Why Lenders Should Focus on Profitability, Not First Payment Default
CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security...
Transcript of CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security...
![Page 1: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/1.jpg)
CSc 466/566
Computer Security
2 : Introduction — MechanismsVersion: 2012/01/30 15:50:36
Department of Computer ScienceUniversity of Arizona
Copyright c© 2012 Christian Collberg
Christian Collberg
1/80
![Page 2: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/2.jpg)
Outline
1 Security Principles2 Access Control Models3 Cryptographic Concepts
Symmetric Encryption ProtocolPublic Key ProtocolDigital SignaturesCryptographic Hash FunctionsDigital CertificatesIn-Class Exercises
4 Summary
Security Principles 2/80
![Page 3: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/3.jpg)
Security Principles
How do we build secure computing systems? There are 10well-known principles:
1 Economy of mechanisms.
2 Fail-safe defaults.
3 Complete mediation.
4 Open design.
5 Separation of privilege.
6 Least privilege.
7 Least common mechanism.
8 Psychological acceptability.
9 Work factor.
10 Compromise recording.
Security Principles 3/80
![Page 4: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/4.jpg)
Security Principles: Economy of mechanisms
Definition (Economy of mechanisms)
Keep the design and implementation as simple and small aspossible.
Good engineering principle in general!
Necessary in order to effectively inspect and analyze softwarefor security vulnerabilities, such as reading code line-by-line.
Security Principles 4/80
![Page 5: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/5.jpg)
Security Principles: Fail-safe defaults
Definition (Fail-safe defaults)
The default security configuration should be conservative.
The default situation for a computer system should be to nothave access.
The protection scheme should list those conditions underwhich access is permitted .
Examples:1 When adding a new user to the system, he should have
minimal access to files and other resources.
Security Principles 5/80
![Page 6: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/6.jpg)
Security Principles: Fail-safe defaults
Definition (Fail-safe defaults)
The default security configuration should be conservative.
The default situation for a computer system should be to nothave access.
The protection scheme should list those conditions underwhich access is permitted .
Examples:1 When adding a new user to the system, he should have
minimal access to files and other resources.2 By default, when downloading code from the web, it should
not be directly executable.
Security Principles 5/80
![Page 7: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/7.jpg)
Security Principles: Complete mediation
Definition (Complete mediation)
Every time a resource is accessed, the access should be checkedagainst a protection scheme.
Don’t cache the results of previous security checks!
Examples:1 Your bank logs you out and asks you to log back in ever 15
minutes.
Security Principles 6/80
![Page 8: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/8.jpg)
Security Principles: Complete mediation
Definition (Complete mediation)
Every time a resource is accessed, the access should be checkedagainst a protection scheme.
Don’t cache the results of previous security checks!
Examples:1 Your bank logs you out and asks you to log back in ever 15
minutes.2 Unix’s sudo command allows you to issue several commands
after an initial authorization, but after a period of time, youhave to re-enter your superuser password.
Security Principles 6/80
![Page 9: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/9.jpg)
Security Principles: Complete mediation
Definition (Complete mediation)
Every time a resource is accessed, the access should be checkedagainst a protection scheme.
Don’t cache the results of previous security checks!
Examples:1 Your bank logs you out and asks you to log back in ever 15
minutes.2 Unix’s sudo command allows you to issue several commands
after an initial authorization, but after a period of time, youhave to re-enter your superuser password.
3 A program checks permissions on a file only the first time itopens it — what happens if the permissions change later whilethe program is still running?
Security Principles 6/80
![Page 10: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/10.jpg)
Security Principles: Open design
Definition (Open design)
The security architecture and design of a system should be madepublically available.
Only cryptographic keys should be kept secret!
Open design: Allows multiple parties to examine a system forvulnerabilities.
Open implementation (open source): Anyone can find and fixbugs.
Opposite: security-through-obscurity .
Examples:1 Cryptographic algorithms which are safe only if kept secret —
once broken, hard to update! Keys are easier to replace ifcompromised.
Security Principles 7/80
![Page 11: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/11.jpg)
Security Principles: Open design. . .
Six design principles for military ciphers (Auguste Kerckhoffs, LaCryptographie Militaire, 1883):
1 The system must be practically, if not mathematically,indecipherable;
2 It must not be required to be secret , and it must be able tofall into the hands of the enemy without inconvenience;
3 Its key must be communicable and retainable without the helpof written notes, and changeable or modifiable at the will ofthe correspondents;
4 It must be applicable to telegraphic correspondence;5 It must be portable, and its usage and function must not
require the concourse of several people;6 Finally, it is necessary, given the circumstances that command
its application, that the system be easy to use, requiringneither mental strain nor the knowledge of a long series ofrules to observe.
Security Principles 8/80
![Page 12: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/12.jpg)
Security Principles: Separation of privilege
Definition (Separation of privilege)
Multiple conditions should be needed to access a resource.
Also: components of a system should be separated so that asecurity breach of one won’t affect another.
Examples:1 Two keys to open a safe-deposit box.
Security Principles 9/80
![Page 13: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/13.jpg)
Security Principles: Separation of privilege
Definition (Separation of privilege)
Multiple conditions should be needed to access a resource.
Also: components of a system should be separated so that asecurity breach of one won’t affect another.
Examples:1 Two keys to open a safe-deposit box.2 Two commands to launch an intercontinental ballistic missile.
Security Principles 9/80
![Page 14: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/14.jpg)
Security Principles: Least privilege
Definition (Least privilege)
Users and processes should operate with no more privileges thanthey need to function properly.
Limits the damage if an application or account iscompromised.
Examples:1 The military’s need-to-know principle.
Security Principles 10/80
![Page 15: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/15.jpg)
Security Principles: Least privilege
Definition (Least privilege)
Users and processes should operate with no more privileges thanthey need to function properly.
Limits the damage if an application or account iscompromised.
