1. TELE3119: Trusted Networks Week 1
Course Coordinator:
Prof. Aruna Seneviratne, Room EE 312 –
Course web-page:

2. Cyber Security Many things to many people
Confidentiality, integrity and availability
Confidentiality: Prevent sensitive information from reaching the “wrong” people, while making sure that the “right” people get it
Encryption, authentication,….
Integrity: maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle
Access control, checksums, hashing,…..
Availability: ensuring access to data
Guaranteeing adequate communication bandwidth
Guaranteeing access to the host
Trusted Networks

3. Cyber-Attacks per-month
Source:
Trusted Networks

4. Cybercrime top-10 techniques
Trusted Networks

5. Most Common
Trusted Networks

6. Cost of Cybercrime
Trusted Networks

7. Cost of Cybercrime in Australia
Trusted Networks

8. Australia
Trusted Networks

9. Course Overview Objectives Three Parts:
Understand principles, protocols and tools, and applications
Three Parts:
Security Fundamentals
Private/public-key crypto, digital signatures, …
Network Security
Network Security Protocols
VPN, SSL, PGP, ToR, …
Network Security Apliances
IDS, Firewalls
Applications
Bit Coin
Trusted Networks

10. Course logistics Lectures & tutorials Background knowledge
Textbooks and resources
Labs and project
Assessment:
Quizzes: 2 x 15% = 30%
Labs: 5% + 10% + 15% = 30%
Final exam: 40%
Pass in the Final Exam is a mandatory
Trusted Networks

11. What is network security?
confidentiality: only sender, intended receiver should “understand” message contents
sender encrypts message
receiver decrypts message
authentication: sender, receiver want to confirm identity of each other
message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
access and availability: services must be accessible and available to users
Trusted Networks

12. Security Glossary: Some Definitions
Vulnerability: An error or weakness in the design, implementation, or operation of a system
Technical failing in a system
Attack: Exploit a vulnerability in a system
a deliberate attempt to violate the security of a system
Threat: A potential for violation of security
a possible danger that might exploit a vulnerability
Trusted Networks

13. Friends and enemies: Alice, Bob, Trudy
well-known in network security world
Bob, Alice (lovers!) want to communicate “securely”
Trudy (intruder) may intercept, delete, add messages
channel
data, control messages
Bob
Alice
secure
sender s
secure
receiver
data
data
Trudy
Trusted Networks

14. Who might Bob, Alice be? … well, real-life Bobs and Alices!
Web browser/server for electronic transactions (e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?
Trusted Networks

15. There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: A lot!
eavesdrop: intercept messages
actively insert messages into connection
impersonation: can fake (spoof) source address in packet (or any field in packet)
hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
Trusted Networks

16. Threats
Joy hackers: Many are “script kiddies”, some are very competent
The hackers share tools more than the good guys do.
Profit hackers: Money is the primary motivation
Less pure vandalism
Viruses are designed to turn victim computers into “bots”
In many cases, hacking is just another venue for ordinary criminal activity
Insiders: What if your system administrator turns to the Dark Side?
Are on the inside of your firewalls!
Often know the weak points
Spies: governments may want your technology
Trusted Networks

17. What is a Cryptosystem? K m plaintext message
ciphertext K A
encryption
algorithm
decryption
Alice’s
key
Bob’s B
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
Trusted Networks

18. Basic View of Cryptography
Symmetric
Asymmetric
Protocols
Stream Ciphers
Block Ciphers
Trusted Networks

19. Secret Key vs. Secret Algorithm
Military
Hard to keep an algorithm secret, if used widely
Reverse engineering
Secret keys
Commercial
Publish the algorithm while keeping the key secret
The design and analysis of today’s cryptographic algorithms is highly mathematical. Do not try to design your own algorithms.
Trusted Networks

20. Simple Encryption Scheme
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
e.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
mapping from set of 26 letters to another set of 26 letters
Trusted Networks

