Security is multifaceted phenomenon oConfidentiality, integrity, availability We spoke about various security threats And some general defense approaches oPrevention oDetection and response (sustain.
Download
Report
Transcript Security is multifaceted phenomenon oConfidentiality, integrity, availability We spoke about various security threats And some general defense approaches oPrevention oDetection and response (sustain.
Security
is multifaceted phenomenon
oConfidentiality, integrity, availability
We spoke about various security threats
And some general defense approaches
oPrevention
oDetection and response (sustain the attack or
get rid of it)
oLearn from mistakes, improve prevention
Now
we’ll talk about challenges in the
defense field
Your
security frequently depends on
others
oTragedy of commons
A good solution must
oHandle the problem to a great extent
oHandle future variations of the problem, too
oBe inexpensive
oHave economic incentive
oRequire a few deployment points
oRequire non-specific deployment points
Fighting
o
o
o
o
a live enemy
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double game
Attack
patterns change
Often there is scarce attack data
Testing security systems requires
reproducing or simulating legitimate and
traffic
o
No agreement about realistic traffic patterns
No
agreement about metrics
There is no standardized evaluation
procedure
Some security problems require a lot of
resources to be reproduced realistically
Risk
analysis and risk management
oHow important it is to enforce a policy
oWhich threats matter
oLegislation may play a role
The role of trust
oAssumptions are necessary
Human factors
oThe weakest link
Motivation
oBragging Rights
oProfit (Spam, Scam, Phishing, Extortion)
oRevenge / to inflict damage
oTerrorism, politics
Risk to the attacker
oUsually small
oCan play a defensive role
Buggy
code
Protocol design failures
Weak crypto
Social engineering/human factor
Insider threats
Poor configuration
Incorrect policy specification
Stolen keys or identities
Misplaced incentives (DoS, spoofing, tragedy
of commons)
Policy
defines what is allowed and how the
system and security mechanisms should act
Policy is enforced by mechanism which
interprets and enforces it, e.g.
oFirewalls
oIDS
oAccess control lists
Implemented as
oSoftware (which must be implemented correctly
and without vulnerabilities)
Encryption
Checksums
Key
management
Authentication
Authorization
Accounting
Firewalls
VPNs
Intrusion Detection
Intrusion Response
Development tools
Virus scanners
Policy managers
Trusted hw
Goal:
Protect private communication in
the public world
Alice and Bob are shouting messages
over a crowded room
Everyone can hear what they are saying
but no one can understand (except them)
We have to scramble the messages so
they look like nonsense or alternatively
like innocent text
Only Alice and Bob know how to get the
real messages out of the scramble
Authentication
o
Bob should be able to verify that Alice has
created the message
Integrity
o
checking
Bob should be able to verify that message has
not been modified
Non-repudiation
o
Alice cannot deny that she indeed sent the
message
Exchanging
a secret with someone you
have never met, shouting in a room full
of people
Proving to someone you know some
secret without giving it away
Sending secret messages to any m out of
n people so only those m can retrieve
messages and the rest n-m cannot
Sending a secret message so that it can
be retrieved only if m out of n people
agree to retrieve it
Alice
could give a message covertly
“Meeting at the old place”
o Doesn’t work for arbitrary messages and
o Doesn’t work if Alice and Bob don’t know
each other
Alice
could hide her message in some
other text – steganography
Alice could change the message in a
secret way
o Bob has to learn a new algorithm
o Secret algorithms can be broken by bad guys
Good cryptography assumes knowledge of algorithm
by anyone, secret lies in a key!!!
Substitute
each letter with a letter which
is 3 letters later in the alphabet
o HELLO becomes KHOOR
Instead of using number 3 we could use
n [1,25]. n would be our key
How can we break this cipher? Can you
decipher this:
Bpqa kzgxbwozixpg ammua zmit miag.
Em eivb uwzm!
We
can also choose a mapping for each
letter:
(H is A, E is M, L is K, O is Y). This
mapping would be our key. This is
monoalphabetic cipher.
o HELLO becomes AMKKY
How can we break this cipher?
Symmetric
key crypto: one key
o We will call this secret key or shared key
o Both Alice and Bob know the same key
Asymmetric key crypto: two keys
o Alice has public key and private key
o Everyone knows Alice’s public key but only
Alice knows her private key
o One can encrypt with public key and decrypt
with private key or vice versa
Hash
functions: no key
Symmetric
key crypto: one key
Transmitting over an insecure channel
o Classic use: Alice and Bob encrypt messages
they exchange
Secure
storage on insecure media
o Encrypt stored data so someone who breaks
in cannot read it
Authentication
– prove the identity
o Pass phrase – what if Mallory asks for the
pass phrase
o Strong authentication without revealing the
secret Alice
Bob
RA
KAB(RA)
RB
KAB(RB)
Integrity
check
o Calculate the checksum and encrypt it – MIC:
message integrity code
M
MIC = EAB(check(M))
Asymmetric
key crypto can do everything
symmetric key crypto can but much
(about 1,500 times) slower
o However, it can do some things better!
o However, it can do some extra things!
