encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit

Transcription

1 Overview of the DES Introduction to Computer Security Lecture 6 Cryptography October 2, 2003 A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher performs both substitution and transposition (permutation) on the bits basic unit is the bit Consists of 16 rounds (iterations) each with a round key generated from the user-supplied supplied key Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security 1 INFSCI 2935: Introduction to Computer Security 2 1

2 DES DES Encryption Round keys are 48 bits each Extracted from 64 bits Permutation applied Deciphering involves using round keys in reverse input IP L 0 R 0 f K 1 L = R 1 0 R = L 1 0 f(r, K ) 0 1 R = L f (R, K ) L = R IP -1 output INFSCI 2935: Introduction to Computer Security 3 INFSCI 2935: Introduction to Computer Security 4 2

3 The f function Controversy R i-1 (32 bits) Expansion Permutation R i-1 (48 bits) K i (48 bits) 6 bits into each S1 S2 S3 S4 S5 S6 S7 S8 Considered too weak Considered too weak Diffie, Hellman said in a few years technology would allow DES to be broken in days Design using 1999 technology published Design decisions not public S-boxes may have backdoors 4 bits out of each P 32 bits INFSCI 2935: Introduction to Computer Security 5 INFSCI 2935: Introduction to Computer Security 6 3

4 Undesirable Properties 4 weak keys They are their own inverses 12 semi-weak keys Each has another semi-weak key as inverse Complementation property DES k (m) = c DES k (m ) = c S-boxes exhibit irregular properties Distribution of odd, even numbers non-random Outputs of fourth box depends on input to third box Reasons for structure were suspicious Differential Cryptanalysis A form of chosen plaintext attack Involves encrypting many texts that are only slightly different from one another and comparing results Requires 2 47 plaintext, ciphertext pairs Revealed several properties Small changes in S-boxes reduce the number of pairs needed Making every bit of the round keys independent does not impede attack Linear cryptanalysis improves result Requires 2 43 plaintext, ciphertext pairs INFSCI 2935: Introduction to Computer Security 7 INFSCI 2935: Introduction to Computer Security 8 4

5 DES Modes Electronic Code Book Mode (ECB): Encipher each block independently Cipher Block Chaining Mode (CBC) XOR each block with previous ciphertext block Uses an initialization vector for the first one init. vector m 1 DES c 1 sent m 2 DES INFSCI 2935: Introduction to Computer Security 9 c 2 sent CBC Mode Decryption init. vector c 1 DES m 1 c 2 DES CBC has self healing property If one block of ciphertext is altered, the error propagates for at most two blocks INFSCI 2935: Introduction to Computer Security 10 m 2 5

6 Self-Healing Property Current Status of DES Initial message Received as (underlined 4c should be 4b) ef7c4cb2b4ce6f3b f6266e3a97af0e2c 746ab9a6308f e60b451b09603d Which decrypts to efca61e19f4836f Incorrect bytes underlined; plaintext heals after 2 blocks Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998 Several challenges to break DES messages solved using distributed computing NIST selected Rijndael as Advanced Encryption Standard, successor to DES Designed to withstand attacks that were successful on DES INFSCI 2935: Introduction to Computer Security 11 INFSCI 2935: Introduction to Computer Security 12 6

7 Public Key Cryptography Two keys Private key known only to individual Public key available to anyone Idea Confidentiality: encipher using public key, decipher using private key Integrity/authentication: encipher using private key, decipher using public one Requirements 1. Given the appropriate key, it must be computationally easy to encipher or decipher a message 2. It must be computationally infeasible to derive the private key from the public key 3. It must be computationally infeasible to determine the private key from a chosen plaintext attack INFSCI 2935: Introduction to Computer Security 13 INFSCI 2935: Introduction to Computer Security 14 7

8 Diffie-Hellman Compute a common, shared key Called a symmetric key exchange protocol Based on discrete logarithm problem Given integers n and g and prime number p, compute k such that n = g k mod p Solutions known for small p Solutions computationally infeasible as p grows large hence, choose large p INFSCI 2935: Introduction to Computer Security 15 Algorithm Constants known to participants prime p; integer g other than 0, 1 or p 1 : (private = k, public = K A A ) : (private = k, public = K B B ) K A = g ka mod p K B = g kb mod p To communicate with, Anne computes S A, B = K ka B mod p To communicate with, computes S B, A = K A kb mod p S A, B = S B, A B, A? INFSCI 2935: Introduction to Computer Security 16 8

