C2, C3, C4, .., where Ci = Pi (+) Ki • The block cipher is used as a stream cipher. • Appropriate when data arrives in bits/bytes. • s can be any value; a common value is s = 8. • A ciphertext segment depends on the current and all preceding plaintext segments. • A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments.
Electronic Code Book (ECB)
• The plaintext is broken into blocks, P1, P2, P3, ... • *Each block is encrypted independently*: • Ci = Ek(Pi) • For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book • Strength: it's simple. • Weakness: • Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. • If the same message (e.g., an SSH) is encrypted (with the same key) and sent twice, their ciphertexts are the same. • Typical application: secure transmission of short pieces of information (e.g. a temporary encryption key)
Cipher Block Chaining (CBC)
• The plaintext is broken into blocks: P1, P2, P3, ... • Each plaintext block is XORed (chained) with the previous ciphertext block before encryption (hence the name) • Ci = Ek (C(i-1) (+) Pi) • C(0) = IV • Use an Initial Vector (IV) to start the process • Decryption: Pi=C(i+1) Dk(Ci) • Application: general block-oriented transmission • The encryption of a block depends on the current and *all* blocks before it • So, repeated plaintext blocks are encrypted differently • Initialization Vector (IV) • Must be known to both the sender & receiver • Typically, IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext
Trust Models
• Trust • Confidence in or reliance on another person or entity • Trust model • Refers to the type of trust relationship that can exist between individuals and entities • Direct trust • A type of trust model where one person knows the other person • Third-party trust • Two individuals trust each other because each trusts a third party ------------Slide2 • Hierarchical Trust Model • Assigns a single hierarchy with one master CA called the root • The root signs all digital certificate authorities with a single key • Can be used in an organization where the CA is responsible for only that organization's digital certificates • Hierarchical trust model limitation: • A single CA private key may be compromised rendering all certificates worthless ------------Slide3 • Distributed Trust Model • Multiple CAs sign digital certificates • Eliminates limitations of hierarchical trust model (Image: top is CA, middle is Intermediate CA, then bottom are the digital certificate public keys) • Bridge Trust Model • One CA acts as facilitator to interconnect all other CAs • Facilitator CA does not issue digital certificates, instead it acts as hub between hierarchical and distributed trust model • Allows the different models to be linked (Image basically showed a Bridge CA connecting two CA's and their trusted models)
Certificate Authorities
• Unfortunately, certificate authorities are not regulated • You must only use certificate authorities you trust • Company can be its own certificate authority for internal authentication among its hardware and software systems "self-signed certificate"
Digital Signatures Scheme
• Used to provide • Data integrity • Message authentication • Non-repudiation
Output Feedback Mode (Basic Version)
• Very similar to Cipher Feedback in structure. • But K(i-1) rather than C(i-1) is fed back to the next stage. • As in CFB, the input to the block cipher is a shift register x: its value at stage i is denoted as xi • The block cipher is used as a stream cipher. • Appropriate when data arrives in bits/bytes. • Advantage: more resistant to transmission errors; a bit error in a ciphertext segment affects only the decryption of that segment. • Disadvantage: cannot recover from lost ciphertext segments; if a ciphertext segment is lost, all following segments will be decrypted incorrectly (if the receiver is not aware of the segment loss). • IV should be generated randomly each time and sent with the ciphertext.
Integrated Security System (ISS)
• When two parties communicate... • Their software *(NPE)* usually handles the details • First, negotiate security methods • Then, authenticate one another • Then, exchange symmetric session key • Then can communicate securely using symmetric session key and message-by-message authentication
