Network and Information Security

Overview of Computer Security

• Keke Gai
• School of Computer Science and Technology, BIT
• gaikeke@bit.edu.cn
• 2021
Contents
• Computer Security Concepts
• Threads, Attacks and Assets
• Security Functional Requirements
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• Computer Security Strategy
Learning objectives
• Describe the key security requirements of
confidentiality, integrity and availability
• Discuss the types security threats and attacks that
must be dealt with
• Summarize the functional requirements for computer
security
• Explain the fundamental security design principles
• Discuss the use of attack surfaces and attack trees
• Understand the principle aspects of a comprehensive
security strategy
Computer Security Concepts

2
NATL INST. OF STAND & TECH R.I.C.

REFERENCI
PUBLICATIONS
A 11 10 3 S2D52Q

nist special Publication 800-12 An Introduction to Computer

Security: The NIST Handbook
U.S. DEPARTMENT OF
COMMERCE
Technology Administration
National Institute of Standards Barbara Guttman and Edward A. Roback
and Technology

COMPUTER SECURITY

Assurance ~) ^ User r
,
) Issues V~ Planning

Personnel

Access
Controls

Physical
Security
icy & C
Support/—-'

Operations
Management

QC
100
nist
.U57
NO. 800-1
1995
Computer Security Concepts
• Confidentiality（机密性）:
• preserving authorized restrictions
on information access and
disclosure.
• including means for protecting
personal privacy and proprietary
information
lity
tia

• Integrity（完整性）:
den

Int
egr
nfi

Data • guarding against improper

Co

tyi

and
services information modification or
destruction,
Availability
• including ensuring information
nonrepudiation and authenticity
Figure 1.1 The Security Requirements Triad
• Availability(可用性）:
安全需求三原则 • ensuring timely and reliable access
to and use of information
Computer Security Concepts
• Authenticity（真实性）:
• The property of being genuine and being able to be verified and trusted;
• Confidence in the validity of a transmission, a message, or message
originator.
• Means verifying that users are who they say they are and that each input
arriving at the system came from a trusted source.
• Accountability（可追踪性）:
• Assure actions of an entity to be traced uniquely to that entity.
• Because truly secure systems aren’t yet an achievable goal, we must be
able to trace a security breach to a responsible party.
• Systems must keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in transaction disputes.
Levels of security breach impact

• Low: the loss will have a limited impact, e.g., a

degradation in mission or minor damage or minor
financial loss or minor harm
• Moderate: the loss has a serious effect, e.g.,
significance degradation on mission or significant
harm to individuals but no loss of life or
threatening injuries
• High: the loss has severe or catastrophic adverse
effect on operations, organizational assets or on
individuals (e.g., loss of life)
Security Categorization Applied to Information Types

Establishing an appropriate security category of an information

type essentially requires determining the potential impact for each
security objective associated with the particular information type.
Challenges of computer security

1. Computer security is not simple

2. One must consider potential (unexpected) attacks
3. Procedures used are often counter-intuitive
4. Must decide where to deploy mechanisms
5. Involve algorithms and secret info (keys)
6. A battle of wits between attacker / admin
7. It is not perceived on benefit until fails
8. Requires constant monitoring
9. Too often an after-thought (not integral)
10. Regarded as impediment to using system
Computer Security Terminology
Security Concepts and Relationships
Vulnerabilities
• Vulnerabilities(脆弱性)
– It can be corrupted , so that it does the wrong thing or
gives wrong answers. For example, stored data values
may differ from what they should be because they
have been improperly modified.
– It can become leaky . For example, someone who
should not have access to some or all of the
information available through the network obtains
such access.
– It can become unavailable or very slow. That is, using
the system or network becomes impossible or
impractical.
Attacks: Passive and Active
• Passive attacks attempt to learn or make use of information from the
system but does not affect system resources
• eavesdropping/monitoring transmissions
• difficult to detect
• emphasis is on prevention rather than detection
• two types:
– message contents
– traffic analysis
• Active attacks involve modification of the data stream
• goal is to detect them and then recover
• four categories:
– Masquerade(假冒)
– Replay(重放)
– modification of messages(篡改)
– denial of service(拒绝服务)
Threats and Attacks
Threats and Assets
Countermeasure(对策)
• prevent
means used to deal • detect
with security attacks • recover

may introduce new

vulnerabilities
Residual
vulnerabilities may
remain
goal is to minimize
residual level of risk
to the assets
Security functional requirements (FIPS 200)
Security functional requirements (FIPS 200)
Security functional requirements (FIPS 200)
Security functional requirements (FIPS 200)
• Technical measures
– Access control; identification & authentication; system &
communication protection; system & information
integrity
• Management controls and procedures
– Awareness & training; audit & accountability;
certification, accreditation, & security assessments;
contingency planning; maintenance; physical &
environmental protection; planning; personnel security;
risk assessment; systems & services acquisition
• Overlapping technical and management
– Configuration management; incident response; media
protection
Fundamental security design principles