9 Example Assume p = 53 and g = 17 chooses k A = 5 Then K A = 17 5 mod 53 = 40 chooses k B = 7 Then K B = 17 7 mod 53 = 6 Shared key: K ka B mod p = 6 5 mod 53 = 38 K kb A mod p = 40 7 mod 53 = 38 Let p = 5, g = 3 k A = 4, k B = 3 K A =?, K B =?, S =?, RSA Relies on the difficulty of determining the number of numbers relatively prime to a large integer n Totient function φ(n) Number of + integers less than n and relatively prime to n Relatively prime means with no factors in common with n Example: φ(10) = 4 1, 3, 7, 9 are relatively prime to 10 φ(77)? φ(p)? When p is a prime number φ(pq)? When p and q are prime numbers INFSCI 2935: Introduction to Computer Security 17 INFSCI 2935: Introduction to Computer Security 18 9

10 Algorithm Confidentiality using RSA Choose two large prime numbers p, q Let n = pq; then φ(n) = (p 1)(q 1) Choose e < n relatively prime to φ(n). Compute d such that ed mod φ(n) = 1 Public key: (e, n); ; private key: d (or (d, n)) Encipher: c = m e mod n Decipher: m = c d mod n Message Source X Y X Encryption Decryption k B Message Source K B Key Source INFSCI 2935: Introduction to Computer Security 19 INFSCI 2935: Introduction to Computer Security 20 10

11 Example: Confidentiality Example Take p = 7, q = 11, so n = 77 and φ(n) ) = 60 Say chooses (K B ) e = 17, making (k B ) d = x 53 mod 60 =? wants to send secret message HELLO [ ] mod 77 = mod 77 = mod 77 = mod 77 = mod 77 = 42 sends ciphertext [ ] receives [ ] uses private key (k B ), d = 53, to decrypt the message: mod 77 = 07 H mod 77 = 04 E mod 77 = 11 L mod 77 = 11 L mod 77 = 14 O No one else could read it, as only knows his private key and that is needed for decryption INFSCI 2935: Introduction to Computer Security 21 INFSCI 2935: Introduction to Computer Security 22 11

12 Authentication using RSA Example: Origin Integrity/Authentication Take p = 7, q = 11, so n = 77 and φ(n) ) = 60 Message Source X Y X Encryption Decryption K A k A Key Source Message Source chooses (K A ) e = 17, making (k A ) d = 53 wants to send message HELLO [ ] so knows it is what sent and there was no changes in transit mod 77 = mod 77 = mod 77 = mod 77 = mod 77 = 49 sends [ ] INFSCI 2935: Introduction to Computer Security 23 INFSCI 2935: Introduction to Computer Security 24 12

13 Example Confidentiality + Authentication receives uses s public key (KA), e = 17, n = 77, to decrypt message: mod 77 = 07 H mod 77 = 04 E mod 77 = 11 L mod 77 = 11 L mod 77 = 14 O sent it as only she knows her private key, so no one else could have enciphered it If (enciphered) message s blocks (letters) altered in transit, w ould not decrypt properly Message Source X X Z Encryption Encryption k A K B Key Source Decryption Y k B Key Source Decryption X K A Message Source INFSCI 2935: Introduction to Computer Security 25 INFSCI 2935: Introduction to Computer Security 26 13

14 Example: Confidentiality + Authentication wants to send message HELLO both enciphered and authenticated (integrity-checked) s keys: public (17, 77); private: 53 s keys: public: (37, 77); private: 13 enciphers HELLO [ ]: (07 53 mod 77) 37 mod 77 = 07 (04 53 mod 77) 37 mod 77 = 37 (11 53 mod 77) 37 mod 77 = 44 (11 53 mod 77) 37 mod 77 = 44 (14 53 mod 77) 37 mod 77 = 14 sends [ ] Example: Confidentiality + Authentication s keys: public (17, 77); private: 53 s keys: public: (37, 77); private: 13 deciphers ( ): (07 13 mod 77) 17 mod 77 = 07 H (37 13 mod 77) 17 mod 77 = 04 E (44 13 mod 77) 17 mod 77 = 11 L (44 13 mod 77) 17 mod 77 = 11 L (14 13 mod 77) 17 mod 77 = 14 O INFSCI 2935: Introduction to Computer Security 27 INFSCI 2935: Introduction to Computer Security 28 14

