SlideShare a Scribd company logo

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx

Download as DOCX, PDF
B
bagotjesusa

This document outlines fundamental concepts of computer security, focusing on the CIA triad: confidentiality, integrity, and availability. It discusses the challenges of implementing security measures, the categories of vulnerabilities and threats, as well as various countermeasures and strategies to protect computer systems. Additionally, it covers modular arithmetic, including definitions, properties, and examples relevant to computer security.

Education
1 of 162
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
Security Concepts Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Textbook Chapter 1 Some of the slides and figures are from textbook slides distributed by Pearson 2
Computer Security Definition The NIST Computer Security Handbook Definition “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” Key points: Confidentiality, integrity and availability Confidentiality: Data confidentiality: confidential information is not disclosed to unauthorized parties Privacy: personal information should not be collected by unauthorized personnel Integrity: Data integrity: information should not be changed by unauthorized parties System integrity: systems perform as intended free of unauthorized manipulation Availability: Systems work promptly and service is not denied to authorized user. Information resources: hardware, software, firmware, information/data, and telecommunications 3 National Institute of Standards and Technology
Computer Security Objectives 4 CIA triad FIPS PUB 199 characterization Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity: Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Federal Information Processing Standards
Computer Security Objectives 5 Additional concepts Authenticity: verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability: Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. Tools for Confidentiality Encryption Transform the information using a secrete so it is useful only to the intended recipient Access Control Rules and policies that limit access to confidential information Authentication Determine identity or role of a user Authorization Specify the access rights or privileges to resources Physical Security Use physical barriers to deny unauthorized access For example, lock and security guards
6 Tools for Integrity Backups Periodic archiving of data. Checksums Computation of a function that maps the contents of a file to a numerical value Data correcting codes methods for storing data in such a way that small changes can be easily detected and automatically corrected. 7 Tools for Availability Physical protections Infrastructure meant to keep information available even in the event of physical challenges. For example, back up power Computational redundancies Computers and storage devices that serve as fallbacks in the
case of failures. For example, back up storage 8 Levels of Impact 9 Examples Low The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Moderate
The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals High The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals Levels of Impact Examples: Confidentiality: Student enrollment info: moderate Faculty list: low or no rating Integrity: Patient allergy info: high Online forum: moderate Availability: Critical service: high University website: moderate 10
Computer Security Challenges Computer security is not simple Simple requirements, complex mechanisms Must consider potential attacks Counterintuitive procedures Physical and logical placement needs to be determined More algorithms and protocols may be involved Attackers only need to find a single weakness, the developer needs to find all weaknesses Benefit of security is not obvious until breech or failure occurs Requires regular monitoring Security is often an afterthought Incorporated after the design is completed Security is treated as an impediment to efficient and user- friendly operation 11 Computer Security Terminology 12 Table 1.1 of textbook
13 Security Concepts and Relationships Resources Assets of a Computer System Hardware Computer systems Data processing and data storage Data communications devices Software OS System utilities Applications Data files and databases Security-related data, such as password files. Communication facilities and networks Local and wide area network communication links,
Bridges and routers etc. 14 Vulnerabilities and Threats Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) Threats Capable of exploiting vulnerabilities Represent potential security harm to an asset 15 CIA Attacks Attacks (threats carried out)
Passive Attempt to learn or make use of information from the system that does not affect system resources Active Attempt to alter system resources or affect their operation Insider Initiated by an entity inside the security parameter Outsider Initiated from outside the perimeter 16 Countermeasures Countermeasure: any means taken to deal with a security attack Prevent Detect Recover Despite countermeasures, residual vulnerabilities may remain Countermeasures can themselves introduce new vulnerabilities The goal is to minimize the residual level of risk to the assets 17
Threat Consequences 18 Table 1.2 in textbook Attacks (Revisit) Recall passive and active attacks Passive attacks: attempts to learn or make use of information from the system but does not affect system resources. Eavesdropping Traffic analysis Active attacks: attempts to alter system resources or affect their operation Replay Masquerade Modification of messages Denial of service
19 Computer Assets and Threats 20 Table 1.3 in textbook Security Requirements (Countermeasures) FIPS PUB 200 (Minimum Security Requirements for Federal Information and Information Systems) enumerates 17 security- related areas (Table 1.4) Technical measures: Access control Identification and authentication System and communication protection System and information integrity Management controls: Awareness and training
Audit and accountability Certification, accreditation and security assessments Contingency planning Maintenance Physical and environmental protection Planning Personnel security Risk assessment Systems and services acquisition Overlap Configuration management Incident response Media protection 21 Federal Information Processing Standards Security Design Principles National Centers of Academic Excellence Economy of mechanism keep it simple Fail-safe defaults default is lack of access Complete mediation do not rely on cached answers to grant access Open design Encryption algorithms are public, but keys are secret Separation of privilege multifactor user authentication
Least privilege every process/user should have least privilege to perform task Least common mechanism separate user functions as much as possible Psychological acceptability security should intrude minimally with user work Isolation isolate systems/processes/files as much as possible Encapsulation object-oriented concept for protecting data Modularity use a modular architecture, to facilitate upgrades/maintenance Layering provide multiple layers of security Least astonishment programs and UIs should respond in understandable ways 22 Attack Surfaces 23 An attack surface consists of the reachable and exploitable vulnerabilities in a system Three categories: Network attack surface Vulnerabilities over an enterprise network, wide-area network, or the Internet. For example, network protocol vulnerabilities used for a denial-
of-service Software attack surface Vulnerabilities in application, utility or operating system code. A particular focus in this category is Web server software. For example, codes that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats Human attack surface Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders. For example, an employee with access to sensitive information vulnerable to a social engineering attack Attack Trees Branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities Root node: attack goal Subnode: subgoal Leaf node: ways to initiate an attack Each subnode is either AND-node or OR-node Example: Internet banking Authentication (Figure 1.4)
24 Computer Security Strategy Security policy Formal statement of rules and practices that specify how a system provides security services to protect system resources Security implementation Involves four complementary actions Prevention Detection Response Recovery Assurance Degree of confidence that security measures work as intended to protect assets Evaluation Process of examining a computer product or system with respect to certain criteria Involve testing and analytic or mathematical techniques 25
Summary Computer security definition Computer security objective (CIA triad) Tools for CIA Level of impact Computer security challenges Security terminology Security concepts and relationship Computer system assets Vulnerabilities, threats, attacks and countermeasures Threat consequences Security requirements Security design principles Attack surfaces Attack trees Computer security strategy 26
Threat Consequence Threat Action (Attack) Unauthorized Disclosure A circumstance or event whereby an entity gains access to data for which the entity is not authorized. Exposure: Sensitive data are directly released to an unauthorized entity. Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications. Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections. Deception
A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying responsibility for an act. Disruption A circumstance or event that interrupts or prevents the correct operation of system services and functions. Incapacitation: Prevents or interrupts system operation by disabling a system component. Corruption: Undesirably alters system operation by adversely modifying system functions or data. Obstruction: A threat action that interrupts delivery of system services by hindering system operation.
Usurpation A circumstance or event that results in control of system services or functions by an unauthorized entity. Misappropriation: An entity assumes unauthorized logical or physical control of a system resource. Misuse: Causes a system component to perform a function or service that is detrimental to system security. Threat Consequence Threat Action (Attack) Unauthorized Disclosure A circumstance or event whereby an entity gains access to data for which the entity is not authorized. Exposure: Sensitive data are directly released to an unauthorized entity. Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications.
Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections. Deception A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying responsibility for an act. Disruption A circumstance or event that interrupts or prevents the correct operation of system services and functions. Incapacitation: Prevents or interrupts system operation by disabling a system component. Corruption: Undesirably alters system operation by adversely modifying system functions or data. Obstruction: A threat action that interrupts delivery of system services by hindering system operation. Usurpation A circumstance or event that results in control of system services or functions by an unauthorized entity.
Misappropriation: An entity assumes unauthorized logical or physical control of a system resource. Misuse: Causes a system component to perform a function or service that is detrimental to system security. Availability Confidentiality Integrity Hardware Equipment is stolen or disabled, thus denying service. An unencrypted CD- ROM or DVD is stolen. Software Programs are deleted, denying access to users. An unauthorized copy of software is made. A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task. Data Files are deleted, denying access to users. An unauthorized read of data is performed. An analysis of statistical data reveals underlying data.
Existing files are modified or new files are fabricated. Communication Lines and Networks Messages are destroyed or deleted. Communication lines or networks are rendered unavailable. Messages are read. The traffic pattern of messages is observed. Messages are modified, delayed, reordered, or duplicated. False messages are fabricated. Availability Confidentiality Integrity Hardware Equipment is stolen or disabled, thus denying service. An unencrypted CD- ROM or DVD is stolen. Software
Programs are deleted, denying access to users. An unauthorized copy of software is made. A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task. Data Files are deleted, denying access to users. An unauthorized read of data is performed. An analysis of statistical data reveals underlying data. Existing files are modified or new files are fabricated. Communication Lines and Networks Messages are destroyed or deleted. Communication lines or networks are rendered unavailable. Messages are read. The traffic pattern of messages is observed. Messages are modified, delayed, reordered, or duplicated. False messages are
fabricated. Modular Arithmetic Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Appendix B.2 in textbook (will be posted in Webcourses) Reference: online tutorials
2 Modulo Operation Given any positive integer n and any integer a, when a is divided by n, we get an integer quotient, q, and integer remainder, b, that obey the following relationship: a = q · n + b, where 0 <= b <= n-1 Then we define b= a modulo n or b= a mod n. Note: b (modular value) is always non-negative Examples: 5 mod 11 = 5, 5=0x11+5, so q=0 and b=5 17 mod 11 = 6, 17=1x11+6, so q=1 and b=6 -11 mod 7 = 3. (-11)=(-2)x7+3, so q=-2 and b=3 3 b is always non-negative Congruent Modulo Two integers, a and b, are congruent modulo n if and only if a
mod n = b mod n When a and b are divided by n, they have the same remainder a ≡ b (mod n) ⇔a mod n = b mod n Example: 100 mod 11 = 1; 34 mod 11 = 1 So 100 ≡ 34 (mod 11) In arithmetic modulo n, a and b are equivalent if their difference, (a - b), is a multiple of n n | (a - b) Example: 10 ≡ 2 (mod 4) because 4 | (10 − 2) 4 Modular Arithmetic Modular arithmetic is 'clock arithmetic’ For clock, time goes from 1 to 12, and back to 1 again For modulo arithmetic, we start with 0, go up to n-1, and then go back to 0 Modular arithmetic uses a finite number of values, and loops back from either end
When we do modular arithmetic, we can first perform the operation and then modulo reduce the answer Examples: ( 12 + 8 ) mod 5 = 20 mod 5 = 0 ( 12 x 8 ) mod 5 = 96 mod 5 = 1 5 Modulo Reduction The results of modular computations must remain within Zn = {0, 1, 2, … n-1} For large values, modulo reduction is used to simplify modular computations. Modulo properties: Reducing each intermediate result modulo n yields the same result as doing the entire calculation, and then reducing the result to modulo n For integers a, b, and c, and for positive n, we have: ( a + b ) mod n = ( ( a mod n ) + ( b mod n ) ) mod n ( a - b ) mod n = ( ( a mod n ) - ( b mod n ) ) mod n ( a · b ) mod n = ( ( a mod n ) · ( b mod n ) ) mod n a (b+c) mod n = ( ( a b mod n ) · ( a c mod n ) ) mod n Examples ( 12 + 8 ) mod 5 = ( ( 12 mod 5 ) + ( 8 mod 5 ) ) mod 5 = ( 2 + 3 ) mod 5 = 5 mod 5 = 0 (12 – 8) mod 5 = ( (12 mod 5 ) – ( 8 mod 5) ) mod 5 = ( 2 – 3 )
mod 5 = -1 mod 5 = 4 ( 12 · 8 ) mod 5 = ( ( 12 mod 5 ) · ( 8 mod 5 ) ) mod 5 = ( 2 · 3 ) mod 5 = 6 mod 5 = 1 26 mod 5 = ( ( 22 mod 5 ) · ( 24 mod 5 ) ) mod 5 = (( 4 mod 5 ) · ( 16 mod 5 ) ) mod 5= (4*1) mod 5 = 4 Other properties: Transitive law: a ≡ b ≡ c, then a ≡ c Commutative: a + b = b + a Associative: (a + b) + c = a + (b + c) Distributive: a(b + c) = ab + ac 6 Modular Inverse Given two positive integers x and y, both less than some other positive integer n, we say that y is the modular inverse of x, modulo n, and x is the modular inverse of y, modulo n, if and only if (x · y) mod n = 1, for 0 < x < n and 0 < y < n x-1 = y (mod n) Example: Prove 7 and 3 are inverses modulo 10 Steps: Compute the multiplication
Compute the modulo value of the result If the modulo value is 1, the numbers are inverses 7 · 3 = 21 21 mod 10 = 1 Since the modulo value is 1, 7 and 3 are inverses modulo 10 7 Properties of Modular Inverse The number 1 is always the modular inverse of 1 for any modulus. Not all values less than a particular modulus have inverses Inverse of 2, mod 14 does not exist Look at the row of 2 This row does not have 1 For the number a and modulo n, the inverse can be found if a and n are relatively prime Relatively prime: two numbers a, n are relatively prime if gcd(a,n) = 1, where gcd is greatest common divisor In the table, we can see 1, 3, 5, 9, 11 and 13 are relatively prime to 14. So those rows contains 1, indicating modular inverses
8 Mod 14 multiplication table Summary What is Modulo Operation Concept of Congruent Modulo Modular Arithmetic Modulo Reduction Modular Inverse Properties of Modular Inverse 9 APPENDIX B SOME ASPECTS OF NUMBER THEORY
William Stallings B.1 PRIME AND RELATIVELY PRIME NUMBERS ............................................ 2 Divisors ............................................................................................... ............. 2 Prime Numbers ............................................................................................... 3 Relatively Prime Numbers ............................................................................. 4 B.2 MODULAR ARITHMETIC ................................................................................ 5 Modular Arithmetic Operations ..................................................................... 7 Inverses ............................................................................................... ............ 8
B.3 FERMAT'S AND EULER'S THEOREMS ......................................................... 9 Fermat's Theorem ........................................................................................... 9 Euler's Totient Function ............................................................................... 10 Euler's Theorem ............................................................................................ 12 Copyright 2014 Supplement to Computer Security, Third Edition Pearson 2014 http://williamstallings.com/ComputerSecurity B-2 This appendix provides some background on number theory concepts referenced in this book. B.1 PRIME AND RELATIVELY PRIME NUMBERS
In this section, unless otherwise noted, we deal only with nonnegative integers. The use of negative integers would introduce no essential differences. Divisors We say that b ≠ 0 divides a if a = mb for some m, where a, b, and m are integers. That is, b divides a if there is no remainder on division. The notation b|a is commonly used to mean b divides a. Also, if b|a, we say that b is a divisor of a. For example, the positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24. The following relations hold: • If a|1, then a = ±1. • If a|b and b|a, then a = ±b. • Any b ≠ 0 divides 0.
• If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n. To see this last point, note that If b|g, then g is of the form g = b × g1 for some integer g1. If b|h, then h is of the form h = b × h1 for some integer h1. B-3 So mg + nh = mbg1 + nbh1 = b × (mg1 + nh1) and therefore b divides mg + nh. Prime Numbers An integer p > 1 is a prime number if its only divisors are ±1 and ±p. Prime numbers play a critical role in number theory and in the algorithms discussed in Chapter 23. Any integer a > 1 can be factored in a unique way as
� a = p1 a1 p2 a2 … pt at where p1 < p2 < . . . < pt are prime numbers and where each ai is a positive integer. For example, 91 = 7 × 13; and 11011 = 7 × 112 × 13. It is useful to cast this another way. If P is the set of all prime numbers, then any positive integer can be written uniquely in the following form: � a = pap p∈ P ∏ where each ap ≥ 0 The right-hand side is the product over all possible prime numbers p; for any particular value of a, most of the exponents ap will be 0. The value of any given positive integer can be specified by simply listing
all the nonzero exponents in the foregoing formulation. Thus, the integer 12 is represented by {a2 = 2, a3 = 1}, and the integer 18 is represented by {a2 = 1, a3 = 2}. Multiplication of two numbers is equivalent to adding the corresponding exponents: B-4 k = mn → kp = mp + np for all p What does it mean, in terms of these prime factors, to say that a|b? Any integer of the form pk can be divided only by an integer that is of a lesser or equal power of the same prime number, pj with j ≤ k. Thus, we can say a|b → ap ≤ bp for all p Relatively Prime Numbers
We will use the notation gcd(a, b) to mean the greatest common divisor of a and b. The positive integer c is said to be the greatest common divisor of a and b if 1. c is a divisor of a and of b; 2. any divisor of a and b is a divisor of c. An equivalent definition is the following: gcd(a, b) = max[k, such that k|a and k|b] Because we require that the greatest common divisor be positive, gcd(a, b) = gcd(a, –b) = gcd(–a, b) = gcd(–a, –b). In general, gcd(a, b) = gcd( | a |, | b | ). For example, gcd(60, 24) = gcd(60, –24) = 12. Also, because all nonzero integers divide 0, we have gcd(a, 0) = | a |. B-5 It is easy to determine the greatest common divisor of two
positive integers if we express each integer as the product of primes. For example, 300 = 22 × 31 × 52; 18 = 21 × 32; gcd(18, 300) = 21 × 31 × 50 = 6. In general, k = gcd(a, b) → kp = min(ap, bp) for all p Determining the prime factors of a large number is no easy task, so the preceding relationship does not directly lead to a way of calculating the greatest common divisor. The integers a and b are relatively prime if they have no prime factors in common; that is, if their only common factor is 1. This is equivalent to saying that a and b are relatively prime if gcd(a, b) = 1. For example, 8 and 15 are relatively prime because the divisors of 8 are 1, 2, 4, and 8, and the divisors of 15 are 1, 3, 5, and 15, so 1 is the only number on both lists.
B.2 MODULAR ARITHMETIC Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer quotient q and an integer remainder r that obey the following relationship: a = qn + r 0 ≤ r < n; q = ⎣ a/n⎦ where ⎣ x⎦ is the largest integer less than or equal to x. Figure B.1 demonstrates that, given a and positive n, it is always possible to find q and r that satisfy the preceding relationship. Represent the integers on the number line; a will fall somewhere on that line (positive a is shown, a similar demonstration can be made for negative a). Starting at 0, B-6 0
n 2n 3n qn (q + 1)na n r Figure B.1 The Relationship a = qn + r; 0 ! r < n (a) General relationship 0 15 15 10 30 = 2 15 70 (b) Example: 70 = (4 15) + 10 45 = 3 15 60 = 4 15 75 = 5 15 proceed to n, 2n, up to qn such that qn ≤ a and (q + 1)n > a. The distance
from qn to a is r, and we have found the unique values of q and r. The remainder r is often referred to as a residue. If a is an integer and n is a positive integer, we define a mod n to be the remainder when a is divided by n. Thus, for any integer a, we can always write a = ⎣ a/n⎦ × n + (a mod n) Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod n). This is written a ≡ b mod n. For example, 73 ≡ 4 mod 23; and 21 ≡ –9 mod 10. Note that if a ≡ 0 mod n, then n|a. The modulo operator has the following properties: 1. a ≡ b mod n if n|(a – b) 2. (a mod n) = (b mod n) implies a ≡ b mod n B-7
3. a ≡ b mod n implies b ≡ a mod n 4. a ≡ b mod n and b ≡ c mod n imply a ≡ c mod n To demonstrate the first point, if n|(a – b), then (a – b) = kn for some k. So we can write a = b + kn. Therefore, (a mod n) = (remainder when b + kn is divided by n) = (remainder when b is divided by n) = (b mod n). The remaining points are as easily proved. Modular Arithmetic Operations The (mod n) operator maps all integers into the set of integers {0, 1, . . . (n – 1)}. This suggests the question, Can we perform arithmetic operations within the confines of this set? It turns out that we can; the technique is known as modular arithmetic. Modular arithmetic exhibits the following properties: 1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
2. [(a mod n) – (b mod n)] mod n = (a – b) mod n 3. [(a mod n) × (b mod n)] mod n = (a × b) mod n We demonstrate the first property. Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra + jn for some integer j and b = rb + kn for some integer k. Then (a + b) mod n = (ra + jn + rb + kn) mod n = (ra + rb + (k + j)n) mod n = (ra + rb) mod n = [(a mod n) + (b mod n)] mod n B-8 The remaining properties are as easily proved. Inverses As in ordinary arithmetic, we can write the following:
if (a + b) ≡ (a + c) (mod n) then b ≡ c (mod n) (B.1) (5 + 23) ≡ (5 + 7) (mod 8); 23 ≡ 7 (mod 8) For example, (5 + 23) ≡ (5 + 7) (mod 8) implies that 23 ≡ 7 (mod 8). Equation (B.1) is consistent with the existence of an additive inverse. Adding the additive inverse of a to both sides of Equation (B.1), we have ((–a) + a + b) ≡ ((–a) + a + c) (mod n) b ≡ c (mod n) However, the following statement is true only with the attached condition: if (a × b) ≡ (a × c) (mod n) then b ≡ c (mod n) if a is relatively prime to n (B.2) Similar to the case of Equation (B,1), we can say that Equation (B.2) is consistent with the existence of a multiplicative inverse. Applying the
multiplicative inverse of a to both sides of Equation (B.2), we have ((a–1)ab) ≡ ((a–1)ac) (mod n) b ≡ c (mod n) B-9 The proof that we must add the condition in Equation (B.2) is beyond the scope of this book but is explored in [STAL11b]. B.3 FERMAT'S AND EULER'S THEOREMS Two theorems that play important roles in public-key cryptography are Fermat's theorem and Euler's theorem. Fermat's Theorem1 Fermat's theorem states the following: If p is prime and a is a positive integer not divisible by p, then
ap–1 ≡ 1 (mod p) (B.3) Proof: Consider the set of positive integers less than p: {1, 2, …, p – 1} and multiply each element by a, modulo p, to get the set X = {a mod p, 2a mod p, . . . (p – 1)a mod p}. None of the elements of X is equal to zero because p does not divide a. Furthermore, no two of the integers in X are equal. To see this, assume that ja ≡ ka (mod p), where 1 ≤ j < k ≤ p – 1. Because a is relatively prime to p, we can eliminate a from both sides of the equation [see Equation (B.2)] resulting in j ≡ k (mod p). This last equality is impossible because j and k are both positive integers less than p. Therefore, we know that the (p – 1) elements of X are all positive integers, with no two elements equal. We can conclude the X consists of the set of integers {1, 2, …, p – 1} in some order. Multiplying the numbers in both sets and taking the
result mod p yields 1 This is sometimes referred to as Fermat's little theorem. B-10 a × 2a × . . . × (p – 1)a ≡ [(1× 2 × …× (p – 1)] (mod p) ap–1(p – 1)! ≡ (p – 1)! (mod p) We can cancel the (p – 1)! term because it is relatively prime to p [see Equation (B.2)]. This yields Equation (B.3). a = 7, p = 19 72 = 49 ≡ 11 (mod 19) 74 ≡ 121 ≡ 7 (mod 19) 78 ≡ 49 ≡ 11 (mod 19) 716 ≡ 121 ≡ 7 (mod 19) ap–1 = 718 = 716 × 72 ≡ 7 × 11 ≡ 1 (mod 19) An alternative form of Fermat's theorem is also useful: If p is prime and a is a positive integer, then ap ≡ a (mod p) (B.4)
Note that the first form of the theorem [Equation (B.3)] requires that a be relatively prime to p, but this form does not. p = 5, a = 3 ap = 35 = 243 ≡ 3 (mod 5) = a (mod p) p = 5, a = 10 ap = 105 = 100000 ≡ 10 (mod 5) ≡ 0 (mod 5) = a (mod p) Euler's Totient Function Before presenting Euler's theorem, we need to introduce an important quantity in number theory, referred to as Euler's totient function and written φ(n), defined as the number of positive integers less than n and relatively prime to n. B-11 Determine φ(37) and φ(35). Because 37 is prime, all of the positive integers from 1 through 36 are relatively prime to 37. Thus φ(37) = 36. To determine φ(35), we list all of the positive integers less than
35 that are relatively prime to it: 1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18, 19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34. There are 24 numbers on the list, so φ(35) = 24. Table B.1 lists the first 30 values of φ(n). The value φ(1) is without meaning but is defined to have the value 1. Table B.1 Some Values of Euler's Totient Function φ(n) n φ(n) n φ(n) n φ(n) 1 1 11 10 21 12 2 1 12 4 22 10 3 2 13 12 23 22 4 2 14 6 24 8 5 4 15 8 25 20 6 2 16 8 26 12 7 6 17 16 27 18 8 4 18 6 28 12
9 6 19 18 29 28 10 4 20 8 30 8 It should be clear that for a prime number p, B-12 φ(p) = p – 1 Now suppose that we have two prime numbers p and q, with p ≠ q. Then we can show that for n = pq, φ(n) = φ(pq) = φ(p) × φ(q) = (p – 1) × (q – 1) To see that φ(n) = φ(p) × φ(q), consider that the set of positive integers less that n is the set {1, . . . , (pq – 1)}. The integers in this set that are not relatively prime to n are the set {p, 2p, . . . , (q – 1)p} and the set {q, 2q, . . . , (p – 1)q}. Accordingly,
φ(n) = (pq – 1) – [(q – 1) + (p – 1)] = pq – (p + q) +1 = (p – 1) × (q – 1) = φ(p) × φ(q) φ(21) = φ(3) × φ(7) = (3 – 1) × (7 – 1) = 2 × 6 = 12 where the 12 integers are {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20} Euler's Theorem Euler's theorem states that for every a and n that are relatively prime, aφ(n) ≡ 1 (mod n) (B.5) a = 3; n = 10; φ(10) = 4 aφ(n) = 34 = 81 ≡ 1 (mod 10) = 1 (mod n) a = 2; n = 11; φ(11) = 10 aφ(n) = 210 = 1024 ≡ 1 (mod 11) = 1 (mod n) B-13 Proof: Equation (B.5) is true if n is prime, because in that case φ(n) = (n –
1) and Fermat's theorem holds. However, it also holds for any integer n. Recall that φ(n) is the number of positive integers less than n that are relatively prime to n. Consider the set of such integers, labeled as follows: R = {x1, x2, . . ., xφ(n)} That is, each element xi of R is a unique positive integer less than n with gcd(xi, n) = 1. Now multiply each element by a, modulo n: S = {(ax1 mod n), (ax2 mod n), . . ., (axφ(n) mod n)} The set S is a permutation of R, by the following line of reasoning: 1. Because a is relatively prime to n and xi is relatively prime to n, axi must also be relatively prime to n. Thus, all the members of S are integers that are less than n and that are relatively prime to n. 2. There are no duplicates in S. Refer to Equation (B.2). If axi
