- PowerPoint PPT Presentation

About This Presentation
Title:

Description:

He, who wants to defend everything, defends nothing. --- Frederick, the Great * * H.248/MEGACO MEGACO: a standard protocol for handling the signaling and session ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 100
Provided by: web2Uwind
Category:

less

Transcript and Presenter's Notes

Title:


1
  • He, who wants to defend everything, defends
    nothing.
  • --- Frederick, the Great

2
Security planning (contd)
  • Components of security planning
  •  Step 1 assessing the threat,
  •  Step 2 writing a security policy a statement
    of what is allowed and what is not allowed
    assigning security responsibilities.
  • Step 3 Choosing
  • the mechanism,
  • tools and
  • methodologies
  • to implement the policy

3
Focus of a PlanReference Thomas
Calabrese,Information Security Intelligence,
Thomson Delmar learning, 2004, pp 4
  • Scope restricting the scope as much as possible
  • reduce size of target
  • disable unneeded services
  • Prioritization and Continuous vigilance by
    monitoring and analysis
  • Access Control limit access of attacker to
    target systems
  • Multi-layer security security in depth
  • hardening the OS and applications
  • Use technologies, which cannot be hacked easily

4
Names of Security Technologies
  • Confidentiality encrypting sensitive data
  • Integrity (no tampering of data) Hashing,
    Digital Signatures
  • Authentication (not an impostor) Digital
    certificates
  • Non-repudiation Trusted Digital 3rd party
    signatures
  • The basis of the above technologies

  • CRYPTOGRAPHY.

5
Authentication
  • Privacy is the best-known benefit of
    cryptography Cryptography also provides
    authenticity, which enables communicators to be
    sure of the identities of the people with whom
    they are communicating. In a business
    transaction, authentication verifies that the
    person acting in one instance is the same person
    who acted in another -- that the person who is
    writing a check, for example, is the same person
    who opened the account and put the money in it.
    - Whitfield Diffie and Susan Landau, Privacy on
    the Line The Politics of Wiretapping and
    Encryption, MIT Press, May 2007

6
  • Using encryption on the Internet is the
    equivalent of using an armored car to deliver
    credit card information from someone living in a
    cardboard box to someone living on a park bench.
  • --- Professor Eugene Spafford
  • Purdue
    University

7
CRYPTOGRAPHY
  • Cryptography (from two words in Greek) means
    secret writing.
  • CRYPTOGRAPHY used to process data (cleartext)
    into unintelligible form (ciphertext),
  • reversibly/irreversibly
  • without data loss
  • usually one-to-one in size /compression
  • Encryption vs Decryption
  • Cryptoanalysis obtaining cleartext from
    ciphertext through breaking of a cryptographic
    code

8
Cryptography
  • Services, provided by cryptographic tools
  • Encryption or Enciphering

Encryption Algorithm
Ciphertext
Plaintext
Key
9
Decryption
  • Decryption or Deciphering

Decryption Algorithm
Plaintext
Ciphertext
Key
10
Why encrypt?
  • A few valid reasons for (reversibly) encrypting
    data are
  • To prevent casual browsers from viewing sensitive
    data files
  • To prevent accidental disclosure of sensitive
    data
  • To prevent privileged users (e.g., system
    administrators) from viewing private data files
  • To complicate matters for intruders who attempt
    to search through a system's files

11
Kerckhoffs principle
  • The security of an encryption scheme should
    depend upon only the secrecy of the key, and NOT
    on the secrecy of the algorithm.

12
Classification
  • Two types of Encryption Algorithms
  • Reversible
  • Irreversible
  • Two types of Keys
  • Symmetric
  • Asymmetric

13
Types of Cryptographic Algorithms
  • Reversible with Symmetric key
  • Secret Key
  • Example DES, AES (Rijndael)
  • Reversible with Asymmetric key
  • Public Key
  • Example RSA
  • Irreversible without any key
  • Message Digest (Hash or cryptographic checksum)
    Example SHA 256
  • Irreversible with a symmetric key
  • Message Authentication Codes

14
Reversible Encryption
  • Reversible ENCRYPTION
  • cleartext ENCRYPTION DEVICE

  • encryption key
  • cleartext
  • can be used only when the same type of encryption
    software/equipment is available at both the ends

ciphertext
Decryption key
Decryption Device
15
Cryptanalysis continued
  • Cryptanalysis It tries to locate the structures
    and patterns of the plaintext in the ciphertext.
  • None of the cryptological methods can completely
  • eliminate the patterns and structures of the
    plaintext in the ciphertext.
  • Polyalphabetic cipher where the substitution
  • differs from character to character in response
  • to a key, which is
  • as long as the message, and which is,
  • truly random
  • can eliminate such patterns. But the key?

