Security Overview, Threat Pragmatics & Cryptography
Issue Date: Revision: Overview
• Security Overview • Goal of Security • Threat Pragmatics • Cryptography Basics
2 3 Why Security?
• The Internet was designed for connectivity – Trust was assumed – Security protocols added on top of the TCP/IP
• The Internet has become fundamental to our daily activities (business, work, and personal)
4 Internet Evolution
LAN connectivity Content driven Data on the Cloud (email, web, music, video)
Security (threats and challenges) change as the Internet evolves!
5 Not-so Recent Incidents
• Slingshot (March 2018) - APT
– Active since 2012!
– Compromise MikroTik routers • not much clarity to on how they do it, but assumed to be based on the ChimayRed exploit - https://github.com/BigNerd95/Chimay-Red
– replace one of the dll in the router's file system with a malicious one (ipv4.dll) • loaded into user's computer when they run the Winbox tool
– Once infected • capture screenshots, collect network info, passwords on browsers,. key strokes etc
6 Not-so Recent Incidents
• Meltdown/Spectre (Jan 2018)
– Exploits processor vulnerabilities! • Intel, AMD, ARM
– Meltdown (CVE-2017-5754): • Breaks the isolation between programs & OS • An application could read kernel memory locations
– Spectre (CVE-2017-5753/CVE-2017-5715) • Breaks isolation between applications • An application could read other application memory
7 Not-so Recent Incidents • (Not)Petya Ransomware/Wiper (June 2017) – Exploited a backdoor in MeDoc accounting suite • Update pushed on June 22 from an update server (stolen credentials) • proxied to the attacker’s machine (176.31.182.167)
– Spread laterally across the network (June 27) • EternalBlue exploit (SMB exploit: MS17-010) • through PsExec/WMIC using clear-text passwords from memory • C:\Windows\perfc.dat hosted the post-exploit code (called by rundll32.exe)
8 Not-so Recent Incidents
• WannaCry Ransomware (May 2017) – As of 12 May, 45K attacks across 74 countries – Remote code execution in SMBv1 using EternalBlue exploit • TCP 445, or via NetBIOS (UDP/TCP 135-139) – Patch released on 14 March 2017 (MS17-010) • https://technet.microsoft.com/en-us/library/security/ms17-010.aspx – Exploit released on 14 April 2017
9 Not-so Recent Incidents
• SHA-1 is broken (Feb 23, 2017) – colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file. • https://shattered.io
10 Find any device • shodan.io
11 haveibeenpwned.com • Have you been compromised? – Tracks compromised accounts and released into the wild • 364 pwned websites • >7 million pwned accounts • ~100K pastes
12 Acknowledgment
• Most of the content from:
Steven M.Bellovin’s “Thinking Security” https://www.cs.columbia.edu/~smb/
13 Before we start…
• What are we protecting - asset? and • From whom?
• All security system designs should be based on these questions!
14 Attack Motivation (Who are your Enemies?)
• Nation states want SECRETS • Organized criminals want MONEY • Protesters or activists want ATTENTION • Hackers and researchers want KNOWLEDGE
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
15 Who are your Enemies?
• Script kiddies: – little real ability, but can cause damage if you’re careless
• Money makers: – Hack into machines, turn them into spam engines, etc.
• Government intelligence agencies, AKA Nation State Adversaries
16 The Threat Matrix
Opportunistic Advanced Persistent hacks Threats
Joy hacks Targeted attacks
Degree of Focus
Source: Thinking Security – Steve M. Bellovin
17 Joy Hacks
• For fun – with little skill using known exploits
• Minimal damage – especially unpatched machines
• Random targets – anyone they can hit
• Most hackers start this way – learning curve
18 Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit – Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares…. – WannaCry? Petya?
• Most phishers, virus writers, etc.
19 Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks – physical reconnaissance
• At worst, an insider (behind all your defenses) – Not-so happy employee L
• Watch for tools like “spear-phishing”
• May use 0-days
20 Advanced Persistent Threats
• Highly skilled (well funded) - specific targets – Mostly 0-days
• Sometimes (not always) working for a nation-state – Think Stuxnet (up to four 0-days were used)
• May use non-cyber means: – burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
21 Are you a Target?
• Biggest risk? – assuming you are not interesting enough!