mod n = axj mod n, then xi = xj. Therefore, B-14 axi mod n( ) i= 1 φ n( ) ∏ = xi i =1 φ n( ) ∏ axi i= 1 φ n( ) ∏ ≡ xi i =1 φ n( ) ∏ mod n( )
aφ n( ) × xi i =1 φ n( ) ∏ ⎡ ⎣ ⎢ ⎢ ⎤ ⎦ ⎥ ⎥ ≡ xi i =1 φ n( ) ∏ mod n( ) aφ n( ) ≡ 1 mod n( ) This is the same line of reasoning applied to the proof of Fermat's theorem. As is the case for Fermat's theorem, an alternative form of the theorem
is also useful: aφ(n)+1 ≡ a (mod n) (B.6) Again, similar to the case with Fermat's theorem, the first form of Euler's theorem [Equation (B.6)] requires that a be relatively prime to n, but this form does not. Eustis Basics Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018
1 Objectives Eustis basics Login information Supported programming languages Recommended software SSH File transfer Access to Eustis On campus and off campus Basic operations on Eustis Demo 2 Basic Information Eustis server – department Unix server eustis.eecs.ucf.edu Login username: your UCF NID Login password: your NID password Support ssh (Secure Shell) Do not support telnet for security reason Eustis is on campus network only, no public access If you are on campus network, you can connect to it directly If you are off campus, you have to use VPN Eustis help page: http://newton.i2lab.ucf.edu/wiki/Help:Eustis
3 Eustis for This Course Support multiple programming languages C (gcc) C++ (g++) Java More Eustis is required for all programming assignments Your programs should be runnable on Eustis Can be compiled and run on Eustis This provides uniform platform to run your programs TA would actually run your programs to grade your assignments 4 Recommended Software Must use ssh client to connect to Eustis Many free ssh client software online
Example Putty: command line based terminal List of ssh clients https://en.wikipedia.org/wiki/Comparison_of_SSH_clients File transfer is possible on Eustis Many GUI based software Example WinSCP for Windows 5 Mobaxterm We recommend Mobaxterm Combine ssh and file transfer (and many more) Download page https://mobaxterm.mobatek.net/download-home- edition.html For windows You may use putty and WinSCP as alternative 6
Off Campus Access Procedure Connect VPN first to get into campus network Use ssh client to connect to Eustis VPN installation UCF VPN page http://newton.i2lab.ucf.edu/wiki/Help:VPN Download and install Cisco AnyConnect client Run VPN Run Cisco AnyConnect client and fill in ucfvpn-1.vpn.ucf.edu You will be prompted to enter your NID and password Once VPN is connected, you can proceed with ssh connection 7 Basic Operations on Eustis Basic Unix commands as shown in the table On Eustis, you can use ‘pico’ to do simple text editing Or you can edit your codes on your own computer and then upload (through file transfer) to Eustis for compiling and running
8 Compile and Run Programs C Compile gcc –o <executable> <sourcefile.c> Run ./ <executable> Example gcc –o hello hello.c ./hello With arguments ./ <executable> <argument1> <argument2> Example: file name as an argument ./hello temp.txt C++ Compile g++ -o <executable> <sourcefile.cpp> Run ./ <executable> Example g++ –o hello hello.cpp ./hello With arguments ./ <executable> <argument1> <argument2> Example: file name as an argument ./hello temp.txt
Java Compile javac hello.java Run java hello java hello temp.txt (with argument) Demo 9 Action Items Your Eustis account has been created. Please try to login Eustis using your NID and password Mobaxterm or putty or any client you choose Also try transferring file to Eustis If you do not use Mobaxterm, make sure your file transfer software works as intended. If you have any problem accessing Eustis, please let us know. 10
Cryptographic Tools Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Textbook Chapter 2 Some of the slides and figures are from textbook slides distributed by Pearson 2
Encryption Definition Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. 3 secure sender secure receiver data data Alice Bob Eve
Symmetric Encryption Universal technique for providing confidentiality for transmitted or stored data Also referred to as conventional encryption or single-key encryption Two requirements for secure use: Need a strong encryption algorithm Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure 4 Symmetric Encryption Model Plaintext The original message or data, input to the encryption algorithm Encryption algorithm The algorithm performs various substitutions and transformations on the plaintext. Secret key Another input to the encryption algorithm. The exact
substitutions and transformations performed by the algorithm depend on the key. Ciphertext: The scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. Decryption algorithm This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. 5 Figure 2.1 in textbook Attacking Symmetric Encryption Cryptanalytic Attacks Rely on: Nature of the algorithm Some knowledge of the general characteristics of the plaintext Some sample plaintext-ciphertext pairs Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used If successful all future and past messages encrypted with that key are compromised Brute-Force Attack Try all possible keys on some ciphertext until an intelligible
translation into plaintext is obtained On average half of all possible keys must be tried to achieve success 6 Popular Encryption Algorithms 7 Table 2.1 in textbook 7
Data Encryption Standard (DES) The most widely used encryption scheme FIPS PUB 46 Data Encryption Algorithm (DEA) 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Strength concerns: Concerns about algorithm DES is the most studied encryption algorithm in existence Use of 56-bit key Electronic Frontier Foundation (EFF) announced in July 1998 that it had broken a DES encryption 8 Triple DES (3DES) Repeats basic DES algorithm three times using either two or three unique keys First standardized for use in financial applications in ANSI standard X9.17 in 1985 Attractions: 168-bit key length overcomes the vulnerability to brute-force attack of DES Underlying encryption algorithm is the same as in DES Drawbacks: Algorithm is sluggish in software Still uses a 64-bit block size
9 American National Standards Institute Software designed for 70’s hardware, not efficient Advanced Encryption Standard (AES) NIST in 1997 issued a call for proposals for a new Advanced Encryption Standard Security strength equal to or better than 3DES Significantly improved efficiency Symmetric block cipher 128 bit data and 128/192/256 bit keys NIST selected Rijndael algorithm (FIPS PUB 197) 10 Decryption Time 11 Table 2.2 in textbook
Practical Security Issues Typically symmetric encryption is applied to a unit of data larger than a single 64-bit or 128-bit block Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption Each block of plaintext is encrypted using the same key Cryptanalysts may be able to exploit regularities in the plaintext Modes of operation Alternative techniques developed to increase the security of symmetric block encryption for large sequences Overcomes the weaknesses of ECB 12 Block Cipher 13 Block cipher Processes the input one block of elements at a time
Produces an output block for each input block Can reuse keys More common ECB Stream Cipher Processes the input elements continuously Produces output one element at a time Primary advantage is that they are almost always faster and use far less code Encrypts plaintext one byte at a time Pseudorandom stream is one that is unpredictable without knowledge of the input key 14
Message Authentication Encryption assures confidentiality Message authentication assures data integrity: verifies received message is authentic Contents have not been altered From authentic source Timely and in correct sequence Message authentication can be performed either with or without encryption Symmetric encryption alone may not be good for message authentication: reorder attack Message authentication without encryption Broadcast Heavy load and cannot decrypt all messages Computer program authentication 15 Message Authentication Code (MAC) Authentication technique The use of a secret key to generate a small block of data Assuming both parties share same secret key and MAC algorithm Message can include a sequence number
FIPS PUB 113, recommends the use of DES. DES is used to generate an encrypted version of the message, and the last 16 or 32 bits of ciphertext are used as MAC. 16 Secure Harsh Function One-way hash function Given hash value it is infeasible to find the original message Message digest H(M) Accepts a variable-size message M as input and produces a fixed-size message digest or harsh value or harsh code 17 17 Hash Function Requirements
For any hash function can be applied to an entire message or file of any size produces a fixed-length output computationally easy to compute For a secure hash function, all above, plus must be one-way (pre-image resistant) infeasible to find x from H( x ) must be collision resistant for a given message, infeasible to find another message that generates the same hash value infeasible to find 2 messages that generate the same hash value Uses for secure hash functions MACs, digital signatures, and integrity checking 18 Message Authentication with Secure Hash Function Hash function does not take a secret key as input. To authenticate a message, the message digest can be encrypted with the secret key 19
Security of Secure Hash Function Attacks on secure hash function Cryptanalysis Exploit logical weaknesses in the algorithm Brute-force attack Strength of hash function depends on the length of the hash code produced by the algorithm SHA (Secure Hash Algorithm) most widely used hash algorithm FIPS 180 (1993): SHA FIPS 180-1 (1995): SHA-1 (160 bits) FIPS 180–2 (2002): SHA-2 SHA-256, SHA-384, and SHA-512 Other uses Passwords Hash of a password stored by an operating system Intrusion detection Store H(F) for each file on a system and secure the hash values. Later check if a file has been modified. 20
Public-Key Encryption First proposed by Diffie and Hellman in 1976 Based on mathematical function rather than simple operations on bit patterns Asymmetric Uses two separate keys: public key and private key Public key is made public for others to use Usage example To send a message, the sender encrypts the message using the receiver's public key The receiver uses his private key to decrypt the message. Solves key distribution and digital signature issues, but algorithms run much slower than symmetric algorithms. Computationally expensive, symmetric encryption still the method most used for data encryption Still need some form of protocol for distributing keys 21 21 Public-Key Encryption Model Plaintext Readable message or data that is fed into the algorithm as input
Encryption algorithm Performs transformations on the plaintext Public and private key Pair of keys, one for encryption, one for decryption Ciphertext Scrambled message produced as output Decryption algorithm Produces the original plaintext 22 Public-Key Cryptography Other way to use public key: provide authentication and integrity Only Bob has his private key Authentication - only Bob could have encrypted the plaintext Integrity - no one but Bob would be able to modify the plaintext 23
Requirements for Public-Key Cryptosystems Computationally easy to create key pairs Useful if either key can be used for each role Computationally infeasible for opponent to otherwise recover original message Computationally infeasible for opponent to determine private key from public key Computationally easy for sender who knows public key to encrypt messages Computationally easy for receiver who knows private key to decrypt ciphertext 24 Application of Public Key Encryption, Computationally expensive, not popular Diffie-Hellman key exchange Use public-key encryption to distribute a shared secret key The secrete key then can be used for symmetric encryption
Authentication Digital signature Use authentication scenario, but encrypt a hash value, not the message Key management and distribution used with certificate authorities (CAs) to assure recipients that alleged public key is genuine 25 Digital Certificates Used for authenticating both source and data integrity Created by encrypting hash code with private key Does not provide confidentiality Even in the case of complete encryption Message is safe from alteration but not eavesdropping Message can be decrypted using sender’s public key 26 Public Key Management
In public key scenario, how can Alice know that the public key she is using for Bob is really his public key? Digital certificates (DC) Issued by trusted entities called certificate authorities (CA) A digital certificate vouches for Bob and contains Bob’s public key DC is digitally signed by the CA using its private key; Alice uses the CA’s public key to verify the CA’s signature Alice now trust that they have a valid public key for Bob, since they trust the CA. This is not fool-proof. It is merely “strong evidence” of Bob’s public key 27 Digital Envelopes Another way to use public-key encryption to protect symmetric key Protects a message without arranging for sender and receiver to have the same secret key Similar to a sealed envelope containing an unsigned letter Process Uses a one-time symmetric key Key is encrypted using receiver's public key and sent to receiver 28
Random Numbers Uses Keys for public-key algorithms Stream key for symmetric stream cipher Symmetric key for use as a temporary session key or in creating a digital envelope Handshaking to prevent replay attacks Session key Requirements Randomness Uniform distribution Frequency of occurrence of each of the numbers should be approximately the same Independence No one value in the sequence can be inferred from the others Unpredictability Opponent should not be able to predict future element of sequence on basis of earlier elements 29
Random vs. Pseudorandom Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and produce sequences of numbers that are not statistically random Pseudorandom numbers Sequences that satisfy statistical randomness tests (uniformity, independence) Can be predictable True random number generator (TRNG) Uses a nondeterministic source to produce randomness Most operate by measuring unpredictable natural processes e.g. radiation, gas discharge, leaky capacitors Increasingly provided on modern processors 30 Encryption of Stored Data Situation Common to encrypt transmitted data, much less common for stored data
There is often little protection beyond domain authentication and operating system access controls Data are archived for indefinite periods Even though erased, until disk sectors are reused data are recoverable Approaches Use a commercially available encryption package Pretty Good Privacy (PGP) enables to generate a key from password Back-end appliance Encrypts all data going from server to the storage Library based tape encryption Co-processor embedded in library hardware encrypts data using a non readable key Background laptop/PC data encryption Software that encrypts all or part of data Transparent to users and applications 31 Summary Symmetric Encryption Symmetric Encryption Model Popular Encryption Algorithms DES 3DES AES
Block Cipher vs Stream Cipher Message Authentication Message Authentication Code (MAC) Secure Harsh Function Public-Key Encryption Digital Certificates Public Key Certificate Digital Envelopes Random Numbers Encryption of Stored Data 32 Key size (bits) Cipher Number of Alternative Keys Time Required at 109 decryptions/s Time Required at 1013 decryptions/s
56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour 128 AES 2128 ≈ 3.4 × 1038 2 127 ns = 5.3 × 1021 years 5.3 × 10 17 years 168 Triple DES 2168 ≈ 3.7 × 1050 2 167 ns = 5.8 × 1033 years 5.8 × 10 29 years 192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years 256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years Key size (bits) Cipher Number of Alternative Keys Time Required at 10 9 decryptions/s Time Required
at 10 13 decryptions/s 56 DES 2 56 ≈ 7.2 ´ 10 16 2 55 ns = 1.125 years 1 hour 128 AES 2 128 ≈ 3.4 ´ 10 38 2 127 ns = 5.3 ´ 10 21 years 5.3 ´ 10 17 years 168 Triple DES 2 168 ≈ 3.7 ´ 10 50
2 167 ns = 5.8 ´ 10 33 years 5.8 ´ 10 29 years 192 AES 2 192 ≈ 6.3 ´ 10 57 2 191 ns = 9.8 ´ 10 40 years 9.8 ´ 10 36 years 256 AES 2 256 ≈ 1.2 ´ 10 77 2 255 ns = 1.8 ´ 10 60 years 1.8 ´ 10
56 years Number Systems Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Required reading: slides Reference: http://sandbox.mc.edu/~bennet/cs110/textbook/index.html 2
Importance of Number Systems Number systems are used in representing addresses and data in computers and networks Often use binary and hex systems Some of attacks might cause number overflows 3 Review of Decimal Number System Decimal system is our everyday number system Base 10 number system Digits: 0,1,2,3,4,5,6,7,8,9 Examples Expansions using powers of 10: 304 = (3x102) + (0x101) + (4x100) 2047 = (2x103) + (0x102) + (4x101) + (7x100) 12.3 = (1x101) + (2x100) + (3x10-1) 43.57 = (4 x 101) + (3 x 100) + (5 x 10-1) + (7 x 10-2) 4 Negative exponent
100= 1 (n0 = 1 for all n≠0) 10-1 = 1/101= 0.1(a-b = 1/ab, for all a≠0) Binary Number System Foundation of digital system Base 2 system 0, 1 A binary digit is called a bit Example: 1010 has 4 bits Expansion using powers of 2: 1010 = (1x23) + (0x22) + (1x21) + (0x20) 110 = (1x22) + (1x21) + (0x20) Convert to decimal Carry out the expansion calculation using decimal expressions 1010 = (1x23) + (0x22) + (1x21) + (0x20) = 8 + 0 + 2 + 0 =10 110 = (1x22) + (1x21) + (0x20) = 4 + 2 + 0 =6 5
Binary Number System Convert from decimal to binary 6 220 2 110 0 Remainder 2 Quotient 55 2 0 27 2 1 13 2 1 1 6 2 3 2 1 2 0 0 1 1 Result: 11011100
Binary Number System Bit field Example 2-bit field has 4 possible combinations: 00, 01, 10, 11. The total number of bit patterns is 4. Bit field of width n The total number of bit patterns (possible combinations) is 2n. The range of numbers that can be represented is 0 to 2n-1. Recall the relationship between key size and number of possible keys Byte 8-bit field: 256 different bit patterns and number range from 0 to 255 Significant bit Left-most bit is the most significant bit, right-most bit is the least significant bit 7
Other Number Systems Facts Computers use binary numbers for storage and computation. Binary numbers are hard for people to work with because they are so long and repetitive Converting decimal to binary is tedious, at best Octal and hexadecimal number systems Higher base than binary Convert easily from/to binary 8 Octal Number System Base 8 system 0, 1, 2, 3, 4, 5, 6, 7 3 binary digits represent one octal digit 0 = 000, 1 = 001, 2 = 010, 3 = 011 4 = 100, 5 = 101, 6 = 110, 7 = 111 Octal to binary Example: 75 octal = 111 101 binary Binary to Octal Take 3 bits at a time from right to left. Replace each 3 bits by a octal digit. At the end, if you have less than 3 bits left, add zeroes at the left end to make the result an even 3 bits Replace those 3 bits by an octal digit Octal to decimal
Expansions to convert to decimal Example: 75 octal = 7x81 + 5x80 = 61 decimal 9 Hexadecimal Number System Base 16 number system 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F 4 binary digits represent one hexadecimal digit 0 = 0000, 1 = 0001, 2 = 0010, 3 = 0011 4 = 0100, 5 = 0101, 6 = 0110, 7 = 0111 8 = 1000, 9 = 1001, A = 1010, B = 1011 C = 1100, D = 1101, E = 1110, F = 1111 Works well with byte (8 bits) 1 byte has 2 hexadecimal digits Hexadecimal (hex) to binary Example: A5 hex = 1010 0101 binary Binary to hex Take 4 bits at a time from right to left. Replace each 4 bits by a hex digit. At the end, if you have less than 4 bits left, add zeroes at the left end to make the result an even 4 bits Replace those 4 bits by a hex digit Hex to decimal Expansions to convert to decimal Example: A5 hex = Ax161 + 5x160 = 10x16 + 5x1 = 165 decimal 10
Negative Numbers Recall in decimal number system, negative numbers use minus sign (“-”) Negative numbers in binary number system use sign bits If the most significant bit (MSB) is a 1, then it represents a negative number One possibility: One’s complement Use unsigned binary values for positive numbers To get the negative value, just "flip" each bit of the positive numbers. Problem: extra 0 11 Two’s Complement Number System The other possibility: two’s complement number system
Use unsigned binary values for positive numbers To get the corresponding negative value, "flip" each bit and add 1 to result no extra zero this time, and we also have an additional negative value 12 Decimal Expansion for Two’s Complement The sign bit is the leftmost bit is also MSB If it is a 1, then it represents a negative number. If it is a 0, it represents a positive number Decimal expansion Given n-bit binary number, the value of MSB is either 0 (for positive number) or (-1)x 2(n-1) The rest digits are expanded as usual Example: 8-bit binary numbers 11011010 = (-1x27) + (1x26) + (0x25) + (1x24) + (1x23) + (0x22) + (1x21) + (0x20) = -128 + 64 + 0 + 16 + 8 + 0 + 2 + 0 = -38 1000000 = (-1x27) + (0x26) + (0x25) + (0x24) + (0x23) + (0x22) + (0x21) + (0x20) = -128 + 0 = -128 11111111
= (-1x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) + (1x21) + (1x20) = -128 + 64 + 32 + 16 + 8 + 4 +2 +1 = -1 01111111 = (0x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) + (1x21) + (1x20) = 0 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 127 13 Largest number in 8-bit two’s complement Smallest negative number in 8-bit two’s complement Two’s Complement Arithmetic Addition Basics 0 + 0 = 0 0 + 1 = 1 1 + 0 = 1 1 + 1 = 0, plus a carry of 1 1 + 1 + 1 = 1, plus a carry of 1 We add bits from right to left and ignore the carries past bit- field width Example: 4-bit field Negate Negate a binary number
Just change all 0s to 1s and 1s to 0s (i.e., flip all bits), and then add 1 Example: 8-bit two’s complement number 0000 1111 (decimal 15) Flip the bits to get 1111 0000 Add 1, we get 1111 0001 Verify decimal value of 1111 0001 Decimal expansion is: -128 + 64 + 32 + 16 + 1 = -128 + 113 = - 15 decimal Example: 8-bit two’s complement number 1000 1111 (decimal - 113) Flip the bits to get 0111 0000 Add 1, we get 0111 0001 Verify decimal value of 0111 0001 Decimal expansion is: 64 + 32 + 16 + 1 = 113 decimal 14 Two’s Complement Arithmetic Subtraction In subtraction, negate the number that is to be subtracted (even if it is negative already), and then add the two numbers Example: 7-5 (4-bit field) Negate 5 decimal 5 = 0101 Flip 0101 and add 1, we get 1011 Add 7 and (-5)
7 = 0111, -5 = 1011 Ignore carry into 5th bit, since it is 4-bit field Then the result is 0010 = 2 in decimal 15 0111 +1011 10010 Carries 1 1 1 Overflow in Two’s Complement Given a bit-field width, only a limited number of numbers can be represented The two’s complement arithmetic may generate numbers beyond the limit Overflow examples Two positive numbers 4-bit field: 7 + 5 In two’s complement, 1100 = -4 decimal It is incorrect. Overflow occurs. 4-bit two’s complement can only represent numbers from -8 to +7 The result is beyond the limit Two negative numbers 4-bit field: (-4) + (-6)
Ignore the carry in 5th bit since it is 4-bit field 0110 = 6 decimal It is incorrect. Overflow occurs. 4-bit two’s complement can only represent numbers from -8 to +7 16 0111 +0101 1100 Carries 1 1 1 1100 +1010 10110 Overflow Rules in Two’s Complement Remember we still ignore the carry beyond the bit-field width Rules for adding numbers of same sign If we add two positive numbers but get a negative result, the overflow occurs and the result cannot be used. If we add two negative numbers but get a positive result, the overflow occurs and the result cannot be used. For subtraction, after negating the number that is to be subtracted, we treat it as addition and follow the same rules
17 Unsigned Binary Number Given bit-field width of n, unsigned binary numbers can represent numbers 0 to 2n -1 For unsigned binary number, the MSB does not indicate sign but simply a value The decimal expansions are different for signed and unsigned binary numbers Example: 4-bit field 1101 is decimal -3 in two’s complement (signed binary number) 1101 is decimal 13 in unsigned binary number Addition is same process for unsigned as for signed The results are interpreted differently Always know you are dealing with signed or unsigned binary numbers 18
Summary Review of Decimal Number System Binary Number System Convert from decimal to binary Bit field, byte and significant bit Why We Need Other Number Systems Octal Number System Hexadecimal Number System Negative binary numbers One’s complement vs. two’s complement Decimal Expansion for Two’s Complement Two’s Complement Arithmetic Addition Negate Subtraction Overflow in Two’s Complement Unsigned Binary Number 19 Classic Symmetric Cryptography
Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Chapter 20.1 in textbook Reference: Cryptography and Network Security: Principles and Practice, Sixth Edition, William Stallings, Pearson – Prentice Hall, 2014 Other online tutorials 2
Symmetric Encryption Also referred to as: Conventional encryption Secret-key or single-key encryption The sender and recipient share a common key All classical encryption algorithms are symmetric Only alternative before public-key encryption in 1970’s Still most widely used alternative Requirements Strong encryption algorithm A secret key known only to sender / receiver Must have a secure means for distributing the key Security by obscure approach (hoping the algorithm is unknown to the attacker) is unreliable we should assume the attacker knows the encryption algorithm Security depends on the secrecy of the key, not the algorithm Has five ingredients: Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm 3
More Terminology plaintext - original message ciphertext – the encrypted message cipher – the encryption algorithm for transforming plaintext to ciphertext key(s) - info used by cipher algorithm, should be known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering plaintext from ciphertext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing the key cryptosystem – a set of keys, algorithms, and specific language that form a system for encrypting and decrypting text Mathematical notation Encryption and decryption are functions in the mathematical sense Encrypting plaintext message M using encryption algorithm E with key k: C = E(k, M) Decrypting ciphertext C using decryption algorithm D with key k: M=D(k, C) 4
Computationally Secure Encryption Encryption is computationally secure if: Cost of breaking cipher exceeds value of information Time required to break cipher exceeds the useful lifetime of the information Usually very difficult to estimate the amount of effort required to break Can estimate time/cost of a brute-force attack 5 Cryptanalysis 6 Table 20.1 deliberately pick patterns to reveal the structure of the key
Substitution Ciphers A substitution cipher is a class of cipher algorithms where: Letters of plaintext are replaced by other letters or by numbers or symbols If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns Assuming English language and letter only substitutions (no numbers or other character) Then, 26 choices for substitution for “a” 25 choices for substitution for “b” since we can’t use what we chose for “a” 24 choices for “c”, etc. 26! Choices overall: ≈ 4.03 x 1026 = 403,000,000,000,000,000,000,000,000 7 Caesar Cipher Simplest and earliest known use of a substitution cipher Used by Julius Caesar Involves replacing each letter of the alphabet with the letter standing three places further down the alphabet Shift cipher Alphabet is wrapped around so that the letter following Z is A Example plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB
8 The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. Note that the alphabet is wrapped around, so that the letter following Z is A. Caesar Cipher Algorithm Can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 User modular arithmetic, algorithm can be expressed as: Encryption: C = E(3, M) = (M + 3) mod (26) Decryption: M = D(3, C) = (C – 3) mod (26) A shift may be of any amount, so that the general Caesar algorithm is: Encryption: C = E(k , M ) = (M + k ) mod 26 Decryption: M = D(k , C ) = (C - k ) mod 26
9 Cryptanalysis of Caesar Cipher Brute-force cryptanalysis of Caesar cipher The third line 10 If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily performed: simply try all the 25 possible keys. Figure 2.3 shows the results of applying this strategy to the example ciphertext. In this case, the plaintext leaps out as occupying the third line. Three important characteristics of this problem enabled us to
use a brute-force cryptanalysis: 1. The encryption and decryption algorithms are known. 2. There are only 25 keys to try. 3. The language of the plaintext is known and easily recognizable. Keyword Cipher Example: use keyword “PROGRAM” to encrypt a message Steps: Lay out keyword and ignore duplicate letters (e.g., the second ‘R’ in program) Finish out the mapping with the letters of the alphabet that were not used, using the standard ordering of the letters Plaintext and ciphertext alphabets are shown below: a b c d e f g h i j k l m n o p q r s t u v w x y z P R O G A M B C D E F H I J K L N Q S T U V W X Y Z Plaintext: p a r t y Ciphertext: LPQTY Number of possible ciphers is 26! / (26 – n)! where n = keyword length For n = 6 (as above), this number is (26)(25)(24)(23)(22)(21) = 165,765,600 11
Monoalphabetic Cipher Instead of just shifting the alphabet we could shuffle the letters arbitrarily Each plaintext letter maps to a different random ciphertext letter This is essentially a keyword cipher with a key that is 26 letters long Example Plain: a b c d e f g h i j k l m n o p q r s t uv w x yz Cipher: D K V Q F I B J W PES C X HT M YAUOL RG ZN Plaintext: i f w e w i s h t o r e p l a c e l e t t e r s Ciphertext: W I R F R W AJ UHY F T SDV FS FUUFY A Number of possible ciphers is 26! ≅ 4.03 x 1026 Susceptible to letter frequency analysis 12 Letter Frequency Analysis 13 Relative frequencies of letters in the English language Easy to break monoalphabetic cipher because they reflect the frequency data of the original alphabet One to one mapping
