Log in to StudySoup
Get Full Access to GWU - CSCI 4531 - Study Guide - Midterm
Join StudySoup for FREE
Get Full Access to GWU - CSCI 4531 - Study Guide - Midterm

Already have an account? Login here
Reset your password

GWU / Computer science / CSCI 4531 / What is the importance of computer security?

What is the importance of computer security?

What is the importance of computer security?


School: George Washington University
Department: Computer science
Course: Computer Security
Professor: Mohamed refaei
Term: Fall 2016
Tags: Computer, Security, midterm, study, guide, biometric, and analysis
Cost: 50
Name: Midterm Study Guide
Description: This is a comprehensive study guide with all of the notes and diagrams from the course. The midterm will be based on the lecture slides and notes are allowed in the exam (no laptops or textbooks).
Uploaded: 10/16/2016
44 Pages 915 Views 4 Unlocks

yeyue1009 (Rating: )

Leslie Ogu CSCI 4531

What is the importance of computer security?

Note: This document is a compilation of all lectures discussed. There are visuals from the slide shows added for your convenience as well. The professor has noted the test will be based on the slides rather than the book. The exam will be open note, with the exception of a laptop and textbook.

Chapter 1: Overview

Computer Security:​ the protection afforded to an automated information system in order to attain the applicable objectives or preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/data, and telecommunications)

~ NIST Computer Security Handbook Definition

The CIA Triad

● Confidentiality (trying to make sure the data can only be accessed and seen by authorized entities)

What us security policy?

○ data confidentiality

○ privacy

● Integrity

○ data integrity If you want to learn more check out Who was thomas malthus?

○ system integrity

● Availability (system is accessible)

Key Security Concepts

+ Confidentiality

+ preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary We also discuss several other topics like What is exon duplication means?


+ Integrity

+ guarding against improper information modification or destruction, including ensuring information nonrepudiation (assurance that someone cannot deny something) and authenticity

+ Availability

+ ensuring timely and reliable access to and use of information

Computer Security Challenges

What is a cryptographic attack?

- Computer security is not as simple as it might first appear to the novice

- Attackers only need to find a single weakness, the developer needs to find all weaknesses

- Potential attacks on the security features must be considered

- Security requires regular and constant monitoring

- Is often an afterthought to be incorporated into a system after the design is complete

- Physical and logical placement needs to be determined

- Procedures used to provide particular services are often counterintuitive If you want to learn more check out How are electrons passed down the energy hill?

Lax Security is also good business:

+ Cheaper cost of deploying software

+ Private information for marketing

+ Selling anti-virus & security products

+ Cleaning up incidents

+ Few benefit from secure computers We also discuss several other topics like What is the meaning of ventricular balance?


● Adversary​ (threat agent): an entity that attacks, or is a threat, to a system ● Attack:​ an assault on a system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system

● Countermeasure:​ an action, device, procedure, or technique that reduces a threat, vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken

● Risk:​ an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result

● Security Policy:​ a set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources

● Security Resource (Asset):​ data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (i.e., a system component - hardware, firmware, software, or documentation); or a facility that houses system operations and equipment We also discuss several other topics like Population ecology refers to what?

● Threat:​ a potential violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability

● Vulnerability:​ a flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy

Asset v. Threat v. Vulnerability v. Risk

● Asset​ is what you are trying to protect

● Threat​ is what you are trying to protect against

● Vulnerability​ is a weakness or a gap in security

● Risk​ is the intersection of all three: loss or damage to an asset as a result of a threat exploiting a vulnerability

Vulnerabilities, Threats and Attacks

- Categories of vulnerabilities

- Corrupted (loss of integrity)

- Leaky (loss of confidentiality)

- Unavailable or very slow (loss of availability)

- Threats

- Capable of exploiting vulnerabilities

- Represent potential security harm to an asset

- Attacks (threats carried out)

- Passive:​ does not affect system resources

- Active:​ attempt to alter system resources or affect their operation - Insider:​ initiated by an entity inside the security parameter If you want to learn more check out Direct democracy refers to what?

- Outsider:​ initiated from outside the perimeter


+ Prevention

+ Detection

+ Recover

+ You hear about attacks because prevention failed and there was something detected

+ These are all means used to deal with security attacks

+ May introduce new vulnerabilities

Threat Consequences

- Unauthorized Disclosure:​ a circumstance or event whereby an entity gains access to data for which the entity is not authorized

- Threat Action (attack)

- Exposure:​ sensitive data are directly related to an unauthorized entity

- Interception:​ an unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations

- Inference:​ a threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or

byproducts of communications

- Intrusion:​ an unauthorized entity gains access to sensitive data by circumventing a system’s security protections

- Deception:​ a circumstance or event that may result in an authorized entity receiving false data and believing it to be true

- Threat Action (attack) 

