1

資訊安全Network Security

Instructor: 孫宏民hmsun@cs.nthu.edu.tw

Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694

2

• Textbook:

C. Kaufman, R. Perlman, and M. Speciner, Network Sec

urity, Second Edition, Prentice-Hall PTR, 2002. • Reference Books:

1. W. Ford, Computer Communications Security: principles, Standard Protocols, and Techniques, Prentice Hall, 1994.

2. W. Stallings, Network Security Essentials, Second Editi

on, Prentice Hall, 2003. • Grading Scheme:

Project 50%, Paper 25%, Exams 25%

3

Chapter 2 Introduction to Cryptography

Instructor: 孫宏民

4

2.1 What is Cryptography

• Plaintexts (cleartexts): A message is a plaintext.

• Code (digits): representation of data (e.g., ASCII)

• Another code: A = 00, B = 01, C = 02, ..., Z = 25

• Sender, Receiver, and Intruder (or Interceptor):

(Senders and receivers want to make sure an intruder cann

ot read the messages.)

5

• Cipher(Cryptosystem): secret method of writi

ng

• Ciphertexts: An encrypted messages

encipher

decipher

efficientalgorithmsplaintext M ciphertext C

C = E (M)K1

M = D (C)K2

Sender

Receiver

Intruder

Model of Conventional Cryptosystem

6

• Cryptography is the study of creating and using s

ecret writing, or the art and science of keeping mes

sages secure.

• Encryption (Enciphering): The encryption is the

process of disguising a message in such a way as t

o hide its substance. Notation: C=E(M) or EK(M) or

EK1(M)

• Decryption (Deciphering): The process of turnin

g ciphertext back into plaintext. Notation: M=D(C) or

DK(C) or DK2(C)

7

• Cryptanalysis: The art and science of breaking

ciphertexts.

• Cryptographers v.s. Cryptanalysts

• Cryptology = Cryptography+ Cryptanalysis

8

Four Basic Services of Cryptography

• Confidentiality (Secrecy): The intruder canno

t read the encrypted message form the ciphertex

t.

• Authentication: It should be possible for the re

ceiver of a message to ascertain its origin; an int

ruder should not be able to masquerade as som

eone else.

9

Four Basic Services of Cryptography

• Integrity: It should be possible for the receiver o

f a message to verify that it has not been modifie

d in transit; an intruder cannot substitute a false

message for a legitimate one.

• Nonrepudiation: A sender should not be able t

o falsely deny later that he sent a message.

10

2.2 Breaking an Encryption Scheme(1)

• A cipher is breakable if it is possible to fin

d plaintext or key from ciphertext, or to find

the key from plaintext-ciphertext pairs.

• Cryptanalysis = study (methods) of break

ing system, that is, deciphering without the

key (K2), using :

11

2.2 Breaking an Encryption Scheme(2)

(a) Ciphertext only (C)

Most difficult to break (b) Known plaintext (M, C)

E.g., encrypted programs (while, if, else, ...) (c) Chosen plaintext (M*, C)

Get the sender to encipher M* (your choice) for you.

(d) Chosen ciphertext (M, C*)

Get the receiver to decipher C* (your choice) for you.

12

2.2 Breaking an Encryption Scheme(3)

(e) Chosen text (M*, C) and (M, C*)

Combine (c) and (d).

13

Some other types of Cryptanalytic Attacks(1)

• Adaptive-chosen-plaintext Attacks (a speci

al case of a chosen-plaintext attack): The in

truder not only can choose the plaintext that is e

ncrypted, but he can also modify his choice base

d on the results of previous encryption.

• Chosen-key Attacks: The intrduer has some k

nowledge about the relationship between differe

nt keys.

14

Some other types of Cryptanalytic Attacks(2)

• Bruce-force Attacks (Exhaustive search):

To try every possible key one by one and to

check whether the resulting plaintext is

meaningful.

15

2.3 Type of Cryptographic Function

• Hash Function

• Secret Key Function

• Public Key Function

16

2.4 Secret Key Cryptography

• Secret Key Cryptosystems: The encryption

& decryption keys are the same.(EK(M)= C & DK

(C)= M). Stream ciphers: The operation unit on the plai

ntext is a single bit (or byte), such as RC4 and A5.

Block ciphers: The operation unit on the plaintext is a group of bits (a block), such as DES, IDEA, and AES.

