Professional Documents
Culture Documents
1 - Introduction
1 - Introduction
April, 2020
The Connected World
1/21/2021 2
Information Storage
1/21/2021 3
Increased Security Breaches
1/21/2021 4
Increased Security Breaches
1/21/2021 5
Increased Security Breaches
1/21/2021 6
1/21/2021 7
1/21/2021 8
Information Security Objectives
CIA Triad
1/21/2021 9
Information Security Objectives
Confidentiality (Tính bí mật của thông tin)
▪ Data confidentiality
o Assures that private or confidential information is not made available or disclosed to
unauthorized individuals
▪ Privacy
o Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed
1/21/2021 10
Possible Additional Concepts
Authentication (Tính xác thực)
▪ Assures to one entity that another entity is who he/she/it claims to
be
1/21/2021 11
Terms
Threat (Mối đe dọa)
▪ A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might
exploit a vulnerability.
Attack (Tấn công)
▪ An assault on system security that derives from an intelligent threat;
that is, an intelligent act that is a deliberate attempt (especially in
the sense of a method or technique) to evade security services and
violate the security policy of a system.
1/21/2021 12
Security Threats
- Hardware
- System Software
Networks/ Communication links
(Operating Systems/ Hypervisor)
- Applications
Peripherals
1/21/2021 13
Why difficult to prevent?
Attackers need to target the weakest link in the chain
1/21/2021 14
Security Threats (Research)
- Hardware
Hardware Security
Network Security
- System Software System Security
Networks/ Communication links
(Operating Systems/ Hypervisor)
OS Security
- Applications
Cloud Security
Cryptography
Peripherals
Embedded Security
1/21/2021 15
Cryptography
A crucial component in all security systems
Fundamental component to achieve
▪ Confidentiality
o Allows only authorized users access to data
1/21/2021 16
Cryptography
A crucial component in all security systems
Fundamental component to achieve
▪ Confidentiality
▪ Data Integrity
o Cryptography can be used to ensure that only
authorized users can make modifications (for
instance to a bank account number)
1/21/2021 17
Cryptography
A crucial component in all security systems
Fundamental component to achieve
▪ Confidentiality
▪ Data Integrity
▪ Authentication
o Cryptography helps prove identities
1/21/2021 18
Cryptography
A crucial component in all security systems
Fundamental component to achieve
▪ Confidentiality
▪ Data Integrity I did not
▪ Authentication send that
▪ Non-repudiation
The sender of a
message cannot
claim that she did
not send it
1/21/2021 19
Scheme for Confidentiality
Problem: Alice wants to send a message to Bob (and only to Bob) through
an untrusted communication link
Meet
at 8a.m Alice Bob
Eve
1/21/2021 20
Encryption
Secrets:
▪ Only Alice knows the encryption key 𝐾𝐸
▪ Only Bob knows the decryption key 𝐾𝐷
𝐾𝐸 𝐾𝐷
1/21/2021 21
Encryption Algorithms
Should be easy to compute for Alice/ Bob (who know the key)
Should be difficult to compute for Eve (who does not know the key)
What is ‘difficult’?
▪ Ideal case: Prove that the probability of Eve determining the encryption/ decryption
key is no better than a random guess
▪ Computationally: Show that it is difficult for Eve to determine the keys even if she has
massive computational power
𝐾𝐸 𝐾𝐷
1/21/2021 22
Algorithmic Attacks
Can Eve use tricks to break the algorithm?
1/21/2021 23
Encryption Keys
How are keys managed
▪ How does Alice & Bob select the keys?
▪ Need algorithms for key exchange
𝐾𝐸 𝐾𝐷
1/21/2021 24
Ciphers
Symmetric Algorithms
▪ Encryption & Decryption use the same key
▪ 𝐾𝐸 = 𝐾𝐷
▪ Examples:
o Block Ciphers: DES, AES, PRESENT, etc.
o Stream Ciphers: A5, Grain, etc.
Asymmetric Algorithms
▪ Encryption & Decryption keys are different
▪ 𝐾𝐸 ≠ 𝐾𝐷
▪ Examples:
o RSA
o ECC
1/21/2021 25
Ciphers Implementations
Cryptography is always an overhead!!
E
1/21/2021 26
Encryption Devices
Side Channels:
▪ E.g. Power consumption/ radiation of device, execution time, etc.