• Despite years of research, it is still difficult to

design systems that comprehensively prevent
security flaws
• But good practices for good design have been
documented (analogous to software engineering)
– Economy of mechanism, fail-safe defaults, complete
mediation, open design, separation of privileges, lease
privilege, least common mechanism, psychological
accountability, isolation, encapsulation, modularity,
layering, least astonishment
Fundamental security design principles

• Economy of mechanism: the design of security

measures should be as simple as possible
– Simpler to implement and to verify
– Fewer vulnerabilities
• Fail-safe default: access decisions should be
based on permissions; i.e., the default is lack of
access
• Complete mediation: every access should
checked against an access control system
• Open design: the design should be open rather
than secret (e.g., encryption algorithms)
Fundamental security design principles

• Isolation
– Public access should be isolated from critical
resources (no connection between public and critical
information)
– Users files should be isolated from one another
(except when desired)
– Security mechanism should be isolated (i.e.,
preventing access to those mechanisms)
• Encapsulation: similar to object concepts (hide
internal structures)
• Modularity: modular structure
Fundamental security design principles

• Layering (defense in depth): use of multiple,

overlapping protection approaches
• Least astonishment: a program or interface
should always respond in a way that is least
likely to astonish a user
Fundamental security design principles

• Layering (defense in depth): use of multiple,

overlapping protection approaches
• Least astonishment: a program or interface
should always respond in a way that is least
likely to astonish a user
Fundamental security design principles

• Separation of privilege: multiple privileges

should be needed to do achieve access (or
complete a task)
• Least privilege: every user (process) should have
the least privilege to perform a task
• Least common mechanism: a design should
minimize the function shared by different users
(providing mutual security; reduce deadlock)
• Psychological acceptability: security mechanisms
should not interfere unduly with the work of
users
Computer Security Strategy

Specification & Implementation Correctness &

policy & mechanisms assurance

what is the
how does it do does it really
security scheme
it? work?
supposed to do?
Computer Security Strategy
• Security Policy
– informal statement of rules and practices that
specify or regulate security services
– factors to consider:
• value of the protected assets
• vulnerabilities of the system
• potential threats and the likelihood of attacks
– trade-offs to consider:
• ease of use versus security
• cost of security versus cost of failure and recovery
Computer Security Strategy
• Security Implementation
– Prevention: An ideal security scheme is one in which no attack is
successful.
– Detection: Absolute protection is not feasible, but it is practical to
detect security attacks.
– Response: If security mechanisms detect an ongoing attack, the
system may be able to respond in such a way as to halt the attack
and prevent further damage.
– Recovery: An example of recovery is the use of backup systems, so
that if data integrity is compromised, a prior, correct copy of the
data can be reloaded.
Computer Security Strategy
• Assurance and Evaluation
– assurance
• the degree of confidence one has that the security
measures work as intended
• both system design and implementation
– evaluation
• process of examining a system with respect to certain
criteria
• involves testing and formal analytic or mathematical
techniques
Chapter 2 – Cryptographic Tools

1
 Cryptographic Tools
• cryptographic algorithms important element
in security services
• review various types of elements
– symmetric encryption
– public-key (asymmetric) encryption
– digital signatures and key management
– secure hash functions
• example is use to encrypt stored data

2
Symmetric Encryption

3
 Attacking Symmetric Encryption
• cryptanalysis
– rely on nature of the algorithm
– plus some knowledge of plaintext characteristics
– even some sample plaintext-ciphertext pairs
– exploits characteristics of algorithm to deduce
specific plaintext or key
• brute-force attack
– try all possible keys on some ciphertext until get
an intelligible translation into plaintext

