Title: Security Basics
1Security Basics
- One-way functions
- Randomness
- Authentication
- Password Authentication
- Encryption
- Digital Signatures
The slides came from Prof. Markus Jakbossons
lecture notes on Information Technology
Essentials at Indiana University Bloomington
2What is a one-way function?
Easy to perform the function (grind the cow) Hard
to invert the function (ungrind the cow)
3More mathematically speaking
- Input x
- Function f(x)
- Output y
- Where yf(x)
- The inverse is denoted
- xf-1(y)
4 so what is an inverse?
- This is extremely important in crypto!
- f-1(x) is the inverse to f(x) means that
- f-1(f(x))f(f-1(x))x
- Examples The inverse to the function f(x)x5 is
the function f-1(x)x-5. The inverse to is -,
and of is /.
5 and some more terms
- What is modulo?
- What is a prime number?
- What is a composite number?
- What about modular artitmetic?
6Modulo
- Definition If a modulo b c then c is the
remainder after dividing a with b. - Example 17 modulo 6 5 since 17-265
7Prime numbers
- Numbers that are only divisible by themselves,
and by 1. - Examples 3, 7, 17, 19, 29
- Not examples 4, 15, 28
8Composite numbers
- Numbers that are a product of prime numbers. (In
cryptography, they will often be a product of two
large prime numbers.) - A composite 21 3 7
- Another 77 7 11
9Modular arithmetic
- Normally, 7749, and 7714.
- Modulo 11, we have
- 77 5 (i.e., 49-411)
- 77 3 (i.e., 14-111)
- And modulo 21
- 77 7 (i.e., 49-221)
- 77 14 (i.e., 14-021)
10 and back to inverses
- The additive inverse to 7 modulo 11 is the
number x so that x7 0 modulo 11. That is x4.
Just like -7 is the normal inverse to 7 (no
modulo). - The multiplicative inverse to 2 modulo 11 is
the number x so that x21 modulo 11. That is
x6. Just like 0.5 is the normal inverse to 2 (no
modulo).
11An example one-way function(a function for which
one cannot compute the inverse)
- Input x
- Function f(x)xxx modulo N
- where N is a composite number
- Output yf(x)
12An example one-way function
- Input x 6
- Function f(x)666 modulo N
- where N 77
- Output yf(x) 666 modulo 77
- 216 modulo 77 62
- That was easy enough! But what if we only know
the output y62, how do we compute xf-1(y)?
13An example one-way function
- That was easy enough! But what if we only know
the output y62, how do we compute xf-1(y)?
Nobody knows how to efficiently find that value
(unless you already know it, of course or
exhaustively try all )
14Practical definition
- f is a one-way function if there is no known way
to compute f-1that is substantially faster than
exhaustively try all possibilities. - Example if one operation takes 1/1000 second,
and there are 2100 possibilities then it takes a
billion computers more than more than a billion
years to find the answer, on average.
15So why are one-way functions important?
- A first person, Alice, can pick the input x and
compute the output y. - A second person, Bob, who sees y cannot compute
x. - That distinguishes the first and second person
If you have to know x to perform some
computation, then Alice can do it, but Bob
cannot.
16An example one-way function(Lets look at this
one again!)
- Input x
- Function f(x)xxx modulo N
- where N is a composite number
- Output yf(x)
- This is the basis for the famous RSA encryption
algorithm and the RSA digital signature algorithm.
17An example one-way function(Lets look at this
one again!)
- Input x
- Function f(x)xxx modulo N
- where N is a composite number
- Output yf(x)
- What is secret? If I tell you y, then x may be
secret. But also, if I tell you N (say 77), then
its factorization (7 and 11) is secret.
18Other one-way functions
- Hash functions (e.g., MD5, SHA-1)
- Discrete logarithms (used in DSS / DSA -- Digital
Signature Standard and Digital Signature
Algorithm and in the Diffie-Hellman key exchange
algorithm)
19Now lets talk about secrets
- In order for something to be secret
- It should not leak when used
- It should impossible to guess
- it must be randomly generated
- and long enough to make exhaustive search
meaningless
20It must be randomly generated
- This is tougher than it may seem at first!
- There are lots of cryptographic algorithms that
produces lots of randomness given a small amount
of randomness - All of these need to start with some small
amount of randomness, from a physical source.
21Lets start with the small amount of randomness!
- Randomness of white noise.
- Randomness of air turbulence.
- Shaking the mouse, and more.
22and stretch the randomness
Same short randomness all the time
One-way function
R
f
i4
i5
i
i2
i6
i3
i1
counter
A sequence of random strings
23 and now
24Two machines authenticating themselves to another.
Joe
or ?
Joe withdraws 100.
25Two machines authenticating themselves to another.
Secret key K
Secret key K
mJoe withdraws 100
MACf(m,K)
MAC is short for Message Authentication Code
26Two machines authenticating themselves to another.
