slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security Frank Yeong-Sung Lin Department of Information Management National Taiwan University PowerPoint Presentation
Download Presentation
Information Security Frank Yeong-Sung Lin Department of Information Management National Taiwan University

Information Security Frank Yeong-Sung Lin Department of Information Management National Taiwan University

188 Vues Download Presentation
Télécharger la présentation

Information Security Frank Yeong-Sung Lin Department of Information Management National Taiwan University

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Information SecurityFrank Yeong-Sung LinDepartment of Information ManagementNational Taiwan University EMBA 2009 – Information Systems and Applications Lecture II

  2. Information Security Information security can be roughly divided into 4 areas: • Secrecy: keep information unrevealed • Authentication: determine the identity of whom you are talking to • Nonrepudiation: make sure that someone cannot deny the things he/she had done • Integrity control: make sure the message you received has not been modified

  3. Information Security (cont’d) Information security functionality can be distributed across several protocol layers: • Physical layer: protect transmission link from wire tapping • Data link layer: link encryption • Network layer: firewall, packet filter • Application layer: authentication, non-repudiation, integrity control, (and secrecy/confidentiality)

  4. Information Security (cont’d) A number of essential concepts to begin with: • Risk management • threats, vulnerabilities, assets, damages and probabilities • balancing acts • all cryptosystems may be compromised • Notion of chains (Achilles' heel) • Notion of buckets (products, policies, processes and people) • Defense in-depth • Average vs. worst cases • Backup, restoration and contingency plans

  5. Traditional Cryptography Passive intruder (listens only) Active intruder (alters message) • The model depends on a stable public algorithm and a key • The work factor for breaking the system by exhaustive search of the key space is exponential in the key length • Two categories: Substitution ciphers vs. transposition ciphers DK( EK( P)) = P Plaintext P EK( P) Encryption Decryption key K key K

  6. Traditional Cryptography (cont’d) • Simplified model of traditional cryptography

  7. Traditional Cryptography (cont’d) • Model of traditional cryptography

  8. Substitution Cipher • Caesar cipher • Every letter is shifted by k positions, e.g., k = 3 and “a” becomes “D”, b becomes “E”, … • For example, “attack” becomes “DWDDFN” • Mono-alphabetic substitution Plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM • The key space is 26! » 4x1026 • Still the cipher may be broken easily by taking advantage of the frequency statistics of English text (e.g., e, a, th, er, and, the appear very often)

  9. Substitution Cipher (cont’d) • Relative frequency of letters in English text

  10. Transposition Ciphers M E G A B U C K 7 4 5 1 2 8 3 6 p l e a s e t r a n s f e r o n e m i l l i o n d o l l a r s t o m y s w i s s b a n k a c c o u n t s i x t w o t w o a b c d • Plaintext is written horizontally, while the ciphertext is read out by column, starting with the lowest key column • To break the transposition cipher • guess a probable word or phrase (e.g., milliondollars) • try to determine the key length, then order the columns • Another related example regarding Newton Plaintext pleasetransferonemilliondollarsto myswissbankaccountsixtwotwo Ciphertext AFLLSKSOSELAWAIATOOSSCTCLNMOMANT ESILYNTWRNNTSOWDPAEDOBUOERIRICXB

  11. Other Interesting Ciphers • Chinese poems • Clubs and leather stripes • Invisible ink (steganography in general) • Books • Code books • Enigma • XOR • Ej/vu3z8h96

  12. Two Fundamental Cryptographic Principles • First principle • All encrypted messages must contain redundancy to prevent active intruders from tricking the receiver into acting on a false message • However, the same redundancy makes it easier for passive intruders to break the system • Second principle • Some measures must be taken to prevent active intruders from playing old messages, e.g., use time stamp to • filter out duplicate messages within a certain time • incoming messages that are too old are discarded