4
Exhaustive Key Search

5
Symmetric Encryption Algorithms

6
 DES and Triple-DES
• Data Encryption Standard (DES) is the most
widely used encryption scheme
– uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block
– concerns about algorithm & use of 56-bit key
• Triple-DES
– repeats basic DES algorithm three times
– using either two or three unique keys
– much more secure but also much slower
7
 Advanced Encryption Standard
(AES)
• needed a better replacement for DES
• NIST called for proposals in 1997
– efficiency, security, HW/SW suitability, 128, 256,
256 keys
• selected Rijndael in Nov 2001
• symmetric block cipher
• uses 128 bit data & 128/192/256 bit keys
• now widely available commercially

8
 Block
verses
Stream
Ciphers

9
 Message Authentication
• protects against active attacks
• verifies received message is authentic
– contents unaltered
– from authentic source
– timely and in correct sequence
• can use conventional encryption
– only sender & receiver have key needed
• or separate authentication mechanisms
– append authentication tag to cleartext message
10
Message Authentication Codes

11
Secure Hash Functions

12
Message
Auth

13
 Hash Function Requirements
• Applied to any size data
• H produces a fixed-length output
• H(x) is relatively easy to compute for any given x
• one-way property
– computationally infeasible to find x such that H(x) = h
• weak collision resistance
– computationally infeasible to find y ≠ x such tha H(y) = H(x)
• strong collision resistance
– computationally infeasible to find any pair (x, y) such that H(x) = H(y)

14
 Hash Functions
• two attack approaches
– cryptanalysis
• exploit logical weakness in alg
– brute-force attack
• trial many inputs
• strength proportional to size of hash code (2n/2)
• SHA most widely used hash algorithm
– SHA-1 gives 160-bit hash
– more recent SHA-256, SHA-384, SHA-512 provide
improved size and security

15
Public Key Encryption

16
 Public Key Authentication
Authentication and/or data integrity

17
 Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to
encrypt messages
3. computationally easy for receiver knowing private key to
decrypt ciphertext
4. computationally infeasible for opponent to determine private
key from public key
5. computationally infeasible for opponent to otherwise
recover original message
6. useful if either key can be used for each role

18
 Public Key Algorithms
• RSA (Rivest, Shamir, Adleman)
– developed in 1977
– only widely accepted public-key encryption alg
– given tech advances need 1024+ bit keys
• Diffie-Hellman key exchange algorithm
– only allows exchange of a secret key
• Digital Signature Standard (DSS)
– provides only a digital signature function with SHA-1
• Elliptic curve cryptography (ECC)
– new, security like RSA, but with much smaller keys

19
 Public Key Certificates
See textbook figure p.63

20
 Digital
Envelopes

Another application of public key alg

21
 Random Numbers
• random numbers have a range of uses
• requirements:
• randomness
– based on statistical tests for uniform distribution
and independence
• unpredictability
– successive values not related to previous
– clearly true for truly random numbers
– but more commonly use generator
22
 Pseudorandom verses Random
Numbers
• often use algorithmic technique to create
pseudorandom numbers
– which satisfy statistical randomness tests
– but likely to be predictable
• true random number generators use a
nondeterministic source
– e.g. radiation, gas discharge, leaky capacitors
– increasingly provided on modern processors

23
 Practical Application:
Encryption of Stored Data

• common to encrypt transmitted data

• much less common for stored data
– which can be copied, backed up, recovered
• approaches to encrypt stored data:
– back-end appliance (hardware device close to data storage;
encrypt close to wire speed)
– library based tape encryption (co-processor board
embedded in tape drive)
– background laptop/PC data encryption
24
 Summary
• introduced cryptographic algorithms
• symmetric encryption algorithms for
confidentiality
• message authentication & hash functions
• public-key encryption
• digital signatures and key management
• random numbers

25
Chapter 2 – Symmetric Encryption
and Message Confidentiality

1
 Symmetric Encryption and Message
Confidentiality
Ø also known as: conventional encryption, secret-key, or
single-key encryption
l only alternative before public-key crypto in 70’s
l still most widely used alternative
l has ingredients: plaintext, encryption algorithm, secret key,
ciphertext, and decryption algorithm
Ø generically classified along dimensions of:
1. type of operations used
2. number of keys used
3. way in which the plaintext is processed
2
 Cryptanalysis
Øattacks:
lciphertext only - least info, hardest
lknown plaintext - some plain/cipher pairs
lchosen plaintext - get own plain/cipher pairs
lchosen ciphertext - rarer
lchosen text - rarer
Øonly weak algs fail a ciphertext-only attack
Øusually design algs to withstand a known-
plaintext attack
3
 Computationally Secure Algs
Ø encryption is computationally secure if:
l cost of breaking cipher exceeds info value
l time required to break cipher exceeds the useful lifetime of the info
Ø usually very difficult to estimate the amount of effort required to
break
Ø can estimate time/cost of a brute-force attack (see Ch 2)

