Transcript  Security is multifaceted phenomenon oConfidentiality, integrity, availability  We spoke about various security threats  And some general defense approaches oPrevention oDetection and response (sustain.

 Security
is multifaceted phenomenon
oConfidentiality, integrity, availability
 We spoke about various security threats
 And some general defense approaches
oPrevention
oDetection and response (sustain the attack or
get rid of it)
oLearn from mistakes, improve prevention
 Now
we’ll talk about challenges in the
defense field
 Your
security frequently depends on
others
oTragedy of commons
 A good solution must
oHandle the problem to a great extent
oHandle future variations of the problem, too
oBe inexpensive
oHave economic incentive
oRequire a few deployment points
oRequire non-specific deployment points
 Fighting
o
o
o
o
a live enemy
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double game
 Attack
patterns change
 Often there is scarce attack data
 Testing security systems requires
reproducing or simulating legitimate and
traffic
o
No agreement about realistic traffic patterns
 No
agreement about metrics
 There is no standardized evaluation
procedure
 Some security problems require a lot of
resources to be reproduced realistically
 Risk
analysis and risk management
oHow important it is to enforce a policy
oWhich threats matter
oLegislation may play a role
 The role of trust
oAssumptions are necessary
 Human factors
oThe weakest link
 Motivation
oBragging Rights
oProfit (Spam, Scam, Phishing, Extortion)
oRevenge / to inflict damage
oTerrorism, politics
 Risk to the attacker
oUsually small
oCan play a defensive role
 Buggy
code
 Protocol design failures
 Weak crypto
 Social engineering/human factor
 Insider threats
 Poor configuration
 Incorrect policy specification
 Stolen keys or identities
 Misplaced incentives (DoS, spoofing, tragedy
of commons)
 Policy
defines what is allowed and how the
system and security mechanisms should act
 Policy is enforced by mechanism which
interprets and enforces it, e.g.
oFirewalls
oIDS
oAccess control lists
 Implemented as
oSoftware (which must be implemented correctly
and without vulnerabilities)
 Encryption

