Вы находитесь на странице: 1из 66

TIF401/SIF401

IT/IS Security
Week 01 :
Chapter 01 : Overview of Computer Security Concepts
Chapter 02 : Cryptographic Tools

by
Berkah I. Santoso
Bakrie University
2015

Chapter 1
Overview

Computer Security Overview


The NIST Computer Security Handbook defines the
term Computer Security as:
The protection afforded to an automated
information system in order to attain the applicable
objectives of preserving the integrity, availability and
confidentiality of information system resources
(includes hardware, software, firmware,
information/data, and telecommunications).

Chapter 01

The CIA Triad


Confidentiality
- data
confidentiality
- privacy
Integrity
- data integrity
- system integrity
Availability
Chapter 01

Key Security Concepts


Confidentiality
preserving
authorized
restrictions on
information access
and disclosure,
including means
for protecting
personal privacy
and proprietary
information

Integrity
guarding against
improper
information
modification or
destruction,
including ensuring
information
nonrepudiation
and authenticity
Chapter 01

Availability
ensuring timely
and reliable access
to and use of
information

Computer Security Challenges


computer security is not as
simple as it might first appear
to the novice
potential attacks on the
security features must be
considered
procedures used to provide
particular services are often
counterintuitive
physical and logical placement
needs to be determined
additional algorithms or
protocols may be involved

attackers only need to find a


single weakness, the
developer needs to find all
weaknesses
users and system managers
tend to not see the benefits
of security until a failure
occurs
security requires regular and
constant monitoring
is often an afterthought to be
incorporated into a system
after the design is complete
thought of as an impediment
to efficient and user-friendly
6
Chapter 01
operation

Table 1.1
Computer
Security
Terminology
RFC 2828, Internet
Security Glossary,
May 2000

Chapter 01

Figure 1.2
Security Concepts and Relationships

Chapter 01

Vulnerabilities, Threats
and Attacks
categories of vulnerabilities
corrupted (loss of integrity)
leaky (loss of confidentiality)
unavailable or very slow (loss of availability)

threats
capable of exploiting vulnerabilities
represent potential security harm to an asset

attacks (threats carried out)


passive does not affect system resources
active attempt to alter system resources or affect their
operation
insider initiated by an entity inside the security parameter
outsider initiated from outside the perimeter
Chapter 01

Countermeasures
means used to deal with
security attacks

prevent
detect
recover

may introduce new


vulnerabilities
residual vulnerabilities may
remain
goal is to minimize residual
level of risk to the assets

Chapter 01

10

Table 1.2
Threat
Consequences

Chapter 01

11

Figure 1.3
Scope of Computer Security

Chapter 01

12

Table 1.3
Computer and Network Assets
Examples of Threats

Chapter
01 with Examples of Threats.
Table 1.3 Computer and Network
Assets,

13

Passive and Active Attacks


Passive attacks attempt to learn or make use of information
from the system but does not affect system resources

eavesdropping/monitoring transmissions
difficult to detect
emphasis is on prevention rather than detection
two types:
release of message contents

traffic analysis

Active attacks involve modification of the data stream


goal is to detect them and then recover
four categories:

masquerade
replay
modification of messages
denial of service Chapter 01

14

S
e
c
u
r
i
t
y

R
e
q
u
i
r
e
m
e
n
t
s

Chapter 01

15

Security Functional Requirements


functional areas that primarily
require computer security
technical measures include:

functional areas that primarily


require management controls
and procedures include:

access control; identification


& authentication; system &
communication protection;
and system & information
integrity

awareness & training; audit


& accountability;
certification, accreditation, &
security assessments;
contingency planning;
maintenance; physical &
environmental protection;
planning; personnel security;
risk assessment; and systems
& services acquisition

Chapter 01

functional areas that overlap


computer security technical
measures and management
controls include:

configuration management;
incident response; and media
protection

16

Security Architecture For


Open Systems
ITU-T Recommendation X.800, Security
Architecture for OSI
systematic way of defining the requirements for
security and characterizing the approaches to
satisfying them
was developed as an international standard
focuses on:
security attacks action that compromises the security of
information owned by an organization
security mechanism designed to detect, prevent, or
recover from a security attack
security service intended to counter security attacks
Chapter 01

17

Security Services
X.800

RFC 2828

defines a security
service as a service
that is provided by a
protocol layer of
communicating open
systems and ensures
adequate security of
the systems or of data
transfers

defines a security
service as a processing
or communication
service that is provided
by a system to give a
specific kind of
protection to system
resources; security
services implement
security policies and are
implemented by security
mechanisms
Chapter 01

