Computer Security CSE 543
Popular in Course
Popular in Computer Science and Engineering
This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 22 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.
Reviews for Computer Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/01/15
CSE 543 Computer Security Lecture 4 Cryptography September 6 2007 URL httpwwwcsepsuedutiaeqercse543f07 Hash Algorithms Hash algorithm Compression of data into a hash value Eg hd parityd Such algorithms are generally useful in programs as used in cryptosystems Oneway computationally hard to invert h ie compute h1y where yhd Collision resistant hard to find two data x1 and x2 such that hX1 hX2 Q What can you do with these constructs m P y p7 1 r CSE543 Computer and Network Security Fall 2007 Professor Jaeger S Hash Functions mg Design a strong cryptographic hash function No formal basis Concern is backdoors MD2 Substitution based on pi MD4 MD5 Similar but complex functions in multiple passes SHA I 160bit hash Complicated function PENNSTATE Message Authentication Code MAC Authenticates integrity for data d Uses some key k and hash algorithm h To simplify mackd h kd Why does this provide integrity Cannot produce mackd unless you know k d If you could then can break h Exercise for class prove the previous statement Used in protocols to authenticate content H M A C PENNTE MAC that meets the following properties Collisionresistant Attacker cannot computer proper digest without knowing K Even if attacker can see an arbitrary number of digests Hkx Simple MAC has a flaw Block hash algorithms mean that new content can be added Turn HKm to HKmm where m is controlled by an attacker HMACK d HK HK d Attacker cannot extend MAC as above Prove it to yourself Birthday Attack quotw Abirthday attack is a name used to refer to a class of bruteforce attacks birthday paradox the probability that two or more people in a group of 23 share the same birthday is gtthan 50 General formulation function f whose output is uniformly distributed On repeated random inputs n n1 n2 nk Prni nj 12km for some 1 lt ij lt k1 ltj lt k i j Eg1236512 23 Q Why is resilience to birthday attacks important PENNSTATE Using hash values as authenticators 0 Consider the following scenario 0 Alice is a teacher who has not decided if she will cancel the next lecture 0 When she does decide she communicates to Bob the student through Mallory her evil TA She does not care if Bob shows up to a cancelled class Alice does not trust Mallory to deliverthe message 0 She and Bob use the following protocol Alice invents a secrett Alice gives Bob ht where h is a cwpto hash function If she cancels class she gives t to Mallory to give to Bob If does not cancel class she does nothing If Bob receives the token t he knows that Alice sent it I l DNA Hash Authenticators 0 Why is this protocol secure t acts as an authenticated value authenticator because Mallory could not have produced twithout inverting h Note Mallory can convince Bob that class is occurring when it is not by simply not delivering ht but we assume Bob is smart enough to come to that conclusion when the room is empty 0 What is important here is that hash preimages are good as single bit authenticators 0 Note that it is important that Bob got the original value ht from Alice directly was provany authentic I l Hash chain PENNSTATE 0 Now consider the case where Alice wants to do the same protocol only for all 26 classes the semester 0 Alice and Bob use the following protocol 1Aice invents a secrett 2Alice gives Bob H26t where H260 is 26 repeated applications of H 3 If she cancels class on day d she gives H2639Dt to Mallory eg If cancels on day 1 she gives Mallory H25t If cancels on day 2 she gives Mallory H24t If cancels on day 25 she gives Mallory H1t If cancels on day 26 she gives Malloryt 4f does not cancel class she does nothing If Bob receives the token t he knows that Alice sent it I l Hash Chain cont 0 Why is this protocol secure 0 On day d H2639dt acts as an authenticated value authenticator because Mallory could not produce t without inverting H because for any Hkt she has kgt26 d 0 That is Mallory potentially has access to the hash values for all days prior to today but that provides no information on today s value because they are all postimages of today s value Note Mallory can again convince Bob that class is occurring by not delivering H2639dt 0 Important chain of hash values are ordered authenticators 0 Important that Bob got the original value H25t from Alice directly was provany authentic I l Basic truths of cryptography PENNSTATE Cryptography is not frequently the source of security problems Algorithms are well known and widely studied Use of crypto commonly is eg WEP Vetted through crypto community Avoid any proprietary encryption Claims of new technology or perfect security are almost assuredly snake oil W y Cryptosystems Fail In practice what are the causes of cryptosystem failures Not crypto algorithms typically FAILURE WHEN YOUR BEST JUST ISN39T GOOD ENOUGH CSE543 Computer and Network Security Fall 2007 Professor Jaeger Case Study PENN ATM Systems Some public data High value information Of commercial enterprises banks have most interest in security How do they work Card with account number User provides PIN ATM Verifies that PIN corresponds to encryption of account number with PIN key offset can be used Foundation of security PIN key can obtain PIN if known and forge cards I l Simple Fraud PENN Insiders Make an extra card special ops allow debit of any acct Outsiders Shoulder surfing fake ATMs replay pay response PINs Weak entropy of PIN keys limit user PIN choices same PIN for everyone Userchosen PINs Bad Store encrypted in a file find match Encrypted on card Italy Fake ATMs Offline ATMs make several copies of card I l More Complex Issues PENNSTATE PIN key derivation Set terminal key from two shares Download PIN key encrypted under terminal key Other banks PIN keys Encrypt working keys under a zone key Reencrypt under ATM bank s working key Must keep all these keys secret 3 ix 57 Products Have Problems mg Despite well understood crypto foundations products don t always work securely Lose secrets due to encryption in software lncompatibilities borrow my terminal Poor product design Back doors enabled nonstandard crypto lack of entropy etc Sloppy operations Ignore attack attempts share keys procedures are not defined or followed Cryptanalysis sometimes Homegrown algorithmsl improper parameters cracking DES S Problems mg Systems may work in general but Are difficult to use in practice Counterintuitive Rewards aren t clear Correct usage is not clear Too many secrets ultimately Fundamentally two problems Too complex to use No way to determine if use if correct What Can We Do Anderson suggests Determine exactly what can go wrong Find all possible failure modes Put in safeguards Describe how preventions protect system Correct implementation of safeguards Implementation of preventions meets requirements Decisions left to people are small in number and clearly understood People know what to do Problems of security in general 57 Important prInCIples mg Don t design your own crypto algorithm Use standards whenever possible Make sure you understand parameter choices Make sure you understand algorithm interactions Eg the order of encryption and authentication Turns out that authenticate then encrypt is risky Be open with your design Solicit feedback Use open algorithms and protocols Open code jury is still out Building systems with cryptography PENNSTATE Use quality libraries SSLeay Iim from Lenstra Victor Shoup s library RSAREF cryptolib Find out what cryptographers think of a package before using it Code review like crazy Educate yourself on how to use library Caveats by original designer and programmer Common issues that lead to pitfalls PENNSTATE Generating randomness Storage of secret keys Virtual memory pages secrets onto disk Protocol interactions Poor user interface Poor choice of key length prime length using parameters from one algorithm in another PENNSTATL F3 A really good book on the topic The Code Book Simon Singh Anchor Books 1999
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'