Professional Documents
Culture Documents
Network and Information Security: Overview of Computer Security
Network and Information Security: Overview of Computer Security
• Keke Gai
• School of Computer Science and Technology, BIT
• gaikeke@bit.edu.cn
• 2021
Contents
• Computer Security Concepts
• Threads, Attacks and Assets
• Security Functional Requirements
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• Computer Security Strategy
Learning objectives
• Describe the key security requirements of
confidentiality, integrity and availability
• Discuss the types security threats and attacks that
must be dealt with
• Summarize the functional requirements for computer
security
• Explain the fundamental security design principles
• Discuss the use of attack surfaces and attack trees
• Understand the principle aspects of a comprehensive
security strategy
Computer Security Concepts
2
NATL INST. OF STAND & TECH R.I.C.
REFERENCI
PUBLICATIONS
A 11 10 3 S2D52Q
COMPUTER SECURITY
Assurance ~) ^ User r
,
) Issues V~ Planning
Personnel
Access
Controls
Physical
Security
icy & C
Support/—-'
Operations
Management
QC
100
nist
.U57
NO. 800-1
1995
Computer Security Concepts
• Confidentiality(机密性):
• preserving authorized restrictions
on information access and
disclosure.
• including means for protecting
personal privacy and proprietary
information
lity
tia
• Integrity(完整性):
den
Int
egr
nfi
tyi
and
services information modification or
destruction,
Availability
• including ensuring information
nonrepudiation and authenticity
Figure 1.1 The Security Requirements Triad
• Availability(可用性):
安全需求三原则 • ensuring timely and reliable access
to and use of information
Computer Security Concepts
• Authenticity(真实性):
• The property of being genuine and being able to be verified and trusted;
• Confidence in the validity of a transmission, a message, or message
originator.
• Means verifying that users are who they say they are and that each input
arriving at the system came from a trusted source.
• Accountability(可追踪性):
• Assure actions of an entity to be traced uniquely to that entity.
• Because truly secure systems aren’t yet an achievable goal, we must be
able to trace a security breach to a responsible party.
• Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
Levels of security breach impact
• Isolation
– Public access should be isolated from critical
resources (no connection between public and critical
information)
– Users files should be isolated from one another
(except when desired)
– Security mechanism should be isolated (i.e.,
preventing access to those mechanisms)
• Encapsulation: similar to object concepts (hide
internal structures)
• Modularity: modular structure
Fundamental security design principles
what is the
how does it do does it really
security scheme
it? work?
supposed to do?
Computer Security Strategy
• Security Policy
– informal statement of rules and practices that
specify or regulate security services
– factors to consider:
• value of the protected assets
• vulnerabilities of the system
• potential threats and the likelihood of attacks
– trade-offs to consider:
• ease of use versus security
• cost of security versus cost of failure and recovery
Computer Security Strategy
• Security Implementation
– Prevention: An ideal security scheme is one in which no attack is
successful.
– Detection: Absolute protection is not feasible, but it is practical to
detect security attacks.
– Response: If security mechanisms detect an ongoing attack, the
system may be able to respond in such a way as to halt the attack
and prevent further damage.
– Recovery: An example of recovery is the use of backup systems, so
that if data integrity is compromised, a prior, correct copy of the
data can be reloaded.
