Upload
others
View
38
Download
1
Embed Size (px)
Citation preview
1
Basics of Cryptography Password Security
File Security
Security Goal: Confiden3ality
q Suppose you are a customer using a credit card to order an item from a website
q Threat: - An adversary may eavesdrop on your network
communica;on, reading your messages to obtain your credit card informa;on
q Solu;on: - Encrypt your message to keep the content secret - A protocol that does so is said to provide confiden'ality
2
Security Goal: Data Integrity
q Confiden;ality is not enough q Threat:
- An adversary cannot read the contents of your encrypted message, but is s;ll able to change a few bits in it
- This may result in a valid order for, say, a completely different item or perhaps 100 units of the item
q Solu;on: - Enable the receiver to detect message tempering - A protocol that does so is said to provide data integrity
Security Goal: Authen3ca3on
q Another threat to the customer is unknowingly being directed to a false website
q Threat: - This can result from a Domain Name System aFack, in which
false informa;on is entered to locate a server - This leads to transla;ng a correct URL into the address of a
false website
q Solu;on: - Ensure that you really talk to whom you think you’re talking - A protocol that does so is said to provide authen'ca'on
3
Cryptographic Building Blocks
Crytpography q Cryptography
- The field of study related to encoded informa;on (comes from Greek word for "secret wri;ng")
q Encryp;on - The process of conver;ng plaintext into ciphertext
Decryption
plaintext message
ciphertext message
Encryption cannot be read can be read
q Decryp;on - The process of conver;ng ciphertext into plaintext
4
Basic Blocks of Cryptography q Cipher
- An algorithm used to encrypt and decrypt text
q Key - The set of parameters that guide a cipher
q Neither is any good without the other
Examples of Ciphers q Subs;tu;on cipher
- A cipher that subs;tutes one character with another - Example: Caesar cipher
Ø shiQs characters a certain number of posi;ons in the alphabet
q Transposi;on cipher - A cipher that rearranges the order of exis;ng characters in a
message in a certain way (e.g., a route cipher)
5
Caesar Cipher
A B C D E F G H I J K L M N O P Q R S T U V W X Y ZD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
q Subs;tute the leFers in the second row for the leFers in the top row to encrypt a message
q Encrypt(COMPUTER) gives FRPSXWHU q Subs;tute the leFers in the first row for the leFers in the
second row to decrypt a message q Decrypt(Encrypt(COMPUTER)) gives COMPUTER
q The key is _____________________
Transposi3on Cipher
T O D A Y+ I S + M O N D A Y
q Write the leFers in a row of five, using '+' as a blank. Encrypt by star;ng spiraling inward from the top leQ moving counter clockwise
q Encrypt(TODAY IS MONDAY) gives T+ONDAYMYADOIS+ q Decrypt by recrea;ng the grid and reading the leFers across
the row
q The key is __________________________
6
Modern Ciphers
Cipher Structure (Data Encryp;on Standard)
q The ciphers are complex, operate at the bit level
q The encryp;on key is a random string of bits
q A single bit change in the input results in a totally independent random output
q Believed to be fairly secure
Modern Ciphers q Encryp;on uses encryp'on key Ke
q Decryp;on uses decryp'on key Kd
encrypt
0110111010010001 key Ke
decrypt
1001001100111010 key Kd
The quick brown fox
plaintext
4f60ce544b43c13f1d
ciphertext
q Encryp;on and decryp;on key are related: Decrypt(Encrypt (plaintext, Ke), Kd) = plaintext
The quick brown fox plaintext
4f60ce544b43c13f1d ciphertext
7
Principles of Ciphers q Algorithm:
- should be public (inspires trust that the algorithm works)
q Key: - should be long enough to prevent breaking of the encryp;on - should be short enough to keep algorithm efficient - typical key lengths: 56-‐bit, 128-‐bit, 256-‐bit, 512-‐bit
q Symmetric key ciphers: - sender, receiver keys are iden'cal and private
q Public-‐key ciphers: - encryp;on key public, decryp;on key secret (private)
