20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 4 ePayment Security I.

Slides:



Advertisements
Similar presentations
DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 5 Epayment Security I.
Cryptographic Technologies
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 4: ePayment Security I.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 23 Symmetric Encryption
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography, Authentication and Digital Signatures
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 2 “Cryptographic Tools”.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Lecture 2: Introduction to Cryptography
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
Lecture 23 Symmetric Encryption
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Network Security Celia Li Computer Science and Engineering York University.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.
Presentation transcript:

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 4 ePayment Security I

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS ePayment Security Keep financial data secret from unauthorized parties (privacy) –CRYPTOGRAPHY Verify that messages have not been altered in transit (integrity) –HASH FUNCTIONS Prove that a party engaged in a transaction (nonrepudiation) –DIGITAL SIGNATURES Verify identity of users (authentication) –PASSWORDS, DIGITAL CERTIFICATES ePayments are impossible without security

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptography and Hash Functions Message digest (hash) algorithms –Secure Hash Algorithm –Passwords Defending against attacks –Salting, nonces Symmetric encryption –DES and variations –AES: Rijndael Public-key algorithms –RSA –Elliptic curve cryptography (ECC) Digital signatures Lecture 4 Security I Lecture 5 Security II

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Hash Functions HASH SPACE (ALL POSSIBLE HASHED MESSAGES) MESSAGE SPACE (ALL POSSIBLE PLAINTEXT MESSAGES) “TRANSFER $5000 TO MY SAVINGS ACCOUNT” A “HASH” IS A SHORT FUNCTION OF A MESSAGE (USUALLY  160 BITS) “AF0E891B293” MUST NOT BE REVERSIBLE ?

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Hash Functions HASH SPACE (ALL POSSIBLE HASHED MESSAGES) “AF0E891B293” MESSAGE SPACE (ALL POSSIBLE PLAINTEXT MESSAGES) “TRANSFER $5000 TO MY SAVINGS ACCOUNT” HASH FUNCTIONS ARE NOT ONE-TO-ONE AND NOT REVERSIBLE MANY MESSAGES HAVE THE SAME HASH “IT’S MONDAY” “THE SKY IS BLUE”

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS One-Way Hash Functions For any string s, H(s), the hash of s, is of fixed length (shorter than s), sometimes called a message digest Easy to compute “One-way”: computationally difficult to invert: can’t find any message corresponding to a given hash Diffusion property: Altering any bit of the message changes many bits of the hash

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Uses of One-Way Hash Functions Password verification Message authentication (message digests) Prevention of replay attack Digital signatures

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Secure Hash Algorithm SHA-1 Federal Information Processing Standard (NIST) For any message shorter than 2 64  bits, produces a 160-bit message digest Uses exclusive-OR operation  A = B = A  B = Exclusive-OR is lossy; knowing A  B does not reveal even one bit of either A or B Regular OR: If a bit of A  B is zero, then both corresponding bits of both A and B were zero

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Information Hiding with Exclusive-OR x  y = 1 if either x or y is 1 but not both: If x  y = 1 we can’t tell which one is a 1 Can’t trace backwards to determine values If x  y = 1 then BOTH x and y are 1 xyxy x y

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Secure Hash Algorithm Flow LONG MESSAGE TO BE HASHED TAKE FIRST 16 WORDS (512 BITS) EXPAND TO 80 WORDS (2560 BITS) STARTING HASH FIVE 32-BIT WORDS (160 BITS) REPEAT 79 MORE TIMES … FINAL HASH (160 BITS) REPEAT FOR EACH 512-BIT BLOCK

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Hashed Passwords A system must be able to verify that a password is correct Store the plaintext passwords. TERRIBLE IDEA Store hashed passwords. BETTER IDEA –User SHAMOS has password “MAGIC”; hash is “341JY” –System stores (SHAMOS, 341JY) –Shamos logs in by typing SHAMOS, MAGIC –System hashes “MAGIC” to form “341JY” –Looks up hash of SHAMOS password = 341JY –USER is authenticated System never stores the passwords Passwords can’t be hacked or stolen Someone who finds “341JY” cannot recover “MAGIC”

