Security and Crypto Algorithms - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Security and Crypto Algorithms

Description:

Phone victim, pretend to be DIT (phishing) ... Algorithms based on mathematics, especially number theory ... (characters) into other bytes using a lookup table ... – PowerPoint PPT presentation

Number of Views:207
Avg rating:3.0/5.0
Slides: 41
Provided by: computin7
Category:

less

Transcript and Presenter's Notes

Title: Security and Crypto Algorithms


1
Security and Crypto Algorithms
  • Introduction
  • Cryptography
  • Example car remote authentication
  • Example secure web transactions
  • Reading Ross Anderson, Security Engineering
    (available online)

2
Computer Security
  • Lots of nasty people want to break into our
    computers
  • Steal passwords (eg, for online bank)
  • Steal data (eg, military plans)
  • Shut down our system (extortionist threatening
    e-commerce website)
  • How do we stop them?

3
Attacks
  • Attacks can be technological
  • Eg, computer virus, distributed denial of service
  • Attacks can be physical
  • Key-logger on victims keyboard
  • Attacks can be social
  • Convince victim to tell you his password

4
Defences
  • Defences can be intended to stop attacks
  • Defences can be intended to minimise liability in
    event of attack
  • Fancy firewalls (in some cases)

5
Attacks
  • Most attacks exploit human weakness
  • Much more common than technology attacks
  • People are usually the weakest link

6
Ex Getting passwords
  • Some techniques which is most common?
  • Break encryption used to send passwords over the
    Internet
  • Get computer virus onto victims system
  • Plant key-logger on victims keyboard
  • Search victims office for written-down password
  • Look over victims shoulder while he types
  • Phone victim, pretend to be DIT (phishing)
  • Set up website which asks for password, assume
    this will be the same as bank password
  • Buy victim drink in pub, find out name of dog,
    children, etc

7
Getting passwords
  • People attacks (phishing, pub, looking over
    shoulder, etc) much more common than
    technological attacks!
  • Ex phishing attack on Abdn Uni staff
  • Attacker used password to take over mail server
  • So Microsoft blocked email to student accounts
  • So security should focus on people first
  • But put this aside for rest of lecture so can
    talk about software

8
Secure coding
  • For most programmers, biggest impact of security
    is secure coding
  • Avoiding bugs which can be exploited by hackers
    and other attackers
  • Taken very seriously at Microsoft and many other
    software houses

9
Example Insecure Code
  • Boolean checkPIN(String userPIN, int realPIN)
  • try
  • int userPINint Integer.parseInt(userPIN)
  • if (userPINint ! realPIN)
  • return false
  • catch (NumberFormatException e)
  • System.out.println(PIN is not a
    number!)
  • return true

10
Example
  • If attackers enters Fred as PIN, this causes
    NumberFormatException
  • Error message printed
  • But then true returned from method
  • Ie, PIN verified!
  • Many programmers dont think about what happens
    in an exception handler after the error is logged

11
Secure Coding
  • Many such things that programmers need to be
    aware of
  • Worst problem is buffer overflow
  • Mostly for C programs, not a big issue in Java
  • Source of 2/3 (?) of security updates/patches to
    software

12
Cryptography
  • Algorithms to encrypt plaintext message into a
    ciphertext that looks like gibberish
  • Charge 300 to VISA 4560720112985409 becomes
  • iQA/AwUBO8RZysYL3oijlaCiEQI3OwCgm7UzwxUW26KR/emgIB
    sFavKAdgAoN4F
  • Algorithms to decrypt ciphertext back into the
    original plaintext
  • iQA/AwUBO8RZysYL3oijlaCiEQI3OwCgm7UzwxUW26KR/emgIB
    sFavKAdgAoN4F becomes
  • Charge 300 to VISA 4560720112985409

13
Cryptography Terminology
  • Encryption and decryption are based on an
    algorithm and a key
  • sometimes two keys, one for encryption and one
    for decryption
  • The algorithm is assumed to be public knowledge,
    but the key is secret
  • Cryptanalysis is deciphering a text without
    knowing the key
  • speciality of GCHQ, NSA, etc

