Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th...
-
date post
22-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th...
![Page 1: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/1.jpg)
Foundations of Network and Foundations of Network and Computer SecurityComputer Security
Guest Lecture forJohn Black
Lecture #16Oct 21th 2004
CSCI 6268/TLEN 5831, Fall 2004
![Page 2: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/2.jpg)
Attack on Chess Server Attack on Chess Server Methodology and Encryption Methodology and Encryption
SchemeScheme
JJohn Black
MMartin Cochran
RRyan Gardner
![Page 3: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/3.jpg)
Research OverviewResearch Overview• John Black, Martin Cochran, Ryan Gardner
• Summer project
• Found and analyzed several security flaws in a popular chess server
• Solutions for most problems
• No perfect solution for one!
• Wrote a paper (slashdotted)<http://www.cs.colorado.edu/~jrblack/papers/
icc.pdf>
![Page 4: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/4.jpg)
Presentation OutlinePresentation Outline• Background
– Server Background– Timestamping Background
• Project Overview
• Encryption
• Timestamping
• Conclusion
![Page 5: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/5.jpg)
Server (ICC) OverviewServer (ICC) Overview• Currently ICC (Internet Chess Club)
• Over 30,000 members
• Pay Site ($60/year)– Students pay less– World’s best pay nothing
• Madonna, Nicholas Cage, Will Smith, Sting, even Kasparov
• Best choice for online chess
![Page 6: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/6.jpg)
Server HistoryServer History• Was ICS (Internet Chess Server)
– Started in early 90’s– Free, open source– Basic interfaces– Functions
• Clients connected to server (exclusively)• It sent moves in the clear• Maintained the state of the game• Maintained clocks
![Page 7: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/7.jpg)
Basic IdeaBasic IdeaICC/ICS Server
Chess Client 1 Chess Client 2
Client 1 Move
Enforce Chess Rules
Maintain Clocks
Client 1 Move
![Page 8: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/8.jpg)
Server HistoryServer History• Problems
– Server was quite buggy– Crashed frequently– Short games were unplayable
• Network lag was deducted against the clock
![Page 9: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/9.jpg)
Server HistoryServer History• Daniel Sleator
– Theoretical Computer Science Professor– Carnegie Mellon University
• Problems fixed
• Source code not released
• ICC began (no longer free)
• Timestamping
![Page 10: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/10.jpg)
Timestamping BackgroundTimestamping Background
• Critical Issue– Serious chess is timed– Each player’s clock ticks during his turn– Player’s clock runs out, he loses
• Difficulty– Network lag appears as player’s thinking time
• Solution– Timestamp each move locally at client
![Page 11: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/11.jpg)
Timestamping IdeaTimestamping Idea
ICCServer
TimestampGUI
ClientTimestamp
GUIClient
Client 1 Client 2
![Page 12: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/12.jpg)
Timestamping BackgroundTimestamping Background
• Players now send time themselves• Can they lie?• Sleator’s solutions
– Source code to any timestamping software is not released
– Encrypt all data to and from server• (What’s wrong here?)
• Further results– Clients used to send sensitive information
![Page 13: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/13.jpg)
Presentation OutlinePresentation Outline• Background
• Project Overview
• Encryption
• Timestamping
• Conclusion
![Page 14: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/14.jpg)
Project OverviewProject Overview
• Two main attacks on server– Encryption (three main flaws)
• Key exchange• Block cipher• Mode of operation
– Timestamping (cheating in chess)
• Solutions
![Page 15: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/15.jpg)
Presentation OutlinePresentation Outline• Background• Project Overview• Encryption
– Key Exchange– Encryption Overview– Block Cipher– Mode of Operation
• Timestamping• Conclusion
![Page 16: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/16.jpg)
Encryption – Key ExchangeEncryption – Key Exchange
seed 1
seed 2
E(send_encryptor, “Darooha was here”)
E(receive_encryptor, “Darooha was here”)
Client ICC Server(internal generation of encryption keys)
![Page 17: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/17.jpg)
Encryption – Key ExchangeEncryption – Key Exchange
• Symmetric keys (seeds) exchanged in open!!!
• Only barrier– “Home-brewed” encryption scheme
• Response– Reverse engineer the linux timestamping
binary– (Symbols not removed)
![Page 18: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/18.jpg)
Encryption – Key ExchangeEncryption – Key Exchange
• Continuation– Reverse engineer additional code in Blitzin
(Windows client)
• Products– Sniffer/decryptor
• Linux client• Blitzin
– Timestamping client– (not released)
![Page 19: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/19.jpg)
Encryption – Key ExchangeEncryption – Key Exchange
• Solution– Use asymmetric key exchange
• Diffie-Hellman• RSA
![Page 20: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/20.jpg)
Presentation OutlinePresentation Outline• Background• Project Overview• Encryption Shortcomings
– Key Exchange– Encryption Overview– Block Cipher– Mode of Operation
• Timestamping Problems• Conclusion
![Page 21: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/21.jpg)
Encryption OverviewEncryption Overview
Block Cipher 64 Bit Key
LCG
100 chars of Plaintext100 char String S*
100 chars of Ciphertext
Pseudorandom Number
Counter
![Page 22: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/22.jpg)
Encryption – Block Cipher (Feistel)Encryption – Block Cipher (Feistel)
64 Bit Key
64 Bit Input x
32 MSB = L0 32 LSB = R0
f0
R1L1
16 Rounds
![Page 23: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/23.jpg)
The Round Function fThe Round Function f
• f : {0, 1}64 × {0, 1}32 × {0, 1}32→
{0, 1}32
• Takes 64 bit key, 32 bit input, round number• All arithmetic is signed and modulo 232
• stuff is a static array of 256 32-bit values
f(K, V, r) = stuff [(V [0] + V [1] + K[r mod 8]) mod 256] + V 2
![Page 24: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/24.jpg)
The Round Function fThe Round Function f
• What’s the problem here?• Reminder: What’s our goal?