Examples:1 The military’s need-to-know principle.2 Code injected into a web browser can do more damage if the
browser runs as superuser — the browser should instead runwith minimal privileges.
Security Principles 10/80
![Page 16: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/16.jpg)
Security Principles: Least common mechanism
Definition (Least common mechanism)
Multiple users shouldn’t share the same mechanism to access aresource.
Shared mechanisms mean channels that could transmitinformation, leading to unwanted information paths betweenusers.
Examples:1 If two users accesses the same file, they should do so using
different channels.
Security Principles 11/80
![Page 17: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/17.jpg)
Security Principles: Psychological acceptability
Definition (Psychological acceptability)
User interfaces should be intuitive and security settings should beset to what a user might reasonably expect.
Examples:1 Why don’t we always encrypt all email? Apparently it is
difficult to design intuitive interfaces.
Security Principles 12/80
![Page 18: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/18.jpg)
Security Principles: Work factor
Definition (Work factor)
The cost of circumventing a security mechanism should becompared to the resources available to the attacker.
Examples:1 Protecting student grades: most students probably aren’t very
accomplished hackers.
Security Principles 13/80
![Page 19: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/19.jpg)
Security Principles: Work factor
Definition (Work factor)
The cost of circumventing a security mechanism should becompared to the resources available to the attacker.
Examples:1 Protecting student grades: most students probably aren’t very
accomplished hackers.2 Protecting military secrets: the adversary is a nation state with
unlimited resources.
Security Principles 13/80
![Page 20: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/20.jpg)
Security Principles: Work factor
Definition (Work factor)
The cost of circumventing a security mechanism should becompared to the resources available to the attacker.
Examples:1 Protecting student grades: most students probably aren’t very
accomplished hackers.2 Protecting military secrets: the adversary is a nation state with
unlimited resources.3 Brute force password cracking: now feasible with more
powerful computing systems.
Security Principles 13/80
![Page 21: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/21.jpg)
Security Principles: Work factor
Definition (Work factor)
The cost of circumventing a security mechanism should becompared to the resources available to the attacker.
Examples:1 Protecting student grades: most students probably aren’t very
accomplished hackers.2 Protecting military secrets: the adversary is a nation state with
unlimited resources.3 Brute force password cracking: now feasible with more
powerful computing systems.
Security Principles 13/80
![Page 22: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/22.jpg)
Security Principles: Work factor
Definition (Work factor)
The cost of circumventing a security mechanism should becompared to the resources available to the attacker.
Examples:1 Protecting student grades: most students probably aren’t very
accomplished hackers.2 Protecting military secrets: the adversary is a nation state with
unlimited resources.3 Brute force password cracking: now feasible with more
powerful computing systems.
Hard to determine work factor if the attacker can get helpfrom automating the attack.
Security Principles 13/80
![Page 23: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/23.jpg)
Security Principles: Compromise recording
Definition (Compromise recording)
Logging a security breach may be more effective than protectingagainst it.
Assumes the attacker can’t erase logs to hide their breach.
Examples:1 Surveillance cameras to detect but not prevent crime.
Security Principles 14/80
![Page 24: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/24.jpg)
Security Principles: Compromise recording
Definition (Compromise recording)
Logging a security breach may be more effective than protectingagainst it.
Assumes the attacker can’t erase logs to hide their breach.
Examples:1 Surveillance cameras to detect but not prevent crime.2 Access logs of security sensitive files.
Security Principles 14/80
![Page 25: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/25.jpg)
In-Class Exercise I — Goodrich & Tamassia R-1.16
Give an example how someone might usesecurity-by-obscurity in the design of a system and what theconsequences could be.
Security Principles 15/80
![Page 26: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/26.jpg)
Outline
1 Security Principles2 Access Control Models3 Cryptographic Concepts
Symmetric Encryption ProtocolPublic Key ProtocolDigital SignaturesCryptographic Hash FunctionsDigital CertificatesIn-Class Exercises
4 Summary
Access Control Models 16/80
![Page 27: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/27.jpg)
Access Control Models
We should determine who has the right to access to a piece ofinformation.
If we can control access to information, we can preventattacks against confidentiality , anonymity , and integrity .
Someone (eg. system administrators) should restrict access tothose who should have access: they should apply theprinciple of least privilege .
Access Control Models 17/80
![Page 28: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/28.jpg)
Access Control Matrices
Definition (subject)
User, group, or system that can perform actions.
Definition (object)
File, directory, document, device, resource for which we want todefine access rights.
An access control matrix is a table defining permissions: rowsare subjects , columns objects .
Each table cell holds the rights of the subject to access theobject.
Rights: read, write, copy, execute, delete, annotate, . . . .
Access Control Models 18/80
![Page 29: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/29.jpg)
Access Control Matrices: Example
/etc/passwd /usr/bob/ /admin/
root read, write read, write, execute read, write, execute
alice read
bob read read, write, execute
backup read read, execute read, execute
Advantages : fast access
Disadvantages : size
Access Control Models 19/80
![Page 30: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/30.jpg)
Access Control Lists (ACLs)
Is object-centered : for every object o list (only) the subjects sthat have access to o, and s’ access rights.
/etc/passwd /usr/bob/ /admin/
root: r,walice: rbob: r
backup: r
root: r,w,xbob: r,w,xbackup: r
root: r,w,xbackup: r
Advantages : size, o’s ACL can be stored directly as o’smetadata
Disadvantages : can’t enumerate a subject’s rights (forexample when a subject is removed from the system).
Access Control Models 20/80
![Page 31: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/31.jpg)
Capabilities
Is subject-centered : for every subject s list (only) the objectso that s has non-empty access to, and o’s access rights.
root alice bob
/etc/passwd: r,w,x
/usr/bob/: r,w,x
/admin/: r,w,x
/etc/passwd: r/etc/passwd: r
/usr/bob/: r,w,x
backup
/etc/passwd: r
/usr/bob/: r,x
Access Control Models 21/80
![Page 32: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/32.jpg)
Capabilities. . .