14
Cryptography Usage
  • Privacy we encrypt messages so third parties
    cannot read them
  • snoopers cannot read your credit card number when
    you send it to Amazon
  • Authenticity we encrypt messages to prove they
    are not from by a third party
  • snoopers cannot forge an encrypted message to
    Amazon ordering 300 of books and charging it to
    our account

15
Cryptographic Systems
  • Three building blocks
  • Encrypt/decrypt using same key
  • Known as secret key
  • Encrypt/decrypt using different keys
  • Usually a public key and a private key
  • Encrypt only (decrypt impossible)
  • No key (not needed)
  • Known message digest (or hash confusing)

16
Mathematical Cryptography
  • Modern cryptography has a strong mathematical
    basis
  • Algorithms based on mathematics, especially
    number theory
  • Formal theories about difficulty of cryptanalysis
    without knowing key
  • Although generally assume P NP
  • Details in Anderson

17
Secret key crypto SP-Networks
  • Secret keys done using SP-networks
  • An SP network is a series of substitutions and
    transpositions
  • substitution map bytes (characters) into other
    bytes using a lookup table
  • transpositions mix up bits from the different
    bytes.
  • Repeat N times
  • Reverse process to decrypt

18
Example
  • Substitution
  • A -
  • c - ß
  • Etc
  • Transposition
  • Swap 4 low-order bits of adjacent bytes
  • Dr (x44, x72) - Bt (x42, x74)

19
Key
  • Key can control substitutions and transpositions
  • Easier (and as effective) to add key to result
    after a round
  • Can modify key after each round

20
AES
  • Advanced Encryption Standard (AES)
  • http//www.formaestudio.com/rijndaelinspector/arch
    ivos/rijndaelanimation.html
  • SP-Network with 10-14 rounds
  • Substitution and transpositions are fixed
  • Key added after each round
  • Keys are 16-32 bytes
  • Default for US govt
  • many others will use it as well
  • Probably cannot be cracked with current
    technology.

21
Java
  • Java has many operators that manipulate bits
  • (and) (or) (exclusive or)
  • (2 versions of right-shift)
  • Javax.crypto cryptographic functions

22
Public Key Cryptography
  • Algorithms with different encryption and
    decryption keys
  • knowing encryption key does not tell you
    decryption key, and vice-versa
  • RSA is best known
  • We can publish one key and keep other secret
  • Much slower (1000 times) than AES

23
Public Key Cryptography
  • Privacy - public encryption key, private
    decryption key
  • Anyone can send me a message that no one else can
    read
  • Authenticity - private encryption key, public
    decryption key
  • I can send a message to anyone else, and they can
    verify that it came from me

24
Maths Prime Numbers (RSA)
  • Public encrypt key
  • N product of two primes P and Q
  • E another number (some constraints)
  • Encryption Take plaintext to power E, ciphertext
    is result modulo N
  • Decryption take cipher text to power D,
    plaintest is result mod N
  • D is private key
  • D cannot be calculated from E and N (public
    key), unless N can be factored

25
Example
  • P 3, Q 11, N PQ 33 E 3
  • Plaintext 5
  • Ciphertext 5 3 mod 33 26
  • D 7 (computed from P, Q)
  • Decrypt 267 mod 33 5

26
Cryptanalysis
  • Can derive private key from public key if can
    factor the N component of public key
  • Can factor 512-bit number with 100s of CPU-years
  • Available to NSA, GCHQ (not random hacker)
  • Cannot factor 1024-bit number with present
    technology and maths

27
Message Digest Functions
  • Produce a fixed length key (typically 20 bytes)
    from a message of arbitrary size.
  • Given just key, cannot produce a text that hashes
    to this key
  • Example use password storage
  • if we store hashed passwords, then attacker wont
    know password even if he can read the password
    file

28
MD5
  • Popular hash func for passwords, etc
  • 64 rounds, in each round texts is broken into
    4-byte chunks which are combined in various ways
  • Same idea as SP-Network, but not reversible
  • If MD5(X) Y and you are given Y
  • Cannot find X from Y
  • Some people think may be able to find XX such
    that MD5(XX) is also Y

29
Systems
  • How do all these components (secret key, public
    key, hash) work together in a complete system?
  • How can a car key identify itself to a car
  • How can we send our credit card number to Amazon
    securely?