15 Security Services More Security Services Confidentiality Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key Authentication Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner Integrity Enciphered letters cannot be changed undetectably without knowing private key Non-Repudiation Message enciphered with private key came from someone who knew it INFSCI 2935: Introduction to Computer Security 29 INFSCI 2935: Introduction to Computer Security 30 15

16 Warnings Encipher message in blocks considerably larger than the examples here If 1 character per block, RSA can be broken using statistical attacks (just like classical cryptosystems) Attacker cannot alter letters, but can rearrange them and alter message meaning Example: reverse enciphered message of text ON to get NO Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k = n). k is smaller then n except in unusual circumstances Keyed CC: requires a cryptographic key h = C K (M) Keyless CC: requires no cryptographic key Message Digest or One-way Hash Functions h = H(M) Can be used for message authentication Can be used for message authentication Hence, also called Message Authentication Code (MAC) INFSCI 2935: Introduction to Computer Security 31 INFSCI 2935: Introduction to Computer Security 32 16

17 Mathematical characteristics Every bit of the message digest function potentially influenced by every bit of the function s input If any given bit of the function s input is changed, every output bit has a 50 percent chance of changing Given an input file and its corresponding message digest, it should be computationally infeasible to find another file with the same message digest value Definition Cryptographic checksum function h: A B: 1. For any x A, h(x) is easy to compute Makes hardware/software implementation easy 2. For any y B, it is computationally infeasible to find x A such that h(x) = y One-way proerpty 3. It is computationally infeasible to find x, x A such that x? x and h(x) = h(x ) 3. Alternate form (Stronger): Given any x A, it is computationally infeasible to find a different x A such that h(x) = h(x ). INFSCI 2935: Introduction to Computer Security 33 INFSCI 2935: Introduction to Computer Security 34 17

18 Collisions If x? x and h(x) ) = h(x ), x and x are a collision Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. Application: suppose n = 5 and k = 3. Then there are 32 elements of A and 8 elements of B, so at least one element of B has at least 4 corresponding elements of A Keys Keyed cryptographic checksum: requires cryptographic key DES in chaining mode: encipher message, use last n bits. Requires a key to encipher, so it is a keyed cryptographic checksum. Keyless cryptographic checksum: requires no cryptographic key MD5 and SHA-1 are best known; others include MD4, HAVAL, and Snefru INFSCI 2935: Introduction to Computer Security 35 INFSCI 2935: Introduction to Computer Security 36 18

19 Message Digest MD2, MD4, MD5 (Ronald Rivest) Produces 128-bit digest; MD2 is probably the most secure, longest to compute (hence rarely used) MD4 is a fast alternative; MD5 is modification of MD4 SHA, SHA -1 (Secure Hash Algorithm) Related to MD4; used by NIST s Digital Signature Produces 160-bit digest SHA-1 may be better SHA -256, SHA -384, SHA , 384-, 512 hash functions designed to be use with the Advanced Encryption Standards (AES) Example: MD5(There is $1500 in the blue bo) = f80b3fde8ecbac1b515960b9058de7a1 MD5(There is $1500 in the blue box) = a4a5471a0e019a4a502134d38fb64729 INFSCI 2935: Introduction to Computer Security 37 Hash Message Authentication Code (HMAC) Make keyed cryptographic checksums from keyless cryptographic checksums h keyless cryptographic checksum function that takes data in blocks of b bytes and outputs blocks of l bytes. k is cryptographic key of length b bytes If short, pad with 0 bytes; if long, hash to length b ipad is repeated b times opad is repeated b times HMAC-h(k, m) ) = h(k opad h(k ipad m)) exclusive or, concatenation INFSCI 2935: Introduction to Computer Security 38 19

