cryptography kuliah tamu
TRANSCRIPT
Thursday, March 29, 12
CRYPTOGRAPHY UNTUK KEAMANAN INFORMASIAgung Nugraha [email protected]
Kuliah Tamu Jurusan Sistem Informasi Institut Teknologi Sepuluh November Surabaya, 29 Maret 2012Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
INFORMATION SECURITYInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modication, perusal, inspection, recording or destructionThursday, March 29, 12
CRYPTOGRAPHY
Is
the science (some say an art) of transforming data in a way that renders it unreadable by anyone except the intended recipient. can be used to achieve several goals of information security, including Condentiality, Integrity, Authentication and Non-repudiation
Cryptography
Thursday, March 29, 12
HISTORY OF CRYPTOGRAPHY
Begin in ancient Egypt with hieroglyphics. Pen and Paper Cryptography
Scytale Spartan method involved wrapping a belt around a rod of a given diameter and length Atbash Hewbrew cipher which mirrored the normal alphabet Caesar Shift all letters by a given number of letters in the alphabet Vignre Use of a key and multiple alphabets to hide repeated characters in an encrypted message
Invention of cipher machine
Confederate Armys Cipher Disk Japanese Red and Purple Machines German Enigma
Modern Cryptography
Dife - Helman key exchange based on publik key cryptosystem Feistel from IBM with DES Shamir and Adleman with RSA
Thursday, March 29, 12
Thursday, March 29, 12
CRYTOGRAPHY IN INDONESIA
Pada tanggal 4 April 1946 pukul 10.00 WIB, Menteri Pertahanan, Mr. Amir Sjarifuddin, memerintahkan dr. Roebiono, seorang dokter di Kementerian Pertahanan Bagian B untuk membentuk badan pemberitaaan rahasia yang disebut Dinas Code
Pemancar radio telegra Buku Code C terdiri dari 10.000 kata Desember 1949 dikirimlah 3 (tiga) orang CDO, Munarjo, Sumarkidjo dan Maryono Idris Sunarmo, untuk memperdalam ilmu kriptologi di Belanda
Dinas kode berubah menjadi Djawatan Sandi, 1972 berubah menjadi Lembaga Sandi Negara
Thursday, March 29, 12
Thursday, March 29, 12
CRYPTOGRAPHY BASIC
Cryptanalysis is the science of deciphering ciphertext without the cryptographic key. Cryptography is the science of encrypting and decrypting information, such as a private message, to protect its condentiality, integrity, and/or authenticity. Cryptology is the science that encompasses both cryptography and cryptanalysis. Cryptosystem is the hardware or software implementation that transforms plaintext into ciphertext (or encryption) and back into plaintext (or decryption). Plaintext message is a message in its original readable format Ciphertext message is a plaintext message that has been transformed (encrypted) into a scrambled message thats unintelligible Encryption (or enciphering) is the process of converting plaintext communications into ciphertext Decryption (or deciphering) reverses that process, converting ciphertext into plaintext Key is using for encryption and decryption process
Thursday, March 29, 12
CRYPTOGRAPHY BASIC
http://www.tools4noobs.com/online_tools/encrypt/
Thursday, March 29, 12
CAESAR CIPHER
Thursday, March 29, 12
CAESAR CIPHER
Algorithm : Encrypt(Plaintext, Key) = (Plaintext + Key) (mod 26) Decrypt(Plaintext, Key) = (Plaintext - Key) (mod 26)
Encrypt(NIKITA, 3) = QLNLWD Decrypt(QLNLWD, 3) = NIKITA
Thursday, March 29, 12
CAESAR ATTACKS
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T Guess, C = A => Key (C-A) = 2
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T Guess, C = A => Key (C-A) = 2 Decrypt(UGTC PIKVU UWTCD CAC,2) = SERAN GITSS URABA YA
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T Guess, C = A => Key (C-A) = 2 Decrypt(UGTC PIKVU UWTCD CAC,2) = SERAN GITSS URABA YA
Brute Force Attack
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T Guess, C = A => Key (C-A) = 2 Decrypt(UGTC PIKVU UWTCD CAC,2) = SERAN GITSS URABA YA
Brute Force Attack
Decrypt(UGTC PIKVU UWTCD CAC,1) = TFSBO HJUTT VSBCB ZB
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext = UGTCP IKVUU WTCDC AC Frequency Analysis
Paling banyak muncul ; 4 kali = C, 3 kali = U, 2 kali = T Guess, C = A => Key (C-A) = 2 Decrypt(UGTC PIKVU UWTCD CAC,2) = SERAN GITSS URABA YA
Brute Force Attack
Decrypt(UGTC PIKVU UWTCD CAC,1) = TFSBO HJUTT VSBCB ZB Decrypt(UGTC PIKVU UWTCD CAC,2) = SERAN GITSS URABA YA
Thursday, March 29, 12
CAESAR ATTACKS
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext : WMWX IQMRJ SVQEW MMXWW YVEFE CE