Symmetric (Private) Key Ciphers
q Same (symmetric) key used for encryp;on / decryp;on
encrypt
0110111010010001 key K
The quick brown fox 4f60ce544b43c13f1d decrypt
8
Asymmetric (Public) Key Ciphers q Sender, receiver do not share secret key q Each uses a pair of related keys (private, public) q Private decryp'on key known only to receiver q Public encryp'on key known to all
The quick brown fox encrypt
0110111010010001 key Kpublic
4f60ce544b43c13f1d
4f60ce544b43c13f1d decrypt
1001001100111010 key Kprivate
The quick brown fox
q Any text encrypted with Kpublic can be decrypted with Kprivate q Any text encrypted with Kprivate can be decrypted with Kpublic
Hash Func3ons
hash function H The quick brown fox... 85d013f4
hash function H The quick red fox... ad917c7f
q H is a one-‐way func;on that produces a message digest - One-‐way property: can’t recover m from H(m) - Possible to have H(m1) = H(m2) for m1 ≠ m2
q H(m) has fixed-‐length, regardless of the length of m
Message m Message Digest H(m)
9
How Do Digital Signatures Work?
Hey, can you send me my banking informa;on, please sign it so I
know someone isn’t lying to me!
Alice Bob
What Does Bob Do?
Alice’s Bank
Statement
Now Bob has two things to send Alice, a message and a digital signature.
Alice’s Bank
Statement 0110110110110101
1011010011010110
Hash Func;on H Digest Encrypt with
bank’s private key 0110110110110101
Signature
A digest encrypted with a private key is called a digital signature.
10
How Do Digital Signatures Work?
Hey, can you send me my banking informa;on, please sign it so I
know someone isn’t lying to me!
Alice Bob
Alice’s Bank
Statement 0110110110110101
How Does Alice Verify?
Alice’s Bank
Statement
0110110110110101
They match! So someone with Bob’s secret must have signed the document!
Signature Decrypt with bank’s public key 10110100
11010110
Digest
1011010011010110
Hash Func;on H Digest
q Issue: - what if Bob generates his own (private, public) key, then sends
the public key to Alice claiming to be the bank’s public key?
11
Authen3ca3on of Public Keys
q Algorithms to generate a matched pair of public and private keys are publicly known
q How can Alice guarantee that the public key Bob claims really belongs to Bob?
q Solu;on is the public key cer'ficate - Statement specifying the key and iden;ty - Signed by a Cer'fica'on Authority
Cer3fica3on Authority (CA)
q Trusted en;ty that issues public-‐key cer;ficates -‐ A public-‐key cer;ficate, or simply a cer'ficate, is a signed statement binding a public key to an iden;fy
q Cer;fica;on Authority -‐ Binds a public key to an en;ty and issues a cer;ficate -‐ The CA itself has a well-‐known public key -‐ The CA signs the cer;ficate with its private key
12
Public Key Infrastructure and Cer3ficates
Authenticity of public keys depends on the authenticity of CA’s public key, PKverisign Verisign’s
private key
amazon.com (subject ID) and public key
Hash function
Signature function
Sent to online customer
CA: Verisign
CA’s certificates are installed by Microsoft, Apple, Firefox, etc.
Verify Amazon’s certificate using PKverisign
q To be able to do business, amazon gets a public key cer;ficate from Verisign
q If Alice wants to shop on amazon, amazon sends its cer;ficate to Alice
q Verisign’s public key is already preinstalled in Alice’s browser
Click here for Security Info
13
Unencrypted Connec3on
Encrypted Connec3on
14
Signed by Symantec
Review: Hash Func3ons
hash function H The quick brown fox... 85d013f4
hash function H The quick red fox... ad917c7f
■ H is a one-way function that produces a message digest - One-way property: can’t recover m from H(m) - Possible to have H(m1) = H(m2) for m1 ≠ m2
■ H(m) has fixed-length, regardless of the length of m
Message m Message Digest H(m)
15
The quick brown fox... hash function 85d013f4
85d013f4 encrypt
0110111010010001 key Kprivate
a3ff369b
The quick brown fox... a3ff369b
a3ff369b decrypt
0110111010010001 key Kpublic
85d013f4
The quick brown fox... hash function 85d013f4 OK
The quick red fox...