20 Security Levels Unconditionally Secure Unlimited resources + unlimited time Still the plaintext CANNOT be recovered from the ciphertext Computationally Secure Cost of breaking a ciphertext exceeds the value of the hidden information The time taken to break the ciphertext exceeds the useful lifetime of the information Key Points Two main types of cryptosystems: classical and public key Classical cryptosystems encipher and decipher using the same key Or one key is easily derived from the other Public key cryptosystems encipher and decipher using different keys Computationally infeasible to derive one from the other INFSCI 2935: Introduction to Computer Security 39 INFSCI 2935: Introduction to Computer Security 40 20

21 Issues Key Management Authentication and distribution of keys Session key Key exchange protocols Kerberos Mechanisms to bind an identity to a key Generation, maintenance and revoking of keys Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security 41 INFSCI 2935: Introduction to Computer Security 42 21

22 Notation X Y : { Z W } k X,Y X sends Y the message produced by concatenating Z and W enciphered by key k X,Y, which is shared by users X and Y A T : { Z } k { W } k A A,T A sends T a message consisting of the concatenation of Z enciphered using k A, A s key, and W enciphered using k A,T, the key shared by A and T r 1, r 2 nonces (nonrepeating random numbers) Session, Interchange Keys wants to send a message m to Assume public key encryption generates a random cryptographic key k s and uses it to encipher m To be used for this message only Called a session key She enciphers k s with s public key k B k B enciphers all session keys uses to communicate with Called an interchange key sends { m } k s { k s } k B INFSCI 2935: Introduction to Computer Security 43 INFSCI 2935: Introduction to Computer Security 44 22

23 Benefits Limits amount of traffic enciphered with single key Standard practice, to decrease the amount of traffic an attacker can obtain Makes replay attack less effective Prevents some attacks Example: will send message that is either BUY or SELL. Eve computes possible ciphertexts { BUY } k B and { SELL } k B. Eve intercepts enciphered message, compares, and gets plaintext at once INFSCI 2935: Introduction to Computer Security 45 Key Exchange Algorithms Goal:, use a shared key to communicate secretely Criteria Key cannot be sent in clear Attacker can listen in Key can be sent enciphered, or derived from exchanged data plus data not known to an eavesdropper, may trust third party All cryptosystems, protocols publicly known Only secret data is the keys, ancillary information known only to and needed to derive keys Anything transmitted is assumed known to attacker INFSCI 2935: Introduction to Computer Security 46 23

24 Classical Key Exchange Simple Key Exchange Protocol How do, begin? can t send it to in the clear! Assume trusted third party, Cathy and Cathy share secret key k A and Cathy share secret key k B Use this to exchange shared key Use this to exchange shared key k s { request for session key to } k A { k s }k A, { k s }k B { k s } k B Cathy Cathy {m}k s INFSCI 2935: Introduction to Computer Security 47 Eve INFSCI 2935: Introduction to Computer Security 48 24

25 Problems Needham-Schroeder How does know he is talking to? Replay attack: Eve records message from to, later replays it; may think he s talking to, but he isn t Session key reuse: Eve replays message from to, so re-uses session key Protocols must provide authentication and defense against replay r 1 { r 1 k s, { k s } k B } k A { k s } k B { r 2 } k s { r 2 1 } k s Cathy Cathy INFSCI 2935: Introduction to Computer Security 49 INFSCI 2935: Introduction to Computer Security 50 25

26 Argument: talking to Argument: talking to Second message Enciphered using key only she, Cathy know So Cathy enciphered it Response to first message As r 1 in it matches r 1 in first message Third message knows only can read it As only can derive session key from message Any messages enciphered with that key are from Third message Enciphered using key only he, Cathy know So Cathy enciphered it Names, session key Cathy provided session key, says is other party Fourth message Uses session key to determine if it is replay from Eve If not, will respond correctly in fifth message If so, Eve can t decipher r 2 and so can t respond, or responds incorrectly INFSCI 2935: Introduction to Computer Security 51 INFSCI 2935: Introduction to Computer Security 52 26

