SecurityOutlineThreatsCryptographyCryptography(continued)Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Security SystemsSecurity Systems (continued)Slide 14Slide 15Slide 16UCBSecurityJean WalrandEECSUCBOutlineThreatsCryptographyBasic MechanismsSecret KeyPublic KeyHashingSecurity SystemsIntegrityKey ManagementIdentificationUCBThreatsAgainst Type ProtectionComputers PhysicalInfectionIntrusion Physical security (lock)Virus detectionFirewall, passport control Users IdentityPrivacy Signature, password, watermarkEncryption, relay Documents IntegrityConfidentiality Message authentication codeEncryptionUCBCryptographyBasic Mechanism:P -> [ E(.) ] -> C -> [D(.)] -> P PlaintextEncryptionfunctionCyphertext: Sent(Encrypted Text)DecryptionfunctionUCBCryptography(continued)Basic Mechanism (continued):P -> [ E(.) ] -> C -> [D(.)] -> P D(.) is the inverse of E(.)E(.) should be a “one-way function”• Easy to compute• Hard to invert:- Looking at E(P) it should be hard to get P - Looking at many E(P), it should be hard to figure out the function D(.), or- Knowing many pairs (P, E(P)), it should be hard to figure out the function D(.)UCBCryptography(continued)Secret Key:E(.) = E(.; K), D(.) = D(.; K) where K is a shared secret: Key distributionAlice BobCP PE(. , K) D(. , K)KUCBCryptography(continued)Secret Key - EXAMPLE 1: One-Time PAD: C = P + K (addition bit-by-bit modulo 2, no carry)K = random string of bits (50% = 0, 50% = 1)If used only once, this is a perfect code! (C is perfectly random and no information about P.) Application: Top Secret transmissions. K is stored in a CD-ROM that is delivered securely ahead of time.UCBCryptography(continued)Secret Key: EXAMPLE 2: Data Encryption Standard - DESKey K DES AlgorithmPCAlgorithm is known, but the key is secretK = 40 bits => Weak 56 bits => Marginal 128 bits => SafeUCBCryptography(continued)Note: Modes of Encryption+6 4 b i t sEPn+6 4 b i t sEPnRn - 1CnRn - 1+6 4 b i t sPn+6 4 b i t sPnCn - 1CnCn - 1E DZn - 1Zn - 1+6 4 b i t sEPn+6 4 b i t sEPnRnCnRnUCBCryptography(continued)Public Key:• Bob: use E(.; Bob) to talk to me. • Only Bob knows D(.; Bob). • Trapdoor one-way function.Example: Rivest-Shamir-Adleman: p, q prime; n = pq; z = (p-1)(q-1) and e coprime; d s.t. ed = 1 mod z.If P in {0, 1, ..., n-1} and C = P^e mod n, then C^d mod n = P.(e, n) public. (d, n) private. Finding d from (e, n) is believed to be hard.UCBCryptography(continued)Hashing:• H(P) short (e.g., 160 bits). • Hard to find P and P' s.t. H(P) = H(P').UCBSecurity SystemsIntegrity: Alice sends P*H(P) where H(P) is protected bya. Authentic channel.b. Message Authentication Code: Note that E(H(P); K) with K secret may not be secure. For instance, Z = H(P)+Ris not secure since then Eve can compute H(P) from P and R from Z + H(P) and thenEve can send P' and H(P')+R.Secure: H(K2*H(K1*P)) where K1 and K2 are secret to Alice and Bob, since Eve cannotcompute H(K1*P').UCBSecurity Systems (continued)Integrity (continued): Alice sends P*H(P) where H(P) is protected byc. Digital Signature. Alice sends C = D(P; Alice) and Bob recovers P = E(C; Alice).However, if Eve constructs C' and computes P' = E(C'; Alice), Bob will think that Alice sent D(P'; Alice). Instead, Alice should send D(P*H(P); Alice) because it is unlikely that Eve can find some C' so that E(C'; Alice) has the form P'*H(P') for some P'.UCBSecurity Systems (continued)Key Management: To share a secret K:a. Hand-deliveryb. Encrypt and distribute K using some other secret key (e.g., Kerberos)Shared Key with Kerberos.; Get Loggin Key; Get Session Key.c. Use a public key to distribute secret key K (e.g., PGP)UCBSecurity Systems (continued)d. Public key agreement: Diffie-Hellman: Alice and Bob agree on public (z, p).Alice chooses a and Bob chooses b.Alice computes A = z^a mod p and sends it to Bob.Bob computes A^b mod p.Bob computes B = z^b mod p and sends it to Alice.Alice computes B^a mod p.One can show that A^b mod p = B^a mod p = z^(ab) mod p =: K.Indeed: A = z^a + mp so that A^b = (z^a + mp)^b = ... = z^(ab) mod p.However, D-H is not robust to a "person-in-the-middle" attack: Imagine Eve gets inthe middle and plays the role of Alice. Solution: Signing the exchange:Alice sends A to Bob and Bob sends B to Alice. Alice signs (A, B) and sends it to Bob;Bob signs (A, B) and sends it to Alice. Eve cannot fake these signatures.UCBSecurity Systems (continued)Identification: Bob wants to ascertain the identity of Alice.a. Passwords: Alice has a secret password K and sends (Alice, K). Bob maintains H(K) to verify Alice.However: can be intercepted.b. Challenge/Response: Bob sends string X to Alice who computes f(X, K) where K is a secretthat Alice and Bob share.However, Bob must know K.c. Public Key: Bob chooses X and sends E(X; Alice) to Alice who computes X and sends it back to Bob.d. Digital signature: Bob sends X to Alice who signs it and returns it to
View Full Document