SFS Workshop 2012 1 May 21, 2012 SFS Summer Workshop at UT Chattanooga.

Slides:



Advertisements
Similar presentations
6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Advertisements

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Data Encryption Standard (DES)
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptographic Technologies
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott
Lecture 3: Cryptographic Tools
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Chapter 12 Cryptography (slides edited by Erin Chambers)
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Information Systems Security
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
Midterm Review Cryptography & Network Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
IS 302: Information Security and Trust Week 5: Integrity 2012.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Lecture 2: Introduction to Cryptography
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
1 Introduction to Cryptography Chapter-4. Definitions  Cryptography = the science (art) of encryption  Cryptanalysis = the science (art) of breaking.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptography Presented By: Yogita Dey Amardeep Kahali Dipanjan Devnagar Minhaajuddin Ahmad Khan ECE4, NIT Securing the Information Age.
Lecture 6 Overview.
What is network security?
Public Key Encryption and Digital Signatures
ICS 454 Principles of Cryptography
PART VII Security.
Introduction to Symmetric-key and Public-key Cryptography
ICS 454 Principles of Cryptography
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Modern Cryptography.
Presentation transcript:

SFS Workshop May 21, 2012 SFS Summer Workshop at UT Chattanooga

Program Goals Build capacity in IA education through faculty summer workshops – Increased faculty interest and participation in IA education. – Increased number of courses and institutions adopting the hands-on exercises and case studies Develop student mastery of and interest in IA topics Provide a platform of sharing and collaboration Is 2

Topics and Speakers Cryptography, Access Control, Cloud Computing, Forensics, and Security Ethics by Li Yang, Joseph Kizza and Kathy Winters from UT Chattanooga Security Management, Buffer-over-flow, Firewall by Xiaohong (Dorothy) Yuan and Ken Williams from North Carolina A&T State University Web Security and Network Security by Bill Chu from University of North Carolina at Charlotte Virtualization and Security Hands-on Learning by Vincent Nestler 3

Cryptography Hands-on Learning 4 CrypTool Programming

Overview of Security Services Data confidentiality protects data from disclosure attack. Data integrity protect data from modification, insertion, deletion, and replaying attacks. Authentication provides proof of sender, or receiver, or source of the data. Nonrepudiation protects against repudiation by either the sender to the reveiver. Access control provides protection again unauthorized access to data. 5

Cryptography 6 Symmetric Cryptography Public Key Cryptography Hash Function Digital Signature Key Management

Symmetric Key Ciphers Traditional Symmetric Key ciphers – A substitution cipher replaces one symbol with another. – A transposition cipher reorders symbols. Modern Symmetric-key Ciphers – Stream ciphers operate on the plaintext a single bit (or sometimes byte) at a time – Block ciphers operate on the plaintext in groups of bits. The groups of bits are called blocks. 7

Playfair Encryption Let us generate keypad using keyword “CHATTANOOGA” and encrypt the plaintext “Cryptography” using the keypad. CR  AP, YP  SV, TP  CD Good exercises for two-dimension arrays 8 Example: Lab on Playfair encryption

DES DES was adopted as a US federal standard for commercial encryption in The S-Boxes design provides confusion and diffusion of bits from each round to the next. The P-Boxes provide diffusion of bits. DES uses sixteen rounds of Feistel ciphers. the cipher text is thoroughly a random function of plaintext and cipher text. Visualization “Indiv. Procedures\Visualization of Algorithms\DES” 9

Weaknesses in DES Critics have found some weaknesses in DES. Weaknesses in Cipher Design 1.Weaknesses in S-boxes Two specifically chosen inputs to an S-box can create same output 2. Weaknesses in P-boxes initial and final permutations have no security benefits the first and fourth bits of every 4-bit series are repeated 3. Weaknesses in Key Weak keys create same 16 round keys Semi-weak keys create 2 different round keys Possible weak keys create 4 distinct round keys Key complement 10

Double encryption and decryption with a weak key 11 Example: Lab on Weak DES keys

AES The Advanced Encryption Standard (AES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST) in December AES has defined three versions, with 10, 12, and 14 rounds. Each version uses a different cipher key size (128, 192, or 256), but the round keys are always 128 bits. Visualization: “Indiv. Procedures\Visualization of Algorithms\AES\Rijindael Animation” 12

Modes of operation How to encrypt large messages? – Partition into n-bit blocks – Choose mode of operation Modes of operation have been devised to encipher text of any size employing either DES or AES. 13

Evaluation criteria of modes 14 Identical messages – under which conditions cipher text of two identical messages are the same Chaining dependencies – how adjacent plaintext blocks affect encryption of a plaintext block Error propagation – resistance to channel noise Efficiency – preprocessing – parallelization: random access Example: Lab on modes of operation

Cryptanalysis 15 As cryptography is the science and art of creating secret codes, cryptanalysis is the science and art of breaking those codes.