16
  • CRYPTANALYSIS
  • Consider the case of
  • Reversible Symmetric Key encryption.

17
Cryptanalysis Methods
Finding the Key
  • Assumption The hacker always knows the
    ciphertext and the encryption algorithm.
  • More is the information available to a hacker
  • ? Easier is the analysis for finding the Key
  • TYPES OF ATTACKS The type is dependent on the
    amount of INFORMATION available to a Hacker
  • 1.ciphertext only Analysis for key Most
    difficult
  • 2.Known plaintext-ciphertext pairs
  • 3.Chosen plaintext-ciphertext pairs
  • 4.Chosen ciphertext-plaintext pairs
  • 5.Chosen text (both 3 and 4) Analysis for key
    Easiest

18
Two Definitions
  • UNCONDITIONALLY SECURE An encryption algorithm
    for which no amount of ciphertext can make it
    possible for one to determine uniquely the
    corresponding plaintext.
  • There is no such algorithm available.
  • COMPUTATIONALLY SECURE An encryption algorithm
    is said to be computationally secure if
  • The cost of breaking the cipher is more than the
    intrinsic value of the information, or,
  • the time required to break the cipher is more
    than the time over which the information is
    required to be confidential.

19
Exhaustive Key Search
  • Key Size No. of Average
    Time
  • Possible keys at 1
    decryption

  • per

  • microsecond
  • 32 232 4.3x109 231
    35.8m
  • 56 256 7.2x1016
    1142 y
  • 128 2128 3.4 x1038
    5.4x1024 y
  • 26P 26!4x1026 4x1026 6.4x1012y

20
Large numbers and computational security --
as worked out by Dr
Lawrie Brown
  • It can be shown from energy consumption
    considerations that the maximum number of
    possible elementary operations in 1000 years is
    about
  • 3 x 1048.
  • Similarly if 10 atoms are needed to store a bit
    of information, the greatest possible number of
    bits storable in a volume of say the moon is
    1045.
  • If for deciphering a cipher requires more
    operations than 3 x 1048, or needs more storage
    than 1045, it is pretty reasonable to say it is
    computationally secure.
  • Reference Notes of Dr Lawrie Brown, Australian
    Defence Force
  • Academy available at http//www.williamstallings.c
    om/Crypto3e.html

21
Some Large Numbers
  • DES 56 bits 7.2x1016 keys
  • Time to next ice age 14,000 yrs
  • Age of planet 109 yrs
  • Age of universe 1010 yrs
  • Time until sun goes nova 1014 yrs
  • Number of atoms in universe 1077
  • DES is a symmetric key standard for encryption.
  • Ref (for cryptography) Professor Schulzrinne,
    Columbia Univ

22
Exhaustive Key Search (continued)
  • A calculation in 1995 showed that
  • 56-bit key broken in 1 week with 120,000
    processors
  • (6.7M)
  • 56-bit key broken in 1 month with 28,000
    processors (1.6M)
  • 64-bit key broken in 1 week with 3.1x 107
    processors (1.7B)
  • 128-bit key broken in 1week with 5.6x 1026
    processors

23
Brute Force Cryptoanalysis
  • 1999 56-bit key broken in 22.5 h with 1,800
    chips (250,000) (245 109 keys/s, or 4.08
    microsecond for one key -- see eff.org) helped
    by distributed.net
  • 1998 56-bit key broken, on dedicated h/w, in a
    few days
  • 1997 56-bit key broken, by using a large number
    of machines in parallel on the Internet, in a few
    months

24
Birthday paradox
  • A result from probability theory Consider an
    element that has an equal probability of assuming
    any one of the N values. The probability of a
    collision is more than 50 after choosing 1.2vN
    values.