• Vendors/System Integrators and their take on security: – Either Underwhelming or Overwhelming L
22 Defense Strategies
• Depends on what you’re trying to protect – Assets
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive and cause great inconvenience
23 What Are You Protecting?
• Identify your critical Assets – Both tangible and intangible (patents, methodologies) assets • Hardware, software, data, people, documents – Who would be interested?
• Place a Value on the Asset – Different assets require different level of protection – Security measures must be in proportion with asset value • How much can you afford?
• Determine Likelihood of breaches – threats and vulnerabilities?
24 Exercise
• Imagine you had a bar of gold to protect
– What container would you put it in? – What room would the container be in? – What locks are on the doors? – Where is the room located in the building? – What cameras are watching the room and building? – What humans are watching the cameras? – Who will respond with force to a theft attempt? – How much did all of these cost?
25 Threats, Vulnerability, and Risks
• Threat • Vulnerability – circumstance or – A weakness in an asset that can event with potential be exploited to cause harm to an • Software bugs asset • Design flaws/protocol bugs • Configuration mistakes • Lack of encryption • Lack of or no physical security • Risk – The likelihood that a particular vulnerability will be exploited Risk = Threat x Vulnerability Risk = Impact (Consequence) x Threat x Vulnerability
26 Risk Assessment Matrix
• Managing risks – Probability-Impact matrix to define the level of risk • Commonly used in real-world risk assessment
High Medium High High
Medium Low Medium High IMPACT Low Low Low Medium
Low Medium High LIKELIHOOD
27 Measuring Risks
Risk = Threat x Vulnerability x Consequence
Probability/Likelihood x Impact
Threat Actor: Likelihood (discovery and Technical: - Skill exploit): - CIA - Motive - Discovery ease - Opportunity - Exploit ease Business: - Resources - Awareness - Financial - Detection - Reputation - Legal implications
https://securityintelligence.com/simplifying-risk-management/
28 Exercise
• Discuss: – Some recent vulnerabilities – How does it fit into the risk matrix?
• Place a risk in the matrix by assigning ratings to its High Medium High High – Severity/impact, and – Probability Medium Low Medium High
IMPACT Low Low Low Medium • Remember: Low Medium High LIKELIHOOD/ Risk = Asset (or Impact) x Threat x Vulnerability PROBABILITY
29 Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known exploits: – Security updates/system patches – Update antivirus database
• Ordinary enterprise-grade firewalls – Closer to users/services
30 Against Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense – Firewalls near users and services – Host hardening • Apply security updates, patches, AVs – Monitoring • Intrusion detection • attention to log files
31 Against Targeted Attacks
• Targeted attacks exploit knowledge of target – Try to block or detect reconnaissance – Security policies and procedures matter a lot • How do you respond to phone callers? • What do people do with unexpected email attachments? • USB sticks in the parking lot?
• Hardest case: disgruntled employee or ex-employee – Already behind your defenses – Think Manning & Snowden
32 Against APTs
• L VERY VERY hard to defend against! • Use all of the previous defenses – There are no sure answers • Pay special attention to policies and procedures • Investigate all oddities
33 Defense in Depth
• Layer your security controls – Provides redundancy in case of failure
https://commons.wikimedia.org/wiki/File:Caerphilly_aerial.jpg
34 Example of Security Controls
Category Example of Controls Purpose Make everyone aware of the Policy & Cyber Security Policy, Incident importance of security, define Procedure Handling Procedure role and responsibilities (pre and post incident), understand scope of the problem Technical Firewall, Intrusion Detection Prevent and detect potential System, AV, Logging Systems attacks, mitigate risk of breach
Physical CCTV, Locks, Biometrics, Secure Prevent physical theft of working space information assets or unauthorized physical access
35 However…
• Every machine (connected) is valuable
• They could be turned into bots – Send spam, launch DDoS, host phishing sites – Sniff your local traffic
• Defense: – watch outbound traffic from your network
36 Summary
• Use proper crypto
• Layer your defenses: – Policies, Procedures, and Awareness • Strictly follow • Revise and audit frequently – Physical security – Firewalls closer to services/users – Host hardening • Updated patches and AVs – Application Hardening – Backup important data – IDS/IPS (anomaly detection)
37 Overview
• Security Overview • Goal of Security • Threat Pragmatics • Cryptography Basics
38 Goals of Security
Confidentiality Integrity Availability
prevent safeguard the authorized users unauthorized use accuracy and have reliable and or disclosure of completeness of timely access to SECURITY information information information
39 Access Control
• To permit or deny the use of resource(s)
• All about: – Authentication (who is the user) – Authorization (who is allowed to use what) – Accountability (what did the user do) Authentication
• Verify a user’s identity – “User” may refer to: • a person • an application or process • a machine or device
• Identification comes before authentication – Ex: username to establish user’s identity
• To prove identity, a user must present either: – What you know (passwords, passphrase, PIN) – What you have (token, smart cards, passcodes, RFID) – Who you are (biometrics such as fingerprints and iris scan, signature or voice) Strong Authentication
• An absolute requirement!