Transmitting over an insecure channel
o If Alice wants to talk to Bob and Carol using
symmetric key crypto she either has to
remember two keys or run a risk that Bob can
impersonate her when talking to Carol
o With asymmetric keys, Bob and Carol know
Alice’s public key and Alice knows her private
key
Secure
storage on insecure media
o Same as with symmetric key crypto
Authentication
o Alice wants to verify Bob’s identity
o She sends to Bob EPubBob(RA)
o Bob decrypts and sends back RA
o This can be done with symmetric keys too
but if Bob wanted to authenticate himself to
Carol he would need to remember a new key.
Not so with asymmetric keys.
o Alice doesn’t need to store any secret info
which is good if she is a computer
Digital
signatures
o Alice orders books online from Bob
o She signs every order using her private key
o If she claims she didn’t place the order Bob
can prove she did – non-repudiation
o Can symmetric key crypto do this?
Known
also as one-way functions or
message digests
Take an arbitrary-length message M and
transform it into fixed-length hash h(M)
Properties:
o Knowing M is easy to calculate h(M), but it is
very hard to calculate M knowing h(M)
o It is very hard to find M1 M so that h(M1) =
h(M), this is collision-free property
o E.g., take the message M as a number, add a
large constant to it, square it, and take
middle n digits as the hash
Storing
hashed password info
Message integrity
o Use message M and a shared secret S,
run this through hash function and produce
MIC
o Send only M and MIC
o Why do we need a shared secret?
Message
fingerprint
o Hash the files to detect tampering
o Works for download security too
Signing message hash instead of the
whole message is faster
Alice
M
EK1(M)
K1
C
DK2(C)
M
Bob
K2
M – message
K1 – encryption key
EK1(M) – message M is encrypted using key K1
If K1=K2 this is
symmetric
(secret key) encryption
C – ciphertext
K2 – decryption key
DK2(C) – ciphertext C is decrypted using key K2
If K1K2 this is
asymmetric
(public key) encryption
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Cyphertext-only attack: Eve can gather and analyze C’s
to learn K2
How does Eve know she got the right key?
Eve has to have enough ciphertext – having XYZ with
monoalphabetic cipher would not be enough
What if K2 depends on a password in a known way?
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Known-plaintext attack: Eve can attempt to learn K2
by observing many ciphertexts C for known
messages M
How does Eve obtain the plaintext?
Alice
M
EK1(M)
K1
C
Mallory
DK2(C)
M
Bob
K2
Chosen-plaintext attack: Mallory can feed chosen
messages M into encryption algorithm and look at
resulting ciphertexts C. Learn either K2 or messages M
that produce C. Assumption is that extremely few
messages M can produce same C.
For a monoalphabetic cipher she could feed a
message containing all the letters of the alphabet
What if Alice has a limited vocabulary?
Alice
M
EK1(M)
K1
C
Mallory
DK2(C)
M
Bob
K2
Man-in-the-middle attack:
o Mallory can substitute messages
o Mallory can modify messages
o So that they have different meaning
o So that they are scrambled
o Mallory can drop messages
o Mallory can replay messages to Alice, Bob or
the third party
Alice
M
EK1(M)
K1
C
Eve
DK2(C)
M
Bob
K2
Brute-force attack: Eve has caught a ciphertext and will
try every possible key to try to decrypt it. This can be
made infinitely hard by choosing a large keyspace.
Substitution
oGoal: obscure relationship between
plaintext and ciphertext
oSubstitute parts of plaintext with parts of
ciphertext
Transposition
(shuffling)
oGoal: dissipate redundancy of the plaintext by
spreading it over ciphertext
oThis way changing one bit of plaintext affects
many bits of the ciphertext (if we have rounds
of encryption)
Monoalphabetic
– each character is
replaced with another character
oCeasar’s cipher – each letter is shifted by 3, a
becomes d, b becomes e , etc.
oKeep a mapping of symbols into other symbols
oDrawback: frequency of symbols stays the
same and can be used to break the cipher
Homophonic
– each character is replaced
with a character chosen randomly from a
subset
oCiphertext alphabet must be larger than
plaintext alphabet – we could replace letters by
two-digit numbers
oNumber of symbols in the subset depend on
frequency of the given letter in the plaintext
oThe resulting ciphertext has all alphabet
symbols appearing with the same frequency
Polygram
– each sequence of characters
of length n is replaced with another
sequence of characters of length n
oLike monoalphabetic cipher but works on ngrams