Advantages :1 size,2 easy to enumerate a subject’s rights (for example when a
subject is removed from the system),3 easy to check of subject s can access object o.
Disadvantages : can’t enumerate who has access to an objecto.
Access Control Models 22/80
![Page 33: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/33.jpg)
Role-Based Access Control (RBAC)
In Role-Based Access Control we replace subjects by roles inany of the access control data structures.
Each role gets the appropriate access rights.
Subjects are assigned to roles
Examples:1 CS department roles: faculty, student, sysadmins, department
head, TA, . . .2 CS department subjects: bob={student,TA}, alice={faculty},
wendy={faculty,department head}
A subject’s access rights is the union of the rights of itsvarious roles.
Access Control Models 23/80
![Page 34: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/34.jpg)
Role Hierarchies
In a role hierarchy access rights propagate up the hierarchy: anode n inherits all the rights of it’s children.
Examples:1 CS department: The bottom role is member ; above member
is faculty and student who both inherit the rights of member;above faculty is department head who inherits the rights offaculty.
Advantages : fewer rules since there are fewer roles thansubjects.
Disadvantages : not implemented in current operatingsystems.
Access Control Models 24/80
![Page 35: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/35.jpg)
In-Class Exercise
Users: Alice, Bob, Cyndy.
Alice owns alicerc, Bob and Cyndy can read it.
Bob owns bobrc, Cyndy can read and write it, Alice can readit.
Cyndy owns cyndyrc, only she can read and write it.
1 Create the access control matrix.
2 Cindy lets Alice read cyndyrc. Alice no longer allows Bob toread alicerc. Show the new matrix.
Source: Bishop, Introduction to Computer Security.
Access Control Models 25/80
![Page 36: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/36.jpg)
Outline
1 Security Principles2 Access Control Models3 Cryptographic Concepts
Symmetric Encryption ProtocolPublic Key ProtocolDigital SignaturesCryptographic Hash FunctionsDigital CertificatesIn-Class Exercises
4 Summary
Cryptographic Concepts 26/80
![Page 37: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/37.jpg)
Cryptographic Concepts
Cryptography underlies many of the technical means forenforcing security policies.
Traditionally, encryption is modeled as two parties Alice andBob who are communicating over an insecure link. Aneavesdropper, Eve , is listening in to their communication.
Cryptographic Concepts 27/80
![Page 38: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/38.jpg)
Terminology: Encryption
Definition (encryption)
Disguising a message to hide its contents.
Definition (plaintext)
A message we want to transfer securely (aka. cleartext).
Definition (ciphertext)
The encrypted form of the plaintext message.
Definition (encipher)
Converting the plaintext to the ciphertext. Also encrypt .
Definition (decipher)
Converting the ciphertext to the plaintext. Also decrypt .
Cryptographic Concepts 28/80
![Page 39: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/39.jpg)
Terminology: Encoding
Definition (encode)
Converting the plaintext into a standard alphabet.
Definition (decode)
Converting the encoded message back into the plaintext.
Example: uuencode converts a binary file into ASCII text.✞ ☎
> echo h e l l o | uuencode −m −o o u t f i l e r e m o t e f i l e> ca t o u t f i l ebegin−base64 644 r e m o t e f i l eaGVsbG8K====> uudecode −p o u t f i l eh e l l o
✝ ✆
Cryptographic Concepts 29/80
![Page 40: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/40.jpg)
Terminology: Ciphers
Definition (cipher)
A map from the space of the plaintext to the space of theciphertext. Also cypher .
Definition (stream cipher)
A cipher that enciphers the plaintext one character at a time.
Definition (block cipher)
A cipher that enciphers the plaintext in chunks of characters.
A cipher is thus an algorithm for encryption/encipherment.
Examples: RSA, DES, . . .
Cryptographic Concepts 30/80
![Page 41: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/41.jpg)
Mathematical Notation
Common abbreviations:
P : The plaintext.M: The plaintext (message).C : The ciphertext.E : The encryption function.D: The decryption function.
The encryption/decryption process:
E (M) = C
D(C ) = M
D(E (M)) = M
It should be safe to transmit C over an insecure channel sincethe ciphers are chosen such that it is infeasible for anyone butAlice and Bob to find M given C .
Cryptographic Concepts 31/80
![Page 42: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/42.jpg)
Keys
Ciphers need some sort of secret information known only toAlice and Bob. This is the key .
Mathematical notation:
K : The key, used by the encryption and decryptionfunctions.
EK (M) = C
DK (C ) = M
DK (EK (M)) = M
Definition (keyspace)
The range of possible values of the key.
Cryptographic Concepts 32/80
![Page 43: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/43.jpg)
Symmetric-key vs. Public-key Algorithms
Definition (Symmetric-key Algorithms)
Symmetric-key cryptographic algorithms use identical keys forencryption and decryption.
Definition (Public-key Algorithms)
Public-key cryptographic algorithms use different keys forencryption and decryption.
EK (M) = C
DK (C ) = M
DK (EK (M)) = M
EK1(M) = C
DK2(C ) = M
DK2(EK1
(M)) = M
Cryptographic Concepts 33/80
![Page 44: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/44.jpg)
Cryptosystems
To be able to communicate using ciphers we need1 Set of possible plaintexts2 Set of possible ciphertexts3 Set of encryption keys4 Set of decryption keys5 Correspondence between encryption and decryption keys6 Encryption algorithm7 Decryption algorithm
This is known as a cryptosystem .
Cryptographic Concepts 34/80
![Page 45: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/45.jpg)
Monoalphabetic Substitution Ciphers: Caesar Cipher
Add 3 to the ASCII value of each character, mod 26:
A→ D,B → E ,X → A, . . . .