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext : WMWX IQMRJ SVQEW MMXWW YVEFE CE W = S => Key (W-S) = 4
Thursday, March 29, 12
CAESAR ATTACKS
Ciphertext : WMWX IQMRJ SVQEW MMXWW YVEFE CE W = S => Key (W-S) = 4 Decrypt(WMWX IQMRJ SVQEW MMXWW YVEFE CE,4) = SISTEM INFORMASI ITS SURABAYA
Thursday, March 29, 12
GOALS OF CRYPTOGRAPHY
Condentiality, menjaga Integrity, memastikan
kerahasiaan data. ex : encryption
keaslian data. ex : hash function user yang sah. ex : password, token
Authentication, memastikan Non-repudiation, anti
penyangkalan. ex : digital signature
Thursday, March 29, 12
ENCRYPTION ALGORITHM Simteric
Key, menggunakan kunci s a m a u n t u k m e nya n d i d a n membuka pesan menggunakan dua buah k u n c i ya n g b e r b e d a u n t u k mengenkripsi dan dekripsi pesan.
Asimetric,
Thursday, March 29, 12
SYMETRIC VS ASYMETRIC
Symmetric
Cepat Hanya menyediakan condentiality Membutuhkansecure channel untuk key distribution Key management yang kompleks, N(N-1)/2 Contoh : DES, AES, Blowsh, RC4, RC5 Lambat karena operasi matematis yang kompleks Tidak membutuhkan secure channel untuk key distribution Dapat menyediakan authentication dan nonrepudiation Contoh : RSA, El Gamal, ECC, Dife-Hellman
Asymmetric
Thursday, March 29, 12
AESThursday, March 29, 12
AESThursday, March 29, 12
HASH ALGORITHM
Algoritma hash satu arah (one-way hashing) adalah suatu algoritma yang mengkompresi suatu pesan dengan panjang sembarang, dan menghasilkan keluaran suatu nilai yang selalu sama panjangnya Digunakan untuk memastikan keaslian dari data Contoh : Algoritma MD5, SHA1, SHA2, SHA3 http://www.hashemall.com/
Thursday, March 29, 12
AUTHENTICATION
Proses untuk membuktikan identitas suatu subjek, bisa orang atau mesin. Tiga kategori otentikasi: What you know: PIN, password, pasangan kunci publik-privat What you have: smart card, kunci, USB dongle What you are: ngerprint, retina
Thursday, March 29, 12
PASSWORD SECURITY GUIDELINES
Passwords should be changed every 60 days. Old passwords should not be re-used for a period of 6 months. Passwords should not be based on well-known or easily accessible personal information. Passwords should contain at least 8 characters. At least 5 uppercase letters (e.g. N) or 5 lowercase letters (e.g. t) or a combination of both. Passwords should contain at least 2 numerical characters (e.g. 5). Passwords should contain at least 1 special characters (e.g. $). A new password should contain at least 5 characters that are different than those found in the old password, which it is replacing. Passwords should not be based on users' personal information or that of his or her friends, family members, or pets. Personal information includes logon I.D., name, birthday, address, phone number, social security number, or any permutations thereof. Passwords should not be words that can be found in a standard dictionary (English or foreign) or are publicly known slang or jargon. Passwords should not be trivial, predictable or obvious. Passwords should not be based on publicly known ctional characters from books, lms, and so on. Passwords should not be based on the company's name or geographic location. Example : HOU32SE#, MON42DAY, TAB87LE%
Sumber : http://www.tcnj.edu/~it/security/passwords.html
Thursday, March 29, 12
PKI
Thursday, March 29, 12
PUBLIC KEY INFRASTRUCTURE
Infrastruktur keamanan yang diimplementasikan menggunakan konsep dan teknik kriptogra kunci publik Entitas PKI
Certication Authority(CA); merupakan komponen yang digunakan untuk melakukan identikasi pada pihak yang melakukan pengiriman dan penerimaan. Registration Authority(RA); komponen yang digunakan oleh CA untuk melakukan registrasi dari user. Certicate Repository; merupakan database untuk sertikat digital untuk sistem dari CA. Repository digunakan untuk menyediakan user data yang diperlukan untuk melakukan konrmasi terhadap status dari pesan yang ditandatangani. Certication Revocation Lists(CRL); Digunakan untuk mengecek status atau validitas dari suatu sertikat. Online Certicate Status Protocol(OCSP); suatu protokol pengecekan status dari suatu sertikat secara otomatis
Contoh : E-commerce, e-procurement, Email, SSL dll
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
DIGITAL SIGNATURE
Skema matematik yang digunakan untuk memastikan keaslian pesan yang dikirim Menggunakan publik key cryptosystem Memenuhi aspek Authentication, Integrity dan Nonrepudiation.
