Cyber Attacks and Cryptography Overview
concepts wrt. the Internet? Security Objectives Confidentiality Integrity Availability Authentication Non-repudiation How can we define these concepts wrt. the Internet? Internet Security - Farkas
Internet Security - Farkas Types of Attacks (1) Interruption – an asset is destroyed, unavailable or unusable (availability) Interception – unauthorized party gains access to an asset (confidentiality) Modification – unauthorized party tampers with asset (integrity) Fabrication – unauthorized party inserts counterfeit object into the system (authenticity) Denial – person denies taking an action (authenticity) Internet Security - Farkas
Internet Security - Farkas Types of Attacks (2) Passive attacks: Eavesdropping Monitoring Active attacks: Masquerade – one entity pretends to be a different entity Replay – passive capture of information and its retransmission Modification of messages – legitimate message is altered Denial of service – prevents normal use of resources Internet Security - Farkas
Internet Security - Farkas Protection Protection at storage Inactive (e.g., databases storage, file system) During processing (e.g., DBMS access, application access) Protection during transmission Level of protection (e.g., content vs. header info) Aim of protection (e.g., confidentiality, integrity, privacy, etc.) Internet Security - Farkas
Basic Defense Mechanisms Usable security! Identification and Authentication Authorization Cryptography Hardware, software security Tampering avoidance Information leakage prevention Input validation Network-protection: communication, firewall, IDS, etc. Internet Security - Farkas
Attacks Against Communication Channels Internet Security - Farkas
Insecure communications Sender Recipient Insecure channel Confidential Encryption: confidential communication Internet Security - Farkas
Internet Security - Farkas Encryption Does it support? Confidentiality Integrity Availability Authentication (pair-wise, third party) Non-repudiation Internet Security - Farkas
Internet Security - Farkas Terminology Plaintext (cleartext): a message in its original form Ciphertext (cyphertext): an encrypted message Encryption: transformation of a message to hide its meaning Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm). Internet Security - Farkas
Internet Security - Farkas Terminology Decryption: recovering meaning from ciphertext Cryptography: art and science of keeping messages secure Cryptanalysis: art and science of breaking ciphertext Cryptology: study of both cryptography and cryptanalysis Internet Security - Farkas
Internet Security - Farkas Continue from 08/29 Internet Security - Farkas
Internet Security - Farkas Encryption and Decryption Plaintext Ciphertext Plaintext Encryption Decryption Internet Security - Farkas
Conventional (Secret Key) Cryptosystem Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel Internet Security - Farkas
Internet Security - Farkas Public Key Cryptosystem Recipient’s public Key (Kpub) Recipient’s private Key (Kpriv) Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient C=E(Kpub,M) M=D(Kpriv,C) Kpub needs reliable channel Internet Security - Farkas
Summary: Secret-Key Encryption Single, secret key Key distribution problem of secret key systems Establish key before communication Need n(n-1)/2 keys with n different parties Do NOT provide electronic signatures Faster than public-key encryption Internet Security - Farkas
Summary: Public Key Encryption Supports confidentiality and authentication Need reliable channel for key distribution 2n keys for n users (public, private pairs) Digital certificate PKI Internet Security - Farkas
Simple secret key distribution KE-S ||ID-S 2. E KE-S(Ksession) Sender Recipient Vulnerable to active attack! HOW? Internet Security - Farkas
With confidentiality and authentication E KE-R[N1||ID-S] 2. E KE-S[N1||N2] 3. E KE-R[N2-1] 4. E KE-R E KD-S(Ksession) Sender Recipient What are the basic requirements for this protocol to be correct? Internet Security - Farkas
Internet Security - Farkas What is a Protocol? Internet Security - Farkas
Internet Security - Farkas Protocol Sequence of interactions between entities to achieve a certain end Types of protocols: Diplomatic Communication Graduation Security Etc. What is TCP/IP? Internet Security - Farkas
Internet Security - Farkas Reading Assignment Recommended Reading: P.Y.A. Ryan, S.A. Schneider, M.H. Goldsmith, G. Lowe and A.W. Roscoe, The Modelling and Analysis of Security Protocols: the CSP Approach, Section 0. Introduction, pages: 1 – 37, http://www.computing.surrey.ac.uk/personal/st/S.Schneider/books/MASP.pdf Internet Security - Farkas
Internet Security - Farkas Security Protocols Cryptographic protocols Services: secrecy, integrity, authentication, key exchange, non-repudiation, etc. Components: communicating parties (nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc. Internet Security - Farkas