Polyalphabetic Ciphers Polyalphabetic substitution cipher Does not use a one-to-one (1:1) correspondence between plaintext letter and its corresponding ciphertext letter Uses multiple substitution alphabets and switches among them systematically The same plaintext letter will generally be encrypted differently each time it appears (one-to-many function) Similarly, the same ciphertext character will generally represent multiple plaintext characters The Vigenère Cipher is the best-known example The famous Enigma Cipher from World War II is a well-known more complex example 14 Vigenère Cipher Best known and one of the simplest polyalphabetic substitution ciphers This scheme uses multiple shift ciphers (in the form of the
Vigenere table) Vigenere table is a table with all possible shifts 26 Caesar ciphers with shifts of 0 through 25 key is multiple letters long K = k1 k2 ... kd, d = key length each letter of key specifies a different row of Vigenere table Substitution Use the rows (alphabets) specified by the key letters sequentially Repeat from start after d letters in message (here, we reuse keyword, unlike the keyword cipher Decryption simply performs same operations in reverse 15 Vigenère Table 16 Shift 0 Shift 1 Shift 25 . . .
Vigenère Cipher Example Example: using the keyword “deceptive” Write out the plaintext: wearediscoveredsaveyourselves Write the keyword above it, repeated as needed, trimming off any excess key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves Use each key letter as index to row of Vigenere table Look up the corresponding letter for the plaintext letter Repeat the process for each plaintext letter key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW Notice the one to many mapping Plaintext “e” maps to {I,T,G,H,M} Ciphertext “G” represents {c,e,r,l} 17 Vigenère Cipher: Modular Arithmetic Applied modular arithmetic to Vigenere Cipher key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW Columns in red show that modulo reduction was used to get the values 18 Vernam Cipher The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it Vernam cipher works on binary data (bits) rather than letters. Use a very long but repeating keyword 19 One-Time Pad Improvement to Vernam cipher Use a random key that is as long as the message so that the key
need not be repeated Key is used to encrypt and decrypt a single message and then is discarded Each new message requires a new key of the same length as the new message Scheme is unbreakable Produces random output that bears no statistical relationship to the plaintext Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code 20 Binary One-Time Pad Bit operation using exclusive-or (XOR) The symmetry property of XOR: C = M ⊕ P and M = C ⊕ P where P is the pad (the key) Example: Let M be the word “IF”, whose ASCII code is: 1001001 1000110 Let pad P (the key) be the random bit pattern: 1010110 0110001 Encryption: Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0 Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1 Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1 Decryption: Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1
Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1 Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0 21 Same key Plaintext recovered Challenges of One-Time Pad There is the practical problem of making large quantities of random keys Any heavily used system might require millions of random characters on a regular basis Key distribution problem For every message to be sent, a key of equal length is needed by both sender and receiver 22 Pseudo-Random Number Generators Recall random numbers have many applications
But computers can’t generate truly random numbers. Computers generate pseudo-random numbers that can pass statistical tests Uniformity and independence A pseudo-random number generator (PRNG) is a computer algorithm for generating pseudo-random numbers The algorithm takes a fixed value, called the seed, as an input and produces a sequence of output bits using a deterministic algorithm The output bit stream is determined solely by the input value or values, so an adversary who knows the algorithm and the seed can reproduce the entire bit stream An adversary who does not know the seed is unable to determine the pseudorandom string 23 Linear Congruential Generator Linear congruential generator (LCG) is one of the PRNGs An algorithm first proposed by Lehmer that is parameterized with four numbers: m the modulus m > 0 a the multiplier 0 < a< m c the increment 0≤ c < m
x0 the starting value, or seed 0 ≤ x0 < m The sequence of random numbers {xn} is obtained via the following iterative equation: Xn+1 = (a · xn + c) mod m If m , a , c , and x0 are integers, then this technique will produce a sequence of integers with each integer in the range 0 ≤ xn < m The selection of values for a , c , and m is critical in developing a good random number generator Example: Let m = 1823, a = 17, b = 248 and x0 = 362 Then x1 = ( 17 x362 + 248 ) mod 1823 = ( 6154 + 248 ) mod 1823 = 6402 mod 1823= 933 We repeat this calculation using the value of x1 instead of x0, obtaining x2 =1525 Similarly, x3 = 651, x4 = 377, x5 = 1188… 24 Playfair Cipher Recall monoalphabetic ciphers are susceptible to letter frequency analysis Another polyalphabetic approach to improving security was to encrypt multiple letters as a single unit
Playfair Cipher Best-known multiple-letter encryption cipher Invented by British scientist Sir Charles Wheatstone in 1854, but named after Lord Playfair who promoted it Encrypts pairs of letters (digrams), instead of single letters Based on the use of a 5 x 5 matrix of letters constructed using a keyword Reasonably fast and more secure than simple substitution there are 676 bigrams (2-letter combinations), versus 26 letters 25 Playfair Key Matrix Fill in letters of keyword (minus duplicates) from left to right and from top to bottom, then fill in the remainder of the matrix with the remaining letters in alphabetic order Using the keyword MONARCHY: To get 25 entries, we combine I/J but some people just drop QMONARCHYBDEFGI/JKLPQSTUVWXZ
26 In this case, the keyword is monarchy . The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time, according to the following rules: 1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that balloon would be treated as ba lx lo on. 2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. For example, ar is encrypted as RM. 3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last. For example, mu is encrypted as CM. 4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes). The Playfair cipher is a great advance over simple monoalphabetic ciphers.
For one thing, whereas there are only 26 letters, there are 26 * 26 = 676 digrams, so that identification of individual digrams is more difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. For these reasons, the Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S. Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break, because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient. Playfair Encrypting and Decrypting Encryption: Each 2-letter plaintext combination forms the opposite diagonal corners of a rectangle in the Playfair matrix. The corresponding cipher letters are found in the other two corners of that rectangle The first ciphertext letter is the one in the same row as the first plaintext letter Decryption: performed in the same manner, except using the ciphertext as input Example: plaintext “wh” is encrypted as “vy” 27
Playfair Rules If one plaintext character left over, pad with a ‘Z’ , except if the singleton is a ‘Z’ then replace it with an ‘X’ If a bigram consists of two of the same letter, insert an 'X’ after the first letter to make a bigram, and then move the second letter to be the first letter of the next bigram If both letters fall in the same row, replace each with the letter to its right (wrapping back to start from end) If both letters fall in the same column, replace each with the letter below it (wrapping from bottom to top) Otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair (opposite diagonal corners of rectangle) The first cipher letter is the corner that is in the same row as the first plaintext letter of the bigram; the second cipher letter is the opposite diagonal corner from the first cipher letter (also: when choosing a ciphertext letter from the “I/J” matrix element, always choose “I”). 28 Playfair Example
Wireless: E( wi re le sx sz ) =XG MK UL XA TX note double “s” and singleton Monday: E( mo nd ay ) = ON RY NB note “m” and “o” are in same row Deem: E( de em ) = CK LC no double-”e”; also, “e” and “m” in same column For the Playfair cipher, the “key” is the keyword and all six rules 29 Frequency of Letter Occurance Revealing the effectiveness of the Playfair and other ciphers 30 Hill Cipher Developed by the mathematician Lester Hill in 1929
Strength is that it hides single-letter frequencies Features Uses linear algebra (matrix multiplication) Letters are encoded as numbers modulo 26 Blocks of letters are interpreted as vectors Key is a random matrix of same dimension as vectors Strong against a ciphertext-only attack but easily broken with a known plaintext attack 31 Vector and Matrix A vector is an ordered set of numbers Example: [ 3, 27, 16 ] Can be represented horizontally or vertically The dot product of two vectors (same length) is simply the sum of the products of each component Example: [ 1, 5, 4 ] · [ 4, 2, 6 ] = (1)(4) + (5)(2) + (4)(6) = 4 + 10 + 24 = 38 A matrix is a rectangular arrangement of numerical values a vector is a special case of matrix with at least one of whose dimensions is 1 we can consider each row or column as a vector We enclose matrices with square brackets Examples:
, 32 Enclose matrices with square brackets Matrix Arithmetic for Hill Cipher To multiply a matrix by a vector, the matrix must be have as many columns as the vector has rows. Example = The Hill cipher uses a square matrix as its key – “key matrix” Requirement for the key matrix: must have a matrix inverse 33 Matrix Inverse The inverse of a square matrix A, is a matrix such that =I, where I is the identity matrix Inverse of a matrix by Gauss-Jordan elimination
Example: 34 Matrix Inverse Not invertible matrix During Gauss-Jordan elimination, a zero row shows up on the left side Example: 35
Hill Cipher Encryption The key matrix must have a matrix inverse so we can decrypt what we encrypt The key matrix , for any vector To encrypt To decrypt Padding Use the letter “x” to pad the last block if needed Modular arithmetic Matrix arithmetic modulo 26 36 Hill Cipher Example M=“next”= [13, 4, 23, 19] Since the matrix is 3x3, this time we split the message into blocks of length 3 and encrypt each block separately. Since the second block is just the letter “t” we must pad it to make a full block; so,let’s just use “x” as the pad character.
This gives us 2 blocks: “nex” and “txx” For example, the first block (“nex”) is encrypted as follows (using mod 26 arithmetic) 37 Transposition Ciphers Ciphertext is a permutation (i.e. rearrangement or shuffling) of the plaintext letter. Simplest transposition cipher is Rail Fence cipher Plaintext is written down as a sequence of diagonals and then read off as a sequence of rows 38
Rail Fence of Depth 2 Write plaintext message in 2 rows, alternating letters from one row to the next Encryption performed by reading across each row Example: meet me after the toga party m e m a t r h t g p r y e t e f e t e o a a t cipher: MEMATRHTGPRYETEFETEOAAT 39 2 rails Rail Fence of Depth 3 Use 3 rows and weave back and forth from row 1 to row 2 to row 3, then back to row 2, then 1, and repeat Example: meet me after the toga party m m t h g r e t e f e t e o a a t e a r t p y cipher: MMTHGRETEFETEOAATEARTPY 40 3 rails
Columnar Transposition Cipher Also called “Row Transposition Cipher” More complex transposition Write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns The order of the columns then becomes the key to the algorithm Key length is same as row length Pad with the letter ‘x’ (random characters in general, but we will use ‘x’), as needed to complete the last row 41 Columnar Transposition Cipher Example: “Attack postponed until two am” Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x x x Ciphertext: TTNAAPTMTSUOAODWCOIXKNLXPETX 42
Summary What is Symmetric Encryption Requirements Terminology Computationally Secure Encryption Concept of Substitution Ciphers Caesar Cipher Keyword Cipher Monoalphabetic Cipher Polyalphabetic Ciphers Vigenère Cipher Vernam Cipher and One-Time Pad Pseudo-Random Number Generators Linear Congruential Generator Playfair Cipher Hill Cipher Transposition Ciphers Rail Fence Cipher Columnar Transposition Cipher 43
Modes of Operation Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Chapter 20.5 in textbook 2
Objectives Learn five modes of operation How to apply those modes to block ciphers 3 Block Cipher Block cipher Encrypts plaintext characters in chunks called blocks Stream cipher can be thought of as a block cipher with a block size of 1 Block size is the number of elements in a block Example: Caesar cipher as a stream cipher 4 t1t2t3 t4 Caesar cipher as a block cipher t1
t2 time time … … Blocks and Padding A typical message is longer than 1 block Message is split into blocks of the required size If the last block is shorter than the block size, we must pad it to make a complete block Padding can be done in many different ways Example Use counts of the pad size [ b1 b2 b3 5 5 5 5 5] Here, we have 3 data bytes, plus 5 bytes of padding We have been using X Example: PETERPAN, with block size 5: PETER PANXX We use it for Caesar, Vigenere, and Hill ciphers, but not for Playfair which has its own rules 5
Simple Cipher Here we define a simple cipher, which we will call SC (i.e. simple cipher) that operates on bit strings: SC cipher: flip bits and then do circular shift to left Suppose we are given plaintext (bit string): 110110100110 block size: 4 bits (use this later ) initialization vector: 0101 (use this later) If we do not use SC as a block cipher, then ciphertext is: flip bits: 001001011001 shift left: 010010110010 6 Ciphertext Vigenere Block Cipher Use the Vigenere cipher as a block cipher Keyword: ROCK Name it VROCK Block size is length of keyword Block size is 4 Initialization vector (IV): DARK (use it later) Recall basic operation of Vigenere 7
Modes of Operation A technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application To apply a block cipher in a variety of applications, five modes of operation have been defined by NIST These modes are intended for use with any symmetric block cipher, including triple DES and AES Technically stream ciphers can also use these modes if we consider stream ciphers as block size 1 8 Five Modes 9 Table 20.4
Electronic Codebook (ECB) Simplest mode Message is broken into independent blocks Plaintext is handled b bits at a time Each block is encrypted using the same key A gigantic codebook in which there is an entry for every possible b-bit plaintext pattern Each block is encoded independently of the other blocks, as if it were the entire plaintext message Mathematic notations Ci = E(K, Pi ) = Ek(Pi) Pi = D(K, Ci ) = Dk(Ci) Pi is the plaintext block, Ci is the ciphertext, K is the key, E is encryption and D is decryption 10 ECB Mode 11
SC in ECB Mode Recall SC (Simple Cipher) Plaintext (bit string): 110110100110 Block size: 4 bits (now we use it ) Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 ECB encrypts each block as if it were the entire plaintext message C1= E(P1) = SC( 1101 ) = flip( 1101 ), then left( 0010 ) = 0100 C2 = E( P2 ) = SC( 1010 ) = flip( 1010 ), then left( 0101 ) = 1010 C3 = E( P3) = SC( 0110 ) = flip( 0110 ), then left( 1001 ) = 0011 So, complete ciphertext is: 010010100011 12 Vigenere in ECB Mode Use the Vigenere cipher as a block cipher keyword: ROCK VROCK
block size is length of keyword (=4) ECB Vigenere operation: 13 t1 t2 t3 Characteristics of ECB Pros Is very simple Allows for parallel encryptions of the blocks of a plaintext Can tolerate the loss or damage of a block Cons Long documents and images are not suitable for ECB, since patterns in the plaintext are repeated in the ciphertext. Main use is encrypting very short messages (e.g., encryption keys) 14 Source: Introduction to Computer Security, Goodrich and Tamassia, at page 403
Cipher Block Chaining (CBC) Message is broken into blocks Blocks are “linked” together in encryption operation Each previous cipher block is chained with current plaintext block, hence name Need to use an Initialization Vector (IV) to start the process Mathematical notation Cj = E(K, [Cj– C0 =IV 15 CBC Mode 16
SC in CBC Mode Recall our SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector (IV): 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CBC encrypts each block XOR’d with the previous ciphertext block C1 = E( P1 XOR IV) = SC( 1101 XOR 0101 ) = flip( 1000 ), then left( 0111 ) = 1110 C2 = E( P2 XOR 1110) = SC( 1010 XOR 1110 ) = flip( 0100 ), then left( 1011 ) = 0111 C3 = E( P3 XOR 0111) = SC( 0110 XOR 0111 ) = flip( 0001 ), then left( 1110 ) = 1101 So the complete ciphertext is 111001111101 17 Vigenere in CBC Mode Use the Vigenere cipher as a block cipher Keyword: ROCK VROCK Block size is length of keyword (=4) Initialization Vector (IV): DARK (here we use it)
Plaintext separated and padded into blocks P1, P2, and P3 : STOR MYNI GHTX Padding character ‘X’ CBC encrypts each block PLUS the output of the previous block – use plus instead of XOR C1 = E(P1 + IV) = VROCK(STOR + DARK ) = ROCK + STOR + DARK = MHHL C2 = E(P2 + MHHL) = VROCK( MYNI + MHHL ) = ROCK + MHHL + MYNI = PTWD C3 = E(P3 + PTWD) = VROCK( GHTX + PTWD ) = ROCK + GHTX + PTWD = MORK So, complete ciphertext is: MHHLPTWDMORK 18 Characteristics of CBC Overcome the repeat pattern issue in ECB A ciphertext block depends on all blocks before it Any change to a block affects all following ciphertext blocks Need Initialization Vector (IV) Must be known to sender & receiver but be unpredictable by a third party If sent in plaintext, attacker can use it It could be sent encrypted in ECB mode before rest of message Or use other methods Applications: Bulk data encryption and authentication 19
Cipher Feedback (CFB) The ciphertext for one block is encrypted again and fed back (hence, the name) using XOR to encrypt the next plaintext block We are not encrypting the current plaintext block directly to get the current ciphertext block Different from CBC, where the previous ciphertext is first combined with the next plaintext block, and the result is encrypted. Surprisingly, decryption involves using the encryption cipher (same scheme) Standard allows any number of bits (1,8, 64 or 128 etc) to be fed back Denoted CFB-1, CFB-8, CFB-64, CFB-128 etc But most efficient to use all bits in block (64 or 128) Mathematical notations Encryption: Cj = Pj -1 ) -1) C0=IV 20
CFB Mode 21 S-bit CFB Mode 22 SC in CFB Mode Recall SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector: 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CFB encrypts the previous ciphertext block and then XOR’s it with the current plaintext block
C1 = P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR ( left( 1010 ) ) = 1101 XOR 0101 = 1000 C2 = P2 XOR E(1000) = 1010 XOR SC(1000) = 1010 XOR ( left( 0111 ) ) = 1010 XOR 1110 = 0100 C3 = P3 XOR E(0100) = 0110 XOR SC(0100) = 0110 XOR ( left( 1011 ) ) = 0110 XOR 0111 = 0001 The complete ciphertext is 100001000001 Note: CFB for character data gives same result as CBC since we use simple addition 23 Characteristics of CFB Encryption can not be processed in parallel Decryption can be processed in parallel Same encryption cipher is used at both sides Errors can propagate Applications Stream data encryption, authentication 24
Output Feedback (OFB) 25 OFB Mode 26 SC in OFB Mode Let’s go back to SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector: 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 OFB encrypts the IV repeatedly and XOR’s the results with the plaintext blocks C1= P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR ( left(
1010 ) ) = 1101 XOR 0101 = 1000 C2= P2 XOR E(0101) = 1010 XOR SC(0101) = 1010 XOR ( left( 1010 ) ) = 1010 XOR 0101 = 1111 C3 = P3 XOR E(0101) = 0110 XOR SC(0101) = 0110 XOR ( left( 1010 ) ) = 0110 XOR 0101 = 0011 The ciphertext is: 100011110011 27 Vigenere in OFB Mode Let’s go back to the character Vigenere example Plaintext: STORMYNIGHT Keyword: ROCK VROCK Block size: 4 Initialization vector: DARK Plaintext separated and padded into blocks P1, P2, and P3 : STOR MYNI GHTX For OFB, we encrypt the IV repeatedly and add the result to plaintext block, mod 26 C1 = P1 + E( IV ) = STOR + VROCK(DARK ) = STOR + ( ROCK + DARK ) = STOR + UOTU = MHHL C2 = P2 + E(UOTU) = MYNI + VROCK(UOTU) = MYNI + ( ROCK + UOTU ) = MYNI + LCVE = XAIM C3= P3+ E(LCVE) = GHTX + VROCK(LCVE) = GHTX + ( ROCK + LCVE ) = GHTX + CQXO = IXQL The complete ciphertext is: MHHLXAIMIXQL 28
Characteristics of OFB “Pad” can be calculated in advance Errors do not propagate More vulnerable to message stream modification A variation of one-time pad Technically IVs should not be reused. IV is actually nonce. Applications Stream encryption on noisy channels. 29 Counter (CTR) 30
CTR Mode 31 SC in CTR Mode Let’s go back to SC example Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector (seed): 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CTR increments and encrypts the seed value repeatedly and XOR’s the results with the plaintext blocks C1= P1 XOR E(S+0) = 1101 XOR SC( 0101 ) = 1101 XOR ( left( 1010 ) ) = 1101 XOR 0101 = 1000 C2= P2 XOR E(S+1) = 1010 XOR SC( 0110 ) = 1010 XOR ( left( 1001 ) ) = 1010 XOR 0011 = 1001 C3 = P3 XOR E(S+2) = 0110 XOR SC( 0111 ) = 0110 XOR ( left( 1000 ) ) = 0110 XOR 0001 = 0111 The complete ciphertext is: 100010010111 32
Characteristics of CTR High efficiency Can be processed in parallel Preprocessing Encryption algorithm does not depend on plaintext or ciphertext Random access Any block can be processed in random fashion Provable security As good as other modes Simple Encryption only Must never reuse key/counter values Applications high-speed network encryptions 33 Summary Block cipher Our examples Simple Cipher Vigenere Block Cipher (character) Modes of Operation
Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR) Concept Structure Examples in SC and/or Vigenere Characteristics 34 Programming Assignment 1: Encryption and Decryption using Vigenere with Cipher Block Chaining (CBC) 1. Introduction In this programming assignment, you will implement Vigenere encryption and decryption with Cipher Block Chaining (CBC). The original form of Vigenere cipher has been introduced in “L6: Symmetric Encryption” (slide
No. 15-18). CBC mode has been introduced in “L8: Modes of Operation” (slide No. 15-19). In the lecture of “Modes of Operation”, we used Vigenere block cipher as an example to show how to apply the modes of operation to ciphers. The description of Vigenere block cipher is in slide No. 7 of “L8: Modes of Operation”. Comparing with original form of Vigenere cipher, the Vigenere block cipher defines a block size that is equal to length of Vigenere key. According to the slide No. 18 of “L8: Modes of Operation”, for CBC mode an IV (Initial Vector) is also needed as input. So, the inputs to the encryption algorithm include Vigenere key, IV and plaintext and the inputs to the decryption algorithm include Vigenere key, IV and cyphertext. In the lecture slides, we have focused on the encryption part. But in this assignment, you will implement both encryption and decryption algorithms. Therefore, you will create two programs or source files: one for the encryption (or encipher) and one for the decryption (or decipher). The encipher program will be run first. When encrypting, the encipher program will take inputs including plaintext, key and IV. The encipher encrypts the plaintext with the key & IV, and generate a file to store the ciphertext. Then when the decipher program is run, the ciphertext file will be used as
input along with key & IV. The decipher program decrypts the ciphertext to recover the plaintext. 2. Basic Encryption and Decryption Schemes In the slides of “L8: Modes of Operation”, we have mentioned that Vigenere block cipher is a character cipher. Instead of using the XOR defined in CBC mode, we used plus (+) in Vigenere with CBC (slide No. 18 of “L8: Modes of Operation”). Therefore, the encryption of Vigenere with CBC can be expressed as �0 = �(�0 + ��) = (�0 + �� + �������) ��� 26 �� = �(�� + ��−1) = (�� + ��−1 + �������) ��� 26 Since we have modified the CBC operation for Vigenere character cipher, we have to adapt the CBC decryption too. Once one already establishes the encryption algorithm (or encipher). The general rule for the decryption algorithm (or decipher) is to run the encryption in reverse. Following this rule, we can express the decryption of Vigenere with CBC as: �0 = (�0 − �� − �������) ��� 26 �� = (�� − ��−1 − �������) ��� 26 Note: the result of (�0 − �� − �������) �� (�� − ��−1 − �������) can be negative but modular value should
not be negative. Since we have adapted both encryption and decryption of original CBC. The mathematical notations shown above may not match the CBC diagram (Slide No. 16 of “L8: Modes of Operation”), which uses XOR operation. 3. Implementation 3.1. Preprocessing The plaintext input to the Vigenere CBC encipher should come from a text file. You may use any text file that is less than 4 Kilobytes in size. You can generate your text file by simply copying and pasting any text content. However, the normal text file contains upper case and lower case alphabetic characters, numbers, punctuations and other special characters including space and line feed etc.. These are way more than 26 letters defined in Vigenere cipher. So you have to preprocess the text file to eliminate all the special characters, numbers, white space and punctuations, as well as convert all upper case letters into lower case letters. The result of preprocessing should be a string of lower case letters. (as shown Figure 1) Then the encipher will use these letter sequences as the plaintext input.
Figure 1: Plaintext after Preprocessing 3.2. Inputs In addition to the letter sequence you generated from the preprocessing. The Vigenere CBC encipher needs a key and an IV. For this assignment, you would allow the user to enter a key (key length ranges from 2 to 10) and an IV with the same length as key. You may want to mandate that the length of IV should be the same as the key. Inputs to the Vigenere CBC decipher should be the same key and IV, as well as the ciphertext. The ciphertext sequence should be generated by the Vigenere CBC encipher. The easy way to allow the user’s input is using the command line arguments. For example, assuming the executable of your Vigenere CBC encipher is called V_encipher, plaintext file is called sample.txt, the key is rock and the IV is dark. The Unix command line to run the encipher would look like this: ./V_encipher sample.txt rock dark Assuming your encipher would save the ciphertext to a file ciphertext.txt and your decipher executable is called
V_decipher (the key and the IV are same as the above), the Unix command line to run the decipher would look like this: ./V_decipher ciphertext.txt rock dark 3.3. Outputs As mentioned above, you would create two programs: one for the encipher (including the preprocessing) and one for the decipher. The outputs of the encipher program should include the following: Original text file name ireturnedfromthecityaboutthreeoclockonthatmayafternoonpretty w elldisgustedwithlifeihadbeenthreemonthsintheoldcountryandwas fe dupwithitifanyonehadtoldmeayearagothatiwouldhavebeenfeeling li kethatishouldhavelaughedathimbuttherewasthefacttheweatherma d emeliverishthetalkoftheordinaryenglishmanmademesickicouldnt ge tenoughexerciseandtheamusementsoflondonseemedasflatassoda w
aterthathasbeenstandinginthesunrichardhannayikepttellingmysel fy ouhavegotintothewrongditchmyfriendandyouhadbetterclimbout Key IV Block size Plaintext (after preprocessing) printed on the screen Number of characters in plaintext (before padding) Ciphertext printed on the screen Name of ciphertext file (ciphertext saved to a file) Number of padding characters The ciphertext file will be used as one of the inputs to the decipher. The outputs of the decipher program should include the following: Ciphertext file name Number of characters in ciphertext Recovered plaintext printed on the screen 3.4. Other Implementation details
Since your original text file could be any size less than 4 kilobytes, the padding may be needed when the plaintext is divided into blocks. According to No. 18 of “L8: Modes of Operation”, Letter X should be used for padding. 4. Submission When you submit your assignment, you should submit your source codes. The names of your source files should clearly state encipher and decipher. You should also your text file (although TA may use his text file to test your programs). You will also generate a report to describe your programs briefly and explain how to compile/run your program on Eustis. Your report should include the screenshots to show the output results. Please zip all your files and submit through Webcourses. As discussed before, you may submit multiple versions before deadline. So submit early. Only the last version before the deadline would be graded. The late submission will receive penalty of 1 point per minute past the deadline. 5. Grading Please complete this assignment on your own. Do not copy or share codes. When TA grades your submission, the following rubrics will be followed.
Criteria Ratings Pts The assignment report provides description of the programs and explanation of the codes. The codes are compiled successfully. Full pts: 20 No pts: 0 20 Program accepts command line argument, correctly read/write the file and show it on screen Full pts: 20 No pts: 0 20 Program successfully and correctly perform Vigenere encryption on the first block, using the correct plaintext, keyword and IV Full pts:15 No pts: 0 15 Program successfully and correctly perform CBC encryption on subsequent block(s) Full pts:15 No pts: 0 15 Program successfully and correctly perform vigenere decryption on the first block, using the correct ciphertext, keyword and IV Full pts:15 No pts: 0 15 Program successfully and correctly perform CBC decryption on subsequent block(s) Full pts:15 No pts: 0 15 100
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx

More Related Content

Similar to Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx (20)

PPT
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
PPTX
CH01-CompSec4e.pptx
ams1ams11
 
PDF
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
PPTX
security system by desu star chapter 1.pptx
desalewminale
 
PPTX
Data Information and Security Unit-1.pptx
sbrainyajay
 
PPT
Gs Ch1
phanleson
 
PPTX
Computer Security Chapter 1
Temesgen Berhanu
 
PPTX
PPT0-Computer Security Concepts.pptx
PiBits
 
PPTX
Introduction to Computer Security
Kamal Acharya
 
DOCX
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
gitagrimston
 
PDF
IT system security principles practices
gufranresearcher
 
PPT
Introduction Network security
IGZ Software house
 
PDF
Information Security Lecture Notes
FellowBuddy.com
 
PDF
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
PPT
chapter on Cyber 02.ppt presentation on it
abeeeeeeeer588
 
PPT
Ch01_Introduction_to_Information_Securit
KawukiDerrick
 
PPT
Ch01_Introduction_to_Information_Securit.ppt
KawukiDerrick
 
PPTX
Securing information system
Tanjim Rasul
 
PPTX
Protection and security
mbadhi
 
PDF
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
CH01-CompSec4e.pptx
ams1ams11
 
Health Information Privacy and Security
Nawanan Theera-Ampornpunt
 
security system by desu star chapter 1.pptx
desalewminale
 
Data Information and Security Unit-1.pptx
sbrainyajay
 
Gs Ch1
phanleson
 
Computer Security Chapter 1
Temesgen Berhanu
 
PPT0-Computer Security Concepts.pptx
PiBits
 
Introduction to Computer Security
Kamal Acharya
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
gitagrimston
 
IT system security principles practices
gufranresearcher
 
Introduction Network security
IGZ Software house
 
Information Security Lecture Notes
FellowBuddy.com
 
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
chapter on Cyber 02.ppt presentation on it
abeeeeeeeer588
 
Ch01_Introduction_to_Information_Securit
KawukiDerrick
 
Ch01_Introduction_to_Information_Securit.ppt
KawukiDerrick
 
Securing information system
Tanjim Rasul
 
Protection and security
mbadhi
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
 

More from bagotjesusa (20)

DOCX
Issues Identify at least seven issues you see in the case1..docx
bagotjesusa
 
DOCX
Issues and disagreements between management and employees lead.docx
bagotjesusa
 
DOCX
ISSN1369 7021 © Elsevier Ltd 2010DECEMBER 2010 VOLUME 13 .docx
bagotjesusa
 
DOCX
ISSA Journal September 2008Article Title Article Author.docx
bagotjesusa
 
DOCX
ISOL 536Security Architecture and DesignThreat Modeling.docx
bagotjesusa
 
DOCX
ISOL 533 Project Part 1OverviewWrite paper in sections.docx
bagotjesusa
 
DOCX
Is the United States of America a democracyDetailed Outline.docx
bagotjesusa
 
DOCX
Islamic Profession of Faith (There is no God but God and Muhammad is.docx
bagotjesusa
 
DOCX
IS-365 Writing Rubric Last updated January 15, 2018 .docx
bagotjesusa
 
DOCX
ISAS 600 – Database Project Phase III RubricAs the final ste.docx
bagotjesusa
 
DOCX
Is teenage pregnancy a social problem How does this topic reflect.docx
bagotjesusa
 
DOCX
Is Texas so conservative- (at least for the time being)- as many pun.docx
bagotjesusa
 
DOCX
Irreplaceable Personal Objects and Cultural IdentityThink of .docx
bagotjesusa
 
DOCX
IRB is an important step in research. State the required components .docx
bagotjesusa
 
DOCX
irem.orgjpm jpm® 47AND REWARDRISK .docx
bagotjesusa
 
DOCX
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
bagotjesusa
 
DOCX
In two paragraphs, respond to the prompt below. Journal entries .docx
bagotjesusa
 
DOCX
Investigative Statement AnalysisInitial statement given by Ted K.docx
bagotjesusa
 
DOCX
Investigating Happiness at College SNAPSHOT T.docx
bagotjesusa
 
DOCX
Investigate Development Case Death with Dignity Physician-Assiste.docx
bagotjesusa
 
Issues Identify at least seven issues you see in the case1..docx
bagotjesusa
 
Issues and disagreements between management and employees lead.docx
bagotjesusa
 
ISSN1369 7021 © Elsevier Ltd 2010DECEMBER 2010 VOLUME 13 .docx
bagotjesusa
 
ISSA Journal September 2008Article Title Article Author.docx
bagotjesusa
 
ISOL 536Security Architecture and DesignThreat Modeling.docx
bagotjesusa
 
ISOL 533 Project Part 1OverviewWrite paper in sections.docx
bagotjesusa
 
Is the United States of America a democracyDetailed Outline.docx
bagotjesusa
 
Islamic Profession of Faith (There is no God but God and Muhammad is.docx
bagotjesusa
 
IS-365 Writing Rubric Last updated January 15, 2018 .docx
bagotjesusa
 
ISAS 600 – Database Project Phase III RubricAs the final ste.docx
bagotjesusa
 
Is teenage pregnancy a social problem How does this topic reflect.docx
bagotjesusa
 
Is Texas so conservative- (at least for the time being)- as many pun.docx
bagotjesusa
 
Irreplaceable Personal Objects and Cultural IdentityThink of .docx
bagotjesusa
 
IRB is an important step in research. State the required components .docx
bagotjesusa
 
irem.orgjpm jpm® 47AND REWARDRISK .docx
bagotjesusa
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
bagotjesusa
 
