Security Basics

1
Security Basics

• One-way functions
• Randomness
• Authentication
• Password Authentication
• Encryption
• Digital Signatures

The slides came from Prof. Markus Jakbossons
lecture notes on Information Technology
Essentials at Indiana University Bloomington
2
What is a one-way function?
Easy to perform the function (grind the cow) Hard
to invert the function (ungrind the cow)
3
More mathematically speaking

• Input x
• Function f(x)
• Output y
• Where yf(x)
• The inverse is denoted
• xf-1(y)

4
so what is an inverse?

• This is extremely important in crypto!
• f-1(x) is the inverse to f(x) means that
• f-1(f(x))f(f-1(x))x
• Examples The inverse to the function f(x)x5 is
  the function f-1(x)x-5. The inverse to is -,
  and of is /.

5
and some more terms

• What is modulo?
• What is a prime number?
• What is a composite number?
• What about modular artitmetic?

6
Modulo

• Definition If a modulo b c then c is the
  remainder after dividing a with b.
• Example 17 modulo 6 5 since 17-265

7
Prime numbers

• Numbers that are only divisible by themselves,
  and by 1.
• Examples 3, 7, 17, 19, 29
• Not examples 4, 15, 28

8
Composite numbers

• Numbers that are a product of prime numbers. (In
  cryptography, they will often be a product of two
  large prime numbers.)
• A composite 21 3 7
• Another 77 7 11

9
Modular arithmetic

• Normally, 7749, and 7714.
• Modulo 11, we have
• 77 5 (i.e., 49-411)
• 77 3 (i.e., 14-111)
• And modulo 21
• 77 7 (i.e., 49-221)
• 77 14 (i.e., 14-021)

10
and back to inverses

• The additive inverse to 7 modulo 11 is the
  number x so that x7 0 modulo 11. That is x4.
  Just like -7 is the normal inverse to 7 (no
  modulo).
• The multiplicative inverse to 2 modulo 11 is
  the number x so that x21 modulo 11. That is
  x6. Just like 0.5 is the normal inverse to 2 (no
  modulo).

11
An example one-way function(a function for which
one cannot compute the inverse)

• Input x
• Function f(x)xxx modulo N
• where N is a composite number
• Output yf(x)

12
An example one-way function

• Input x 6
• Function f(x)666 modulo N
• where N 77
• Output yf(x) 666 modulo 77
• 216 modulo 77 62
• That was easy enough! But what if we only know
  the output y62, how do we compute xf-1(y)?

13
An example one-way function

• That was easy enough! But what if we only know
  the output y62, how do we compute xf-1(y)?

Nobody knows how to efficiently find that value
(unless you already know it, of course or
exhaustively try all )
14
Practical definition

• f is a one-way function if there is no known way
  to compute f-1that is substantially faster than
  exhaustively try all possibilities.
• Example if one operation takes 1/1000 second,
  and there are 2100 possibilities then it takes a
  billion computers more than more than a billion
  years to find the answer, on average.

15
So why are one-way functions important?

• A first person, Alice, can pick the input x and
  compute the output y.
• A second person, Bob, who sees y cannot compute
  x.
• That distinguishes the first and second person
  If you have to know x to perform some
  computation, then Alice can do it, but Bob
  cannot.

16
An example one-way function(Lets look at this
one again!)

• Input x
• Function f(x)xxx modulo N
• where N is a composite number
• Output yf(x)
• This is the basis for the famous RSA encryption
  algorithm and the RSA digital signature algorithm.

17
An example one-way function(Lets look at this
one again!)

• Input x
• Function f(x)xxx modulo N
• where N is a composite number
• Output yf(x)
• What is secret? If I tell you y, then x may be
  secret. But also, if I tell you N (say 77), then
  its factorization (7 and 11) is secret.

18
Other one-way functions

• Hash functions (e.g., MD5, SHA-1)
• Discrete logarithms (used in DSS / DSA -- Digital
  Signature Standard and Digital Signature
  Algorithm and in the Diffie-Hellman key exchange
  algorithm)

19
Now lets talk about secrets

• In order for something to be secret
• It should not leak when used
• It should impossible to guess
• it must be randomly generated
• and long enough to make exhaustive search
  meaningless

20
It must be randomly generated

• This is tougher than it may seem at first!
• There are lots of cryptographic algorithms that
  produces lots of randomness given a small amount
  of randomness
• All of these need to start with some small
  amount of randomness, from a physical source.

21
Lets start with the small amount of randomness!

• Randomness of white noise.
• Randomness of air turbulence.
• Shaking the mouse, and more.

22
and stretch the randomness
Same short randomness all the time
One-way function
R
f
i4
i5
i
i2
i6
i3
i1
counter
A sequence of random strings
23
and now

• lets breathe

24
Two machines authenticating themselves to another.
Joe
or ?
Joe withdraws 100.
25
Two machines authenticating themselves to another.
Secret key K
Secret key K
mJoe withdraws 100
MACf(m,K)
MAC is short for Message Authentication Code
26
Two machines authenticating themselves to another.
Compute f(m,K) Compare to MAC If equal then
mJoe withdraws 100
MACf(m,K)
m2Ok to disburse, MAC2f(m2,K)
27
I know m and MAC, but since f is one-way, I
cannot compute K
mJoe withdraws 100
MACf(m,K)
28
Without K, I cannot forge MACs on messages I
choose. Oh man!
mJoe withdraws 100
MACf(m,K)
29
How long should K be?
K0 gives right MAC?
K1 gives right MAC?
K2 gives right MAC?
K3 gives right MAC?
mJoe withdraws 100
MACf(m,K)
30
Password authentication
Cannot remember long keys
Can store very long keys
Why not use the same solution as for machine
authentication?
31
Password authentication
Malware
Eavesdropper
Hacker/insider
Username piggy
Password?
Password GoPETAGo
32
Password authentication
Use anti-virus software
Malware
Username piggy
Password?
Password GoPETAGo
33
Password authentication
Use anti-virus software
Pof!
Username piggy
Password?
Password GoPETAGo
34
Password authentication
Encrypt all information between machines
Eavesdropper
Username ZP7ff02j
Password?
Password Ph3_at_)jU
35
Password authentication
Encrypt all information between machines (more
about this later!)
Pof!
Username ZP7ff02j
Password?
Password Ph3_at_)jU
36
Password authentication
How can we avoid that an insider steals all
passwords?
Hacker/insider
Username ZP7ff02j
Password?
Password Ph3_at_)jU
37
Bad approach encrypt contents!

• So if we encrypt the contents of the machine, how
  can the machine verify the password?
• We need to store the key on the machine!
• Then the attacker will read the key first, then
  decrypt and read the contents!

38
Good approach Dont store pwds!

• But how can we verify them then?
• Here is how
• Instead of storing (username,password)
• store (username, f(password))

39
Good approach Dont store pwds!

• Instead of storing (username,password)
• store (username, f(password))
• An attacker can obtain f(password) but not the
  password!

40
Good approach Dont store pwds!

• Instead of storing (username,password)
• store (username, f(password))
• How do we verify a password?
• 1. Receive (username,password)
• 2. Apply f to password, obtain yf(password)
• 3. Compare to stored record! Equal success

In reality, it is just a little bit more complex.
41
And now for something completely different!
The (in)famous Enigma machine.
42
A short history of encryption

• Scytale cipher (early Greek cipher) strip of
  paper was wound round a staff, message written
  along staff in rows, paper removed, leaving a
  strip of seemingly random letters. The key was
  width of paper staff.
• Ceasar cipher replace each letter of message by
  a letter a fixed distance away. Key is distance.

(more)
43
A short history of encryption

• The Enigma rotor machine (WW II)
• DES (Data Encryption Standard - outdated)
• RC4 (Rons code 4 - a stream cipher)
• RSA (Rivest Shamir Adleman -inventors of this
  public key or asymmetric cipher)
• AES (Advanced Encryption Standard - a symmetric
  key cipher)

44
What is XOR? (Exclusive OR)

• 000 (everything is normal)
• 011 (sounds fine)
• 101 (ok whats new?)
• 110 (thats the surprise!)

45
About stream ciphers
K
f
K
f
i1
i1
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
Keystream1011 00
XOR
XOR
Keystream1011 00
Ciphertext1000 01
Ciphertext1000 01
46
On security of stream ciphers

• If the key K is hard to guess and the function
  used to stretch it (to get the keystream) is
  one-way then an attacker who does not know K
  cannot guess m given only the ciphertext.
• But if K is easy to guess or the function is not
  one-way too bad

47
How does public key encryption (e.g., RSA) work?
PKBob
SKBob
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
encrypt
decrypt
Ciphertext1101 11
Ciphertext1101 11
48
How do you know what public key to use?
Attack!
Bits n bytes (01..1, 1101...11) (11..0,
100111) (11..1, 010010)
Bits n bytes (01..1, 001101) (11..0,
100111) (11..1, 010010)
Interpretation (Bob, PKEve) (Joe,
PKJoe) (Lucy,PKLucy)
Interpretation (Bob, PKBob) (Joe,
PKJoe) (Lucy,PKLucy)
49
Public Key Infrastructure (PKI)
Attack!
Bits n bytes (01..1, 1101...11) (11..0,
100111) (11..1, 010010)
Bits n bytes (01..1, 001101) (11..0,
100111) (11..1, 010010)
0110010..001
0110010..001
Interpretation (Bob, PKEve) (Joe,
PKJoe) (Lucy,PKLucy)
Interpretation (Bob, PKBob) (Joe,
PKJoe) (Lucy,PKLucy)
You can have a signature for all items, or one
per item
50
How do you sign??

• A digital signature must be
• impossible to forge (make by somebody who does
  not know
• the secret key). This includes changing the
  message!
• easy to verify - just have to know what
  algorithm to use,
• and know the public key of the signer.

51
How does a digital signature(e.g., RSA) work?
SKAlice
PKAlice
mHello Bob.
mHello Bob.
Bit string0011 01
Bit string0011 01
Digitally sign
Verify
signature0001 01
signature0001 01
Send Message, signature, certificate
52
Now lots of questions

• What is a certificate?
• Is encryption the same as signing?
• Is a MAC the same as a digital signature?
• Who can sign using a given public key?
• Can you trust that a person really signed?
• What is really a PKI?
• And what if there were no randomness?