Chapter 2: Security and cryptography Dr. Mohamed Mahmoud http://www.cae.tntech.edu/~mmahmoud/ [email protected] Outline 2.1 Introduction 2.2 Mathematical background 2.3 Cryptosystems and security protocols 2.4 Protocols Cryptology: - Cryptography - Cryptanalysis - Cryptography, a word with Greek origins, means “secret writing.” - However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. – A cipher is a function which transforms a plaintext message into a ciphertext by a process called encryption – Plaintext is recovered from the ciphertext by a process called decryption 1 Encryption / Decryption “attack at midnight” - plaintext “buubdl bu njeojhiu” - ciphertext 2 Cryptanalysis - The science and study of breaking ciphers, i.e., the process of determining the plaintext message from the ciphertext - Objective to recover key not just message - A common approach is brute-force attack – try all possible cases 3 Some Basic Terminology Plaintext - original message Ciphertext - coded message Cipher - algorithm for transforming plaintext to ciphertext Key - info used in cipher known only to sender/receiver Encryption: converting original message into a form unreadable by unauthorized individuals. converting plaintext to ciphertext Decipher (decrypt) - recovering ciphertext from plaintext Cryptography: process of making and using codes to secure transmission of information Cryptanalysis (codebreaking) - study of principles/methods of deciphering ciphertext without knowing key Cryptology - field of both cryptography and cryptanalysis 4 Overview of Security Requirements - Confidentiality - Entity Authentication - Data Integrity - Non-Repudiation - Access Control - Availability Most of these security properties can be achieved through cryptographic functions. 5 Confidentiality - Ability to keep information communicated between (among) authorized parties private - Observer should not be able to recover information - In a stronger sense, an observer cannot determine the parties involved or whether a communication session occurred - Usually achieved by encryption - Snooping refers to unauthorized access to or interception of data. - Traffic analysis refers to obtaining some other type of information by monitoring online traffic. 6 Entity Authentication - Ability of the authorized parties in a communication session to ascertain the identity of other authorized parties – Mutual or one-way authentication - An entity authentication may be a user authentication or a device authentication - The party to be authenticated must provide some verifiable evidence to prove it is the entity identified by the identity. - The verification is to check whether the specific authentication data is valid, which can be generated only by the party with the claimed identity. - Authentication can thwart masquerading or spoofing attacks which happen when attackers impersonate somebody else. 7 = (M, Authentication_data) Alice Bob - Alice sends a msg M to Bob - Bob wants to be sure M is really from Alice - Alice attaches with the message an authentication data such as signature or message authentication code (MAC). - No one can generate this data except Alice (the owner of a secret key). - Bob is able to verify the authentication data 8 Data Integrity - Ability to ascertain that information exchanged has not been subject to additions, deletions, modifications or undue delay. Attacks threatening integrity Modification: attackers intercept a message and change it. Modification can be thwarted by using signature or message authentication code. Replay: attackers obtain a copy of a message sent by a user and later tries to replay it. Usually timestamps are used to thwart replaying. 9 - Integrity is to prevent from altering the message content, while authenticity is to prevent from altering the message source. - These two are inseparable. It is often to use a single cryptographic function to provide both. - Usually, signature and hash functions or MAC can provide integrity and authentication 10 Non-Repudiation - Ability to prevent an authorized party from denying the existence or contents of a communication session - Repudiation means that sender of a message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message. - Ability to prove to an independent third party at a later date the author and contents of a message. - Digital signature is used to achieve this property. 11 Access control - Aims to prevent unauthorized access to resources Availability - The information created and stored by an organization needs to be available to authorized entities. - Network/system should be available all the time. - Denial of service (DoS) is a very common attack that targets availability . It may slow down or totally interrupt the service of a system. 