1 / 67

SCSC 455 Computer Security

SCSC 455 Computer Security. Chapter 2 Secure Data Dr. Frank Li. Index. Basics of cryptography Kerckhoff’s Principle The big picture of cryptography Digital signature and digital certificate Cryptography in a browser Encryption utilities Other encryption applications. Cryptography.

hova
Télécharger la présentation

SCSC 455 Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCSC 455 Computer Security Chapter 2 Secure Data Dr. Frank Li

  2. Index • Basics of cryptography • Kerckhoff’s Principle • The big picture of cryptography • Digital signature and digital certificate • Cryptography in a browser • Encryption utilities • Other encryption applications

  3. Cryptography Cryptography • the science of encoding data so that it cannot be read without special knowledge or tools; • Is a crucial part of network applications Q: Why cryptography is a crucial part in network applications?

  4. Cryptography and Computer Security Ans: • Network connections can be tapped, - sniffing the network • Sniffers are used by many system administrators to troubleshoot networking problems. • Encryption can provide security in insecure communication channels Q: What exactly does “security” mean?

  5. History of cryptography: Caesar cipher • Julius Caesar (100–44 B.C.) developed a simple encryption method -- shifted the alphabet by three positions Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cryptographic Alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC e.g.1 Encypt “caesar”  ? e.g.2 Decrpt “vhfxulwb”  ? • Caesar cipher is substitution cipher • a different letter of the alphabet is substituted for each letter in the message

  6. History of cryptography: Transposition Cipher Transposition Cipher: rearrange letters in plaintext to produce cipher text • Rail-Fence cipher • Plaintext is HELLO WORLD • Encryption: HLOOL ELWRD  HLOOLELWRD Q: How to decrypt the ciphertext?

  7. History of cryptography: Enigma machine in WWII • By the twentieth century it became possible to carry out substitutions by using electrical connections to mechanize the difficult work of looking up tables in a handbook. • The basic Enigma was invented in 1918 by Arthur Scherbius in Berlin. • It enciphers a message by performing a number of substitutions one after the other. • Scherbius's idea was to achieve these substitutions by electrical connections.

  8. One-Time Pad • A one-time padis a perfect encryption scheme because it is considered unbreakable if implemented properly • Is made up of random bits. • Is as simple as letter substitution • This encryption process uses a binary mathematic function XOR. Message stream 1001010111 Keystream 0011101010 Ciphertext stream 1010111101

  9. OTP in action • One-time pads have been used throughout history to protect different types of sensitive data. • Today, they are still in place for many types of militaries as a backup encryption option if current encryption processes are unavailable for reasons of war or attacks. A Russian One-time pad, captured by MI5 The history of cryptography (reading assignment -- article 1)

  10. Modern cryptography: DES • The Data Encryption Standard (DES) was developed in the 1970s • uses a 56-bit key to encrypt data using various algorithms (substitution + Transposition Cipher) • 56 bits provide for 256 possible key combinations. • was a widely implemented U.S. standard • However, it takes 20 hours to break a DES key in 1998 • DES is being phased out, but it is still widely used • relatively few people have the equipment to break the key • 20 hours is still a relatively long time in the Internet age

  11. Modern cryptography: Skipjack and Triple DES • There were several responses to the cracking of DES: • DES keys were increased to 1024 bits • Creation of a new and more secure algorithm called Skipjack, which uses an 80 bit key • Triple DES relies on DES, but encodes each message three times using three different keys • An new encryption algorithm Advanced Encryption Standard (AES)

  12. Modern cryptography: Advanced Encryption Standard (AES) • Advanced Encryption Standard (AES) • NIST sponsored a competition in 1997 to create a replacement for DES. • The winner is the Rijndael algorithm by two Belgians • Use three different key lengths: 128 bits, 192 bits, 256 bits • was approved for use by U.S. government agencies in May 2002

  13. Another way to hide data: Steganography • Steganography is a method of hiding data in another media type so that the very existence of the data is concealed. • does not use algorithms or keys to encrypt information. • A message can be hidden in a WAV file, in a graphic, or in unused spaces on a hard drive or sectors that are marked as unusable. • E.g.1 the least significant bit of each byte of the image can be replaced with bits of the secret message. • This practice does not affect the graphic enough to be detected. • E.g. 2 can also be used to insert a digital watermark on digital images so that illegal copies of the images can be detected. (This technique will be covered in lab.)