– Chosen plaintext attack on the cipher– (Given a black box of the cipher and a random
permutation we can throw inputs at and get
outputs, can we distinguish between the two?)
f(K, V, r) = stuff [(V [0] + V [1] + K[r mod 8]) mod 256] + V 2
![Page 25: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/25.jpg)
Encryption – Block CipherEncryption – Block Cipher
• What happens with V2 mod 232?
• Recall: the first bit of a 2’s complement number can be thought of as having negative weight while the rest always have positive weight
V 2 ≡ V 2 (mod 232) (duh)
(V − 232)2 ≡ V 2 − 233V + 264 ≡ V 2 (mod 232)
![Page 26: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/26.jpg)
Encryption – Block CipherEncryption – Block Cipher
• f() does not use the highest bit of input!– Changing bit 31 or 63 of input changes only
bit 31 or 63 of output (respectively)
• Bad!– Identify Sleator’s cipher– Cipher used as random number generator– (However, actually less practical in this case)
![Page 27: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/27.jpg)
Presentation OutlinePresentation Outline• Background• Project Overview• Encryption
– Key Exchange– Encryption Overview– Block Cipher– Mode of Operation
• Timestamping• Conclusion
![Page 28: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/28.jpg)
S
Counter
64
send_encryptor64
64
3232
M
C
LCG1 LCG2
Generates a new seed every 100 characters
![Page 29: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/29.jpg)
Encryption – Mode of OperationEncryption – Mode of Operation
• LCGs (Linear Congruential Generator)
xn+1 = 3*xn(mod 43060573) + 1
yn+1 = 17*yn(mod 2413871)
S*n = xn yn (bytes)
![Page 30: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/30.jpg)
Encryption – Mode of OperationEncryption – Mode of Operation
• Poor choice of moduli– (We assume this mode of operation is bad
anyway)
• Attack– Assumes knowledge of first 10 plaintext
characters– Decrypt all 100 in block– <2 seconds on test program
![Page 31: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/31.jpg)
Encryption – Mode of OperationEncryption – Mode of Operation
• Attack overview– Try to guess yi outright (only 2413871
possible values)– Then we can determine lower bytes of the
corresponding xi’s
– By examining the ten values we have we can (almost always) determine proper xi’s if we have found the correct yi (not going into the details of this)
![Page 32: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/32.jpg)
Encryption - ConclusionsEncryption - Conclusions
• Two researched problems– Block cipher– Mode of operation
• Solution– Proven authenticated encryption scheme
• (OCB, IAMP, EAX)
![Page 33: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/33.jpg)
Presentation OutlinePresentation Outline• Background
• Project Overview
• Encryption
• Timestamping– Recap– Problems
• Conclusion
![Page 34: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/34.jpg)
Timestamping RecapTimestamping Recap
• Concerns– With local timestamping of moves can people cheat?
• Sleator’s solutions– Control source code– Encrypt
• Problems– Reverse engineer binary
• Write own fake timestamp client• Just hack the binary of existing code
– (Other problems, mention later)
![Page 35: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/35.jpg)
TimestampingTimestamping• Additional measures
– Strip symbols– Obfuscate code
• No perfect solution– Specialty hardware– Remove timestamping ability (horrible)– Estimate lag to host from server– Estimate lag to some number of hops– Send a Java program for each game with a
unique key embedded in it
![Page 36: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/36.jpg)
TimestampingTimestamping• Other Problems
– Must determine time at some point– Requires operating system call!– Easy to hack
• Ideas?– Talk to John
![Page 37: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/37.jpg)
Presentation OutlinePresentation Outline• Background
• Project Overview
• Encryption
• Timestamping
• Conclusion
![Page 38: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/38.jpg)
ConclusionConclusion
• Designing cryptosystems– Very difficult– Wagner quote
• Timestamping security model– Formidable– Similar to DRM– No solutions, still existing problem
![Page 39: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/39.jpg)
Wagner QuoteWagner QuoteWell known professor from Berkeley –
"What makes you think you can invent a good cipher if you have noexpertise in the subject? Maybe you can, but it's not terriblylikely. Imagine how you would react if your doctor told you "Youhave appendicitis, a disease that is life-threatening if not treated.We have a time-tested cure that cures 99% of all patients with nonoticeable side-effects, but I'm not going to give you that: I'mgoing to give you a new experimental treatment my cousin dreamedup last week. No, my cousin has no medical training. No, I have noevidence that the new treatment will work, and it's never beentested or analyzed in depth -- but I'm going to give it to youanyway because my cousin thinks it is good stuff." You'd find another doctor, I hope. Rational people leave medical care to the medical experts. The medical experts have a much better track record than the quacks."
-- David Wagner PhD, sci.crypt, 19th Oct 02
![Page 40: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/40.jpg)
EthicsEthics
• Paper release– To Dan Sleator first– Gave him time
• No source code released
![Page 41: Foundations of Network and Computer Security Guest Lecture for J ohn Black Lecture #16 Oct 21 th 2004 CSCI 6268/TLEN 5831, Fall 2004.](https://reader030.fdocuments.us/reader030/viewer/2022032704/56649d795503460f94a5d358/html5/thumbnails/41.jpg)
Questions?Questions?