• Two-factor authentication – Passwords (something only you know) – Tokens (something only you have)
• Examples: – Passwords – Tokens – PINs – Biometrics – Certificates Two-factor Authentication • At least two authentication ‘factors’ to prove user’s identity – something you know • Username/password – something “only” you have • Token using a one-time password (OTP), or a SMS code
• OTP is generated using a device in physical possession of the user – generated each time and expires after some time – through applications on your device • Authy/Google Authenticator Authorization
• Defines the user’s rights and permissions on a system – Typically ‘if authenticated’ • Grants a user access to a resource and actions they are permitted to perform on that resource Authorization Concepts
• Authorization Creep – When users may possess unnecessarily high access privileges within an organization
• Default to Zero (Zero trust) – Start with zero access and build on top of that
• Principle of lease privilege – give access only to information that the user absolutely need Authorization - Single Sign On
• User logs in only once and gains access to all authorized resources within a system • Benefits: – Ease of use – Reduces logon cycle (time spent re-entering passwords for the same identity) • Common SSO technologies: – Kerberos (prevents replays – T_REQ:timestamp/lifetime) – RADIUS – OTP Token – SAML/OpenID • Disadvantage: Single point of attack – May need to mix with MFA Accounting
• What did the user do with the resource?
• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information – Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems Types of Access Control
• Centralized Access Control – RADIUS • Encrypts the password – TACACS+ • Encrypts the entire message – Diameter (TCP) • Enhanced RADIUS (reliable and secure channel)
• Decentralized Access Control – User database maintained on the resource • Not scalable • No method for consistent control Overview
• Security Overview • Goal of Security • Threat Pragmatics • Cryptography Basics
49 Target
• Targets could be: – Network infrastructure – Network services – Application services – End user machines Uneven Playing Field
• The defender has to think about the entire perimeter – all the weakness
• The attacker has to find only one weakness
• This is not good news for defenders
51 Attack Surface
• Entire Perimeter you have to Defend
Firewall
SMTP Application
Web Server DNS
Power Fiber
52 Soft Gooey Inside
• But it is not just the perimeter! Firewall
SMTP Application USB Sticks Spearfishing Web Server Passwords DNS Ex-Employees SysAdmins
Fiber Power
53 Attacks on Different Layers
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Application Radius, SSH, SMTP,Application SNMP, Telnet, DNS, DHCP DNS Poisoning, Phishing, Presentation SQL injection, Spam/Scam
Session Layer 5: NFS, Socks Transport Transport Layer 4: TCP, UDP, SCTPTCP attacks, Routing attack, SYN flooding
Network Layer 3: IPv4, IPv6, ICMP,Internet ICMPv6, IGMP Ping/ICMP Flood, Sniffing Data Link Layer 2: Ethernet,Network PPP, ARP, NDP, Access OSPF ARP spoofing, MAC Physical flooding(Link Layer) OSI Reference Model TCP/IP Model
54 Layer 2 Attacks
• ARP Spoofing • MAC attacks • DHCP attacks • VLAN hopping
55 ARP Spoofing
I want to connect to Wait, I am 10.0.0.3! 10.0.0.3. I don’t know the MAC address
10.0.0.2 BB-BB-BB-BB-BB-BB ARP Request
10.0.0.3 10.0.0.1 ARP Reply CC-CC-CC-CC-CC-CC AA-AA-AA-AA-AA-AA
ARP Reply
ARP Cache poisoned. Machine A 10.0.0.4 connects to Machine D (not C) DD-DD-DD-DD-DD-DD
I am 10.0.0.3. This is my MAC address
56 MAC Flooding
• Exploits the limitation of all switches – CAM stores mapping of individual MAC addresses to source ports – Finite memory • Attacker floods the CAM table using spoofed source MAC addresses
57 DHCP Attacks
• DHCP Starvation Attack – Broadcasting vast number of DHCP requests with spoofed MAC address simultaneously.