  14. Index • Basics of cryptography • Kerckhoff’s Principle • The big picture of cryptography • Digital signature and digital certificate • Cryptography in a browser • Encryption utilities • Other encryption applications

  15. The anatomy of cryptography M: plaintext, the message to transmit C: ciphertext, encrypted message E: encryption D: decryption • Cipher, a.k.a. rules or algorithms of encryption and decryption • E.g. allow letter-substitution to convert plaintext to ciphertext • The level of complexity of an algorithm can be increased by using a key • Key is a code necessary to encrypt or decrypt a message correctly using the algorithm

  16. Kerckhoff’s Principle • Kerckhoff’s Principle (1883) • the only secrecy involved with a cryptography system should be the key; the algorithm should be publicly known; • Good security assumes an eavesdropper knows the cipher, but the key must be kept secret

  17. Index • Basics of cryptography • The big picture of cryptography • Digital signature and digital certificate • Cryptography in a browser • Encryption utilities • Other encryption applications

  18. The big picture of cryptography • Symmetric encryption algorithms • Use the same key and algorithm to encrypt and decrypt a message • The key used is called a private key, because it must be kept secret for the message to be secure • A.a.k. classical cryptography, classical cipher (Every encryption algorithm covered so far belongs to symmetric encryption algorithm.) • Asymmetric encryption algorithms • Use one key to encrypt and another key to decrypt • The key you can reveal to everyone is called a public key

  19. Symmetric Algorithms • The sender and receiver use two instances of the same key for encryption and decryption • If an intruder were to get this key, the intruder could decrypt any intercepted message encrypted with this key.

  20. Symmetric Algorithms • The security of the symmetric encryption method is completely dependent on how well users protect the key • Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key. • Q 1: How many keys are required if 50 people want to communicate using symmetric algorithm? • Q 2: How symmetric keys are actually shared and updated?

  21. Symmetric Algorithms • It is not safe to just send it in an e-mail message • the key is not protected and can be easily intercepted and used by attackers • The out-of-band method • Other implications of symmetric algorithms • Both users have the same key to encrypt and decrypt messages • Symmetric cryptosystems can provide confidentiality but they cannot directly provide authentication or non-repudiation. Why?

  22. Symmetric Algorithms • Advantages of symmetric algorithms • Symmetric algorithms are very fast, comparing to asymmetric algorithms • Symmetric algorithms are hard to break if a large key size is used. • Examples of symmetric algorithms : • Data Encryption Standard (DES) • Triple-DES (3DES) • Blowfish • IDEA • RC4, RC5, and RC6 • Advanced Encryption Standard (AES)

  23. Asymmetric Cryptography • In public key systems, each entity has a pair of different keys, or asymmetric keys. • The two different asymmetric keys are mathematically related. • The public keycan be known to everyone • The private keymust be known and used only by the owner. • It must be computationally infeasible to derive the private key from the public key.

  24. Asymmetric Cryptography In different scenarios, we can choose to use either public key or private key to encrypt and decrypt. • Scenario 1: C = E_a(M)  M = D_a(C) • Scenario 2: C = D_a(M)  M = E_a(C)

  25. Scenario 1 Q: Is there any problem in scenario 1?

  26. Scenario 2 Q: Is there any problem in scenario 2?

  27. Scenario 3 Q: Is this any problem in scenario 3?

  28. Asymmetric Cryptography • Common asymmetric algorithms • Diffie-Hellman • RSA • Elliptic curve cryptosystem (ECC) • El Gamal • Digital Signature Algorithm (DSA) • Knapsack • RSA is the most popular public-key encryption • Developed by Ronald Rivest, Adi Shamir, and Len Adleman • RSA is used in a number of products from many vendors • Web browsers, Virtual private networks (VPN)

  29. Asymmetric vs. Symmetric Cryptography • Pro: Asymmetric algorithms • Can provide authentication and non-repudiation. • also provide for easier and more manageable key distribution • Cons: Asymmetric algorithm works much more slowly than a symmetric algorithm • Symmetric algorithms carry out relatively simplistic mathematical functions – substitution and transposition • Asymmetric algorithm uses much more complex mathematics to carry out their functions.