Cryptosystem:
Set of possible plaintexts and ciphertexts: Latin alphabetSet of encryption keys = {3}Set of decryption keys = {-3}Decryption key = - Encryption keyEncryption algorithm = Decryption algorithm =(x + key) mod 26.
Cryptographic Concepts 35/80
![Page 46: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/46.jpg)
Monoalphabetic Substitution Ciphers: ROT13
Unix utility used on Usenet. Adds 13 mod 26 to each letter.
P = ROT13(ROT13(P)).
✞ ☎
> echo ” h e l l o ” | t r ’A−Za−z ’ ’N−ZA−Mn−za−m’uryyb> echo ” uryyb ” | t r ’A−Za−z ’ ’N−ZA−Mn−za−m’h e l l o
✝ ✆
Cryptographic Concepts 36/80
![Page 47: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/47.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
Cryptographic Concepts 37/80
![Page 48: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/48.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
1 Alice and Bob agree on a cryptosystem.
Cryptographic Concepts 37/80
![Page 49: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/49.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
1 Alice and Bob agree on a cryptosystem.
2 Alice and Bob agree on a key.
Cryptographic Concepts 37/80
![Page 50: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/50.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
1 Alice and Bob agree on a cryptosystem.
2 Alice and Bob agree on a key.
3 Alice encrypts her plaintext, getting a ciphertext.
Cryptographic Concepts 37/80
![Page 51: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/51.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
1 Alice and Bob agree on a cryptosystem.
2 Alice and Bob agree on a key.
3 Alice encrypts her plaintext, getting a ciphertext.
4 Alice sends the ciphertext to Bob.
Cryptographic Concepts 37/80
![Page 52: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/52.jpg)
Symmetric-key Encryption Protocol
Assuming that we have access to a symmetric-keycryptosystem (DES is an example), how do we use it?
We have to describe a protocol that shows how each partyuses the cryptosystem to solve a communication/securityproblem.
1 Alice and Bob agree on a cryptosystem.
2 Alice and Bob agree on a key.
3 Alice encrypts her plaintext, getting a ciphertext.
4 Alice sends the ciphertext to Bob.
5 Bob decrypts the message using the same cryptosystem andkey.
Cryptographic Concepts 37/80
![Page 53: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/53.jpg)
Symmetric Encryption Protocol. . .
Alice
plaintext
![Page 54: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/54.jpg)
Symmetric Encryption Protocol. . .
Alice Bob
plaintext plaintext
![Page 55: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/55.jpg)
Symmetric Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext plaintext
K
![Page 56: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/56.jpg)
Symmetric Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
K K
![Page 57: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/57.jpg)
Symmetric Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
KEve
K
Cryptographic Concepts 38/80
![Page 58: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/58.jpg)
Symmetric Encryption: Key Distribution
Alice Bob
Carol Dave
Advantages : Ciphers (DES,AES,. . . ) are fast; keys are small.
Disadvantages : n n−12 keys to communicate between n parties.
Cryptographic Concepts 39/80
![Page 59: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/59.jpg)
Symmetric Encryption Protocol – Attacks
What can an attacker do?
If Eve listens in on the communication between Alice and Bobshe will get a sequence of ciphertext messages. She can usethese to launch a ciphertext-only attack .
Eve could also try to listen in to the first two parts of theprotocol, where Alice and Bob decide on a key andcryptosystem to use.
Eve could also sit in the middle, intercept Alice’s messages,and substitute her own messages encrypted with the key shehas discovered.
Cryptographic Concepts 40/80
![Page 60: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/60.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
Cryptographic Concepts 41/80
![Page 61: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/61.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
Cryptographic Concepts 41/80
![Page 62: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/62.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
Cryptographic Concepts 41/80
![Page 63: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/63.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
3 Alice encrypts her plaintext using Bob’s public key and sendsit to Bob.
Cryptographic Concepts 41/80
![Page 64: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/64.jpg)
Public Key Protocol
Key-management is the main problem with symmetricalgorithms – Bob and Alice have to somehow agree on a keyto use.
In public key cryptosystems there are two keys, a public oneused for encryption and and private one for decryption.
1 Alice and Bob agree on a public key cryptosystem.
2 Bob sends Alice his public key, or Alice gets it from a publicdatabase.
3 Alice encrypts her plaintext using Bob’s public key and sendsit to Bob.
4 Bob decrypts the message using his private key.
Cryptographic Concepts 41/80
![Page 65: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/65.jpg)
Notation
Bob’s public key: PB
Bob’s secret key: SB
EPB(M) = C
DSB(C ) = M
DSB(EPB
(M)) = M
Cryptographic Concepts 42/80
![Page 66: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/66.jpg)
Public Key Encryption Protocol. . .
Alice
plaintext
![Page 67: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/67.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext plaintext
![Page 68: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/68.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext plaintext
PB
![Page 69: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/69.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
PB SB
![Page 70: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/70.jpg)
Public Key Encryption Protocol. . .
Alice Bob
plaintext encrypt ciphertext decrypt plaintext
PB
EveSB
Cryptographic Concepts 43/80
![Page 71: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/71.jpg)
Public Key Encryption: Key Distribution
Alice Bob
Carol Dave
SA,PA SB ,PB
SC ,PC SD ,PD
PA,PB
PA,PC PA,PD PB ,PDPB ,PC
PC ,PD
Advantages : n key pairs to communicate between n parties.
Disadvantages : Ciphers (RSA,. . . ) are slow; keys are large
Cryptographic Concepts 44/80
![Page 72: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/72.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
Cryptographic Concepts 45/80
![Page 73: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/73.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
Cryptographic Concepts 45/80
![Page 74: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/74.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
Cryptographic Concepts 45/80
![Page 75: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/75.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
3 Bob decrypts the message using his private key to get thesession key K .
Cryptographic Concepts 45/80
![Page 76: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/76.jpg)
A Hybrid Protocol
In practice, public key cryptosystems are not used to encryptmessages – they are simply too slow.
