Anish Arora - PowerPoint PPT Presentation

1 / 46
About This Presentation
Title:

Anish Arora

Description:

Lecture 0 Anish Arora CSE 5473 Network Security * * As of 2004[update], the best known trapdoor function (family) candidates are the RSA and Rabin families of functions. – PowerPoint PPT presentation

Number of Views:137
Avg rating:3.0/5.0
Slides: 47
Provided by: TheL70
Learn more at: https://cse.osu.edu
Category:

less

Transcript and Presenter's Notes

Title: Anish Arora


1
Lecture 0
  • Anish Arora
  • CSE 5473
  • Network Security

2
Objectives
  • Network (cyber-) security threats and
    countermeasures
  • Elements of cryptography
  • Protocols for security services 
  • Network security design using available secure
    solutions
  • Some advanced issues and technologies
  • (e.g. DDoS attacks, anonymous communications,
    wireless security, device / sensor network /
    cyberphysical security)
  • Original research in network security

3
Yes, You will Master Acronyms
  • DES, AES, RSA, Blowfish, MD, RC, SHA
  • IPSec
  • OSPF
  • SSL, TLS
  • PGP (BGP?), Shibboleth
  • DDoS

4
What We Wont Cover
  • How to configure and install security solutions
  • Forensics
  • Comprehensive organization approach to
    information assurance
  • Business aspects of network security
  • And well only superficially cover
  • Mathematics underlying cryptography
  • How to crack systems (spyware, malware, adware)
  • How to deal with access breaches (firewalls, IDS,
    port knocking)
  • Legal issues underlying export and patenting

5
Related Courses that Do Cover What We Omit
  • CSE 5473 This course
  • Focuses on network aspects of the tip of the
    so-called security pyramid
  • CSE 4471 Information Security
  • A big picture perspective. From time to time,
    Ill refer you here for background reading or
    access security
  • CSE 5351 Introduction to Cryptography
  • A reference for details on some of our topics
  • Also 5472 (Information Security Projects), 5359
    (Int. Studies in Crypto.)
  • All links in lectures are optional reading
    unless otherwise specified

6
What We Will Assume
  • You should be familiar with
  • Network layers
  • Protocols for the transport layer (TCP, UDP), for
    routing (RIP or OSPF), for the application layer
    (http)
  • C/C and/or script programming
  • I expect from you some mathematical maturity,
    including the ability to learn and use new
    mathematical programming notations (NesC for
    instance)

7
Course Materials
  • Webpage http//cse.ohio-state.edu/anish/5473.htm
    l syllabus, slides, notes, assignments,
    announcements
  • see also CARMEN (cse_5473_sp2015_31987)
  • Text
  • William Stallings, Cryptography and Network
    Security Principles Practice either
  • 5th Ed., Prent. Hall, 2010, ISBN0136097049
    errata
  • 4th Ed., Prent. Hall, 2002, ISBN0131873164
    errata
  • References
  • Mark Stamp, Information Security Principles
    Practice, Wiley 2011 ISBN0470626399
  • Bruce Schneier, Applied Cryptography, 2nd Ed.,
    Wiley 1996 ISBN 0-471-11709-9

8
My Expectations
  • Read the material assigned in class, to the point
    that you can answer simple conceptual or what-if
    questions in the quiz. (I dont expect you to
    remember details of crypto algorithms or security
    protocols or usage parameters)
  • Work independently and ethically on homeworks and
    labs
  • Read lectures before class, we can more time in
    class to discuss flaws, threats, attacks relevant
    to the discussion keep in mind you may know more
    about specific security features and bugs than I
    do

9
Grading Plan
  • Homework assignments15 (focus puzzles)
  • Laboratory exercises 25 (focus cracking)
  • In-class quizzes 10 (focus pay attention in
    class)
  • Midterm quiz 20 (focus concepts)
  • Research project 30 (focus
    theory/implementation)
  • Project will be done by teams of 2
    undergraduates, or one graduate student. Ill
    provide options for programming projects or you
    may consult with me to choose your own (theory,
    analysis, design, or implementation) project
  • Grading is relative ? You might get an A at 75

10
Outline of Lecture 0
  • Security attacks
  • Security mechanisms
  • Security models
  • Security services
  • Background big picture
  • 4471 discussion of threats/attack (Read this)

