Computer Protection and Security: Authentication and Encryption, Slides of Computer Numerical Control

An introduction to computer protection and security, focusing on authentication and encryption. It covers the types of misuse of computers, the four approaches to security, and the common approach to authentication using passwords and encryption. The document also discusses the data encryption standard (des) and its details, as well as password issues and authentication in distributed systems.

Typology: Slides

2010/2011

Uploaded on 10/08/2011

christina
christina 🇺🇸

4.6

(23)

393 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Protection and Security
Arvind Krishnamurthy
Spring 2004
Introduction
nTypes of misuse of computers:
nAccidental
nIntentional
nProtection is to prevent either accidental or intentional
misuse; security is to prevent intentional misuse
nFour approaches to security: (Denning & Denning)
nAccess controls: Authorization and enforcement (who can do
what?)
nFlow control: no flow from high security to lower security
nInference controls: control access to database
nEncryption and authorization
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Computer Protection and Security: Authentication and Encryption and more Slides Computer Numerical Control in PDF only on Docsity!

Protection and Security

Arvind Krishnamurthy

Spring 2004

Introduction

n Types of misuse of computers:

n Accidental n Intentional

n Protection is to prevent either accidental or intentional

misuse; security is to prevent intentional misuse

n Four approaches to security: (Denning & Denning)

n Access controls: Authorization and enforcement (who can do what?) n Flow control: no flow from high security to lower security n Inference controls: control access to database n Encryption and authorization

Authentication

n Common approach: passwords n Shared secret between two parties n Since only user knows the password, machine can “authenticate”

n Problem 1: system must keep copy of secret to check against user input n What if malicious user gains access to this list? n What if a copy of the password file is accidentally made/misplaced

n Encryption: transformation that is difficult to reverse without the right key n Password ‡ one way transform ‡ encrypted password n System stores only encrypted version, so ok even if someone reads the file n Even make the encryption algorithm public

Data Encryption Standard

n Encrypts a 64-bit block of plaintext using a 64-bit key

n For passwords: n Plaintext is known n Key is user password

n DES algorithm steps: n Step 1: permute 64-bit block n Steps 2-17: Transform block based on key n Step 18: reverse permute 64-bit block

n Cannot determine the key just given the plaintext and encrypted version of plaintext

n Can obtain plaintext from encrypted version by applying the reverse algorithm if the key is available

DES

n Hard to figure out what the algorithm does!

n Apparently steps 1 and 18 (permutation and reverse

permutation) are not so useful

n “Achieves” security by confusion and obfuscation

n Given the plaintext and encrypted text, have to try 2^

combinations to find password that is used as the key

n How long to perform a single DES?

n In 1975, about 10ms n Now it costs about 1us

DES for large blocks of text

n Referred to as “cipher block chaining” (CBC)

n Algorithm:

n Break into 64 bit chunks n Plaintext for block j is XORed with cipher-text for block j-1 before running it through DES n Cipher-text for non-existent block 0 is generated randomly and is referred to as Initialization Vector (IV) n IV is sent along with encrypted data

n Question: why do we need IV?

Password Issues

n Typically not necessary to cycle through 2^56 combinations n Most passwords are: n Small, mostly letters n Chosen from dictionaries (or some small modifications of it) n Exhaustive search is possible How long for an exhaustive search? 26^5 = 10 million In 1975, 1 day. Now about 10 seconds n More importantly, an exhaustive search could reveal all the passwords in the entire password file n Partial solution: extend each password with a unique number (stored in password file), so can’t crack multiple passwords at a time n Referred to as “salt” n Further modifications: n Delay all remote login attempts by 1 second n Hacker cannot attempt passwords at a fast rate n Have password program reject “simple” passwords

Announcements

n Background readings for this material:

n Unix security paper n Data security paper by Denning and Denning

Basic Secret Key Protocol

n KAB – shared key between A and B

n m encrypted by a key K is represented by (m)K

n x and y are random numbers generated by the nodes

n They are sometimes called nonces (use once numbers)

n x and y can then be sequence numbers for future communication

A B

(x)KAB

(x+1)KAB^ (y)KAB

(y+1)KAB

Authentication Server Protocol

n How do you get shared secret in both places? Use authentication server n Main idea: Server keeps list of passwords, provides a way for parties, A and B, to talk to one another, as long as they trust server.

n A asks server for key

A ‡ S (Hi, I’d like a key for talking between A and B)

n Server gives back special session key encrypted using B’s key

S ‡ A [ use Kab; [ This is A! Use Kab ]KSB^ ]KSA

n A gives B the ticket

A ‡ B [ This is A! Use Kab ] KSB

Needham and Schroeder protocol

n Goal: obtain a shared key for communication between two

nodes

n Bootstrapping: each node has a shared secret (or key) with

an authentication server

n One of the nodes communicates with the server to obtain a

session key

Needham and Schroeder Protocol

n Initial trust: KSA, KSB n x, y are nonces to guard against replay n First message is (A, B, x): which is minimal amount of information n Server sends back x to guarantee freshness, B to guarantee original message was uncorrupted (tradeoff between message size and encryption costs) n But B has no guarantee regarding the freshness of K (so Kerberos uses timestamps)

(K, A)KSB

S

(A, B, x)

(x, B, K, (K, A)KSB)KSA

(y)K

(y-1)K

A B

RSA Public Key Algorithm

n Designed by Rivest, Shamir, and Adleman

n With 512 bit keys: n Choose two large primes p and q that are roughly 256 bits long n Multiply p and q to get N n Next choose “e” such that e and (p-1)(q-1) are relatively prime n Finally compute d such that: e * d = 1 mod ((p-1)(q-1)) n Throw away p and q (do not disclose them)

n Encrypt message m: c = me^ mod n

n Decrypt: m = cd^ mod n

n Number theoretic property that you get back m n m needs to be less than n; large messages are treated as concatenation of multiple 512 bit blocks

Public Key Scheme

n Properties: [text]KPUB^ = ciphertext [ciphertext]KPRIV^ = text [text]KPRIV^ = ciphertext’ [ciphertext’]KPUB^ = text KPRIV kept secret, KPUB put in a telephone directory

n Authentication: [ I will hold office hours tomorrow. ]KPRIV Everyone can read it, but only I can send it!

n Secrecy: [ Hi, can I get hold of tomorrow’s exam questions? ]KPUB Anyone can send it, but only the target can read it

n Secure authenticated communication: [ [ Hi, this is X -- can I get hold of the exam questions? ]KPUB^ ]KXPRIV Only source could have sent it, and only target can read it!

Public Key based Protocols

n Let PA be public key of A and let SA be private key

n To lookup B’s public key contact S

n Authentication server returns B’s key signed with its private key

S A B

(A, B)

(PB, B)SS

(B, A)

(PA, A)SS

Protocol (contd.)

n Both A and B know each other’s public key

n Can exchange nonces to begin communicating with each other

A B

(x, A)PB

(x-1, y)PA

(y-1)PB