Instead, public key cryptosystems are used to encryptkeys for symmetric cryptosystems . These are calledsession keys , and are discarded once the communicationsession is over.
1 Bob sends Alice his public key.
2 Alice generates a session key K , encrypts it with Bob’s publickey, and sends it to Bob.
3 Bob decrypts the message using his private key to get thesession key K .
4 Both Alice and Bob communicate by encrypting theirmessages using K .
Cryptographic Concepts 45/80
![Page 77: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/77.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
![Page 78: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/78.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
![Page 79: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/79.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
M encrypt EK (M) decrypt M
![Page 80: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/80.jpg)
Hybrid Encryption Protocol. . .
Alice Bob
K encrypt EPB(K ) decrypt K
PB SB
M encrypt EK (M) decrypt M
K K
Cryptographic Concepts 46/80
![Page 81: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/81.jpg)
Digital Signatures
Often, Bob will want to make sure that the document he gotfrom Alice in fact originated with her.
In the non-digital world, Alice would sign the document. Wecan do the same with digital signatures.
Cryptographic Concepts 47/80
![Page 82: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/82.jpg)
Digital Signatures
Often, Bob will want to make sure that the document he gotfrom Alice in fact originated with her.
In the non-digital world, Alice would sign the document. Wecan do the same with digital signatures.
1 Bob encrypts his document with his private key , therebysigning it.
Cryptographic Concepts 47/80
![Page 83: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/83.jpg)
Digital Signatures
Often, Bob will want to make sure that the document he gotfrom Alice in fact originated with her.
In the non-digital world, Alice would sign the document. Wecan do the same with digital signatures.
1 Bob encrypts his document with his private key , therebysigning it.
2 Bob sends the signed document to Alice.
Cryptographic Concepts 47/80
![Page 84: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/84.jpg)
Digital Signatures
Often, Bob will want to make sure that the document he gotfrom Alice in fact originated with her.
In the non-digital world, Alice would sign the document. Wecan do the same with digital signatures.
1 Bob encrypts his document with his private key , therebysigning it.
2 Bob sends the signed document to Alice.
3 Alice decrypts the document using Bob’s public key , therebyverifying his signature.
Cryptographic Concepts 47/80
![Page 85: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/85.jpg)
Digital Signatures. . .
This works because for many public key ciphers
DSB(EPB
(M)) = M
EPB(DSB
(M)) = M
i.e. we can reverse the encryption/decryption operations.
That is, Bob can apply the decryption function to a messagewith his private key SB , yielding the signature sig:
sig ← DSB(M)
Then, anyone else can apply the encryption function to sig toget the message back. Only Bob (who has his secret key)could have generated the signature:
EPB(sig) = M
Cryptographic Concepts 48/80
![Page 86: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/86.jpg)
Digital Signatures. . .
Bob Alice
M Bob sent M?
Disadvantages : the signature is as long as the message;susceptible to MITM attack.
![Page 87: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/87.jpg)
Digital Signatures. . .
Bob Alice
M sig ← DSB(M) Bob sent M?
SB
Disadvantages : the signature is as long as the message;susceptible to MITM attack.
![Page 88: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/88.jpg)
Digital Signatures. . .
Bob Alice
M sig ← DSB(M) M, sig Bob sent M?
SB
Disadvantages : the signature is as long as the message;susceptible to MITM attack.
![Page 89: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/89.jpg)
Digital Signatures. . .
Bob Alice
M sig ← DSB(M) M, sig M
?= EPB
(sig) Bob sent M?
SB PB
Disadvantages : the signature is as long as the message;susceptible to MITM attack.
Cryptographic Concepts 49/80
![Page 90: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/90.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:
Cryptographic Concepts 50/80
![Page 91: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/91.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.
Cryptographic Concepts 50/80
![Page 92: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/92.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.
Cryptographic Concepts 50/80
![Page 93: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/93.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
Cryptographic Concepts 50/80
![Page 94: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/94.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Cryptographic Concepts 50/80
![Page 95: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/95.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Alice:
Cryptographic Concepts 50/80
![Page 96: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/96.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Alice:1 Alice receives M ′, S ′ from Eve (thinking it’s from Bob).
Cryptographic Concepts 50/80
![Page 97: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/97.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Alice:1 Alice receives M ′, S ′ from Eve (thinking it’s from Bob).2 She encrypts S ′ with Bob’s public key: v ← EPB
(S ′).
Cryptographic Concepts 50/80
![Page 98: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/98.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Alice:1 Alice receives M ′, S ′ from Eve (thinking it’s from Bob).2 She encrypts S ′ with Bob’s public key: v ← EPB
(S ′).
3 She verifies: v?= M ′
.
Cryptographic Concepts 50/80
![Page 99: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/99.jpg)
Digital Signatures: Man-In-The-Middle attack
Eve can launch a MITM attack:1 Intercept Alice’s message M , S to Bob.2 Create a new signature string S ′.3 Create a message M ′ by encrypting S ′ with Bob’s public key:
M ′ ← EPB(S ′).
4 Send M ′, S ′ to Alice.
Alice:1 Alice receives M ′, S ′ from Eve (thinking it’s from Bob).2 She encrypts S ′ with Bob’s public key: v ← EPB
(S ′).
3 She verifies: v?= M ′
.
Note: Eve can’t choose her own message. This attack onlymakes sense if any bitstring forms an OK message, forexample if M is a session key.
Cryptographic Concepts 50/80
![Page 100: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/100.jpg)
Digital Signatures: Man-In-The-Middle attack. . .
Bob Alice
M verified?
![Page 101: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/101.jpg)
Digital Signatures: Man-In-The-Middle attack. . .
Bob Alice
M S ← DSB(M) M,S verified?
SB
![Page 102: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/102.jpg)
Digital Signatures: Man-In-The-Middle attack. . .