Computer Security Strategy
• Assurance and Evaluation
– assurance
• the degree of confidence one has that the security
measures work as intended
• both system design and implementation
– evaluation
• process of examining a system with respect to certain
criteria
• involves testing and formal analytic or mathematical
techniques
Chapter 2 – Cryptographic Tools
1
Cryptographic Tools
• cryptographic algorithms important element
in security services
• review various types of elements
– symmetric encryption
– public-key (asymmetric) encryption
– digital signatures and key management
– secure hash functions
• example is use to encrypt stored data
2
Symmetric Encryption
3
Attacking Symmetric Encryption
• cryptanalysis
– rely on nature of the algorithm
– plus some knowledge of plaintext characteristics
– even some sample plaintext-ciphertext pairs
– exploits characteristics of algorithm to deduce
specific plaintext or key
• brute-force attack
– try all possible keys on some ciphertext until get
an intelligible translation into plaintext
4
Exhaustive Key Search
5
Symmetric Encryption Algorithms
6
DES and Triple-DES
• Data Encryption Standard (DES) is the most
widely used encryption scheme
– uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
– concerns about algorithm & use of 56-bit key
• Triple-DES
– repeats basic DES algorithm three times
– using either two or three unique keys
– much more secure but also much slower
7
Advanced Encryption Standard
(AES)
• needed a better replacement for DES
• NIST called for proposals in 1997
– efficiency, security, HW/SW suitability, 128, 256,
256 keys
• selected Rijndael in Nov 2001
• symmetric block cipher
• uses 128 bit data & 128/192/256 bit keys
• now widely available commercially
8
Block
verses
Stream
Ciphers
9
Message Authentication
• protects against active attacks
• verifies received message is authentic
– contents unaltered
– from authentic source
– timely and in correct sequence
• can use conventional encryption
– only sender & receiver have key needed
• or separate authentication mechanisms
– append authentication tag to cleartext message
10
Message Authentication Codes
11
Secure Hash Functions
12
Message
Auth
13
Hash Function Requirements
• Applied to any size data
• H produces a fixed-length output
• H(x) is relatively easy to compute for any given x
• one-way property
– computationally infeasible to find x such that H(x) = h
• weak collision resistance
– computationally infeasible to find y ≠ x such tha H(y) = H(x)
• strong collision resistance
– computationally infeasible to find any pair (x, y) such that H(x) = H(y)
14
Hash Functions
• two attack approaches
– cryptanalysis
• exploit logical weakness in alg
– brute-force attack
• trial many inputs
• strength proportional to size of hash code (2n/2)
• SHA most widely used hash algorithm
– SHA-1 gives 160-bit hash
– more recent SHA-256, SHA-384, SHA-512 provide
improved size and security
15
Public Key Encryption
16
Public Key Authentication
Authentication and/or data integrity
17
Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to
encrypt messages
3. computationally easy for receiver knowing private key to
decrypt ciphertext
4. computationally infeasible for opponent to determine private
key from public key
5. computationally infeasible for opponent to otherwise
recover original message
6. useful if either key can be used for each role
18
Public Key Algorithms
• RSA (Rivest, Shamir, Adleman)
– developed in 1977
– only widely accepted public-key encryption alg
– given tech advances need 1024+ bit keys
• Diffie-Hellman key exchange algorithm
– only allows exchange of a secret key
• Digital Signature Standard (DSS)
– provides only a digital signature function with SHA-1
• Elliptic curve cryptography (ECC)
– new, security like RSA, but with much smaller keys
19
Public Key Certificates
See textbook figure p.63
20
Digital
Envelopes
21
Random Numbers
• random numbers have a range of uses
• requirements:
• randomness
– based on statistical tests for uniform distribution
and independence
• unpredictability
– successive values not related to previous
– clearly true for truly random numbers
– but more commonly use generator
22
Pseudorandom verses Random
Numbers
• often use algorithmic technique to create
pseudorandom numbers
– which satisfy statistical randomness tests
– but likely to be predictable
• true random number generators use a
nondeterministic source
– e.g. radiation, gas discharge, leaky capacitors
– increasingly provided on modern processors
23
Practical Application:
Encryption of Stored Data
25
Chapter 2 – Symmetric Encryption
and Message Confidentiality
1
Symmetric Encryption and Message
Confidentiality