21. Letter Frequency in English
Relative frequency A
8.2% B
1.5% C
2.8% D
4.3% E
12.7 … I 7% T
9.1% Z
0.1%
Trusted Networks

22. Breaking an Encryption Scheme
Ciphertext only
Trudy (bad guy) has access to enough ciphertext only
brute-force search until finding a “recognizable plaintext” (Exhaustive)
Need enough ciphertext
Known plaintext
Trudy can obtain some <plaintext, ciphertext> pairs
secret may be revealed (by spy or time)
Eg. in monoalphabetic cipher, trudy determines pairings for a,l,i,c,e,b,o,
Chosen plaintext
Trudy can choose a plaintext and have its ciphertext computed
Can break mono-alphabetic cipher
the quick brown fox jumps over the lazy dog
Trusted Networks

23. More Sophisticated Encryption
n substitution ciphers, M1,M2,…,Mn
cycling pattern:
e.g., n=5: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..
for each new plaintext symbol, use subsequent substitution pattern in cyclic pattern
dog: d from M1, o from M3, g from M4
Encryption key: n substitution ciphers, and cyclic pattern
key need not be just n-bit pattern
Trusted Networks

24. Computational Difficulty
Algorithm should be efficient to compute but significantly difficult for a brute-force cryptanalysis
Brute-force cryptanalysis: try all keys until “looks like” plaintext
a longer key means more work for brute-force cryptanalysis
encryption: O(N+1), brute-force: O(2N+1)
twice as hard with each additional bit
Advances in computing benefit cryptographer more, but make old uses of cryptography easier to break
DES (56 bit key) was standardized in It took 56 hours to break it in 1998, less than 1 day in 2008
Trusted Networks

25. Types of Cryptographic Functions
Crypto often uses keys:
Algorithm is known to everyone
Only “keys” are secret
Private key cryptography (symmetric cryptography)
one shared key
Public key cryptography (asymmetric cryptography)
two keys (public and private)
Hash function
Zero keys!!
How can this be useful?
Trusted Networks

26. Symmetric Key Cryptography
encryption
algorithm
plaintext
message, m
ciphertext
decryption
algorithm
plaintext
K (m)
m = KS(KS(m)) S
symmetric key crypto: Bob and Alice share same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
Q: how do Bob and Alice agree on key value? S
Trusted Networks

27. Summary What is cryptography Three ways to break cryptography
Trivial ciphers
Cryptographic functions and their applications
Next : private key cryptography
Trusted Networks

28. Private Key Encryption
Also referred to as:
Conventional encryption
Symmetric key encryption
Secret-key or single-key encryption
Only alternative before public-key encryption in 1970’s
Still most widely used alternative to public-key encryption
Trusted Networks

29. Private Key Cryptography
One key shared by both participators
one key, two operations (encryption and decryption)
Trusted Networks

30. Example: Polyalphabetic encryption
500 years ago!
n mono-alphabetic ciphers, C1, C2,…,Cn
Cycling pattern:
e.g., n=4, C1,C3,C4,C3,C2; C1,C3,C4,C3,C2;
For each new plaintext symbol, use subsequent mono-alphabetic cipher in cyclic pattern
dog: d from C1, o from C3, g from C4
Key: the n ciphers and the cyclic pattern
Trusted Networks

31. Polyalphabetic encryption example
Plaintext letter: a b c d e f g h i j k l m n o p q r s t u v w x y z
C1(k=5) : f g h i j k l m n o p q r s t u v w x y z a b c d e
C2(k=19) : t u v w x y z a b c d e f g h i j k l m n o p q r s
Pattern: C1, C2, C2, C1, C2
Plaintext message: “bob, i love you”
Cipher text message: “ghu, n etox dhz”
Key? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1 C2 b o , i l v e y u g h n t x d z
Trusted Networks