Bob Alice
M S ← DSB(M) M,S • M ′,S ′ verified?
SB
S ′ ← · · ·M ′ ← EPB
(S ′)
Eve
Cryptographic Concepts 51/80
![Page 103: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/103.jpg)
Digital Signatures: Man-In-The-Middle attack. . .
Bob Alice
M S ← DSB(M) M,S • M ′,S ′
M ′?= EPB
(S ′) verified?
SB
S ′ ← · · ·M ′ ← EPB
(S ′)PB
Eve
Cryptographic Concepts 51/80
![Page 104: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/104.jpg)
Cryptographic Hash Functions
Public key algorithms are too slow to sign large documents. Abetter protocol is to use a one way hash function also knownas a cryptographic hash function (CHF).
CHFs are checksums or compression functions : they take anarbitrary block of data and generate a unique, short,fixed-size, bitstring.
✞ ☎
> echo ” h e l l o ” | sha1sumf572d396 f a e9206628714 fb2ce00 f72e94 f2258 f −> echo ” h e l l a ” | sha1sum1519 ca327399f9d699a fb0f8a3b7e1ea9d1edd0c −> echo ”can ’ t b e l i e v e i t ’ s not b u t t e r ! ” | sha1sum34 e780e19b07b003b7cf1babba8e f7399b7f81dd −
✝ ✆
Cryptographic Concepts 52/80
![Page 105: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/105.jpg)
Signature Protocol
1 Bob computes a one-way hash of his document.
hash ← h(M)
sig ← ESB(hash)
DPB(sig)
?= h(M)
Cryptographic Concepts 53/80
![Page 106: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/106.jpg)
Signature Protocol
1 Bob computes a one-way hash of his document.
2 Bob encrypts the hash with his private key, thereby signing it.
hash ← h(M)
sig ← ESB(hash)
DPB(sig)
?= h(M)
Cryptographic Concepts 53/80
![Page 107: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/107.jpg)
Signature Protocol
1 Bob computes a one-way hash of his document.
2 Bob encrypts the hash with his private key, thereby signing it.
3 Bob sends the encrypted hash and the document to Alice.
hash ← h(M)
sig ← ESB(hash)
DPB(sig)
?= h(M)
Cryptographic Concepts 53/80
![Page 108: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/108.jpg)
Signature Protocol
1 Bob computes a one-way hash of his document.
2 Bob encrypts the hash with his private key, thereby signing it.
3 Bob sends the encrypted hash and the document to Alice.
4 Alice decrypts the hash Bob sent him, and compares it againsta hash she computes herself of the document. If they are thesame, the signature is valid.
hash ← h(M)
sig ← ESB(hash)
DPB(sig)
?= h(M)
Cryptographic Concepts 53/80
![Page 109: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/109.jpg)
Signature Protocol. . .
Bob Alice
M Bob sent M?
Advantage : the signature is short; defends against MITMattack.
![Page 110: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/110.jpg)
Signature Protocol. . .
Bob Alice
M hash← h(M) Bob sent M?
Advantage : the signature is short; defends against MITMattack.
![Page 111: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/111.jpg)
Signature Protocol. . .
Bob Alice
M hash← h(M) S ← ESB(hash) Bob sent M?
SB
Advantage : the signature is short; defends against MITMattack.
![Page 112: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/112.jpg)
Signature Protocol. . .
Bob Alice
M hash← h(M) S ← ESB(hash) M,S Bob sent M?
SB
Advantage : the signature is short; defends against MITMattack.
![Page 113: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/113.jpg)
Signature Protocol. . .
Bob Alice
M hash← h(M) S ← ESB(hash) M,S DPB
(S)?= h(M) Bob sent M?
SB PB
Advantage : the signature is short; defends against MITMattack.
Cryptographic Concepts 54/80
![Page 114: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/114.jpg)
Cryptographic Hash Functions. . .
CHFs are easy to compute, but hard to invert .
I.e.
given message M , it’s easy to compute y ← h(M);given a value y it’s hard to compute an M such thaty = h(M).
This is what we mean by CHFs being one-way .
Using the one-way property, we can defend against theMan-In-The-Middle attack.
Cryptographic Concepts 55/80
![Page 115: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/115.jpg)
Cryptographic Hash Functions: MITM attack
Bob
M S ← ESB(h(M)) M,S • M ′,S ′
DPB(S ′)
?= h(M ′) verified?
SB
S ′ ← · · ·y ′ ← EPB
(S ′)find M ′ • y ′ = h(M ′)
PB
Eve
Eve has to find a message M ′ that hashes to y ′, the result ofencrypting the forged signature S ′.This is infeasible since h is one-way .
Cryptographic Concepts 56/80
![Page 116: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/116.jpg)
Cryptographic Hash Functions. . .
CHFs also have the property to be collision resistant .
I.e. given M it’s hard to find a different message M ′ such thath(M) = h(M ′).
This makes Eve’s job even harder: given M,S from Bob shehas to find a different message M ′ that has the samesignature S .
Cryptographic Concepts 57/80
![Page 117: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/117.jpg)
Cryptographic Hash Functions: tripwire
1 When initializing a system, store hashes of all important filesin secure storage.
2 Detect tampering by re-computing the hashes and comparingagainst the original values.
✞ ☎
> sha1sum / e t c / passwd > o k f i l e s> sha1sum −−check o k f i l e s/ e t c /passwd : OK
✝ ✆
http://sourceforge.net/projects/tripwire.
