information protection lecture 2. cryptographic systems we have a source of information and one for...
TRANSCRIPT
Information protection Lecture 2
Cryptographic systems
• We have a source of information and one for keys. The last one sent using a very safe communication channel the keys for source and destinations
• The ciphering is a reversible transformation f (bijection) usually unique for a key K over the message.
• Function f can be composed to increase the security od criptosystem.
Figure 1. Cryptographic system
Requirements for good cryptosystemsRequirements for good cryptosystems(Sir Francis R. Bacon (1561 - 1626))
1. Given ek and a plaintext w, it should be easy to compute c = ek(w).
2. Given dk and a cryptotext c, it should be easy to compute w = dk(c).
4. It should be unfeasible to determine w from ek(w) without knowing dk.
5. The so called avalanche effect should hold: A small change in the plaintext, or in the key, should lead to a big change in the cryptotext (i.e. a change of one bit of the plaintext should result in a change of all bits of the cryptotext, each with the probability close to 0.5).
6. The cryptosystem should not be closed under composition, i.e. not for every two keys k1, k2 there is a key k such that
ek (w) = ek1 (ek2 (w)).
7. The set of keys should be very large.
3. A cryptotext ek(w) should not be much longer than the plaintext w.
Malicious Software
Digital Immune System
• Previous figure illustrates the typical steps in digital immune system operation:
1. A monitoring program on each PC uses a variety of heuristics based on system behavior, suspicious changes to programs, or family signature to infer that a virus may be present, & forwards infected programs to an administrative machine
2. The administrative machine encrypts the sample and sends it to a central virus analysis machine
3. This machine creates an environment in which the infected program can be safely run for analysis to produces a prescription for identifying and removing the virus
4. The resulting prescription is sent back to the administrative machine5. The administrative machine forwards the prescription to the infected client6. The prescription is also forwarded to other clients in the organization7. Subscribers around the world receive regular antivirus updates that protect
them from the new virus.
Behavior-Blocking Software
• integrated with host O/S
• monitors program behavior in real-time– eg file access, disk format, executable mods,
system settings changes, network access
• for possibly malicious actions– if detected can block, terminate, or seek ok
• has advantage over scanners
• but malicious code runs before detection
References1. William Stallings, “Cryptography and Network
Security”, 4/e.
2. Davies D.W., Price W.L., “Security for Computer Networks”, John W&Sons, USA, 1995.
3. Angheloiu I, ş.a., “Securitatea şi protecţia informaţiei în sistemele electronice de calcul”, Ed. Militară, 1986, Bucureşti
4. Menzenes A., et all, “Handbook of applied cryptography”, CRC Press, 1996
5. http://www.cryptomuseum.com/crypto/index.htm
Bad vs Good Guys