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Weakness of Hashed Passwords Passwords come from a small universe (~50,000 words). Possible to compare all possible hashes against the hashed file to discover passwords For example, take each word in the English dictionary and hash it. This will reveal “MAGIC” and “341JY” Hash each password differently. NOT SO BAD –Defends against dictionary attack Want to be sure that two people who have the same password have different hashes, so compromise of one password does not reveal others Don’t store H (P), the hash of the password Store S and H (P + S), where S, called salt, is different for each user

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Salting Example A’s password is “13524”; B’s password is “13524” A’s salt is “ABC”; B’s salt is “DEF” The hash of A’s salted password is “1663az78fz” System stores “A, ABC, 1663az78fz” The hash of B’s salted password is “v134c27a8” System stores “B, DEF, v134c27a8” A logs on. Sends user “A”, password “13524” System looks up A’s salt, hashes salted password, compares with stored salted password Someone who discovers A’s salted password can’t use it Can’t tell that A and B have the same password

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Nonce to Prevent Replay Attack Time-dependent value used in challenge-response protocols to prevent replay attack Random numbers, timestamps System sends a nonce, e.g. “ ” User sends a hash of username|password|nonce System computes what the hash should be, verifies user Replay fails since the nonce will be different when the attacker tries to gain access Nonce: “for the nonce” means “for the time being,” “just for now”

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptography MESSAGE SPACE (ALL POSSIBLE PLAINTEXT MESSAGES) “TRANSFER $5000 TO MY SAVINGS ACCOUNT” CODE SPACE (ALL POSSIBLE ENCRYPTED MESSAGES) “1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1” MUST BE REVERSIBLE (BUT ONLY IF YOU KNOW THE SECRET)

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptography MESSAGE SPACE (ALL POSSIBLE PLAINTEXT MESSAGES) “TRANSFER $5000 TO MY SAVINGS ACCOUNT” CODE SPACE (ALL POSSIBLE ENCRYPTED MESSAGES) “1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1” ENCRYPTION IS ONE-TO-ONE AND REVERSIBLE EVERY CODE CORRESPONDS TO EXACTLY ONE MESSAGE ENCRYPTION IS SECURE IF ONLY AUTHORIZED PEOPLE KNOW HOW TO REVERSE IT

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS The Encryption Process MATERIAL WE WANT TO KEEP SECRET UNREADABLE VERSION OF PLAINTEXT DATA TO THE ENCRYPTION ALGORITHM MATHEMATICAL SCRAMBLING PROCEDURE (TELLS HOW TO SCRAMBLE THIS PARTICULAR MESSAGE) MIGHT BE: TEXT DATA GRAPHICS AUDIO VIDEO SPREADSHEET... SOURCE: STEIN, WEB SECURITY OBJECT: HIDE A MESSAGE (PLAINTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT)

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Role of the Key in Cryptography The key is a parameter to an encryption procedure Procedure stays the same, but produces different results based on a given key NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS. S P E C I A L T Y B D F G H J K M N O Q R U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C O N S U L T I N G D S R A V G H E R M EXAMPLE:

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Symmetric Encryption SAME KEY USED FOR BOTH ENRCYPTION AND DECRYPTION SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS IS A WEAKNESS SOURCE: STEIN, WEB SECURITY

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Symmetric Encryption SOURCE: WILLIAM STALLINGS “Symmetric”: same key for both encryption and decryption SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS IS A WEAKNESS

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Data Encryption Standard (DES) Symmetric, key-based encryption-decryption standard. No public keys Block cipher: operates on 64-bit blocks Uses 56-bit key 16 “rounds” -- key for each round is a 48-bit function of the original 56-bit key. Each key bit participates in an average of 14 rounds Completely symmetric. Same algorithm decrypts. Fast implementation in hardware: 1 gigabit/second

