610 likes | 629 Vues
Learn about the ethical use of the internet, laws related to it, information security, cryptography, digital signatures, SSL/TLS protocols, web application attacks, and more.
 
                
                E N D
Internet &Web Security Syrian Virtual University MWS/MWT AWS Course Lecture 2 Prof. Dr. Moutasem Shafa’amry t_mshafaamri@svuonline.org
Course outlines • أخلاقيات استخدام الانترنت والقوانين المتعلقة بها • مقدمة في أمن المعلومات • مفاهيم ومصطلحات • التعمية المتناظرة وغير المتناظرة Cryptography • التوقيع الرقمي Digital Signature • الشهادات الرقمية Digital Certificate • المشاكل الأمنية في بروتوكولات الانترنت: HTTP, SMTP FTP • برتوكولات الحماية SSL, TLS, HTTPS, PGP واستخداماتها في تطبيقات الوب • أنواع الهجوم على الوب: • Cross-Site Request Forgery (CSRF) • SQL injection • etc • Computers Ethics • Introduction to cryptography • Computer Networks attacks • Security Protocols • Types of Web Applications Attacks • Detection and prevention • Security Standards • Security and Risk management • Practical Issues • Project
Cryptography What does it say? • Secrecy • Ciphers • Stream & Bloc ciphers • Secret Key Cryptography • Key Exchange • Public Key Cryptography • Digital Signatures • Applications Security
Cryptography Cryptography comes from the Greek words for ''secret writing.'' It has a long and colorful history going back thousands of years Cipher" is alternatively spelled "cypher"; similarly "ciphertext" and "cyphertext", and so forth. The word "cipher" in former times meant "zero“ from the Arabicصفرṣifr = zero A cipher is a character-for- character or bit-for-bit transformation, without regard to the linguistic structure of the message. In contrast, a code replaces one word with another word or symbol. Codes are not used any more, although they have a glorious history.
Why Cryptography? • Network information needs to be communicated through insecure channel. • Stored information may be accessed without proper authorization. • Cryptography is a systematic way to make that harder.
Common Security Requirements • Confidentiality :Secrecy(encryption) • Integrity (signature/encryption) • AVAILABILITY • CIA (Conf., Integrity, Availability) • Authenticity(signature/encryption) • Non-repudiation (signature)
Types of Secret Writing Secret writing Steganography Cryptography
Types of Secret Writing Secret writing Steganography Cryptography Substitution Transposition Code Cipher
Some Basic Terminology • plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering plaintext from ciphertext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
Cryptanalytic Attacks • ciphertext only • only know algorithm & ciphertext, is statistical, can identify plaintext • known plaintext • know/suspect plaintext & ciphertext • chosen plaintext • select plaintext and obtain ciphertext • chosen ciphertext • select ciphertext and obtain plaintext • chosen text • select plaintext or ciphertext to en/decrypt
Cipher Strength • unconditional security • no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext • computational security • given limited computing resources (e.g. time needed for calculations is greater than age of universe), the cipher cannot be broken
What Cryptography can do? • Encryption: only the authorized party can understand the encrypted message. • Signature: allow people to verify the authenticity of the message.
Classical Cryptography • Shift Cipher • (a special case used by Caesar) • Substitution Cipher • Affine Cipher • Vigenere Cipher • Hill Cipher • Permutation Cipher
Traditional Cryptography • Ciphers were already studied in ancient times • Caesar’s cipher: replace a with d replace b with e ... replace z with c • A more general monoalphabetic substitution cipher maps each letter to some other letter.
Crypto-analysis • Shift Cipher: English histogram • Substitution Cipher: histogram again • Affine Cipher: histogram • Vigenere Cipher: more complicated stat • Hill Cipher: Known plaintext attack • Permutation Cipher: histogram + semantics
Confidentiality (Secrecy) • Scenario: Alice wants to send a message (plaintext p) to Bob. The communication channel is insecure and can be eavesdropped by Trudy. If Alice and Bob have previously agreed on an encryption scheme (cipher), the message can be sent encrypted (ciphertext c) • Issues: • What is a good cipher? • What is the complexity of encrypting/decrypting? • What is the size of the ciphertext, relative to the plaintext? • If Alice and Bob have never interacted before, how can they agree on a cipher?
Breaking Traditional Cryptography • Armed with simple statistcal knowledge, Trudy can easily break a mono-alphabetic substitution cipher • most frequent letters in English: e, t, o, a, n, i, ... • most frequent digrams: th, in, er, re, an, ... • most frequent trigrams: the, ing, and, ion, ... • The first description of the frequency analysis attack appears in a book written in the 9th century by the Arab philosopher al-Kindi
Example (S. Singh, The Code Book, 1999) • Ciphertext • PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?' OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK Any Guesses???