32. Review: XOR
For perfectly random key stream si , each ciphertext output bit has a 50% chance to be 0 or 1
Good statistical property for ciphertext
Inverting XOR is simple, since it is the same XOR operation mi
ksi ci 1
Trusted Networks

33. Two types of modern private ciphers
Stream ciphers
encrypt one bit at a time
E.g. RC4
Block ciphers
Break plaintext message in equal-size blocks
Encrypt each block as a unit
E.g. DES, IDEA, AES
Trusted Networks

34. Basic View of Cryptography
Symmetric
Asymmetric
Protocols
Stream Ciphers
Block Ciphers
Trusted Networks

35. Stream Ciphers
pseudo random
keystream
generator
input key 
keystream
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
XOR operation (modulo 2 addition)
m(i) = ith bit of message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks(i)  m(i) ( = exclusive or)
m(i) = ks(i)  c(i)
Trusted Networks

36. Stream Ciphers
pseudo random
keystream
generator
input key 
keystream
Security of stream cipher depends entirely on the key stream ks(i) :
Should be random , i.e., Pr(ks(i) = 0) = Pr(ks(i) = 1) = 0.5
Must be reproducible by sender and receiver
Synchronous Stream Cipher
Key stream depend only on the key (and possibly an initialization vector IV)
Asynchronous Stream Ciphers
Key stream depends also on the ciphertext (dotted feedback enabled)
Trusted Networks

37. Random Number Generators (RNGs)
Three types of RNGs
True Random Number Generators
Physical processes
Pseudorandom Random Number Generators
They are deterministic
Cryptographically Secure Random Number Generators
PRNG with an additional property numbers are unpreicitable
Trusted Networks

38. True Random Number Generators (TRNGs)
Based on physical random processes: coin flipping, dice rolling, semiconductor noise, radioactive decay, mouse movement, clock jitter of digital circuits
Output stream ksi should have good statistical properties:
Pr(ksi = 0) = Pr(ksi = 1) = 50% (often achieved by post-processing)
Output can neither be predicted nor be reproduced
Typically used for generation of keys, nonces (used only-once values) and for many other purposes
Trusted Networks

39. Pseudorandom Number Generator (PRNG)
Generate sequences from initial seed value
Typically, output stream has good statistical properties
Output can be reproduced and can be predicted Often computed in a recursive way:
ks0  seed
ksi1  f (ksi ,ksi1,..., ksi t )
Example: rand() function in ANSI C:
ks0  12345
𝑘𝑠 𝑖+1 = 𝑘𝑠 𝑖 +_12345 mod 231
Most PRNGs have bad cryptographic properties!
Trusted Networks

40. Cryptanalyzing a Simple PRNG
Simple PRNG: Linear Congruential Generator
ks0  seed
ksi 1  A.ksi  B mod m
Assume
unknown A, B and S0 as key
Size of A, B and Si to be 100 bit
300 bit of output are known, i.e. S1, S2 and S3
Solving
ks2  Aks1  B mod m
ks3  Aks2  B mod m
…directly reveals A and B. All Si can be computed easily!
Bad cryptographic properties due to the linearity of most PRNGs
Trusted Networks

41. Cryptographically Secure Pseudorandom Number Generator (CSPRNG)
Special PRNG with additional property:
Output must be unpredictable
More precisely: Given n consecutive bits of output 𝑘𝑠 𝑛 , the following output bits 𝑘𝑠 𝑛+1 , ksn+2 cannot be predicted (in polynomial time).
Needed in cryptography, in particular for stream ciphers
Remark: There are almost no other applications that need unpredictability, whereas many, many (technical) systems need PRNGs.
Trusted Networks

42. One-Time Pad Unconditionally secure cryptosystem: One-Time Pad
A cryptosystem is unconditionally secure if it cannot be broken even with infinite computational resources
One-Time Pad
A cryptosystem developed by Mauborgne that is based on Vernam’s stream cipher:
Properties:
Let the plaintext, ciphertext and key consist of individual bits
xi, yi, ski  {0,1}.
OTP is unconditionally secure if and only if the key ski. is used once!
Encryption: Decryption:
eki(xi) = xi  ski. dki(yi) = yi  ski
Trusted Networks

