Zhofrph Wr Dgydqfhg Vhfxulwb dqg Wuxvw - PowerPoint PPT Presentation

Title: Zhofrph Wr Dgydqfhg Vhfxulwb dqg Wuxvw


1
Zhofrph Wr Dgydqfhg Vhfxulwb dqg Wuxvw

• LV403

2
House Keeping

• Course
• Elective IS403 Advanced Information Security
  Trust
• Lecturer
• Xuhua Ding RM 80-04-040
• Consultation hours
• knock my door
• Class Website
• http//www.mysmu.edu/faculty/xhding/is403.htm

3
House Keeping

• Textbook
• Information Security, Principles and Practice, by
  Mark Stamp
• Grading
• 20 in class exercises interactions (2 hours
  lecturing 1 hour exercises/discussion)
• 30 project (10 presentation, 20 report)
• 50 final exam, open book
• Project
• A study of information security technology and
  its applications
• Project proposal due the 4th week
• Presentation 12th 13th week
• Repot due 14th week

4
Lecture 1

• Basics of Cryptography

5
Contents

• Security notations
• Symmetric key crypto
• Hash functions
• Public key crypto
• PKI

6
Four Objectives

• DRM, client-side controls

INTEGRITY modification
AVAILABILITY access
CONFIDENTIALITY disclosure
7
Security Services

• Confidentiality
• Protection from disclosure to unauthorized
  persons
• Integrity
• Maintaining data consistency
• Authentication
• Assurance of identity of person or originator of
  data
• Non-repudiation
• Originator of action/data cant deny it later
• Availability
• Legitimate users have access when they need it

8
Attacks Vulnerabilities Outstrip Skills
Practices

• Whom are we dealing with
• Hackers, insiders, commercial espionage,
  organized criminals, national intelligence
• Ever more complicated systems
• No one knows whats in a system
• Features of cyber attacks
• Action at a distance (difficult to trace
  prosecute)
• Propagation of successful techniques (hacker
  groups, bulletin boards only the 1st needs
  skill, the rest just use the s/w)

9
Threats, Vulnerabilities and Attacks

• Threat
• something bad that could happen
• Vulnerability
• weakness in an information system that could be
  exploited
• Attack
• some action taken by a malicious intruder

10
Passive Active Attacks In the Context of
Communications
B
A
Traffic (data/messages)

• Passive attacks
• Eavesdropping
• Traffic analysis
• Can prevent,
• hard to detect

• Active attacks
• Message modification
• in context and time
• Denial of Service (DoS)
• Can detect,
• hard to prevent

11
What Is Cryptography?

• Classic cryptography is the attempt to achieve
  secure communication in the presence of an
  adversary, often based on ingenuity (secret
  writing, invisible ink etc) than on any
  scientific or mathematical principles.
• Modern cryptography is a science for achieving
  digital information confidentiality and integrity
  in the presence of an adversary, mainly based on
  number theories.

12
What Is (Cryptographic) Security?

• Kerckhoffs Principle (1883) Only the key should
  be assumed secret, while the algorithm itself
  should be assumed publicly known.
• Shannons Theorem (1940s) If the secret key is
  shorter than the message, perfect security is
  unattainable. One-time pad is a cipher with
  perfect security
• Diffie-Hellman (1976) Suggested basing security
  on intractability of computationally hard
  problems, i.e., design systems that are
  infeasible rather than impossible to break
• Rivest, Shamir and Adleman (1978) Created the
  1st public key cryptosystem (encryption
  signatures)

Computational Security vs. Informational Security
13
Reference Values for Estimating Computational
Efforts

• Seconds in a year 3107
• Seconds since creation of solar system 21017
• Binary numbers of length 64 1.81019
• Binary numbers of length 128 3.41038
• Binary numbers of length 256 1.21077
• Number of 75-digit prime numbers 5.21072
• (There exists many prime numbers to be used
  in PKC)
• Number of electronics in the universe 8.41077
• (This is the upper limit for the max memory
  space available to an attacker)

Exercise Estimate your laptops computation
power?
14
Types of Cryptographic Algorithms
15
Cryptographic Notations

• x y Concatenation of x y
• Km m encrypted with the secret key K
• mAlice (or mPA) m encrypted with Alices
  public key
• mAlice (or mSA) m signed with Alices
  private key
• h() A secure one-way hash function
• n Number of bits needed to represent
  n
• h(k, m) Hashed message authentication code, k
• is a secret and m is a
  message

16
Random Numbers

• Random numbers used to generate keys
• Symmetric keys
• RSA Prime numbers
• Diffie-Hellman secret values
• Random numbers used for nonces
• Sometimes a sequence is OK
• But sometimes nonces must be random
• Random numbers also used in simulations,
  statistics, etc., where numbers only need to be
  statistically random

17
Randomness

• True randomness is hard to define
• Entropy is a measure of randomness
• Let X be a random variable which takes on a set
  of values x1,x2,xn with probability P(Xxi)pi.
• The entropy of X is mathematical measure of the
  amount of information provided by an observation
  of X.
• The entropy of X is the uncertainty about the
  outcome before an observation of X.
• Entropy is also useful for approximating the
  average number of bits required to encode the
  elements of X.
• H(X)-(p1logp1p2logp2pnlogpn)

Exercise Singapores annual weather report
clear 84 days, cloudy 121 days, rainy 160
days What is the uncertainty of Singapore weather?
18
Randomness

• Sources of randomness via software
• Software is (hopefully) deterministic
• So must rely on external random events
• Mouse movements, keyboard dynamics, network
  activity, etc., etc.
• Can get quality random bits via software
• But quantity of such bits is very limited
• Bottom line The use of pseudo-random processes
  to generate secret quantities can result in
  pseudo-security

19
Symmetric Key Cryptography
Alice
Bob Secret key K
Km
m
m
Encryption
Decryption

• Normally m gtgt K ? problem of communicating a
  large message in secret reduced to communicating
  a small key in secret

20
Standard Symmetric Key Ciphers

• Data Encryption Standard (DES)
• NIST 1977, a block cipher, block size 64 bits,
  key size 64 (effective 56) bits
• Design decision not public (S-boxes may have
  backdoors)
• Several challenges to break DES messages solved
  using distributed computing
• Advanced Encryption Standard (AES)
• NIST 2001, block size 128 bits, key sizes 128,
  192, 256 bits
• Design is publicly analyzed in terms of security
  and performance
• Encryption method for the next century

21
Average Time Needed for Brute Force Attack to
Symmetric Key Ciphers
This far exceeds the age of our solar system!
22
One-Way Hash Functions

• A one-way hash function h() takes x of any length
  and outputs h(x) of fixed length n h(x) bits
• h(x) is called fingerprint or message digest of
  message x

Easy
Domain of input x is infinite
h(x) 2n values
Hard

• What do we mean by Hard?
• Pre-image resistance Given x, to find another
  message x such that h(x) h(x) requires
  roughly 2n-1 hash computations
• Collision resistance To find two random
  messages, x and x, such that h(x) h(x),
  requires to hash 2n/2 random messages (birthday
  attack)