Summary. Final Week. CNT-4403: 21.April

Similar documents
Access Control Mechanisms

User Authentication Protocols

User Authentication Protocols Week 7

Scanned by CamScanner

Symmetric-Key Cryptography

Block Cipher Operation. CS 6313 Fall ASU

CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Chapter 8. Encipherment Using Modern Symmetric-Key Ciphers

Security Models Trusted Zones SPRING 2018: GANG WANG

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

ECE 646 Lecture 8. Modes of operation of block ciphers

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Lecture 1 Applied Cryptography (Part 1)

CSC 474/574 Information Systems Security

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Access control models and policies. Tuomas Aura T Information security technology

Chapter 3 Block Ciphers and the Data Encryption Standard

Content of this part

Lecture 1: Course Introduction

The Rectangle Attack

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

Unit 8 Review. Secure your network! CS144, Stanford University

Introduction to Symmetric Cryptography

Access control models and policies

Some Aspects of Block Ciphers

Using block ciphers 1

Computer Security CS 526

Modes of Operation. Raj Jain. Washington University in St. Louis

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

CCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Modern Symmetric Block cipher

Security Handshake Pitfalls

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Access control models and policies

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CIS 4360 Secure Computer Systems Symmetric Cryptography

Crypto: Symmetric-Key Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

CSC 774 Network Security

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

Symmetric Encryption Algorithms

Data Encryption Standard (DES)

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

Cryptography Symmetric Encryption Class 2

Winter 2011 Josh Benaloh Brian LaMacchia

Digital Signatures. Secure Digest Functions

Operating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)

CSC/ECE 774 Advanced Network Security

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Block Cipher Modes of Operation

How to Use Your Block Cipher? Palash Sarkar

CSE Computer Security

CSC 474/574 Information Systems Security

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

IDEA, RC5. Modes of operation of block ciphers

Computer Networks. Wenzhong Li. Nanjing University

CSC574: Computer & Network Security

Access Control (slides based Ch. 4 Gollmann)

Double-DES, Triple-DES & Modes of Operation

Network Security Essentials Chapter 2

Midgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA

Stream Ciphers and Block Ciphers

symmetric cryptography s642 computer security adam everspaugh

Symmetric Encryption. Thierry Sans

Information Security Theory vs. Reality

Chapter 6 Contemporary Symmetric Ciphers

CCM Lecture 12. Security Model 1: Bell-LaPadula Model

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

CIS433/533 - Introduction to Computer and Network Security. Access Control

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

What did we talk about last time? Public key cryptography A little number theory

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Ref:

Grenzen der Kryptographie

Security I exercises

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

symmetric cryptography s642 computer security adam everspaugh

Cryptographic Concepts

Lecture Note 05 Date:

Processing with Block Ciphers

Cryptography and Network Security

Secret Key Cryptography

3 Symmetric Cryptography

Fall 2010/Lecture 32 1

Transcription:

Summary Final Week CNT-4403: 21.April.2015 1

List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic Data Integrity CNT-4403: 21.April.2015 2

Using Symmetric Keys 1 1 Exchange keys Authenticate Alice Bob B Assume T shares a key with A (K A ) and B (K B ) Trent T (Host) E A (M) :encryption with key shared by A and T CNT-4403: 21.April.2015 3

Wide-Mouth Frog Simplest Authentication/Key Exchange 5 E K (M) 1 Alice Generate random K 2 A, E A (T A,B,K) 4 E B (T T,A,K) Bob B Trent T (Host) 3 Decrypt message using K A CNT-4403: 21.April.2015 4

Yahalom Equal? 1 A, R A Alice 4 E A (B, K, R A, R B ) 5 E B (A,K), E K (R B ) Bob B 4 E B (A,K) 2 B, E B (A, R A, R B ) Equal? Assume T shares a key with A (K A ) and B (K B ) Trent T (Host) 3 Generate random K CNT-4403: 21.April.2015 5

Needham-Schroeder 4 Extract key K 5 E B (K,A) 6 Extract key K 8 E K (R B ) Alice 1 A, B, R A 9 E K (R B -1) 7 Bob B Generate random R B 3 E A (R A, B, K, E B (K,A)) Match? Equal? Trent T (Host) 2 Generate random K CNT-4403: 21.April.2015 6

Kerberos - Simplified Kerberos 5: Variant of Needham-Schroeder 6 E K (A,T), E B (T,L,K,A) Alice 7 E K (T+1) Bob B 1 A, B 5 E A (T,L,K,B), E B (T,L,K,A) 2 Generate timestamp T 4 Generate random K Trent T (Host) 3 Generate lifetime L CNT-4403: 21.April.2015 7

