Download Basic Knowledge - Malware and Software Vulnerability Analysis - Lecture Slides and more Slides Software Engineering in PDF only on Docsity!
Malware and Software Vulnerability Analysis
Basic Knowledge on Computer Network Security
Why This Introduction?
⢠Some students may have no knowledge of
basic cryptography and basic network security
- Such knowledge is important
- Such knowledge is necessary for continuing
learning malware and software security
Who might Bob, Alice be?
⢠Web client/server (e.g., on-line purchases)
⢠DNS servers
⢠routers exchanging routing table updates
⢠Two computers in peer-to-peer networks
⢠Wireless laptop and wireless access point
⢠Cell phone and cell tower
⢠Cell phone and bluetooth earphone
⢠RFID tag and reader
There are bad guys (and girls) out there!
Q: What can a ābad guyā do?
A: a lot!
- eavesdrop: intercept messages
- actively insert messages into connection
- impersonation: can fake (spoof) source address
in packet (or any field in packet)
- hijacking: ātake overā ongoing connection by
removing sender or receiver, inserting himself
in place
- denial of service : prevent service from being
used by others (e.g., by overloading resources)
Classical Cryptography
⢠Transposition Cipher
⢠Substitution Cipher
- Simple substitution cipher (Caesar cipher)
- Vigenere cipher
- One-time pad
Transposition Cipher: rail fence
⢠Write plaintext in two rows in column order
⢠Generate ciphertext in row order
⢠Example: āHELLOWORLDā
HLOOL
ELWRD
ciphertext: HLOOLELWRD
Problem: does not affect the frequency of individual
symbols
Problem of simple substitution cipher
- The key space for the English Alphabet is very
large: 26!ā 4 x 10^26
- However:
- Previous example has a key with only 26 possible
values
- English texts have statistical structure:
- the letter āeā is the most used letter. Hence, if one performs a frequency count on the ciphers, then the most frequent letter can be assumed to be āeā
Distribution of Letters in English
Frequency analysis
Problem of Vigenere Cipher
- Vigenere is easy to break (Kasiski, 1863):
- Assume we know the length of the key. We can organize the ciphertext in rows with the same length of the key. Then, every column can be seen as encrypted using Caesar's cipher.
- The length of the key can be found using several methods:
- If short, try 1, 2, 3,....
- Find repeated strings in the ciphertext. Their distance is expected to be a multiple of the length. Compute the gcd of (most) distances.
- Use the index of coincidence.
One-time Pad
⢠Extended from Vigenere cipher
⢠Key is as long as the plaintext
⢠Key string is random chosen
- Pro: Proven to be āperfect secureā
- Cons:
- How to generate Key?
- How to let bob/alice share the same key pad?
- Code book
Symmetric key crypto: DES
DES: Data Encryption Standard
- US encryption standard [NIST 1993]
- 56-bit symmetric key, 64-bit plaintext input
- How secure is DES?
- DES Challenge: 56-bit-key-encrypted phrase
(āStrong cryptography makes the world a safer
placeā) decrypted (brute force) in 4 months
- no known ābackdoorā decryption approach
- making DES more secure (3DES):
- use three keys sequentially on each datum
- use cipher-block chaining
Symmetric key crypto: DES
initial permutation
16 identical āroundsā of function application, each using different 48 bits of key
final permutation
DES operation
Block Cipher
- one pass through: one input bit affects eight output bits
64-bit input
T (^1)
8bits
8 bits
8bits
8 bits
8bits
8 bits
8bits
8 bits
8bits
8 bits
8bits
8 bits
8bits
8 bits
8bits
8 bits
64-bit scrambler
64-bit output
loop for n rounds (^) T 2
T 3 T 4
T T 5 6 T 7
T 8
ļ² multiple passes: each input bit affects most output bits
ļ² block ciphers: DES, 3DES, AES
Cipher Block Chaining
- cipher block: if input block repeated, will produce same cipher text:
t=1 m(1)^ = āHTTP/1.1ā^ block cipher
c(1) = āk329aM02ā
ā¦
ļ² cipher block chaining:
XOR ith input block, m(i), with previous block of cipher text, c(i-1) ļ c(0) transmitted to receiver in clear ļ what happens in āHTTP/1.1ā scenario from above?
+
m(i)
c(i)
t=17 m(17)^ = āHTTP/1.1ā^ block cipher
c(17) = āk329aM02ā
block cipher
c(i-1)