  13. Encoder: 8 to 3 Decoder: 3 to 8 S1 S5 S2 S6 P1 P2 P3 S3 S7 S4 S8 Secret-Key Algorithms • Consists of sequence of transpositions and substitutions S-box (Substitution) Product cipher P-box (Permutation)

  14. Data Encryption Standard (DES) • Plaintext is encrypted in blocks of 64 bits • DES is basically a mono-alphabetic substitution cipher using a 64-bit character 64 bit plaintext Li-1 Ri-1 Initial transposition K1 Iteration 1 56-bit key K16 Li-1 Å f(Ri-1, Ki) Iteration 16 32 bit swap Inverse transposition 32 bits Li 32 bits Ri 64 bit ciphertext

  15. DES Chaining • DES may be vulnerable to active intruders Name Bonus Leslie $0000010 Intruder may copy the block to one row above Kimberly $0100000 8 bytes 8 bytes • DES chaining P0 P1 P2 P3 C0 C1 C2 C3 IV # # # # D D D D Exclusive OR Key # # # # E E E E C0 C1 C2 C3 P0 P1 P2 P3

  16. Breaking DES • Exhaustive search of key space = 256» 7x1016 • can use multiple computers to do search in parallel • Running DES twice consecutively with two different 56-bit keys creates a key space of 2112» 5x1033 • but it still can be broken by the “meet-in-the-middle” attack in Q (257) time, because Ci = EK2 (EK1 (Pi)) DK2(Ci) = EK1(Pi)

  17. Triple DES Encryption • Using EDE (2 encryption and 1 decryption) instead of EEE is for backward compatibility (when K1 = K2) with single-stage DES system • Using EEE with 3 different keys is basically unbreakable nowadays K1 K2 K1 K1 K2 K1 P C C P E D E D E D Encryption Decryption

  18. Public-Key Algorithms • Encryption (E) and Decryption (D) algorithms must meet the following requirements • E and D are different • D(E(P)) = P • It is exceedingly difficult to deduce D from E • Everyone has a pair of keys: public key (E) and private key (D) • Public key is made known to the world • Private key is to be kept private all the time A B P1 EB(P1) DB(EB(P1)) = P1 EB DB DA(EA(P2)) = P2 EA(P2) P2 DA EA

  19. Principles of Public-Key Cryptosystems

  20. Principles of Public-Key Cryptosystems (cont’d) • Requirements for PKC • easy for B (receiver) to generate KUb and KRb • easy for A (sender) to calculate C = EKUb(M) • easy for B to calculate M = DKRb(C) = DKRb(EKUb(M)) • infeasible for an opponent to calculate KRb from KUb • infeasible for an opponent to calculate M from Cand KUb • (useful but not necessary) M = DKRb(EKUb(M)) = EKUb(DKRb(M)) (true for RSA and good for authentication)

  21. Principles of Public-Key Cryptosystems (cont’d)

  22. Principles of Public-Key Cryptosystems (cont’d) • The idea of PKC was first proposed by Diffie and Hellman in 1976. • Two keys (public and private) are needed. • The difficulty of calculating f-1 is typically facilitated by • factorization of large numbers • resolution of NP-completeness • calculation of discrete logarithms • High complexity confines PKC to key management and signature applications

  23. Principles of Public-Key Cryptosystems (cont’d)

  24. Principles of Public-Key Cryptosystems (cont’d)

  25. Principles of Public-Key Cryptosystems (cont’d) • Comparison between conventional and public-key encryption

  26. Principles of Public-Key Cryptosystems (cont’d) • Applications for PKC • encryption/decryption • digital signature • key exchange

  27. Principles of Public-Key Cryptosystems (cont’d)

  28. Principles of Public-Key Cryptosystems (cont’d)

  29. Principles of Public-Key Cryptosystems (cont’d)

  30. RSA Algorithms • Developed by Rivest, Shamir, and Adleman at MIT in 1978 • First compute the following parameters • Choose two large primes, p and q (typically > 10100) • Compute n = pxq and z = (p-1)x(q-1) • Choose d, which is a number relatively prime to z • Find e such that (exd) mod z = 1 • Divide the plaintext into blocks of k bits, where 2k < n • To encrypt P, compute C = Pe mod n • To decrypt C, compute P = Cd mod n • Public key = (e, n), private key = (d, n)