  30. Hybrid cryptosystem In a hybrid system, asymmetric algorithm and a a symmetric algorithm are used in a complementary manner • A hybrid cryptosystem = symmetrical key cipher + public-key cipher • An asymmetric algorithm creates keys that are used for automated key distribution. • A symmetric algorithm creates keys that are used for encrypting bulk data

  31. Index • Basics of cryptography • The big picture of cryptography • Digital signature and digital certificate • Cryptography in a browser • Encryption utilities • Other encryption applications

  32. Authentication the public key • A potential weakness of public-key cryptography Q: How do you know that the pubic key you have for an individual is really for that individual? • The solution is authentication public key • Authentication is the process of proving that you are in fact the person you say you are. • E.g., A phone ID is commonly used to authenticate a person. Q: How to authenticate a public key?

  33. One way to authenticate public key:Signatures • Signatures let you authenticate a public key • How the signature works? • You verify that another person’s key really belongs to that person. And then sign that public key with your own private key. • Others get that public key can see your signature and know you trust that key, so they may decide to trust it OR may decide to verify that key themselves. • Form a web of trust -- a peer to peer trust relationship • Example … Q: How to verify another person’s public key?

  34. Verify public key • Verify the public key in person or call the owner of the public key and check the key • A key usually has hundred of digital • Check bit by bit is not very efficient • A fingerprint is a smaller number that is derived from a very lengthy public key • Fingerprints are created by hashing the public key, • Hashing is a process by which a mathematical function is used that converts larger numbers into smaller numbers

  35. Hash function • A hash function is a function that takes a variable- length string, and produces a fixed-length hash value. • The hash value is also called fingerprint, checksum, or message digest • A fingerprint is changed  the contents have been altered • Example … • Two commonly used hash functions • Message digest hash (MD5) provides 128 bits fingerprint • Secure hash algorithm (SHA-1) provides 160 bits fingerprint

  36. The second way to authenticate public key:Certificate Using digital certificate -- with PKI • A certificate is a numeric code that is used to identify an organization • Certificate authority (CA) verifies the credential of an organization of individual. • Then CA issues a client’s public key and sign it with CA’s private key E.g. VeriSign is an well-known CA

  37. Index • Basics of cryptography • The big picture of cryptography • Digital signature and digital certificate • Cryptography in a browser • Encryption utilities • Other encryption applications

  38. Using Cryptography in a Browser • A small lock or key in the lower left corner of the browser window • When visiting a web page that has been transmitted to your computer using encryption, • Most encrypted Web pages, such as shopping carts, appear with a URL that starts with https • https indicates the web server used an encrypted protocol Secure Socket Layer (SSL) to transmit web page.

  39. SSL and TLS • Secure Sockets Layer (SSL) • Developed by Netscape for transmitting private documents via the Internet • Uses a public key to encrypt data that is transferred over the SSL connection • URLs that require an SSL connection start with “https:” instead of “http:” • Transport Layer Security (TLS) • Is the latest version of SSL • Not widely available in browsers yet.

  40. SSL/TLS Protocol • Runs on top of the TCP and below higher-level protocols • Uses TCP/IP on behalf of higher-level protocols • Allows both machines to establish an encrypted connection • Allows SSL-enabled server to authenticate itself to SSL-enabled client • Allows client to authenticate itself to server

  41. Secure Hypertext Transfer Protocol (Https) • Https is communications protocol designed to transfer encrypted information between computers over the World Wide Web • Online purchasing or exchange of private information over insecure networks • Https set up steps: • Client accesses a URL with https • Server sends back its certificate (public key encrypted by CA) • Client validates certificate, generates a symmetric session key, encrypts by server’s public key and sends back • Server gets session key, communication begins…

  42. Demo of Https • Tools: Ethereal • Http vs. Https (www.Netbank.com) • What will we look for? • Three-way TCP/IP handshake • Clear text packets of Http • SSL setup procedure • Encrypted packets Https

More Related