30
Problem Car Remote
  • Drivers want remote controls to open their car
  • Send radio signal to car
  • How stop attacker from faking right signal and
    getting into your car?
  • Need protocol (algorithm) to identify remote to
    car
  • Similar to military IFF (identify friend/foe)

31
Version 1 Password
  • Version 1 car and remote programmed with same
    password
  • Remote broadcasts password to car
  • Car opens if password correct
  • Vulnerability
  • Thief can snoop and record password signal
  • If only a small number (64K) of passwords, thief
    can sit in a car park and try them all
  • Ideas for better protocols for identifying remote
    to car?

32
Version 2 Encrypt using key
  • Version 2 car and remote programmed with same
    key for AES-like encryption algorithm
  • Remote generates random number, encrypts it,
    sends number and encrypted version to car
  • Car opens if (a) has never seen number before,
    and (b) encryption is correct according to its
    prestored key
  • Key known to both but not transmitted
  • So cannot be snooped
  • Vulnerability thief can jam car, snoop signal
    from remote, and then replay

33
Version 3 Challenge Response
  • Version 3 car and remote programmed with same
    key for AES-like encryption algorithm
  • As in Version 2
  • Remote request entry
  • Car (not remote) picks random number, sends to
    remote
  • More expensive, car and remote both need to send
    and receive
  • Remote encrypts it, sends back to car
  • Car opens if encryption is correct
  • Vulnerability man in middle
  • Complex, wouldnt be used against a car, is a
    concern in military applications

34
Man-in-Middle
  • Two attackers, A1 and A2
  • A1 is by car
  • A2 is by victim (who is not near car)
  • Both carry radio transceivers
  • A2 convinces victim to press button on remote
  • A1/A2 use trans to send request-entry signal to
    car random number back to remote encrypted
    number back to car
  • Car opens for A1

35
Evolution
  • Attacks get more sophisticated to deal with
    defences, so defenses get more sophisticated to
    deal with the new attacks, so attacks get more
    soph
  • Common pattern in security
  • At some point accept vulnerabilities
  • Man-in-middle for car-remote

36
Prob Sending credit-card num
  • Want to send credit card information and other
    sensitive data on Internet
  • Concerned that net snoopers will be able to
    intercept and read
  • Unclear how realistic this is in practice, unless
    CIA/NSA/GCHQ is attacker
  • How can we use crypto to protect data?

37
Protocol (simplified)
  • Amazon sends us its public key
  • Accompanied by digital signature
  • Based on certificate authority (eg,Verisign)
  • Verisign uses its private key to encrypt (message
    digest of) Amazons public key
  • Amazon sends this along with the actual key, in a
    certificate
  • We compute digest of key and compare to decrypted
    version of Verisign-encrypted digest
  • Using Verisigns public key, preloaded in our
    browser by Microsoft or Mozilla
  • If match, accept key

38
Protocol (simplified)
  • We can use Amazons public key to encrypt our
    credit-card info, and send this to Amazon
  • More common to generate a random AES key (session
    key), and send an encrypted version of this to
    Amazon
  • We can use this session key to encrypt the actual
    data

39
Protocol
  • This is basis of SSL (https) protocol
  • Actual protocol is much more complicated
  • Main vulnerability is human (?)
  • Can attacker convince Verisign to sign a
    certificate saying the attacker is Amazon?
  • How well does Verisign check people who apply for
    certificates
  • Sometimes not very thorough

40
Final Thoughts
  • Remember that people are almost always the
    weakest link!
  • Focus on them, not technology
  • Be aware of secure coding principles when writing
    code
  • Cryptography can help, but it needs to be part of
    a system
  • More info in CS3515
Write a Comment
User Comments (0)
About PowerShow.com