In two paragraphs, respond to the prompt below. Journal entries .docx
bagotjesusa
 
Investigative Statement AnalysisInitial statement given by Ted K.docx
bagotjesusa
 
Investigating Happiness at College SNAPSHOT T.docx
bagotjesusa
 
Investigate Development Case Death with Dignity Physician-Assiste.docx
bagotjesusa
 
Ad

Recently uploaded (20)

PDF
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
PPTX
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
PDF
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
PDF
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
PPT
Talk on Critical Theory, Part II, Philosophy of Social Sciences
Soraj Hongladarom
 
PPTX
THE TAME BIRD AND THE FREE BIRD.pptxxxxx
MarcChristianNicolas
 
PDF
The dynastic history of the Chahmana.pdf
PrachiSontakke5
 
PPTX
SPINA BIFIDA: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
PPTX
grade 5 lesson matatag ENGLISH 5_Q1_PPT_WEEK4.pptx
SireQuinn
 
PDF
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
PPTX
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
PPTX
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
PDF
Dimensions of Societal Planning in Commonism
StefanMz
 
PPTX
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
PDF
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
PDF
The Different Types of Non-Experimental Research
Thelma Villaflores
 
PPT
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
PPTX
Unit 2 COMMERCIAL BANKING, Corporate banking.pptx
AnubalaSuresh1
 
PPTX
STAFF DEVELOPMENT AND WELFARE: MANAGEMENT
PRADEEP ABOTHU
 
PPTX
grade 5 lesson ENGLISH 5_Q1_PPT_WEEK3.pptx
SireQuinn
 
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
LAW OF CONTRACT ( 5 YEAR LLB & UNITARY LLB)- MODULE-3 - LEARN THROUGH PICTURE
APARNA T SHAIL KUMAR
 
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
Talk on Critical Theory, Part II, Philosophy of Social Sciences
Soraj Hongladarom
 
THE TAME BIRD AND THE FREE BIRD.pptxxxxx
MarcChristianNicolas
 
The dynastic history of the Chahmana.pdf
PrachiSontakke5
 
SPINA BIFIDA: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
grade 5 lesson matatag ENGLISH 5_Q1_PPT_WEEK4.pptx
SireQuinn
 
ARAL-Orientation_Morning-Session_Day-11.pdf
JoelVilloso1
 
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
Dimensions of Societal Planning in Commonism
StefanMz
 
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
0725.WHITEPAPER-UNIQUEWAYSOFPROTOTYPINGANDUXNOW.pdf
Thomas GIRARD, MA, CDP
 
The Different Types of Non-Experimental Research
Thelma Villaflores
 
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
Unit 2 COMMERCIAL BANKING, Corporate banking.pptx
AnubalaSuresh1
 
