Lecture 1 Overview. Computer-Based System Hardware Software Data Vulnerability – Weakness (to be...

Lecture 1 Overview

Computer-Based System• Hardware• Software• Data

• Vulnerability– Weakness (to be exploited)

• Threat– Circumstances (Potential to cause harm)

• Attack– Exploits vulnerabilities

CS 450/650 Fundamentals of Integrated Computer Security 2

Threats

• Interception– Unauthorized party has gained access to an asset

• Interruption– An asset becomes lost, unavailable, or unusable

• Modification– Unauthorized party tampers with an asset

• Fabrication– Unauthorized party may create objects


Security Goals


AvailabilityAvailability

ConfidentialityConfidentiality

IntegrityIntegrity

Assets are accessed

only by authorized people

Assets can be modified

only by authorized people

Assets are accessible to

authorized people

Lecture 2

Elementary Cryptography

CS 450/650

Fundamentals of Integrated Computer Security

Slides are modified from Hesham El-Rewini

Objectives

• Learn how cryptography works

• Learn how encryption systems are broken

• Understand basic ciphers: – substitution and transposition codes


Goal of Cryptography

• Ensure security of communication over insecure medium– Privacy (secrecy, confidentiality)– Integrity

• Communicate even with possibility of adversaries


Main Components in Sending Messages


sender receiverMedium

Intruder

• Interrupt

• Intercept

• Modify

• Fabricate

•Availability

•Confidentiality

•Integrity

Approaches to Secure Communication

• Steganography– Hide message existence

●Cryptography Hide message meaning


Cryptography• Secret writing

– Disguised data cannot be read, modified, or fabricated easily

• Encryption : encoding (encipher)plaintext cipher textP = <p1, p2, p3, .., pn> C = <c1, c2, c3, .., cm> C = E(c) (E = encryption rule)

• Decryption : decoding (decipher)Cipher text plaintextC = <c1, c2, c3, .., cm> P = <p1, p2, p3, .., pn> P = D(c) (D = decryption rule)


Cryptosystem

• How does this help us accomplish our goals?– Privacy– Integrity


Encryption


Encryption Decryptionplaintext

Original

plaintextciphertextKeylessKeyless


Original

plaintextciphertext

Symmetric keySymmetric key


Original

plaintextciphertext

Asymmetric keyAsymmetric key

Cryptanalysis

• How to break an encryption!

• Cryptanalyst– Deduce the original meaning of the ciphertext– Determine the decryption algorithm that matches

the encryption one used

Breakable Encryption!


Exercise

wklv phvvdjh lv qrw wrr kdug wr euhdn


Ciphers

• Substitution Ciphers– Substitute a character or a symbol for each

character of the original message

• Transposition Ciphers– The order of letters is rearranged

• Notation– UPPERCASE PLAINTEXT– lowercase ciphertext


The Caesar Cipher -- Substitution

Ci = pi + 3

A dB eC f…X aY bZ c


Cryptanalysis of the Caesar Cipher

• TREATY IMPOSSIBLE wuhdwb lpsrvvleoh

–Break is preserved–Double letters are preserved–Repeated letters


Other Substitutions: Permutation

• Alphabet is scrambled, each plaintext letter maps to a unique ciphertext letter

• For example 1, 2, 3, 4, 5, 6, 7, 8, 9

p1 = 1, 3, 5, 7, 9, 8, 6, 4, 2p1(1) = 1, p1(2) = 3, p1(3) = 5, p1(4) = 7, etc.

• Key can be used to control the permutation used to


Substitution Cipher Example

• ABCDEFGHIJKLMNOPQRSTUVWXYZ• wordabcefghijklmnpqstuvxyz

• ABCDEFGHIJKLMNOPQRSTUVWXYZ• profesinalbcdghjkmqtuvwxyz


Cryptanalysis of substitution ciphers

• Brute force attack– 26! possibilities

• Clues– Short words,– Words with repeated patterns,– Common initial and final letters, …

• Knowledge of language may simplify it– English E, T, O, A occur far more than J, Q, X, Z– Context


Cryptanalysis

• Example:wklv phvvdjh lv qrw wrr kdug wr euhdn

wrr --> see, too, add, odd, off...wr --> to, of

Best guess: w = T, r = O


Cryptanalysiswklv phvvdjh lv qrw wrr kdug wr euhdn

wrr --> see, too, add, odd, off...wr --> to, ofBest guess: w = T, r = O

lv --> so, is, in, ...

T_SO very unlikely...T_IS likelyBest guess: l = I, v = S


Cryptanalysiswklv phvvdjh lv qrw wrr kdug wr euhdn

wrr --> see, too, add, odd, off...wr --> to, ofBest guess: w = T, r = O

lv --> so, is, in, ...Best guess: l = I, v = S

wklv phvvdjh lv qrw wrr kdug wr euhdnT-IS --SS--- IS -OT TOO ---- TO -----


Avoid Regularity

Encryption Decryptionplaintext Original

plaintext

ciphertext

Non-repeating series of numbers


One-Time Pads

• Name set of sheets of paper with keys, glued into a pad

• The sender would tear off enough number of pages

• The receiver needs a pad identical to the one used by the sender


One-Time Pads (cont.)• The sender would write the keys one at a time above

the letters of the plaintext.K1 k2 k3 k4 ... Kn

p1 p2 p3 p4 ... pn

• The plaintext is enciphered using a pre-arranged chart– Vignere Tableau– all 26 letters in each column in some scrambled order– select the substitution in row pi, column Ki

• Problems:– Unlimited number of keys & Absolute

synchronization between sender and receiverCS 450/650 Fundamentals of Integrated Computer Security 26

Vernam Cipher ExamplePlaintextV E R N A M C I P H E R21 4 17 13 0 12 2 8 15 7 4 17

Random numbers76 48 16 82 44 3 58 11 60 5 48 88

Sum97 52 33 95 44 15 60 19 75 12 52 105

Sum mod 2619 0 7 17 18 15 8 19 23 12 0 1

Ciphertextt a h r s p i t x m a b


Book Ciphers• Both sender and receiver need access to identical

objects• Example: telephone book – xxx-xxx-xxxx– use xx mod 26 as a key

• Problem – High frequency letters– A, E, O, T 40% of all letters used in Standard English text– A, E, O, T, N, I 50% of all letters used in Standard English

text– The probability that the key letter and plain text letter is in

these 6 letters is 0.25


Transposition

• The letters of the message are rearranged

• Columnar transposition

• Example:THIS IS A MESSAGE TO SHOW HOW A

COLMUNAR TRANSPOSITION WORKS


Transposition Example T H I S I S A M E S S A G E T O S H O W H O W A C O L M U N A R T R A N S P O S I T I O N W O R K S

tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasna


Summary

• Maintain privacy and integrity despite adversaries

• Cryptanalysis

• Cryptosystems– Substitution– Transposition


Review Questions

• What is the process for going from plaintext to ciphertext back to plaintext?

• What is a substitution code? • Why are there 26! possible substitution codes

for simple English messages? • What is a frequency distribution analysis? • What is a transposition code? • How do secret key and public key

cryptography differ? CS 450/650 Fundamentals of Integrated Computer Security 32

Much More To Discuss...

• What makes a "good" encryption algorithm

• Data Encryption Standard (DES)– Double and Triple DES

• Advanced Encryption Standard (AES)

• Public Key Encryption– Rivest-Shamir-Adelman (RSA)


Lecture 1 Overview. Computer-Based System Hardware Software Data Vulnerability – Weakness (to be...

Documents

Transcript of Lecture 1 Overview. Computer-Based System Hardware Software Data Vulnerability – Weakness (to be...