Function
Random input
One of k equally likely values
The same output can be expected after 1.2k1/2
inputs. Thus in a group of 23, two or more
persons are likely to share the same birthday.
(Put k 365) Birthday attacks are used to find
collisions of Hash functions
25
Birthday Bound
  • A 64 bit key has 264 18x1018 different key
    values.
  • A Key is selected at random.
  • So after seeing 1.2x 232 5.16x109 transactions,
    a hacker can expect the same key to be used.
  • For an n-bit case, 2n/2 is called the Birthday
    Bound

26
Example of a Birthday Attack
Replacing part of the message attack
  • Assume
  • A 64 bit key
  • The first statement in a message is always the
    same.
  • A hacker
  • listens to and stores all encrypted messages.
  • When the FIRST encrypted sentence turns out to be
    the same, he replaces the rest of the new message
    by the old message, that he has in his memory.
  • By Birthday Paradox, this is likely to happen
    after 232 transactions.

27
Example of a Meet in the Middle attack
  • Generate 232 keys.
  • Store encrypted messages of the first sentence.
  • Compare the first sentence of every encrypted
    message on the net with each of the stored
    messages.
  • On getting a match, the Hacker knows the key. So
    he can now replace the remaining message by
    whatever he wants.

28
  • Message Digests/ Checksum
  • Used for confirming Integrity of data
  • CRC not sufficient
  • Cyclic Redundancy Check

29
Irreversible Encryption
Fingerprinting Data
  • Hash Functions

Encryption Algorithm
Hash
Plaintext
Collisions in the output?
30
Cryptographic Hash Functions (H)
  • H A transformation
  • m variable size input
  • h hash value a fixed size string,
  • also known as message digest or fingerprint or
    compression function.

H(m)
m
h
31
Message Digest

Variable Length Message
Fixed Length Digest
Hashing Algorithm
32
Uses of Hash Functions
  • Integrity check
  • for getting a document time- stamped without
    revealing its contents to the time stamp service
  • Authentication through Digital Signatures
  • For generation of pseudo-random numbers to
    generate several keys from a single shared secret
  • Typical output of a Hash 128 to 512 bits

33
A Cryptographic Hash function
  • Properties of Cryptographic Hash functions
  • One-way functions
  • Hard to invert Computationally infeasible
    to find some input m such that H(m) h.
  • Collision-resistant a very large number of
    collisions exist. But these cannot be found.
  • Should be a random mapping from all possible
    input values to the set of possible output values

34
Message Digest
  • Consider an algorithm that generates outputs
    which are randomly distributed.
  • Let the MD (output) be of n bits
  • 2n No of possible outputs.
  • Since these are randomly distributed, the
    probability is that after 1.2 (2n )1/2 digests
    are computed, we may find the same value.
  • ( Remember Birthday Paradox)
  • Thus for n 128, it would be (1.2)264 .

35
Definitions
  • WEAKLY COLLISION FREE HASH FUNCTION
  • Given a message m1.
  • It is computationally infeasible to find m2
  • such that
  • m1 is not equal to m2, and,
  • H(m1) H(m2).
  • STRONGLY COLLISION FREE HASH FUNCTION
  • No message is given.
  • It is computationally infeasible to find any two
    messages m1 and m2 such that
  • H(m1) H(m2).

36
Hash Functions Collision-free Example
  • Example Consider a Hash of 128 bits.
  • Weak The probability of finding a message m2
    corresponding to a given hash value H(m1) is
  • 2-128.
  • StrongThe probability of finding two messages
    with the same hash value (with no constraint on
    any of the two messages) is 2-64.

37
Properties of Cryptographic Hash functions
(continued)
  • H(m) is easy to compute.
  • The input can be of any length.
  • The output has a fixed length.
  • Notes 1 Consider a transformation of a sequence
    of length n1 to a sequence of length n2, where n1
    gt n2.
  • In such a case, there must exist multiple input
    sequences that map to the same fixed-length hash
    value.

38
Notes on hash functions (continued)
  • 1. In the definitions of hash functions, it is
    only
  • required that to find x should be
    computationally infeasible, even though we know
    that x exists.
  • 2. Computationally Infeasible (CI) means that the
    time complexity of the algorithm should grow
    faster than any polynomial.
  • So CI means that it may take an extremely long
    time to compute x on even the fastest machine of
    the day.