18

Table 1.5

Security
Services

Chapter 01
Source: From X.800, Security Architecture for OSI

19

Authentication
Service

concerned with assuring that


a communication is from the
source that it claims to be
from

Data Origin Authentication


provides for the corroboration of the
source of a data unit
does not provide protection against
the duplication or modification of data
units
this type of service supports
applications like email where there are
no prior interactions between the
communicating entities

Peer Entity Authentication


provides for the corroboration of the
identity of a peer entity in an
association
provided for use at the establishment
of, or at times during the data transfer
phase of, a connection
attempts to provide confidence that an
entity is not performing either a
masquerade or an unauthorized replay
of a previous connection

must assure that the


connection is not interfered
with by a third party
masquerading as one of the
two legitimate parties
Chapter 01

20

Access
Control
Service

the ability to limit and control


the access to host systems and
applications via
communications links.
each entity trying to gain
access must first be identified,
or authenticated, so that
access rights can be tailored to
the individual.
Chapter 01

Nonrepudiation
Service

prevents either sender or

receiver from denying a


transmitted message
receiver can prove that the

alleged sender in fact sent the


message
the sender can prove that the

alleged receiver in fact


received the message
21

Data
Confidentiality
Service

protects the traffic flow from analysis


this requires that an attacker not be
able to observe the source and
destination, frequency, length, or
other characteristics of the traffic on
a communications facility
connectionless confidentiality
protection of all user data in a single
data block

the protection of transmitted


data from passive attacks
the broadest service protects
all user data transmitted
between two users over a
period of time

selective-field confidentiality
confidentiality of selected fields
within the user data on a connection
or a single data block

traffic-flow confidentiality
protection of the information that
the protection of all user data
on a connection
might be derived from observation of
Chapter 01
22
traffic flows

connection confidentiality

a connection-oriented
integrity service assures that
messages are received as sent,
with no duplication, insertion
modification, reordering, or
replays

Data
Integrity
Service

destruction of data is also covered


under this service
addresses both message stream
modification and denial of service

can apply to a stream of


messages, a single
message, or selected fields
within a message

need to make a distinction


between the service with and
without recovery

a connectionless integrity
service generally provides
protection against message
modification only
Chapter 01

concerned with detection rather


than prevention
the incorporation of automated
recovery mechanisms is the more
attractive alternative

23

a variety of attacks can


result in the loss of or
reduction in availability

Availability
Service

a service that protects a


system to ensure its
availability
defined as the property of a
system or a system resource
being accessible and usable
upon demand by an
authorized system entity,
according to performance
specifications of the system

some of these attacks are


amenable to authentication
and encryption
some attacks require a
physical action to prevent or
recover from loss of
availability

X.800 treats availability as a property to


be associated with various security
services

addresses the security concerns raised


by denial-of-service attacks

depends on proper management and


control of system resources

Chapter 01

24

TABLE 1.6

X.800
Security
Mechanisms

Chapter 01

25

Figure
1.4
Security
Trends

Chapter 01

26

Figure 1.5
Security
Technologies
Used

Computer Security Strategy

specification/policy

what is the
security scheme
supposed to do?

implementation/
mechanisms

how does it do
it?

Chapter 01

correctness/assurance

does it really
work?

28

Security Policy
formal statement of rules and practices that specify or

regulate how a system or organization provides security


services to protect sensitive and critical system resources
factors to consider:
value of the assets
being protected
vulnerabilities of the
system
potential threats and
the likelihood of attacks

trade-offs to consider:
ease of use versus
security
cost of security versus
cost of failure and
recovery

Chapter 01

29

Security Implementation
detection

response

intrusion detection
systems
detection of denial
of service attacks

upon detection,
being able to halt
an attack and
prevent further
damage

recovery

involves four
complementary
courses of
action:
prevention

use of backup
systems

secure encryption
algorithms
prevent
unauthorized
access to
encryption keys
Chapter 01

30

Assurance and Evaluation


assurance
the degree of confidence one has that the security
measures work as intended to protect the system and
the information it processes
encompasses both system design and system
implementation
evaluation

process of examining a computer product or system


with respect to certain criteria
involves testing and formal analytic or mathematical
techniques
Chapter 01

31

Summary
security concepts

security architecture
security services enhances the security of
systems and information transfers, table 1.5
security mechanisms mechanisms
designed to detect, prevent, or recover from
a security attack, table 1.6
security attack any action that
compromises the security of information
owned by an organization

CIA triad
confidentiality preserving
the disclosure of information
integrity guarding against
modification or destruction
of information
availability ensuring timely
and reliable access to
information

terminology table 1.1


threats exploits vulnerabilities
attack a threat carried out
countermeasure means to
deal with a security attack
assets hardware, software,
data, communication lines,
networks

security trends
figure 1.4

security strategy
policy, implementation,
assurance and evaluation
functional requirements