11
Security Attacks
Definition Any action that compromises security
of information Examples
12
Security Attacks (contd.)
  • Other attacks include
  • Flooding, Denial of Service, Jamming
  • Traffic Analysis
  • Routing Attacks false routes, configuration
    changes (SNMP)
  • Leak Information, Disown Information
  • Remote arbitrary code execution, e.g., via
    Viruses or Worms
  • Trapdoors, Covert functions, Logic Bombs
  • Man in the Middle
  • impersonates peers to one another provides
    service via others
  • Free Rider or Free Loader
  • a peer that gets service but does not provide
    service
  • Lazy Middle Man
  • a peer that does part of the work but never whole
  • Inject faults

13
Number of Security Attacks
14
Trends in Security Attacks
Optional reading Malware, Worms, Phishing,
Botnets, XSS
15
Security Attacks (contd.)
  • Attacks are comprised of elementary attacks
  • Replay
  • Deletion
  • Host compromise
  • Capability compromise
  • Key compromise
  • Data Encryption requires knowledge of key
  • Data Decryption requires knowledge of inverse
    key
  • Timestamps requires access to a secure time
    server
  • Eavesdropping
  • IP spoofing
  • (Optional reading Sniffing, Spoofing, Password
    tools)

16
Types of Security Attacks
Attacks
Attacks
Attacks
17
A Classification of Security Attacks
  • Passive or Active
  • both can access information being communicated,
    but only the latter can create or modify it
  • Host Compromise or Communication Compromise
  • only the former can obtain knowledge of all
    information known to the host
  • Internal or External
  • only the former can impersonate a system process,
    and thus also act as an intermediary
  • only the former lets the protocol being executed
    known
  • Destructive or Nondestructive
  • only the latter allows information to still be
    correctly communicated to the destination(s)

18
Security Mechanism
  • Definition A mechanism that is designed to
    detect, prevent, or recover from a security
    attack
  • Pervasive security mechanisms include
  • encryption or encipherment
  • digital signatures, notarization
  • traffic padding
  • routing control
  • trusted functionality
  • security labels
  • access controls
  • event detection
  • audit trails
  • firewalls

19
Types of Keys
  • Cryptography underlies many security mechanisms.
    Keys are often used for securing or unsecuring
    information
  • Symmetric, S
  • Same key is used to encode and decode
  • Asymmetric or Public/Private, B/R
  • Public key is used to encode, private key to
    decode
  • One way function, f
  • Given x, it is easy to compute f(x), but given
    f(x) its hard to
  • compute x
  • One way function with trapdoor, f
  • A one way function where given f(x) it is easy
    to compute x if
  • one knows a trapdoor function g s.t. g(f(x))x

20
Types of Keys (contd.)
  • One way permutation, f,g
  • Both f and g are one way functions and each
    other's trapdoor
  • One way hash function, MD
  • A hash function MD that is one way
  • (Recall that a hash function may be
    many-to-one)
  • One way weakly collision-free hash function, MD
  • A one way hash function MD s.t. given x it is
    hard to compute
  • a different y s.t. MD(x)MD(y)
  • One way strongly collision-free hash function,
    MD
  • A one way hash function MD s.t. it is hard to
    compute
  • different x and y s.t. MD(x)MD(y)

21
Types of Keys (contd.)
  • Weak key
  • A key in the key-space that does not encode
    well,
  • e.g., 0-key, and is thus easy to guess
  • Complement key
  • A key s.t. Complement(f(x)) f(Complement(x))
  • and thus involves considering half the x to
    guess
  • Related keys
  • A pair of keys that are related by some
    difference
  • which can be exploited to reduce the number of
    x to guess

22
Kerchoffs Principle
  • For key based cryptosystems, the property of
    security should not rely on the secrecy of the
    mechanism (aka, algorithm)
  • In other words, it should rely only on the
    secrecy of the key
  • Interpretation avoid security by obscurity

23
Security ModelsA Model for Secure Network
Communication
  • Consider information flowing over an insecure
    communications channel, in the presence of
    possible opponents
  • An appropriate security transform (encryption
    algorithm) can be used, with suitable keys,
    possibly negotiated using the presence of a
    trusted third party
  • Using this model requires us to
  • design a suitable algorithm for the security
    transformation
  • generate the secret information (keys) used by
    the algorithm
  • develop methods to distribute and share the
    secret information
  • specify a protocol enabling the principals to use
    the transformation and secret information for a
    security service

