1. Cyber Attacks and Cryptography Overview

2. concepts wrt. the Internet?
Security Objectives
Confidentiality
Integrity
Availability
Authentication
Non-repudiation
How can we define these
concepts wrt. the Internet?
Internet Security - Farkas

3. Internet Security - Farkas
Types of Attacks (1)
Interruption – an asset is destroyed, unavailable or unusable (availability)
Interception – unauthorized party gains access to an asset (confidentiality)
Modification – unauthorized party tampers with asset (integrity)
Fabrication – unauthorized party inserts counterfeit object into the system (authenticity)
Denial – person denies taking an action (authenticity)
Internet Security - Farkas

4. Internet Security - Farkas
Types of Attacks (2)
Passive attacks:
Eavesdropping
Monitoring
Active attacks:
Masquerade – one entity pretends to be a different entity
Replay – passive capture of information and its retransmission
Modification of messages – legitimate message is altered
Denial of service – prevents normal use of resources
Internet Security - Farkas

5. Internet Security - Farkas
Protection
Protection at storage
Inactive (e.g., databases storage, file system)
During processing (e.g., DBMS access, application access)
Protection during transmission
Level of protection (e.g., content vs. header info)
Aim of protection (e.g., confidentiality, integrity, privacy, etc.)
Internet Security - Farkas

6. Basic Defense Mechanisms
Usable security!
Identification and Authentication
Authorization
Cryptography
Hardware, software security
Tampering avoidance
Information leakage prevention
Input validation
Network-protection: communication, firewall, IDS, etc.
Internet Security - Farkas

7. Attacks Against Communication Channels
Internet Security - Farkas

8. Insecure communications
Sender
Recipient
Insecure channel
Confidential
Encryption: confidential communication
Internet Security - Farkas

9. Internet Security - Farkas
Encryption
Does it support?
Confidentiality
Integrity
Availability
Authentication (pair-wise, third party)
Non-repudiation
Internet Security - Farkas

10. Internet Security - Farkas
Terminology
Plaintext (cleartext): a message in its original form
Ciphertext (cyphertext): an encrypted message
Encryption: transformation of a message to hide its meaning
Cipher: cryptographic algorithm. A mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm).
Internet Security - Farkas

11. Internet Security - Farkas
Terminology
Decryption: recovering meaning from ciphertext
Cryptography: art and science of keeping messages secure
Cryptanalysis: art and science of breaking ciphertext
Cryptology: study of both cryptography and cryptanalysis
Internet Security - Farkas

12. Internet Security - Farkas
Continue from 08/29
Internet Security - Farkas

13. Internet Security - Farkas
Encryption and Decryption
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Internet Security - Farkas

14. Conventional (Secret Key) Cryptosystem
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient K
C=E(K,M)
M=D(K,C)
K needs
secure channel
Internet Security - Farkas

15. Internet Security - Farkas
Public Key Cryptosystem
Recipient’s public
Key (Kpub)
Recipient’s private
Key (Kpriv)
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
C=E(Kpub,M)
M=D(Kpriv,C)
Kpub needs
reliable channel
Internet Security - Farkas

16. Summary: Secret-Key Encryption
Single, secret key
Key distribution problem of secret key systems
Establish key before communication
Need n(n-1)/2 keys with n different parties
Do NOT provide electronic signatures
Faster than public-key encryption
Internet Security - Farkas

17. Summary: Public Key Encryption
Supports confidentiality and authentication
Need reliable channel for key distribution
2n keys for n users (public, private pairs)
Digital certificate
PKI
Internet Security - Farkas

18. Simple secret key distribution
KE-S ||ID-S
2. E KE-S(Ksession)
Sender
Recipient
Vulnerable to active attack!
HOW?
Internet Security - Farkas

19. With confidentiality and authentication
E KE-R[N1||ID-S]
2. E KE-S[N1||N2]
3. E KE-R[N2-1]
4. E KE-R E KD-S(Ksession)
Sender
Recipient
What are the
basic requirements
for this protocol
to be correct?
Internet Security - Farkas

20. Internet Security - Farkas
What is a Protocol?
Internet Security - Farkas

21. Internet Security - Farkas
Protocol
Sequence of interactions between entities to achieve a certain end
Types of protocols:
Diplomatic
Communication
Graduation
Security
Etc.
What is TCP/IP?
Internet Security - Farkas

22. Internet Security - Farkas
Reading Assignment
Recommended Reading: P.Y.A. Ryan, S.A. Schneider, M.H. Goldsmith, G. Lowe and A.W. Roscoe, The Modelling and Analysis
of Security Protocols: the CSP Approach, Section 0. Introduction, pages: 1 – 37,
Internet Security - Farkas

23. Internet Security - Farkas
Security Protocols
Cryptographic protocols
Services: secrecy, integrity, authentication, key exchange, non-repudiation, etc.
Components: communicating parties (nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.
Internet Security - Farkas

24. Security Properties – Secrecy
Non-interference: Intruder should not be able to deduce anything about the legitimate users’ activities
Message confidentiality: intruder cannot derive the plaintext of messages passed between two legitimate nodes
Internet Security - Farkas