Cryptographic Concepts 58/80
![Page 118: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/118.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
Cryptographic Concepts 59/80
![Page 119: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/119.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)
Cryptographic Concepts 59/80
![Page 120: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/120.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Cryptographic Concepts 59/80
![Page 121: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/121.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:
Cryptographic Concepts 59/80
![Page 122: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/122.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:1 Receive M ′, A′ from Alice
Cryptographic Concepts 59/80
![Page 123: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/123.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:1 Receive M ′, A′ from Alice2 A′′ ← h(K ||M ′)
Cryptographic Concepts 59/80
![Page 124: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/124.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:1 Receive M ′, A′ from Alice2 A′′ ← h(K ||M ′)
3 Verify: A′′?= A′.
Cryptographic Concepts 59/80
![Page 125: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/125.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:1 Receive M ′, A′ from Alice2 A′′ ← h(K ||M ′)
3 Verify: A′′?= A′.
|| means concatenation.
Cryptographic Concepts 59/80
![Page 126: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/126.jpg)
Message Authentication Codes (MAC)
MACs are used to ensure the integrity of messages sent overinsecure channels.
We assume that Alice and Bob have a shared secretsymmetric key K .Alice wants to send message M to Bob:
1 A← h(K ||M)2 Send M , A to Bob.
Bob:1 Receive M ′, A′ from Alice2 A′′ ← h(K ||M ′)
3 Verify: A′′?= A′.
|| means concatenation.
The one-way nature of h makes it infeasible for Eve to extractK from A = h(K ||M), and without K she can’t forge a newmessage with a correct MAC.
Cryptographic Concepts 59/80
![Page 127: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/127.jpg)
MACS: MITM attack
Bob Alice
M verified?
Eve has to recover K from A — infeasible since h is one-way.
![Page 128: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/128.jpg)
MACS: MITM attack
Bob Alice
M A← h(K ||M) M,A verified?
K
Eve has to recover K from A — infeasible since h is one-way.
![Page 129: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/129.jpg)
MACS: MITM attack
Bob Alice
M A← h(K ||M) M,A • M ′,A′ verified?
K
Eve has to recover K from A — infeasible since h is one-way.
![Page 130: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/130.jpg)
MACS: MITM attack
Bob Alice
M A← h(K ||M) M,A • M ′,A′
A′?= h(K ||M ′) verified?
K K
Eve has to recover K from A — infeasible since h is one-way.
![Page 131: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/131.jpg)
MACS: MITM attack
Bob Alice
M A← h(K ||M) M,A • M ′,A′
A′?= h(K ||M ′) verified?
K
K ← · · ·A · · ·?M ′ ← · · ·A′ ← h(K ||M ′)
K
Eve
Eve has to recover K from A — infeasible since h is one-way.
Cryptographic Concepts 60/80
![Page 132: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/132.jpg)
MACs vs. Digital Signatures
MACs use shared secret symmetric keys, digital signatures usepublic keys.
Digital signatures also protect against non-repudiation , i.e.,Alice can’t deny that she’s the one who sent a particularmessage.
Digital signatures are transferable , i.e. if Bob receives M,Sfrom Alice, he can send on that message/signature pair toCharles who can verify that it’s Alice who sent that message.
Cryptographic Concepts 61/80
![Page 133: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/133.jpg)
Digital Certificates
How does Alice know that PB is actually Bob’s public key?What if there are many Bobs?
A Certificate Authority (CA) is a trusted third party (TTT)who issues a certificate stating that
The Bob who lives on Desolation Row and hasphone number (555) 867-5309 and the emailaddress [email protected] has the public key PB . Thiscertificate is valid until June 11, 2012.
The CA has to digitally sign (with their private key SCA) thiscertificate so that we know that it’s real.
Cryptographic Concepts 62/80
![Page 134: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/134.jpg)
List of certificates in the Chrome browser.
![Page 135: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/135.jpg)
Digital Certificates: X.509
✞ ☎
• C e r t i f i c a t e• Ve r s i on• S e r i a l Number• Algor i thm ID• I s s u e r• V a l i d i t y : [ Not Be fo r e . . Not A f t e r ]• Sub j ec t• Sub j ec t Pub l i c Key I n f o• Pub l i c Key A lgor i thm• Sub j ec t Pub l i c Key
• I s s u e r Unique I d e n t i f i e r ( o p t i o n a l )• Sub j ec t Unique I d e n t i f i e r ( o p t i o n a l )
• C e r t i f i c a t e S i gn a t u r e A lgor i thm• C e r t i f i c a t e S i gn a t u r e
✝ ✆
Cryptographic Concepts 64/80
![Page 136: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/136.jpg)
Digital Certificates: chase.com
In Safari:1 Go to chase.com
2 click on the padlock3 command-drag the certificate, creating the file
chaseonline.chase.com.txt.4 Convert to unix newlines:
✞ ☎
> t r ’ \ r ’ ’ \n ’ \< c h a s e o n l i n e . chase . com . t x t \> chase . t x t
✝ ✆
Cryptographic Concepts 65/80
![Page 137: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/137.jpg)
Digital Certificates: chase.com I
chaseonline.chase.com
Subject Name
Country US
State/Province Ohio
Locality Columbus
Organization JPMorgan Chase
Organizational Unit cig1w156
Common Name chaseonline.chase.com
Issuer Name
Country US
Organization VeriSign, Inc.
Organizational Unit VeriSign Trust Network
Cryptographic Concepts 66/80
![Page 138: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/138.jpg)
Digital Certificates: chase.com II
Common Name VeriSign Class 3 International ...
Serial Number 11 D4 0D 20 EE 53 E1 91 19 38 4C ...
Version 3
Signature Algorithm SHA-1 with RSA Encryption ...
Parameters none
Not Valid Before Wednesday, April 27, 2011 17:00:00 MST
Not Valid After Friday, May 18, 2012 16:59:59 MST
Public Key Info
Algorithm RSA Encryption
Parameters none
Public Key 256 bytes : A7 15 F2 F5 BD AB FE D0 ...
Exponent 65537
Cryptographic Concepts 67/80
![Page 139: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/139.jpg)
Digital Certificates: chase.com III
Key Size 2048 bits
Key Usage Encrypt, Verify, Wrap, Derive
Signature 256 bytes : 76 9B D8 C5 77 1E CB 01 ...
