Presentation on theme: " Security is multifaceted phenomenon o Confidentiality, integrity, availability We spoke about various security threats And some general defense approaches."— Presentation transcript:
Security is multifaceted phenomenon o Confidentiality, integrity, availability We spoke about various security threats And some general defense approaches o Prevention o Detection and response (sustain the attack or get rid of it) o Learn from mistakes, improve prevention Now we’ll talk about challenges in the defense field
Your security frequently depends on others o Tragedy of commons A good solution must o Handle the problem to a great extent o Handle future variations of the problem, too o Be inexpensive o Have economic incentive o Require a few deployment points o Require non-specific deployment points
Fighting a live enemy o Security is an adversarial field o No problem is likely to be completely solved o New advances lead to improvement of attack techniques o Researchers must play a double game
Attack patterns change Often there is scarce attack data Testing security systems requires reproducing or simulating legitimate and traffic o No agreement about realistic traffic patterns No agreement about metrics There is no standardized evaluation procedure Some security problems require a lot of resources to be reproduced realistically
Risk analysis and risk management o How important it is to enforce a policy o Which threats matter o Legislation may play a role The role of trust o Assumptions are necessary Human factors o The weakest link
Motivation o Bragging Rights o Profit (Spam, Scam, Phishing, Extortion) o Revenge / to inflict damage o Terrorism, politics Risk to the attacker o Usually small o Can play a defensive role
Policy defines what is allowed and how the system and security mechanisms should act Policy is enforced by mechanism which interprets and enforces it, e.g. o Firewalls o IDS o Access control lists Implemented as o Software (which must be implemented correctly and without vulnerabilities)
Goal: Protect private communication in the public world Alice and Bob are shouting messages over a crowded room Everyone can hear what they are saying but no one can understand (except them) We have to scramble the messages so they look like nonsense or alternatively like innocent text Only Alice and Bob know how to get the real messages out of the scramble
Authentication o Bob should be able to verify that Alice has created the message Integrity checking o Bob should be able to verify that message has not been modified Non-repudiation o Alice cannot deny that she indeed sent the message
Exchanging a secret with someone you have never met, shouting in a room full of people Proving to someone you know some secret without giving it away Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot Sending a secret message so that it can be retrieved only if m out of n people agree to retrieve it
Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!! Alice could give a message covertly “Meeting at the old place” o Doesn’t work for arbitrary messages and o Doesn’t work if Alice and Bob don’t know each other Alice could hide her message in some other text – steganography Alice could change the message in a secret way o Bob has to learn a new algorithm o Secret algorithms can be broken by bad guys
Substitute each letter with a letter which is 3 letters later in the alphabet o HELLO becomes KHOOR Instead of using number 3 we could use n [1,25]. n would be our key How can we break this cipher? Can you decipher this: Bpqa kzgxbwozixpg ammua zmit miag. Em eivb uwzm!
We can also choose a mapping for each letter: (H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabetic cipher. o HELLO becomes AMKKY How can we break this cipher?
Symmetric key crypto: one key o We will call this secret key or shared key o Both Alice and Bob know the same key Asymmetric key crypto: two keys o Alice has public key and private key o Everyone knows Alice’s public key but only Alice knows her private key o One can encrypt with public key and decrypt with private key or vice versa Hash functions: no key
Symmetric key crypto: one key Transmitting over an insecure channel o Classic use: Alice and Bob encrypt messages they exchange Secure storage on insecure media o Encrypt stored data so someone who breaks in cannot read it
Alice Bob RARA K AB (R A ) RBRB K AB (R B ) MMIC = E AB (check(M)) Authentication – prove the identity o Pass phrase – what if Mallory asks for the pass phrase o Strong authentication without revealing the secret Integrity check o Calculate the checksum and encrypt it – MIC: message integrity code
Asymmetric key crypto can do everything symmetric key crypto can but much (about 1,500 times) slower o However, it can do some things better! o However, it can do some extra things! Transmitting over an insecure channel o If Alice wants to talk to Bob and Carol using symmetric key crypto she either has to remember two keys or run a risk that Bob can impersonate her when talking to Carol o With asymmetric keys, Bob and Carol know Alice’s public key and Alice knows her private key
Secure storage on insecure media o Same as with symmetric key crypto Authentication o Alice wants to verify Bob’s identity o She sends to Bob E PubBob (R A ) o Bob decrypts and sends back R A o This can be done with symmetric keys too but if Bob wanted to authenticate himself to Carol he would need to remember a new key. Not so with asymmetric keys. o Alice doesn’t need to store any secret info which is good if she is a computer
Digital signatures o Alice orders books online from Bob o She signs every order using her private key o If she claims she didn’t place the order Bob can prove she did – non-repudiation o Can symmetric key crypto do this?
