Computer Security Set of slides 5 Dr Alexei Vernitski.

Slides:



Advertisements
Similar presentations
Computer Security Set of slides 4 Dr Alexei Vernitski.
Advertisements

Lecture 5: Cryptographic Hashes
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Digital Signatures and Hash Functions. Digital Signatures.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
Encryption Coursepak little bit in chap 10 of reed.
Cryptography, Authentication and Digital Signatures
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Lecture 2: Introduction to Cryptography
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Public Key Encryption, Secure WWW Transactions & Digital Signatures.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Information Systems Design and Development Security Precautions Computing Science.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Security: Integrity, Authentication, Non-repudiation
Presentation transcript:

Computer Security Set of slides 5 Dr Alexei Vernitski

Man-in-the-middle attack Alice and Bob work in the same company. They want to use the RSA cipher to communicate privately AliceBob

Man-in-the-middle attack Bob sends to Alice his public key by AliceBob

Man-in-the-middle attack Alice encrypts her message using the key that she has received from Bob and sends an encrypted message to Bob by AliceBob

Man-in-the-middle attack But after that, the system administrator Eve will be able to decrypt Alice’s message. How did Eve break the cipher? AliceBob Eve

Man-in-the-middle attack Bob sends to Alice his public key by , and he thinks that she has received this key. Alice thinks that she receives a message from Bob. But in reality… AliceBob

Man-in-the-middle attack Eve intercepts Bob’s message with his public key and replaces Bob’s public key by Eve’s public key. AliceBob Eve

Man-in-the-middle attack Alice thinks that she sends a message encrypted with Bob’s public key, but this is Eve’s public key. Therefore, Eve can read this message AliceBob Eve

Man-in-the-middle attack Guess what else Eve should do if she wants to continue reading Alice’s secret messages to Bob? AliceBob Eve

Man-in-the-middle attack Eve should decrypt Alice’s message using Eve’s key, encrypt it using Bob’s key and forward it to Bob AliceBob Eve

Man-in-the-middle attack The “man-in-the-middle” attack (or “the Mig-in- the-middle” attack, or password spoofing) can also be used in user authentication Authenticator Valid user Attacker

Message authentication Suppose I am sending a message to a remote correspondent. How can I prove that this message comes from me? Public key cryptography can be applied

Public-key cryptography (as used for encryption) Plain text Encrypted text Public key Private key

Public-key cryptography (as used for message authentication) signature message Public key Private key

Message authentication Alice publishes her public key (remember about the man-in-the-middle attack!) Alice sends a message to Bob Alice applies her private key to the message and sends the result (the signature) to Bob Bob applies Alice’s public key to the signature and sees that it coincides with the message Because only Alice knows her private key, only she could have generated the signature.

PGP Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. It includes public-key ciphers Also, it includes a possibility to create signatures (hashes, digests)

Many names of checksums Depending on the applications and on the algorithms used, names differ: cryptographic checksums, hash functions, electronic digests, commitment protocols, data integrity assurance, one-way functions.

Checksum-calculating algorithm Data … bits Checksum up to 100 bits

Integrity Checksums are used to check the integrity of the data, that is, that the data have not been changed (by accident or by an intruder).

Protection against noise Data Checksum Data? Checksum Suppose we are sending data to a remote computer noise

Error detection People studying codes would say that the data with their checksum is an error-detecting code for the data.

Example: parity bit in ASCII (why there are 8 bits in a byte?) These 7 bits encode a character This bit is a XOR of all others

Protection against an intruder Checksum algorithm Data Checksum On Friday, we calculate the checksum of our data and store it separately from the data

Protection against an intruder Checksum algorithm Checksum On Sunday, an intruder changes the data Changed data

Protection against an intruder Checksum algorithm Changed data Checksum is different On Monday, we calculate the checksum of the data and, thanks to this, notice that the data has been tampered with

Simple checksums The sum of all bytes of the data is a checksum. In fact, this is the original checksum (hence comes the word checksum). The size of the data is a checksum (For example, computer viruses often change the size of infected files)

A cryptographic checksum We do not want the checksum to reveal any useful information about the original data On the contrary, we want the checksum to reveal as little as possible about the original data In particular, when the data is changed, we do not want the checksum to reveal any details of what has changed

Example: an application of cryptographic checksums “The star of Saturn is not a single star, but is a composite of three, which almost touch each other” Galileo

Galileo planned to publish this new discovery in his next book But in the meantime, how could he preserve his priority? He has published an anagram: smaismrmilmepoetaleumibunenugttauiras An application of cryptographic checksums

Galileo has published an anagram: smaismrmilmepoetaleumibunenugttauiras Later, he has published the original message: Altissimum planetam tergeminum observavi Everyone could check that the first published message is an anagram of the second.