STAFF DEVELOPMENT AND WELFARE: MANAGEMENT
PRADEEP ABOTHU
 
grade 5 lesson ENGLISH 5_Q1_PPT_WEEK3.pptx
SireQuinn
 
Ad

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx

  • 1. Security Concepts Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Textbook Chapter 1 Some of the slides and figures are from textbook slides distributed by Pearson 2
  • 2. Computer Security Definition The NIST Computer Security Handbook Definition “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” Key points: Confidentiality, integrity and availability Confidentiality: Data confidentiality: confidential information is not disclosed to unauthorized parties Privacy: personal information should not be collected by unauthorized personnel Integrity: Data integrity: information should not be changed by unauthorized parties System integrity: systems perform as intended free of unauthorized manipulation Availability: Systems work promptly and service is not denied to authorized user. Information resources: hardware, software, firmware, information/data, and telecommunications 3 National Institute of Standards and Technology
  • 3. Computer Security Objectives 4 CIA triad FIPS PUB 199 characterization Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity: Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Federal Information Processing Standards
  • 4. Computer Security Objectives 5 Additional concepts Authenticity: verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability: Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. Tools for Confidentiality Encryption Transform the information using a secrete so it is useful only to the intended recipient Access Control Rules and policies that limit access to confidential information Authentication Determine identity or role of a user Authorization Specify the access rights or privileges to resources Physical Security Use physical barriers to deny unauthorized access For example, lock and security guards
  • 5. 6 Tools for Integrity Backups Periodic archiving of data. Checksums Computation of a function that maps the contents of a file to a numerical value Data correcting codes methods for storing data in such a way that small changes can be easily detected and automatically corrected. 7 Tools for Availability Physical protections Infrastructure meant to keep information available even in the event of physical challenges. For example, back up power Computational redundancies Computers and storage devices that serve as fallbacks in the
  • 6. case of failures. For example, back up storage 8 Levels of Impact 9 Examples Low The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Moderate
  • 7. The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals High The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals Levels of Impact Examples: Confidentiality: Student enrollment info: moderate Faculty list: low or no rating Integrity: Patient allergy info: high Online forum: moderate Availability: Critical service: high University website: moderate 10
  • 8. Computer Security Challenges Computer security is not simple Simple requirements, complex mechanisms Must consider potential attacks Counterintuitive procedures Physical and logical placement needs to be determined More algorithms and protocols may be involved Attackers only need to find a single weakness, the developer needs to find all weaknesses Benefit of security is not obvious until breech or failure occurs Requires regular monitoring Security is often an afterthought Incorporated after the design is completed Security is treated as an impediment to efficient and user- friendly operation 11 Computer Security Terminology 12 Table 1.1 of textbook
  • 9. 13 Security Concepts and Relationships Resources Assets of a Computer System Hardware Computer systems Data processing and data storage Data communications devices Software OS System utilities Applications Data files and databases Security-related data, such as password files. Communication facilities and networks Local and wide area network communication links,
  • 10. Bridges and routers etc. 14 Vulnerabilities and Threats Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) Threats Capable of exploiting vulnerabilities Represent potential security harm to an asset 15 CIA Attacks Attacks (threats carried out)
  • 11. Passive Attempt to learn or make use of information from the system that does not affect system resources Active Attempt to alter system resources or affect their operation Insider Initiated by an entity inside the security parameter Outsider Initiated from outside the perimeter 16 Countermeasures Countermeasure: any means taken to deal with a security attack Prevent Detect Recover Despite countermeasures, residual vulnerabilities may remain Countermeasures can themselves introduce new vulnerabilities The goal is to minimize the residual level of risk to the assets 17
  • 12. Threat Consequences 18 Table 1.2 in textbook Attacks (Revisit) Recall passive and active attacks Passive attacks: attempts to learn or make use of information from the system but does not affect system resources. Eavesdropping Traffic analysis Active attacks: attempts to alter system resources or affect their operation Replay Masquerade Modification of messages Denial of service
  • 13. 19 Computer Assets and Threats 20 Table 1.3 in textbook Security Requirements (Countermeasures) FIPS PUB 200 (Minimum Security Requirements for Federal Information and Information Systems) enumerates 17 security- related areas (Table 1.4) Technical measures: Access control Identification and authentication System and communication protection System and information integrity Management controls: Awareness and training
  • 14. Audit and accountability Certification, accreditation and security assessments Contingency planning Maintenance Physical and environmental protection Planning Personnel security Risk assessment Systems and services acquisition Overlap Configuration management Incident response Media protection 21 Federal Information Processing Standards Security Design Principles National Centers of Academic Excellence Economy of mechanism keep it simple Fail-safe defaults default is lack of access Complete mediation do not rely on cached answers to grant access Open design Encryption algorithms are public, but keys are secret Separation of privilege multifactor user authentication
  • 15. Least privilege every process/user should have least privilege to perform task Least common mechanism separate user functions as much as possible Psychological acceptability security should intrude minimally with user work Isolation isolate systems/processes/files as much as possible Encapsulation object-oriented concept for protecting data Modularity use a modular architecture, to facilitate upgrades/maintenance Layering provide multiple layers of security Least astonishment programs and UIs should respond in understandable ways 22 Attack Surfaces 23 An attack surface consists of the reachable and exploitable vulnerabilities in a system Three categories: Network attack surface Vulnerabilities over an enterprise network, wide-area network, or the Internet. For example, network protocol vulnerabilities used for a denial-
  • 16. of-service Software attack surface Vulnerabilities in application, utility or operating system code. A particular focus in this category is Web server software. For example, codes that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats Human attack surface Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders. For example, an employee with access to sensitive information vulnerable to a social engineering attack Attack Trees Branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities Root node: attack goal Subnode: subgoal Leaf node: ways to initiate an attack Each subnode is either AND-node or OR-node Example: Internet banking Authentication (Figure 1.4)
  • 17. 24 Computer Security Strategy Security policy Formal statement of rules and practices that specify how a system provides security services to protect system resources Security implementation Involves four complementary actions Prevention Detection Response Recovery Assurance Degree of confidence that security measures work as intended to protect assets Evaluation Process of examining a computer product or system with respect to certain criteria Involve testing and analytic or mathematical techniques 25
  • 18. Summary Computer security definition Computer security objective (CIA triad) Tools for CIA Level of impact Computer security challenges Security terminology Security concepts and relationship Computer system assets Vulnerabilities, threats, attacks and countermeasures Threat consequences Security requirements Security design principles Attack surfaces Attack trees Computer security strategy 26
  • 19. Threat Consequence Threat Action (Attack) Unauthorized Disclosure A circumstance or event whereby an entity gains access to data for which the entity is not authorized. Exposure: Sensitive data are directly released to an unauthorized entity. Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications. Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections. Deception
  • 20. A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying responsibility for an act. Disruption A circumstance or event that interrupts or prevents the correct operation of system services and functions. Incapacitation: Prevents or interrupts system operation by disabling a system component. Corruption: Undesirably alters system operation by adversely modifying system functions or data. Obstruction: A threat action that interrupts delivery of system services by hindering system operation.
  • 21. Usurpation A circumstance or event that results in control of system services or functions by an unauthorized entity. Misappropriation: An entity assumes unauthorized logical or physical control of a system resource. Misuse: Causes a system component to perform a function or service that is detrimental to system security. Threat Consequence Threat Action (Attack) Unauthorized Disclosure A circumstance or event whereby an entity gains access to data for which the entity is not authorized. Exposure: Sensitive data are directly released to an unauthorized entity. Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications.
  • 22. Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections. Deception A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying responsibility for an act. Disruption A circumstance or event that interrupts or prevents the correct operation of system services and functions. Incapacitation: Prevents or interrupts system operation by disabling a system component. Corruption: Undesirably alters system operation by adversely modifying system functions or data. Obstruction: A threat action that interrupts delivery of system services by hindering system operation. Usurpation A circumstance or event that results in control of system services or functions by an unauthorized entity.
  • 23. Misappropriation: An entity assumes unauthorized logical or physical control of a system resource. Misuse: Causes a system component to perform a function or service that is detrimental to system security. Availability Confidentiality Integrity Hardware Equipment is stolen or disabled, thus denying service. An unencrypted CD- ROM or DVD is stolen. Software Programs are deleted, denying access to users. An unauthorized copy of software is made. A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task. Data Files are deleted, denying access to users. An unauthorized read of data is performed. An analysis of statistical data reveals underlying data.
  • 24. Existing files are modified or new files are fabricated. Communication Lines and Networks Messages are destroyed or deleted. Communication lines or networks are rendered unavailable. Messages are read. The traffic pattern of messages is observed. Messages are modified, delayed, reordered, or duplicated. False messages are fabricated. Availability Confidentiality Integrity Hardware Equipment is stolen or disabled, thus denying service. An unencrypted CD- ROM or DVD is stolen. Software
  • 25. Programs are deleted, denying access to users. An unauthorized copy of software is made. A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task. Data Files are deleted, denying access to users. An unauthorized read of data is performed. An analysis of statistical data reveals underlying data. Existing files are modified or new files are fabricated. Communication Lines and Networks Messages are destroyed or deleted. Communication lines or networks are rendered unavailable. Messages are read. The traffic pattern of messages is observed. Messages are modified, delayed, reordered, or duplicated. False messages are
  • 26. fabricated. Modular Arithmetic Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Appendix B.2 in textbook (will be posted in Webcourses) Reference: online tutorials
  • 27. 2 Modulo Operation Given any positive integer n and any integer a, when a is divided by n, we get an integer quotient, q, and integer remainder, b, that obey the following relationship: a = q · n + b, where 0 <= b <= n-1 Then we define b= a modulo n or b= a mod n. Note: b (modular value) is always non-negative Examples: 5 mod 11 = 5, 5=0x11+5, so q=0 and b=5 17 mod 11 = 6, 17=1x11+6, so q=1 and b=6 -11 mod 7 = 3. (-11)=(-2)x7+3, so q=-2 and b=3 3 b is always non-negative Congruent Modulo Two integers, a and b, are congruent modulo n if and only if a
  • 28. mod n = b mod n When a and b are divided by n, they have the same remainder a ≡ b (mod n) ⇔a mod n = b mod n Example: 100 mod 11 = 1; 34 mod 11 = 1 So 100 ≡ 34 (mod 11) In arithmetic modulo n, a and b are equivalent if their difference, (a - b), is a multiple of n n | (a - b) Example: 10 ≡ 2 (mod 4) because 4 | (10 − 2) 4 Modular Arithmetic Modular arithmetic is 'clock arithmetic’ For clock, time goes from 1 to 12, and back to 1 again For modulo arithmetic, we start with 0, go up to n-1, and then go back to 0 Modular arithmetic uses a finite number of values, and loops back from either end
  • 29. When we do modular arithmetic, we can first perform the operation and then modulo reduce the answer Examples: ( 12 + 8 ) mod 5 = 20 mod 5 = 0 ( 12 x 8 ) mod 5 = 96 mod 5 = 1 5 Modulo Reduction The results of modular computations must remain within Zn = {0, 1, 2, … n-1} For large values, modulo reduction is used to simplify modular computations. Modulo properties: Reducing each intermediate result modulo n yields the same result as doing the entire calculation, and then reducing the result to modulo n For integers a, b, and c, and for positive n, we have: ( a + b ) mod n = ( ( a mod n ) + ( b mod n ) ) mod n ( a - b ) mod n = ( ( a mod n ) - ( b mod n ) ) mod n ( a · b ) mod n = ( ( a mod n ) · ( b mod n ) ) mod n a (b+c) mod n = ( ( a b mod n ) · ( a c mod n ) ) mod n Examples ( 12 + 8 ) mod 5 = ( ( 12 mod 5 ) + ( 8 mod 5 ) ) mod 5 = ( 2 + 3 ) mod 5 = 5 mod 5 = 0 (12 – 8) mod 5 = ( (12 mod 5 ) – ( 8 mod 5) ) mod 5 = ( 2 – 3 )
  • 30. mod 5 = -1 mod 5 = 4 ( 12 · 8 ) mod 5 = ( ( 12 mod 5 ) · ( 8 mod 5 ) ) mod 5 = ( 2 · 3 ) mod 5 = 6 mod 5 = 1 26 mod 5 = ( ( 22 mod 5 ) · ( 24 mod 5 ) ) mod 5 = (( 4 mod 5 ) · ( 16 mod 5 ) ) mod 5= (4*1) mod 5 = 4 Other properties: Transitive law: a ≡ b ≡ c, then a ≡ c Commutative: a + b = b + a Associative: (a + b) + c = a + (b + c) Distributive: a(b + c) = ab + ac 6 Modular Inverse Given two positive integers x and y, both less than some other positive integer n, we say that y is the modular inverse of x, modulo n, and x is the modular inverse of y, modulo n, if and only if (x · y) mod n = 1, for 0 < x < n and 0 < y < n x-1 = y (mod n) Example: Prove 7 and 3 are inverses modulo 10 Steps: Compute the multiplication
  • 31. Compute the modulo value of the result If the modulo value is 1, the numbers are inverses 7 · 3 = 21 21 mod 10 = 1 Since the modulo value is 1, 7 and 3 are inverses modulo 10 7 Properties of Modular Inverse The number 1 is always the modular inverse of 1 for any modulus. Not all values less than a particular modulus have inverses Inverse of 2, mod 14 does not exist Look at the row of 2 This row does not have 1 For the number a and modulo n, the inverse can be found if a and n are relatively prime Relatively prime: two numbers a, n are relatively prime if gcd(a,n) = 1, where gcd is greatest common divisor In the table, we can see 1, 3, 5, 9, 11 and 13 are relatively prime to 14. So those rows contains 1, indicating modular inverses
  • 32. 8 Mod 14 multiplication table Summary What is Modulo Operation Concept of Congruent Modulo Modular Arithmetic Modulo Reduction Modular Inverse Properties of Modular Inverse 9 APPENDIX B SOME ASPECTS OF NUMBER THEORY
  • 33. William Stallings B.1 PRIME AND RELATIVELY PRIME NUMBERS ............................................ 2 Divisors ............................................................................................... ............. 2 Prime Numbers ............................................................................................... 3 Relatively Prime Numbers ............................................................................. 4 B.2 MODULAR ARITHMETIC ................................................................................ 5 Modular Arithmetic Operations ..................................................................... 7 Inverses ............................................................................................... ............ 8
  • 34. B.3 FERMAT'S AND EULER'S THEOREMS ......................................................... 9 Fermat's Theorem ........................................................................................... 9 Euler's Totient Function ............................................................................... 10 Euler's Theorem ............................................................................................ 12 Copyright 2014 Supplement to Computer Security, Third Edition Pearson 2014 http://williamstallings.com/ComputerSecurity B-2 This appendix provides some background on number theory concepts referenced in this book. B.1 PRIME AND RELATIVELY PRIME NUMBERS
  • 35. In this section, unless otherwise noted, we deal only with nonnegative integers. The use of negative integers would introduce no essential differences. Divisors We say that b ≠ 0 divides a if a = mb for some m, where a, b, and m are integers. That is, b divides a if there is no remainder on division. The notation b|a is commonly used to mean b divides a. Also, if b|a, we say that b is a divisor of a. For example, the positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24. The following relations hold: • If a|1, then a = ±1. • If a|b and b|a, then a = ±b. • Any b ≠ 0 divides 0.
  • 36. • If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n. To see this last point, note that If b|g, then g is of the form g = b × g1 for some integer g1. If b|h, then h is of the form h = b × h1 for some integer h1. B-3 So mg + nh = mbg1 + nbh1 = b × (mg1 + nh1) and therefore b divides mg + nh. Prime Numbers An integer p > 1 is a prime number if its only divisors are ±1 and ±p. Prime numbers play a critical role in number theory and in the algorithms discussed in Chapter 23. Any integer a > 1 can be factored in a unique way as
  • 37. � a = p1 a1 p2 a2 … pt at where p1 < p2 < . . . < pt are prime numbers and where each ai is a positive integer. For example, 91 = 7 × 13; and 11011 = 7 × 112 × 13. It is useful to cast this another way. If P is the set of all prime numbers, then any positive integer can be written uniquely in the following form: � a = pap p∈ P ∏ where each ap ≥ 0 The right-hand side is the product over all possible prime numbers p; for any particular value of a, most of the exponents ap will be 0. The value of any given positive integer can be specified by simply listing
  • 38. all the nonzero exponents in the foregoing formulation. Thus, the integer 12 is represented by {a2 = 2, a3 = 1}, and the integer 18 is represented by {a2 = 1, a3 = 2}. Multiplication of two numbers is equivalent to adding the corresponding exponents: B-4 k = mn → kp = mp + np for all p What does it mean, in terms of these prime factors, to say that a|b? Any integer of the form pk can be divided only by an integer that is of a lesser or equal power of the same prime number, pj with j ≤ k. Thus, we can say a|b → ap ≤ bp for all p Relatively Prime Numbers
  • 39. We will use the notation gcd(a, b) to mean the greatest common divisor of a and b. The positive integer c is said to be the greatest common divisor of a and b if 1. c is a divisor of a and of b; 2. any divisor of a and b is a divisor of c. An equivalent definition is the following: gcd(a, b) = max[k, such that k|a and k|b] Because we require that the greatest common divisor be positive, gcd(a, b) = gcd(a, –b) = gcd(–a, b) = gcd(–a, –b). In general, gcd(a, b) = gcd( | a |, | b | ). For example, gcd(60, 24) = gcd(60, –24) = 12. Also, because all nonzero integers divide 0, we have gcd(a, 0) = | a |. B-5 It is easy to determine the greatest common divisor of two
  • 40. positive integers if we express each integer as the product of primes. For example, 300 = 22 × 31 × 52; 18 = 21 × 32; gcd(18, 300) = 21 × 31 × 50 = 6. In general, k = gcd(a, b) → kp = min(ap, bp) for all p Determining the prime factors of a large number is no easy task, so the preceding relationship does not directly lead to a way of calculating the greatest common divisor. The integers a and b are relatively prime if they have no prime factors in common; that is, if their only common factor is 1. This is equivalent to saying that a and b are relatively prime if gcd(a, b) = 1. For example, 8 and 15 are relatively prime because the divisors of 8 are 1, 2, 4, and 8, and the divisors of 15 are 1, 3, 5, and 15, so 1 is the only number on both lists.
  • 41. B.2 MODULAR ARITHMETIC Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer quotient q and an integer remainder r that obey the following relationship: a = qn + r 0 ≤ r < n; q = ⎣ a/n⎦ where ⎣ x⎦ is the largest integer less than or equal to x. Figure B.1 demonstrates that, given a and positive n, it is always possible to find q and r that satisfy the preceding relationship. Represent the integers on the number line; a will fall somewhere on that line (positive a is shown, a similar demonstration can be made for negative a). Starting at 0, B-6 0
  • 42. n 2n 3n qn (q + 1)na n r Figure B.1 The Relationship a = qn + r; 0 ! r < n (a) General relationship 0 15 15 10 30 = 2 15 70 (b) Example: 70 = (4 15) + 10 45 = 3 15 60 = 4 15 75 = 5 15 proceed to n, 2n, up to qn such that qn ≤ a and (q + 1)n > a. The distance
  • 43. from qn to a is r, and we have found the unique values of q and r. The remainder r is often referred to as a residue. If a is an integer and n is a positive integer, we define a mod n to be the remainder when a is divided by n. Thus, for any integer a, we can always write a = ⎣ a/n⎦ × n + (a mod n) Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod n). This is written a ≡ b mod n. For example, 73 ≡ 4 mod 23; and 21 ≡ –9 mod 10. Note that if a ≡ 0 mod n, then n|a. The modulo operator has the following properties: 1. a ≡ b mod n if n|(a – b) 2. (a mod n) = (b mod n) implies a ≡ b mod n B-7
  • 44. 3. a ≡ b mod n implies b ≡ a mod n 4. a ≡ b mod n and b ≡ c mod n imply a ≡ c mod n To demonstrate the first point, if n|(a – b), then (a – b) = kn for some k. So we can write a = b + kn. Therefore, (a mod n) = (remainder when b + kn is divided by n) = (remainder when b is divided by n) = (b mod n). The remaining points are as easily proved. Modular Arithmetic Operations The (mod n) operator maps all integers into the set of integers {0, 1, . . . (n – 1)}. This suggests the question, Can we perform arithmetic operations within the confines of this set? It turns out that we can; the technique is known as modular arithmetic. Modular arithmetic exhibits the following properties: 1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
  • 45. 2. [(a mod n) – (b mod n)] mod n = (a – b) mod n 3. [(a mod n) × (b mod n)] mod n = (a × b) mod n We demonstrate the first property. Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra + jn for some integer j and b = rb + kn for some integer k. Then (a + b) mod n = (ra + jn + rb + kn) mod n = (ra + rb + (k + j)n) mod n = (ra + rb) mod n = [(a mod n) + (b mod n)] mod n B-8 The remaining properties are as easily proved. Inverses As in ordinary arithmetic, we can write the following:
  • 46. if (a + b) ≡ (a + c) (mod n) then b ≡ c (mod n) (B.1) (5 + 23) ≡ (5 + 7) (mod 8); 23 ≡ 7 (mod 8) For example, (5 + 23) ≡ (5 + 7) (mod 8) implies that 23 ≡ 7 (mod 8). Equation (B.1) is consistent with the existence of an additive inverse. Adding the additive inverse of a to both sides of Equation (B.1), we have ((–a) + a + b) ≡ ((–a) + a + c) (mod n) b ≡ c (mod n) However, the following statement is true only with the attached condition: if (a × b) ≡ (a × c) (mod n) then b ≡ c (mod n) if a is relatively prime to n (B.2) Similar to the case of Equation (B,1), we can say that Equation (B.2) is consistent with the existence of a multiplicative inverse. Applying the
  • 47. multiplicative inverse of a to both sides of Equation (B.2), we have ((a–1)ab) ≡ ((a–1)ac) (mod n) b ≡ c (mod n) B-9 The proof that we must add the condition in Equation (B.2) is beyond the scope of this book but is explored in [STAL11b]. B.3 FERMAT'S AND EULER'S THEOREMS Two theorems that play important roles in public-key cryptography are Fermat's theorem and Euler's theorem. Fermat's Theorem1 Fermat's theorem states the following: If p is prime and a is a positive integer not divisible by p, then
  • 48. ap–1 ≡ 1 (mod p) (B.3) Proof: Consider the set of positive integers less than p: {1, 2, …, p – 1} and multiply each element by a, modulo p, to get the set X = {a mod p, 2a mod p, . . . (p – 1)a mod p}. None of the elements of X is equal to zero because p does not divide a. Furthermore, no two of the integers in X are equal. To see this, assume that ja ≡ ka (mod p), where 1 ≤ j < k ≤ p – 1. Because a is relatively prime to p, we can eliminate a from both sides of the equation [see Equation (B.2)] resulting in j ≡ k (mod p). This last equality is impossible because j and k are both positive integers less than p. Therefore, we know that the (p – 1) elements of X are all positive integers, with no two elements equal. We can conclude the X consists of the set of integers {1, 2, …, p – 1} in some order. Multiplying the numbers in both sets and taking the
  • 49. result mod p yields 1 This is sometimes referred to as Fermat's little theorem. B-10 a × 2a × . . . × (p – 1)a ≡ [(1× 2 × …× (p – 1)] (mod p) ap–1(p – 1)! ≡ (p – 1)! (mod p) We can cancel the (p – 1)! term because it is relatively prime to p [see Equation (B.2)]. This yields Equation (B.3). a = 7, p = 19 72 = 49 ≡ 11 (mod 19) 74 ≡ 121 ≡ 7 (mod 19) 78 ≡ 49 ≡ 11 (mod 19) 716 ≡ 121 ≡ 7 (mod 19) ap–1 = 718 = 716 × 72 ≡ 7 × 11 ≡ 1 (mod 19) An alternative form of Fermat's theorem is also useful: If p is prime and a is a positive integer, then ap ≡ a (mod p) (B.4)
  • 50. Note that the first form of the theorem [Equation (B.3)] requires that a be relatively prime to p, but this form does not. p = 5, a = 3 ap = 35 = 243 ≡ 3 (mod 5) = a (mod p) p = 5, a = 10 ap = 105 = 100000 ≡ 10 (mod 5) ≡ 0 (mod 5) = a (mod p) Euler's Totient Function Before presenting Euler's theorem, we need to introduce an important quantity in number theory, referred to as Euler's totient function and written φ(n), defined as the number of positive integers less than n and relatively prime to n. B-11 Determine φ(37) and φ(35). Because 37 is prime, all of the positive integers from 1 through 36 are relatively prime to 37. Thus φ(37) = 36. To determine φ(35), we list all of the positive integers less than
  • 51. 35 that are relatively prime to it: 1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18, 19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34. There are 24 numbers on the list, so φ(35) = 24. Table B.1 lists the first 30 values of φ(n). The value φ(1) is without meaning but is defined to have the value 1. Table B.1 Some Values of Euler's Totient Function φ(n) n φ(n) n φ(n) n φ(n) 1 1 11 10 21 12 2 1 12 4 22 10 3 2 13 12 23 22 4 2 14 6 24 8 5 4 15 8 25 20 6 2 16 8 26 12 7 6 17 16 27 18 8 4 18 6 28 12
  • 52. 9 6 19 18 29 28 10 4 20 8 30 8 It should be clear that for a prime number p, B-12 φ(p) = p – 1 Now suppose that we have two prime numbers p and q, with p ≠ q. Then we can show that for n = pq, φ(n) = φ(pq) = φ(p) × φ(q) = (p – 1) × (q – 1) To see that φ(n) = φ(p) × φ(q), consider that the set of positive integers less that n is the set {1, . . . , (pq – 1)}. The integers in this set that are not relatively prime to n are the set {p, 2p, . . . , (q – 1)p} and the set {q, 2q, . . . , (p – 1)q}. Accordingly,
  • 53. φ(n) = (pq – 1) – [(q – 1) + (p – 1)] = pq – (p + q) +1 = (p – 1) × (q – 1) = φ(p) × φ(q) φ(21) = φ(3) × φ(7) = (3 – 1) × (7 – 1) = 2 × 6 = 12 where the 12 integers are {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20} Euler's Theorem Euler's theorem states that for every a and n that are relatively prime, aφ(n) ≡ 1 (mod n) (B.5) a = 3; n = 10; φ(10) = 4 aφ(n) = 34 = 81 ≡ 1 (mod 10) = 1 (mod n) a = 2; n = 11; φ(11) = 10 aφ(n) = 210 = 1024 ≡ 1 (mod 11) = 1 (mod n) B-13 Proof: Equation (B.5) is true if n is prime, because in that case φ(n) = (n –
  • 54. 1) and Fermat's theorem holds. However, it also holds for any integer n. Recall that φ(n) is the number of positive integers less than n that are relatively prime to n. Consider the set of such integers, labeled as follows: R = {x1, x2, . . ., xφ(n)} That is, each element xi of R is a unique positive integer less than n with gcd(xi, n) = 1. Now multiply each element by a, modulo n: S = {(ax1 mod n), (ax2 mod n), . . ., (axφ(n) mod n)} The set S is a permutation of R, by the following line of reasoning: 1. Because a is relatively prime to n and xi is relatively prime to n, axi must also be relatively prime to n. Thus, all the members of S are integers that are less than n and that are relatively prime to n. 2. There are no duplicates in S. Refer to Equation (B.2). If axi
  • 55. mod n = axj mod n, then xi = xj. Therefore, B-14 axi mod n( ) i= 1 φ n( ) ∏ = xi i =1 φ n( ) ∏ axi i= 1 φ n( ) ∏ ≡ xi i =1 φ n( ) ∏ mod n( )
  • 56. aφ n( ) × xi i =1 φ n( ) ∏ ⎡ ⎣ ⎢ ⎢ ⎤ ⎦ ⎥ ⎥ ≡ xi i =1 φ n( ) ∏ mod n( ) aφ n( ) ≡ 1 mod n( ) This is the same line of reasoning applied to the proof of Fermat's theorem. As is the case for Fermat's theorem, an alternative form of the theorem
