2 nd lecture

 Plaintext – ciphertext – encryption – decryption.  Cryptography – cryptanalysis – cryptanalyst – cryptology.  Authentication – Integrity – Non-repudiation – Confidentiality – Availability.  Symmetric algorithms – public-key (asymmetric) algorithms.

3 Interruption  This is an attack on availability.  An asset of the system is destroyed or becomes unusable.Interruption  This is an attack on availability.  An asset of the system is destroyed or becomes unusable. Information source Information Destination Information Interruption Categories of security attacks Interception Modification Fabrication

4 Interruption  Examples include:  destruction of a piece of hardware such as a hard disk,  the cutting of a communication line, or  the disabling of the file management system.Interruption  Examples include:  destruction of a piece of hardware such as a hard disk,  the cutting of a communication line, or  the disabling of the file management system. Interruption Categories of security attacks Interception Modification Fabrication

5 Interception  This is an attack on confidentiality.  Unauthorized party ( person, program ) gains access to an asset.Interception  This is an attack on confidentiality.  Unauthorized party ( person, program ) gains access to an asset. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

6 Interception  Examples include:  wiretapping to capture data in a network, and  the unauthorized copying of files or programs.Interception  Examples include:  wiretapping to capture data in a network, and  the unauthorized copying of files or programs. Interruption Categories of security attacks Interception Modification Fabrication

7 Modification  This is an attack on integrity.  Unauthorized party gains access and tampers with an asset..Modification  This is an attack on integrity.  Unauthorized party gains access and tampers with an asset.. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

8 Modification  Examples include:  changing values in data files,  altering a program so that it performs differently and  modifying the content of messages being transmitted in a network.Modification  Examples include:  changing values in data files,  altering a program so that it performs differently and  modifying the content of messages being transmitted in a network. Interruption Categories of security attacks Interception Modification Fabrication

9 Fabrication  This is an attack on authenticity.  Unauthorized party inserts counterfeit objects into system.Fabrication  This is an attack on authenticity.  Unauthorized party inserts counterfeit objects into system. Information source Information Destination Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication

10 Fabrication  Examples include:  the insertion of spurious messages in a network or  the addition of records to a file.Fabrication  Examples include:  the insertion of spurious messages in a network or  the addition of records to a file. Interruption Categories of security attacks Interception Modification Fabrication

11 Passive threats  Passive attacks are in the nature of eavesdropping or monitoring of transmissions.  The goal is to obtain information that is being transmitted.  Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive threats  Passive attacks are in the nature of eavesdropping or monitoring of transmissions.  The goal is to obtain information that is being transmitted.  Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive Categories of security threats Active

12 Two types of Passive threats  The release of message contents such as a telephone conversation, an message, and a transferred file.  The traffic analysis to determine the location and identity of communicating hosts. Two types of Passive threats  The release of message contents such as a telephone conversation, an message, and a transferred file.  The traffic analysis to determine the location and identity of communicating hosts. Passive Categories of security threats Active

The attacker does not affect the protocol Eve

14 Active threats  Active attacks involve some modification of the data stream or the creation of a false stream.  These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Active threats  Active attacks involve some modification of the data stream or the creation of a false stream.  These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Passive Categories of security threats Active

Mallory

 The aim of cryptography is to keep the plaintext secret from the eavesdroppers.  Adversary – attacker – intruder – interceptor – interloper – enemy.  Eavesdroppers are assumed to have complete access to the communication between the sender and receiver.  Cryptanalysis is the science of recovering the plaintext from the message without access to the key.

 There are common 5 types of cryptanalytic attacks. 1. Ciphertext-only attack: the cryptanalyst has the ciphertext of several messages that are encrypted using the same algorithm. Given: C 1 =E k (M 1 ), C 2 =E k (M 2 ), …, C i =E k (M i ) Deduce: M 1, M 2, …, M i to infer M i+1 from C i+1

2. Known-plaintext attack: the cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) Deduce: k to infer M i+1 from C i+1

3. Chosen-plaintext attack: the cryptanalyst not only has access to the ciphertext and associated plain text of several messages, but he also chooses the plaintext that gets encrypted. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) where the cryptanalyst chooses M 1, M 2, …, M i Deduce: k to infer M i+1 from C i+1

4. Adaptive chosen-plaintext attack: Not only can the cryptanalyst choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption.