- Masquerade:​ an unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity

- Falsification:​ false data deceive an authorized entity

- Repudiation:​ an entity deceives another by falsely denying

responsibility for an act

- Disruption:​ a circumstance or event that interrupts or prevents the correct operation of system services and functions

- Threat Action (attack) 

- Incapacitation:​ prevents or interrupts system operation by

disabling a system component

- Corruption:​ undesirably alters system operation by adversely

modifying system functions or data

- Obstruction:​ a threat that interrupts delivery of system services by hindering system operation

- Usurpation:​ a circumstance or event that results in control of system services or functions by an unauthorized entity

- Threat Action (attack) 

- Misappropriation:​ an entity assumes unauthorized logical or

physical control of a system resource

- Misuse:​ causes a system component to perform a function or

service that is determined to system security

Passive and Active Attacks

● Passive attacks​ attempt to learn or make use of information from the system but does not affect system resources

○ eavesdropping/monitoring transmissions

○ difficult to detect

○ emphasis is on prevention rather than detection

○ two types:

■ release of message contents

■ traffic analysis

● Active attacks​ involve modification of the data stream

○ goal is to detect them and recover

○ Four Categories:

■ masquerade

■ replay

■ modification of messages

■ denial of service

Security Functional Requirements

+ Functional areas that primarily require computer security technical measures include:

+ access control

+ identification and authentication

+ system and communication protection

+ system and information integrity

+ Functional areas that primarily require management controls and procedures include:

+ awareness and training

+ audit and accountability

+ certification, accreditation, and security assessments

+ contingency planning

+ maintenance

+ physical and environmental protection

+ planning

+ personnel security

+ risk assessment

+ systems and services acquisition

+ Functional areas that overlap computer security technical measures and management controls include:

+ Configuration management

+ Incident response

Computer Security Strategy

+ Specification / Policy

+ What is the security scheme supposed to do?

+ Implementation / Mechanisms

+ How does it do it?

+ Correctness / Assurance

+ Does it really work?

Security Policy

● Def:​ formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources

● Factors to consider:

○ Value of the assets being protected

○ Vulnerabilities of the system

○ Potential threats and the likelihood of attacks

● Involves four complementary courses of action:

○ Ease of use versus security

○ Cost of security versus cost of failure and recovery

Security Implementation

+ Involves Four Complementary Courses of Action:

+ Detection

+ Intrusion detection systems

+ Detection of denial of service attacks

+ Response

+ Upon detection, being able to halt an attack and prevent further damage

+ Recovery

+ Use of backup systems

+ Prevention

+ Secure encryption algorithms

+ Prevent unauthorized access to encryption keys

Assurance and Evaluation

● Assurance: ​the degree of confidence one has that the security measures work as intended to protect the system and the information it processes ○ Encompasses both system design and system implementation ● Evaluation:​ process of examining a computer product or system with respect to certain criteria

○ Involves testing and formal analytic or mathematical techniques

Chapter 2: Encryption

Symmetric Encryption

+ The universal technique for providing confidentiality for transmitted or stored data + Also referred to as conventional encryption or single-key encryption + Two requirements to use:

+ Need a strong encryption algorithm

+ Sender and receiver must have obtained copies of the secret key in a secure fashion and and must keep the key secure

+ Only alternative before public-key encryption in 1970’s

+ Still most widely used alternative

+ 5 Ingredients

+ Plaintext

+ Encryption algorithm

+ Secret key

+ Ciphertext

+ Decryption algorithm

+ Process:

+ Plaintext input has encryption algorithm implemented on it

+ There is a secret key shared by sender and recipient and is used in encryption

+ The now ciphertext is transmitted to the recipient and they use their decryption algorithm, along with the shared key, to convert it back to plaintext

Attacking Symmetric Encryption

- Cryptanalytic Attacks

- Rely on:

- Nature of the algorithm

- Some knowledge of the general characteristics of the plaintext

- Same sample plaintext-ciphertext pairs

- Exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or the key being used

- ** If successful, all future and past messages encrypted with that key are compromised **

- Brute-Force Attack

- Try all possible keys on some ciphertext until an intelligible translation into plaintext is obtained

- On average, half of all possible keys must be tried to achieve


Data Encryption Standard (DES)

+ The most widely used encryption scheme


+ Referred to as the Data Encryption Algorithm (DEA)

+ Uses 64-bit plaintext block and 56-bit key to produce a 64-bit ciphertext block

- Strength concerns:

- Concerns about algorithm:

- DES is the most studied encryption algorithm in existence

- Use of 56-bit key

- Electronic Frontier Foundation (EFF) announced in July 1998 that it had broken a DES encryption

Triple DES (3DES)

+ Repeats basic DES algorithm three times using either 2 or 3 unique keys (** attacker must break all three **)

+ First standardized for use in financial applications in ANSI standard X9.17 in 1985

+ Attractions:

+ 168-bit key length overcomes the vulnerability to brute-force attack on DES

+ Underlying encryption algorithm is the same as in DES

- Drawbacks

- Algorithm is sluggish in software

- Uses a 64-bit block size

Advanced Encryption Standard (AES)

+ Needed a replacement for 3DES

+ 3DES wasn’t reasonable for long-term use

+ NIST called for proposal for a new AES in 1997

+ Should have a security strength equal to or better than 3DES + Significantly improved efficiency

+ Symmetric block cipher

+ 128-bit data and 128/192/256-bit keys

+ Selected Rijndael in November 2001

+ Published as FIPS 197

Practical Security Issues

- Typically, symmetric encryption is applied to a unit of data larger than a single 64-bit or 128-bit block

- Electronic codebook (ECB) mode is the simplest approach to multiple-block encryption

- Each block of plaintext is encrypted using the same key

- Cryptanalysis may be able to exploit regularities in the plaintext - Modes of Operation

- Alternative techniques developed to increase the security of symmetric block encryption for large sequences

- Overcomes the weaknesses of ECB

(Refer to slides for diagram of different kinds of symmetric encryption) Block & Stream Ciphers

● Block Cipher

○ Processes the input one block of elements at a time

○ Produces an output block for each input block

○ Can reuse keys

○ More common

● Stream Cipher

○ Processes the input elements continuously

○ Produces output one element at a time

○ Primary advantage is that they are almost always faster and use far less code

○ Encrypts plaintext one byte at a time

○ Pseudorandom stream is one that is unpredictable without knowledge of the input key

Message Authentication

+ Protects against active attacks

+ Verifies message is authentic

+ Contents have not been altered

+ From authentic source

+ Timely and in correct sequence

+ Can use conventional encryption

+ Only sender and receiver share a key

(Refer to slides for diagram of how messages are authenticated) + Typically, hashing is used on messages

Hash Function Requirements

● Can be applied to a block of data of any size

● Produces a fixed-length output

● H(x) is relatively easy to compute for any givenx

● One-way or pre-image resistant

○ Computationally infeasible to find x such that H(x) = h

● Computationally infeasible to find y =/ x such that H(y) = H(x) ● Collision resistant or strong collision resistance

○ Computationally infeasible to find any pair (x,y) such that H(x) = H(y) ○ ** What makes a hash bad is if it’s predictable ** So if there is some relation between x and y, then that’s bad

Security of Hash Functions

● There are two approaches to attacking a secure hash function: ○ Cryptanalysis

■ Exploit logical weaknesses in the algorithm

○ Brute-force Attack

○ Strength of hash function depends on the length of the hash code produced by the algorithm

● SHA most widely used hash algorithm

● Additional secure hash function applications:

○ Passwords

■ Hash of a password is stored by an operating system

○ Intrusion detection

■ Store H(F) for each file on a system and secure the hash values

Public-Key Encryption Structure

● Publicly proposed by Diffie and Hellman in 1976

● Based on mathematical functions

● Asymmetric

○ Uses two separate keys

○ Public key and private key

○ Public key is made public for others to use

● Some form of protocol is needed for distribution

● Terminology

○ Plaintext

■ Readable message or data that is fed into the algorithm as input ○ Encryption algorithm

■ Performs transformations on the plaintext

○ Public and private key

■ Pair of keys, one for encryption, one for decryption

○ Ciphertext

■ Scrambled message produced as output

○ Decryption key

■ Produces the original plaintext

● Process (depicted in figure on slides)

○ User encrypts data using his or her own private key

○ Anyone who knows the corresponding public key will be able to decrypt the message

Requirements for Public-Key Cryptosystems

● Computationally easy to create key pairs

● Useful if either can be used for each role

● Computationally infeasible for opponent to otherwise recover original message ● Computationally easy for receiver knowing private key to decrypt ciphertext ● Computationally easy for sender knowing public key to encrypt messages ● Computationally infeasible for opponent to determine private key from public key

Asymmetric Encryption Algorithms

+ RSA (Rivest, Shamir, Adleman)

+ Developed in 1977

+ Most widely accepted and implemented approach to public-key encryption + Block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n

+ Diffie-Hellman Key Exchange Algorithm

+ Enables two users to secretly reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages

+ Limited to the exchange of keys

+ Digital Signature Standard (DSS)

+ Provides only a digital signature function with SHA-1

+ Cannot be used for encryption or key exchange

+ Elliptic Curve Cryptography (ECC)

+ Security like RSA, but with much smaller keys

Digital Signatures

● Used for authenticating both source and data integrity

● Created by encrypting hash code with private key

● Does not provide confidentiality

○ Even in the case of complete encryption

○ Message is safe from alteration but not eavesdropping

Digital Envelopes

● Protects a message without needing to first arrange for sender and receiver to have the same secret key