Chapter 01

table 1.4

32

Chapter 2
Cryptographic Tools

Symmetric Encryption
the universal technique for providing
confidentiality for transmitted or stored data
also referred to as conventional encryption or
single-key encryption
two requirements for secure use:
need a strong encryption algorithm
sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
Chapter 02

34

FIGURE 2.1

Chapter 02

35

Attacking Symmetric Encryption


Cryptanalytic Attacks

Brute-Force Attack

rely on:

try all possible keys on


some ciphertext until an
intelligible translation into
plaintext is obtained

nature of the algorithm


some knowledge of the general
characteristics of the plaintext
some sample plaintextciphertext pairs

on average half of all


possible keys must be tried
to achieve success

exploits the characteristics of


the algorithm to attempt to
deduce a specific plaintext or
the key being used
if successful all future and past
messages encrypted with that
key are compromised
Chapter 02

36

Table 2.1

Average Time Required for Exhaustive Key Search


Chapter 02

37

Table 2.2

Comparison of Three Popular Symmetric


Encryption Algorithms
Chapter 02

38

Data Encryption Standard


(DES)
the most widely used encryption scheme
FIPS PUB 46
referred to as the Data Encryption Algorithm
(DEA)
uses 64 bit plaintext block and 56 bit key to
produce a 64 bit ciphertext block

strength concerns:
concerns about algorithm
DES is the most studied encryption algorithm in
existence

use of 56-bit key


Electronic Frontier Foundation (EFF) announced in July
1998 that it had broken a DES encryption
Chapter 02

39

F 2
i .
g 2
u
r
e
Figure 2.2 Time to Break a Code (assuming 106
decryptions/ms) The graph assumes that a symmetric
encryption algorithm is attacked using
a brute-force approach of trying all possible keys
Chapter 02

40

Triple DES (3DES)


repeats basic DES algorithm three times using
either two or three unique keys
first standardized for use in financial applications
in ANSI standard X9.17 in 1985
attractions:
168-bit key length overcomes the vulnerability to
brute-force attack of DES
underlying encryption algorithm is the same as in DES
drawbacks:

algorithm is sluggish in software


uses a 64-bit block size
Chapter 02

41

Advanced Encryption Standard


(AES)
needed a
replacement for
3DES

NIST called for


proposals for a
new AES in 1997

selected
Rijndael in
November 2001

should have a security


strength equal to or better
than 3DES

3DES was not


reasonable for long
term use

significantly improved
efficiency

published as FIPS
197

symmetric block cipher

128 bit data and


128/192/256 bit keys

Chapter 02

42

Practical Security Issues


typically symmetric encryption is applied to a unit
of data larger than a single 64-bit or 128-bit block
electronic codebook (ECB) mode is the simplest
approach to multiple-block encryption
each block of plaintext is encrypted using the same key
cryptanalysts may be able to exploit regularities in the
plaintext

modes of operation
alternative techniques developed to increase the security of
symmetric block encryption for large sequences
overcomes the weaknesses of ECB
Chapter 02

43

Block Cipher
Encryption

Stream
Encryption
Chapter 02

44

Block & Stream Ciphers


Block Cipher

processes the input one block of elements at a time


produces an output block for each input block
can reuse keys
more common

Stream Cipher
processes the input elements continuously
produces output one element at a time
primary advantage is that they are almost always faster and use far
less code
encrypts plaintext one byte at a time
pseudorandom stream is one that is unpredictable without
knowledge of the input key
Chapter 02

45

Message Authentication
protects against
active attacks
verifies received
message is
authentic
can use
conventional
encryption
Chapter 02

contents have not been


altered
from authentic source
timely and in correct
sequence

only sender &


receiver share a
key
46

Message Authentication Codes

Chapter 02

47

Secure Hash
Functions

Chapter 02

48

Figure 2.6

Message
Authentication
Using a
One-Way
Hash Function

Chapter 02

49

Hash Function Requirements


can be applied to a block of data of any size
produces a fixed-length output
H(x) is relatively easy to compute for any given x
one-way or pre-image resident

computationally infeasible to find x such that


H(x) = h

second pre-image resistant or weak collision resistant

computationally infeasible to find y x such that


H(y) = H(x)

collision resistant or strong collision resistance

computationally infeasible to find any pair (x, y)


such that H(x) = H(y)
Chapter 02

50

Security of Hash Functions


there are two approaches to attacking a secure
hash function:
cryptanalysis
exploit logical weaknesses in the algorithm

brute-force attack
strength of hash function depends solely on the length of the hash code
produced by the algorithm