Ø also known as: conventional encryption, secret-key, or
single-key encryption
l only alternative before public-key crypto in 70’s
l still most widely used alternative
l has ingredients: plaintext, encryption algorithm, secret key,
ciphertext, and decryption algorithm
Ø generically classified along dimensions of:
1. type of operations used
2. number of keys used
3. way in which the plaintext is processed
2
Cryptanalysis
Øattacks:
lciphertext only - least info, hardest
lknown plaintext - some plain/cipher pairs
lchosen plaintext - get own plain/cipher pairs
lchosen ciphertext - rarer
lchosen text - rarer
Øonly weak algs fail a ciphertext-only attack
Øusually design algs to withstand a known-
plaintext attack
3
Computationally Secure Algs
Ø encryption is computationally secure if:
l cost of breaking cipher exceeds info value
l time required to break cipher exceeds the useful lifetime of the info
Ø usually very difficult to estimate the amount of effort required to
break
Ø can estimate time/cost of a brute-force attack (see Ch 2)
4
Feistel
Cipher
Structure
5
Block Cipher Structure
Ø have a general iterative block cipher structure
l with a sequence of rounds
l with substitutions / permutations controlled by key
Ø parameters and design features:
l block size
l key size
l number of rounds
l subkey generation algorithm
l round function
l fast software en/decrypt
6
Data Encryption Standard (DES)
7
Triple DES (3DES)
Øfirst used in financial applications
Øin DES FIPS PUB 46-3 standard of 1999
Øuses three keys & three DES executions:
C = E(K3, D(K2, E(K1, P)))
Ødecryption same with keys reversed
Øuse of decryption in second stage gives
compatibility with original DES users
Øeffective 168-bit key length, slow, secure
ØAES will eventually replace 3DES
8
Advanced
Encryption
Standard
(AES)
9
AES Round Structure
10
Substitute Bytes
Øa simple table lookup in S-box
la 16´16 matrix of byte values
lmapping old byte to a new value
• e.g. {95} maps to {2A}
la permutation of all possible 256 8-bit values
Øconstructed using finite field properties
ldesigned to be resistant to known cryptanalytic
attacks
Ødecrypt uses inverse of S-box
11
Shift Rows
Ø on encrypt left rotate each row of State by 0,1,2,3
bytes respectively
Ø decrypt does reverse
Ø to move individual bytes from one column to another
and spread bytes over columns
12
Mix Columns & Add Key
ØMix Columns
loperates on each column individually
lmapping each byte to a new value that is a
function of all four bytes in the column
luse of equations over finite fields
lto provide good mixing of bytes in column
ØAdd Round Key
lsimply XOR State with bits of expanded key
lsecurity from complexity of round key expansion
and other stages of AES
13
Stream Ciphers
Ø processes input elements continuously
Ø key input to a pseudorandom bit generator
l produces stream of random like numbers
l unpredictable without knowing input key
l XOR keystream output with plaintext bytes
Ø are faster and use far less code
Ø design considerations:
l encryption sequence should have a large period
l keystream approximates random number properties
l uses a sufficiently long key
14
RC4
15
Modes of Operation
Ø block ciphers process data in blocks
l e.g. 64-bits (DES, 3DES) or 128-bits (AES)
Ø for longer messages must break up
l and possibly pad end to blocksize multiple
Ø have 5 five modes of operation for this
l defined in NIST SP 800-38A
l modes are: ECB, CBC, CFB, OFB, CTR
16
Electronic Codebook (ECB)
Ø simplest mode
Ø split plaintext into blocks
Ø encrypt each block using the same key
Ø “codebook” because have unique ciphertext value for each plaintext block
l not secure for long messages since repeated plaintext is seen in repeated
ciphertext
17
Cipher Block Chaining (CBC)
18
Cipher Feedback (CFB)
19
Counter (CTR)
20
Location of Encryption
21
Key Distribution
Øsymmetric crypto needs a shared key:
Øtwo parties A & B can achieve this by:
lA selects key, physically delivers to B
l3rd party select keys, physically delivers to A, B
• reasonable for link crypto, bad for large no’s users
lA selects new key, sends encrypted using previous
old key to B
• good for either, but security fails if any key discovered
l3rd party C selects key, sends encrypted to each of A
& B using existing key with each
• best for end-to-end encryption
22
Key Distribution
23
Summary
Ø introduced symmetric encryption basics
Ø DES, 3DES and AES
Ø stream ciphers and RC4
Ø modes of operation
Ø location of encryption
Ø key distribution
24
Chapter 2 – Public-Key
Cryptography and Message
Authentication
Public-Key Cryptography and Message
Authentication
• now look at technical detail concerning:
– secure hash functions and HMAC
– RSA & Diffie-Hellman Public-Key Algorithms