Security Properties – Secrecy Non-interference: Intruder should not be able to deduce anything about the legitimate users’ activities Message confidentiality: intruder cannot derive the plaintext of messages passed between two legitimate nodes Internet Security - Farkas
Security Properties – Authentication of Origin Verify Who sent the message? Who sent the message to whom? Who sent the message to whom and how many times? Internet Security - Farkas
Security Properties – Entity Authentication Similar to authentication of origin but has timeliness Repeated form of origin authentication Internet Security - Farkas
Security Properties – Integrity Data cannot be corrupted Content of output messages match the content of the input message Internet Security - Farkas
Security Properties – Authenticated Key-Exchange I’m calling from your utilities company. We need your SSN, billing address, and … Share a secret key with another person and know for sure who this other person is Internet Security - Farkas
Security Properties – Non-repudiation Legitimate participants Against possible cheating Signature-type mechanism Internet Security - Farkas
Security Properties – Fairness Legitimate participants Prevents one of the participants to gain advantage over another by halting the protocol part-way through Internet Security - Farkas
Security Properties – Anonymity Over some sets of events Shuffling the events will not change an observer’s view Occurrence of events? Accountability Internet Security - Farkas
Security Properties – Availability To be able to achieve the goals Internet Security - Farkas
More Examples of Crypto protocols Read on your own Internet Security - Farkas
Diffie-Hellman Key Exchange Proposed in 1976 First public key algorithm Allows group of users to agree on secret key over insecure channel Cannot be used to encrypt and decrypt messages Internet Security - Farkas
Diffie-Hellman Key Exchange Protocol for A and B want to agree on shared secret key: A and B agree on two large numbers n and g, such that 1<g<n A chooses random x and computes X=gx mod n and sends X to B B chooses random y and computes Y=gy mod n and sends Y A computes k= Yx mod n B computer k’= Xy mod n Note: k =k’= gyx mod n Internet Security - Farkas
Diffie-Hellman Key Exchange Requires no prior communication between A and B Security depends on difficulty of computing x given X=gx mod n Choices for g and n are critical: both n and (n-1)/2 should be prime, n should be large Susceptible to intruder in the middle attack (active intruder) Internet Security - Farkas
Intruder in the Middle Attack John Rose Hi Rose, I’m John. Hi Rose, I’m John. Hi John, I’m Rose. Hi John, I’m Rose. Intruder and John Uses Diffie-Hellman To agree on key K. Intruder and Rose Uses Diffie-Hellman To agree on key K’. K and K’ may be the same Internet Security - Farkas
Asymmetric-Key Exchange Without server Broadcasting Publicly available directory With server Public key distribution center Certificates Internet Security - Farkas
Internet Security - Farkas Public announcement KE-J.S. KE-J.S. KE-J.S. KE-J.S. John Smith KE-J.S. KE-J.S. Bad: Uncontrolled distribution easy to forge Internet Security - Farkas
Publicly available directory Better but not Good enough Directory could Be compromised Public Key Directory KE-J.S. KE-M.R.. John Smith Mary Rose Internet Security - Farkas
Internet Security - Farkas Public-key authority Public-Key Authority 1. Request || Time1 4. Request || Time2 2. EKD-Auth[KE-R||Request||Time1] 5. EKD-Auth[KE-S||Request||Time2] 3. EKE-R(ID-S||N1) Sender 6. EKE-S(N1||N2) Recipient 7. EKE-R(N2) Internet Security - Farkas
Public-key certificates Authority KE-R KE-S C-S=EKD-CAuth[Time1,ID-S,KE-S] CR=EKD-CAuth[Time2,ID-R,KE-R] 1. C-S Sender 2. C-R Recipient Internet Security - Farkas
Internet Security - Farkas Certificates Guarantees the validity of the information Establishing trust Public key and user identity are bound together, then signed by someone trusted Need: digital signature Internet Security - Farkas
Internet Security - Farkas Digital Signature Need the same effect as a real signature Un-forgeable Authentic Non-alterable Not reusable Internet Security - Farkas
Internet Security - Farkas Digital signature Direct digital signature: public-key cryptography based Arbitrated digital signature: Conventional encryption: Arbiter sees message Arbiter does not see message Public-key based Internet Security - Farkas
Digital Signatures in RSA Insecure channel Sign Verify Plaintext Plaintext Signed plaintext Decryption Alg. Encryption Alg. Recipient Sender S’s private key S’s public key (need reliable channel) Internet Security - Farkas
Internet Security - Farkas Non-repudiation Requires notarized signature, involving a third party Large system: hierarchies of notarization Internet Security - Farkas
Next Class TCP/IP Overview Internet Security - Farkas