43. OTP Operation
Two pads of paper containing identical random sequences of letters are produced and securely issued to both
Alice chooses the appropriate unused page from the pad
The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on 1 May', or 'use the next available sheet for the next message'.
The material on the selected sheet is the key for this message.
Trusted Networks

44. One-Time Pad Unconditionally secure cryptosystem:
y0 = x0  k0
y1 = x1  k1 :
Every equation is a linear equation with two unknowns
for every yi are xi = 0 and xi = 1 equiprobable!
This is true iff k0 , k1, ... are independent, i.e., all ki have to be generated truly random
It can be shown that this systems can provably not be solved
Disadvantage: For almost all applications the OTP is impractical since the key must be as long as the message! (Imagine you have to encrypt a 1GByte attachment.)
Trusted Networks

45. Practical Stream Ciphers
PRNG 
PRNG  K K Si Si Xi Xi Yi
Linear Congruential Generator
ks0  seed
ksi 1  A.ksi  B mod m
What is the drawback?
Only needs to know 3 symbols to break the system
S2 = A.S1 + B mod m
S3 = A.S2 + B mod m
Trusted Networks

46. Summary Introduction to stream ciphers Random number Generators
One Time Pad (OTP)
Trusted Networks

47. What is the Solution? Linear Feedback Shift Registers (LSFRs)
Stream cipher that is small (= low power)
Trusted Networks

48. Linear Feedback Shift Registers (LFSRs): m=3
clk
FF2
FF1
FF0=si 1 2 3 4 5 6 7 8
LFSR output described by recursive equation:
si3  si1  si mod 2
Maximum output length (of 23-1=7) achieved only for certain feedback configurations
e.g. the one shown here
Trusted Networks

49. Linear Feedback Shift Registers (LFSRs)
Concatenated flip-flops (FF), i.e., a shift register together with a feedback path
Feedback computes fresh input by XOR of certain state bits
Degree m given by the number of storage elements
If pi = 1, the feedback connection is present (“closed switch”), otherwise (pi = 0) there is no feedback from this flip-flop (“open switch”)
Output sequence repeats periodically
Maximum output length: 2m-1
Sm+1= 𝑗=0 𝑚−1 𝑆𝑖+𝑗 .𝑝𝑗 𝑚𝑜𝑑 2
Trusted Networks

50. Summary of LFSRs LFSRs typically described by polynomials:
P(x)  xm  pl-1xm1  ...  p1 x  p0
Single LFSRs generate highly predictable output
If 2m output bits of an LFSR of degree m are known, the feedback coefficients pi of the LFSR can be found by solving a system of linear equations
Because of this many stream ciphers use combinations of LFSRs
Only LSFRs with primitive polynomials yield maximum
Trusted Networks

51. Attack on LSFR – Stream Ciphers
Step 1
Yi = Xi + Si mod 2
Si = Yi + Xi mod 2
I = 0, 1, …., 2m-1
Step 2
Recover S2m, S2m+1, ….
Unknown pi’s
Remember
System of m linear equations with m unknowns
Can easily be solved by gaussian elimination (matrix inversion)
Sm+1= 𝑗=0 𝑚−1 𝑆𝑖+𝑗 .𝑝𝑗 𝑚𝑜𝑑 2
Trusted Networks