Simple Hash Functions
• a one-way or secure hash function used in
message authentication, digital signatures
• all hash functions process input a block at a time
in an iterative fashion
• one of simplest hash functions is the bit-by-bit
exclusive-OR (XOR) of each block
Ci = bi1 Å bi2 Å . . . Å bim
– effective data integrity check on random data
– less effective on more predictable data
– virtually useless for data security
SHA Secure Hash Functions
• SHA originally developed by NIST/NSA in 1993
• was revised in 1995 as SHA-1
– US standard for use with DSA signature scheme
– standard is FIPS 180-1 1995, also Internet RFC3174
– produces 160-bit hash values
• NIST issued revised FIPS 180-2 in 2002
– adds 3 additional versions of SHA
– SHA-256, SHA-384, SHA-512
– with 256/384/512-bit hash values
– same basic structure as SHA-1 but greater security
• NIST intend to phase out SHA-1 use
SHA-512 Structure
SHA-512
Round
Other Secure Hash Functions
• most based on iterated hash function design
– if compression function is collision resistant
– so is resultant iterated hash function
• MD5 (RFC1321)
– was a widely used hash developed by Ron Rivest
– produces 128-bit hash, now too small
– also have cryptanalytic concerns
• Whirlpool (NESSIE endorsed hash)
– developed by Vincent Rijmen & Paulo Barreto
– compression function is AES derived W block cipher
– produces 512-bit hash
HMAC
• interest a MAC using a cryptographic hash
– due to speed and code availability
• must incorporate key into use of hash alg
• HMAC (RFC2104) widely supported
– used in IPsec, TLS & SET
• HMAC treats hash as “black box”
• HMAC proven secure if embedded hash
function has reasonable cryptographic
strength
HMAC
Structure
Security of HMAC
• security based on underlying hash strength
• have prob given time and no msg-MAC’s
• either attacker computes output even with
random secret IV
– brute force key O(2n), or use birthday attack
• or attacker finds collisions in hash function
even when IV is random and secret
– ie. find M and M' such that H(M) = H(M')
– birthday attack O( 2n/2)
– MD5 secure in HMAC since only observe
RSA Public-Key Encryption
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key alg
• uses exponentiation of integers modulo a prime
• encrypt: C = Me mod n
• decrypt: M = Cd mod n = (Me)d mod n = M
• both sender and receiver know values of n and e
• only receiver knows value of d
• public-key encryption algorithm with
– public key PU = {e, n} & private key PR = {d, n}.
RSA Algorithm
RSA Example
Attacks on RSA
• brute force
– trying all possible private keys
– use larger key, but then slower
• mathematical attacks (factoring n)
– see improving algorithms (QS, GNFS, SNFS)
– currently 1024-2048-bit keys seem secure
• timing attacks (on implementation)
– use - constant time, random delays, blinding
• chosen ciphertext attacks (on RSA props)
Diffie-Hellman Key Exchange
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the
exposition of public key concepts
– note: now know that Williamson (UK CESG)
secretly proposed the concept in 1970
• practical method to exchange a secret key
• used in a number of commercial products
• security relies on difficulty of computing
discrete logarithms
Diffie-
Hellman
Algorithm
Diffie-Hellman Example
• have
– prime number q = 353
– primitive root a = 3
• A and B each compute their public keys
– A computes YA = 397 mod 353 = 40
– B computes YB = 3233 mod 353 = 248
• then exchange and compute secret key:
– for A: K = (YB)XA mod 353 = 24897 mod 353 = 160
– for B: K = (YA)XB mod 353 = 40233 mod 353 = 160
• attacker must solve:
– 3a mod 353 = 40 which is hard
– desired answer is 97, then compute key as B does
Key Exchange Protocols
Man-in-the-Middle Attack
• attack is:
1. Darth generates private keys XD1 & XD2, and their public
keys YD1 & YD2
2. Alice transmits YA to Bob
3. Darth intercepts YA and transmits YD1 to Bob. Darth also
calculates K2
4. Bob receives YD1 and calculates K1
5. Bob transmits XA to Alice
6. Darth intercepts XA and transmits YD2 to Alice. Darth
calculates K1
7. Alice receives YD2 and calculates K2
• all subsequent communications compromised
Other Public-Key Algorithms
• Digital Signature Standard (DSS)
– FIPS PUB 186 from 1991, revised 1993 & 96
– uses SHA-1 in a new digital signature alg
– cannot be used for encryption
• elliptic curve cryptography (ECC)
– equal security for smaller bit size than RSA
– seen in standards such as IEEE P1363
– still very new, but promising
– based on a mathematical construct known as the
elliptic curve (difficult to explain)
Summary
• discussed technical detail concerning:
– secure hash functions and HMAC
– RSA & Diffie-Hellman Public-Key Algorithms