An application of cryptographic checksums In the meantime, Kepler had spent much time trying to guess the original message, because he was sure it would be something like “I have discovered two moons of Mars”. In fact, they have been discovered only 250 years later.

A cryptographic checksum Altissimum planetam… smaismrm… Easy direction Difficult direction

Checksums Studying checksums is an important part of computer science. As we have seen, it has applications in data transmission and computer security. Especially, we are interested in cryptographic (that is, ‘one-way’) checksums.

Cryptographic checksums message checksum Easy Hard

Cryptographic checksums With cryptographic checksums, it is difficult for the attacker to guess what message corresponds to a given checksum With cryptographic checksums, it is more difficult for the attacker to experiment and counterfeit a message

MD5 MD5 is the most frequently used cryptographic checksum For any given file, the algorithm MD5 calculates the file’s 128-bit checksum. The type of calculations involved in calculating the checksum are more or less of the same nature as in DES. So-called ‘sponge construction’ is used

MD5 weaknesses The most popular algorithm for computing checksums is MD5. New successful attacks against it have been reported in the last two years. They are versions of the so-called ‘birthday attack’ What new cryptographic checksum algorithms can one use instead of MD5?

Birthday attack: a simple example Suppose I want to write a message “I shall come” and confirm this with checksum At the same time, I want to be able to claim that what I have said was “I shall not come”, with the same checksum

Birthday attack: a simple example Write many versions of ‘yes’: I shall come I shall come soon Arriving any minute Get your computer to help you with more versions… Write many versions of ‘no’: I shall not come I shall never come Don’t wait for me Get your computer to help you with more versions…

Birthday attack ‘yes’ ‘no’ The checksum space

User authentication Suppose a user logs into a client computer, and his/her password is stored on the server How can we compare securely the password entered by the user and the stored password? How can we protect the user from someone who steals his/her password from the server?

User authentication The password must not be sent from the client computer to the server The password must not be sent from the server to the client computer The password should not be stored on the server

User authentication Secure solution: we store cryptographic checksums of user passwords on the server The client computer calculates the checksum of the password entered by the user, and sends it to the server (or vice versa)

client server Login and password Login and a checksum of the password The attacker will not obtain the password by analysing the traffic

3. Compare them with the checksums on the server The server stores checksums of all users’ passwords The checksum of one of the artificial passwords might coincide with the checksum of one of the real passwords Birthday attack 2. Generate their checksums 1. Generate many random passwords

Birthday attack Real passwords Artificial passwords The checksum space

client server Login and a wrong password Login and a checksum of the password, which corresponds to that of a real password The attacker does not know the real password, but can use the artificial password to log in as a valid user

Rainbow attack (against passwords stored as hashes)

Passwords stored as hashes password hash Hash algorithm (a complicated function)

A simplified model: the format of hash is the same as the format of password Password (for example, 8 letters) Hash (for example, 8 letters) Hash algorithm

Exhaustive search attack It is possible to spend some time and calculate hashes of all possible passwords How many passwords are there? 26 8 =2·10 11 If we process 10 6 password per second, we can finish the search in three days

Time/memory trade off How many passwords are there? 26 8 =2·10 11 If we process 10 6 passwords per second, we can finish the search in three days However, it might be expensive to store that much information For comparison, all servers of Google store approximately bytes.

Time/memory trade off Thus, we might store some passwords and hashes instead of all. This storage must be organised in such a way that we can find reasonably quickly if we have a particular password stored.

A chain passwordhash/password Hash algorithm Start with a password Generate its hash Treat this hash as a password Generate its hash Repeat a number of times (for instance, a million times)

A chain password hash Instead of storing a million passwords and hashes, we only need to store one pair of password and hash All passwords/hashes between them don’t need to be stored chains are prepared in advance

Rainbow attack Now suppose that we want to find what password corresponds to a given hash This hash belongs to one of our rainbow chains By hashing this hash sufficiently many times, we find out in which of our chains it is contained Then we only need to re-calculate this one chain

Build the ‘rainbow table’ password hash password hash password hash

Hash the given hash repeatedly until you obtain one of stored hashes password hash password hash password hash

Find a password matching the hash password hash password hash password hash

Sample exam questions Explain why a checksum is called a checksum. Name three other names of checksums. State the defining features of a cryptographic checksum Explain briefly the statistical principles behind the birthday attack and give a simplified example of how the birthday attack can be organised

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.