• DHCP Spoofing – Rogue DHCP
58 Wireless Attacks- MITM
• Creates a fake access point and have clients authenticate to it instead of a legitimate one. • Capture traffic (usernames, passwords)
59 Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless security • 104-bit WEP key: – 50% of the time broken with 45k packets – 95% of the time with 85k packets (in less than 60 seconds) Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007
• Use WPA2 (wired protected access) – WPA – 256-bit key – WPA2 - AES
60 Link-Layer Defense
• Dynamic ARP Inspection – Protects against ARP spoofing
– uses DHCP Snooping
– forward ARP packets on Trusted interfaces without checks
– intercept all ARP packets on Untrusted ports and check against IP-to-MAC binding • Drop (and log) if no valid binding
61 Link-Layer Defense
• Port Security – Protects the MAC table
– Limit the number of MACs per port (static or sticky learning) • Forwards valid frames (valid source MACs), and drops invalid frames
– Violation could trigger: • Dropping of invalid frames and port shutdown, or • Drop frames with/without notification
62 Link-Layer Defense
• 802.1X – Identity based network access control – Protection against rogue devices (DHCP or AP) attaching to a LAN
Client Authenticator AAA Server
EAP-Request/Id
EAP-Response/Id Access-Request
EAP-Request/pw Access-Challenge
EAP-Response/pw Access-Request EAP-Success Access-Accept
Port Authorized
Image Source: www.en.wikipedia.org/wiki/IEEE_802.1X
63 Layer 3 Attacks
• ICMP Attacks – ICMP Smurf/Flood – Ping of death
• Routing (control plane) attacks
64 ICMP Flood/Smurf
Echo request Echo request Broadcast Network Address
Attacker Echo reply to actual Other forms of ICMP attack: destination -Ping of death
• Defense: – Disable directed broadcast
no ip directed-broadcast Victim
65 Routing Protocol Attacks
• Malicious route insertion – Poison routing table – To divert traffic and eavesdrop • Analyse/Modify/Drop packets
• BGP attacks – hijack prefixes – Tamper the path information
66 Defense- Routing Attacks
• Authenticate source of routing updates CA – Peer authentication X.509 Cert
• Origin Validation RFC 3779 Extension – Rolled out today as RPKI – ROA (resource certificate) signed by IP Resources the owner (Addr & ASN) • Verifies the origin AS (signed route announcement) SIA – URI (repository) for where this Publishes • Path Validation Subject Public Key Signed by Parent’s Private Key Private Parent’s by Signed – Sign the full path (ASNs traversed) (algorithm and key) • In IETF process as BGPsec
67 SYN Flooding SYN
Server SYN+ACK (Victim)
Attacker ACK?
• Exploits the TCP 3-way handshake • Attacker sends a series of SYN packets • No ACK • Retains state for bogus half-open connections – Finite SYN_RECV queue size – no more resources (memory) to for new legitimate connections – drops!
68 SYN Flood - Defense
• SYN Cookies – MD5 hash (src IP, src port, dst IP, dst port, and ISN in SYN) • Sent back as ISN in its SYN-ACK
– no states for half-open connections in memory • until valid ACK: SEQ = ISN+1 • Store state after valid ACK
Enable: vi /etc/sysctl.conf Þ net.ipv4.tcp_syncookies = 1
Verify: Þ cat /proc/sys/net/ipv4_tcpsyncookies Þ sysctl –n net ipv4.tcp_syncookies
69 Application Layer Attacks
• Very common: – Scripting vulnerabilities
– Buffer overflow
– Cookie poisoning • Tamper session information
– X-site scripting • Client-side code injection
– SQL injection
70 Application Layer - Defense
• User input validation – SQL injection, X-site scripting
• Pen-test or vulnerability scan by experts – Scripting vulnerabilities – Buffer overflow (bounds checking)
71 Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4 • On L7, DoS attack targets applications disguised as legitimate packets – exhaust application resources (bandwidth, ports, protocol weakness) • Includes: – Slowloris – RUDY (R-U-Dead Yet) • POST request with long content length and write forms slowly – LOIC/HOIC (Low/high orbit Ion canon) • TCP/UDP/HTTP requests (H-only HTTP with scripts)
72 Layer 7 DDoS – Slowloris
• Incomplete HTTP requests – No blank line (\r\n) in request header
• Properties – Low bandwidth – Keep threads active • Only affects threaded web servers (Apache) • Doesn’t work through load balancers – Keepalives to reset timeout
73 Layer 7 DDoS – Defense
• Load balancers – Delayed binding – Perform HTTP Request header completeness check • Request not sent to server until the final \r\n (CRLF) received from client
• Non-threaded webservers – not vulnerable to slow header attacks
• ModSecurity – Open source WAF plugin for Apache – embedded or reverse proxy mode • In front of the web server
74 DNS Changer
• Anyone who controls Countries affected by your DNS controls what DNSChanger (2012): you see!
