COSC 316 COMPUTER HOSTS SECURITY

1
COSC 316 COMPUTER HOSTS SECURITY

• SOUNDARARAJAN EZEKIEL
• COMPUTER SCIENCE DEPARTMENT
• INDIANA UNIVERSITY OF PENNYLVANIA
• INDIANA, PA 15705

2
Part II Security Building BlocksChapter 7
Cryptography Basics

• We will talk about
• Understanding Cryptography
• Symmetric Key Algorithm
• Public Key Algorithms
• Message Digest Functions

3
Chapter 7 Understanding Cryptography

• Cryptography is a collection of mathematical
  techniques for protecting information
• Using cryptography, you can transform written
  words and other kind of messages so that they
  are unintelligible to anyone who does not possess
  a specific mathematical key necessary to unlock
  the message--- this process is called decryption

Hello
Encryption Algorithm

Plain text
Cipher text
Key
Encryption
Decryption
4
Understanding Cryptography

• Cryptography is used to prevent information from
  being accessed by an unauthorized recipient
• History of Cryptography
• See Additional Notes from the webpage
• Most cryptoghraphy has two methods
• Substitution each letter in the message you wish
  to encrypt with another oneexample a with
  letter d , b with letter e and so on.
• Transposition- scrambling the characters that
  are in the message. Example writing a message in
  table of rows double transposition involves
  using two such transformation

5
Dual use technology

• It is used for military and civil purpose
• Historically cryptography used in military
  purpose starting from its early years
• Nonmilitary
• Religious secrets
• Science and industry
• Lovers send letters military for privacy
• Satellite television broadcasts, ATM, internet
  purchase
• World government communications

6
Example

• Message- SSL is a cryptographic protocol
• This message can be encrypted with an encryption
  algorithm ? encrypted algorithm? called cipher
  text
• We can encrypt using DES Data Encryption
  Standard
• des e lttextgt text.des e? for encryption
• Enter key nosmis ??? encryption key
• Enter Key again- nosmis
• cat text.des
• )(((fi(_at_((_at_34
• The above message is not readable
• des d lttext.desgt text.decrypt
• Enter key nosmis
• Enter key again nosmis
• Cat text. decrypt
• SSL is a cryptographic protocol

7

• If you try to decrypt the text.des with different
  key
• des d lttext.desgt text.decrypt
• EnterKey DON
• Enter Key Again DON
• Corrupted file or wrong key
• Another way to decrypt key search attack or
  Brute force algorithm
• How easy this algorithm it depend on the key
  size- Assume that key is encrypted with 56 bit
  key- Each bit can be 0 or 1 gt 256 72,057,
  594, 037, 900,000 different keys
• With Modern computer it can be done in few days

8
Cryptographic algorithms and Functions

• There are two kinds of encryption algorithms
• Symmetric Key algorithm - with these algorithm,
  the same key used for encrypt and decrypt- also
  called secret key algorithm, private key
  algorithm-do not confuse with public key
  algorithm which is not related
• Asymmetric key algorithm- one key is used to
  encrypt and another key used for decrypt
  particular class is public key algorithm also
  called private key or secret key
• Technology was invented independently by
  Stanford and England called two key cryptography

9

• Symmetric key algorithm-
• Work horse for modern cryptographic techniques
• Faster easier to implement-
• Three problems
• Two parties must be exchange keys too quite
  difficult to exchange in a secure fashion
• Both parties need to keep the key if one party
  lost key message cannot be read
• For a pair communicate in private then they need
  a unique key it requires (N2-N)/2 keys for n
  users
• Example

10
Symmetric key algorithm- problem

• For n small case say 10 we need 45 keys but
  for larger n 300 million we need 300miliion-1
  keys that gives 44,999,999,850,000,000 unique
  keys
• Public key algorithm-
• This overcome the above problems
• It uses 2 keys

Secret key
Key add
Encrypted message
Algorithm
Original message
Algorithm
Original message
11
Continue

• Public key cryptography can also be used for
  creating digital signature
• Public key algorithm have significant problem
  they computationally expensive
• To get speed use hybrid public/private
  cryptosystems also use message digest functions
  which is used to create fingerprint or a key
  this function use to generate a seemingly random
  pattern of bits for a given input

12
Symmetric Key Algorithm

• It is used for data stream very fast large
  number of possible keys- the best algorithm offer
  excellent secrecy-
• It is divided into 2 categories
• Block Algorithm encrypt block of data at a time
• Stream Algorithm- encrypt bit by bit-- stream
• Strength of symmetric algorithm
• The secrecy of the key
• The difficult of guessing the key or trying out
  all possible keys key search longer keys are
  generally more difficult to guess or find

13
continue

• The difficult of inverting the encryption
  algorithm without knowing the key
• The existence of back door or additional ways by
  which an encrypted file can be decrypted more
  easily without knowing the key
• The ability to decrypt an entire encrypted
  message if you know how a portion of it decrypt
  called a known plaintext attack
• The properties of the plaintext and knowledge of
  those properties by an attacker
• Note-- These strength are not proven but it is
  only disproven