Frequency Analysis • Identyfying comon letters, digrams and trigrams... • PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?' OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK • First guess: LBO is THE
Frequency Analysis • Assuming LBO represents THE we replace L with T, B with H, and O with E and get • PCQ VMJYPD THYK TYSE KHXHJXWXV HXV ZCJPE EYPD KHXHJYUXJ THJEE KCPK. CP THE THCMKXPV XPV IYJKT PYDHT, QHEP KHO HXV EPVEV THE LXRE CI SX'XJMI, KHE JCKE XPV EYKKOV THE DJCMPV ZEICJE HYS, KXUYPD: 'DJEXT EYPD, ICJ X LHCMKXPV XPV CPE PYDHLK Y HXNE ZEEP JEACMPTYPD TC UCM THE IXZREK CI FXKL XDEK XPV THE REDEPVK CI XPAYEPTEYPDK. SXU Y SXEE KC ZCRV XK TC AJXNE X IXNCMJ CI UCMJ SXGEKTU?' EFYRCDME, TXREK IJCS THE LHCMKXPV XPV CPE PYDBTK • More guesses…?
THE SOLUTION X Z A V O I D B Y G E R S P C F H J K L M N Q T U W A B C D E F G H I J K L M N O P Q R S T U V W X Y Z • Code • Plaintext Now during this time Shahrazad had borne King Shahriyar three sons. On the thousand and first night, when she had ended the tale of Ma'aruf, she rose and kissed the ground before him, saying: 'Great King, for a thousand and one nights I have been recounting to you the fables of past ages and the legends of ancient kings. May I make so bold as to crave a favour of your majesty?’ Epilogue, Tales from the Thousand and One Nights
Secret-Key Ciphers • A secret-key cipher uses a key to encrypt and decrypt • Caesar’s generalized cypher uses modular addition of each character (viewed as an integer) with the key: ci = pi + k mod m pi = ci-k mod m • A more secure scheme is to use modular exponentiation to encrypt blocks of characters (viewed as integers): c [i,j] = p[i,j]k mod m where m is a large prime.
Confusion and Diffusion • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining S & P elements to obtain: • diffusion – dissipates statistical structure of plaintext over bulk of ciphertext • confusion – makes relationship between ciphertext and key as complex as possible
Secret-Key Ciphersmade more secure • Unlike modular addition, modular exponentiation is considered computationally infeasible (exponential) to invert. Thus, even if Trudy guesses a pair: (c [i,j] ,p[i,j]), (for example, she knows the plaintext starts with the words “Dear Bob”) she still cannot compute the key k. • Alice and Bob need to share only key k. Bob decrypts using Euler’s Theorem from number theory: p[i,j] = c [i,j]d mod m where d can be easily computed from k and m using Euclid’s gcd algorithm.
Cryptography in the Computer Age • Working with binary instead of letters • We can do things many, many times • Think of an Enigma machine that has 2128 pairs of symbols on each rotor, and 20 rotors • Other than that, the basic principles are the same as classical cryptography
Block Cipher • Divide input bit stream into n-bit sections, encrypt only that section, no dependency/history between sections • In a good block cipher, each output bit is a function of all n input bits and all k key bits
Modern Ciphers • We design one relatively simple scrambling method (called a round) and repeat it many times • Think of each round as a rotor on the Enigma • One round may be easy to break, but when you put them all together it becomes very hard • Almost all ciphers follow one of two structures • SPN (Substitution Permutation Network) • Feistel Network • These describe the basic structure of a round
One SPN Round Input to the round First, the input is XORed with the round subkey Second, the input is split into pieces (usually of one byte) and put through a substitution Finally, the pieces are swapped around Output from the round And the output from this round becomes the input to the next round
A Simple SPN Cipher Plaintext Block The overall plaintext is broken into blocks and each block is encrypted with the cipher Typical SPN ciphers will have 10-14 rounds Alice and Bob only need one key, and the cipher will transform that key into subkeys for each round To decrypt, Alice just does everything in the reverse order Roundkey 1 Round 1 Roundkey 2 Round 2 Roundkey 3 Round 3 Ciphertext Block
One Feistel Round Input Left Half Input Right Half The input to the round is divided in half Roundkey The right half is put into a round function with the roundkey Round Function The output of the round function is XORed with the left half The two halves switch sides to become the input to the next round Only the left half of the input has been modified Output Left Half Output Right Half
A Simple Feistel Cipher Plaintext Block Feistel ciphers need twice as many rounds as SPN ciphers because only half of the input is being encrypted each round Roundkey 1 Round 1 Works the same as SPN ciphers in terms of transforming one key into subkeys and splitting the plaintext into blocks Roundkey 2 Round 2 To decrypt, the ciphertext is sent through the same cipher and the roundkeys are used in reverse order Roundkey 3 Round 3 Ciphertext Block
Modern Ciphers in Practice • Follow SPN/Feistel structure in general, but with added twists for security • There are two important ciphers in the history of modern cryptography • DES (Data Encryption Standard) • AES (Advanced Encryption Standard)
