1 資訊安全 Network Security Instructor: 孫宏民 [email protected] [email protected]...
-
date post
19-Dec-2015 -
Category
Documents
-
view
245 -
download
1
Transcript of 1 資訊安全 Network Security Instructor: 孫宏民 [email protected] [email protected]...
![Page 1: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/1.jpg)
1
資訊安全Network Security
Instructor: 孫宏民[email protected]
Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694
![Page 2: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/2.jpg)
2
• Textbook:
C. Kaufman, R. Perlman, and M. Speciner, Network Sec
urity, Second Edition, Prentice-Hall PTR, 2002. • Reference Books:
1. W. Ford, Computer Communications Security: principles, Standard Protocols, and Techniques, Prentice Hall, 1994.
2. W. Stallings, Network Security Essentials, Second Editi
on, Prentice Hall, 2003. • Grading Scheme:
Project 50%, Paper 25%, Exams 25%
![Page 3: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/3.jpg)
3
Chapter 2 Introduction to Cryptography
Instructor: 孫宏民
![Page 4: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/4.jpg)
4
2.1 What is Cryptography
• Plaintexts (cleartexts): A message is a plaintext.
• Code (digits): representation of data (e.g., ASCII)
• Another code: A = 00, B = 01, C = 02, ..., Z = 25
• Sender, Receiver, and Intruder (or Interceptor):
(Senders and receivers want to make sure an intruder cann
ot read the messages.)
![Page 5: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/5.jpg)
5
• Cipher(Cryptosystem): secret method of writi
ng
• Ciphertexts: An encrypted messages
encipher
decipher
efficientalgorithmsplaintext M ciphertext C
C = E (M)K1
M = D (C)K2
Sender
Receiver
Intruder
Model of Conventional Cryptosystem
![Page 6: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/6.jpg)
6
• Cryptography is the study of creating and using s
ecret writing, or the art and science of keeping mes
sages secure.
• Encryption (Enciphering): The encryption is the
process of disguising a message in such a way as t
o hide its substance. Notation: C=E(M) or EK(M) or
EK1(M)
• Decryption (Deciphering): The process of turnin
g ciphertext back into plaintext. Notation: M=D(C) or
DK(C) or DK2(C)
![Page 7: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/7.jpg)
7
• Cryptanalysis: The art and science of breaking
ciphertexts.
• Cryptographers v.s. Cryptanalysts
• Cryptology = Cryptography+ Cryptanalysis
![Page 8: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/8.jpg)
8
Four Basic Services of Cryptography
• Confidentiality (Secrecy): The intruder canno
t read the encrypted message form the ciphertex
t.
• Authentication: It should be possible for the re
ceiver of a message to ascertain its origin; an int
ruder should not be able to masquerade as som
eone else.
![Page 9: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/9.jpg)
9
Four Basic Services of Cryptography
• Integrity: It should be possible for the receiver o
f a message to verify that it has not been modifie
d in transit; an intruder cannot substitute a false
message for a legitimate one.
• Nonrepudiation: A sender should not be able t
o falsely deny later that he sent a message.
![Page 10: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/10.jpg)
10
2.2 Breaking an Encryption Scheme(1)
• A cipher is breakable if it is possible to fin
d plaintext or key from ciphertext, or to find
the key from plaintext-ciphertext pairs.
• Cryptanalysis = study (methods) of break
ing system, that is, deciphering without the
key (K2), using :
![Page 11: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/11.jpg)
11
2.2 Breaking an Encryption Scheme(2)
(a) Ciphertext only (C)
Most difficult to break (b) Known plaintext (M, C)
E.g., encrypted programs (while, if, else, ...) (c) Chosen plaintext (M*, C)
Get the sender to encipher M* (your choice) for you.
(d) Chosen ciphertext (M, C*)
Get the receiver to decipher C* (your choice) for you.
![Page 12: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/12.jpg)
12
2.2 Breaking an Encryption Scheme(3)
(e) Chosen text (M*, C) and (M, C*)
Combine (c) and (d).
![Page 13: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/13.jpg)
13
Some other types of Cryptanalytic Attacks(1)
• Adaptive-chosen-plaintext Attacks (a speci
al case of a chosen-plaintext attack): The in
truder not only can choose the plaintext that is e
ncrypted, but he can also modify his choice base
d on the results of previous encryption.
• Chosen-key Attacks: The intrduer has some k
nowledge about the relationship between differe
nt keys.
![Page 14: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/14.jpg)
14
Some other types of Cryptanalytic Attacks(2)
• Bruce-force Attacks (Exhaustive search):
To try every possible key one by one and to
check whether the resulting plaintext is
meaningful.
![Page 15: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/15.jpg)
15
2.3 Type of Cryptographic Function
• Hash Function
• Secret Key Function
• Public Key Function
![Page 16: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/16.jpg)
16
2.4 Secret Key Cryptography
• Secret Key Cryptosystems: The encryption
& decryption keys are the same.(EK(M)= C & DK
(C)= M). Stream ciphers: The operation unit on the plai
ntext is a single bit (or byte), such as RC4 and A5.
Block ciphers: The operation unit on the plaintext is a group of bits (a block), such as DES, IDEA, and AES.
