cyber attacks and cryptography overview. security objectives confidentiality integrity availability...

Cyber Attacks and Cyber Attacks and Cryptography OverviewCryptography Overview

Security ObjectivesSecurity Objectives

ConfidentialityIntegrityAvailabilityAuthenticationNon-repudiation

Internet Security - Farkas 2

How can we define theseconcepts wrt. the

Internet?

Types of Attacks (1)Types of Attacks (1)

Interruption – an asset is destroyed, unavailable or unusable (availability)

Interception – unauthorized party gains access to an asset (confidentiality)

Modification – unauthorized party tampers with asset (integrity)

Fabrication – unauthorized party inserts counterfeit object into the system (authenticity)

Denial – person denies taking an action (authenticity)


Types of Attacks (2)Types of Attacks (2) Passive attacks:

Eavesdropping Monitoring

Active attacks: Masquerade – one entity pretends to be a different entity Replay – passive capture of information and its

retransmission Modification of messages – legitimate message is altered Denial of service – prevents normal use of resources


ProtectionProtection

Protection at storage– Inactive (e.g., databases storage, file system)– During processing (e.g., DBMS access, application

access)

Protection during transmission– Level of protection (e.g., content vs. header info)– Aim of protection (e.g., confidentiality, integrity,

privacy, etc.)


Basic Defense MechanismsBasic Defense Mechanisms

Identification and AuthenticationAuthorizationCryptographyHardware, software security

– Tampering avoidance– Information leakage prevention– Input validation

Network-protection: communication, firewall, IDS, etc.


Usable security!

Attacks Against Attacks Against Communication ChannelsCommunication Channels



Insecure communicationsInsecure communications

Sender

Recipient

Insecure channel

Confidential

Encryption: confidential communication

EncryptionEncryption

Does it support?ConfidentialityIntegrityAvailabilityAuthentication (pair-wise, third party)Non-repudiation



Terminology

Plaintext (cleartext): a message in its original form

Ciphertext (cyphertext): an encrypted message Encryption: transformation of a message to hide

its meaning Cipher: cryptographic algorithm. A mathematical

function used for encryption (encryption algorithm) and decryption (decryption algorithm).


Terminology

Decryption: recovering meaning from ciphertext

Cryptography: art and science of keeping messages secure

Cryptanalysis: art and science of breaking ciphertext

Cryptology: study of both cryptography and cryptanalysis

CONTINUE FROM 08/29CONTINUE FROM 08/29



Encryption and Decryption

Encryption DecryptionPlaintext Ciphertext Plaintext


Conventional (Secret Key) Conventional (Secret Key) CryptosystemCryptosystem

Encryption Decryption

Plaintext PlaintextCiphertext

K

Sender Recipient

C=E(K,M)M=D(K,C)

K needs secure channel


Public Key Cryptosystem

Encryption Decryption

Plaintext PlaintextCiphertext

Sender Recipient

C=E(Kpub,M)M=D(Kpriv,C)

Recipient’s public Key (Kpub)

Recipient’s private Key (Kpriv)

Kpub needs reliable channel


Summary: Secret-Key Summary: Secret-Key EncryptionEncryption

Single, secret key Key distribution problem of secret key systems

– Establish key before communication– Need n(n-1)/2 keys with n different parties

Do NOT provide electronic signatures Faster than public-key encryption


Summary: Public Key Summary: Public Key EncryptionEncryption

Supports confidentiality and authenticationNeed reliable channel for key distribution2n keys for n users (public, private pairs)Digital certificatePKI


Simple secret key distributionSimple secret key distribution

Sender Recipient

1. KE-S ||ID-S

2. E KE-S(Ksession)

Vulnerable to active attack!

HOW?


With confidentiality and authenticationWith confidentiality and authentication

Sender Recipient

1. E KE-R[N1||ID-S]

2. E KE-S[N1||N2]

3. E KE-R[N2-1]

4. E KE-R E KD-S(Ksession)What are thebasic requirementsfor this protocolto be correct?

WHAT IS A PROTOCOL?WHAT IS A PROTOCOL?



ProtocolProtocolSequence of interactions between entities to

achieve a certain endTypes of protocols:

– Diplomatic– Communication– Graduation– Security– Etc.

What is TCP/IP?


Reading AssignmentReading Assignment

Recommended Reading: P.Y.A. Ryan, S.A. Schneider, M.H. Goldsmith, G. Lowe and A.W. Roscoe, The Modelling and Analysisof Security Protocols: the CSP Approach, Section 0. Introduction, pages: 1 – 37, http://www.computing.surrey.ac.uk/personal/st/S.Schneider/books/MASP.pdf


Security ProtocolsSecurity Protocols

Cryptographic protocolsServices: secrecy, integrity, authentication,

key exchange, non-repudiation, etc.Components: communicating parties

(nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.