SHA most widely used hash algorithm


additional secure hash function applications:
passwords
hash of a password is stored by an operating system

intrusion detection
store H(F) for each file on a system and secure the hash values
Chapter 02

51

asymmetric
publicly
proposed by
Diffie and
Hellman in
1976

based on
mathematical
functions

uses two
separate keys
public key and
private key
public key is
made public for
others to use

Chapter 02

some form of
protocol is
needed for
distribution

52

plaintext

readable message or
data that is fed into
the algorithm as
input

encryption algorithm

performs
transformations on
the plaintext

public and private key

pair of keys, one for


encryption, one for
decryption

ciphertext

scrambled message
produced as output

decryption key
***directed toward providing confidentiality

Chapter 02

produces the original


plaintext

53

user encrypts data

using his or her own


private key

anyone who knows the

corresponding public
key will be able to
decrypt the message

***directed toward providing authentication


Chapter 02

54

Table 2.3

Applications for Public-Key Cryptosystems


Chapter 02

55

computationally easy
to create key pairs

useful if either key


can be used for each
role

computationally easy
for sender knowing
public key to encrypt
messages

computationally
infeasible for
opponent to
otherwise recover
original message

computationally
easy for receiver
knowing private
key to decrypt
ciphertext

computationally
infeasible for
opponent to
determine private key
from public key
Chapter 02

56

RSA (Rivest,
Shamir,
Adleman)

developed in 1977

most widely
accepted and
implemented
approach to publickey encryption

Diffie-Hellman
key exchange
algorithm

enables two users to


securely reach
agreement about a
shared secret that can be
used as a secret key for
subsequent symmetric
encryption of messages

limited to the
exchange of the
keys

Digital
Signature
Standard (DSS)

provides only a
digital signature
function with SHA1

cannot be used for


encryption or key
exchange

Elliptic curve
cryptography
(ECC)

security like RSA,


but with much
smaller keys

Chapter 02

block cipher in
which the plaintext
and ciphertext are
integers between 0
and n-1 for some n.

57

Digital Signatures
used for authenticating both source and data
integrity
created by encrypting hash code with private
key
does not provide confidentiality
even in the case of complete encryption
message is safe from alteration but not eavesdropping

Chapter 02

58

Chapter 02

59

Digital
Envelopes
protects a message

without needing to
first arrange for sender
and receiver to have
the same secret key
***equates to the same thing
as a sealed envelope
containing an unsigned
letter

Chapter 02

60

Random
Numbers

keys for public-key


algorithms
stream key for symmetric
stream cipher
symmetric key for use as
a temporary session key
or in creating a digital
envelope

Uses include
generation of:

handshaking to prevent
replay attacks
session key
Chapter 02

61

Random Number Requirements


Randomness

Unpredictability

criteria:
uniform distribution
frequency of occurrence of
each of the numbers should
be approximately the same

independence
no one value in the
sequence can be inferred
from the others

Chapter 02

each number is statistically


independent of other
numbers in the sequence
opponent should not be
able to predict future
elements of the sequence
on the basis of earlier
elements

62

Random versus Pseudorandom


cryptographic applications typically make use of algorithmic
techniques for random number generation
algorithms are deterministic and therefore produce sequences of
numbers that are not statistically random

pseudorandom numbers are:


sequences produced that satisfy statistical randomness tests
likely to be predictable

true random number generator (TRNG):


uses a nondeterministic source to produce randomness
most operate by measuring unpredictable natural processes
e.g. radiation, gas discharge, leaky capacitors

increasingly provided on modern processors

Chapter 02

63

Practical Application:
Encryption of Stored Data
common to encrypt transmitted data
much less common for stored data
there is often little
protection beyond domain
authentication and
operating system access
controls
data are archived for
indefinite periods
even though erased, until
disk sectors are reused
data are recoverable

approaches to encrypt stored data:


use a
commercially
available
encryption
package

back-end
appliance

Chapter 02

library based
tape
encryption

background
laptop/PC data
encryption

64

Summary
symmetric encryption

digital signatures

conventional or single-key only


type used prior to public-key
five parts: plaintext, encryption
algorithm, secret key, ciphertext,
and decryption algorithm
two attacks: cryptanalysis and
brute force
most commonly used algorithms
are block ciphers (DES, triple DES,
AES)

hash functions

digital envelopes

public-key encryption

protects a message without needing


to first arrange for sender and
receiver to have the same secret key

random numbers

message authentication
creation of digital signatures

hash code is encrypted with private


key

requirements: randomness and


unpredictability
validation: uniform distribution,
independence
pseudorandom numbers

based on mathematical functions


asymmetric
six ingredients: plaintext,
encryption algorithm, public and
private key, ciphertext, and
decryption algorithm
Chapter 02

65

Thank You !

66