Known also as one-way functions or message digests Take an arbitrary-length message M and transform it into fixed-length hash h(M) Properties: o Knowing M is easy to calculate h(M), but it is very hard to calculate M knowing h(M) o It is very hard to find M1 M so that h(M1) = h(M), this is collision-free property o E.g., take the message M as a number, add a large constant to it, square it, and take middle n digits as the hash
Storing hashed password info Message integrity o Use message M and a shared secret S, run this through hash function and produce MIC o Send only M and MIC o Why do we need a shared secret? Message fingerprint o Hash the files to detect tampering o Works for download security too Signing message hash instead of the whole message is faster
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C M – message K1 – encryption key E K1 (M) – message M is encrypted using key K1 C – ciphertext K2 – decryption key D K2 (C) – ciphertext C is decrypted using key K2 If K1=K2 this is symmetric (secret key) encryption If K1 K2 this is asymmetric (public key) encryption
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C Cyphertext-only attack: Eve can gather and analyze C’s to learn K2 Eve How does Eve know she got the right key? Eve has to have enough ciphertext – having XYZ with monoalphabetic cipher would not be enough What if K2 depends on a password in a known way?
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C Known-plaintext attack: Eve can attempt to learn K2 by observing many ciphertexts C for known messages M Eve How does Eve obtain the plaintext?
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C Chosen-plaintext attack: Mallory can feed chosen messages M into encryption algorithm and look at resulting ciphertexts C. Learn either K2 or messages M that produce C. Assumption is that extremely few messages M can produce same C. Mallory For a monoalphabetic cipher she could feed a message containing all the letters of the alphabet What if Alice has a limited vocabulary?
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C Man-in-the-middle attack: o Mallory can substitute messages o Mallory can modify messages o So that they have different meaning o So that they are scrambled o Mallory can drop messages o Mallory can replay messages to Alice, Bob or the third party Mallory
Alice Bob E K1 (M) M K1 D K2 (C) M K2 C Brute-force attack: Eve has caught a ciphertext and will try every possible key to try to decrypt it. This can be made infinitely hard by choosing a large keyspace. Eve
Substitution o Goal: obscure relationship between plaintext and ciphertext o Substitute parts of plaintext with parts of ciphertext Transposition (shuffling) o Goal: dissipate redundancy of the plaintext by spreading it over ciphertext o This way changing one bit of plaintext affects many bits of the ciphertext (if we have rounds of encryption)
Monoalphabetic – each character is replaced with another character o Ceasar’s cipher – each letter is shifted by 3, a becomes d, b becomes e, etc. o Keep a mapping of symbols into other symbols o Drawback: frequency of symbols stays the same and can be used to break the cipher
Homophonic – each character is replaced with a character chosen randomly from a subset o Ciphertext alphabet must be larger than plaintext alphabet – we could replace letters by two-digit numbers o Number of symbols in the subset depend on frequency of the given letter in the plaintext o The resulting ciphertext has all alphabet symbols appearing with the same frequency
Polygram – each sequence of characters of length n is replaced with another sequence of characters of length n o Like monoalphabetic cipher but works on n- grams