![Page 17: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/17.jpg)
17
plaintextencryption
ciphertext
key
ciphertext plaintextdecryption
![Page 18: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/18.jpg)
18
Example of a Cipher
mi, ci {00, 01, 02, ..., 25}
• To encipher:
M = m1 m2 m3 …
C = c1 c2 c3 …
)m(E)m(E)m(E)M(E KKKK 321 1111
)(1 iKi mEc
26 mod )()( 11KmmEK
![Page 19: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/19.jpg)
19
• To decipher:
26 mod )()( 22KccDK
12 26 KK
AZ CBA
Y Z CBY
![Page 20: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/20.jpg)
20
Caesar Cipher
• Shift each letter in the English alphabet forward by K positions (shift past Z cycle back to A).
• K is the key to the cipher. • Example: k=3
T S I N G H U A U N I V E R S I T Y
W V L Q J K X D X Q L Y H U V L W B
![Page 21: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/21.jpg)
21
Code Book
• Plaintext words or phrases are entered into the code book together with their ciphertext substitutes.
• The code book is the key. • Example:
ATTACK JAPAN 4008 5603
Word Code
BOMB 1701
JAPAN 5603
ATTACK 4008
NIGHT 3790
![Page 22: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/22.jpg)
22
2.5 Public Key Cryptosystems
• Public Key Cryptosystems: Encryption & decryption keys are different (EK1(M)=C & DK2(C)=M), such as RSA, ElGamal, and McEliece. The encryption key (public key) can be public
while the decryption key (secret key) cannot be calculated from the public key.
![Page 23: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/23.jpg)
23
• Encryption and decryption are two mathmatical functions that incerses of each other.
plaintextencryption
ciphertext
Private key
ciphertext plaintextdecryption
Public key
![Page 24: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/24.jpg)
24
• There is an additional thing one can do with public key technology, which is to generate a digital signature on a message.
plaintextsigning
Signed message
public key
Signed message plaintextverification
private key
![Page 25: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/25.jpg)
25
2.6 Hash Algorithm
• A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length number.
• We will call the hash of a message m, h(m).
![Page 26: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/26.jpg)
26
• It has the following property: For any message, it is easy to compute h(m). Given h(m), there is no way to find a m that ha
shes to h(m) in a way that is substantially easier than going through all possible values of m and computing h(m) for each one.
It is computationally infeasible to find two value that hash to the same thing.
![Page 27: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/27.jpg)
27
Security Attacks
• Normal flow:
• Interruption:
• Interception:
Informationsource
Informationdestination
![Page 28: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/28.jpg)
28
• Modification:
• Fabrication:
![Page 29: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/29.jpg)
29
• Interruption This is an attack on availability. Examples: cutting of a communication line, or
destruction of a piece of hardware.
• Interception This is an attack on secrecy. Examples: wiretapping to capture data in
network, or illicit copying of files or programs.
![Page 30: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/30.jpg)
30
• Modification This is an attack on integrity. Examples: changing values in a data file, or
altering a program so that it performs differently.
• Fabrication This is an attack on authenticity. Examples: insertion of fake messages in
network, or addition of records to a file.
![Page 31: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/31.jpg)
31
Security Threats • Passive threats
Interception (Secrecy)
• Active threats Interruption (Availability) Modification (Integrity) Fabrication (Authenticity)
sender
passivewiretapping
activewiretapping
insecure channelreceiver
![Page 32: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/32.jpg)
32
Data Security(1)
• Data security is the science and study of methods of protecting data in computer and communications systems.
• Data security studies four kinds of control: Cryptography Access Information flow
• Prevent leakage Inference
People shouldn't be able to infer something that shouldn't be inferred
![Page 33: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/33.jpg)
33
Data Security(2)
• Threats to data in computer systems Secrecy
Browsing, Leakage, Inference Authenticity
Tampering, Accidental destruction
• Browsing Searching through main memory or secondary
storage
![Page 34: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/34.jpg)
34
Data Security(3)
• Leakage
Transmission of data to unauthorized users by processes with legitimate access to the data (e.g., compilers, text editors,...)
• Inference
In a statistical database, you may infer the info of an individual from average.
![Page 35: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/35.jpg)
35
Data Security(4)
• Tampering Replay
insert Delete
• Accidental destruction Unintentional overwriting
Caused by faulty software (e.g., an array subscript is out-of-range)
Access controls are needed to prevent programs from writing into memory regions of other programs
you
boss
xyz
xyz
abc
![Page 36: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/36.jpg)
36
Data Security(5)
Unintentional deletion Caused by software or hardware failure or user
mistakes (e.g., a disk crash) Backup is needed to recover from destruction
![Page 37: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/37.jpg)
37
Other Threats to Data Security
• Ciphertext searching
xyz xyz salary (example)
You don't know what xyz is, but know they are the same. Know one of them Know both
• Masquerading
Write programs to simulate login procedure to get other people's password.
![Page 38: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/38.jpg)
38
Computer System
classifieddata
modifyingfaulty
programoverwriting
replaying
confidentialdata
statistic
inserting
deleting
inference leaking
unclassifieduser
browsing
![Page 39: 1 資訊安全 Network Security Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.](https://reader031.fdocument.pub/reader031/viewer/2022013105/56649d3e5503460f94a16f3d/html5/thumbnails/39.jpg)
39
Cryptographic System
• For a given K, DK is the inverse of EK; that is,
• DK(EK(M)) = M• Requirements for cryptosystems:
K, EK and DK are efficient (run in polynomial time)
System is easy to use (no 200 digits keys has to be typed)
Security depends only on the secrecy of K, not on E or D
M CE1K D
2K M
encipher decipher