14
Key length with symmetric key algorithm

• Small keys are not secure
• 40-56 keys are not secure
• 128- 256 keys gives more secure
• 40 bit 1 billion/ sec---- takes 18 min
• 56 bit --- 100 billion/sec----- 8 days
• 64 bit 1 billion/ sec---- 585 years
• 80 bit 1 billion/sec 38 million years
• 128 bits 1023/ sec--- 108 million years
• 192 1billon billion 2x1032 years
• 256 bit 1032/sec--- 3.7x1037 years

15
Common Symmetric Key algorithms

• There are many symmetric key algorithm
• Blowfish schneier 1-448 b grade
• DES us govt 56 d
• IDEA massey 128 b
• MARS ibm 128-256 c
• RC2 Rivest 1-2048 a
• RC4 1-2048 b,d
• RC5 128-256
• RC6 128-256
• Rijindael 128-256
• Triple DES 168
• TwoFish Schneier 128-256

16
Explanation of some algorithm

• DES Data Encryption Standard adopted by US in
  1977 and ANSI standard in 81 strong
  algorithm98Electronic Frontier Foundation EFF
  set a special purpose machine to crack and less
  than a day they cracked the key
• Triple DES DES with three time with 3 different
  keys 168 bit key
• Blowfish- fast- compact- simple invented by Bruce
  Schneier variable length key up to 448-
  optimized for 32-64 bit processors
• IDEA International Data Encryption
  Algorithm-developed in Zurich, Switzerland by
  James Massey, and Xuejia Lai and published in 90
  128 bit key
• RC2, RC4, RC5 developed by Ronald Rives and kept
  secret by RSA data security until 96 and94 key
  1-2048 bit keys limited to 40 bit keys
• Rijndael developed by Joan Daemen and Vincent
  Rijmen 2000 by the National Institute of
  Standards and Technology to be US new advanced
  encryption standard 128, 192, and 256 bit keys

17
Attacks on symmetric encryption algorithms

• Attack fall into 3 categories
• Key search as we talked before people try to
  find key many times fail but they will succeed
• Cryptanalysispeople who break codes want to
  discover plain text or key
• Known plaintext attack-
• Chosen plaintext attack-
• Differential cryptanalysis
• Differential faulty analysis
• Differential power analysis
• Differential timing analysis
• System-based attacks attack cryptographic system
  that uses cryptographic algorithm, without
  actually attacking the algorithm itself

18
Public Key algorithm

• 1975 Whitfield Diffie and martin Hellman
  Stanford university variety of public key
  encryption systems have been developed
• Diffie-Hellman key Exchange
• DSA/DSS digital signature standard -- digital
  signature algorithm developed by us national
  security agency and adopted as a federal
  information processing standard by national
  institute for standards and technology
• RSA MIT professors Ronald Rivers- Adi Shamir
  and Leonard Adlemen-1977- it is used for
  encrypting information and digital signature
• Elliptic Curves based on the elliptic curve
  y2 x3axb

19
Uses for public key encryption

• Two important uses are encrypted messaging and
  digital signature
• Encrypted message crypted message and mails
• Digital signature instead of encrypting a
  message, we can use public cryptography to
  digitally sign a message
• Attacks on public key algoprithms
• Theoretically easy to attack assume that the
  attacker has a copy of the public key that was
  used to encrypt message
• Fall two categories
• Key search attack
• Analytic attack attack the system

20
Message Digest Functions

• Message digest function distill the information
  contained in a file ( small or large) into a
  single large number typically 128bit or 256 bits
  in length It combines the following mathematical
  properties
• Every bit of the message digest functions output
  is potentially influenced by every bit of the
  functions input
• If any given bit of the function input is
  changed, every output bit has 50 chance of
  changing
• Given an input file and its corresponding message
  digest, it should be computationally infeasible
  ton find another file with the same message
  digest value
• It is also called one-way hash function because
  they produce values that are difficult to invert,
  resistant to attack, effectively unique and
  widely distributed

21
Message Digest functions

• MD2, MD4, MD5, -- Message Digest 2, 4, 5
  developed by Ronald Rivest most secure 128 bit
  
• SHA -- the Secure Hash Algorithm related to MD4
  and designed for use with US National Institute
  for Standards and Technology Digitial signature
  Standard (NISTs DSS)
• SHA1
• SHA-256
• SHA-384
• SHA-512
• These are extension of SHA

22
Message digest Algorithms at work

• It is not used for encryption but used to create
  digital signatures, message authentication code
  MAC) and encryption keys from pass phrases
• Uses-
• Faster
• No patent restriction
• No restrictions
• Excellent means of spreading the randomness from
  an input among all of the functions output bits
• You can transform a typed pass phrase into an
  encryption key for use with symmetric cipher
• Readily used for authentication codes that use a
  shared secret between two parties to prove that
  a message is authentic

23
HMAC

• Hash Message Authentication code (HMAC) function
  is a technique for verifying the integrity of a
  message transmitted between two parties that
  agree on a shred secret key
• There are two kinds of attacks on Message digest
  functions
• Finding two messages any 2 messages- that have
  the same message digest
• Given a particular message, the attacker finds a
  second message that has the same message digest
  code.

24
Conclusion

• Many people think that computer security begins
  and ends with encryption
• Cryptography has a lot to do with security
• Most powerful tool for keeping dat secure
• It encompasses a range of techniques, algorithms,
  purposes and objectives
• We talk about the basics of encryption
• For further information read book on cryptography
  or take COSC 427