IELM 511: Information System design Introduction Part 1. ISD for well structured data – relational and other DBMS Part 2. ISD for systems with non-uniformly structured data Part III: (subset of) Basics of web-based IS (www, web2.0, …) Markup’s, HTML, XML Design tools for Info Sys: UML API’s for mobile apps Security, Cryptography IS product lifecycles Algorithm analysis, P, NP, NPC Info storage (modeling, normalization) Info retrieval (Relational algebra, Calculus, SQL) DB integrated API’s
Agenda Basics of secure communications in Information Systems Private key (symmetric key) IS Encryption algorithms and how they work (basics) The mathematical basis for encryption Concluding remarks Asymmetric keys and their uses in IS
Communications basics How does the IS exchange data securely between the client and server? Data encryption transmit encrypted data decrypt data on server How to encrypt/decrypt ? Shared secret password: Symmetric keys Asymmetric keys (uses Secure Sockets Layer protocol), or SSL In many applications, we use a secret ‘password’ to ‘log in’ and communicate securely
Web security background 1. Passive attacks: Attacker monitors data traffic on the web, and collects some information not sent to him (using ‘packet sniffers’) 2. Active attacks: (a) Attacker gains access to some computer using security loopholes (typically using virus, worms, trojan horse, etc.) (b) Spoofing: attacker pretends to be a trusted system, to make the user believe it is safe to send them some secure data. (c) Cryptographic attack: attacker captures encrypted data an decrypts it (e.g., repeatedly trying many possible passwords) 3. Denial of service attacks: Attacker overloads your server with too many requests, blocking other users from accessing it. 4. Social engineering: Attacker uses personal communication/phone call to cheat you into telling them some secret information (e.g. password, credit card pin)
Data encryption: symmetric-key encryption sender, receiver share a secret key via /phone/letter 1 data encryption decryption algorithm data 2 sender encrypts data, sends receiver decrypts data, reads Usually, the encryption and decryption uses same key (password) Common examples: DES algorithm (chops data into 64 bit ‘blocks’, encrypting each with a 56 bit key.) Feistel cipher
Data encryption: asymmetric-key (private key, public key) Each party wishing to communicate has two keys: - Public key: a password that is released to everyone - Private key: a secret password that is not told to anyone Properties of Public, Private keys: - must be different from each other - mathematically related - impossible to determine one from the other Two common uses of Asymmetric keys: Secure communications: sending encrypted data Identity verification: digital signatures pub pri pub pri data
Data encryption: asymmetric-key (private key, public key) data encryption decryption algorithm data Sender encrypts data with receiver’s public key Receiver decrypts data with receiver’s private key r_pubr_pri sends reads Secure communications data encryption decryption algorithm data Sender encrypts data with sender’s private key Receivers decrypt data with sender’s public key s_pris_pub sends reads Digital decryption algorithm data s_pub
Asymmetric keys: user verification Problem: how will the a user know whether the public key they ‘fetch’ over the internet is really from the party they are communicating, or it’s been altered by some malicious party? Solution: use of a “trusted” intermediary (third party), who is in charge of (a) providing keys to all interacting parties (b) physically checking that the each party is who they claim to be Implementation - Use of a Public Key Infrastructure (PKI), which usually involves a - 3 rd party Certificate Authority (CA) who issues and manages key’s to the applications that are communicating. Some common CA’s - VeriSign, CoModo, GoDaddy, DigiCert, …
Two common technologies for secure web communication Using TLS (Transport Layer Security) Using SHTTP - A set of functions written in the transport layer - URL is of the form: - Connection on server is typically on port When a secure page is requested, TLS protocol will - verify identity of both parties - use symmetric-key encryption in the rest of the session - Implemented as a set of functions in application layer - URL is of the form: shttp://host/path/file - Used by very few systems
TLS connections (simplified) c_pub c_pri s_pri client server client generates a random number: rc s_pub *rc encrypts rc: rc client requests secure page: includes: (a) list of cipher funcs, (b) *rc s_pub server generates a random number: rs *rs encrypts rs: rs server sends requested page, + c_pub encrypts server certificate: sc s_pri *sc *rs *sc rc *rc rs *rs client contacts CA to verify server identity *sc c_pri s_pub sc next page… rc rs s_pri
TLS connections (simplified) c_pub c_pri s_pri client server s_pub rc rs client contacts CA to verify server identity sc sends encrypted certificate encrypts client certificate: cc *cc c_pri *cc server contacts CA to verify client identity *cc cc c_pub cc client generates a random number (pre-password): pms s_pub encrypts pre-password: *pms s_pri pms rc rs rc client, server independently calculate password pass pms rsrc pass Secure, symmetric-key session with password: pass
Basics of encryption Encryption is essential for many IS applications. How do encryption algorithms work ?
