23 | 20100526

Introduction to Security & Privacy

Pengantar Teknik Informatika (CS1013) 20092

Some security issues

Taxonomy

Example

Cryptography: Requirements
Basic: be able to turn plaintext into ciphertext in such a way that only the intended recipientthe holder of the decryption key can recover the plaintext secrecy of the key, and not of the algorithm itself, is the only thing that is needed to ensure the privacy of the data

Symmetric vs Asymmetric alg

Symmetric:

Asymmetric

 DES
64-bit key (56-bits + 8-bit parity) 16 rounds
Initial permutation

Each Round

Li

Ri

Round 1

F +

Ki

Round 2 56-bit key

Li

Ri

Round 16

Final permutation

 Repeat for larger messages Chiper Block Chaining (CBC)

Block1 IV + Block2 + Block3 + Block4 +

DES

DES

DES

DES

Cipher 1

Cipher2

Cipher3

Cipher4

More on asymmetric alg

Public Key (RSA)

Plaintext Plaintext

Encrypt with public key Ciphertext

Decrypt with private key

Encryption & Decryption

c = memod n m = cdmod n

RSA (cont)
Choose two large prime numbers p and q (each 256 bits) Multiply p and q together to get n Choose the encryption key e, such that e and (p - 1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no common factor greater than one Compute decryption key d such that

d = e-1mod ((p - 1) x (q - 1))

Construct public key as (e, n) Construct private key as (d, n) Discard (do not disclose) original primes p and q

RSA: small example

Suppose we pick p = 7 and q = 11. n = 7 11 = 77; ( p 1) (q 1) = 60 Pick a value of e that is relatively prime to 60. We choose e = 7 d = 71 mod ((7 1) (11 1))
7 d = 1 mod 60 It turns out that d = 43, since 7 43 = 301 = 1 mod 60

So now we have the public key e, n = 7, 77 and the private key d, n = 43, 77

RSA: small example (contd)

Encryption:
Message = 9

Decryption: Chipertext = 37 m = cd mod n = 3743 mod 77 = 9 plaintext

c = me mod n = 97 mod 77 = 37 chipertext

Message Digest
Cryptographic checksum
just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.

One-way function
given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.

Relevance
if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

Message Digest: example

Some hash functions

http://en.wikipedia.org/wiki/Message_digest

Security Mechanism

Authentication
Is he really C? I am C

Proof that you really are X!

I am Server X

I am A

Proof that you really are A!

A Server X

A Server X

Authentication Protocols
Three-way handshake Client & Server share a secret key
Client Server
CHK = client handshake key SHK = server handshake key SK = session key

 Trusted third party (Kerberos) Authentication Server A and B each share a secret key with S (KA & KB)
S
A, B

E((T , L, K, B E((T ), K , L, A ), K, A ), K E((A B) , T) E ((T , K) , L, , K, A ), K B)

T = timestamp L = lifetime K = session key

K) 1 , E(T +

 Public key authentication

A B

Spring 2002

CS 461

21

Message integrity
I am sending a message Is this message genuine?

I am C. I am sending you a message

Is this message really from C?

Message Integrity Protocols

Digital signature using RSA
special case of a message integrity where the code can only have been generated by one participant compute signature with private key and verify with public key

Keyed MD5
sender: m + MD5(m + k) + E(k, private) sender: m + MD5(m + k) + E(E(k, rcv-pub), receiver

private)

recovers random key using the senders public key applies MD5 to the concatenation of this random key message MD5 with RSA signature
sender: m receiver

+ E(MD5(m), private)

decrypts signature with senders public key compares result with MD5 checksum sent with message

Key Distribution
Certificate
special type of digitally signed document:
I certify that the public key in this document belongs to the entity named in this document, signed X.

the name of the entity being certified the public key of the entity the name of the certified authority a digital signature

Certified Authority (CA)

administrative entity that issues certificates useful only to someone that already holds the CAs public key.

Key Distribution (cont)

Chain of Trust
if X certifies that a certain public key belongs to Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z someone that wants to verify Zs public key has to know Xs public key and follow the chain

Certificate Revocation List

Example Systems

Pretty Good Privacy (PGP)

Used in email PGP integrity & authentication:

PGP
PGP encryption

Secure Shell (SSH)

provides a remote login service intended to replace the less secure Telnet and rlogin programs

Transport Layer Security (TLS)

TLS, SSL, HTTPS

IP Security (IPSec)
a framework for providing all the security services consists of two pieces:
The first piece is a pair of protocols that implement the available security services.
Authentication Header (AH): provides access control, connectionless message integrity, authentication, and antireplay protection Encapsulating Security Payload (ESP), which supports these same services, plus confidentiality

The second piece is support for key management, which fits under an umbrella protocol known as ISAKMP: Internet Security Association and Key Management Protocol

Firewalls
Firewall Rest of the Internet Local site

Filter-Based Solution
example
( 192.12.13.14, 1234, 128.7.6.5, 80 ) (*,*, 128.7.6.5, 80 )

default: forward or not forward? how dynamic?

Proxy-Based Firewalls
Problem: complex policy Example: web server
Remote company user Firewall Web server

Internet

Company net

Solution: proxy
External client

Random external user

Firewall Local server

Proxy

External HTTP/TCP connection

Internal HTTP/TCP connection

Design: transparent vs. classical Limitations: attacks from within

Biometric

Human factor

The Age of Privacy is Over?