Computer Security Set of slides 5 Dr Alexei Vernitski.
-
Upload
taniya-batchler -
Category
Documents
-
view
220 -
download
1
Transcript of Computer Security Set of slides 5 Dr Alexei Vernitski.
Man-in-the-middle attack
Alice and Bob work in the same company. They want to use the RSA cipher to communicate privately
Alice Bob
Man-in-the-middle attack
Alice encrypts her message using the key that she has received from Bob and sends an encrypted message to Bob by e-mail
Alice Bob
Man-in-the-middle attack
But after that, the system administrator Eve will be able to decrypt Alice’s message. How did Eve break the cipher?
Alice Bob
Eve
Man-in-the-middle attack
Bob sends to Alice his public key by e-mail, and he thinks that she has received this key. Alice thinks that she receives a message from Bob. But in reality…
Alice Bob
Man-in-the-middle attack
Eve intercepts Bob’s message with his public key and replaces Bob’s public key by Eve’s public key.
Alice Bob
Eve
Man-in-the-middle attack
Alice thinks that she sends a message encrypted with Bob’s public key, but this is Eve’s public key. Therefore, Eve can read this message
Alice Bob
Eve
Man-in-the-middle attack
Guess what else Eve should do if she wants to continue reading Alice’s secret messages to Bob?
Alice Bob
Eve
Man-in-the-middle attack
Eve should decrypt Alice’s message using Eve’s key, encrypt it using Bob’s key and forward it to Bob
Alice Bob
Eve
Man-in-the-middle attack
The “man-in-the-middle” attack (or “the Mig-in-the-middle” attack, or password spoofing) can also be used in user authentication
Authenticator
Valid user
Attacker
Message authentication
• Suppose I am sending a message to a remote correspondent.
• How can I prove that this message comes from me?
• Public key cryptography can be applied
Public-key cryptography (as used for message authentication)
signature message
Public key
Private key
Message authentication
• Alice publishes her public key (remember about the man-in-the-middle attack!)
• Alice sends a message to Bob• Alice applies her private key to the message and
sends the result (the signature) to Bob• Bob applies Alice’s public key to the signature and
sees that it coincides with the message• Because only Alice knows her private key, only she
could have generated the signature.
PGP
• Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication.
• It includes public-key ciphers• Also, it includes a possibility to create
signatures (hashes, digests)
Many names of checksums
Depending on the applications and on the algorithms used, names differ:
• cryptographic checksums, • hash functions, • electronic digests, • commitment protocols, • data integrity assurance, • one-way functions.
Integrity
• Checksums are used to check the integrity of the data, that is, that the data have not been changed (by accident or by an intruder).
Protection against noise
Data
Checksum
Data?
Checksum
Suppose we are sending data to a remote computer
noise
Error detection
• People studying codes would say that the data with their checksum is an error-detecting code for the data.
Example: parity bit in ASCII(why there are 8 bits in a byte?)
These 7 bits encode a character
This bitis a XOR
of all others
Protection against an intruder
ChecksumalgorithmData Checksum
On Friday, we calculate the checksum of our data and store it separately from the data
Protection against an intruder
Checksumalgorithm Checksum
On Sunday, an intruder changes the data
Changed data
Protection against an intruder
ChecksumalgorithmChanged data Checksum
is different
On Monday, we calculate the checksum of the data and, thanks to this, notice that the data has been tampered with
Simple checksums
• The sum of all bytes of the data is a checksum.In fact, this is the original checksum (hence comes the word checksum).
• The size of the data is a checksum(For example, computer viruses often change the size of infected files)
A cryptographic checksum
• We do not want the checksum to reveal any useful information about the original data
• On the contrary, we want the checksum to reveal as little as possible about the original data
• In particular, when the data is changed, we do not want the checksum to reveal any details of what has changed
Example: an application of cryptographic checksums
• “The star of Saturn is not a single star, but is a composite of three, which almost touch each other”
Galileo
• Galileo planned to publish this new discovery in his next book
• But in the meantime, how could he preserve his priority?
• He has published an anagram:
smaismrmilmepoetaleumibunenugttauiras
An application of cryptographic checksums
An application of cryptographic checksums
• Galileo has published an anagram: smaismrmilmepoetaleumibunenug
ttauiras • Later, he has published the original message:Altissimum planetam tergeminum
observavi• Everyone could check that the first published
message is an anagram of the second.