The quick red fox... ad917c7f Bad!
digest
signature
signature digest
Review: Digital Signature
Password Security
16
Guidelines for Passwords q Easy to remember, hard to guess q Don’t use family or pet names q Don’t make it accessible q Use combina;on uppercase/lowercase leFers, digits
and special characters q Don’t leave computer when logged in q Don’t ever tell anyone q Don’t include in an email q Don’t use the same password in lots of places
Good and Bad Passwords
q Bad passwords - frank - Fido - password - 4444 - Pikachu - 102560 - Aus;nStamp
q Good Passwords? - jfIej,43j-‐EmmL+y - 09864376537263 - P0kem0N - FSa7Yago - 0nceuP0nAt1m8 - PokeGCTall150
17
How to Store Passwords?
q Where are passwords stored? - Bad idea to store passwords as plain text in a file
q But need a way to verify passwords q Cryptographic solu;on: Hash the passwords
- Store digest = Hash(password) - Password file does not reveal the passwords
- But aFacker with password file can try to guess passguess and check if digest is iden;cal to Hash(passguess)
- If yes, the aFacker has found the password!
Dic3onary ARack
q AFacker pre-‐computes Hash(x) for all x in a dic3onary of common passwords
q Suppose aFacker gets access to password file containing hashed passwords - AFacker only needs to compare hashes to his pre-‐
computed dic;onary - Same aFack will work each ;me
q Can we prevent this aFack? Or at least make aFacker’s job more difficult?
18
Dic3onary ARack vs. Brute-‐Force ARack
ü Words, phrases, common passwords
ü Further processing – replacing “hello” with “h3110”
ü Try all possible combina;ons up to a given length
ü Computa;onally more expensive
Password Cracking: Do the Math
q Assump;ons - Passwords are 8 chars, 128 choices per character - Then 1288 = 256 possible passwords
q Research presented at Password12 in Norway shows that 8-‐character passwords are no longer safe - a 25-‐GPU cluster can cycle through
350 billion guesses per second - any password can be cracked in just
5.5 hours
19
q Prepend a random string (salt) to each new password - Usually same size as the output digest
q Compute digest = Hash(salt+password) and store the pair (salt, digest) in the password file
q Note: the salt is not secret q Easy to verify password, difficult to crack q AFacker would have to recompute dic;onary hashes for each
user ⎯ lots more work!
Making Password Cracking Harder
What is Social Engineering?
*http://bash.org/?244321
q Manipula;ng a person into divulging confiden;al informa;on
20
The BoRom Line q Password cracking is too easy!
- Users choose bad passwords - Social engineering aFacks - Password cracking tools available online
q Password Crackers q Password Portal q L0phtCrack and LC4 (Windows) q John the Ripper (Unix)
q The bad guy has all of the advantages q Passwords are a big security problem
File Security
21
File Permissions q Files must be protected from unauthorized reading
and wri;ng ac;ons q Data resides in files; protec;ng files protects data q File permissions
- Read, write, and execute privileges - In Windows, change permission on the Security tab on a
file’s Proper;es dialog box - In Unix, three permission sewngs: owner; group to which
owner belongs; all other users; each sewng consist of rwx (r for reading, w for wri;ng, and x for execu;ng)
Unix File Permissions q chmod command used to change file permissions
q Example: chmod 644 filename
1 1 0 1 0 0 1 0 0