Thursday, March 29, 12
Thursday, March 29, 12
IMPLEMENTATION
Thursday, March 29, 12
GSM CRYPTO PHONE
http://www.securegsm.com/snd_sample_1.mp3Thursday, March 29, 12
Thursday, March 29, 12
Sebaliknya, user juga dapat mengubah mode secure menjadi plain 79 menerimanya. Gambar dibawah ini ini merupakan dengan menekan tombol plain. Gambar berikut merupakan tampilan ketika
AGIEVIC
82
81
terdapat panggilan komunikasi. tampilan connect, user secure untuk memasukkan penggunaan modeakan diminta dalam masuk user id,password dan alamat ip dari server pada kolom yang telah disediakan. Gambar berikut ini merupakan tampilan ketika user melakukan koneksi ke server.
dengan server maka user dapat menggunakan fitur connect. Pada
Gambar 4.4. Fitur connect aplikasi Agievic Pada proses koneksi ke server, terjadi proses otentikasi antara client dan server yang dilakukan secara mutual authentication, sehingga jika kedua entitas dapat memastikan bahwa pihak yang dihubungi adalah benar pihak yang sah, maka client dapat masuk ke dalam sistem Agievic. Gambar 4.5 menunjukkan tampilan utama ketika client telah berhasil melakukan koneksi dengan server.
Gambar 4.1. Tampilan Login aplikasi Agievic
Gambar 4.8. Mode secure Agievic
Pada saat user menekan tombol login, maka aplikasi akan melaku
Saat user menekan salah satu tombol mode komunikasi, maka pada database. Jika sesuai maka akan muncul tamp yang terdapat Gambar 4.7. Aplikasi menerima panggilan utama dari aplikasi, tetapi jika tidak sesuai maka akan muncul pe tombol yang Thursday, March 29, 12 ditekan tersebut menjadi tidak aktif, hal ini menandakan
verifikasi terhadap data yang telah dimasukkan oleh user dengan d
tersebut Kemudian server akan memberikan respon dari request client. sistem. tidak dapat masuk dalam sistem.Server akan membandingkan data yang dikirim oleh client dengan masuk kedalam sistem. Gambar di bawah ini merupakan gambaran Agievic.
data yang terdapat pada database server, jika sesuai maka client dapat 3.1.2. Key Establishment
Proses key establishment hanya dapat terjadi setelah client melakukan login kepada server. Saat client melakukan request kepada Protokol Otentikasi server untuk berkomunikasi dengan client lainnya dan client yang dituju menerima request tersebut, maka server akan mengirimkan(2) Pc(Ids, Rc, Es(Rs)) (4) Otentik/tidak (1) Ps(Idc, Ec(Rc))
AGIEVIC
dari proses otentikasi SVoIP yang diimplementasikan pada aplikasi
random seed yang sama kepada keduaPwd, Rs) yang nantinya akan (3) Ps(Idc, client digunakan untuk pembangkitan session key. Gambar di bawah ini Client Server merupakan proses key Gambar 3.2. Proses Otentikasi diimplementasikan establishment SVoIP yang Protokol Key Establishment pada sistem Agievic. Keterangan :Ec = Hasil enkripsi dengan menggunakan private key milik client Es = Hasil enkripsi dengan menggunakan private key milik server
Gambar 3.3. Proses Key EstablishmentThursday, March 29, 12
dikirimkan. Gambar berikut ini merupakan proses komunikasi video conference pada aplikasi Agievic.