𝐾𝐸 𝐾𝐷
1/21/2021 27
Side Channel Analysis
00111
E
encryption
Alice
Meet
at Eve
8a.m
Secret information
1/21/2021 28
Ciphers Design Challenges
Tradeoff between Security, Speed, Side-Channel Attacks
1/21/2021 30
Some Hot Research Trends
Homomorphic encryption
Hardware-based whole disk encryption
Moving target defense
Wearable two-factor authentication
A resurgence of physical-based security
Quantum cryptography
Smart contracts for encrypted payments
Honey encryption
IoT product security
Voice biometrics and facial recognition
Blockchain
Tokenization
1/21/2021 31
Security Threats (Research)
- Hardware
Hardware Security
Network Security
- System Software System Security
Networks/ Communication links
(Operating Systems/ Hypervisor)
OS Security
- Applications
Cloud Security
Cryptography
Peripherals
Embedded Security
1/21/2021 32
Cryptography
Practice of the enciphering and deciphering of messages in
secret code in order to render them unintelligible to all but the
intended receiver.
1/21/2021 33
Early Cryptography
3500 BC: Sumerians
▪ Cuneiform writings (Chữ
hình nêm)
1/21/2021 34
Early Cryptography
1900 BC: Egypt
▪ First known use of cryptography
1/21/2021 35
Early Cryptography
500 – 600 BC: ATBASH Cipher
▪ Used by Hebrew scribes
▪ Substitution cipher (reversed alphabet)
1/21/2021 36
Early Cryptography
486 BC: Greece (Hy Lạp)
▪ Skytale - Cây gậy mật mã
1/21/2021 37
Early Cryptography
60 – 50 BC: Julius Ceasar
▪ Substitution cipher (Mã thay thế)
▪ Shift letters by X positions:
o E.g.: k=3: A→D, B→E, C→F,...
▪ Weakness:
o Frequency analysis (1000AD)
▪ 1466: Leon Albertini: cipher disk
o Used until 16th century
1/21/2021 38
Medieval Cryptography
1587: Vigenère Cipher
▪ Polyalphabetic: one to many
relationship (Mã thay thế
dùng nhiều bảng chữ cái)
▪ Example
o Plaintext: ATTACKATDAWN
o Keyword: LEMON
o Ciphertext: LXFOPVEFR
1/21/2021 39
Modern Cryptography
1845: Morse Code
▪ Representation by code signal
▪ States (on and off) composed into symbols
1/21/2021 40
Modern Cryptography
1863: Kasiski breaks Vigenere
▪ Find length of keyword
▪ Divide message into substitution cryptograms
▪ Use frequency analysis to solve these
1/21/2021 41
Modern Cryptography
1918: ADFGVX Cipher
▪ Used in the German army in WWI
1/21/2021 42
Modern Cryptography
1918: The Enigma
▪ Arthur Scherbius
▪ Business: confidential docs
▪ No codebooks
▪ Rotors → multi substitution
▪ Wiring changes as-you-type
▪ German forces in WWII
1/21/2021 43
Modern Cryptography
1937 – 1945: Navajo Code Talkers
1/21/2021 44
Modern Cryptography
1949: Shannon
▪ Communication Theory of Secret
Systems
▪ Proved: One time pad unbreakable
1/21/2021 45
Modern Cryptography
1976: Diffe – Hellman Key Exchange
▪ Whitfield Diffe & Martin Hellman
▪ Discrete logarithm problem
1/21/2021 46
Modern Cryptography
So how does it work?
Exploits?
▪ Man in the middle
▪ Fix: additional authentication
1/21/2021 47
Modern Cryptography
Public Key Crypto
▪ Key exchange problem
▪ Asymmetric key algorithm
▪ VD: RSA, MIT, 1977
1/21/2021 48
Modern Cryptography
1991: PGP Pretty Good Privacy
▪ Protocol, uses RSA
▪ Encryption & decryption
▪ Digital signatures
o How does that work?
▪ Web of Trust (WOT)
o Third party signs (public) key to attest association (hiệp hội chứng thực)
between person and key
▪ Other possibility: Hierarchical, Certification Authority(CA) based
o VD: X.509 Certificates in SSL
1/21/2021 49