• How: – infect computers with malware – malware changes the user’s DNS settings • to attacker’s resolvers (specific Image Source: Kaspersky address blocks)
75 DNS Changer - Defense
• Find out if you are infected – FBI: • forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS • 64.28.176.0/20; 67.210.0.0/20; 77.67.83.0/24; 85.255.112.0/20; 93.188.160.0/23; 213.109.64.0/20
– DNSChanger Working Group: • www.dcwg.org/fix/
• Clean up: – Run free anti-malware tools • DNSChanger WG site maintains clean-up guides and list of free tools to remove the malware – firewall rules to only allow queries to legitimate servers
76 DNS Cache Poisoning
• Resolvers caching incorrect records that did not originate from authoritative DNS servers
• Result: – redirect to sites (controlled by the attacker)
77 DNS Cache Poisoning
1 3 www.tashi.com 192.168.1.99 I want to access QID=64569 www.tashi.com (pretending to be QID=64570 the authoritative QID=64571 match! zone)
2 QID=64571 Client DNS Caching Root/GTLD Server
QID=64571 3 www.tashi.com 192.168.1.1 WebServer (192.168.1.1) ns.tashi.co m
78 Cache Poisoning - Defense
• DNSSEC – DNS security extensions – Uses public-key crypto • Records (RRset) signed with private key (authenticity and integrity) • Signatures (RRSIG) published in DNS responses • Public key published (DNSKEY) to verify signatures • Child zones sign their records with their pvt key • Parent sings the hash of child’s public key - DS (chain-of-trust)
79 Cache Poisoning - Defense
) Recursive Server www.apnic.net(DO bit Root Server (root’s public key) 2 RRSIG, DS � (Signed referral) Where is 3 1 www.apnic.net? www.apnic.net 4 (DO bit) 8 www.apnic.net RRSIG, DNSKEY , DS Client is at Cache 5 (Signed referral) (stub Resolver) 61.45.255.100 .net TLD (Secure resolution) 6 www.apnic.net
61.45.255.100,(DO bit RRSIG, 7 ) (SignedDNSKEY answer) apnic.net �(authoritative)
80 Amplification Attacks
• Exploits UDP protocol to return large amplified amounts of data – small request, LARGE reply
• Examples: – DNS – NTP – Memcached
81 DNS Amplification Attack
• A type of reflection attack combined with amplification – Source of attack is reflected off other machine(s) – Traffic received is bigger (amplified) than the traffic sent by the attacker
• UDP packet’s source address is spoofed
82 DNS Amplification
Root/GTLD
Open DNS Resolvers Bots
Queries (ANY) with spoofed (victim’s) IP ns.example.com www.example.com 192.168.1.1 dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
Victim Attacker
83 Source IP spoofing – Defense
• BCP38 (RFC2827) – Since 1998! – https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to – Leave your network • Only from your own address space
– To enter/transit your network • Only from downstream customer address space
84 uRPF – Unicast Reverse Path
• Unicast Reverse Path Forwarding (uRPF) – Router verifies if the source address of any packets received is in the FIB table and reachable (routing table) • Drop if not valid! – Recommended on customer facing interfaces
85 NTP Amplification
• UDP 123 • NTP versions older than v4.2.7p26 vulnerable to “monlist” attack (CVE-2013-5211)
– made easier by Open NTP servers (time.google.com)
– Monlist fetches the MRU list of NTP (600) associations ntpdc -c -n monlist
• Several incidents in 2014 – 400Gbps attack on cloud provider
86 NTP Amplification - Defense
• BCP38 • Upgrade NTP (ntpd) server – to v4.2.7p26 or later – Removes/disables “monlist” command; replaced with “mrulist” • Requires proof that the command came from the address in the NTP packet • In older versions: – disable ntp monitor and do not answer ntpq/ntpdc queries
vi /etc/ntp.conf
disable monitor restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery
87 Transport Layer Security
• SSL/TLS • Secure Shell (SSH)
88 Application Layer Security - Encryption • HTTPS – PKI/centralised trust
• PGP (Pretty Good Privacy) – Web of trust (decentralised trust)
• SMIME (Secure Multipurpose Internet Mail Extensions) – Chain of trust (centralised trust/CA)
89 Overview
• Security Overview • Goal of Security • Threat Pragmatics • Cryptography Basics
90 Cryptography
• All about hiding information in plain sight!