  31. The RSA Algorithm (cont’d) • Format’s Little Theorem: If p is prime and a is a positive integer not divisible by p, then a p-1 1 mod p. Example: a = 7, p = 19 72 = 49  11 mod 19 74 = 121  7 mod 19 78 = 49  11 mod 19 716 = 121  7 mod 19 a p-1 = 718 = 716+2 711  1 mod 19

  32. The RSA Algorithm (cont’d)

  33. The RSA Algorithm (cont’d)

  34. The RSA Algorithm (cont’d) • Example 1 • Select two prime numbers, p = 7 and q = 17. • Calculate n = p  q = 717 = 119. • Calculate Φ(n) = (p-1)(q-1) = 96. • Select e such that e is relatively prime to Φ(n) = 96 and less than Φ(n); in this case, e = 5. • Determine d such that d  e = 1 mod 96 and d < 96.The correct value is d = 77, because 775 = 385 = 496+1.

  35. The RSA Algorithm (cont’d)

  36. The RSA Algorithm (cont’d) • The security of RSA • brute force: This involves trying all possible private keys. • mathematical attacks: There are several approaches, all equivalent in effect to factoring the product of two primes. • timing attacks: These depend on the running time of the decryption algorithm.

  37. The RSA Algorithm (cont’d) • To avoid brute force attacks, a large key space is required. • To make n difficult to factor • p and q should differ in length by only a few digits (both in the range of 1075 to 10100) • both (p-1) and (q-1) should contain a large prime factor • gcd(p-1,q-1) should be small • should avoid e < n and d < n1/4

  38. The RSA Algorithm (cont’d) • To make n difficult to factor (cont’d) • p and q should best be strong primes, where p isa strong prime if • there exist two large primes p1 and p2 such that p1|p-1 and p2|p+1 • there exist four large primes r1, s1, r2 and s2 such that r1|p1-1, s1|p1+1, r2|p2-1 and s2|p2+1 • e should not be too small, e.g. for e = 3 and C = M3 mod n, if M3 < n then M can be easily calculated

  39. The RSA Algorithm (cont’d)

  40. The RSA Algorithm (cont’d) • Major threats • the continuing increase in computing power (100 or even 1000 MIPS machines are easily available) • continuing refinement of factoring algorithms (from QS to GNFS and to SNFS)

  41. The RSA Algorithm (cont’d)

  42. The RSA Algorithm (cont’d)

  43. RSA Algorithms (cont’d) • The security of RSA is based on the difficulty of factoring large numbers • It takes 4x109 years for factoring a 200-digit number • It takes 1025 years for factoring a 500-digit number • RSA is too slow to actually encrypt large volumes of data, so it is primarily used for distributions of one-time session key for use with DES algorithms

  44. The RSA Algorithm (cont’d)

  45. Elliptic Curve Cryptography (ECC) • For the same length of keys, faster than RSA • For the same degree of security, shorter keys are required than RSA • Standardized in IEEE P1363 • Confidence level not yet as high as that in RSA • Much more difficult to explain than RSA

  46. Elliptic Curve Cryptography (cont’d) • Computational effort for cryptanalysis of elliptic curve cryptography compared to RSA

  47. Elliptic Curve Cryptography (cont’d)

  48. Key Management • The distribution of public keys • public announcement • publicly available directory • public-key authority • public-key certificates • The use of public-key encryption to distribute secret keys • simple secret key distribution • secret key distribution with confidentiality and authentication

  49. Key Management (cont’d) • Public announcement

  50. Key Management (cont’d) • Public announcement (cont’d) • advantages: convenience • disadvantages: forgery of such a public announcement by anyone