Download presentation
Presentation is loading. Please wait.
Published byWhitney Parsons Modified over 8 years ago
1
2 nd lecture
2
Plaintext – ciphertext – encryption – decryption. Cryptography – cryptanalysis – cryptanalyst – cryptology. Authentication – Integrity – Non-repudiation – Confidentiality – Availability. Symmetric algorithms – public-key (asymmetric) algorithms.
3
3 Interruption This is an attack on availability. An asset of the system is destroyed or becomes unusable.Interruption This is an attack on availability. An asset of the system is destroyed or becomes unusable. Information source Information Destination Information Interruption Categories of security attacks Interception Modification Fabrication
4
4 Interruption Examples include: destruction of a piece of hardware such as a hard disk, the cutting of a communication line, or the disabling of the file management system.Interruption Examples include: destruction of a piece of hardware such as a hard disk, the cutting of a communication line, or the disabling of the file management system. Interruption Categories of security attacks Interception Modification Fabrication
5
5 Interception This is an attack on confidentiality. Unauthorized party ( person, program ) gains access to an asset.Interception This is an attack on confidentiality. Unauthorized party ( person, program ) gains access to an asset. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication
6
6 Interception Examples include: wiretapping to capture data in a network, and the unauthorized copying of files or programs.Interception Examples include: wiretapping to capture data in a network, and the unauthorized copying of files or programs. Interruption Categories of security attacks Interception Modification Fabrication
7
7 Modification This is an attack on integrity. Unauthorized party gains access and tampers with an asset..Modification This is an attack on integrity. Unauthorized party gains access and tampers with an asset.. Information source Information Destination Information Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication
8
8 Modification Examples include: changing values in data files, altering a program so that it performs differently and modifying the content of messages being transmitted in a network.Modification Examples include: changing values in data files, altering a program so that it performs differently and modifying the content of messages being transmitted in a network. Interruption Categories of security attacks Interception Modification Fabrication
9
9 Fabrication This is an attack on authenticity. Unauthorized party inserts counterfeit objects into system.Fabrication This is an attack on authenticity. Unauthorized party inserts counterfeit objects into system. Information source Information Destination Unauthorized Party Interruption Categories of security attacks Interception Modification Fabrication
10
10 Fabrication Examples include: the insertion of spurious messages in a network or the addition of records to a file.Fabrication Examples include: the insertion of spurious messages in a network or the addition of records to a file. Interruption Categories of security attacks Interception Modification Fabrication
11
11 Passive threats Passive attacks are in the nature of eavesdropping or monitoring of transmissions. The goal is to obtain information that is being transmitted. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive threats Passive attacks are in the nature of eavesdropping or monitoring of transmissions. The goal is to obtain information that is being transmitted. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Passive Categories of security threats Active
12
12 Two types of Passive threats The release of message contents such as a telephone conversation, an e-mail message, and a transferred file. The traffic analysis to determine the location and identity of communicating hosts. Two types of Passive threats The release of message contents such as a telephone conversation, an e-mail message, and a transferred file. The traffic analysis to determine the location and identity of communicating hosts. Passive Categories of security threats Active
13
The attacker does not affect the protocol Eve
14
14 Active threats Active attacks involve some modification of the data stream or the creation of a false stream. These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Active threats Active attacks involve some modification of the data stream or the creation of a false stream. These attacks can be subdivided into four categories: masquerade, reply, modification of messages, and denial of service. Passive Categories of security threats Active
15
Mallory
16
The aim of cryptography is to keep the plaintext secret from the eavesdroppers. Adversary – attacker – intruder – interceptor – interloper – enemy. Eavesdroppers are assumed to have complete access to the communication between the sender and receiver. Cryptanalysis is the science of recovering the plaintext from the message without access to the key.