Extension Key Usage ( 2.5.29.15 )
Critical NO
Usage Digital Signature, Key Encipherment
Fingerprints
SHA1 DF BF D3 7A 93 15 E9 ED CD 44 D8 ...
MD5 8B 60 1E B0 5F 69 59 52 80 E2 72 ...
Cryptographic Concepts 68/80
![Page 140: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/140.jpg)
Digital Certificates: Securely connecting to chase.com
To do online banking with chase.com, Alice wants to ensure that
the web site is who it claims to be,no one is eavesdropping on her interaction with the web.
Cryptographic Concepts 69/80
![Page 141: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/141.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
Cryptographic Concepts 70/80
![Page 142: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/142.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
Cryptographic Concepts 70/80
![Page 143: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/143.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
Cryptographic Concepts 70/80
![Page 144: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/144.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
Cryptographic Concepts 70/80
![Page 145: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/145.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Cryptographic Concepts 70/80
![Page 146: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/146.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.
Cryptographic Concepts 70/80
![Page 147: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/147.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.Has the certificate expired?
Cryptographic Concepts 70/80
![Page 148: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/148.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.Has the certificate expired?
6 The browser generates a session-key K ;
Cryptographic Concepts 70/80
![Page 149: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/149.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.Has the certificate expired?
6 The browser generates a session-key K ;
7 Extract Pchase.com ← from the certificate.
Cryptographic Concepts 70/80
![Page 150: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/150.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.Has the certificate expired?
6 The browser generates a session-key K ;
7 Extract Pchase.com ← from the certificate.
8 The browser encrypts K with Pchase.com
Cryptographic Concepts 70/80
![Page 151: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/151.jpg)
Digital Certificates: Securely connecting to chase.com
1 Alice browses to https://chase.com
2 The browser asks chase.com to identify itself.
3 chase.com returns its certificate to the browser.
4 Extract CA← from the certificate. The certificate is signedwith SCA.
5 The browser checks if it trusts the certificate:
Do we trust the CA? The browser has public keys PCA oftrusted CAs pre-installed.Has the certificate expired?
6 The browser generates a session-key K ;
7 Extract Pchase.com ← from the certificate.
8 The browser encrypts K with Pchase.com
9 The browser sends Pchase.com(K ) to chase.com.
Cryptographic Concepts 70/80
![Page 152: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/152.jpg)
In-Class Exercise I — Goodrich & Tamassia R-1.12
What are the strengths and weaknesses of symmetric-keyencryption and public-key encryption?
Cryptographic Concepts 71/80
![Page 153: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/153.jpg)
In-Class Exercise II— Goodrich & Tamassia C-1.10
Alice and Bob are communicating using public keycryptography.
Bob is Alice’s bookie.
Bob send messages of the form EPA(3rd race @ saratoga?).
Alice responds with a message of the formEPB
($100 on Golden Mane).
Eve knows PA and PB , the form of the messages, that Aliceonly bets in multiples of $100 and never more than $1000,and all the races and all the horses at all the race tracks (easyto get via a web search).
How can Eve learn what Alice is betting?
Cryptographic Concepts 72/80
![Page 154: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/154.jpg)
In-Class Exercise III — Goodrich & Tamassia C-1.11
Can you think of a way to prevent Eve in the previous exercisefrom learning the contents of the communication?
Cryptographic Concepts 73/80
![Page 155: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/155.jpg)
In-Class Exercise IV — Goodrich & Tamassia C-1.12
Alice is full of good ideas for new startups that she wants tosend to Bob.
She wants to make sure that Charles can’t take credit for herideas.
How can she achieve this using public-key cryptography?
Cryptographic Concepts 74/80
![Page 156: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/156.jpg)
In-Class Exercise V — Goodrich & Tamassia C-1.13
Alice is full of good ideas for new startups that she wants tosend to Bob.
She wants to make sure that Charles can’t take credit for herideas.
How can she achieve this using symmetric-key cryptography?
Cryptographic Concepts 75/80
![Page 157: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/157.jpg)
In-Class Exercise VI — Goodrich & Tamassia C-1.14
Alice and Daisy are both full of good ideas for new startupsthat they want to send to Bob.
Each wants to make sure that the other cannot take credit fortheir ideas.
Alice, Daisy, and Bob therefore share a secret key K .
Along with each message M, they send d = h(K ||M).
Can Bob verify who sent him a particular idea?
Cryptographic Concepts 76/80
![Page 158: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/158.jpg)
In-Class Exercise VII — Goodrich & Tamassia C-1.17
Alice and Bob want to verify they have the same secret n-bitkey K . They engage in the following protocol:
1 Alice generates a random n-bit value R .2 Alice sends X ← KA ⊕ R to Bob (⊕ = exclusive-or).3 Bob sends Y ← KB ⊕ X to Alice.4 Alice compares R and Y . If R = Y , she concludes that
KA = KB .
How can Eve recover the keys?
Cryptographic Concepts 77/80
![Page 159: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/159.jpg)
Outline
1 Security Principles2 Access Control Models3 Cryptographic Concepts
Symmetric Encryption ProtocolPublic Key ProtocolDigital SignaturesCryptographic Hash FunctionsDigital CertificatesIn-Class Exercises
4 Summary
Summary 78/80
![Page 160: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/160.jpg)
Readings
Chapter 1 in Introduction to Computer Security, by Goodrichand Tamassia.
Summary 79/80
![Page 161: CSc 466/566 Computer Security 2 : Introduction — Mechanisms · The default security configuration should be conservative. The default situation for a computer system should be](https://reader034.fdocuments.in/reader034/viewer/2022051911/600185161189785b347a07c2/html5/thumbnails/161.jpg)
Acknowledgments
Material and exercises have also been collected from these sources:
1 Bishop, Introduction to Computer Security.
Summary 80/80