View
249
Download
1
Embed Size (px)
Citation preview
1
資訊安全Network Security
Instructor: 孫宏民[email protected]
Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694
2
• Textbook:
C. Kaufman, R. Perlman, and M. Speciner, Network Sec
urity, Second Edition, Prentice-Hall PTR, 2002. • Reference Books:
1. W. Ford, Computer Communications Security: principles, Standard Protocols, and Techniques, Prentice Hall, 1994.
2. W. Stallings, Network Security Essentials, Second Editi
on, Prentice Hall, 2003. • Grading Scheme:
Project 50%, Paper 25%, Exams 25%
3
Chapter 2 Introduction to Cryptography
Instructor: 孫宏民
4
2.1 What is Cryptography
• Plaintexts (cleartexts): A message is a plaintext.
• Code (digits): representation of data (e.g., ASCII)
• Another code: A = 00, B = 01, C = 02, ..., Z = 25
• Sender, Receiver, and Intruder (or Interceptor):
(Senders and receivers want to make sure an intruder cann
ot read the messages.)
5
• Cipher(Cryptosystem): secret method of writi
ng
• Ciphertexts: An encrypted messages
encipher
decipher
efficientalgorithmsplaintext M ciphertext C
C = E (M)K1
M = D (C)K2
Sender
Receiver
Intruder
Model of Conventional Cryptosystem
6
• Cryptography is the study of creating and using s
ecret writing, or the art and science of keeping mes
sages secure.
• Encryption (Enciphering): The encryption is the
process of disguising a message in such a way as t
o hide its substance. Notation: C=E(M) or EK(M) or
EK1(M)
• Decryption (Deciphering): The process of turnin
g ciphertext back into plaintext. Notation: M=D(C) or
DK(C) or DK2(C)
7
• Cryptanalysis: The art and science of breaking
ciphertexts.
• Cryptographers v.s. Cryptanalysts
• Cryptology = Cryptography+ Cryptanalysis
8
Four Basic Services of Cryptography
• Confidentiality (Secrecy): The intruder canno
t read the encrypted message form the ciphertex
t.
• Authentication: It should be possible for the re
ceiver of a message to ascertain its origin; an int
ruder should not be able to masquerade as som
eone else.
9
Four Basic Services of Cryptography
• Integrity: It should be possible for the receiver o
f a message to verify that it has not been modifie
d in transit; an intruder cannot substitute a false
message for a legitimate one.
• Nonrepudiation: A sender should not be able t
o falsely deny later that he sent a message.
10
2.2 Breaking an Encryption Scheme(1)
• A cipher is breakable if it is possible to fin
d plaintext or key from ciphertext, or to find
the key from plaintext-ciphertext pairs.
• Cryptanalysis = study (methods) of break
ing system, that is, deciphering without the
key (K2), using :
11
2.2 Breaking an Encryption Scheme(2)
(a) Ciphertext only (C)
Most difficult to break (b) Known plaintext (M, C)
E.g., encrypted programs (while, if, else, ...) (c) Chosen plaintext (M*, C)
Get the sender to encipher M* (your choice) for you.
(d) Chosen ciphertext (M, C*)
Get the receiver to decipher C* (your choice) for you.
12
2.2 Breaking an Encryption Scheme(3)
(e) Chosen text (M*, C) and (M, C*)
Combine (c) and (d).
13
Some other types of Cryptanalytic Attacks(1)
• Adaptive-chosen-plaintext Attacks (a speci
al case of a chosen-plaintext attack): The in
truder not only can choose the plaintext that is e
ncrypted, but he can also modify his choice base
d on the results of previous encryption.
• Chosen-key Attacks: The intrduer has some k
nowledge about the relationship between differe
nt keys.
14
Some other types of Cryptanalytic Attacks(2)
• Bruce-force Attacks (Exhaustive search):
To try every possible key one by one and to
check whether the resulting plaintext is
meaningful.
15
2.3 Type of Cryptographic Function
• Hash Function
• Secret Key Function
• Public Key Function
16
2.4 Secret Key Cryptography
• Secret Key Cryptosystems: The encryption
& decryption keys are the same.(EK(M)= C & DK
(C)= M). Stream ciphers: The operation unit on the plai
ntext is a single bit (or byte), such as RC4 and A5.
Block ciphers: The operation unit on the plaintext is a group of bits (a block), such as DES, IDEA, and AES.