39
Popular Hash Functions
  • Iterative functions
  • Split the message to equal sized blocks m1, m2,
    mk (Use padding for the last block.)
  • Hi h(Hi-1, mi), with H0 as a fixed value
  • MD2 , MD4 and MD5 developed by Rivest.
  • MD2 (1989 ) Optimized for 8 bit machine
  • MD4 (1990) , MD5 (1991) Optimized for 32-bit
    machines .
  • MD2, MD4 and MD5 produce a 128-bit hash value.
  • 2004 Muller showed that MD2 is vulnerable to
    PRE-IMAGE attack ( Attempt to find a message,
    that has a specific hash value) So not a one-way
    function

40
Popular Hash Function MD5
  • MD4
  • Den Boer and Bosselaers ( in a paper in 1991)
    discovered weaknesses.
  • was cracked by Dobbertin. He devised a method to
    generate collisions in MD4.
  • MD5 (Ref RFC 1321) was supposed to be more
    secure. probability of MD5 collision
    1/3x1038
  • 1994 A non-fatal flaw discovered.
  • SHA1 (Secure Hash Algorithm) Produces a 160
    bit hash value from a message of less than 264
    bits

41
Popular Hash Function SHA 1
  • SHA 1 designed by NSA and standardized by NIST
    as a part of the Capstone project. (based on MD5
    and 2 to 3 times slower than MD5) (Ref RFC
    3174 and FIPS 180-1)
  • Aug 2004 reported generating collisions in MD4
    using "hand calculation", and in the family of
    MD4/MD5/SHA/RIPEMD. So its usage is now not
    recommended.
  • Reference Xiaoyun Wang and Dengguo Feng and
    Xuejia Lai and Hongbo Yu, Collisions for Hash
    Functions MD4, MD5, HAVAL-128 and RIPEMD,
    Cryptology ePrint Archive Report 2004/199,
    http//eprint.iacr.org/2004/199.pdf

42
Popular Hash Functions To be used today
  • SHA 256, SHA 384 and SHA 512 (Ref FIPS 180-2)
  • designed for use with AES with 128, 196 and 256
    bits. Slower than SHA1 may take nearly as much
    time as encryption by AES.
  • SHA384 uses SHA 512 method and discards the
    remaining bits. So though it takes the same time
    as SHA 512, it is less secure.
  • Others Snerfu generates 128 bit or 256 bit
    hash
  • Haval produces 128, 160, 192, 224 or 256 bit
    hash.

43
  • Reversible Symmetric-Key Encryption
  • Used for confidentiality of data

44
Secret Key/ Symmetric Cryptography
  • Also called Private/Secret key Encryption
  • Simpler and faster (than asymmetric)

45
Symmetric Key Encryption
  • Sender-end

Message by sender
Encrypted Message
Pr-key
Internet
Message at receiver
Pr-key
Encrypted Message
Receiver-end
46
  • Public-key cryptography was not only "the most
    revolutionary new concept in the field since. .
    .the Renaissance but it was generated totally
    outside of the government's domain -- by a
    privacy fanatic, no less! -- David
    Kahn
  • quoted by Steven Levy in Crypto
    Rebels,
  • Wired News,
    May/June 1993

47
  • Reversible Asymmetric-Key Encryption
  • Used for digital signatures

48
Public Key/ Asymmetric Cryptography
  • invented in 1976 by Whitfield Diffie and Martin
    Hellman
  • two keys private (d), public (e)
  • Both are mathematically related.
  • REQUIREMENTS Computationally infeasible
  • to derive one key from the other
  • to find out the private key from a chosen
    plaintext attack
  • much slower (about 1000 times) than secret key
    cryptography
  • Vice president and Sun fellow chief security
    officer, Sun Microsystems Inc.

49
public-key cryptography (continued)
  • public-key cryptography system requires
  • a trusted system for distributing public keys
  • RSA (Rivest, Shamir and Adelman) Algorithm is
    well known for the public key system.
  • APPLICATIONS
  • a digital signature system to authenticate
    that a message is really from whom it purports to
    be from
  • Pretty Good Privacy system, an e-mail system,
    uses the public key system for security.

50
History again Who was
Diffie?
  • Mid-sixties Whitfield Diffie son of a historian
    became a member of hackers Community at MIT
    passionate about privacy
  • The user's privacy depended on the degree to
    which the administrators were willing to protect
    the password file. You may have protected files,
    but if a subpoena was served to the system
    manager, it wouldn't do you any good," Diffie
    notes with withering accuracy. "The
    administrators would sell you out, because they'd
    have no interest in going to jail."