25. Security Properties – Authentication of Origin
Verify
Who sent the message?
Who sent the message to whom?
Who sent the message to whom and how many times?
Internet Security - Farkas

26. Security Properties – Entity Authentication
Similar to authentication of origin but has timeliness
Repeated form of origin authentication
Internet Security - Farkas

27. Security Properties – Integrity
Data cannot be corrupted
Content of output messages match the content of the input message
Internet Security - Farkas

28. Security Properties – Authenticated Key-Exchange
I’m calling from your utilities
company. We need your SSN, billing address, and …
Share a secret key with another person and know for sure who this other person is
Internet Security - Farkas

29. Security Properties – Non-repudiation
Legitimate participants
Against possible cheating
Signature-type mechanism
Internet Security - Farkas

30. Security Properties – Fairness
Legitimate participants
Prevents one of the participants to gain advantage over another by halting the protocol part-way through
Internet Security - Farkas

31. Security Properties – Anonymity
Over some sets of events
Shuffling the events will not change an observer’s view
Occurrence of events?
Accountability
Internet Security - Farkas

32. Security Properties – Availability
To be able to achieve the goals
Internet Security - Farkas

33. More Examples of Crypto protocols Read on your own
Internet Security - Farkas

34. Diffie-Hellman Key Exchange
Proposed in 1976
First public key algorithm
Allows group of users to agree on secret key over insecure channel
Cannot be used to encrypt and decrypt messages
Internet Security - Farkas

35. Diffie-Hellman Key Exchange
Protocol for A and B want to agree on shared secret key:
A and B agree on two large numbers n and g, such that 1<g<n
A chooses random x and computes X=gx mod n and sends X to B
B chooses random y and computes Y=gy mod n and sends Y
A computes k= Yx mod n
B computer k’= Xy mod n
Note: k =k’= gyx mod n
Internet Security - Farkas

36. Diffie-Hellman Key Exchange
Requires no prior communication between A and B
Security depends on difficulty of computing x given X=gx mod n
Choices for g and n are critical: both n and (n-1)/2 should be prime, n should be large
Susceptible to intruder in the middle attack (active intruder)
Internet Security - Farkas

37. Intruder in the Middle Attack
John
Rose
Hi Rose, I’m John.
Hi Rose, I’m John.
Hi John, I’m Rose.
Hi John, I’m Rose.
Intruder and John
Uses Diffie-Hellman
To agree on key K.
Intruder and Rose
Uses Diffie-Hellman
To agree on key K’.
K and K’ may be the same
Internet Security - Farkas

38. Asymmetric-Key Exchange
Without server
Broadcasting
Publicly available directory
With server
Public key distribution center
Certificates
Internet Security - Farkas

39. Internet Security - Farkas
Public announcement
KE-J.S.
KE-J.S.
KE-J.S.
KE-J.S.
John Smith
KE-J.S.
KE-J.S.
Bad: Uncontrolled
distribution  easy to forge
Internet Security - Farkas

40. Publicly available directory
Better but not
Good enough 
Directory could
Be compromised
Public
Key
Directory
KE-J.S.
KE-M.R..
John Smith
Mary Rose
Internet Security - Farkas

41. Internet Security - Farkas
Public-key authority
Public-Key
Authority
1. Request || Time1
4. Request || Time2
2. EKD-Auth[KE-R||Request||Time1]
5. EKD-Auth[KE-S||Request||Time2]
3. EKE-R(ID-S||N1)
Sender
6. EKE-S(N1||N2)
Recipient
7. EKE-R(N2)
Internet Security - Farkas

42. Public-key certificates
Authority
KE-R
KE-S
C-S=EKD-CAuth[Time1,ID-S,KE-S]
CR=EKD-CAuth[Time2,ID-R,KE-R]
1. C-S
Sender
2. C-R
Recipient
Internet Security - Farkas

43. Internet Security - Farkas
Certificates
Guarantees the validity of the information
Establishing trust
Public key and user identity are bound together, then signed by someone trusted
Need: digital signature
Internet Security - Farkas

44. Internet Security - Farkas
Digital Signature
Need the same effect as a real signature
Un-forgeable
Authentic
Non-alterable
Not reusable
Internet Security - Farkas

45. Internet Security - Farkas
Digital signature
Direct digital signature: public-key cryptography based
Arbitrated digital signature:
Conventional encryption:
Arbiter sees message
Arbiter does not see message
Public-key based
Internet Security - Farkas

46. Digital Signatures in RSA
Insecure channel
Sign
Verify
Plaintext
Plaintext
Signed
plaintext
Decryption
Alg.
Encryption
Alg.
Recipient
Sender
S’s private key
S’s public key
(need reliable channel)
Internet Security - Farkas

47. Internet Security - Farkas
Non-repudiation
Requires notarized signature, involving a third party
Large system: hierarchies of notarization
Internet Security - Farkas

48. Next Class TCP/IP Overview
Internet Security - Farkas