  • 57. is also useful: aφ(n)+1 ≡ a (mod n) (B.6) Again, similar to the case with Fermat's theorem, the first form of Euler's theorem [Equation (B.6)] requires that a be relatively prime to n, but this form does not. Eustis Basics Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018
  • 58. 1 Objectives Eustis basics Login information Supported programming languages Recommended software SSH File transfer Access to Eustis On campus and off campus Basic operations on Eustis Demo 2 Basic Information Eustis server – department Unix server eustis.eecs.ucf.edu Login username: your UCF NID Login password: your NID password Support ssh (Secure Shell) Do not support telnet for security reason Eustis is on campus network only, no public access If you are on campus network, you can connect to it directly If you are off campus, you have to use VPN Eustis help page: http://newton.i2lab.ucf.edu/wiki/Help:Eustis
  • 59. 3 Eustis for This Course Support multiple programming languages C (gcc) C++ (g++) Java More Eustis is required for all programming assignments Your programs should be runnable on Eustis Can be compiled and run on Eustis This provides uniform platform to run your programs TA would actually run your programs to grade your assignments 4 Recommended Software Must use ssh client to connect to Eustis Many free ssh client software online
  • 60. Example Putty: command line based terminal List of ssh clients https://en.wikipedia.org/wiki/Comparison_of_SSH_clients File transfer is possible on Eustis Many GUI based software Example WinSCP for Windows 5 Mobaxterm We recommend Mobaxterm Combine ssh and file transfer (and many more) Download page https://mobaxterm.mobatek.net/download-home- edition.html For windows You may use putty and WinSCP as alternative 6
  • 61. Off Campus Access Procedure Connect VPN first to get into campus network Use ssh client to connect to Eustis VPN installation UCF VPN page http://newton.i2lab.ucf.edu/wiki/Help:VPN Download and install Cisco AnyConnect client Run VPN Run Cisco AnyConnect client and fill in ucfvpn-1.vpn.ucf.edu You will be prompted to enter your NID and password Once VPN is connected, you can proceed with ssh connection 7 Basic Operations on Eustis Basic Unix commands as shown in the table On Eustis, you can use ‘pico’ to do simple text editing Or you can edit your codes on your own computer and then upload (through file transfer) to Eustis for compiling and running
  • 62. 8 Compile and Run Programs C Compile gcc –o <executable> <sourcefile.c> Run ./ <executable> Example gcc –o hello hello.c ./hello With arguments ./ <executable> <argument1> <argument2> Example: file name as an argument ./hello temp.txt C++ Compile g++ -o <executable> <sourcefile.cpp> Run ./ <executable> Example g++ –o hello hello.cpp ./hello With arguments ./ <executable> <argument1> <argument2> Example: file name as an argument ./hello temp.txt
  • 63. Java Compile javac hello.java Run java hello java hello temp.txt (with argument) Demo 9 Action Items Your Eustis account has been created. Please try to login Eustis using your NID and password Mobaxterm or putty or any client you choose Also try transferring file to Eustis If you do not use Mobaxterm, make sure your file transfer software works as intended. If you have any problem accessing Eustis, please let us know. 10
  • 64. Cryptographic Tools Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Textbook Chapter 2 Some of the slides and figures are from textbook slides distributed by Pearson 2
  • 65. Encryption Definition Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. 3 secure sender secure receiver data data Alice Bob Eve
  • 66. Symmetric Encryption Universal technique for providing confidentiality for transmitted or stored data Also referred to as conventional encryption or single-key encryption Two requirements for secure use: Need a strong encryption algorithm Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure 4 Symmetric Encryption Model Plaintext The original message or data, input to the encryption algorithm Encryption algorithm The algorithm performs various substitutions and transformations on the plaintext. Secret key Another input to the encryption algorithm. The exact
  • 67. substitutions and transformations performed by the algorithm depend on the key. Ciphertext: The scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. Decryption algorithm This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext. 5 Figure 2.1 in textbook Attacking Symmetric Encryption Cryptanalytic Attacks Rely on: Nature of the algorithm Some knowledge of the general characteristics of the plaintext Some sample plaintext-ciphertext pairs Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used If successful all future and past messages encrypted with that key are compromised Brute-Force Attack Try all possible keys on some ciphertext until an intelligible
  • 68. translation into plaintext is obtained On average half of all possible keys must be tried to achieve success 6 Popular Encryption Algorithms 7 Table 2.1 in textbook 7
  • 69. Data Encryption Standard (DES) The most widely used encryption scheme FIPS PUB 46 Data Encryption Algorithm (DEA) 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block Strength concerns: Concerns about algorithm DES is the most studied encryption algorithm in existence Use of 56-bit key Electronic Frontier Foundation (EFF) announced in July 1998 that it had broken a DES encryption 8 Triple DES (3DES) Repeats basic DES algorithm three times using either two or three unique keys First standardized for use in financial applications in ANSI standard X9.17 in 1985 Attractions: 168-bit key length overcomes the vulnerability to brute-force attack of DES Underlying encryption algorithm is the same as in DES Drawbacks: Algorithm is sluggish in software Still uses a 64-bit block size
  • 70. 9 American National Standards Institute Software designed for 70’s hardware, not efficient Advanced Encryption Standard (AES) NIST in 1997 issued a call for proposals for a new Advanced Encryption Standard Security strength equal to or better than 3DES Significantly improved efficiency Symmetric block cipher 128 bit data and 128/192/256 bit keys NIST selected Rijndael algorithm (FIPS PUB 197) 10 Decryption Time 11 Table 2.2 in textbook
  • 71. Practical Security Issues Typically symmetric encryption is applied to a unit of data larger than a single 64-bit or 128-bit block Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption Each block of plaintext is encrypted using the same key Cryptanalysts may be able to exploit regularities in the plaintext Modes of operation Alternative techniques developed to increase the security of symmetric block encryption for large sequences Overcomes the weaknesses of ECB 12 Block Cipher 13 Block cipher Processes the input one block of elements at a time
  • 72. Produces an output block for each input block Can reuse keys More common ECB Stream Cipher Processes the input elements continuously Produces output one element at a time Primary advantage is that they are almost always faster and use far less code Encrypts plaintext one byte at a time Pseudorandom stream is one that is unpredictable without knowledge of the input key 14
  • 73. Message Authentication Encryption assures confidentiality Message authentication assures data integrity: verifies received message is authentic Contents have not been altered From authentic source Timely and in correct sequence Message authentication can be performed either with or without encryption Symmetric encryption alone may not be good for message authentication: reorder attack Message authentication without encryption Broadcast Heavy load and cannot decrypt all messages Computer program authentication 15 Message Authentication Code (MAC) Authentication technique The use of a secret key to generate a small block of data Assuming both parties share same secret key and MAC algorithm Message can include a sequence number
  • 74. FIPS PUB 113, recommends the use of DES. DES is used to generate an encrypted version of the message, and the last 16 or 32 bits of ciphertext are used as MAC. 16 Secure Harsh Function One-way hash function Given hash value it is infeasible to find the original message Message digest H(M) Accepts a variable-size message M as input and produces a fixed-size message digest or harsh value or harsh code 17 17 Hash Function Requirements
  • 75. For any hash function can be applied to an entire message or file of any size produces a fixed-length output computationally easy to compute For a secure hash function, all above, plus must be one-way (pre-image resistant) infeasible to find x from H( x ) must be collision resistant for a given message, infeasible to find another message that generates the same hash value infeasible to find 2 messages that generate the same hash value Uses for secure hash functions MACs, digital signatures, and integrity checking 18 Message Authentication with Secure Hash Function Hash function does not take a secret key as input. To authenticate a message, the message digest can be encrypted with the secret key 19
  • 76. Security of Secure Hash Function Attacks on secure hash function Cryptanalysis Exploit logical weaknesses in the algorithm Brute-force attack Strength of hash function depends on the length of the hash code produced by the algorithm SHA (Secure Hash Algorithm) most widely used hash algorithm FIPS 180 (1993): SHA FIPS 180-1 (1995): SHA-1 (160 bits) FIPS 180–2 (2002): SHA-2 SHA-256, SHA-384, and SHA-512 Other uses Passwords Hash of a password stored by an operating system Intrusion detection Store H(F) for each file on a system and secure the hash values. Later check if a file has been modified. 20
  • 77. Public-Key Encryption First proposed by Diffie and Hellman in 1976 Based on mathematical function rather than simple operations on bit patterns Asymmetric Uses two separate keys: public key and private key Public key is made public for others to use Usage example To send a message, the sender encrypts the message using the receiver's public key The receiver uses his private key to decrypt the message. Solves key distribution and digital signature issues, but algorithms run much slower than symmetric algorithms. Computationally expensive, symmetric encryption still the method most used for data encryption Still need some form of protocol for distributing keys 21 21 Public-Key Encryption Model Plaintext Readable message or data that is fed into the algorithm as input
  • 78. Encryption algorithm Performs transformations on the plaintext Public and private key Pair of keys, one for encryption, one for decryption Ciphertext Scrambled message produced as output Decryption algorithm Produces the original plaintext 22 Public-Key Cryptography Other way to use public key: provide authentication and integrity Only Bob has his private key Authentication - only Bob could have encrypted the plaintext Integrity - no one but Bob would be able to modify the plaintext 23
  • 79. Requirements for Public-Key Cryptosystems Computationally easy to create key pairs Useful if either key can be used for each role Computationally infeasible for opponent to otherwise recover original message Computationally infeasible for opponent to determine private key from public key Computationally easy for sender who knows public key to encrypt messages Computationally easy for receiver who knows private key to decrypt ciphertext 24 Application of Public Key Encryption, Computationally expensive, not popular Diffie-Hellman key exchange Use public-key encryption to distribute a shared secret key The secrete key then can be used for symmetric encryption
  • 80. Authentication Digital signature Use authentication scenario, but encrypt a hash value, not the message Key management and distribution used with certificate authorities (CAs) to assure recipients that alleged public key is genuine 25 Digital Certificates Used for authenticating both source and data integrity Created by encrypting hash code with private key Does not provide confidentiality Even in the case of complete encryption Message is safe from alteration but not eavesdropping Message can be decrypted using sender’s public key 26 Public Key Management
  • 81. In public key scenario, how can Alice know that the public key she is using for Bob is really his public key? Digital certificates (DC) Issued by trusted entities called certificate authorities (CA) A digital certificate vouches for Bob and contains Bob’s public key DC is digitally signed by the CA using its private key; Alice uses the CA’s public key to verify the CA’s signature Alice now trust that they have a valid public key for Bob, since they trust the CA. This is not fool-proof. It is merely “strong evidence” of Bob’s public key 27 Digital Envelopes Another way to use public-key encryption to protect symmetric key Protects a message without arranging for sender and receiver to have the same secret key Similar to a sealed envelope containing an unsigned letter Process Uses a one-time symmetric key Key is encrypted using receiver's public key and sent to receiver 28
  • 82. Random Numbers Uses Keys for public-key algorithms Stream key for symmetric stream cipher Symmetric key for use as a temporary session key or in creating a digital envelope Handshaking to prevent replay attacks Session key Requirements Randomness Uniform distribution Frequency of occurrence of each of the numbers should be approximately the same Independence No one value in the sequence can be inferred from the others Unpredictability Opponent should not be able to predict future element of sequence on basis of earlier elements 29
  • 83. Random vs. Pseudorandom Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and produce sequences of numbers that are not statistically random Pseudorandom numbers Sequences that satisfy statistical randomness tests (uniformity, independence) Can be predictable True random number generator (TRNG) Uses a nondeterministic source to produce randomness Most operate by measuring unpredictable natural processes e.g. radiation, gas discharge, leaky capacitors Increasingly provided on modern processors 30 Encryption of Stored Data Situation Common to encrypt transmitted data, much less common for stored data
  • 84. There is often little protection beyond domain authentication and operating system access controls Data are archived for indefinite periods Even though erased, until disk sectors are reused data are recoverable Approaches Use a commercially available encryption package Pretty Good Privacy (PGP) enables to generate a key from password Back-end appliance Encrypts all data going from server to the storage Library based tape encryption Co-processor embedded in library hardware encrypts data using a non readable key Background laptop/PC data encryption Software that encrypts all or part of data Transparent to users and applications 31 Summary Symmetric Encryption Symmetric Encryption Model Popular Encryption Algorithms DES 3DES AES
  • 85. Block Cipher vs Stream Cipher Message Authentication Message Authentication Code (MAC) Secure Harsh Function Public-Key Encryption Digital Certificates Public Key Certificate Digital Envelopes Random Numbers Encryption of Stored Data 32 Key size (bits) Cipher Number of Alternative Keys Time Required at 109 decryptions/s Time Required at 1013 decryptions/s
  • 86. 56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour 128 AES 2128 ≈ 3.4 × 1038 2 127 ns = 5.3 × 1021 years 5.3 × 10 17 years 168 Triple DES 2168 ≈ 3.7 × 1050 2 167 ns = 5.8 × 1033 years 5.8 × 10 29 years 192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years 256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years Key size (bits) Cipher Number of Alternative Keys Time Required at 10 9 decryptions/s Time Required
  • 87. at 10 13 decryptions/s 56 DES 2 56 ≈ 7.2 ´ 10 16 2 55 ns = 1.125 years 1 hour 128 AES 2 128 ≈ 3.4 ´ 10 38 2 127 ns = 5.3 ´ 10 21 years 5.3 ´ 10 17 years 168 Triple DES 2 168 ≈ 3.7 ´ 10 50
  • 88. 2 167 ns = 5.8 ´ 10 33 years 5.8 ´ 10 29 years 192 AES 2 192 ≈ 6.3 ´ 10 57 2 191 ns = 9.8 ´ 10 40 years 9.8 ´ 10 36 years 256 AES 2 256 ≈ 1.2 ´ 10 77 2 255 ns = 1.8 ´ 10 60 years 1.8 ´ 10
  • 89. 56 years Number Systems Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Required reading: slides Reference: http://sandbox.mc.edu/~bennet/cs110/textbook/index.html 2
  • 90. Importance of Number Systems Number systems are used in representing addresses and data in computers and networks Often use binary and hex systems Some of attacks might cause number overflows 3 Review of Decimal Number System Decimal system is our everyday number system Base 10 number system Digits: 0,1,2,3,4,5,6,7,8,9 Examples Expansions using powers of 10: 304 = (3x102) + (0x101) + (4x100) 2047 = (2x103) + (0x102) + (4x101) + (7x100) 12.3 = (1x101) + (2x100) + (3x10-1) 43.57 = (4 x 101) + (3 x 100) + (5 x 10-1) + (7 x 10-2) 4 Negative exponent
  • 91. 100= 1 (n0 = 1 for all n≠0) 10-1 = 1/101= 0.1(a-b = 1/ab, for all a≠0) Binary Number System Foundation of digital system Base 2 system 0, 1 A binary digit is called a bit Example: 1010 has 4 bits Expansion using powers of 2: 1010 = (1x23) + (0x22) + (1x21) + (0x20) 110 = (1x22) + (1x21) + (0x20) Convert to decimal Carry out the expansion calculation using decimal expressions 1010 = (1x23) + (0x22) + (1x21) + (0x20) = 8 + 0 + 2 + 0 =10 110 = (1x22) + (1x21) + (0x20) = 4 + 2 + 0 =6 5
  • 92. Binary Number System Convert from decimal to binary 6 220 2 110 0 Remainder 2 Quotient 55 2 0 27 2 1 13 2 1 1 6 2 3 2 1 2 0 0 1 1 Result: 11011100
  • 93. Binary Number System Bit field Example 2-bit field has 4 possible combinations: 00, 01, 10, 11. The total number of bit patterns is 4. Bit field of width n The total number of bit patterns (possible combinations) is 2n. The range of numbers that can be represented is 0 to 2n-1. Recall the relationship between key size and number of possible keys Byte 8-bit field: 256 different bit patterns and number range from 0 to 255 Significant bit Left-most bit is the most significant bit, right-most bit is the least significant bit 7
  • 94. Other Number Systems Facts Computers use binary numbers for storage and computation. Binary numbers are hard for people to work with because they are so long and repetitive Converting decimal to binary is tedious, at best Octal and hexadecimal number systems Higher base than binary Convert easily from/to binary 8 Octal Number System Base 8 system 0, 1, 2, 3, 4, 5, 6, 7 3 binary digits represent one octal digit 0 = 000, 1 = 001, 2 = 010, 3 = 011 4 = 100, 5 = 101, 6 = 110, 7 = 111 Octal to binary Example: 75 octal = 111 101 binary Binary to Octal Take 3 bits at a time from right to left. Replace each 3 bits by a octal digit. At the end, if you have less than 3 bits left, add zeroes at the left end to make the result an even 3 bits Replace those 3 bits by an octal digit Octal to decimal
  • 95. Expansions to convert to decimal Example: 75 octal = 7x81 + 5x80 = 61 decimal 9 Hexadecimal Number System Base 16 number system 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F 4 binary digits represent one hexadecimal digit 0 = 0000, 1 = 0001, 2 = 0010, 3 = 0011 4 = 0100, 5 = 0101, 6 = 0110, 7 = 0111 8 = 1000, 9 = 1001, A = 1010, B = 1011 C = 1100, D = 1101, E = 1110, F = 1111 Works well with byte (8 bits) 1 byte has 2 hexadecimal digits Hexadecimal (hex) to binary Example: A5 hex = 1010 0101 binary Binary to hex Take 4 bits at a time from right to left. Replace each 4 bits by a hex digit. At the end, if you have less than 4 bits left, add zeroes at the left end to make the result an even 4 bits Replace those 4 bits by a hex digit Hex to decimal Expansions to convert to decimal Example: A5 hex = Ax161 + 5x160 = 10x16 + 5x1 = 165 decimal 10
  • 96. Negative Numbers Recall in decimal number system, negative numbers use minus sign (“-”) Negative numbers in binary number system use sign bits If the most significant bit (MSB) is a 1, then it represents a negative number One possibility: One’s complement Use unsigned binary values for positive numbers To get the negative value, just "flip" each bit of the positive numbers. Problem: extra 0 11 Two’s Complement Number System The other possibility: two’s complement number system
  • 97. Use unsigned binary values for positive numbers To get the corresponding negative value, "flip" each bit and add 1 to result no extra zero this time, and we also have an additional negative value 12 Decimal Expansion for Two’s Complement The sign bit is the leftmost bit is also MSB If it is a 1, then it represents a negative number. If it is a 0, it represents a positive number Decimal expansion Given n-bit binary number, the value of MSB is either 0 (for positive number) or (-1)x 2(n-1) The rest digits are expanded as usual Example: 8-bit binary numbers 11011010 = (-1x27) + (1x26) + (0x25) + (1x24) + (1x23) + (0x22) + (1x21) + (0x20) = -128 + 64 + 0 + 16 + 8 + 0 + 2 + 0 = -38 1000000 = (-1x27) + (0x26) + (0x25) + (0x24) + (0x23) + (0x22) + (0x21) + (0x20) = -128 + 0 = -128 11111111
  • 98. = (-1x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) + (1x21) + (1x20) = -128 + 64 + 32 + 16 + 8 + 4 +2 +1 = -1 01111111 = (0x27) + (1x26) + (1x25) + (1x24) + (1x23) + (1x22) + (1x21) + (1x20) = 0 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 127 13 Largest number in 8-bit two’s complement Smallest negative number in 8-bit two’s complement Two’s Complement Arithmetic Addition Basics 0 + 0 = 0 0 + 1 = 1 1 + 0 = 1 1 + 1 = 0, plus a carry of 1 1 + 1 + 1 = 1, plus a carry of 1 We add bits from right to left and ignore the carries past bit- field width Example: 4-bit field Negate Negate a binary number
  • 99. Just change all 0s to 1s and 1s to 0s (i.e., flip all bits), and then add 1 Example: 8-bit two’s complement number 0000 1111 (decimal 15) Flip the bits to get 1111 0000 Add 1, we get 1111 0001 Verify decimal value of 1111 0001 Decimal expansion is: -128 + 64 + 32 + 16 + 1 = -128 + 113 = - 15 decimal Example: 8-bit two’s complement number 1000 1111 (decimal - 113) Flip the bits to get 0111 0000 Add 1, we get 0111 0001 Verify decimal value of 0111 0001 Decimal expansion is: 64 + 32 + 16 + 1 = 113 decimal 14 Two’s Complement Arithmetic Subtraction In subtraction, negate the number that is to be subtracted (even if it is negative already), and then add the two numbers Example: 7-5 (4-bit field) Negate 5 decimal 5 = 0101 Flip 0101 and add 1, we get 1011 Add 7 and (-5)
  • 100. 7 = 0111, -5 = 1011 Ignore carry into 5th bit, since it is 4-bit field Then the result is 0010 = 2 in decimal 15 0111 +1011 10010 Carries 1 1 1 Overflow in Two’s Complement Given a bit-field width, only a limited number of numbers can be represented The two’s complement arithmetic may generate numbers beyond the limit Overflow examples Two positive numbers 4-bit field: 7 + 5 In two’s complement, 1100 = -4 decimal It is incorrect. Overflow occurs. 4-bit two’s complement can only represent numbers from -8 to +7 The result is beyond the limit Two negative numbers 4-bit field: (-4) + (-6)
  • 101. Ignore the carry in 5th bit since it is 4-bit field 0110 = 6 decimal It is incorrect. Overflow occurs. 4-bit two’s complement can only represent numbers from -8 to +7 16 0111 +0101 1100 Carries 1 1 1 1100 +1010 10110 Overflow Rules in Two’s Complement Remember we still ignore the carry beyond the bit-field width Rules for adding numbers of same sign If we add two positive numbers but get a negative result, the overflow occurs and the result cannot be used. If we add two negative numbers but get a positive result, the overflow occurs and the result cannot be used. For subtraction, after negating the number that is to be subtracted, we treat it as addition and follow the same rules
  • 102. 17 Unsigned Binary Number Given bit-field width of n, unsigned binary numbers can represent numbers 0 to 2n -1 For unsigned binary number, the MSB does not indicate sign but simply a value The decimal expansions are different for signed and unsigned binary numbers Example: 4-bit field 1101 is decimal -3 in two’s complement (signed binary number) 1101 is decimal 13 in unsigned binary number Addition is same process for unsigned as for signed The results are interpreted differently Always know you are dealing with signed or unsigned binary numbers 18
  • 103. Summary Review of Decimal Number System Binary Number System Convert from decimal to binary Bit field, byte and significant bit Why We Need Other Number Systems Octal Number System Hexadecimal Number System Negative binary numbers One’s complement vs. two’s complement Decimal Expansion for Two’s Complement Two’s Complement Arithmetic Addition Negate Subtraction Overflow in Two’s Complement Unsigned Binary Number 19 Classic Symmetric Cryptography
  • 104. Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Chapter 20.1 in textbook Reference: Cryptography and Network Security: Principles and Practice, Sixth Edition, William Stallings, Pearson – Prentice Hall, 2014 Other online tutorials 2
  • 105. Symmetric Encryption Also referred to as: Conventional encryption Secret-key or single-key encryption The sender and recipient share a common key All classical encryption algorithms are symmetric Only alternative before public-key encryption in 1970’s Still most widely used alternative Requirements Strong encryption algorithm A secret key known only to sender / receiver Must have a secure means for distributing the key Security by obscure approach (hoping the algorithm is unknown to the attacker) is unreliable we should assume the attacker knows the encryption algorithm Security depends on the secrecy of the key, not the algorithm Has five ingredients: Plaintext Encryption algorithm Secret key Ciphertext Decryption algorithm 3
  • 106. More Terminology plaintext - original message ciphertext – the encrypted message cipher – the encryption algorithm for transforming plaintext to ciphertext key(s) - info used by cipher algorithm, should be known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering plaintext from ciphertext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing the key cryptosystem – a set of keys, algorithms, and specific language that form a system for encrypting and decrypting text Mathematical notation Encryption and decryption are functions in the mathematical sense Encrypting plaintext message M using encryption algorithm E with key k: C = E(k, M) Decrypting ciphertext C using decryption algorithm D with key k: M=D(k, C) 4
  • 107. Computationally Secure Encryption Encryption is computationally secure if: Cost of breaking cipher exceeds value of information Time required to break cipher exceeds the useful lifetime of the information Usually very difficult to estimate the amount of effort required to break Can estimate time/cost of a brute-force attack 5 Cryptanalysis 6 Table 20.1 deliberately pick patterns to reveal the structure of the key
  • 108. Substitution Ciphers A substitution cipher is a class of cipher algorithms where: Letters of plaintext are replaced by other letters or by numbers or symbols If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns Assuming English language and letter only substitutions (no numbers or other character) Then, 26 choices for substitution for “a” 25 choices for substitution for “b” since we can’t use what we chose for “a” 24 choices for “c”, etc. 26! Choices overall: ≈ 4.03 x 1026 = 403,000,000,000,000,000,000,000,000 7 Caesar Cipher Simplest and earliest known use of a substitution cipher Used by Julius Caesar Involves replacing each letter of the alphabet with the letter standing three places further down the alphabet Shift cipher Alphabet is wrapped around so that the letter following Z is A Example plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB
  • 109. 8 The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. Note that the alphabet is wrapped around, so that the letter following Z is A. Caesar Cipher Algorithm Can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 User modular arithmetic, algorithm can be expressed as: Encryption: C = E(3, M) = (M + 3) mod (26) Decryption: M = D(3, C) = (C – 3) mod (26) A shift may be of any amount, so that the general Caesar algorithm is: Encryption: C = E(k , M ) = (M + k ) mod 26 Decryption: M = D(k , C ) = (C - k ) mod 26
  • 110. 9 Cryptanalysis of Caesar Cipher Brute-force cryptanalysis of Caesar cipher The third line 10 If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily performed: simply try all the 25 possible keys. Figure 2.3 shows the results of applying this strategy to the example ciphertext. In this case, the plaintext leaps out as occupying the third line. Three important characteristics of this problem enabled us to
  • 111. use a brute-force cryptanalysis: 1. The encryption and decryption algorithms are known. 2. There are only 25 keys to try. 3. The language of the plaintext is known and easily recognizable. Keyword Cipher Example: use keyword “PROGRAM” to encrypt a message Steps: Lay out keyword and ignore duplicate letters (e.g., the second ‘R’ in program) Finish out the mapping with the letters of the alphabet that were not used, using the standard ordering of the letters Plaintext and ciphertext alphabets are shown below: a b c d e f g h i j k l m n o p q r s t u v w x y z P R O G A M B C D E F H I J K L N Q S T U V W X Y Z Plaintext: p a r t y Ciphertext: LPQTY Number of possible ciphers is 26! / (26 – n)! where n = keyword length For n = 6 (as above), this number is (26)(25)(24)(23)(22)(21) = 165,765,600 11
  • 112. Monoalphabetic Cipher Instead of just shifting the alphabet we could shuffle the letters arbitrarily Each plaintext letter maps to a different random ciphertext letter This is essentially a keyword cipher with a key that is 26 letters long Example Plain: a b c d e f g h i j k l m n o p q r s t uv w x yz Cipher: D K V Q F I B J W PES C X HT M YAUOL RG ZN Plaintext: i f w e w i s h t o r e p l a c e l e t t e r s Ciphertext: W I R F R W AJ UHY F T SDV FS FUUFY A Number of possible ciphers is 26! ≅ 4.03 x 1026 Susceptible to letter frequency analysis 12 Letter Frequency Analysis 13 Relative frequencies of letters in the English language Easy to break monoalphabetic cipher because they reflect the frequency data of the original alphabet One to one mapping
  • 113. Polyalphabetic Ciphers Polyalphabetic substitution cipher Does not use a one-to-one (1:1) correspondence between plaintext letter and its corresponding ciphertext letter Uses multiple substitution alphabets and switches among them systematically The same plaintext letter will generally be encrypted differently each time it appears (one-to-many function) Similarly, the same ciphertext character will generally represent multiple plaintext characters The Vigenère Cipher is the best-known example The famous Enigma Cipher from World War II is a well-known more complex example 14 Vigenère Cipher Best known and one of the simplest polyalphabetic substitution ciphers This scheme uses multiple shift ciphers (in the form of the
