CS Computer Security Third topic: Crypto Support Sys

Transcription

1 Systems used with cryptography CS Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission) January, 2016

2 Life...

3 Outline Systems used with cryptography 1 Systems used with cryptography Crypto modes Public Key Infrastructure 2 Key exchange 3 Penetration testing

6 Outline Systems used with cryptography Crypto modes Public Key Infrastructure 1 Systems used with cryptography Crypto modes Public Key Infrastructure 2 Key exchange 3 Penetration testing

7 Systems used with cryptography (DES) modes of operation Crypto modes Public Key Infrastructure (CS2107) ECB, CFB and CBC Electronic Code Book Cipher Feedback Cipher Block Chaining Initial vector msg Initial vector msg msg k DES k DES k DES DES DES msg msg Ctext Ctext Ctext Ctext Ctext The US government recommends not using the Electronic Codebook (ECB) mode. They recommend Cipher Feedback (CFB) or Cipher Block Chaining (CBC) modes.

8 Systems used with cryptography Comparing ECB and CBC... Crypto modes Public Key Infrastructure (CS2107) From Bart Praneel Original image AES in ECB AES in CBC The original image is encoded using ECB (AES), middle image retains some easily retrievable information.

9 2DES Systems used with cryptography Crypto modes Public Key Infrastructure (CS2107) Lets say we wanted to use 2*56 bit keys (to get keys) The mythical 2DES msg k1 DES k2 DES Ctext Ctext We could write this as E(k 2,E(k 1,p)), and it sounds plausible. Unfortunately, there is an attack on this idea, known as the meet-in-the-middle attack.

10 2DES attack (CS2107) Meet-in-the-middle P DES 1 DES C k* Find matches in two large tables k* Starts with the attacker having a plaintext, ciphertext pair p, c. The attacker computes two tables: E(k,p) for each of the 2 56 keys, and D(k,c) for each of the 2 56 keys. For each match in the two tables, you have found a possible key, with only 2 57 DES operations (ie - not ). The extra level of encryption gives only one extra bit of security (not 56).

11 Systems used with cryptography Crypto modes Public Key Infrastructure Officially: Triple DES (commonly 3DES) Does not respond as much to the meet-in-the-middle attack msg 3DES k1 DES k2 DES 1 k3 DES Ctext Ctext Ctext Example of its use? man ssh The middle stage is a decryption.

12 Outline Systems used with cryptography Crypto modes Public Key Infrastructure 1 Systems used with cryptography Crypto modes Public Key Infrastructure 2 Key exchange 3 Penetration testing

13 Man-in-the-middle for Public Keys (CS2107) Motivation for PKI: Alice Harry Bob 5: Alice now uses wrong public key 4: Harry returns his own public key 6: Harry can read, and re encode Alice s msgs 3: Bob returns his public key 1: Alice asks Bob for his public key 2: Harry asks Bob for his public key

14 The certification mechanism (CS2107) RA and CA: RA (Registration Authority) CA (Certification Authority) Bob 2: RA verifies Bob, and requests certificate Bob 1: Bob registers with CA through RA Bob Bob Bob (SIGNED) 3: CA generates a certificate with Bob s identity and public key 4: Anyone can check Bob s key using CA s public key

15 Certificates (CS2107) Viewing a signed certificate:

16 Sample PK system: PGP Pretty Good Privacy. What is it? PGP is a public key encryption package to protect and data files. It lets you communicate securely with people you ve never met, with no secure channels needed for prior exchange of keys. PGP can be used to append digital signatures to messages, as well as encrypt the messages, or do both. Properties of PGP It uses various schemes including patented ones like IDEA and RSA. The patent on IDEA allows non-commercial distribution, and the RSA patent has expired. There are commercial versions of PGP. PGP can use, for example, 2048 bit primes, and it is considered unlikely that PGP with this level of encryption can be broken.

17 PGPfone Source is available... In 2003, it was available in two versions: 1 An international version available outside America, and a prohibited import into America. 2 An American version available inside America, and a prohibited export out of America. These two versions are also exactly the same! This is because of restrictions on the import and export of munitions (strong cryptography).

18 PGPfone Familiar encryption and key exchange parameters: When initially setting up a link, Diffie-Hellman key exchange is used to ensure safety in the choice of an encryption key.

19 Sample PK system: Skype Much more familiar:

20 Skype Three interesting points: AES, RSA, Signatures

21 Outline Systems used with cryptography Key exchange 1 Systems used with cryptography Crypto modes Public Key Infrastructure 2 Key exchange 3 Penetration testing

22 Systems used with cryptography Key exchange Exchanging/transferring a key Some aspects of security are determined by the way in which we do things (the protocol), rather than what is actually done. Two locks better than one?

23 Systems used with cryptography Key exchange But we still have a key/lock transfer problem... A relatively recent new idea... In 1976 Diffie and Hellman published the paper New Directions in Cryptography, introducing the idea of public key cryptography. It relies on the use of one-way functions which are not realistically invertible unless you have a deciphering key... Easy to do one way - hard to do the other way. The discrete logarithm problem (one-way function): easy to calculate n = g k mod p given g, k and p, (p is a prime) hard to calculate k in the same equation, given g, n and p.

24 Diffie-Hellman key agreement (not transfer) Two separated users create and share a secret key. A third party is not realistically able to calculate the shared key. Alice p,g,a a g mod p b g mod p Bob p,g,b b g mod p a g mod p p,g a g mod p b g mod p Ted

25 After exchange, knowledge is different Only Alice knows a, only Bob knows b... Alice g,p g a mod p, g b mod p a Bob g,p g a mod p, g b mod p b g,p g a mod p, g b mod p Ted

26 Systems used with cryptography Key exchange Diffie-Hellman key agreement So what does each party do? Both Alice and Bob can now calculate the value g ab mod p. 1 Alice calculates (g b mod p) a mod p = (g b ) a mod p. 2 Bob calculates (g a mod p) b mod p = (g a ) b mod p. Shared key is (g b ) a mod p = (g a ) b mod p = g ab mod p. Ted has a much more difficult problem. It is difficult to calculate g ab mod p without knowing either a or b. The algorithmic run-time of the (so-far best) algorithm is: O(e c r logr ) where c is small, but 1, and r is the number of bits

27 Diffie-Hellman key agreement Forward function may be done in O(r) Bit size Forward Reverse: Discrete logarithm solution ,386,282 1,000 1, ,700,000,000,000,000,000,000 Relies on doing BIG number maths 1000 bit maths involves numbers with more than 300 decimal digits. The C int has 10 or so digits. To calculate g b mod p where g,b and p are small is easy, but we need some math tricks when they are large. Why primes? Fermat s little theorem

28 Outline Systems used with cryptography Penetration testing 1 Systems used with cryptography Crypto modes Public Key Infrastructure 2 Key exchange 3 Penetration testing

29 The landscape... Systems used with cryptography Penetration testing Network interconnectivity has changed the landscape... Services/protocols are how we use remote computers... HTML - originally pretty safe and simple, but consider possible buffer overflow attacks on the server... Active HTML - needed because we want more active content; and generate (personalized) web pages on-the-fly. This leads to threats to both the server and client - the use of cookies, and Java and Javascript on the client. We also have server-side scripting/coding.

30 Basic tools... Systems used with cryptography Penetration testing Will be explored in the lab/tutorials... nmap, ping, traceroute: test remote computer access... wireshark, kismet: monitor network traffic...

31 Nessus - Remote security scanning tool

32 Metasploit - penetration testing