5. Chosen-ciphertext attack: The cryptanalyst can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. Hids job is to deduce the key. Given: C 1, M 1 =D k (C 1 ), C 2, M 2 =D k (C 2 ), …, C i, M i =D k (C i ) Deduce: K

 The security of any algorithm depends on how hard it is to break.  An algorithm is:  Unconditionally secure: if there is not enough information to recover the plaintext.  Computationally secure: if it cannot be broken with the available resources, either current or future.  Brute-force attack: trying every possible key one by one and checking whether the resulting plaintext is meaningful.

 The complexity of an attack can be measured by:  Data complexity: the amount of data needed as an input to the attack.  Processing complexity: The time needed to perform the attack (work factor)  Storage requirements: the amount of memory needed to do the attack. Ex: a key length = 128 bit. If we have 1 million processor, each performs 1 million operation/second. We need years to recover the key.

 Steganography  from the Greek word steganos meaning “ covered ”  and the Greek word graphie meaning “ writing ”  Steganography is the process of hiding of a secret message within an ordinary message and extracting it at its destination.  Anyone else viewing the message will fail to know it contains hidden data.

 Invisible Ink is a form of steganography  By replacing the least significant bit if each byte of the image with the bits of the message, we can store 64Kbyte message in a 1024 X 1024 gray scale picture.

Steganography Carrier Files  bmp  jpeg  gif  wav  mp3  Amongst others …

Steganography Tools  Steganos  S-Tools (GIF, JPEG)  StegHide (WAV, BMP)  Invisible Secrets (JPEG)  JPHide  Camouflage  Hiderman The following example come from S-Tools for Windows. S-Tools allows users to hide information into BMP, GIF, or WAV files.

FIGURE 2. The original image file (left) and image file with embedded text (right), side by side.

Image of a tree. By removing all but the last 2 bits of each color component, an almost completely black image results. Making the resulting image 85 times brighter results in the image below.bitscolor component Image extracted from above image.

Identification of hidden files

 Definition  Identifying the existence of a message  Not extracting the message  Note: Technically, Steganography deals with the concealment (hiding) of a message, not the encryption of it  Steganalysis essentially deals with the detection of hidden content

 By identifying the existence of a hidden message, perhaps we can identify the tools used to hide it.  If we identify the tool, perhaps we can use that tool to extract the original message.

 Methods of detecting the use of Steganography  Visual Detection (JPEG, BMP, GIF, etc.)  Audible Detection (WAV, MPEG, etc.)  Statistical Detection (changes in patterns of the pixels or LSB – Least Significant Bit) or Histogram Analysis  Structural Detection - View file properties/contents  size difference  date/time difference  contents – modifications  checksum

 Categories  Anomaly  Histogram analysis  Change in file properties  Statistical Attack  Visually  Audible  Signature  A pattern consistent with the program used

 Detecting Steganography by viewing it  Can you see a difference in these two pictures? (I can ’ t!)

 Kurtosis  The degree of flatness of a curve describing a frequency of distribution.

 Histogram analysis can be used to possibly identify a file with a hidden message

 By comparing histograms, we can see this histogram has a very noticeable repetitive trend.

 Compare the properties of the files  Properties  04/04/ :25p 240,759 helmetprototype.jpg  04/04/ :26p 235,750 helmetprototype.jpg  Checksum  C:\GNUTools>cksum a:\before\helmetprototype.jpg a:\before\helmetprototype.jpg  C:\GNUTools>cksum a:\after\helmetprototype.jpg a:\after\helmetprototype.jpg

 If you have a copy of the original file, it can be compared to the modified carrier file.  Many tools can be used for viewing and comparing the contents of a hidden file.  Reviewing multiple files may identify a signature pattern related to the Steganography program