Security Properties – Secrecy Security Properties – Secrecy

Non-interference: Intruder should not be able to deduce anything about the legitimate users’ activities

Message confidentiality: intruder cannot derive the plaintext of messages passed between two legitimate nodes


Security Properties – Security Properties – Authentication of Origin Authentication of Origin

Verify – Who sent the message?– Who sent the message to whom?– Who sent the message to whom and how many

times?


Security Properties – Entity Security Properties – Entity AuthenticationAuthentication

Similar to authentication of origin but has timeliness

Repeated form of origin authentication


Security Properties – IntegritySecurity Properties – Integrity

Data cannot be corruptedContent of output messages match the

content of the input message


Security Properties – Authenticated Security Properties – Authenticated Key-ExchangeKey-Exchange

Share a secret key with another person and know for sure who this other person is

I’m calling from your utilitiescompany. We need your SSN, billing address, and …


Security Properties – Non-Security Properties – Non-repudiationrepudiation

Legitimate participantsAgainst possible cheating Signature-type mechanism


Security Properties – FairnessSecurity Properties – Fairness

Legitimate participantsPrevents one of the participants to gain

advantage over another by halting the protocol part-way through


Security Properties – AnonymitySecurity Properties – Anonymity

Over some sets of eventsShuffling the events will not change an

observer’s view

Occurrence of events?Accountability


Security Properties – Availability Security Properties – Availability

To be able to achieve the goals

More Examples of Crypto More Examples of Crypto protocolsprotocols

Read on your own Read on your own



Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange

Proposed in 1976 First public key algorithm Allows group of users to agree on secret key over

insecure channel Cannot be used to encrypt and decrypt messages



Protocol for A and B want to agree on shared secret key: A and B agree on two large numbers n and g, such that

1<g<n A chooses random x and computes X=gx mod n and sends

X to B B chooses random y and computes Y=gy mod n and sends

Y A computes k= Yx mod n B computer k’= Xy mod n Note: k =k’= gyx mod n



Requires no prior communication between A and B

Security depends on difficulty of computing x given X=gx mod n

Choices for g and n are critical: both n and (n-1)/2 should be prime, n should be large

Susceptible to intruder in the middle attack (active intruder)


Intruder in the Middle AttackIntruder in the Middle Attack

John RoseIntruderHi Rose, I’m John.

Hi John, I’m Rose. Hi John, I’m Rose.

Hi Rose, I’m John.

Intruder and John Uses Diffie-HellmanTo agree on key K.

Intruder and RoseUses Diffie-HellmanTo agree on key K’.

K and K’ may be the same


Asymmetric-Key ExchangeAsymmetric-Key ExchangeWithout server

– Broadcasting– Publicly available directory

With server– Public key distribution center– Certificates


Public announcementPublic announcement

John Smith

KE-J.S.

KE-J.S.

KE-J.S.

KE-J.S.

KE-J.S.

KE-J.S.

Bad: Uncontrolled distribution easy to forge


Publicly available directoryPublicly available directory

PublicKeyDirectory

John Smith Mary Rose

KE-J.S. KE-M.R..

Better but notGood enough Directory could Be compromised


Public-key authorityPublic-key authority

Public-Key Authority

Sender Recipient

1. Request || Time1

2. EKD-Auth[KE-R||Request||Time1]

3. EKE-R(ID-S||N1)

4. Request || Time2

5. EKD-Auth[KE-S||Request||Time2]

6. EKE-S(N1||N2)

7. EKE-R(N2)


Public-key certificatesPublic-key certificates

Certificate Authority

Sender Recipient

KE-S

C-S=EKD-CAuth[Time1,ID-S,KE-S]

1. C-S

2. C-R

KE-R

CR=EKD-CAuth[Time2,ID-R,KE-R]


CertificatesCertificates

Guarantees the validity of the informationEstablishing trustPublic key and user identity are bound

together, then signed by someone trustedNeed: digital signature


Digital SignatureDigital SignatureNeed the same effect as a real signature

– Un-forgeable– Authentic– Non-alterable– Not reusable


Digital signatureDigital signature

Direct digital signature: public-key cryptography based

Arbitrated digital signature:– Conventional encryption:

Arbiter sees message Arbiter does not see message

– Public-key based Arbiter does not see message


Digital Signatures in RSA

Sender Recipient

Insecure channel

Plaintext PlaintextSigned plaintext

Encryption Alg.

Decryption Alg.

S’s public keyS’s private key(need reliable channel)

Sign Verify


Non-repudiationNon-repudiation

Requires notarized signature, involving a third party

Large system: hierarchies of notarization

NEXT CLASSNEXT CLASSTCP/IP OVERVIEWTCP/IP OVERVIEW


cyber attacks and cryptography overview. security objectives confidentiality integrity availability...

Documents

usable security

passive attacks

cyber attacks

cryptographic algorithm

header infoaim of protection

dbms access

messages securecryptanalysis

counterfeit object