List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic Data Integrity CNT-4403: 21.April.2015 8

Multiple Encryption and DES Uses 56-bit keys to encrypt 64 bit blocks Differential cryptanalysis O(2 47 ) encryptions Linear cryptanalysis O(2 43 ) encryptions Can we make DES withstand attacks without changing its structure? Yes! CNT-4403: 21.April.2015 9

Double DES 2 DES with keys K 1 and K 2 : C = E K2 (E K1 (P)) K 1 K 2 P DES Encrypt X DES Encrypt C K2 K 1 DES Decrypt DES Decrypt C X P CNT-4403: 21.April.2015 10

2 DES: Meet-in-the-Middle 2 DES uses two keys: 56+56=112 bits Is the strength 2 56 of DES? NO!!!! Given P and C Encrypt P for all possible 2 56 values of K 1 Store in table T: pairs (K 1, E K1 (P)) Decrypt C for all possible 2 56 values of K 2 Search D K2 (C) in table T Success when E K1 (P) = D K2 (C) Attack takes O(2 56 ) steps similar to DES CNT-4403: 21.April.2015 11

Modes of Operation Block ciphers encrypt fixed size blocks DES encrypts 64-bit blocks with 56-bit key Need to encrypt and decrypt arbitrary amounts of data in practice NIST SP 800-38A defines 5 modes Electronic Code Book: ECB Cipher Block Chaining: CBC Cipher Feedback: CFB Output Feedback: OFB Counter Mode: CTR Can be used with any block cipher CNT-4403: 21.April.2015 12

Electronic Code Book (ECB) Split message into blocks of length b (e.g., 64 bits) Use the same key to encrypt each block Each block is mapped into a unique value like a codebook P 1 P s K DES Encrypt (s blocks) K DES Encrypt C 1 C s CNT-4403: 21.April.2015 13

ECB Decryption C 1 C s K DES Decrypt K (s blocks) DES Decrypt P 1 P s Weakness due to independent encryptions Same bit repeated each b positions Main use is sending a few blocks of data E.g., shared keys CNT-4403: 21.April.2015 14

Cipher Block Chaining (CBC) Use Initial Vector (IV) to start process Chain current cipher block into next encryption IV P 1 P 2 (s blocks) K DES Encrypt K DES Encrypt C 1 C 2 C 1 CNT-4403: 21.April.2015 15

CBC: Decryption C 1 C 2 C 1 (s blocks) K DES Decrypt K DES Decrypt IV P 1 P 2 CNT-4403: 21.April.2015 16

Cipher Feedback Mode (CFB) Message is treated as a stream of bits Take s bits at a time; s<b K IV (b bits) DES Encrypt K IV Shift s bits DES Encrypt (so on) s bits Discard s bits Discard P 1 (s) P 2 (s) C 1 C 2 CNT-4403: 21.April.2015 17

Counter Mode (CTR) b is block size Counter 1 Counter 2 K Encrypt K Encrypt (so on) P 1 (b) P 2 (b) C 1 Counter 2 = Counter 1 +1,.., Counter n = Counter n-1 + 1 C 2 CNT-4403: 21.April.2015 18

List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic Data Integrity CNT-4403: 21.April.2015 19

Message Authentication Why? Prove the integrity of a message Message M Sender generates M Receiver wants to ensure that message received is the same as M Sender and Receiver share a symmetric key K CNT-4403: 21.April.2015 20

Example 1: Authentication (Sender) M (L bits) M (L bits) E(K,[M H(M)]) Encryption Algorithm Hash value Key K Hash H CNT-4403: 21.April.2015 21

Example 1: How to Verify? (Receiver) M (L bits) Hash H Hash h 2 E(K,[M H(M)]) Decryption Algorithm h 1 = h 2? Hash value h 1 Key K CNT-4403: 21.April.2015 22

Example 2: Message Authentication M (L bits) Hash H Hash value Encryption Algorithm E(K, H(M)) Key K M (L bits) CNT-4403: 21.April.2015 23

Example 2: How to Verify? Key K E(K, H(M)) Decryption Algorithm Hash value h 1 h 1 = h 2? M (L bits) Hash value h 2 Hash H CNT-4403: 21.April.2015 24

List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic Data Integrity CNT-4403: 21.April.2015 25