4
 Feistel
Cipher
Structure

5
 Block Cipher Structure
Ø have a general iterative block cipher structure
l with a sequence of rounds
l with substitutions / permutations controlled by key
Ø parameters and design features:
l block size
l key size
l number of rounds
l subkey generation algorithm
l round function
l fast software en/decrypt

6
Data Encryption Standard (DES)

7
 Triple DES (3DES)
Øfirst used in financial applications
Øin DES FIPS PUB 46-3 standard of 1999
Øuses three keys & three DES executions:
C = E(K3, D(K2, E(K1, P)))
Ødecryption same with keys reversed
Øuse of decryption in second stage gives
compatibility with original DES users
Øeffective 168-bit key length, slow, secure
ØAES will eventually replace 3DES
8
Advanced
Encryption
Standard
(AES)

9
AES Round Structure

10
 Substitute Bytes
Øa simple table lookup in S-box
la 16´16 matrix of byte values
lmapping old byte to a new value
• e.g. {95} maps to {2A}
la permutation of all possible 256 8-bit values
Øconstructed using finite field properties
ldesigned to be resistant to known cryptanalytic
attacks
Ødecrypt uses inverse of S-box
11
 Shift Rows
Ø on encrypt left rotate each row of State by 0,1,2,3
bytes respectively
Ø decrypt does reverse
Ø to move individual bytes from one column to another
and spread bytes over columns

12
 Mix Columns & Add Key
ØMix Columns
loperates on each column individually
lmapping each byte to a new value that is a
function of all four bytes in the column
luse of equations over finite fields
lto provide good mixing of bytes in column
ØAdd Round Key
lsimply XOR State with bits of expanded key
lsecurity from complexity of round key expansion
and other stages of AES
13
 Stream Ciphers
Ø processes input elements continuously
Ø key input to a pseudorandom bit generator
l produces stream of random like numbers
l unpredictable without knowing input key
l XOR keystream output with plaintext bytes
Ø are faster and use far less code
Ø design considerations:
l encryption sequence should have a large period
l keystream approximates random number properties
l uses a sufficiently long key
14
RC4

15
 Modes of Operation
Ø block ciphers process data in blocks
l e.g. 64-bits (DES, 3DES) or 128-bits (AES)
Ø for longer messages must break up
l and possibly pad end to blocksize multiple
Ø have 5 five modes of operation for this
l defined in NIST SP 800-38A
l modes are: ECB, CBC, CFB, OFB, CTR

16
 Electronic Codebook (ECB)
Ø simplest mode
Ø split plaintext into blocks
Ø encrypt each block using the same key
Ø “codebook” because have unique ciphertext value for each plaintext block
l not secure for long messages since repeated plaintext is seen in repeated
ciphertext

17
Cipher Block Chaining (CBC)

18
Cipher Feedback (CFB)

19
Counter (CTR)

20
Location of Encryption

21
 Key Distribution
Øsymmetric crypto needs a shared key:
Øtwo parties A & B can achieve this by:
lA selects key, physically delivers to B
l3rd party select keys, physically delivers to A, B
• reasonable for link crypto, bad for large no’s users
lA selects new key, sends encrypted using previous
old key to B
• good for either, but security fails if any key discovered
l3rd party C selects key, sends encrypted to each of A
& B using existing key with each
• best for end-to-end encryption
22
Key Distribution

23
 Summary
Ø introduced symmetric encryption basics
Ø DES, 3DES and AES
Ø stream ciphers and RC4
Ø modes of operation
Ø location of encryption
Ø key distribution