24
A Model for Secure Network Communication
25
A Model for Network Access Security
  • Consider controlled access to information or
    resources on a computer system, in the presence
    of possible opponents
  • Appropriate controls are needed on the access and
    within the system, to provide suitable security.
    Some cryptographic techniques are useful here
    also
  • Using this model requires us to
  • select appropriate gatekeeper functions to
    identify users
  • implement security controls to ensure only
    authorized users access designated information or
    resources
  • implement trusted computer systems

26
A Model for Network Access Security
Recall CSE 651 focuses more on Comm. than Access
Model
27
Security Service
  • Definition A service that enhances the security
    of data processing systems and information
    transfers.
  • Makes use of one or more security mechanisms
  • Examples of network security service
    requirements
  • authentication
  • privacy, confidentiality
  • integrity
  • non repudiation
  • obliviousness
  • information flow

28
Authentication
  • Definition The requirement by which a process
    securely communicates its identity to another
  • Thus, if process k receives an identification
    communication from process j then it must be the
    case that there is a corresponding send of that
    identification communication by j
  • Note that if messages are not all unique, then to
    deal with replay of old communications from j, we
    may have to embed counters in the state to
    capture bad prefixes
  • Instances of identity communication of j
  • k ? j n
  • j ? k R.j n
  • or
  • k ? j n
  • j ? k S n j

29
Privacy
  • Definition The requirement by which communication
    is possible that can be decoded only by the
    processes that agree to communicate
  • In some cases, source, destination, frequency of
    communication needs to be protected as well
  • Instances of private communication from j to k
  • j ? k S data
  • or
  • j ? k B.k data

30
Integrity
  • Definition The requirement by which a recipient
    can prove to itself that the message is what was
    indeed sent
  • I.e., the message was not modified or replaced
  • Instance of integrity of communication from j to
    k
  • j ? k data, MD(data S)

31
Non Repudiation
  • Definition The requirement by which a recipient
    can prove to anyone that the message was indeed
    sent by the sender
  • Likewise, a sender can prove that a recipient
    indeed received the message
  • Note that non-repudiation implies integrity, but
    not vice versa. Note that non-repudiation does
    not necessarily imply authentication, since the
    message could have been forwarded by a third
    party
  • Instance of nonrepudiation of communication from
    j to k
  • j ? k data, R.j data
  • or
  • j ? k data, R.j MD(data)

32
Obliviousness
  • Definition The requirement by which a process
    may perform a set of operations but not be sure
    which one (or more) of them was correctly
    performed
  • E.g., a process may send two messages but not be
    sure which one of them was correctly received
  • E.g. (slide 93 onwards), a process may sign one
    of a set of messages but not know which one it
    signed, or use one of a set of keys to encrypt
    with but not know which one was chosen

33
Information Flow
  • Definition The requirement by which a high-level
    process cannot communicate any information to a
    low-level process, directly or indirectly
  • Sometimes this is called absence of covert
    channels or subliminal channels
  • One sufficient condition for this requirement is
    called noninterference, which says that the
    outcome of an action of a low-level process in a
    computation remains the same even if actions
    performed by all higher-level processes are added
    or deleted to the computation

34
Security services (contd.)
  • Other important security services include
  • authorization access is enabled if that access
    is allowed
  • availability permanence, non-erasure
  • verifiability a sort of integrity, revealing
    originality not content
  • unforgeability a sort of integrity, forged
    messages must be independent of original messages
  • distinguishability can guess whether encrypted
    msg is m0/m1
  • detectability can guess whether encrypted msg is
    valid
  • Optional reading Firewalls (upto slide 37),
    Intrusion Detection

35
An aside on hashing
  • Length of hash ltlt length of message, often
    fixed at 48-128
  • Some other names of hashing finger printing,
    message integrity check (MIC), message digest,
    cryptographic checksum, manipulation detection
    code
  • Hash functions are wellknown. So hashing, unlike
    encryption algorithms, is exportable often used
    to communicate programs securely over the web
  • MDkeydata is a message authentication code
    (MAC) or data authentication code (DAC) knowing
    key

36
More on hashing Relative costs
  • Using 0 keys (MD) is cheaper that using 1 key
    (S), which in turn is cheaper than using 2 keys
    (B, R)
  • Privacy by j ? k Sdata is cheaper than j ? k
    B.kdata
  • Authentication by j ? k MDjnS is cheaper
    than j ? k Sjn
  • Non-repudiation via R.jMDdata is cheaper than
    R.jdata
  • Often 2 keys are used in rare modes and 1 key is
    used in common modes

