Lecture-5 Security Dark
Lecture-5 Security Dark
• Security issues are critical for the success of Pervasive Computing. Because
Pervasive Computing and mobile e-business may provide millions of
people with the power to move trillions of dollars in goods or money by a
few mouse clicks, the security of e-business transactions is a top priority.
• The new challenges that appear when business is moved from traditional
stores to mobile devices connected to the Internet.
The Importance of Security
Authentication:
• A merchant must know the identity of the customer and the recipient of a
message, a command, or an order should know the identity of the sender.
• Imagine you can control heating at home over the Internet, in this case you
better make sure that only you, or other authorized persons, can turn on or
off the heat and not anybody else surfing around in the Internet.
• This challenge is met using cryptographic methods to authenticate persons
or messages.
The Importance of Security
Integrity:
• The recipient of a document should be able to recognize if a document or
message was altered during transmission. It wouldn’t be good if anybody
could increase or decrease the number of shares in a stock order sent to an
e-broker by changing the message content. At least the e-broker should be
able to check if the message was altered or not.
The Importance of Security
Privacy:
• The exchange of data between two individuals, for example the merchant
and the customer, should in most cases be kept secret. No unauthorized
party should be able to read or copy such a communication. This challenge
is met using encryption.
Solution???
• There are several ways cryptography is used to secure operations and data.
The following section highlights the most important ones.
Hash
• A hash function is a one-way function that generates a fixed-length string. the hash, out of
a given input. A one-way function is a function that is hard to invert. Due to this
characteristic. the hash of a document is also sometimes called the message digest or
digital fingerprint. A hash is often attached to a document which is transferred to the
recipient. The recipient then uses the same hash function to generate a hash himself. If this
hash and the received hash are not identical, then the data was changed during
transmission.
Message Authentication Code (MAC)
• Digital Signatures enable the recipient to verify the identity of the sender
and the origin as well as the integrity of the document.
• Digital Signatures are based on asymmetric cryptographic algorithms. The
documents are signed with the private key of the sender. The recipient can
take the sender’s public key, which is provided to him by a Trusted Third
Party, and validate the integrity of the document he received.
Symmetric Algorithms
• DES uses a key length of 64 bits containing 8 parity bits; therefore the
actual key size is only 56 bits. The DES block length is 64 bits. It operates in
two modes: electronic codebook mode (ECB) and cipher block chaining
mode (CBC).
ECB
• Electronic Codebook
• ECB encrypts each block separately. Therefore the blocks can be encrypted
or decrypted in parallel, which leads to a better performance.
CBC
• Triple DES makes encryption with DES more secure by applying three DES
operations to the same plain text. The following four variations have been
used in practice:
• DES-EEE3: The input data is encrypted three times using the same key each
time.
• DES-EEE2: It is similar to DES-EEE3, but during the second encryption
operation, a different key is used.
• DES-EDE3: The data is first encrypted, then decrypted, and finally
encrypted again, using a different key each time.
• DES-EDE2: It is similar to DES-EDE3, but now the key for the first and the
third encryption operation is the same.
Advanced Encryption Standard (AES)
• Because DES is getting closer to the end of its secure lifetime, the National
Institute of Standards and Technology (NIST) started looking for a
successor of DES in January of 1997. Currently, the NIST is still evaluating
the proposed algorithms, and it is unlikely that AES will be announced
before 2001.
RC2, RC4, RC5
• These algorithms were developed by Dr. Ronald L. Rivest for RSA Data Security and RC
stands for “Rivest’s Cipher”.
• RC2 is a block-cipher algorithm, which works with a variable key length. Therefore the
strength of the encryption and the performance of the encryption operation can be varied
by the key length used. With a shorter key, the performance is better, but the encryption is
less strong. RC2 has a better performance compared to DES, but the algorithm is the
property of the company RSA Data Security and was not published. This has the
consequence that it wasn’t possible to analyze and test the algorithm as thoroughly as it
was done for DES. Therefore the risks and problems of the algorithm are not known.
• RC4 is a stream-cipher algorithm with variable key length that needs about 8 to 16
operations for each output bit. RC5 is, as RC2, a block-cipher algorithm with variable key
and block length.
Asymmetric Algorithms
• The National Institute for Standards and Technology (NIST) published the
Digital Signature Algorithm (DSA) with a variable key length of 512 to 1024
bits, as part of the Digital Signature Standard (DSS). The US Government is
using DSS for digital authentication.
• One of the characteristics of DSA is that the generation of a signature is
faster than its validation. In contrast, RSA can validate signatures faster
than generating them.
Elliptic Curve Cryptography (ECC)
• Vietor Miller (Mi186) and Neal Koblitz (Kob87) were the first to propose the
elliptic curve algorithm in the mid-80s. ECC provides the same security as
other public key algorithm with a shorter key length. In pervasive devices
with limited memory and computing power, ECC could be an alternative to
other public key systems, like e.g. RSA. Some of the most effective
implementations of ECC are paten ted by a company called Certieom. That
makes the widespread adoption of ECC somewhat more difficult. With the
fast growing number of pervasive devices, ECC will also be more widely
used. ANSI is currently working on standardizing ECC as part of ANSI X9.62
for digital signatures and ANSI X9.63 for key agreement.
MD2, MD4, and MD5
• Rivest developed MD2, MD2, and MD5 for RSA Data Security. MD2 is
optimized for 8-bit computing platforms, MD4 and MD5 for 32-bit
processors. MD5 is a more secure version of MD4, which makes it on the
other hand a little bit slower.
• MD5 first splits the message into 512 bit blocks and generates in three steps
a 128 bit hash.
Secure Hash Algorithms (SHA & SHA- 1)
• The Secure Hash Algorithm (SHA) was standardized in the Secure Hash
Standard (SHS) and published by the US government as a “federal
information processing standard”. SHA-1 is an improved version of SHA.
• The algorithm is used to generate a 160-bit Message Authentication Code
(MAC) from a message that should not be longer than 264 bit. Compared to
MD-5, the algorithm is a little bit slower, but due to its longer MAC, it is
more secure against brute-force attacks.
Acknowledgements