12 security is about how to prevent attacks, or -- if prevention is not possible -- how to detect attacks and recover from them. Attacks can be Passive - Eavesdropping: The attacker simply listens and tries to interpret the data being exchanged – if the data is in-the- clear, they succeed - Traffic Analysis – the attacker gains information by determining how much activity is there, where access points are located, - Difficult to detect. Should be prevented Active - Attempts to alter system resources or affect their operation, examples: masquerade (spoofing), replay, modification (substitution, insertion, destruction), denial of service - Difficult to prevent. Should be detected. 13 Categorization of passive and active attacks 14 Kerckhoff’s Principle Generally assumed that the attacker knows everything about the cryptosystem except the key If, for security, the system requires that details of the system be kept secret, it is not considered secure 15 Trust Model - A trust model is to define trust relations among different parties. - A trust relation can be defined for any two parties with a mutually equal trust or a asymmetric trust. - Some trust relations are assumptions for the security mechanisms, while the others are to be established through applying security mechanisms. - A trust model may include assumptions on the physical environment. For example, we may trust a server located in a company’s building more than a wireless access point installed in a rest area of highway. - A trust model is crucial in establishing a secure communication system. It can go wrong in many ways and result in security holes. 16 Adversary and Threat Models - The parties that may attack the system. - The attackers’ objectives – what they want to do? - How they will attack the system? - What is the attackers’ capability, e.g., regarding computational power? - Is the attacker a single party or colluding with others? 17 Outline 2.1 Introduction 2.2 Mathematical background 2.3 Cryptosystems and security protocols 2.4 Protocols Groups A set of objects, along with a binary operation (meaning an operation that is applied to two objects at a time) on the elements of the set, must satisfy the following four properties if the set wants to be called a group: 1- Closure with respect to the operation. Closure means that if a and b are in the set, then the element a ◦ b = c is also in the set. The symbol ◦ denotes the operator for the desired operation. 2- Associativity with respect to the operation. Associativity means that (a ◦ b) ◦ c = a ◦ (b ◦ c). 3- Guaranteed existence of a unique identity element with regard to the operation. An element i would be called an identity element if for every a in the set, we have a ◦ i = a. 18 4- The existence of an inverse element for each element with regard to the operation. That is, for every a in the set, the set must also contain an element b such that a ◦ b = i assuming that i is the identity element. In general, a group is denoted by {G, ◦} where G is the set of objects and ◦ is the operator. 19 Infinite groups, meaning groups based on sets of infinite size. Examples: – The set of all integers — positive, negative, and zero - along with the operation of arithmetic addition constitutes a group – The set of all even integers — positive, negative, and zero under the operation of arithmetic addition is a group If the operation on the set elements is commutative, the group is called an abelian group. An operation ◦ is commutative if a ◦ b = b ◦ a. Finite Groups 20 21 Summary 22 23 If the group operation is addition, the group also allows for subtraction. Similarly, multiplicative groups allow division. - A group is guaranteed to have a special element called the identity element. The identity element of a group is frequently denoted by the symbol 0. - As you now know, for every element a, the group must contain its inverse element b such that a + b = 0, where the operator ’+’ is the group operator. - So if we maintain the illusion that we want to refer to the group operation as addition, we can think of b in the above equation as the additive inverse of a and even denote it by −a. We can therefore write a + (−a) = 0 or more compactly as a − a = 0. - In general a − b = a + (−b) where −b is the additive inverse of b with respect to the group operator +. We may now refer to an expression of the sort a−b as representing subtraction.24 25 255 mod 11 = 2 27 mod 5 = 2 36 mod 12 = 0 (a+n) mod n = a 26 Set of Residues The modulo operation creates a set, which in modular arithmetic is referred to as the set of least residues modulo n, or Zn. Some Zn sets 27 Operation in Zn The three binary operations that we discussed for the set Z can also be defined for the set Zn. The result may need to be mapped to Zn using the mod operator. Binary operations in Zn 28 Example Perform the following operations (the inputs come from Zn): a. Add 7 to 14 in Z15. b. Subtract 11 from 7 in Z13. c. Multiply 11 by 7 in Z20. Solution 29 Inverses When we are working in modular arithmetic, we often need to find the inverse of a number relative to an operation.