An application of cryptographic checksums
• In the meantime, Kepler had spent much time trying to guess the original message, because he was sure it would be something like “I have discovered two moons of Mars”.
• In fact, they have been discovered only 250 years later.
Checksums
• Studying checksums is an important part of computer science.
• As we have seen, it has applications in data transmission and computer security.
• Especially, we are interested in cryptographic (that is, ‘one-way’) checksums.
Cryptographic checksums
• With cryptographic checksums, it is difficult for the attacker to guess what message corresponds to a given checksum
• With cryptographic checksums, it is more difficult for the attacker to experiment and counterfeit a message
MD5
• MD5 is the most frequently used cryptographic checksum
• For any given file, the algorithm MD5 calculates the file’s 128-bit checksum.
• The type of calculations involved in calculating the checksum are more or less of the same nature as in DES.
• So-called ‘sponge construction’ is used
MD5 weaknesses
• The most popular algorithm for computing checksums is MD5.
• New successful attacks against it have been reported in the last two years.
• They are versions of the so-called ‘birthday attack’
• What new cryptographic checksum algorithms can one use instead of MD5?
Birthday attack: a simple example
• Suppose I want to write a message “I shall come” and confirm this with checksum
• At the same time, I want to be able to claim that what I have said was “I shall not come”, with the same checksum
Birthday attack: a simple example
• Write many versions of ‘yes’:• I shall come• I shall come soon• Arriving any minute• Get your computer to help you with more
versions…
• Write many versions of ‘no’:• I shall not come• I shall never come• Don’t wait for me• Get your computer to help you with more
versions…
User authentication
• Suppose a user logs into a client computer, and his/her password is stored on the server
• How can we compare securely the password entered by the user and the stored password?
• How can we protect the user from someone who steals his/her password from the server?
User authentication
• The password must not be sent from the client computer to the server
• The password must not be sent from the server to the client computer
• The password should not be stored on the server
User authentication
• Secure solution: we store cryptographic checksums of user passwords on the server
• The client computer calculates the checksum of the password entered by the user, and sends it to the server (or vice versa)
client
server
Login and password
Login and a checksum of the password
The attacker will not obtain the password by analysing the traffic
3. Comparethem with
the checksums on the server
The server stores checksums of all users’ passwords
The checksum of one of the artificial passwords might coincide with the checksum of one of the real passwords
Birthday attack
2. Generate their
checksums
1. Generatemany random
passwords
client
serverLogin and a wrong password
Login and a checksum of the password, which corresponds to that of a real password
The attacker does not know the real password, but can use the artificial password to log in as a valid user
A simplified model: the format of hash is the same as the format of password
Password(for example, 8 letters)
Hash(for example, 8 letters)
Hash algorithm
Exhaustive search attack
• It is possible to spend some time and calculate hashes of all possible passwords
• How many passwords are there?• 268=2·1011
• If we process 106 password per second, we can finish the search in three days
Time/memory trade off
• How many passwords are there?• 268=2·1011
• If we process 106 passwords per second, we can finish the search in three days
• However, it might be expensive to store that much information
• For comparison, all servers of Google store approximately 1015 bytes.
Time/memory trade off
• Thus, we might store some passwords and hashes instead of all.
• This storage must be organised in such a way that we can find reasonably quickly if we have a particular password stored.
A chain
password hash/password
Hash algorithm Hash algorithm
•Start with a password•Generate its hash•Treat this hash as a password•Generate its hash•Repeat a number of times (for instance, a million times)
A chain
passwordhash
•Instead of storing a million passwords and hashes, we only need to store one pair of password and hash•All passwords/hashes between them don’t need to be stored•chains are prepared in advance
.........................
Rainbow attack
• Now suppose that we want to find what password corresponds to a given hash
• This hash belongs to one of our rainbow chains• By hashing this hash sufficiently many times,
we find out in which of our chains it is contained
• Then we only need to re-calculate this one chain
Build the ‘rainbow table’
passwordhash
.........................
passwordhash
.........................
passwordhash
.........................
Hash the given hash repeatedly until you obtain one of stored hashes
passwordhash
.........................
passwordhash
.........................
passwordhash
.........................
Find a password matching the hash
passwordhash
.........................
passwordhash
passwordhash
.........................
....... .......
Sample exam questions
• Explain why a checksum is called a checksum.• Name three other names of checksums.• State the defining features of a cryptographic
checksum• Explain briefly the statistical principles behind
the birthday attack and give a simplified example of how the birthday attack can be organised