17
plaintextencryption
ciphertext
key
ciphertext plaintextdecryption
18
Example of a Cipher
mi, ci {00, 01, 02, ..., 25}
• To encipher:
M = m1 m2 m3 …
C = c1 c2 c3 …
)m(E)m(E)m(E)M(E KKKK 321 1111
)(1 iKi mEc
26 mod )()( 11KmmEK
19
• To decipher:
26 mod )()( 22KccDK
12 26 KK
AZ CBA
Y Z CBY
20
Caesar Cipher
• Shift each letter in the English alphabet forward by K positions (shift past Z cycle back to A).
• K is the key to the cipher. • Example: k=3
T S I N G H U A U N I V E R S I T Y
W V L Q J K X D X Q L Y H U V L W B
21
Code Book
• Plaintext words or phrases are entered into the code book together with their ciphertext substitutes.
• The code book is the key. • Example:
ATTACK JAPAN 4008 5603
Word Code
BOMB 1701
JAPAN 5603
ATTACK 4008
NIGHT 3790
22
2.5 Public Key Cryptosystems
• Public Key Cryptosystems: Encryption & decryption keys are different (EK1(M)=C & DK2(C)=M), such as RSA, ElGamal, and McEliece. The encryption key (public key) can be public
while the decryption key (secret key) cannot be calculated from the public key.
23
• Encryption and decryption are two mathmatical functions that incerses of each other.
plaintextencryption
ciphertext
Private key
ciphertext plaintextdecryption
Public key
24
• There is an additional thing one can do with public key technology, which is to generate a digital signature on a message.
plaintextsigning
Signed message
public key
Signed message plaintextverification
private key
25
2.6 Hash Algorithm
• A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length number.
• We will call the hash of a message m, h(m).
26
• It has the following property: For any message, it is easy to compute h(m). Given h(m), there is no way to find a m that ha
shes to h(m) in a way that is substantially easier than going through all possible values of m and computing h(m) for each one.
It is computationally infeasible to find two value that hash to the same thing.
27
Security Attacks
• Normal flow:
• Interruption:
• Interception:
Informationsource
Informationdestination
28
• Modification:
• Fabrication:
29
• Interruption This is an attack on availability. Examples: cutting of a communication line, or
destruction of a piece of hardware.
• Interception This is an attack on secrecy. Examples: wiretapping to capture data in
network, or illicit copying of files or programs.
30
• Modification This is an attack on integrity. Examples: changing values in a data file, or
altering a program so that it performs differently.
• Fabrication This is an attack on authenticity. Examples: insertion of fake messages in
network, or addition of records to a file.
31
Security Threats • Passive threats
Interception (Secrecy)
• Active threats Interruption (Availability) Modification (Integrity) Fabrication (Authenticity)
sender
passivewiretapping
activewiretapping
insecure channelreceiver
32
Data Security(1)
• Data security is the science and study of methods of protecting data in computer and communications systems.
• Data security studies four kinds of control: Cryptography Access Information flow
• Prevent leakage Inference
People shouldn't be able to infer something that shouldn't be inferred
33
Data Security(2)
• Threats to data in computer systems Secrecy
Browsing, Leakage, Inference Authenticity
Tampering, Accidental destruction
• Browsing Searching through main memory or secondary
storage
34
Data Security(3)
• Leakage
Transmission of data to unauthorized users by processes with legitimate access to the data (e.g., compilers, text editors,...)
• Inference
In a statistical database, you may infer the info of an individual from average.
35
Data Security(4)
• Tampering Replay
insert Delete
• Accidental destruction Unintentional overwriting
Caused by faulty software (e.g., an array subscript is out-of-range)
Access controls are needed to prevent programs from writing into memory regions of other programs
you
boss
xyz
xyz
abc
36
Data Security(5)
Unintentional deletion Caused by software or hardware failure or user
mistakes (e.g., a disk crash) Backup is needed to recover from destruction
37
Other Threats to Data Security
• Ciphertext searching
xyz xyz salary (example)
You don't know what xyz is, but know they are the same. Know one of them Know both
• Masquerading
Write programs to simulate login procedure to get other people's password.
38
Computer System
classifieddata
modifyingfaulty
programoverwriting
replaying
confidentialdata
statistic
inserting
deleting
inference leaking
unclassifieduser
browsing
39
Cryptographic System
• For a given K, DK is the inverse of EK; that is,
• DK(EK(M)) = M• Requirements for cryptosystems:
K, EK and DK are efficient (run in polynomial time)
System is easy to use (no 200 digits keys has to be typed)
Security depends only on the secrecy of K, not on E or D
M CE1K D
2K M
encipher decipher