● Equates to the same thing as a sealed envelope containing an unsigned letter

Random Numbers

● Uses include generation of:

○ Keys for public key algorithms

○ Stream key for symmetric stream cipher

○ Symmetric key for use as a temporary session key or in creating a digital envelope

○ Handshaking to prevent replay attacks

○ Session key

● Requirements:

○ Randomness

■ Criteria:

● Uniform distribution

○ Frequency of occurrences of each of the numbers

should be approximately the same

● Independence

○ No one value in the sequences can be inferred from

the others

○ Unpredictability

■ Criteria:

● Each number is statistically independent of other numbers in


● Opponent should not be able to predict future elements of

the sequence on the basis of earlier elements

Random v. Pseudorandom

● Cryptographic applications typically make use of algorithmic techniques for random number generation

○ Algorithms are deterministic, and therefore produce sequences of numbers that are not statistically random

● Pseudorandom numbers are:

○ Sequences produced that satisfy statistical randomness tests

○ Likely to be predictable

● True random number generator (TRNG):

○ Uses a nondeterministic source to produce randomness

○ Most operate by measuring unpredictable, natural processes

■ E.g., radiation, gas discharge, leaky capacitors

○ Increasingly provided on modern processors

Practical Application: Encryption of Stored Data (visual on slides) Chapter 20: Symmetric Encryption and Message Confidentiality

Symmetric Encryption

● Also referred to as:

○ Conventional encryption

○ Secret-key or single-key encryption

● Only alternative before public-key encryption in 1970’s

○ Still most widely used alternative

● Has 5 ingredients:

○ Plaintext

○ Encryption algorithm

○ Secret key

○ Ciphertext

○ Decryption algorithm


● Classified along three independent dimensions:

○ The type of operations used for transforming plaintext to ciphertext

■ Substitution:​ each element in the plaintext is mapped into another element

■ Transposition:​ elements in plaintext are rearranged

○ The number of keys used

■ Sender and receiver use some key - symmetric

■ Sender and receiver each use a different key - asymmetric

○ The way in which the plaintext is processed

■ Block Cipher:​ processes one input block of elements at a time ■ Stream Cipher:​ processes the input elements continuously

Transposition Cipher Example (on slide)

Columnar Transposition

• Write the message in a rectangle

• Example:

Key: 4312567

4 3 1 2 5 6 7


a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z


● Detecting

○ Single letter frequencies match English frequencies,

○ Two or more letter frequencies do not

Substitution Ciphers

● Change characters in plaintext to produce ciphertext

● Example (Caesar Cipher)

○ Use a left shift of k to protect messages

○ Plaintext is HELLO WORLD

○ k=3; Change each letter to the third letter following it (X goes to A), Y to B, Z to C

○ Ciphertext is KHOOR ZRUOG

● How to break it? Brute Force 

○ Ciphertext: phhw ph diwhu wkh wrjd sduwb

○ This is only possible because:

■ The encryption / decryption algorithm is known

■ The small key space 

■ The plaintext language is known

● How to break it? Statistical Attack 

○ Susceptible to statistical attacks

○ Statistical correlation function, OR

■ Find letter that has the highest frequency

■ Assume “e”

■ Find the distance from “e”

■ Decipher the rest of the message using distance as a key

● Possible direction for improvement

○ Make key longer

■ Key space??

■ Does that solve the statistically exposed language statistics problem?

○ Allow for arbitrary substitution

■ Key space??

■ Does that solve the statistically exposed language statistics problem?

○ Multiple letters in a key

■ A cipher is polyalphabetic if the key has several different letters ■ A cipher is monoalphabetic if the key has one letter

Vigenère Cipher

● Pronounced “vedj-ih-nair”

● Like Caesar cipher, but use a string for key

● Example:


○ Key: VIG (21,8,6)

○ Encipher using Caesar cipher for each letter:




○ Target Cipher (visual in slide)

○ Attack the Cipher by Recognizing repetitions

■ Notice cipher

● T H E B O Y H A S T H E B A L L

● O P K W W E C I Y O P K W I RG

● V I G V I G V I G V I G V I G V ⇐corresponding key

■ (Visual representations in slide)

■ Since the distance from the beginning of the key to the beginning of its repetition is 9, the key has to be a factor of that distance (1, 3, or 9)

One-Time Pad

● A Vigenère cipher with:

○ A random key at least as long as the message

○ Encrypts/decrypts a single message

● Ciphertext is random and bears no statistical relationship to plaintext ● ** Provably unbreakable ** (Examples in slides)

● In practice:

○ Making large quantities of truly random keys

○ Key distribution and protection

■ For every message, an equally long key needs to be sent to the receiver

○ Hence, mechanism is of limited utility

Rotor Machines

Type of Attack

Known to Cryptanalyst

Ciphertext only

● Encryption algorithm

● Ciphertext to be decoded

Known plaintext

● Encryption algorithm

● Ciphertext to be decoded

● One or more plaintext-ciphertext pairs formed with the secret key

Chosen plaintext

● Encryption algorithm

● Ciphertext to be decoded

● Plaintext message chosen by cryptanalyst, together with its corresponding ciphertext

generated with the secret key

Chosen ciphertext

● Encryption algorithm

● Ciphertext to be decoded

● Purported ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Chosen text

● Encryption algorithm

● Ciphertext to be decoded

● Plaintext message chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Computationally Secure Encryption Schemes

+ Encryption is computationally secure if:

+ Cost of breaking cipher exceeds value of information

+ Time required to break cipher exceeds the useful lifetime of the information

+ Usually very difficult to estimate the amount of effort required to break + Can estimate time/cost of a brute-force attack

Block Cipher Structure

+ Symmetric block cipher consists of:

+ A sequence of rounds

+ With substitutions and permutations by key

+ Parameters and design features:

Block Size ⇒ Key Size ⇒ Number of Rounds ⇒ Subkey Generation Algorithm ⇒ Round Function ⇒ Fast Software Encryption / Decryption ⇒ Ease of Analysis

Data Encryption Standard (DES)

+ Most widely used encryption scheme

+ Adopted in 1977 by National Bureau of Standards (now NIST)


+ Algorithm is referred to as the Data Encryption Algorithm (DEA)

+ Minor variation of the Feistel network


AES Inverse S-Box


+ U.S. FIPS PUB 197

+ Block Cipher

+ Three different sizes: 128, 192, 256

+ 10 rounds

+ S-Boxes (Substitution Boxes)

Mix Columns and Add Key

+ Mix columns

+ Operates on each columns individually

+ Mapping each byte to a new value that is a function of all four bytes in the column

+ Use of equations over finite fields

+ To provide good mixing of bytes

+ Add round key

+ Simply XOR state with bits of expanded keys

+ Security from complexity of round key expansion and other stages of AES

Stream Ciphers

Processes input elements continuously ⇒ Key input to a pseudorandom bit generator ● Produces stream of random like numbers

● Unpredictable without knowing input key

● XOR keystream output with plaintext bytes

Electronic Codebook (ECB)

● Simplest mode

● Plaintext is handled b bits at a time and each block is encrypted using the same key ● “Codebook” because has unique ciphertext value for each plaintext block ○ Not secure for long messages since repeated plaintext is seen in repeated ciphertext

● To overcome security deficiencies, you need a technique where the same plaintext block, if repeated, produces different ciphertext blocks

s-bit Cipher Feedback (CFB) Mode

Counter (CTR) Mode

Key Distribution

● The means of delivering a key to two parties that wish to exchange data without allowing others to see the key

● Two parties (A & B) can achieve this by:

1. A key could be selected by A and physically delivered to B

2. A third party could select the key and physically deliver it to A and B

3. If A and B have previously and recently used a key, one party could transmit the new key to the other, encrypted using the old key

4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B

Chapter 21: Public-Key Encryption and Message Authentication

Secure Hash Algorithm

● SHA was originally developed by NIST

● Published as FIPS 180 in 1993

● Was revised in 1995 as SHA-1

○ Produces 160-bit hash values

● NIST issued revised FIPS 180-2 in 2002

○ Adds 3 additional versions of SHA

○ SHA-256, SHA-384, SHA-512

○ With 256 / 384 / 512-bit hash values

○ Same basic structure as SHA-1 but greater security

● In 2005, NIST announced the intention to phase out approval of SHA-1, and move to a reliance on the other SHA version by 2010

Message Digest Generation Using SHA-512

SHA-512 Processing of a Single 1024-Bit Block


● SHA-2 shares same structure and mathematical operations as its predecessors and causes concern

● Due to time required to replace SHA-2 should it become vulnerable, NIST announced in 2007 a competition to produce SHA-3

● Requirements:

○ Must support hash value lengths of 224, 256, 384, and 512 bits ○ Algorithm must process small blocks at a time instead of requiring the entire message to be buffered in memory before processing it


● Interest in developing a MAC derived from a cryptographic hash code ○ Cryptographic hash functions generally execute faster

○ Library code is widely available

○ SHA-1 was not designed for use as a MAC because it does not rely on a secret key

○ Issued as RFC2014

○ Has been chosen as the mandatory-to-implement MAC for IP security ■ Used in other Internet protocols such as Transport Layer Security (TLS) and Secure Electronic Set (SET)

HMAC Design Objectives

● To use, without modifications, available hash functions

● To preserve the original performance of the hash function without incurring a significant degradation

● To use and handle keys in a simple way

● To have a well-understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions on the embedded hash function

● To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required

Security of HMAC

● Security depends on the cryptographic strength of the underlying hash function ● For a given level of effort on messages generated by a legitimate user and seen by attacker, the probability of successful attack on HMAC is equivalent to one of the following attacks on the embedded hash function:

○ Either attacker computes output even with random secret IV

■ Brute force key (O(2 ), or use birthday attack n 

○ Or attacker finds collisions in hash function even when IV is random and secret

■ Ie. find M and M’ such that H(M) = H(M’)

■ Birthday attack O(2n/2)

■ MD5 secure in HMAC since only observe

RSA Public-Key Encryption

● By Rivest, Shamir and Adleman of MIT in 1977

● Best known and widely used public-key algorithm

● Uses exponentiation of integers modulo a prime


● Encrypt: C = C = M mod n

d =e d =

● Decrypt: M = C mod n (M ) mod n M

● Both sender and receiver know values of n and e

● Only receiver knows value of d

● Public-key encryption algorithm with public key PU = {e,n} and private key PR = {d,n}

The RSA Algorithm

+ Key Generation

+ Select p, q p and q are both prime, p =/ q + Calculate n = p x q

+ Calculate Φ(n) = (p − 1)(q − 1)

+ Select integer e gcd(Φ(n), e) = 1; 1 < e < Φ(n) + Calculate d de mod Φ(n) = 1

+ Public key KU = {e,n}

+ Private key KR = {d,n}

+ Encryption

+ Plaintext: M < n


+ Ciphertext: C = M (mod n)

+ Description

+ Ciphertext: C


+ Plaintext: M = C (mod n)

Security of RSA

● Brute Force

○ Involves trying all possible private keys

● Mathematical Attacks

○ There are several approaches, all equivalent in effort to factoring the product of two primes

● Timing Attacks

○ These depend on the running time of the decryption algorithm ● Chosen Ciphertext Attacks

○ This type of attack exploits properties of the RSA algorithm

Diffie-Hellman Key Exchange

● First published public-key algorithm ***

● By Diffie and Hellman in 1976 along with the exposition of public key concepts ● Used in a number of commercial products

● Practical method to exchange a secret key securely that can then be used for subsequent encryption of messages

● Security relies on difficulty of computing discrete algorithms

The Diffie-Hellman Key Exchange Algorithm Diffie-Hellman Key Exchange

Man-in-the-Middle Attack

- Attack is:

1. Darth generates private keys X(D1) and X(D2), and their public keys Y(D1) and Y(D2)

2. Alice transmits Y(A) to Bob

3. Darth intercepts Y(A) and transmits Y(D1) to Bob. Darth also calculates K2

4. Bob receives Y(D1) and calculates K1

5. Bob transmits X(A) to Alice

6. Darth intercepts X(A) and transmits Y(D2) to Alice. Darth calculates K1 7. Alice receives Y(D2) and calculates K2

- All subsequent communications compromised

Other Public-Key Algorithms

+ Digital Signature Standard (DSS)

+ FIPS PUB 186

+ Makes use of SHA-1 and the Digital Signature Algorithm (DSA) + Originally proposed in 1991, revised in 1993 due to security concerns, and another minor revision in 1996

+ Cannot be used for encryption or key exchange

+ Used an algorithm that is designed to provide only the digital signature function

+ Elliptic-Curve Cryptography (ECC)

+ Equal security for smaller bit size than RSA

+ Seen in standards such as IEEE P1363

+ Confidence level in ECC is not yet as high as that in RSA

+ Based on mathematical construct known as elliptic curve

Chapter 3: User Authentication

RFC 4949

● RFC 4949 defines user authentication as: “The process of verifying an identity claimed by or for a system entity”

Authentication Process

● Fundamental building block and primary line of defense

● Basis for access control and user accountability

● Identification Step

○ Presenting an identifier to the security system

● Verification Step

○ Presenting or generating authentication information that corroborates the binding between the entity and the identifier

The four means of authenticating user identity based on:

● Something the individual knows

○ Password, PIN, answers to prearranged questions

● Something the individual possesses (token)

○ Smartcard, electronic keycard, physical key

● Something the individual is (static biometrics)

○ Fingerprint, retina, face

● Something the individual does (dynamic biometrics)

○ Voice pattern, handwriting, typing rhythm

○ ** This is dynamic because it varies **

Risk Assessment for User Authentication

● There are 3 separate concepts:

○ Assurance Level

○ Potential Impact

○ Areas of Risk

Assurance Level

+ Describes an organization’s degree of uncertainty that a user has presented a credential that refers to his or her identity

+ More specifically is defined as:

+ The degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued

+ The degree of confidence that the individual who uses the credential is the individual to whom the credential was issued

+ Four Levels of Assurance:

+ Level 1: Little or no confidence in the asserted identity’s validity + Level 2: Some confidence in the asserted identity’s validity

+ Level 3: High confidence in the asserted identity’s validity

+ Level 4: Very high confidence in the asserted identity’s validity

Potential Impact

+ FIPS 199 defines the 3 levels of potential impact on organizations or individuals should there be a breach of security:

+ Low

+ An authentication error could be expected to have a limited adverse effect on organizational operations, organizational assets, or


+ Moderate

+ An authentication error could be expected to have a serious,

adverse effect

+ High

+ An authentication error could be expected to have a severe, or

catastrophic, adverse effect

Password Authentication

+ Widely used line of defense against intruders

+ Users provide name/login and password

+ System compares password with the one stored for that specific login + The user ID:

+ Determines that the user is authorized to access the system

+ Determines the user’s privileges

+ Is used in discretionary access control

Password Vulnerabilities

- Offline dictionary attack

- Specific account attack

- Popular password attack

- Password guessing against single user

- Workstation hijacking

- Exploring user mistakes

- Exploiting multiple password use

- Electronic monitoring

There is a diagram on hashing and salt in the slides

● The salt is something randomly generated (could be anything - letters, numbers, characters, etc - that is added to the hash to make something more secure)

UNIX Implementation

● Original Scheme

○ Up to eight printable characters in length

○ 12-bit salt used to modify DES encryption into a one-way hash function ○ Zero value repeatedly encrypted 25 times

○ Output translated to 11 character sequence

● Now regarded as inadequate

○ Still often required for compatibility with existing account management software or multivendor environments

Improved Implementations

+ Much stronger hash / salt schemes available for Unix

+ Recommended hash function is based on MD5

+ Salt of up to 48-bits

+ Password length is unlimited

+ Produces 128-bit hash

+ Uses an inner-loop with 1000 iterations to achieve slowdown

+ OpenBSD uses Blowfish block cipher based hash algorithm called Bcrypt + Most secure version of Unix hash / salt scheme

+ Uses 128-bit salt to create 192-bit hash value

Password Cracking

- Dictionary Attacks

- Develop a large dictionary of possible passwords and try against the password file

- Each password must be hashed using each salt value and then compared to stored hash values

- Password Crackers exploit the fact people choose easily guessable password - Shorter password lengths are easier to crack

- Rainbow Table Attacks

- Pre-compute tables of hash values for all salts

- A mammoth table of hash values

- Can be countered by using a sufficiently large salt value and a sufficiently large hash length

- John the Ripper

- Open-source password cracker first developed in 1996

- Uses a combination of brute-force and dictionary techniques

Password Resilience to Cracking

+ Define a metric of how well the system can withstand dictionary attacks + Could be function of time

+ Anderson’s formula

+ Information Security in a Multi-User Computing Environment, Advances in computers in 1972

+ We want to estimate P, where P is the probability of guessing a password in specified period of time given:

+ G number of guesses tested in 1 time unit

+ T number of time units

+ N number of possible passwords (| A |)


+ We can estimate: P ≥ N 


• Passwords drawn from a 96-char alphabet

• Can test 104 guesses per second

• Probability of a success to be 0.5 over a 365 day period

• What is minimum password length?

• Solution

● N ≥ TG/P = (365×24×60×60)×104/0.5 = 6.31×1011

● Choose s such that 96j ≥ 6.31 ×1011

● So j ≥ 5.95, meaning passwords must be at least 6 chars long

Modern Approaches

+ Complex password policy

+ Forcing users to pick stronger passwords

+ However, password-cracking techniques have also improved:

+ The processing capacity available for password cracking has increased dramatically

+ A PC running a single AMD Radeon HD7970 GPU, for instance, can try an average 8.2 * 109 password combinations each second

+ The use of sophisticated algorithms to generate potential passwords + Studying examples and structures of actual passwords in use

Password File Access Control

+ Can block offline guessing attacks by denying access to encrypted passwords + Make available only to privileged users

+ Shadow password file

+ Vulnerabilities

+ Weakness in the OS that allows access to the file

+ Accident with permissions making it readable

+ Users with same password on other systems

+ Access from backup media

+ Sniff passwords in network traffic

Password Selection Strategies

● User education

○ Users can be told the importance of using hard to guess passwords and can be provided with guidelines for selecting strong passwords

● Computer generated passwords

○ Users have trouble remembering them

● Reactive password checking

○ System periodically runs its own password cracker to find guessable passwords

● Complex password policy

○ User is allowed to select their own password; however, the system checks to see if the password is allowable, and if not, rejects it

○ Goal is to eliminate guessable passwords while allowing the user to select a password that is memorable

Proactive Password Checking

● Password Cracker

○ Compile a large dictionary of passwords not to use

● Rule Enforcement

○ Specific rules passwords must adhere to

● Bloom Filter

○ Used to build a table based on dictionary using hashes ○ Check desired password against table

Bloom Filters

● Filter of order k has k independent hash functions ○ H (x), = i = k i 1 < <

○ Each hash function maps x to a value [0, N-1]