 Checksums

 Key

management
 Authentication
 Authorization
 Accounting
 Firewalls




VPNs
Intrusion Detection
Intrusion Response
Development tools
Virus scanners
Policy managers
Trusted hw
 Goal:
Protect private communication in
the public world
 Alice and Bob are shouting messages
over a crowded room
 Everyone can hear what they are saying
but no one can understand (except them)
 We have to scramble the messages so
they look like nonsense or alternatively
like innocent text
 Only Alice and Bob know how to get the
real messages out of the scramble
 Authentication
o
Bob should be able to verify that Alice has
created the message
 Integrity
o
checking
Bob should be able to verify that message has
not been modified
 Non-repudiation
o
Alice cannot deny that she indeed sent the
message
 Exchanging
a secret with someone you
have never met, shouting in a room full
of people
 Proving to someone you know some
secret without giving it away
 Sending secret messages to any m out of
n people so only those m can retrieve
messages and the rest n-m cannot
 Sending a secret message so that it can
be retrieved only if m out of n people
agree to retrieve it
 Alice
could give a message covertly
“Meeting at the old place”
o Doesn’t work for arbitrary messages and
o Doesn’t work if Alice and Bob don’t know
each other
 Alice
could hide her message in some
other text – steganography
 Alice could change the message in a
secret way
o Bob has to learn a new algorithm
o Secret algorithms can be broken by bad guys
Good cryptography assumes knowledge of algorithm
by anyone, secret lies in a key!!!
 Substitute
each letter with a letter which
is 3 letters later in the alphabet
o HELLO becomes KHOOR
 Instead of using number 3 we could use
n [1,25]. n would be our key
 How can we break this cipher? Can you
decipher this:
Bpqa kzgxbwozixpg ammua zmit miag.
Em eivb uwzm!
 We
can also choose a mapping for each
letter:
(H is A, E is M, L is K, O is Y). This
mapping would be our key. This is
monoalphabetic cipher.
o HELLO becomes AMKKY
 How can we break this cipher?
 Symmetric
key crypto: one key
o We will call this secret key or shared key
o Both Alice and Bob know the same key
 Asymmetric key crypto: two keys
o Alice has public key and private key
o Everyone knows Alice’s public key but only
Alice knows her private key
o One can encrypt with public key and decrypt
with private key or vice versa
 Hash
functions: no key
 Symmetric
key crypto: one key
 Transmitting over an insecure channel
o Classic use: Alice and Bob encrypt messages
they exchange
 Secure
storage on insecure media
o Encrypt stored data so someone who breaks
in cannot read it
 Authentication
– prove the identity
o Pass phrase – what if Mallory asks for the
pass phrase
o Strong authentication without revealing the
secret Alice
Bob
RA
KAB(RA)
RB
KAB(RB)
 Integrity
check
o Calculate the checksum and encrypt it – MIC:
message integrity code
M
MIC = EAB(check(M))
 Asymmetric
key crypto can do everything
symmetric key crypto can but much
(about 1,500 times) slower
o However, it can do some things better!
o However, it can do some extra things!
 Transmitting over an insecure channel
o If Alice wants to talk to Bob and Carol using
symmetric key crypto she either has to
remember two keys or run a risk that Bob can
impersonate her when talking to Carol
o With asymmetric keys, Bob and Carol know
Alice’s public key and Alice knows her private
key
 Secure
storage on insecure media
o Same as with symmetric key crypto
 Authentication
o Alice wants to verify Bob’s identity
o She sends to Bob EPubBob(RA)
o Bob decrypts and sends back RA
o This can be done with symmetric keys too
but if Bob wanted to authenticate himself to
Carol he would need to remember a new key.
Not so with asymmetric keys.
o Alice doesn’t need to store any secret info
which is good if she is a computer
 Digital
signatures
o Alice orders books online from Bob
o She signs every order using her private key
o If she claims she didn’t place the order Bob
can prove she did – non-repudiation
o Can symmetric key crypto do this?
 Known
also as one-way functions or
message digests
 Take an arbitrary-length message M and
transform it into fixed-length hash h(M)
 Properties:
o Knowing M is easy to calculate h(M), but it is
very hard to calculate M knowing h(M)
o It is very hard to find M1 M so that h(M1) =
h(M), this is collision-free property
o E.g., take the message M as a number, add a
large constant to it, square it, and take
middle n digits as the hash
 Storing
hashed password info
 Message integrity
o Use message M and a shared secret S,
run this through hash function and produce
MIC
o Send only M and MIC
o Why do we need a shared secret?
 Message
fingerprint
o Hash the files to detect tampering
o Works for download security too
 Signing message hash instead of the
whole message is faster
Alice
M
EK1(M)
K1
C
DK2(C)
M
Bob
K2
M – message
K1 – encryption key
EK1(M) – message M is encrypted using key K1
If K1=K2 this is
symmetric
(secret key) encryption
C – ciphertext
K2 – decryption key
DK2(C) – ciphertext C is decrypted using key K2
If K1K2 this is
asymmetric
(public key) encryption
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Cyphertext-only attack: Eve can gather and analyze C’s
to learn K2
How does Eve know she got the right key?
Eve has to have enough ciphertext – having XYZ with
monoalphabetic cipher would not be enough
What if K2 depends on a password in a known way?
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Known-plaintext attack: Eve can attempt to learn K2
by observing many ciphertexts C for known
messages M
How does Eve obtain the plaintext?
Alice
M
EK1(M)
K1
C
Mallory
DK2(C)
M
Bob
K2
Chosen-plaintext attack: Mallory can feed chosen
messages M into encryption algorithm and look at
resulting ciphertexts C. Learn either K2 or messages M
that produce C. Assumption is that extremely few
messages M can produce same C.
For a monoalphabetic cipher she could feed a
message containing all the letters of the alphabet
What if Alice has a limited vocabulary?
Alice
M
EK1(M)
K1
C
Mallory
DK2(C)
M
Bob
K2
Man-in-the-middle attack:
o Mallory can substitute messages
o Mallory can modify messages
o So that they have different meaning
o So that they are scrambled
o Mallory can drop messages
o Mallory can replay messages to Alice, Bob or
the third party
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Brute-force attack: Eve has caught a ciphertext and will
try every possible key to try to decrypt it. This can be
made infinitely hard by choosing a large keyspace.
 Substitution
oGoal: obscure relationship between
plaintext and ciphertext
oSubstitute parts of plaintext with parts of
ciphertext
 Transposition
(shuffling)
oGoal: dissipate redundancy of the plaintext by
spreading it over ciphertext
oThis way changing one bit of plaintext affects
many bits of the ciphertext (if we have rounds
of encryption)
 Monoalphabetic
– each character is
replaced with another character
oCeasar’s cipher – each letter is shifted by 3, a
becomes d, b becomes e , etc.
oKeep a mapping of symbols into other symbols
oDrawback: frequency of symbols stays the
same and can be used to break the cipher
 Homophonic
– each character is replaced
with a character chosen randomly from a
subset
oCiphertext alphabet must be larger than
plaintext alphabet – we could replace letters by
two-digit numbers
oNumber of symbols in the subset depend on
frequency of the given letter in the plaintext
oThe resulting ciphertext has all alphabet
symbols appearing with the same frequency
 Polygram
– each sequence of characters
of length n is replaced with another
sequence of characters of length n
oLike monoalphabetic cipher but works on ngrams