52. Summary
Overview of LFSR
General LSFR
Attacks
Trusted Networks

53. Basic View of Cryptography
Symmetric
Asymmetric
Protocols
Stream Ciphers
Block Ciphers
Trusted Networks

54. Block Cipher Primitives: Confusion and Diffusion
Claude Shannon: There are two primitive operations with which strong encryption algorithms can be built:
Confusion: An encryption operation where the relationship between key and ciphertext is obscured.
Today, a common element for achieving confusion is substitution, which is found in both AES and DES.
Diffusion: An encryption operation where the influence of one plaintext symbol is spread over many ciphertext symbols with the goal of hiding statistical properties of the plaintext.
A simple diffusion element is the bit permutation, which is frequently used within DES.
Both operations by themselves cannot provide security. The idea is to concatenate confusion and diffusion elements to build so called product ciphers.
Trusted Networks

55. Product Ciphers
Most of today‘s block ciphers are product ciphers as they consist of rounds which are applied repeatedly to the data.
Can reach excellent diffusion: changing of one bit of plaintext results on average in the change of half the output bits.
Example:
Trusted Networks

56. Block Ciphers DES: Data Encryption Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
block cipher with cipher block chaining
how secure is DES?
DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day
no known good analytic attack
making DES more secure:
3DES: encrypt 3 times with 3 different keys
Trusted Networks

57. Overview of the DES Algorithm
Encrypts blocks of size 64 bits.
Uses a key of size 56 bits.
Symmetric cipher: uses same key for encryption and decryption
Uses 16 rounds which all perform the identical operation
Different subkey in each round derived from main key
DES 56 k 64 y
Trusted Networks

58. The DES Feistel Network (1)
DES structure is a Feistel network
Advantage: encryption and decryption differ only in keyschedule
Bitwise initial permutation, then 16 rounds
Plaintext is split into 32-bit halves Li and Ri
Ri is fed into the function f, the output of which is then XORed with Li
Left and right half are swapped
Rounds can be expressed as:
Trusted Networks

59. The DES Feistel Network (2)
L and R swapped again at the end of the cipher, i.e., after round 16 followed by a final permutation
Trusted Networks

60. Initial and Final Permutation
Bitwise Permutations.
Inverse operations.
Described by tables IP and IP-1.
Initial Permutation Final Permutation
Trusted Networks

61. The f-Function S-box substitution main operation of DES
f-Function inputs:
Ri-1 and round key ki
4 Steps:
Expansion E
XOR with round key
S-box substitution
Permutation
Trusted Networks

62. ! The Expansion Function E Expansion E
main purpose: increases diffusion !
Trusted Networks

63. The DES S-Boxes S-Box substitution Eight substitution tables.
6 bits of input, 4 bits of output.
Non-linear and resistant to differential cryptanalysis.
Crucial element for DES security!
Trusted Networks

64. Security of DES After proposal of DES two major criticisms arose:
Key space is too small (256 keys)
S-box design criteria have been kept secret: Are there any hidden analytical attacks (backdoors), only known to the NSA?
Analytical Attacks:
DES is highly resistent to both differential and linear cryptanalysis, which have been published years later than the DES. This means IBM and NSA had been aware of these attacks for 15 years!
So far there is no known analytical attack which breaks DES in realistic scenarios.
Exhaustive key search:
For a given pair of plaintext-ciphertext (x, y) test all 256 keys until the condition DES -1(x)=y is fulfilled.
 Relatively easy given today’s computer technology!
Trusted Networks

65. 3DES 2 keys used instead of 3 keys
equivalent key length is 112 bits
3DES operations: EDE for encryption, DED for decryption
3DES is inefficient and expensive
Some systems implement 3DES with 3 keys
Not standard
If K1 =K2  3DES becomes equivalent of DES
Trusted Networks

66. 3DES
Trusted Networks

67. AES: Advanced Encryption Standard
Symmetric-key NIST standard, replaced DES (Nov 2001)
Processes data in 128 bit blocks
Three supported key lengths:128, 192, or 256 bit
Brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
Key Length
Number of Rounds
128 10
198 12
256 14
Trusted Networks

68. AES Overview
Trusted Networks

69. Summary Understanding of DES Overview of DES Internals
What is 3 DES and AES
Trusted Networks