AGIEVICPoint to Point Transmitter Input Proses Receiver dienkripsi OutputH263 Encoder G723 Encoder H263 Decoder G723 Decoder
menggunakan algoritma AES 256 dengan mode C
Ciphertext yang telah dihasilkan tersebut kemudian dibentuk me merupakan susunan paket data yang dienkripsi dan
paket UDP yang siap untuk ditransmisikan. Gambar beriku ditransmisikan. IP Header UDP HeaderEnkripsi Dekripsi
RTP Header
Baca Paket RTP
RTP Header Payload
Enkripsi
Ciphertext
UDP Header IP Header
Paket Video Paket Audio Terima Paket
Gambar 3.5. Susunan paket yang siap ditransmisikan
Transmitter
Receiver
Proses penerimaan paket data pada aplikasi Agievic dimulai k didekripsi menggunakan algoritma dan kunci yang sesuai.
data diterima oleh aplikasi. Saat data diterima, data kemu
Gambar 3.4. Komunikasi video conference aplikasi Agievic
karena itu, jika kunci yang digunakan untuk mendekripsi tidak se
Pada komunikasi video conference, protokol RTP menggunakan maka paket data tidak dapat dikenali sebagai paket data RTP sehi
dua buah port yang masing masing digunakan untuk melakukan aplikasi tidak dapat menjalankan video dan audio yang dikirim. transmisi data video dan audio. Proses transmisi dimulai ketika kunci yang digunakan sesuai maka data video dan audio Thursday, March 29, 12
Lampiran 1
AGIEVIC PLAINPAKET DATA MODE PLAIN SAAT TRANSMISI
Thursday, March 29, 12
Lampiran 2
AGIEVIC SECURE
PAKET DATA MODE SECURE SAAT TRANSMISI
Thursday, March 29, 12
EMAIL ENCRYPTION
Email encryption refers to encryption, and often authentication, of email messages, which can be done in order to protect the content from being read by unintended recipients. Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them; while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send. Popular protocols for email encryption include PGP, S/ MIME, TLS, Identity based encryption, Mail sessions encryption
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
Thursday, March 29, 12
OFF THE RECORD MESSAGING
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic p r o t o c o l t h a t p r ov i d e s s t r o n g encr yption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Dife Hellman key exchange, and the SHA-1 hash function. Client Support : Adium, Pidgin, Jitsi, MCabber dll.
Thursday, March 29, 12
DATABASE SECURITYPhysical Security Operating system Encrypt the database at storage level, transparent to application Whole database/le/relation Unit of encryption: page, Column encryption Main issue: key management User provides decryption key (password) when database is started up Supported by many database systems Standard practice now to encrypt credit card information, and other sensitive information All information must be encrypted to prevent eavesdropping Public/private key encryption widely used Handled by secure http - https://
Thursday, March 29, 12
AUTHORIZATION IN DATABASE
User authentication
Central authentication systems allow users to be authenticated centrall. ex : LDAP or MS Active Directory often used for central authentication and user management in organizations Single sign-on: authenticate once, and access multiple applications without fresh authentication, Microsoft passport, PubCookie etc
Different authorizations for different users
Ensure that only authenticated users can access the system
Access (read/update) only data/interfaces that they are authorized to access. Database Security Check List
Thursday, March 29, 12
CONCLUSION
Threats and vulnerabilities to the integrity of that data will increase as well Securing data must be part of an overall computer security plan Cryptography meets the goals of information security Cryptography is science and art
Thursday, March 29, 12
Thursday, March 29, 12
INFORMATION SEC RITY IS INCOMPLETE WITHOUT U
Thursday, March 29, 12
REFERENCEFerguson, Niels & Schneier, Bruce. 2003. Practical Cryptography. Indiana : Wiley Publishing, Inc. Schneier, Bruce. 1996. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C. Newyork : John Wiley & Sons, Inc. Munir, Rinaldi. 2006. Kriptogra. Bandung : Informatika Google !
Thursday, March 29, 12