  • 114. Vigenere table) Vigenere table is a table with all possible shifts 26 Caesar ciphers with shifts of 0 through 25 key is multiple letters long K = k1 k2 ... kd, d = key length each letter of key specifies a different row of Vigenere table Substitution Use the rows (alphabets) specified by the key letters sequentially Repeat from start after d letters in message (here, we reuse keyword, unlike the keyword cipher Decryption simply performs same operations in reverse 15 Vigenère Table 16 Shift 0 Shift 1 Shift 25 . . .
  • 115. Vigenère Cipher Example Example: using the keyword “deceptive” Write out the plaintext: wearediscoveredsaveyourselves Write the keyword above it, repeated as needed, trimming off any excess key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves Use each key letter as index to row of Vigenere table Look up the corresponding letter for the plaintext letter Repeat the process for each plaintext letter key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW Notice the one to many mapping Plaintext “e” maps to {I,T,G,H,M} Ciphertext “G” represents {c,e,r,l} 17 Vigenère Cipher: Modular Arithmetic Applied modular arithmetic to Vigenere Cipher key: deceptivedeceptivedeceptivede plaintext: wearediscoveredsaveyourselves
  • 116. ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGZHW Columns in red show that modulo reduction was used to get the values 18 Vernam Cipher The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it Vernam cipher works on binary data (bits) rather than letters. Use a very long but repeating keyword 19 One-Time Pad Improvement to Vernam cipher Use a random key that is as long as the message so that the key
  • 117. need not be repeated Key is used to encrypt and decrypt a single message and then is discarded Each new message requires a new key of the same length as the new message Scheme is unbreakable Produces random output that bears no statistical relationship to the plaintext Because the ciphertext contains no information whatsoever about the plaintext, there is simply no way to break the code 20 Binary One-Time Pad Bit operation using exclusive-or (XOR) The symmetry property of XOR: C = M ⊕ P and M = C ⊕ P where P is the pad (the key) Example: Let M be the word “IF”, whose ASCII code is: 1001001 1000110 Let pad P (the key) be the random bit pattern: 1010110 0110001 Encryption: Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0 Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1 Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1 Decryption: Ciphertext 0 0 1 1 1 1 1 1 1 1 0 1 1 1
  • 118. Key 1 0 1 0 1 1 0 0 1 1 0 0 0 1 Plaintext 1 0 0 1 0 0 1 1 0 0 0 1 1 0 21 Same key Plaintext recovered Challenges of One-Time Pad There is the practical problem of making large quantities of random keys Any heavily used system might require millions of random characters on a regular basis Key distribution problem For every message to be sent, a key of equal length is needed by both sender and receiver 22 Pseudo-Random Number Generators Recall random numbers have many applications
  • 119. But computers can’t generate truly random numbers. Computers generate pseudo-random numbers that can pass statistical tests Uniformity and independence A pseudo-random number generator (PRNG) is a computer algorithm for generating pseudo-random numbers The algorithm takes a fixed value, called the seed, as an input and produces a sequence of output bits using a deterministic algorithm The output bit stream is determined solely by the input value or values, so an adversary who knows the algorithm and the seed can reproduce the entire bit stream An adversary who does not know the seed is unable to determine the pseudorandom string 23 Linear Congruential Generator Linear congruential generator (LCG) is one of the PRNGs An algorithm first proposed by Lehmer that is parameterized with four numbers: m the modulus m > 0 a the multiplier 0 < a< m c the increment 0≤ c < m
  • 120. x0 the starting value, or seed 0 ≤ x0 < m The sequence of random numbers {xn} is obtained via the following iterative equation: Xn+1 = (a · xn + c) mod m If m , a , c , and x0 are integers, then this technique will produce a sequence of integers with each integer in the range 0 ≤ xn < m The selection of values for a , c , and m is critical in developing a good random number generator Example: Let m = 1823, a = 17, b = 248 and x0 = 362 Then x1 = ( 17 x362 + 248 ) mod 1823 = ( 6154 + 248 ) mod 1823 = 6402 mod 1823= 933 We repeat this calculation using the value of x1 instead of x0, obtaining x2 =1525 Similarly, x3 = 651, x4 = 377, x5 = 1188… 24 Playfair Cipher Recall monoalphabetic ciphers are susceptible to letter frequency analysis Another polyalphabetic approach to improving security was to encrypt multiple letters as a single unit
  • 121. Playfair Cipher Best-known multiple-letter encryption cipher Invented by British scientist Sir Charles Wheatstone in 1854, but named after Lord Playfair who promoted it Encrypts pairs of letters (digrams), instead of single letters Based on the use of a 5 x 5 matrix of letters constructed using a keyword Reasonably fast and more secure than simple substitution there are 676 bigrams (2-letter combinations), versus 26 letters 25 Playfair Key Matrix Fill in letters of keyword (minus duplicates) from left to right and from top to bottom, then fill in the remainder of the matrix with the remaining letters in alphabetic order Using the keyword MONARCHY: To get 25 entries, we combine I/J but some people just drop QMONARCHYBDEFGI/JKLPQSTUVWXZ
  • 122. 26 In this case, the keyword is monarchy . The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time, according to the following rules: 1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that balloon would be treated as ba lx lo on. 2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. For example, ar is encrypted as RM. 3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last. For example, mu is encrypted as CM. 4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes). The Playfair cipher is a great advance over simple monoalphabetic ciphers.
  • 123. For one thing, whereas there are only 26 letters, there are 26 * 26 = 676 digrams, so that identification of individual digrams is more difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater range than that of digrams, making frequency analysis much more difficult. For these reasons, the Playfair cipher was for a long time considered unbreakable. It was used as the standard field system by the British Army in World War I and still enjoyed considerable use by the U.S. Army and other Allied forces during World War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to break, because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient. Playfair Encrypting and Decrypting Encryption: Each 2-letter plaintext combination forms the opposite diagonal corners of a rectangle in the Playfair matrix. The corresponding cipher letters are found in the other two corners of that rectangle The first ciphertext letter is the one in the same row as the first plaintext letter Decryption: performed in the same manner, except using the ciphertext as input Example: plaintext “wh” is encrypted as “vy” 27
  • 124. Playfair Rules If one plaintext character left over, pad with a ‘Z’ , except if the singleton is a ‘Z’ then replace it with an ‘X’ If a bigram consists of two of the same letter, insert an 'X’ after the first letter to make a bigram, and then move the second letter to be the first letter of the next bigram If both letters fall in the same row, replace each with the letter to its right (wrapping back to start from end) If both letters fall in the same column, replace each with the letter below it (wrapping from bottom to top) Otherwise each letter is replaced by the letter in the same row and in the column of the other letter of the pair (opposite diagonal corners of rectangle) The first cipher letter is the corner that is in the same row as the first plaintext letter of the bigram; the second cipher letter is the opposite diagonal corner from the first cipher letter (also: when choosing a ciphertext letter from the “I/J” matrix element, always choose “I”). 28 Playfair Example
  • 125. Wireless: E( wi re le sx sz ) =XG MK UL XA TX note double “s” and singleton Monday: E( mo nd ay ) = ON RY NB note “m” and “o” are in same row Deem: E( de em ) = CK LC no double-”e”; also, “e” and “m” in same column For the Playfair cipher, the “key” is the keyword and all six rules 29 Frequency of Letter Occurance Revealing the effectiveness of the Playfair and other ciphers 30 Hill Cipher Developed by the mathematician Lester Hill in 1929
  • 126. Strength is that it hides single-letter frequencies Features Uses linear algebra (matrix multiplication) Letters are encoded as numbers modulo 26 Blocks of letters are interpreted as vectors Key is a random matrix of same dimension as vectors Strong against a ciphertext-only attack but easily broken with a known plaintext attack 31 Vector and Matrix A vector is an ordered set of numbers Example: [ 3, 27, 16 ] Can be represented horizontally or vertically The dot product of two vectors (same length) is simply the sum of the products of each component Example: [ 1, 5, 4 ] · [ 4, 2, 6 ] = (1)(4) + (5)(2) + (4)(6) = 4 + 10 + 24 = 38 A matrix is a rectangular arrangement of numerical values a vector is a special case of matrix with at least one of whose dimensions is 1 we can consider each row or column as a vector We enclose matrices with square brackets Examples:
  • 127. , 32 Enclose matrices with square brackets Matrix Arithmetic for Hill Cipher To multiply a matrix by a vector, the matrix must be have as many columns as the vector has rows. Example = The Hill cipher uses a square matrix as its key – “key matrix” Requirement for the key matrix: must have a matrix inverse 33 Matrix Inverse The inverse of a square matrix A, is a matrix such that =I, where I is the identity matrix Inverse of a matrix by Gauss-Jordan elimination
  • 128. Example: 34 Matrix Inverse Not invertible matrix During Gauss-Jordan elimination, a zero row shows up on the left side Example: 35
  • 129. Hill Cipher Encryption The key matrix must have a matrix inverse so we can decrypt what we encrypt The key matrix , for any vector To encrypt To decrypt Padding Use the letter “x” to pad the last block if needed Modular arithmetic Matrix arithmetic modulo 26 36 Hill Cipher Example M=“next”= [13, 4, 23, 19] Since the matrix is 3x3, this time we split the message into blocks of length 3 and encrypt each block separately. Since the second block is just the letter “t” we must pad it to make a full block; so,let’s just use “x” as the pad character.
  • 130. This gives us 2 blocks: “nex” and “txx” For example, the first block (“nex”) is encrypted as follows (using mod 26 arithmetic) 37 Transposition Ciphers Ciphertext is a permutation (i.e. rearrangement or shuffling) of the plaintext letter. Simplest transposition cipher is Rail Fence cipher Plaintext is written down as a sequence of diagonals and then read off as a sequence of rows 38
  • 131. Rail Fence of Depth 2 Write plaintext message in 2 rows, alternating letters from one row to the next Encryption performed by reading across each row Example: meet me after the toga party m e m a t r h t g p r y e t e f e t e o a a t cipher: MEMATRHTGPRYETEFETEOAAT 39 2 rails Rail Fence of Depth 3 Use 3 rows and weave back and forth from row 1 to row 2 to row 3, then back to row 2, then 1, and repeat Example: meet me after the toga party m m t h g r e t e f e t e o a a t e a r t p y cipher: MMTHGRETEFETEOAATEARTPY 40 3 rails
  • 132. Columnar Transposition Cipher Also called “Row Transposition Cipher” More complex transposition Write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns The order of the columns then becomes the key to the algorithm Key length is same as row length Pad with the letter ‘x’ (random characters in general, but we will use ‘x’), as needed to complete the last row 41 Columnar Transposition Cipher Example: “Attack postponed until two am” Key: 4 3 1 2 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x x x Ciphertext: TTNAAPTMTSUOAODWCOIXKNLXPETX 42
  • 133. Summary What is Symmetric Encryption Requirements Terminology Computationally Secure Encryption Concept of Substitution Ciphers Caesar Cipher Keyword Cipher Monoalphabetic Cipher Polyalphabetic Ciphers Vigenère Cipher Vernam Cipher and One-Time Pad Pseudo-Random Number Generators Linear Congruential Generator Playfair Cipher Hill Cipher Transposition Ciphers Rail Fence Cipher Columnar Transposition Cipher 43
  • 134. Modes of Operation Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018 1 Information Reading: Chapter 20.5 in textbook 2
  • 135. Objectives Learn five modes of operation How to apply those modes to block ciphers 3 Block Cipher Block cipher Encrypts plaintext characters in chunks called blocks Stream cipher can be thought of as a block cipher with a block size of 1 Block size is the number of elements in a block Example: Caesar cipher as a stream cipher 4 t1t2t3 t4 Caesar cipher as a block cipher t1
  • 136. t2 time time … … Blocks and Padding A typical message is longer than 1 block Message is split into blocks of the required size If the last block is shorter than the block size, we must pad it to make a complete block Padding can be done in many different ways Example Use counts of the pad size [ b1 b2 b3 5 5 5 5 5] Here, we have 3 data bytes, plus 5 bytes of padding We have been using X Example: PETERPAN, with block size 5: PETER PANXX We use it for Caesar, Vigenere, and Hill ciphers, but not for Playfair which has its own rules 5
  • 137. Simple Cipher Here we define a simple cipher, which we will call SC (i.e. simple cipher) that operates on bit strings: SC cipher: flip bits and then do circular shift to left Suppose we are given plaintext (bit string): 110110100110 block size: 4 bits (use this later ) initialization vector: 0101 (use this later) If we do not use SC as a block cipher, then ciphertext is: flip bits: 001001011001 shift left: 010010110010 6 Ciphertext Vigenere Block Cipher Use the Vigenere cipher as a block cipher Keyword: ROCK Name it VROCK Block size is length of keyword Block size is 4 Initialization vector (IV): DARK (use it later) Recall basic operation of Vigenere 7
  • 138. Modes of Operation A technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application To apply a block cipher in a variety of applications, five modes of operation have been defined by NIST These modes are intended for use with any symmetric block cipher, including triple DES and AES Technically stream ciphers can also use these modes if we consider stream ciphers as block size 1 8 Five Modes 9 Table 20.4
  • 139. Electronic Codebook (ECB) Simplest mode Message is broken into independent blocks Plaintext is handled b bits at a time Each block is encrypted using the same key A gigantic codebook in which there is an entry for every possible b-bit plaintext pattern Each block is encoded independently of the other blocks, as if it were the entire plaintext message Mathematic notations Ci = E(K, Pi ) = Ek(Pi) Pi = D(K, Ci ) = Dk(Ci) Pi is the plaintext block, Ci is the ciphertext, K is the key, E is encryption and D is decryption 10 ECB Mode 11
  • 140. SC in ECB Mode Recall SC (Simple Cipher) Plaintext (bit string): 110110100110 Block size: 4 bits (now we use it ) Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 ECB encrypts each block as if it were the entire plaintext message C1= E(P1) = SC( 1101 ) = flip( 1101 ), then left( 0010 ) = 0100 C2 = E( P2 ) = SC( 1010 ) = flip( 1010 ), then left( 0101 ) = 1010 C3 = E( P3) = SC( 0110 ) = flip( 0110 ), then left( 1001 ) = 0011 So, complete ciphertext is: 010010100011 12 Vigenere in ECB Mode Use the Vigenere cipher as a block cipher keyword: ROCK VROCK
  • 141. block size is length of keyword (=4) ECB Vigenere operation: 13 t1 t2 t3 Characteristics of ECB Pros Is very simple Allows for parallel encryptions of the blocks of a plaintext Can tolerate the loss or damage of a block Cons Long documents and images are not suitable for ECB, since patterns in the plaintext are repeated in the ciphertext. Main use is encrypting very short messages (e.g., encryption keys) 14 Source: Introduction to Computer Security, Goodrich and Tamassia, at page 403
  • 142. Cipher Block Chaining (CBC) Message is broken into blocks Blocks are “linked” together in encryption operation Each previous cipher block is chained with current plaintext block, hence name Need to use an Initialization Vector (IV) to start the process Mathematical notation Cj = E(K, [Cj– C0 =IV 15 CBC Mode 16
  • 143. SC in CBC Mode Recall our SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector (IV): 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CBC encrypts each block XOR’d with the previous ciphertext block C1 = E( P1 XOR IV) = SC( 1101 XOR 0101 ) = flip( 1000 ), then left( 0111 ) = 1110 C2 = E( P2 XOR 1110) = SC( 1010 XOR 1110 ) = flip( 0100 ), then left( 1011 ) = 0111 C3 = E( P3 XOR 0111) = SC( 0110 XOR 0111 ) = flip( 0001 ), then left( 1110 ) = 1101 So the complete ciphertext is 111001111101 17 Vigenere in CBC Mode Use the Vigenere cipher as a block cipher Keyword: ROCK VROCK Block size is length of keyword (=4) Initialization Vector (IV): DARK (here we use it)
  • 144. Plaintext separated and padded into blocks P1, P2, and P3 : STOR MYNI GHTX Padding character ‘X’ CBC encrypts each block PLUS the output of the previous block – use plus instead of XOR C1 = E(P1 + IV) = VROCK(STOR + DARK ) = ROCK + STOR + DARK = MHHL C2 = E(P2 + MHHL) = VROCK( MYNI + MHHL ) = ROCK + MHHL + MYNI = PTWD C3 = E(P3 + PTWD) = VROCK( GHTX + PTWD ) = ROCK + GHTX + PTWD = MORK So, complete ciphertext is: MHHLPTWDMORK 18 Characteristics of CBC Overcome the repeat pattern issue in ECB A ciphertext block depends on all blocks before it Any change to a block affects all following ciphertext blocks Need Initialization Vector (IV) Must be known to sender & receiver but be unpredictable by a third party If sent in plaintext, attacker can use it It could be sent encrypted in ECB mode before rest of message Or use other methods Applications: Bulk data encryption and authentication 19
  • 145. Cipher Feedback (CFB) The ciphertext for one block is encrypted again and fed back (hence, the name) using XOR to encrypt the next plaintext block We are not encrypting the current plaintext block directly to get the current ciphertext block Different from CBC, where the previous ciphertext is first combined with the next plaintext block, and the result is encrypted. Surprisingly, decryption involves using the encryption cipher (same scheme) Standard allows any number of bits (1,8, 64 or 128 etc) to be fed back Denoted CFB-1, CFB-8, CFB-64, CFB-128 etc But most efficient to use all bits in block (64 or 128) Mathematical notations Encryption: Cj = Pj -1 ) -1) C0=IV 20
  • 146. CFB Mode 21 S-bit CFB Mode 22 SC in CFB Mode Recall SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector: 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CFB encrypts the previous ciphertext block and then XOR’s it with the current plaintext block
  • 147. C1 = P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR ( left( 1010 ) ) = 1101 XOR 0101 = 1000 C2 = P2 XOR E(1000) = 1010 XOR SC(1000) = 1010 XOR ( left( 0111 ) ) = 1010 XOR 1110 = 0100 C3 = P3 XOR E(0100) = 0110 XOR SC(0100) = 0110 XOR ( left( 1011 ) ) = 0110 XOR 0111 = 0001 The complete ciphertext is 100001000001 Note: CFB for character data gives same result as CBC since we use simple addition 23 Characteristics of CFB Encryption can not be processed in parallel Decryption can be processed in parallel Same encryption cipher is used at both sides Errors can propagate Applications Stream data encryption, authentication 24
  • 148. Output Feedback (OFB) 25 OFB Mode 26 SC in OFB Mode Let’s go back to SC Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector: 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 OFB encrypts the IV repeatedly and XOR’s the results with the plaintext blocks C1= P1 XOR E( IV) = 1101 XOR SC( 0101 ) = 1101 XOR ( left(
  • 149. 1010 ) ) = 1101 XOR 0101 = 1000 C2= P2 XOR E(0101) = 1010 XOR SC(0101) = 1010 XOR ( left( 1010 ) ) = 1010 XOR 0101 = 1111 C3 = P3 XOR E(0101) = 0110 XOR SC(0101) = 0110 XOR ( left( 1010 ) ) = 0110 XOR 0101 = 0011 The ciphertext is: 100011110011 27 Vigenere in OFB Mode Let’s go back to the character Vigenere example Plaintext: STORMYNIGHT Keyword: ROCK VROCK Block size: 4 Initialization vector: DARK Plaintext separated and padded into blocks P1, P2, and P3 : STOR MYNI GHTX For OFB, we encrypt the IV repeatedly and add the result to plaintext block, mod 26 C1 = P1 + E( IV ) = STOR + VROCK(DARK ) = STOR + ( ROCK + DARK ) = STOR + UOTU = MHHL C2 = P2 + E(UOTU) = MYNI + VROCK(UOTU) = MYNI + ( ROCK + UOTU ) = MYNI + LCVE = XAIM C3= P3+ E(LCVE) = GHTX + VROCK(LCVE) = GHTX + ( ROCK + LCVE ) = GHTX + CQXO = IXQL The complete ciphertext is: MHHLXAIMIXQL 28
  • 150. Characteristics of OFB “Pad” can be calculated in advance Errors do not propagate More vulnerable to message stream modification A variation of one-time pad Technically IVs should not be reused. IV is actually nonce. Applications Stream encryption on noisy channels. 29 Counter (CTR) 30
  • 151. CTR Mode 31 SC in CTR Mode Let’s go back to SC example Plaintext (bit string): 110110100110 Block size: 4 bits Initialization vector (seed): 0101 Plaintext separated into blocks P1, P2, and P3 : 1101 1010 0110 CTR increments and encrypts the seed value repeatedly and XOR’s the results with the plaintext blocks C1= P1 XOR E(S+0) = 1101 XOR SC( 0101 ) = 1101 XOR ( left( 1010 ) ) = 1101 XOR 0101 = 1000 C2= P2 XOR E(S+1) = 1010 XOR SC( 0110 ) = 1010 XOR ( left( 1001 ) ) = 1010 XOR 0011 = 1001 C3 = P3 XOR E(S+2) = 0110 XOR SC( 0111 ) = 0110 XOR ( left( 1000 ) ) = 0110 XOR 0001 = 0111 The complete ciphertext is: 100010010111 32
  • 152. Characteristics of CTR High efficiency Can be processed in parallel Preprocessing Encryption algorithm does not depend on plaintext or ciphertext Random access Any block can be processed in random fashion Provable security As good as other modes Simple Encryption only Must never reuse key/counter values Applications high-speed network encryptions 33 Summary Block cipher Our examples Simple Cipher Vigenere Block Cipher (character) Modes of Operation
  • 153. Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR) Concept Structure Examples in SC and/or Vigenere Characteristics 34 Programming Assignment 1: Encryption and Decryption using Vigenere with Cipher Block Chaining (CBC) 1. Introduction In this programming assignment, you will implement Vigenere encryption and decryption with Cipher Block Chaining (CBC). The original form of Vigenere cipher has been introduced in “L6: Symmetric Encryption” (slide
  • 154. No. 15-18). CBC mode has been introduced in “L8: Modes of Operation” (slide No. 15-19). In the lecture of “Modes of Operation”, we used Vigenere block cipher as an example to show how to apply the modes of operation to ciphers. The description of Vigenere block cipher is in slide No. 7 of “L8: Modes of Operation”. Comparing with original form of Vigenere cipher, the Vigenere block cipher defines a block size that is equal to length of Vigenere key. According to the slide No. 18 of “L8: Modes of Operation”, for CBC mode an IV (Initial Vector) is also needed as input. So, the inputs to the encryption algorithm include Vigenere key, IV and plaintext and the inputs to the decryption algorithm include Vigenere key, IV and cyphertext. In the lecture slides, we have focused on the encryption part. But in this assignment, you will implement both encryption and decryption algorithms. Therefore, you will create two programs or source files: one for the encryption (or encipher) and one for the decryption (or decipher). The encipher program will be run first. When encrypting, the encipher program will take inputs including plaintext, key and IV. The encipher encrypts the plaintext with the key & IV, and generate a file to store the ciphertext. Then when the decipher program is run, the ciphertext file will be used as
  • 155. input along with key & IV. The decipher program decrypts the ciphertext to recover the plaintext. 2. Basic Encryption and Decryption Schemes In the slides of “L8: Modes of Operation”, we have mentioned that Vigenere block cipher is a character cipher. Instead of using the XOR defined in CBC mode, we used plus (+) in Vigenere with CBC (slide No. 18 of “L8: Modes of Operation”). Therefore, the encryption of Vigenere with CBC can be expressed as �0 = �(�0 + ��) = (�0 + �� + �������) ��� 26 �� = �(�� + ��−1) = (�� + ��−1 + �������) ��� 26 Since we have modified the CBC operation for Vigenere character cipher, we have to adapt the CBC decryption too. Once one already establishes the encryption algorithm (or encipher). The general rule for the decryption algorithm (or decipher) is to run the encryption in reverse. Following this rule, we can express the decryption of Vigenere with CBC as: �0 = (�0 − �� − �������) ��� 26 �� = (�� − ��−1 − �������) ��� 26 Note: the result of (�0 − �� − �������) �� (�� − ��−1 − �������) can be negative but modular value should
  • 156. not be negative. Since we have adapted both encryption and decryption of original CBC. The mathematical notations shown above may not match the CBC diagram (Slide No. 16 of “L8: Modes of Operation”), which uses XOR operation. 3. Implementation 3.1. Preprocessing The plaintext input to the Vigenere CBC encipher should come from a text file. You may use any text file that is less than 4 Kilobytes in size. You can generate your text file by simply copying and pasting any text content. However, the normal text file contains upper case and lower case alphabetic characters, numbers, punctuations and other special characters including space and line feed etc.. These are way more than 26 letters defined in Vigenere cipher. So you have to preprocess the text file to eliminate all the special characters, numbers, white space and punctuations, as well as convert all upper case letters into lower case letters. The result of preprocessing should be a string of lower case letters. (as shown Figure 1) Then the encipher will use these letter sequences as the plaintext input.
  • 157. Figure 1: Plaintext after Preprocessing 3.2. Inputs In addition to the letter sequence you generated from the preprocessing. The Vigenere CBC encipher needs a key and an IV. For this assignment, you would allow the user to enter a key (key length ranges from 2 to 10) and an IV with the same length as key. You may want to mandate that the length of IV should be the same as the key. Inputs to the Vigenere CBC decipher should be the same key and IV, as well as the ciphertext. The ciphertext sequence should be generated by the Vigenere CBC encipher. The easy way to allow the user’s input is using the command line arguments. For example, assuming the executable of your Vigenere CBC encipher is called V_encipher, plaintext file is called sample.txt, the key is rock and the IV is dark. The Unix command line to run the encipher would look like this: ./V_encipher sample.txt rock dark Assuming your encipher would save the ciphertext to a file ciphertext.txt and your decipher executable is called
  • 158. V_decipher (the key and the IV are same as the above), the Unix command line to run the decipher would look like this: ./V_decipher ciphertext.txt rock dark 3.3. Outputs As mentioned above, you would create two programs: one for the encipher (including the preprocessing) and one for the decipher. The outputs of the encipher program should include the following: Original text file name ireturnedfromthecityaboutthreeoclockonthatmayafternoonpretty w elldisgustedwithlifeihadbeenthreemonthsintheoldcountryandwas fe dupwithitifanyonehadtoldmeayearagothatiwouldhavebeenfeeling li kethatishouldhavelaughedathimbuttherewasthefacttheweatherma d emeliverishthetalkoftheordinaryenglishmanmademesickicouldnt ge tenoughexerciseandtheamusementsoflondonseemedasflatassoda w
  • 159. aterthathasbeenstandinginthesunrichardhannayikepttellingmysel fy ouhavegotintothewrongditchmyfriendandyouhadbetterclimbout Key IV Block size Plaintext (after preprocessing) printed on the screen Number of characters in plaintext (before padding) Ciphertext printed on the screen Name of ciphertext file (ciphertext saved to a file) Number of padding characters The ciphertext file will be used as one of the inputs to the decipher. The outputs of the decipher program should include the following: Ciphertext file name Number of characters in ciphertext Recovered plaintext printed on the screen 3.4. Other Implementation details
  • 160. Since your original text file could be any size less than 4 kilobytes, the padding may be needed when the plaintext is divided into blocks. According to No. 18 of “L8: Modes of Operation”, Letter X should be used for padding. 4. Submission When you submit your assignment, you should submit your source codes. The names of your source files should clearly state encipher and decipher. You should also your text file (although TA may use his text file to test your programs). You will also generate a report to describe your programs briefly and explain how to compile/run your program on Eustis. Your report should include the screenshots to show the output results. Please zip all your files and submit through Webcourses. As discussed before, you may submit multiple versions before deadline. So submit early. Only the last version before the deadline would be graded. The late submission will receive penalty of 1 point per minute past the deadline. 5. Grading Please complete this assignment on your own. Do not copy or share codes. When TA grades your submission, the following rubrics will be followed.
  • 161. Criteria Ratings Pts The assignment report provides description of the programs and explanation of the codes. The codes are compiled successfully. Full pts: 20 No pts: 0 20 Program accepts command line argument, correctly read/write the file and show it on screen Full pts: 20 No pts: 0 20 Program successfully and correctly perform Vigenere encryption on the first block, using the correct plaintext, keyword and IV Full pts:15 No pts: 0 15 Program successfully and correctly perform CBC encryption on subsequent block(s) Full pts:15 No pts: 0 15 Program successfully and correctly perform vigenere decryption on the first block, using the correct ciphertext, keyword and IV Full pts:15 No pts: 0 15 Program successfully and correctly perform CBC decryption on subsequent block(s) Full pts:15 No pts: 0 15 100