27 Problem with Needham-Schroeder Assumption: all keys are secret Question: suppose Eve can obtain session key. How does that affect protocol? In what follows, Eve knows k s Eve Eve Eve { k s } k B [Replay] { r 3 } k s [Eve intercepts] { r 3 1 } k s INFSCI 2935: Introduction to Computer Security 53 Solution: Denning-Sacco Modification In protocol above, Eve impersonates Problem: replay in third step First in previous slide Solution: use time stamp T to detect replay Needs synchronized clocks Weakness: if clocks not synchronized, may either reject valid messages or accept replays Parties with either slow or fast clocks vulnerable to replay Resetting clock does not eliminate vulnerability INFSCI 2935: Introduction to Computer Security 54 27

28 Needham-Schroeder with Denning-Sacco Modification Otway-Rees Protocol r 1 { r 1 k s { T k s } k B } k A { T k s } k B { r 2 } k s { r 2 1 } k s Cathy Cathy Corrects problem That is, Eve replaying the third message in the protocol Does not use timestamps Not vulnerable to the problems that Denning- Saccomodification has Uses integer n to associate all messages with a particular exchange INFSCI 2935: Introduction to Computer Security 55 INFSCI 2935: Introduction to Computer Security 56 28

29 The Protocol Argument: talking to Cathy Cathy n { r 1 n } k A n { r 1 n } k A { r 2 n } k B n { r 1 k s } k A { r 2 k s } k B Fourth message Fourth message If n matches first message, knows it is part of this protocol exchange Cathy generated k s because only she, know k A Enciphered part belongs to exchange as r 1 matches r 1 in encrypted part of first message n { r 1 k s } k A INFSCI 2935: Introduction to Computer Security 57 INFSCI 2935: Introduction to Computer Security 58 29

30 Argument: talking to Third message If n matches second message, knows it is part of this protocol exchange Cathy generated k s because only she, know k B Enciphered part belongs to exchange as r 2 matches r 2 in encrypted part of second message Replay Attack Eve acquires old k s, message in third step n { r 1 k s } k A { r 2 k s } k B Eve forwards appropriate part to has no ongoing key exchange with : n matches nothing, so is rejected has ongoing key exchange with : n does not match, so is again rejected If replay is for the current key exchange, and Eve sent the relevant part before did, Eve could simply listen to traffic; no replay involved INFSCI 2935: Introduction to Computer Security 59 INFSCI 2935: Introduction to Computer Security 60 30

31 Kerberos Overview Authentication system Based on Needham-Schroeder with Denning-Sacco modification Central server plays role of trusted third party ( Cathy ) Ticket (credential) Issuer vouches for identity of requester of service Authenticator Identifies sender must 1. Authenticate herself to the system 2. Obtain ticket to use server S User u authenticates to Kerberos server Obtains ticket T u,tgs for ticket granting service (TGS) User u wants to use service s: User sends authenticator A u, ticket T u,tgs to TGS asking for ticket for service TGS sends ticket T u,s to user User sends A u, T u,s to server as request to use s Details follow INFSCI 2935: Introduction to Computer Security 61 INFSCI 2935: Introduction to Computer Security 62 31

32 Ticket Credential saying issuer has identified ticket requester Example ticket issued to user u for service s T u,s = s { u u s address valid time k u,s } k s where: k u,s is session key for user and service Valid time is interval for which the ticket is valid u s address may be IP address or something else Note: more fields, but not relevant here Authenticator Credential containing identity of sender of ticket Used to confirm sender is entity to which ticket was issued Example: authenticator user u generates for service s A u,s = { u generation time k t } k u,s where: k t is alternate session key Generation time is when authenticator generated Note: more fields, not relevant here INFSCI 2935: Introduction to Computer Security 63 INFSCI 2935: Introduction to Computer Security 64 32

33 Protocol Analysis user Cathy user user user user user TGS { k u,tgs } k u T u,tgs service A u,tgs T u,tgs user { k u,s } k u,tgs T u,s A u,s T u,s { t + 1 } k u,s Cathy user TGS TGS service service First two steps get user ticket to use TGS User u can obtain session key only if u knows key shared with Cathy Next four steps show how u gets and uses ticket for service s Service s validates request by checking sender (using A u,s ) is same as entity ticket issued to Step 6 optional; used when u requests confirmation INFSCI 2935: Introduction to Computer Security 65 INFSCI 2935: Introduction to Computer Security 66 33