17
There are common 5 types of cryptanalytic attacks. 1. Ciphertext-only attack: the cryptanalyst has the ciphertext of several messages that are encrypted using the same algorithm. Given: C 1 =E k (M 1 ), C 2 =E k (M 2 ), …, C i =E k (M i ) Deduce: M 1, M 2, …, M i to infer M i+1 from C i+1
18
2. Known-plaintext attack: the cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) Deduce: k to infer M i+1 from C i+1
19
3. Chosen-plaintext attack: the cryptanalyst not only has access to the ciphertext and associated plain text of several messages, but he also chooses the plaintext that gets encrypted. His job is to deduce the key. Given: M 1, C 1 =E k (M 1 ), M 2, C 2 =E k (M 2 ), …, M i, C i =E k (M i ) where the cryptanalyst chooses M 1, M 2, …, M i Deduce: k to infer M i+1 from C i+1
20
4. Adaptive chosen-plaintext attack: Not only can the cryptanalyst choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption.
21
5. Chosen-ciphertext attack: The cryptanalyst can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. Hids job is to deduce the key. Given: C 1, M 1 =D k (C 1 ), C 2, M 2 =D k (C 2 ), …, C i, M i =D k (C i ) Deduce: K
22
The security of any algorithm depends on how hard it is to break. An algorithm is: Unconditionally secure: if there is not enough information to recover the plaintext. Computationally secure: if it cannot be broken with the available resources, either current or future. Brute-force attack: trying every possible key one by one and checking whether the resulting plaintext is meaningful.
23
The complexity of an attack can be measured by: Data complexity: the amount of data needed as an input to the attack. Processing complexity: The time needed to perform the attack (work factor) Storage requirements: the amount of memory needed to do the attack. Ex: a key length = 128 bit. If we have 1 million processor, each performs 1 million operation/second. We need 10 19 years to recover the key.
24
Steganography from the Greek word steganos meaning “ covered ” and the Greek word graphie meaning “ writing ” Steganography is the process of hiding of a secret message within an ordinary message and extracting it at its destination. Anyone else viewing the message will fail to know it contains hidden data.
25
Invisible Ink is a form of steganography By replacing the least significant bit if each byte of the image with the bits of the message, we can store 64Kbyte message in a 1024 X 1024 gray scale picture.
27
Steganography Carrier Files bmp jpeg gif wav mp3 Amongst others …
28
Steganography Tools Steganos S-Tools (GIF, JPEG) StegHide (WAV, BMP) Invisible Secrets (JPEG) JPHide Camouflage Hiderman The following example come from S-Tools for Windows. S-Tools allows users to hide information into BMP, GIF, or WAV files.
29
FIGURE 2. The original image file (left) and image file with embedded text (right), side by side.
31
Image of a tree. By removing all but the last 2 bits of each color component, an almost completely black image results. Making the resulting image 85 times brighter results in the image below.bitscolor component Image extracted from above image.
32
Identification of hidden files
33
Definition Identifying the existence of a message Not extracting the message Note: Technically, Steganography deals with the concealment (hiding) of a message, not the encryption of it Steganalysis essentially deals with the detection of hidden content
34
By identifying the existence of a hidden message, perhaps we can identify the tools used to hide it. If we identify the tool, perhaps we can use that tool to extract the original message.
35
Methods of detecting the use of Steganography Visual Detection (JPEG, BMP, GIF, etc.) Audible Detection (WAV, MPEG, etc.) Statistical Detection (changes in patterns of the pixels or LSB – Least Significant Bit) or Histogram Analysis Structural Detection - View file properties/contents size difference date/time difference contents – modifications checksum
36
Categories Anomaly Histogram analysis Change in file properties Statistical Attack Visually Audible Signature A pattern consistent with the program used
37
Detecting Steganography by viewing it Can you see a difference in these two pictures? (I can ’ t!)
38
Kurtosis The degree of flatness of a curve describing a frequency of distribution.
39
Histogram analysis can be used to possibly identify a file with a hidden message
40
By comparing histograms, we can see this histogram has a very noticeable repetitive trend.
41
Compare the properties of the files Properties 04/04/2003 05:25p 240,759 helmetprototype.jpg 04/04/2003 05:26p 235,750 helmetprototype.jpg Checksum C:\GNUTools>cksum a:\before\helmetprototype.jpg 3241690497 240759 a:\before\helmetprototype.jpg C:\GNUTools>cksum a:\after\helmetprototype.jpg 3749290633 235750 a:\after\helmetprototype.jpg
42
If you have a copy of the original file, it can be compared to the modified carrier file. Many tools can be used for viewing and comparing the contents of a hidden file. Reviewing multiple files may identify a signature pattern related to the Steganography program
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.