Simplest example: Shift cipher Main idea: Shift letters using mod 26 arithmetic Input: set of characters from the alphabet, P {a, b, …, z} Input: shift size, key {1,..., 25} Output: cipher text, C {a, b, c, …, x, y, z} Encryption and decryption functions encrypt(key, letter) = letter + key (mod 26) decrypt(key, letter) = letter - key (mod 26) Note: the ‘mod’ function is applied to the numerical equivalent of each character, a = 1, b = 2, … z = 26. Example: encrypt(3, play) = sodb
Shift Cipher (or similar permutation ciphers) Advantages encrypt, decrypt: very efficient Ciphertext appears unreadable Disadvantages Only 25 possible keys (easy to crack!) Regular pattern we can use letter-frequency tables, etc Letter groupProbability E0.12 TAOINSHR DL0.04 CUMWFGYPB VKJXQZ< 0.01 [Beker and Piper] analysis of frequency of letters in English:
More sophisticated cipher: One time pad Secret-key encryption scheme (symmetric) Main idea: Encrypt plaintext by xor with key (= sequence of bits) Decrypt ciphertext by xor with same key (= bit sequence) PlaintextKeyCiphertextKeyPlaintext = = Ciphertext
One time pad Advantages Easy to compute encrypt, decrypt from key, text Secure: Given a plaintext and random key, all possible ciphertexts are equally likely. Disadvantages Key is as long as the plaintext
Even more sophisticated ciphers: Block ciphers Basic algorithms for Block ciphers were developed at IBM Examples: Feistel: source code is available for many languages; DES (Data Encryption Standard): commonly used. Main idea: 1. Permute input bits 2. Repeat application of a Feistel-style function 3. Apply inverse permutation to produce output Simple, computationally efficient, secure (at least to date!)
DES basics Plain text (64 bits) Initial permutation IP [0..63] Two halves L 0 [0..31]R 0 [0..31] L i-1 R i-1 F K i F( key, input) x 16 times L 16 [0..31]R 16 [0..31] Inverse Initial permutation Cipher text (64 bits) L i = R i-1 R i XOR K i = permutation of key K
DES basics.. Function F(R i-1,K i ) Block E: expands 32-bit R i-1 into 48bits XOR with K i Divide into 8 6-bit blocks Apply “S-box” table-lookup functions to each block Permute resulting bits [source: wikipedia] S-box table-lookup functions: Non-linear mapping; main reason why DES function is not invertible. This website gives a numerical example of DES encryption steps
RSA algorithm DES uses same key for encryption and decryption. The theoretical basis for Public key encryption systems are developed from the RSA algorithm. RSA algorithm: based on number theory (prime numbers). [an excellent introduction is Prof Deng Xiaotie’s lectures, City U.]
Practical matters Private key algorithms: Easy to implement in your own IS Open source code available for many ciphers (Feistel, TEA)TEA Public key algorithms: Requires purchase of service from PKI vendor (e.g. Verisign,…) Expensive to implement, manage, but standard for most businesses
References and Further Reading Next: Mobile Applications Design Simon Singh, The Code Book, pub. Anchor press, 2000 PDF article giving brief introduction to RSA mathsPDF article giving brief introduction to RSA maths (Utah State, Prof Moon) Wikipedia cryptography portal Prof Deng Xiaotie/Prof Frances Yao’s lecture notes (City Univ, HK)