17

plaintextencryption

ciphertext

key

ciphertext plaintextdecryption

18

Example of a Cipher

mi, ci {00, 01, 02, ..., 25}

• To encipher:

M = m1 m2 m3 …

C = c1 c2 c3 …

)m(E)m(E)m(E)M(E KKKK 321 1111

)(1 iKi mEc

26 mod )()( 11KmmEK

19

• To decipher:

26 mod )()( 22KccDK

12 26 KK

AZ CBA

Y Z CBY

20

Caesar Cipher

• Shift each letter in the English alphabet forward by K positions (shift past Z cycle back to A).

• K is the key to the cipher. • Example: k=3

T S I N G H U A U N I V E R S I T Y

W V L Q J K X D X Q L Y H U V L W B

21

Code Book

• Plaintext words or phrases are entered into the code book together with their ciphertext substitutes.

• The code book is the key. • Example:

ATTACK JAPAN 4008 5603

Word Code

BOMB 1701

JAPAN 5603

ATTACK 4008

NIGHT 3790

22

2.5 Public Key Cryptosystems

• Public Key Cryptosystems: Encryption & decryption keys are different (EK1(M)=C & DK2(C)=M), such as RSA, ElGamal, and McEliece. The encryption key (public key) can be public

while the decryption key (secret key) cannot be calculated from the public key.

23

• Encryption and decryption are two mathmatical functions that incerses of each other.

plaintextencryption

ciphertext

Private key

ciphertext plaintextdecryption

Public key

24

• There is an additional thing one can do with public key technology, which is to generate a digital signature on a message.

plaintextsigning

Signed message

public key

Signed message plaintextverification

private key

25

2.6 Hash Algorithm

• A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length number.

• We will call the hash of a message m, h(m).

26

• It has the following property: For any message, it is easy to compute h(m). Given h(m), there is no way to find a m that ha

shes to h(m) in a way that is substantially easier than going through all possible values of m and computing h(m) for each one.

It is computationally infeasible to find two value that hash to the same thing.

27

Security Attacks

• Normal flow:

• Interruption:

• Interception:

Informationsource

Informationdestination

28

• Modification:

• Fabrication:

29

• Interruption This is an attack on availability. Examples: cutting of a communication line, or

destruction of a piece of hardware.

• Interception This is an attack on secrecy. Examples: wiretapping to capture data in

network, or illicit copying of files or programs.

30

• Modification This is an attack on integrity. Examples: changing values in a data file, or

altering a program so that it performs differently.

• Fabrication This is an attack on authenticity. Examples: insertion of fake messages in

network, or addition of records to a file.

31

Security Threats • Passive threats

Interception (Secrecy)

• Active threats Interruption (Availability) Modification (Integrity) Fabrication (Authenticity)

sender

passivewiretapping

activewiretapping

insecure channelreceiver

32

Data Security(1)

• Data security is the science and study of methods of protecting data in computer and communications systems.

• Data security studies four kinds of control: Cryptography Access Information flow

• Prevent leakage Inference

People shouldn't be able to infer something that shouldn't be inferred

33

Data Security(2)

• Threats to data in computer systems Secrecy

Browsing, Leakage, Inference Authenticity

Tampering, Accidental destruction

• Browsing Searching through main memory or secondary

storage

34

Data Security(3)

• Leakage

Transmission of data to unauthorized users by processes with legitimate access to the data (e.g., compilers, text editors,...)

• Inference

In a statistical database, you may infer the info of an individual from average.

35

Data Security(4)

• Tampering Replay

insert Delete

• Accidental destruction Unintentional overwriting

Caused by faulty software (e.g., an array subscript is out-of-range)

Access controls are needed to prevent programs from writing into memory regions of other programs

you

boss

xyz

xyz

abc

36

Data Security(5)

Unintentional deletion Caused by software or hardware failure or user

mistakes (e.g., a disk crash) Backup is needed to recover from destruction

37

Other Threats to Data Security

• Ciphertext searching

xyz xyz salary (example)

You don't know what xyz is, but know they are the same. Know one of them Know both

• Masquerading

Write programs to simulate login procedure to get other people's password.

38

Computer System

classifieddata

modifyingfaulty

programoverwriting

replaying

confidentialdata

statistic

inserting

deleting

inference leaking

unclassifieduser

browsing

39

Cryptographic System

• For a given K, DK is the inverse of EK; that is,

• DK(EK(M)) = M• Requirements for cryptosystems:

K, EK and DK are efficient (run in polynomial time)

System is easy to use (no 200 digits keys has to be typed)

Security depends only on the secrecy of K, not on E or D

M CE1K D

2K M

encipher decipher