51
Who was Diffie? 2
  • 1965 Diffie got wrong information that National
    security Agency was encrypting phone
    conversations in their own building. Diffie
    started thinking about the problem.
  • 1967 The Codebreakers by David Kahn.
  • The book a history of cryptography,
    focussing on US Military work of 20th century
  • Diffie became enthralled by the book.
  • His interest in complex mathematical algorithms
    to help protect privacy

52
What did Diffie do?
  • Not much of published literature on cryptography.
  • So Diffie, with wife Mary, started touring
    Universities in USA to talk to any one,
    interested in cryptography.
  • Sept 74 Diffie got a 30 minute appointment with
    Prof Hellman at Stanford
  • Hellman took Diffie as his doctoral student and
    made him responsible for weekly seminars

53
Others contribute
  • Ralph Merkle, another doctoral student of
    Hellman developed Knapsack, a public key
    system. But Adi Shamir soon showed that it could
    be broken.
  • Peter Blattman, a Berkeley grad student told
    Diffie that Ralph Merkle was trying to solve the
    problem of communicating securely with someone
    you had never had any contact with before. "I
    persuaded him it couldn't be done. But then
    ., -- Diffie
  • Hellman started asking colleagues for
    mathematical equations that were easy to compute,
    but hard to work backward.
  • John Gill, a mathematics professor at the
    University of California at Berkeley, told
    Hellman about computing exponents in finite
    fields.

54
The P-K systems
  • May 1975 Martin Hellman and Whitfield Diffies
    seminal paper on public key cryptography
  • 1977 Three professors at MIT Ron Rivest, Adi
    Shamir and Len Adleman followed with another
    similar approach known by their initials, RSA
  • Unannounced Systems
  • 1974British government's eavesdropping
    organization known as the Government
    Communications Headquarters, or GCHQ Malcolm
    Williamson, discovered an algorithm very similar
    to the work of Diffie and Hellman. (published
    1997)
  • David Kahn NSA had also discovered the public
    key system. But both GCHQ and NSA did not
    announce it.

55
Patents
  • 1983 Jim Bidzos took up reins of RSA and kept
    it alive for 12 years, waiting for Internet to
    create the demand for digital signatures
  • Stanford held Diffie-Hellman patent Diffie made
    10,000 by royalty
  • MIT held RSA patent. MIT made 10 Million dollars

56
Diffie-Hellman algorithm
  • To find a key, Alice chooses a random number "a"
    and Bob chooses a random number "b." They also
    agree on some value of "g" in advance.
  • Alice ships ga that is, g raised to the power
    a, as in238 to Bob and Bob ships gb to Alice.
  • Alice computes (gb)a and Bob computes (ga)b.
    These serve as the key.
  • The system can't be broken because the arithmetic
    occurs in a "finite field" with some prime number
    "p. This is indicated by appending "mod p" to
    the equation.
  • No one knows an efficient way to find a from g
    and ga. This is known as taking the "discrete
    log, making the link secure from the
    eavesdroppers.

57
Diffie-Hellman algorithm
  • To find a key, Alice chooses a random number "a"
    and Bob chooses a random number "b." They also
    agree on some value of "g" in advance.
  • Alice ships ga that is, g raised to the power
    a, as in238 to Bob and Bob ships gb to Alice.
  • Alice computes (gb)a and Bob computes (ga)b.
    These serve as the key.
  • The system can't be broken because the arithmetic
    occurs in a "finite field" with some prime number
    "p. This is indicated by appending "mod p" to
    the equation.
  • No one knows an efficient way to find a from g
    and ga. This is known as taking the "discrete
    log, making the link secure from the
    eavesdroppers.

58
public-key cryptography (continued)
59
Asymmetric Key Encryption Example to ensure
that no one else the recipient reads the message
  • Also called Public key Encryption

A
Bs public
Encrypted Message
Message
key
Internet
Bs private
Encrypted Message
Message
key
B
60
public-key cryptography (continued)
  • Data transmission private key(d), public key (e)

61
public-key cryptography (continued)
  • Applications and Advantages
  • Storage for safety use public key of trusted
    person
  • Secret vs. Public Key system
  • secret key system needs secret key for every
    pair of persons, that wish to communicate
  • n users ? n(n-1)/2 keys
  • public key system needs two keys for every
    person, who wants to communicate.
  • n users ? 2n keys

62
Public Key of Alice
  • Send through e-mail (A hacker, say Eve could
    pretend to be Alice.)
  • A trusted authority maintains a public directory
    mapping names to public key
  • Publish hard copy using water-marked paper
  • Secure electronic access by locking through
    private key of trusted party
  • (If Trusted Authoritys private key is
    compromised, the whole system becomes suspect.)