DES • U.S. Government recognized the need to have a standardized cipher for secret documents • DES was developed by IBM in 1976 • Feistel structure • Key length of 56 bits, block size of 64 bits • 16 rounds • Analysis of DES was the beginning of modern cryptographic research
Controversy Surrounding DES • Development process was hidden from public • Suspicions that the government had put in a “backdoor” • Government attempted to shut down research in cryptography
Breaking DES • The key length of DES was too short • If a key is 56 bits long, that means there are 256 possible keys • “DES Cracker” machines were designed to simply brute force all possible keys • People began encrypting the plaintext multiple times with different keys in order to increase the number of keys that need to be checked
Breaking DES cont. • DES was further weakened by the discovery of differential cryptanalysis • Biham and Shamir in 1990 • The most significant advance in cryptanalysis since frequency analysis • Ideally a ciphertext should be completely random, there should be no connection to its matching plaintext • Differential analysis exploits the fact that this is never actually the case • Uses patterns between plaintext and ciphertext to discover the key • There is evidence that IBM knew about differential cryptanalysis back when they were designing DES in 1976
Developing the AES • With DES effectively broken, a new standard was needed • U.S. Government made it an open application/review process this time, and received many submissions • In 2001, after five years, the Rijndael cipher was selected to become the Advanced Encryption Standard
AES (Rijndael) • Developed by Vincent Rijmen and Joan Daemen • SPN structure • Block size of 128 bits • Key size of 128, 192, or 256 bits • 10, 12, or 14 rounds depending on the key size
Current attacks against AES • On AES with 128-bit keys, a brute force attack would require 2128 work • Any technique that can decrypt a ciphertext with less than 2128 work is considered an attack • Currently the best attacks on AES use variations of differential cryptanalysis • None of them could actually be completed before the sun burns out • None of them work on the full number of rounds
Symmetric Encryption • or conventional / private-key / single-key • sender and recipient share a common key • all classical encryption algorithms are private-key • was only type prior to invention of public-key in 1970’s • and by far most widely used (still) • is significantly faster than public-key crypto
Encryption Mode (ECB) • Electronic Code Book (ECB) mode for block ciphers of a long digital sequence • Vulnerable to replay attacks: if an attacker thinks block C2 corresponds to $ amount, then substitute another Ck • Attacker can also build a codebook of <Ck, guessed Pk> pairs
Encryption Mode (CBC) Cipher Block Chaining (CBC) mode for block ciphers • Inhibits replay attacks and codebook building: identical input plaintext Pi =Pk won’t result in same output code due to memory-based chaining • IV = Initialization Vector – use only once
The Problem of Symmetric Key Cryptography • Up until now we’ve been talking about symmetric key cryptography • Alice and Bob are using the same key to encrypt/decrypt • Problem: How does Bob get the key to Alice when Eve is eavesdropping? • Up until 1976 the only solution was to physically give Alice the key in a secure environment
How to Establish a Shared Key? • What if Alice and Bob have never met and did not agree on a key? • The Diffie-Hellman key exchange protocol (1976) allows strangers to establish a secret shared key while communicating over an insecure channel
The Diffie-Hellman key exchange • Alice picks her secret “ half-key” x (a large integer) and two large primes m and g. She sends to Bob: (n, g, gx mod m) • Even if Trudy intercepts (n, g, gx mod m), she cannot figure out x because modular logarithms are hard to compute. • Bob picks his secret half-key y and sends to Alice: (gy mod m) • Again, Trudy cannot figure out y. • The shared key is: gxy mod m • Bob computes it as (gx mod m)y mod m • Alice computes it as (gy mod m)x mod m
Algorithmic Issues(How to do it Fast) • How can we efficiently compute modular exponents for large integers? • NOTE: It is not efficient to compute q = gx mod m in the obvious way: p = gx q = a mod m
Repeated Squaring Algorithm • represent x in binary: xb-1xb-2 ... x1`x0 • repeat b-1 times g = g2 mod m • This yields p0 = g mod m p1 = g2 mod m p2 = g4 mod m … pb-1= g2b-1 mod m for i = 0 to b-1 • q = qxipi mod m • The number of arithmetic operations performed is proportional to log x
The Woman-in-the-Middle Attack • Trudy can fool Alice and Bob to share a secret key with her • How? • Alice Trudy Bob
Public Key Cryptography • Diffie and Hellman published a paper in 1976 providing a solution • We use one key for encryption (the public key), and a different key for decryption (the private key) • Everyone knows Alice’s public key, so they can encrypt messages and send them to her • But only Alice has the key to decrypt those messages • No one can figure out Alice’s private key even if they know her public key