91 Cryptography Basics
• At its core is the aim to change ordered data into a seemingly random string – Using a secret key
C = F(P, k)
P – plain text C – cipher text k – cryptographic key
92 Key is the key
• key length is a measure in bits • key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4 – 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
93 Key is the key
• Assume everyone knows your encryption/decryption algorithm – Security of encryption lies in the secrecy of the keys, not the algorithm! • Kerckhoff’s Principle (1883)
• How do we keep them safe and secure?
94 Work Factor
• The amount of processing power and time to break a crypto system – No system is unbreakable!
• The idea is to make it “expensive” to break/guess
95 Encryption and Decryption
ENCRYPTION DECRYPTION ALGORITHM ALGORITHM
Plaintext (P) Cipher Text (C) Plaintext (P)
Encryption Key Decryption Key
96 Symmetric & Asymmetric keys
• Two categories of cryptographic methods – Symmetric and Asymmetric key encryption
97 Symmetric Encryption
• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key • Also called shared secret-key cryptography – The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits
• Widely used examples: – DES/3DES, AES, RC4/6
98 Symmetric Encryption
ENCRYPTION DECRYPTION ALGORITHM ALGORITHM Plain text Cipher text Plaintext
Encryption Key Decryption Key
Same shared secret-key
99 Symmetric Encryption
• Advantages – fast computation since the algorithms require small number of operations
• Disadvantages: – The sender and receiver needs to know the shared secret key before any encrypted conversation starts • How do we securely distribute the shared secret-key between the sender and receiver?
– What if you want to communicate with multiple people, and each communication needs to be confidential? • How many keys do we have to manage? A key for each! • Key EXPLOSION!
100 Symmetric Key Algorithms
Symmetric Algorithm Key Size DES 56-bit keys (8 bits parity) Triple DES (3DES) 112-bit and 168-bit keys AES 128, 192, and 256-bit keys Software Encryption (SEAL) 160-bit keys RC2 40 and 64-bit keys RC4 1 to 256-bit keys RC5 0 to 2040-bit keys RC6 128, 192, and 256-bit keys Blowfish 32 to 448-bit keys
Note: • Longer keys are more difficult to crack, but more computationally expensive.
101 Diffie-Hellman key ‘exchange’
• DH algorithm – secure way to generate a shared secret between two parties – The key is NEVER exchanged or transmitted
102 DH key ‘exchange’
– Alice and Bob agree on two random primes (x and y)
– Alice and Bob pick a secret number each (a and b) • Which they DON’T share
– Alice computes A = x a mod y and sends to Bob
– Bob computes B = x b mod y and sends to Alice
– Alice then computes: S = Ba mod y = (xb mod y)a mod y = xba mod y
– Bob also computes:
S = Ab mod y = (xa mod y)b mod y = xab mod y
103 DH in Colour J
+ +
+ +
Image source: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
104 Diffie-Hellman key ‘exchange’
• Without even knowing what secret each used, Alice and Bob generated the same result! – The shared-secret
– Even if evil “Eve” is listening on the wire • Can see x, y, A, B
– She cannot compute the same result since she would not know Bob and Alice’s secret
• Unlike normal exponentiation, which we can compute by y e =logey • modular exponentiation or modular log(x) is difficult to compute!