63
Digital certificate for getting
Public Key reliably
  • A digital certificate from a trusted party may
    contain
  • The name of a person
  • His e-mail address
  • His public key
  • The recipient of the encrypted certificate uses
    the public key of the Certification Authority to
    decode the certificate.
  • Standard for certificate X.509

64
Certifying Authorities
  • Examples of CAs www.verisign.com or
    www.thawte.com
  • Verisigns Certificate Classes
  • Individual ( without identity check) certifies
    that this is an individual, who has paid the
    Verisign fee for getting a Certificate
    Verisigns liability limited to 100 only!
  • Individuals and Organizations (with physical
    verification by a notary) Cost of certificate
    much higher Verisigns liability limited to
    100,000.
  • Revoking the Certificate (CRL)

65
Digital Certificate
  • private key(d), public key (e)
  • Alice wants to send a non-repudiable message to
    Bob.
  • Alice gets a certificate from the trusted
    authority
  • CA EdTAlice, e-mail address of
    Alice, eA.
  • Alice encrypts the message (m) with her private
    key. Ci EdTm
  • Alice sends (Ci CA) to Bob.
  • Bob uses eT to find public key of Alice from CA
  • Bob obtains m by decrypting Ci by using the
    public key of Alice.

66
Digital signatures
  • Digital Signatures A is to sign a Msg and send
    it to B

B
Decode digest using Public key of A
Msg
Msg Encoded Digest
Msg Encoded Digest
A
Digest Algorithm
Digest
Digest Algorithm
Msg
Encoding using Private key of A
Digest
Compare
67
Secure Socket Layer
  • A user sends a Hello message to the Server
  • The server sends its Certificate.
  • The user checks the certificate by using the
    public key of the trusted authority
  • The user picks a random number K, encrypts it by
    using the public key of the server and sends it
    to the server.
  • The server decrypts using its private key.
  • Thus both the user and the server share the
    secret key K for the session. K may be used for
    exchanging encrypted messages.

68
Pretty Good Privacy
  • private key(d), public key (e)
  • Key-ring List of public keys, signed by the
    owners private key
  • Example Alice knows Bob and Rita.
  • Alices Key-ring EdA(Bob, e-mail address of
    Bob, eB)(Rita, e-mail address of Rita, eR)
  • Web of trust

69
  • Confidentiality of data

70
Message/data Encryption
Combines conventional and public-key encryption
Recipients Public key
Session key
Encrypted session key
Encrypt
Encrypt
data
Encrypted data
71
Message/data Encryption
Combines conventional and public-key encryption
Recipients Private key
Session key
Encrypted session key
Decrypt
Decrypt
data
Encrypted data
Public-key encryption provides a secure channel
to exchange symmetric encryption keys
72
  • Message Authentication Code

73
Message Authentication Codes
  • m message (can be of any size)
  • K fixed-size symmetric key
  • known to both the sender and receiver only
  • MAC of fixed size

m
MAC
MAC Function
Key
74
MACs for integrity
Message Authentication code, adds a password/key
to a hash
data
data
Mac
Message MAC
Password/key
Only the password holder(s) can generate the MAC
75
MAC continued
  • A MAC function (also called a cryptographic
    checksum)
  • Need not be reversible.
  • Many-to-one function
  • MAC provides
  • Authentication and
  • integrity
  • If one more symmetric key is used,
    confidentiality can be provided.
  • This separates authentication and
    confidentiality functionalities.

76
MAC continued
  • This may be required in a system wherein
    authentication may be at the application layer,
    whereas confidentiality may be required at a
    lower layer (like at transport layer.)
  • Separation of Authentication and Confidentiality
  • Or the recipient organisation may check for
    authentication at the entry system. The
    confidentiality may be required up to the final
    host within the recipient organization.
  • Does not provide signatures
  • The recipient can forge the message.
  • The sender can repudiate it.

77
HMAC keyed Hashing for Message
Authentication
  • HMAC An algorithm which uses a keyless hash
    function and a cryptographic key to develop a MAC
  • Advantages Hash functions are faster
  • no export controls on keyless hash functions.
  • H a keyless hash function
  • Input a block of b bytes
  • Output a hash of l bytes
  • K key no longer than b bytes (If larger than b,
    take a hash of K and use it as the key)
  • Kpad K, with zeros on the left - if required,
    so that K becomes b bytes long
  • Reference RFC 2104