34 Problems Public Key Key Exchange Relies on synchronized clocks If not synchronized and old tickets, authenticators not cached, replay is possible Tickets have some fixed fields Dictionary attacks possible Kerberos 4 session keys weak (had much less than 56 bits of randomness); researchers at Purdue found them from tickets in minutes Here interchange keys known e A, e B and s public keys known to all d A, d B and s private keys known only to owner Simple protocol k s is desired session key { k s } e B INFSCI 2935: Introduction to Computer Security 67 INFSCI 2935: Introduction to Computer Security 68 34

35 Problem and Solution Notes Vulnerable to forgery or replay Because e B known to anyone, has no assurance that sent message Simple fix uses s private key k s is desired session key { { k s } d A } e B Can include message enciphered with k s Assumes has s public key, and vice versa If not, each must get it from public server If keys not bound to identity of owner, attacker Eve can launch a man-in-the-middle attack (next slide; Cathy is public server providing public keys) INFSCI 2935: Introduction to Computer Security 69 INFSCI 2935: Introduction to Computer Security 70 35

36 Man-in-the-Middle Attack Key Generation send me s public key Eve intercepts request Cathy send me s public key Eve Cathy e E Eve Eve { k s } e E Eve intercepts message e B Cathy Goal: generate difficult to guess keys Problem statement: given a set of K potential keys, choose one randomly Equivalent to selecting a random number between 0 and K 1 inclusive Why is this hard: generating random numbers Why is this hard: generating random numbers Actually, numbers are usually pseudo-random, that is, generated by an algorithm Eve { k s } e B INFSCI 2935: Introduction to Computer Security 71 INFSCI 2935: Introduction to Computer Security 72 36

37 What is Random? Sequence of cryptographically ransom numbers: : a sequence of numbers n 1, n 2, such that for any integer k > 0, an observer cannot predict n k even if all of n 1,, n k 1 are known Best: physical source of randomness Electromagnetic phenomena Characteristics of computing environment such as disk latency Ambient background noise What is Pseudorandom? Sequence of cryptographically pseudorandom numbers: : sequence of numbers intended to simulate a sequence of cryptographically random numbers but generated by an algorithm Very difficult to do this well Linear congruential generators [n k = (an k 1 + b) mod n] broken (a, b and n are relatively prime) Polynomial congruential generators [n k = (a j n k 1 j + + a 1 n k 1 a 0 ) mod n] broken too Here, broken means next number in sequence can be determined INFSCI 2935: Introduction to Computer Security 73 INFSCI 2935: Introduction to Computer Security 74 37

38 Best Pseudorandom Numbers Strong mixing function: : function of 2 or more inputs with each bit of output depending on some nonlinear function of all input bits Examples: DES, MD5, SHA-1 Use on UNIX-based systems: (date; ps gaux) md5 where ps gaux lists all information about all processes on system Digital Signature Construct that authenticates origin, contents of message in a manner provable to a disinterested third party ( judge ) Sender cannot deny having sent message (service is nonrepudiation ) Limited to technical proofs Inability to deny one s cryptographic key was used to sign One could claim the cryptographic key was stolen or compromised Legal proofs, etc., probably required; INFSCI 2935: Introduction to Computer Security 75 INFSCI 2935: Introduction to Computer Security 76 38

39 Common Error Classical:, share key k sends m { m }k to This is a digital signature WRONG This is not a digital signature Why? Third party cannot determine whether or generated message Classical Digital Signatures Require trusted third party, each share keys with trusted party Cathy To resolve dispute, judge gets { m }k, { m }k, and has Cathy decipher them; if messages matched, contract was signed { m }k { m }k Cathy Cathy { m }k INFSCI 2935: Introduction to Computer Security 77 INFSCI 2935: Introduction to Computer Security 78 39

40 Public Key Digital Signatures s keys are d, e sends m { m }d In case of dispute, judge computes { { m }d }e and if it is m,, signed message She s the only one who knows d! INFSCI 2935: Introduction to Computer Security 79 40