105 Asymmetric Encryption
• Also called public-key cryptography
• Use of Public-Private key pair – The key pairs are mathematically linked – Messages encrypted with one key can only be decrypted by the other key of the key pair
• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa
106 Asymmetric Encryption
�Private Key �Public Key
ENCRYPTION DECRYPTION ALGORITHM ALGORITHM
Plaintext � Ciphertext � Plaintext Encryption Key Decryption Key � �
107 Asymmetric Encryption
• Advantages: – Solves the key explosion and distribution problem – No exchange of confidential information before communication • Public key is published (everyone knows) • Private key is kept secret (only the owner knows)
• Disadvantages – Much slower than symmetric algorithms
108 Asymmetric Key Algorithms
Algorithm Key Size Description (bits) RSA 512-2048 - Rivest-Shamir-Adlemen - Based on factoring 100 to 200 digit prime numbers - Base on the assumption that while it is easy to compute products of two large numbers, it is very difficult to factor a large number to be a product of two primes DSA 512-1024 - Digital signature algorithm - Provides capability for authenticating messages DH 512, 1024, - Diffie-Hellman 2048 - Allows two parties to agree on a key to encrypt messages (used for secret key exchange) - Security based on the assumption that while it is easy to raise a number to a certain power, it is difficult to find out which power was used
ElGamal 512-1024 - Based on DH key agreement - Used in GPG/PGP - Encrypted message becomes twice the size of the original (hence used only for sharing secret keys) Elliptical 160 - Keys are much smaller curve - Can adapt many algorithms – DH or ElGamal
109 Hash Functions
• Takes a message of arbitrary length and outputs a small fixed-length code – called the hash or message digest, or digital fingerprint
• One-way mathematical function – Easy to compute, difficult to reverse • Single bit change in input => large indeterminate change in output
• Uses: – Verifying integrity – Digitally signing documents – Authentication (Hashing passwords)
110 Hash Functions
• A form of signature that uniquely represents a data
Arbitrary length data
Hash Function
Fixed-length a88997dfha234 Hash value
111 Well-known Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input – MD5 is widely-used • Collisions found since 2013
• Secure Hash Algorithm (SHA) – SHA-1 produces a 160-bit message digest • Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec) L – Use SHA-2 and SHA-3 (produce longer hash values)
112 Digital Signature
• Electronic documents can be signed – to prove the identity of the sender, and – the integrity of the message
• Encrypted hash of the message – Hash the data – Encrypt the hash with the sender’s private key
Digital Document Hash � Signature Hashing Encryption (Sender’s Private Key)
113 Digital Signature Validation • Sender – Appends the signature to the original document – Sends to receiver
• Receiver – Computes the hash of the received data • Using same hash function
– Decrypts the encrypted hash (signature) using sender’s public key • Authentication
– Compares the hashes • If match, the data was not modified (integrity) and signed by the sender
114 Digital Signature Validation
SENDER RECEIVER
Document Hash Document Hash Function Digital Equal? Signature Digital Signature Hash Decryption� (Sender's Public Key)
115 Example
https://www.gpg4win.org (Windows) https://www.gpgtools.org (OS X)
116 Password - Length vs Complexity
source : http://xkcd.com/936/ Complexity vs Length
• Entropy: randomness in H (bits) = log(C) / log(2) * L the password Where C – character set L – password length • Bits of Entropy: indicates how difficult it is to crack – Character sets • Numbers: 0-9 a password • Alphas (upper): A-Z • Alphas (lower): a-z • Specials: *+-%&$#![]{}\@/~ etc • Difficulty to guess = 2H Complexity vs Length
Password Length 8 12 16 20 24 28 32 Alphanumeric + specials 94 52.4367 78.65507 104.873 131.092 157.3101 183.528 209.7468
Alphanumeric 62 47.6336 71.45036 95.2671 119.084 142.9007 166.717 190.5343 Upper and Lower Bits of alpha 52 45.6035 68.40528 91.207 114.009 136.8106 159.612 182.4141 Entropy Upper or Lower alpha 26 37.6035 56.40528 75.207 94.0088 112.8106 131.612 150.4141
Numbers 10 26.5754 39.86314 53.1508 66.4386 79.72627 93.014 106.3017
• Password length is more important than complexity! – Ex: • Same/more level of entropy using passwords with a 26 character set (12 characters long), as a character set of 94 (all possible ASCII) that’s 8 characters long! PKI Recap
• � Public Key • � Private Key • � Message
• �+� = �✉ Encrypted • �✉+� = �� Decrypted • �+� = �✉ Signed • �✉ + � = � Authenticated
120 121