Compute f(m,K) Compare to MAC If equal then
mJoe withdraws 100
MACf(m,K)
m2Ok to disburse, MAC2f(m2,K)
27I know m and MAC, but since f is one-way, I
cannot compute K
mJoe withdraws 100
MACf(m,K)
28Without K, I cannot forge MACs on messages I
choose. Oh man!
mJoe withdraws 100
MACf(m,K)
29How long should K be?
K0 gives right MAC?
K1 gives right MAC?
K2 gives right MAC?
K3 gives right MAC?
mJoe withdraws 100
MACf(m,K)
30Password authentication
Cannot remember long keys
Can store very long keys
Why not use the same solution as for machine
authentication?
31Password authentication
Malware
Eavesdropper
Hacker/insider
Username piggy
Password?
Password GoPETAGo
32Password authentication
Use anti-virus software
Malware
Username piggy
Password?
Password GoPETAGo
33Password authentication
Use anti-virus software
Pof!
Username piggy
Password?
Password GoPETAGo
34Password authentication
Encrypt all information between machines
Eavesdropper
Username ZP7ff02j
Password?
Password Ph3_at_)jU
35Password authentication
Encrypt all information between machines (more
about this later!)
Pof!
Username ZP7ff02j
Password?
Password Ph3_at_)jU
36Password authentication
How can we avoid that an insider steals all
passwords?
Hacker/insider
Username ZP7ff02j
Password?
Password Ph3_at_)jU
37Bad approach encrypt contents!
- So if we encrypt the contents of the machine, how
can the machine verify the password? - We need to store the key on the machine!
- Then the attacker will read the key first, then
decrypt and read the contents!
38Good approach Dont store pwds!
- But how can we verify them then?
- Here is how
- Instead of storing (username,password)
- store (username, f(password))
39Good approach Dont store pwds!
- Instead of storing (username,password)
- store (username, f(password))
- An attacker can obtain f(password) but not the
password!
40Good approach Dont store pwds!
- Instead of storing (username,password)
- store (username, f(password))
- How do we verify a password?
- 1. Receive (username,password)
- 2. Apply f to password, obtain yf(password)
- 3. Compare to stored record! Equal success
In reality, it is just a little bit more complex.
41And now for something completely different!
The (in)famous Enigma machine.
42A short history of encryption
- Scytale cipher (early Greek cipher) strip of
paper was wound round a staff, message written
along staff in rows, paper removed, leaving a
strip of seemingly random letters. The key was
width of paper staff. - Ceasar cipher replace each letter of message by
a letter a fixed distance away. Key is distance.
(more)
43A short history of encryption
- The Enigma rotor machine (WW II)
- DES (Data Encryption Standard - outdated)
- RC4 (Rons code 4 - a stream cipher)
- RSA (Rivest Shamir Adleman -inventors of this
public key or asymmetric cipher) - AES (Advanced Encryption Standard - a symmetric
key cipher)
44What is XOR? (Exclusive OR)
- 000 (everything is normal)
- 011 (sounds fine)
- 101 (ok whats new?)
- 110 (thats the surprise!)
45About stream ciphers
K
f
K
f
i1
i1
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
Keystream1011 00
XOR
XOR
Keystream1011 00
Ciphertext1000 01
Ciphertext1000 01
46On security of stream ciphers
- If the key K is hard to guess and the function
used to stretch it (to get the keystream) is
one-way then an attacker who does not know K
cannot guess m given only the ciphertext. - But if K is easy to guess or the function is not
one-way too bad
47How does public key encryption (e.g., RSA) work?
PKBob
SKBob
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
encrypt
decrypt
Ciphertext1101 11
Ciphertext1101 11
48How do you know what public key to use?
Attack!
Bits n bytes (01..1, 1101...11) (11..0,
100111) (11..1, 010010)
Bits n bytes (01..1, 001101) (11..0,
100111) (11..1, 010010)
Interpretation (Bob, PKEve) (Joe,
PKJoe) (Lucy,PKLucy)
Interpretation (Bob, PKBob) (Joe,
PKJoe) (Lucy,PKLucy)
49Public Key Infrastructure (PKI)
Attack!
Bits n bytes (01..1, 1101...11) (11..0,
100111) (11..1, 010010)
Bits n bytes (01..1, 001101) (11..0,
100111) (11..1, 010010)
0110010..001
0110010..001
Interpretation (Bob, PKEve) (Joe,
PKJoe) (Lucy,PKLucy)
Interpretation (Bob, PKBob) (Joe,
PKJoe) (Lucy,PKLucy)
You can have a signature for all items, or one
per item
50How do you sign??
- A digital signature must be
- impossible to forge (make by somebody who does
not know - the secret key). This includes changing the
message! - easy to verify - just have to know what
algorithm to use, - and know the public key of the signer.
51How does a digital signature(e.g., RSA) work?
SKAlice
PKAlice
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
Digitally sign
Verify
signature0001 01
signature0001 01
Send Message, signature, certificate
52Now lots of questions
- What is a certificate?
- Is encryption the same as signing?
- Is a MAC the same as a digital signature?
- Who can sign using a given public key?
- Can you trust that a person really signed?
- What is really a PKI?
- And what if there were no randomness?