Access Matrix Model (Lampson 1971) Objects (and Subjects) F G S u b j e c t s A B r w own r r w own rights CNT-4403: 21.April.2015 26

Access Matrix Implementation Access Matrix can be sparse Space inefficient Instead Access Control Lists Capabilities Relations CNT-4403: 21.April.2015 27

Access Control List - ACL Maintained for each object (or subject) No entries when no permissions G: ACL A r B r B w B own Each column of the access matrix is stored with the object corresponding to that column CNT-4403: 21.April.2015 28

Capability Unforgeable token that gives possesor certain rights Object to which access is permitted Right for the object F How to make it unforgeable r Capability giving the right to read object F 1. Only OS can access capability user gets a pointer 2. Encrypted capabilities access control mechanism has key CNT-4403: 21.April.2015 29

Capability List: C-List F r F w F own G r Alice Each row of the access matrix is stored with the subject corresponding to that row CNT-4403: 21.April.2015 30

Access Control Relations Subject Access Object A r F A w F A own F A r G B r G B w G B own G Commonly used in relational database management systems CNT-4403: 21.April.2015 31

ACLs vs. Capabilities ACL's require authentication of subjects Capabilities do not require authentication of subjects, but do require Unforgeability Control of propagation of capabilities CNT-4403: 21.April.2015 32

Security Policies Statement of the security we expect the system to enforce Military Security Policy Commercial Security Policies Clark-Wilson Separation of Duty Chinese Wall Security Policy CNT-4403: 21.April.2015 33

Military Security Policy Each object has a sensitivity level rank object Unclassified, restricted, confidential, secret, top secret Top Secret Information at a level is More sensitive than level below Less sensitive than level above Secret Confidential Restricted Unclassified CNT-4403: 21.April.2015 34

Military Security Policy (cont d) Access according to need-to-know rule Information is associated to projects One or more Called compartments Example: Projects alpha and beta Both use secret information But staff on alpha does not need access to beta CNT-4403: 21.April.2015 35

Dominance Classification of an object <rank; compartments> Clearance of subject Indication that subject can access information up to a level of sensitivity <rank; compartments> Dominance: s o (subject dominates object) rank s rank o and compartments o included in compartments s Then s can read o CNT-4403: 21.April.2015 36

Dominance: Example Object classified <secret; {Sweden}> Accessible by subject with clearence <top secret; {Sweden}> : YES or NO? <secret; {Sweden, Denmark}>: YES or NO? <top secret; {Denmark}>: YES or NO? CNT-4403: 21.April.2015 37

Commercial Security Policies Concerns Industrial espionage Corporate finance leaks Clark-Wilson Separation of Duty (read P&P: C 5.2 pg. 250-1) Chinese Wall Security Policy Brewer and Nash 89 CNT-4403: 21.April.2015 38

Chinese Wall Security Policy Handles conflicts of interest in companies Person in company obtains sensitive information about competitors Three levels of abstraction Objects (e.g., files) concern a single company Company groups all objects pertaining to a company Conflict classes groups of competing companies Each object belongs to a single group Each company group belongs to single conflict class CNT-4403: 21.April.2015 39

Chinese Wall Security: Example Advertising company with multiple clients Rule: no employee knows sensitive information on competitors Fobidden! Chocolate Comp. Banks Citicorp Airlines Suchard Credit Lyonais Lyonnais United Nestle Deutche Bank CNT-4403: 21.April.2015 40

Chinese Wall Security: Example Advertising company with multiple clients Rule: no employee knows sensitive information on competitors Access to object granted only if First access to a conflict class Object is from same group as a previous access CNT-4403: 21.April.2015 41

Bell-LaPadula Model Formal description of the allowable paths of information flow in a secure system Describes allowable communication between subjects and object Formalization of the military security policy CNT-4403: 21.April.2015 42

Bell-LaPadula Definition Set S of subjects: s S has clearance C(s) Set O of objects: o O has classification C(o) Ordered by relation - dominance Simple Security Property: s may read o only if C(o) C(s) Clearance of s dominates classification of o Star Property: s who has read access to o may write to object p only if C(o) C(p) The contents of o can only be written to objects at least that high Prevents write-down CNT-4403: 21.April.2015 43

Bell-LaPadula Example High Write O 5 Write Clearance Sensitivity Read Bob Read O 4 Only if Carol does not have read access to higher level object! Write O 3 Write O2 Carol Write Read Alice Read O 6 O1 Low CNT-4403: 21.April.2015 44

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback