COSC 316 COMPUTER HOSTS SECURITY - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

COSC 316 COMPUTER HOSTS SECURITY

Description:

World government communications. Example. Message:- SSL is a cryptographic protocol ... Frontier Foundation EFF set a special purpose machine to crack and less than a ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 25
Provided by: DrRo9
Category:

less

Transcript and Presenter's Notes

Title: COSC 316 COMPUTER HOSTS SECURITY


1
COSC 316 COMPUTER HOSTS SECURITY
  • SOUNDARARAJAN EZEKIEL
  • COMPUTER SCIENCE DEPARTMENT
  • INDIANA UNIVERSITY OF PENNYLVANIA
  • INDIANA, PA 15705

2
Part II Security Building BlocksChapter 7
Cryptography Basics
  • We will talk about
  • Understanding Cryptography
  • Symmetric Key Algorithm
  • Public Key Algorithms
  • Message Digest Functions

3
Chapter 7 Understanding Cryptography
  • Cryptography is a collection of mathematical
    techniques for protecting information
  • Using cryptography, you can transform written
    words and other kind of messages so that they
    are unintelligible to anyone who does not possess
    a specific mathematical key necessary to unlock
    the message--- this process is called decryption

Hello
Encryption Algorithm

Plain text
Cipher text
Key
Encryption
Decryption
4
Understanding Cryptography
  • Cryptography is used to prevent information from
    being accessed by an unauthorized recipient
  • History of Cryptography
  • See Additional Notes from the webpage
  • Most cryptoghraphy has two methods
  • Substitution each letter in the message you wish
    to encrypt with another oneexample a with
    letter d , b with letter e and so on.
  • Transposition- scrambling the characters that
    are in the message. Example writing a message in
    table of rows double transposition involves
    using two such transformation

5
Dual use technology
  • It is used for military and civil purpose
  • Historically cryptography used in military
    purpose starting from its early years
  • Nonmilitary
  • Religious secrets
  • Science and industry
  • Lovers send letters military for privacy
  • Satellite television broadcasts, ATM, internet
    purchase
  • World government communications

6
Example
  • Message- SSL is a cryptographic protocol
  • This message can be encrypted with an encryption
    algorithm ? encrypted algorithm? called cipher
    text
  • We can encrypt using DES Data Encryption
    Standard
  • des e lttextgt text.des e? for encryption
  • Enter key nosmis ??? encryption key
  • Enter Key again- nosmis
  • cat text.des
  • )(((fi(_at_((_at_34
  • The above message is not readable
  • des d lttext.desgt text.decrypt
  • Enter key nosmis
  • Enter key again nosmis
  • Cat text. decrypt
  • SSL is a cryptographic protocol

7
  • If you try to decrypt the text.des with different
    key
  • des d lttext.desgt text.decrypt
  • EnterKey DON
  • Enter Key Again DON
  • Corrupted file or wrong key
  • Another way to decrypt key search attack or
    Brute force algorithm
  • How easy this algorithm it depend on the key
    size- Assume that key is encrypted with 56 bit
    key- Each bit can be 0 or 1 gt 256 72,057,
    594, 037, 900,000 different keys
  • With Modern computer it can be done in few days

8
Cryptographic algorithms and Functions
  • There are two kinds of encryption algorithms
  • Symmetric Key algorithm - with these algorithm,
    the same key used for encrypt and decrypt- also
    called secret key algorithm, private key
    algorithm-do not confuse with public key
    algorithm which is not related
  • Asymmetric key algorithm- one key is used to
    encrypt and another key used for decrypt
    particular class is public key algorithm also
    called private key or secret key
  • Technology was invented independently by
    Stanford and England called two key cryptography

9
  • Symmetric key algorithm-
  • Work horse for modern cryptographic techniques
  • Faster easier to implement-
  • Three problems
  • Two parties must be exchange keys too quite
    difficult to exchange in a secure fashion
  • Both parties need to keep the key if one party
    lost key message cannot be read
  • For a pair communicate in private then they need
    a unique key it requires (N2-N)/2 keys for n
    users
  • Example

10
Symmetric key algorithm- problem
  • For n small case say 10 we need 45 keys but
    for larger n 300 million we need 300miliion-1
    keys that gives 44,999,999,850,000,000 unique
    keys
  • Public key algorithm-
  • This overcome the above problems
  • It uses 2 keys

Secret key
Key add
Encrypted message
Algorithm
Original message
Algorithm
Original message
11
Continue
  • Public key cryptography can also be used for
    creating digital signature
  • Public key algorithm have significant problem
    they computationally expensive
  • To get speed use hybrid public/private
    cryptosystems also use message digest functions
    which is used to create fingerprint or a key
    this function use to generate a seemingly random
    pattern of bits for a given input

12
Symmetric Key Algorithm
  • It is used for data stream very fast large
    number of possible keys- the best algorithm offer
    excellent secrecy-
  • It is divided into 2 categories
  • Block Algorithm encrypt block of data at a time
  • Stream Algorithm- encrypt bit by bit-- stream
  • Strength of symmetric algorithm
  • The secrecy of the key
  • The difficult of guessing the key or trying out
    all possible keys key search longer keys are
    generally more difficult to guess or find

13
continue
  • The difficult of inverting the encryption
    algorithm without knowing the key
  • The existence of back door or additional ways by
    which an encrypted file can be decrypted more
    easily without knowing the key
  • The ability to decrypt an entire encrypted
    message if you know how a portion of it decrypt
    called a known plaintext attack
  • The properties of the plaintext and knowledge of
    those properties by an attacker
  • Note-- These strength are not proven but it is
    only disproven

14
Key length with symmetric key algorithm
  • Small keys are not secure
  • 40-56 keys are not secure
  • 128- 256 keys gives more secure
  • 40 bit 1 billion/ sec---- takes 18 min
  • 56 bit --- 100 billion/sec----- 8 days
  • 64 bit 1 billion/ sec---- 585 years
  • 80 bit 1 billion/sec 38 million years
  • 128 bits 1023/ sec--- 108 million years
  • 192 1billon billion 2x1032 years
  • 256 bit 1032/sec--- 3.7x1037 years

15
Common Symmetric Key algorithms
  • There are many symmetric key algorithm
  • Blowfish schneier 1-448 b grade
  • DES us govt 56 d
  • IDEA massey 128 b
  • MARS ibm 128-256 c
  • RC2 Rivest 1-2048 a
  • RC4 1-2048 b,d
  • RC5 128-256
  • RC6 128-256
  • Rijindael 128-256
  • Triple DES 168
  • TwoFish Schneier 128-256

16
Explanation of some algorithm
  • DES Data Encryption Standard adopted by US in
    1977 and ANSI standard in 81 strong
    algorithm98Electronic Frontier Foundation EFF
    set a special purpose machine to crack and less
    than a day they cracked the key
  • Triple DES DES with three time with 3 different
    keys 168 bit key
  • Blowfish- fast- compact- simple invented by Bruce
    Schneier variable length key up to 448-
    optimized for 32-64 bit processors
  • IDEA International Data Encryption
    Algorithm-developed in Zurich, Switzerland by
    James Massey, and Xuejia Lai and published in 90
    128 bit key
  • RC2, RC4, RC5 developed by Ronald Rives and kept
    secret by RSA data security until 96 and94 key
    1-2048 bit keys limited to 40 bit keys
  • Rijndael developed by Joan Daemen and Vincent
    Rijmen 2000 by the National Institute of
    Standards and Technology to be US new advanced
    encryption standard 128, 192, and 256 bit keys

17
Attacks on symmetric encryption algorithms
  • Attack fall into 3 categories
  • Key search as we talked before people try to
    find key many times fail but they will succeed
  • Cryptanalysispeople who break codes want to
    discover plain text or key
  • Known plaintext attack-
  • Chosen plaintext attack-
  • Differential cryptanalysis
  • Differential faulty analysis
  • Differential power analysis
  • Differential timing analysis
  • System-based attacks attack cryptographic system
    that uses cryptographic algorithm, without
    actually attacking the algorithm itself

18
Public Key algorithm
  • 1975 Whitfield Diffie and martin Hellman
    Stanford university variety of public key
    encryption systems have been developed
  • Diffie-Hellman key Exchange
  • DSA/DSS digital signature standard -- digital
    signature algorithm developed by us national
    security agency and adopted as a federal
    information processing standard by national
    institute for standards and technology
  • RSA MIT professors Ronald Rivers- Adi Shamir
    and Leonard Adlemen-1977- it is used for
    encrypting information and digital signature
  • Elliptic Curves based on the elliptic curve
    y2 x3axb

19
Uses for public key encryption
  • Two important uses are encrypted messaging and
    digital signature
  • Encrypted message crypted message and mails
  • Digital signature instead of encrypting a
    message, we can use public cryptography to
    digitally sign a message
  • Attacks on public key algoprithms
  • Theoretically easy to attack assume that the
    attacker has a copy of the public key that was
    used to encrypt message
  • Fall two categories
  • Key search attack
  • Analytic attack attack the system

20
Message Digest Functions
  • Message digest function distill the information
    contained in a file ( small or large) into a
    single large number typically 128bit or 256 bits
    in length It combines the following mathematical
    properties
  • Every bit of the message digest functions output
    is potentially influenced by every bit of the
    functions input
  • If any given bit of the function input is
    changed, every output bit has 50 chance of
    changing
  • Given an input file and its corresponding message
    digest, it should be computationally infeasible
    ton find another file with the same message
    digest value
  • It is also called one-way hash function because
    they produce values that are difficult to invert,
    resistant to attack, effectively unique and
    widely distributed

21
Message Digest functions
  • MD2, MD4, MD5, -- Message Digest 2, 4, 5
    developed by Ronald Rivest most secure 128 bit
  • SHA -- the Secure Hash Algorithm related to MD4
    and designed for use with US National Institute
    for Standards and Technology Digitial signature
    Standard (NISTs DSS)
  • SHA1
  • SHA-256
  • SHA-384
  • SHA-512
  • These are extension of SHA

22
Message digest Algorithms at work
  • It is not used for encryption but used to create
    digital signatures, message authentication code
    MAC) and encryption keys from pass phrases
  • Uses-
  • Faster
  • No patent restriction
  • No restrictions
  • Excellent means of spreading the randomness from
    an input among all of the functions output bits
  • You can transform a typed pass phrase into an
    encryption key for use with symmetric cipher
  • Readily used for authentication codes that use a
    shared secret between two parties to prove that
    a message is authentic

23
HMAC
  • Hash Message Authentication code (HMAC) function
    is a technique for verifying the integrity of a
    message transmitted between two parties that
    agree on a shred secret key
  • There are two kinds of attacks on Message digest
    functions
  • Finding two messages any 2 messages- that have
    the same message digest
  • Given a particular message, the attacker finds a
    second message that has the same message digest
    code.

24
Conclusion
  • Many people think that computer security begins
    and ends with encryption
  • Cryptography has a lot to do with security
  • Most powerful tool for keeping dat secure
  • It encompasses a range of techniques, algorithms,
    purposes and objectives
  • We talk about the basics of encryption
  • For further information read book on cryptography
    or take COSC 427
Write a Comment
User Comments (0)
About PowerShow.com