Cipher text-Only Attack 16 Cipher text + algorithm  key and the plaintext Brute-Force attack: exhaustive key search attack Statistical attack: benefit from inherent characteristics of the plaintext language. E.g. E is the most frequently used letter. Example: Lab on Frequency Analysis Pattern attack: discover pattern in cipher text. Example: Labs on binary addition and XOR encryption

Hash Function 17 A cryptographic hash function takes a message of arbitrary length and creates a message digest of fixed length. The goal is to ensure integrity of message. Resistance to three attacks – Preimage attack: find M’ such that that D=h(M’) given D=h(M) – Second Preimage Attack: find M’ such that h(M’)=D given D and M – Collision Attack: Find two messages M and M’ such that H(M)=h(M’) Using multiple rounds of encryption or compression

Cryptographic APIs Cryptlib ( – easy to use – free for noncommercial use OpenSSL ( – poorly documented – open source – popular Crypto++ ( – C++ library – open source BSAFE ( – well documented, Java, C/C++ – most popular commercial library – Was commercial SDK from RSA – free from 2009 under RSA Share Project

Cryptographic APIs Cryptix: JCA, JCE – open source Java library, C# library – Python Cryptographic Toolkit – open source crypt, hash, rand modules – Crypt:: CPAN modules for Perl – well documented – many different libraries

Supported Ciphers 1. Range of MAC algorithms Almost all include MD5, SHA-1 2. Range of symmetric algorithms Almost all include AES, DES 3. Range of public key algorithms Almost all include RSA, Diffie-Hellman, DSA

Work on labs (1) From 9:15am to 10:15am 1.1 Encryption using classical techniques -- Playfair 1.2 frequency analysis 2.1 Encryption using binary addition 2.2 Encryption using binary Exclusive-OR (XOR) 2.3 Triple DES with CBC mode and Weak DES keys 2.4 Testing different modes in symmetric ciphers 4.1 Hash generation and sensitivity of hash functions to plaintext modifications 4.2 Hash function 21

Coffee Break (10:15-10:45am) 22

23 Public key cryptography need K ( ) and K ( ) such that B B.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adleman algorithm + - K (K (m)) = m B B Public key cryptography uses two separate keys: one private and one public.

24 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

Attacks on RSA – Factorization Attack 25

Short message attacks Known: Cipher text, RSA algorithm Unknown: plaintext, key Short message attack – if it is known that Alice is sending a four-digit number to Bob, Eve can easily try plaintext numbers from 0000 to 9999 to find the plaintext. Example: Lab 3.2 on short message attack 26

27 Optimal asymmetric encryption padding (OAEP) P = P1 || P2, where P1 is the masked version of the padded message M; P2 is sent to allow Bob to find the mask Encryption – Pad the plaintext to make m-bit message M, if M is less than m-bit – Choose a random number r of k-bits. (used only once) – Use one-way function G that inputs r-bit integer and outputs m-bit integer. This is the mask. – P1 = M  G(r) – P2 = H(P1)  r, function H inputs m-bit and outputs k-bit – C = E(P1 || P2). Use RSA encryption here.

28 OAEP Decryption – P = D (P1 || P2) – Bob first recreates the value of r: H(P1)  P2 = H(P1)  H(P1)  r = r – Bob recreates msg: G(r)  P1 = G(r)  G(r)  M = M

Timing attacks RSA fast-exponential algorithm uses – only squaring if the corresponding bit in the private exponent d is 0. requires shorter time to decrypt. – Both squaring and multiplication if the corresponding bit is 1. requires longer time to decrypt This timing difference allows Eve to find the value of bits in d, one by one. Example: lab 3.3 timing attack 29

Digital Signature The sender uses a signing algorithm to sign the message. The message and the signature are sent to the receiver. The receiver receives the message and the signature and applies the verifying algorithm to the combination. If the result is true, the message is accepted; otherwise, it is rejected. 30

Kerberos An authentication solution and a way to manage keys in symmetric ciphers Will be discussed on Tuesday/Wednesday 31

IA resources and projects (1) SEED: Developing Instructional Laboratories for Computer SEcurity Syracuse University SWEET: Secure Web Development Teaching Pace University Security Towson University 32

IA resources and projects (2) National Initiative Cybersecurity Education (NICE): DETER Network Security Testbed The Open Web Application Security Project (OWASP)

Work on Labs II From 10:45am-11:45pm 3.1 RSA encryption and attacks 3.2 RSA Short message attacks and padding 3.3 RSA timing attacks 5.1 Digital signature visualization 5.2 RSA signature 5.3 Attack on digital signature/hash collision 5.4 Digital signature (programming) 34