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Encryption “Rounds” X r1r1 Key r2r2 r n-1 rnrn r3r3 Y r n-2 k1k1 k2k2 k n-1 knkn k3k3 k n-2 K KE Key Expansion Round Keys Encryption Rounds r 1 … r n u Key K is expanded to a set of n round keys k i u Input block X undergoes n rounds of operations (each operation is based on value of the n th round key), until it reaches the final round r n u Strength of algorithm: difficulty of going backwards from the intermediate result of round m+1 to round m without knowing the round key r m. SOURCE: MEL TSAI

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Classical Feistel Encryption Network SOURCE: WILLIAM STALLINGS

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS DES Encryption SOURCE: WILLIAM STALLINGS

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS One Round of DES SOURCE: WILLIAM STALLINGS

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Years To Crack Symmetric Encryption SOURCE: WILLIAM STALLINGS Key Length

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Cipher Block Chaining Example In ECB mode, the same input text always produces the same output. This creates risk of partial decryption. INITIALIZATION STRING  PLAINTEXT BLOCK 1 DES CIPHERTEXT BLOCK 1  PLAINTEXT BLOCK 2 DES CIPHERTEXT BLOCK 2 etc.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Triple DES Security can be increased by encrypting multiple times with different keys Double DES is not much more secure than single DES because of a “meet-in-the-middle” attack If K 1 = K 2 = K 3 this is just single DES DES ENCRYPT DES ENCRYPT DES DECRYPT PLAINTEXT BLOCK 1 CIPHERTEXT BLOCK 1 K1K1 K2K2 K3K3

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS AES, the DES Replacement AES = Advanced Encryption Standard DES has weaknesses: –slow (by modern standards) –weak (can be broken by fast computers) NIST ran a competition to replace DESNIST Winner: Rijndael, invented by Vincent Rijmen and Joan Daeman No patenting allowed Round block cipher of similar structure to DES but faster, more secure

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Rijndael Detailed view of round n u Each round consists of: u ByteSub: each 8 bits of input is replaced with a different 8 bits u ShiftRow: each row of the block matrix is cyclically shifted u MixColumn u AddRoundKey ByteSubShiftRowMixColumnAddRoundKey knkn Result from round n-1 Pass to round n+1 SOURCE: MEL TSAI

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Rijndael Allows 128, 192, and 256-bit key sizes Variable block length: 128, 192, or 256 bits. All nine combinations of key/block length possible. –A block is the smallest data size the algorithm will encrypt VERY FAST, much faster than DES –Software: 8416 bytes/sec on a 20MHz 8051 –Software: 53 Mbytes/sec on a 800MHz Pentium –Hardware: currently up to 25 Gbps

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Major Ideas SHA is the most important hash function SHA has not been cracked (reversed) Encryption algorithms are complex –must be studied carefully (by cryptographers) –subject to sophisticated attacks Symmetric encryption is fast –DES is not secure –DES family being replaced with Rijndael Salting defends against dictionary attacks Nonces defend against replay attacks

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Q A &

Meet-in-the-Middle Attack Exhaustive search for keys to crack 2DES would seem to require testing keys Start with (m, c), a plaintext/ciphertext pair Encrypt a two-block plaintext m with all possible 2 56 single DES keys k 1 ; sort the resulting pairs (k 1, c middle ) Decrypt the 2-block ciphertext c with all possible 2 56 single DES keys k 2 ; for each result c middle, check to see whether it occurs in the sorted list If so, (k 1, k 2 ) is a possible key. enc 2DES ((k 1, k 2 ),m) = enc DES (k 2, enc DES (k 1,m)) = enc DES (k 2, c middle1 ) = c This only requires testing 2 56 keys (and sorting them)