● Given a dictionary of D words

● A table T of 1 x N is defined

○ T(N) is value of column N

● For each given word w in the dictionary D, calculate ○ w H (w), 1 = i = k i = i < <

○ Set T(w )i = 1

Bloom Filters Example in Slides

• K = 3

• H1, H2, H3 == > [0, 99]

• N = 100

• T(N) = {0, 0, 0, .. 0}

• |D| =3: d1, d2, d3

• For d1

o 2 = H1(d1) ==> T(2)= 1

o 5 = H2(d1) ==> T(5)= 1

o 90 = H3(d1) ==> T(90)= 1

• For d2

o 2 = H1(d2)

o 15 = H2(d2) ==> T(15)= 1

o 9 = H3(d2) ==> T(9)= 1

• For d3

o 21 = H1(d3) ==> T(21)= 1

o 51 = H2(d3) ==> T(51)= 1

o 77 = H3(d3) ==> T(77)= 1

Memory Cards

● Can store but do not process data

● The most common is the magnetic stripe card

● Can include an internal, electronic memory

● Can be used alone for physical access

○ Hotel Room


● Provides significantly greater security when combined with with a password or PIN

● Drawbacks of memory include:

○ Requires a special card reader

○ Loss of token

○ User dissatisfaction

Smart Tokens

● Physical Characteristics

○ Include an embedded microprocessor

○ A smart token that looks like a bank card

○ Can look like calculators, keys, small portable objects

● Interface

○ Manual interfaces include a keypad and display for interaction ○ Electronic interfaces communicate with a compatible reader / writer ● Authentication Protocol

○ Classified into 3 categories:

■ Static

■ Dynamic password generator

■ Challenge-response

Smart Cards

● Most important category of a smart token

○ Has appearance of a credit card

○ Has an electronic interface

○ May use any of the smart token protocols

● Contain:

○ An entire microprocessor

■ Processor

■ Memory

■ I/O Ports

● Typically include 3 types of memory:

○ Read-only memory (ROM)

■ Stores data that does not change during the card’s life

○ Electronically erasable programmable ROM (EEPROM)

■ Holds application data and programs

○ Random Access Memory (RAM)

■ Holds temporary data generated when applications are executed

Biometric Authentication

● Attempts to authenticate an individual based on unique physical characteristics ● Based on pattern recognition

● Is technically complex and expensive when compared to passwords and tokens ● Physical characteristics include:

○ Facial characteristics

○ Fingerprints

○ Hand geometry

○ Retinal pattern

○ Iris

○ Signature

○ Voice

Remote User Authentication

● Authentication over a network, the Internet, or a communications link is more complex

● Additional security threats such as:

○ Eavesdropping, capturing a password, replaying an authentication sequence that has been observed

● Generally rely on some form of a challenge-response protocol to counter threats Table of Potential Attacks, Susceptible Authenticators, and Typical Defenses

Authentication Security Issues

- Eavesdropping

- Adversary attempts to learn the password by some sort of attack that involves the physical proximity of the user and adversary

- Denial-of-Service

- Attempts to disable a user authentication service by flooding the service with numerous authentication requests

- Host Attacks

- Directed at the user file at the host where passwords, token passcodes, or biometric templates are stores

- Trojan Horse

- An application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric

- Client Attacks

- Adversary attempts to achieve user authentication without access to the remote host or the intervening communications path

- Replay

- Adversary repeats a previously captured user response

Chapter 4: Access Control

Access Control Principles

● RFC 4949 defines computer security as:

○ “Measures that implement and assure security services in a computer system, particularly those that assure access control service”

Access Control Policies

● Discretionary Access Control (DAC)

○ Controls access based on the identity of the requestor and on access rules (authorizations), starting with what requestors are (or are not) allowed to do

● Mandatory Access Control (MAC)

○ Controls access based on comparing security labels with security clearances

● Role-Based Access Control (RBAC)

○ Controls access based on the roles that users have within the system and on rules starting what accesses are allowed to users in given roles ● Attribute-Based Access Control

○ Controls access based on attributes based on attributes of the user, the resource to be accessed, and current environmental conditions

Subjects, Objects, and Access Rights

● Subjects

○ An entity capable of accessing objects

○ Three classes:

■ Owner

■ Group

■ World

● Object

○ A resource to which access is controlled

○ Entity used to contain and / or receive information

● Access Right

○ Describes the way in which a subject may access an object

○ Could include:

■ Read

■ Write

■ Execute

■ Delete

■ Create

■ Search

Discretionary Access Control

● Scheme in which an entity may enable another entity access some resource ● Often provided using an access matrix

○ One dimension consists of identified subjects that may attempt data access to resources

○ The other dimension lists the objects that may be accessed

● Each entry in the matrix indicates access rights of a particular subject for a particular object

Page Expired
It looks like your free minutes have expired! Lucky for you we have all the content you need, just sign up here