24
 Chapter 2 – Public-Key
Cryptography and Message
Authentication
Public-Key Cryptography and Message
Authentication
• now look at technical detail concerning:
– secure hash functions and HMAC
– RSA & Diffie-Hellman Public-Key Algorithms
 Simple Hash Functions
• a one-way or secure hash function used in
message authentication, digital signatures
• all hash functions process input a block at a time
in an iterative fashion
• one of simplest hash functions is the bit-by-bit
exclusive-OR (XOR) of each block
Ci = bi1 Å bi2 Å . . . Å bim
– effective data integrity check on random data
– less effective on more predictable data
– virtually useless for data security
 SHA Secure Hash Functions
• SHA originally developed by NIST/NSA in 1993
• was revised in 1995 as SHA-1
– US standard for use with DSA signature scheme
– standard is FIPS 180-1 1995, also Internet RFC3174
– produces 160-bit hash values
• NIST issued revised FIPS 180-2 in 2002
– adds 3 additional versions of SHA
– SHA-256, SHA-384, SHA-512
– with 256/384/512-bit hash values
– same basic structure as SHA-1 but greater security
• NIST intend to phase out SHA-1 use
SHA-512 Structure
SHA-512
Round
 Other Secure Hash Functions
• most based on iterated hash function design
– if compression function is collision resistant
– so is resultant iterated hash function
• MD5 (RFC1321)
– was a widely used hash developed by Ron Rivest
– produces 128-bit hash, now too small
– also have cryptanalytic concerns
• Whirlpool (NESSIE endorsed hash)
– developed by Vincent Rijmen & Paulo Barreto
– compression function is AES derived W block cipher
– produces 512-bit hash
 HMAC
• interest a MAC using a cryptographic hash
– due to speed and code availability
• must incorporate key into use of hash alg
• HMAC (RFC2104) widely supported
– used in IPsec, TLS & SET
• HMAC treats hash as “black box”
• HMAC proven secure if embedded hash
function has reasonable cryptographic
strength
 HMAC
Structure
 Security of HMAC
• security based on underlying hash strength
• have prob given time and no msg-MAC’s
• either attacker computes output even with
random secret IV
– brute force key O(2n), or use birthday attack
• or attacker finds collisions in hash function
even when IV is random and secret
– ie. find M and M' such that H(M) = H(M')
– birthday attack O( 2n/2)
– MD5 secure in HMAC since only observe
 RSA Public-Key Encryption
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key alg
• uses exponentiation of integers modulo a prime
• encrypt: C = Me mod n
• decrypt: M = Cd mod n = (Me)d mod n = M
• both sender and receiver know values of n and e
• only receiver knows value of d
• public-key encryption algorithm with
– public key PU = {e, n} & private key PR = {d, n}.
RSA Algorithm
RSA Example
 Attacks on RSA
• brute force
– trying all possible private keys
– use larger key, but then slower
• mathematical attacks (factoring n)
– see improving algorithms (QS, GNFS, SNFS)
– currently 1024-2048-bit keys seem secure
• timing attacks (on implementation)
– use - constant time, random delays, blinding
• chosen ciphertext attacks (on RSA props)
 Diffie-Hellman Key Exchange
• first public-key type scheme proposed
• by Diffie & Hellman in 1976 along with the
exposition of public key concepts
– note: now know that Williamson (UK CESG)
secretly proposed the concept in 1970
• practical method to exchange a secret key
• used in a number of commercial products
• security relies on difficulty of computing
discrete logarithms
 Diffie-
Hellman
Algorithm
 Diffie-Hellman Example
• have
– prime number q = 353
– primitive root a = 3
• A and B each compute their public keys
– A computes YA = 397 mod 353 = 40
– B computes YB = 3233 mod 353 = 248
• then exchange and compute secret key:
– for A: K = (YB)XA mod 353 = 24897 mod 353 = 160
– for B: K = (YA)XB mod 353 = 40233 mod 353 = 160
• attacker must solve:
– 3a mod 353 = 40 which is hard
– desired answer is 97, then compute key as B does
Key Exchange Protocols
 Man-in-the-Middle Attack
• attack is:
1. Darth generates private keys XD1 & XD2, and their public
keys YD1 & YD2
2. Alice transmits YA to Bob
3. Darth intercepts YA and transmits YD1 to Bob. Darth also
calculates K2
4. Bob receives YD1 and calculates K1
5. Bob transmits XA to Alice
6. Darth intercepts XA and transmits YD2 to Alice. Darth
calculates K1
7. Alice receives YD2 and calculates K2
• all subsequent communications compromised
 Other Public-Key Algorithms
• Digital Signature Standard (DSS)
– FIPS PUB 186 from 1991, revised 1993 & 96
– uses SHA-1 in a new digital signature alg
– cannot be used for encryption
• elliptic curve cryptography (ECC)
– equal security for smaller bit size than RSA
– seen in standards such as IEEE P1363
– still very new, but promising
– based on a mathematical construct known as the
elliptic curve (difficult to explain)
 Summary
• discussed technical detail concerning:
– secure hash functions and HMAC
– RSA & Diffie-Hellman Public-Key Algorithms