78
HMAC (continued)
  • ipad a sequence of b bytes obtained by repeating
    the byte 0011 0110
  • opad a sequence of b bytes obtained by repeating
    the byte 0101 1100
  • Definition of a HMAC-H function with a key K and
    message m
  • H(K,m)
  • H( (K XOR opad) ll H( (K XOR
    ipad) ll m) )
  • Reference 1. M. Bellare, R. Kaneti and
    H.Krawczyk, Keyed Hash Functions and Message
    Authentication, Advances in Cryptology-
    Proceedings of CRYPTO 96, PP. 1-15 (1996)
    2.H.Krawczyk, M. Bellare and R. Kaneti, RFC
    2104, Feb 1997

79
Function for MAC
  • HMAC
  • MD5 or an SHA function may be used.
  • Recommendation for a 128 bit security SHA-256
  • MAC may also be obtained by using a block cipher
    and by throwing away all the blocks except the
    last block. This is called CBC-MAC.
  • CBC cipher block chaining method
  • However if it is used, the key for encryption
    and the key for message authentication must be
    different.
  • Slower than HMAC

80
Authentication issues
  • If only the message between Alice and Bob is
    authenticated,
  • Eve could store the message and send it later
    again. Or
  • Eve could send the message from Alice -- back to
    Alice at some later time, spoofing it as a
    message from Bob.
  • To avoid it, m2 information like message
    number, sender address and receiver address etc
    may be concatenated with m before creating a MAC.
  • Further problem Version problem, which may
    increase the size of fields.
  • Example Alice sends the older version. Eve
    adds data to make it look to Bob as if Alice sent
    the new version. So version number has also to be
    added to m2. RULE Authentication at a higher
    layer only.

81
Laws for security before
the networking age
  • Privacy Act of 1974, passed by the United States
    Congress following revelations of the abuse of
    privacy during the administration of President
    Richard Nixon mandates that each United States
    Government agency have in place an administrative
    and physical security system to prevent the
    unauthorized release of personal records
  • Computer Matching and Privacy Protection Act of
    1988, amended the Privacy Act of 1974 by adding
    certain protections for the subjects of Privacy
    Act records whose records are used in automated
    matching programs mandates the establishment of
    Data Integrity Boards at each agency engaging in
    matching to monitor the agency's matching
    activity for oversight of matching programs

82
Laws for security after
the networking age
  • Health Insurance Portability and Accountability
    Act of 1996 (HIPAA) for convenience, privacy and
    security of electronic health transactions
  • Federal Information Security Management Act of
    2002 (FISMA) mandates yearly audits of computer
    and network security of federal government and
    affiliated parties (like government contractors)
    requires that processes used by all these
    entities must follow a combination of
  • Federal Information Processing standards (FIPS)
    documents,
  • the special publications SP-800 series issued by
    National Institute of Standards and Technology
    (NIST), and
  • other legislation pertinent to federal
    information systems, such as the Privacy Act of
    1974 and HIPAA
  • Also called E-government Act

83
Laws for security after the
networking age.2
  • Sarbanes-Oxley Act of 2002 (also known as the
    Public Company Accounting Reform and Investor
    Protection Act and commonly called SOX or
    Sarbox), named after Senator Paul Sarbanes and
    Representative Michael G. Oxley)
  • establishes a new quasi-public agency, the Public
    Company Accounting Oversight Board (PCAOB), which
    is charged with
  • overseeing,
  • regulating,
  • inspecting, and
  • disciplining accounting firms working as as
    auditors of public companies.
  • covers issues such as
  • auditor independence,
  • corporate governance,
  • internal control assessment, and
  • enhanced financial disclosure.
  • SOX ? additional audit/reporting costs of 45 B

84
Laws for security after the
networking age.3
  • SB 1386, a California law 2003, introduced by
    State Senator Peace regulating the privacy of
    personal information mandates the necessity of
    informing individuals, whose personal information
    may have been disclosed to unauthorized persons,
    due to a security breach
  • Personal Information Protection and Electronic
    Documents Act (PIPEDA or PIPED Act), a Canadian
    law relating to data privacy makes mandatory
    provisions of the Canadian Standards
    Association's Model Code for the Protection of
    Personal Information 1995

85
International Laws
  • 1980 OECD Guidelines for the Protection of
    Privacy and Transborder Flows of Personal Data
  • 1981 Council of Europe Convention for the
    Protection of Individuals with Regard to
    Automatic Processing of Personal Data
  • Both the above adopted by 50 countries.
  • Privacy as a fundamental human right accepted by
    many European countries
  • Privacy as a constitutional guarantee accepted
    by Brazil

86
International Laws 2
  • 1992 The OECD Guidelines for the Security of
    Information Systems consist of Democracy
    Principle and Ethics Principle
  • eviscerated in 2002
  • 1992Democracy Principle The security of
    information systems should be compatible with the
    legitimate use and flow of data and information
    in a democratic society.
  • 2002 The security of information systems and
    networks should be compatible with essential
    values of a democratic society

87
International Laws 3
  • 1992 Ethics Principles Information systems and
    the security of information systems should be
    provided and used in such a manner that the
    rights and legitimate interests of others are
    respected.
  • 2002 Participants should respect the legitimate
    interests of others.

88
IP and the Internet Architecture
OSI Model
Internet Architecture
Application/data
Application
Presentation/data
Session/data
Transport/segment
Internet addressing, routing
Network/packet
IP
Data Link/frame
Network
Ethernet, Token Ring, etc.Bridging and switching
Physical/bit
89
FTP
SMTP
TELNET
DNS
BGP
RIP
OSPF
UDP
TCP
ICMP
IP
RARP
ARP
Data Link Layer
Physical Layer
90
  • Ethernet Type
  • ARP 080616
  • RARP 803516
  • IP 080016
  • IP Protocol
  • OSPF 89
  • UDP 17
  • TCP 6
  • ICMP 1
  • UDP Ports
  • RIP 520
  • DNS 53
  • TCP Ports
  • BGP 179
  • DNS 53
  • SMTP 25
  • TELNET 23
  • FTP 21
  • HTTP 80
  • HTTP PROXY 8080

91
TCP/IP STACK
92
Stream Control Transmission Protocol
(SCTP)
  • SCTP
  • a reliable transport protocol operating on top of
    IP.
  • It offers acknowledged error-free non-duplicated
    transfer of datagrams (messages).
  • Detection of
  • data corruption,
  • loss of data and
  • duplication of data
  • is achieved by using checksums and sequence
    numbers. A selective retransmission mechanism is
    applied to correct loss or corruption of data.

93
Difference between SCTP and TCP
  • difference with to TCP multihoming and the
    concept of several streams within a connection.
    Where in TCP a stream is referred to as a
    sequence of bytes, an SCTP stream represents a
    sequence of messages (and these may be very short
    or long).
  • References 1. SCTP for beginners
    http//tdrwww.exp-math.uni-essen.de/inhalt/forschu
    ng/sctp_fb/index.html as of Oct 12/2006
  • 2. http//www.sctp.org/ 3. RFC2960

94
Session Initiation Protocol (SIP)
  • a signalling protocol used for establishing
    sessions in an IP network.
  • A session may be
  • a simple two-way telephone call or
  • a collaborative multi-media conference session.

95
Uses of SIP
  • VoIP telephony
  • voice-enriched e-commerce,
  • web page click-to-dial,
  • Instant Messaging with buddy lists
  • References 1. RFC 3261
  • 2.http//www.sipcenter.com/sip.nsf/html/WhatIsSI
    PIntroduction

96
Session Initiation Protocol
  • VoIP uses the following standards and protocols
  • to ensure transport (RTP),
  • to authenticate users (RADIUS, DIAMETER),
  • to provide directories (LDAP),
  • to be able to guarantee voice quality (RSVP,
    YESSIR) and
  • to inter-work with today's telephone network,
    many ITU standards

97
H.323 and H.248
  • H.323 (ITU standard to allow telephones, on the
    public telephone network, to talk to computers,
    connected to Internet)
  • used for local area networks (LANs), but was not
    capable of scaling to larger public networks.
  • H.248 also called MEGACO
  • Media Gateway Control Protocol (Megaco) --- the
    name used by IETF
  • H.248 the name used by ITU-T Study Group 16

98
H.248/MEGACO
  • MEGACO a standard protocol for handling the
    signaling and session management needed during a
    multimedia conference.
  • defines a means of communication between a media
    gateway, which converts data from the format
    required for a circuit-switched network to that
    required for a packet-switched network, and the
    media gateway controller.
  • References 1.RFC 3015
  • 2. http// searchnetworking.techtarget.com/
    sDefinition/0,,sid7_ gci817224,00.html as of 12th
    Oct 2006

99
IEEE 802.3 Standard
Dest add
Src add
data
preamble
type
crc
8
6
6
2
46B 1500B
4
bits 368-12,000 FRAME
16 bits
CRC Cyclic Redundancy Check
Write a Comment
User Comments (0)
About PowerShow.com