37
Ethical, social, policy and legal issues
  • Some software we will study may be under export
    restriction, it is your responsibility to obey
    the applicable laws
  • Many of the algorithms we will discuss are
    protected by patents, which makes it illegal to
    make and sell (or give away) computer programs
    that use those algorithms
  • I expect you to work individually.
    Cheating/undisclosed collaboration will be dealt
    with severely
  • Background Big Picture Reading
  • From CSE4471 on Ethics/Law (optionally this,
    this)

38
Patent issues
  • Many cryptographic techniques algorithms are
    patented
  • Some are nonetheless royalty free (DES), at least
    for public use
  • Software licenses are necessary in these cases

39
Export issues
  • Some governments consider encryption a dangerous
    technology
  • USA, Australia, New Zealand, France and Russia
    control export
  • Export licenses are needed for export to a
    government
  • Import always ok cannot export to Cuba, Iran,
    Iraq, Libya, North Korea, Sudan, Syria
  • Previously
  • Technical review needed for export to
    non-government
  • Open source did not need review but must have
    deposited source code
  • Less than 64 bit encryption generally ok for
    export
  • Illegal to carry abroad encryption software on
    your laptop!

40
Elements of cryptographyTypes of security
  • unconditional security
  • no matter how much computation is available,
    cipher cannot be broken since ciphertext provides
    insufficient information to uniquely determine
    the corresponding plaintext
  • one-time pad a truly random key as long as the
    message
  • is unbreakable ciphertext bears no statistical
    relationship to plaintext
  • can only use the key once though
  • have problem of safe distribution of key
  • computational security
  • given limited computing resources (e.g. time
    needed for calculations is greater than age of
    universe), the cipher cannot be broken

41
Terminology
  • cryptography - study of encryption
    principles/methods
  • characterize by
  • number of keys used
  • single-key or private / two-key or public
  • type of encryption operations used
  • substitution / transposition / product
  • way in which plaintext is processed
  • block / stream
  • cryptanalysis (codebreaking) - study of
    principles/ methods of deciphering ciphertext
    without knowing key
  • cryptology - the field of both cryptography and
    cryptanalysis
  • brute force attacks search-based alternative to
    cryptanalaysis attacker tries every possible key
    to decipher ciphertext

42
Brute force attacks
  • always possible to simply try every key
  • most basic attack, proportional to key size
  • assume either know / recognise plaintext
  • not all key sizes equal
  • 80 bit DES 1024 bit RSA
  • as of 2010, neither regarded as secure

43
Types of cryptanalysis attacks
  • ciphertext only
  • only know ciphertext / algorithm, statistical,
    can identify plaintext
  • known plaintext
  • attack cipher by knowing / suspecting plaintext
    ciphertext
  • chosen plaintext
  • attack cipher by selecting plaintext and
    obtaining ciphertext, useful if limited set of
    messages
  • chosen ciphertext
  • attack cipher by selecting ciphertext and
    obtaining plaintext
  • chosen text
  • attack cipher by selecting either plaintext or
    ciphertext to en/decrypt

44
Things we wont really talk about
  • Substitution ciphers
  • where letters of plaintext are replaced by
    others b ? e, c ? f
  • or where if plaintext is viewed as a sequence of
    bits, then bit patterns are replaced with
    ciphertext bit patterns
  • monoalphabetic arbitrary mapping of letter to
    letter 26! multiletter coding mapping from
    multiple letters
  • polyalphabetic techniques multiple mappings
    e.g. position based
  • subject to brute force search and frequency
    attacks
  • Transposition (permutation) ciphers
  • where the letter order is rearranged without
    altering the letters
  • subject to frequency attacks

45
Things we wont really talk about
  • Product ciphers
  • use several ciphers in succession to make harder
  • especially if a substitution is followed by a
    transposition
  • number of rounds should suffice to make output
    look random
  • each input bit in block should affect every
    output bit
  • this is bridge from classical to modern ciphers
  • Cryptanalysis tools
  • special hardware
  • supercomputers or parallel machines
  • Internet coarse-grain parallelism

46
Things we wont really talk about (contd.)
  • Steganography
  • an alternative to encryption
  • hides existence of message
  • uses only subset of letters/words in longer msg
    marked in some way
  • using invisible ink
  • hiding in LSB in graphic image or sound file
  • drawback high overhead to hide relatively few
    info bits
Write a Comment
User Comments (0)
About PowerShow.com