21
1 Basics of Cryptography Password Security File Security Security Goal: Confiden3ality Suppose you are a customer using a credit card to order an item from a website Threat: - An adversary may eavesdrop on your network communica;on, reading your messages to obtain your credit card informa;on Solu;on: - Encrypt your message to keep the content secret - A protocol that does so is said to provide confiden’ality

Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

  • Upload
    others

  • View
    38

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

1

Basics of Cryptography Password Security

File Security

Security  Goal:  Confiden3ality  

q  Suppose  you  are  a  customer  using  a  credit  card  to  order  an  item  from  a  website    

q  Threat:    -  An  adversary  may  eavesdrop  on  your  network  

communica;on,  reading  your  messages  to  obtain  your  credit  card  informa;on  

q  Solu;on:    -  Encrypt  your  message  to  keep  the  content  secret  -  A  protocol  that  does  so  is  said  to  provide  confiden'ality  

Page 2: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

2

Security  Goal:  Data  Integrity  

q  Confiden;ality  is  not  enough  q  Threat:    

-  An  adversary  cannot  read  the  contents  of  your  encrypted  message,  but  is  s;ll  able  to  change  a  few  bits  in  it    

-  This  may  result  in  a  valid  order  for,  say,  a  completely  different  item  or  perhaps  100  units  of  the  item  

q  Solu;on:    -  Enable  the  receiver  to  detect  message  tempering  -  A  protocol  that  does  so  is  said  to  provide  data  integrity  

Security  Goal:  Authen3ca3on  

q  Another  threat  to  the  customer  is  unknowingly  being  directed  to  a  false  website  

q  Threat:    -  This  can  result  from  a  Domain  Name  System  aFack,  in  which  

false  informa;on  is  entered  to  locate  a  server  -  This  leads  to  transla;ng  a  correct  URL  into  the  address  of  a  

false  website  

q  Solu;on:    -  Ensure  that  you  really  talk  to  whom  you  think  you’re  talking  -  A  protocol  that  does  so  is  said  to  provide  authen'ca'on  

Page 3: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

3

Cryptographic  Building  Blocks                  

Crytpography  q  Cryptography  

-  The  field  of  study  related  to  encoded  informa;on  (comes  from  Greek  word  for  "secret  wri;ng")  

q  Encryp;on  -  The  process  of  conver;ng  plaintext  into  ciphertext  

Decryption

plaintext message

ciphertext message

Encryption cannot  be  read  can  be  read  

q  Decryp;on  -  The  process  of  conver;ng  ciphertext  into  plaintext  

Page 4: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

4

Basic  Blocks  of  Cryptography  q  Cipher  

-  An  algorithm  used  to  encrypt  and  decrypt  text  

q  Key  -  The  set  of  parameters  that  guide  a  cipher  

q  Neither  is  any  good  without  the  other  

Examples  of  Ciphers  q  Subs;tu;on  cipher  

-  A  cipher  that  subs;tutes  one  character  with  another  -  Example:  Caesar  cipher    

Ø  shiQs  characters  a  certain  number  of  posi;ons  in  the  alphabet  

q  Transposi;on  cipher    -  A  cipher  that  rearranges  the  order  of  exis;ng  characters  in  a  

message  in  a  certain  way  (e.g.,  a  route  cipher)  

Page 5: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

5

Caesar  Cipher  

A B C D E F G H I J K L M N O P Q R S T U V W X Y ZD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

q  Subs;tute  the  leFers  in  the  second  row  for  the  leFers  in  the  top  row  to  encrypt  a  message  

q  Encrypt(COMPUTER)  gives  FRPSXWHU  q  Subs;tute  the  leFers  in  the  first  row  for  the  leFers  in  the  

second  row  to  decrypt  a  message  q  Decrypt(Encrypt(COMPUTER))  gives  COMPUTER  

q  The  key  is  _____________________  

Transposi3on  Cipher  

T O D A Y+ I S + M O N D A Y

q  Write  the  leFers  in  a  row  of  five,  using  '+'  as  a  blank.  Encrypt  by  star;ng  spiraling  inward  from  the  top  leQ  moving  counter  clockwise  

q  Encrypt(TODAY  IS  MONDAY)  gives  T+ONDAYMYADOIS+  q  Decrypt  by  recrea;ng  the  grid  and  reading  the  leFers  across  

the  row  

q  The  key  is  __________________________  

Page 6: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

6

Modern  Ciphers  

Cipher  Structure  (Data  Encryp;on  Standard)  

q  The  ciphers  are  complex,  operate  at  the  bit  level  

q  The  encryp;on  key  is  a  random  string  of  bits  

q  A  single  bit  change  in  the  input  results  in  a  totally  independent  random  output  

q  Believed  to  be  fairly  secure      

Modern  Ciphers  q  Encryp;on  uses  encryp'on  key  Ke  

   

q  Decryp;on  uses  decryp'on  key  Kd  

   

encrypt

0110111010010001 key Ke

decrypt

1001001100111010 key Kd

The quick brown fox

plaintext

4f60ce544b43c13f1d

ciphertext

q  Encryp;on  and  decryp;on  key  are  related:  Decrypt(Encrypt (plaintext, Ke), Kd) = plaintext

The quick brown fox plaintext

4f60ce544b43c13f1d ciphertext

Page 7: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

7

Principles  of  Ciphers  q  Algorithm:  

-  should  be  public  (inspires  trust  that  the  algorithm  works)  

q  Key:  -  should  be  long  enough  to  prevent  breaking  of  the  encryp;on  -  should  be  short  enough  to  keep  algorithm  efficient  -  typical  key  lengths:  56-­‐bit,  128-­‐bit,  256-­‐bit,  512-­‐bit    

q  Symmetric  key  ciphers:    -  sender,  receiver  keys  are  iden'cal  and  private  

q  Public-­‐key  ciphers:    -  encryp;on  key  public,  decryp;on  key  secret    (private)  

Symmetric  (Private)  Key  Ciphers  

q  Same  (symmetric)  key  used  for  encryp;on  /  decryp;on  

encrypt

0110111010010001 key K

The quick brown fox 4f60ce544b43c13f1d decrypt

Page 8: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

8

Asymmetric  (Public)  Key  Ciphers  q  Sender,  receiver  do  not  share  secret  key  q  Each  uses  a  pair  of  related  keys  (private,  public)  q  Private  decryp'on  key  known  only  to  receiver  q  Public  encryp'on  key  known  to  all    

The quick brown fox encrypt

0110111010010001 key Kpublic

4f60ce544b43c13f1d

4f60ce544b43c13f1d decrypt

1001001100111010 key Kprivate

The quick brown fox

q  Any  text  encrypted  with  Kpublic  can  be  decrypted  with  Kprivate  q  Any  text  encrypted  with  Kprivate  can  be  decrypted  with  Kpublic    

Hash  Func3ons  

hash function H The quick brown fox... 85d013f4

hash function H The quick red fox... ad917c7f

q  H  is  a  one-­‐way  func;on  that  produces  a  message  digest  -  One-­‐way  property:  can’t  recover  m  from  H(m)    -  Possible  to  have  H(m1)  =  H(m2)  for  m1  ≠  m2  

q  H(m)  has  fixed-­‐length,  regardless  of  the  length  of  m  

Message m Message Digest H(m)

Page 9: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

9

How  Do  Digital  Signatures  Work?  

Hey,  can  you  send  me  my  banking  informa;on,  please  sign  it  so  I  

know  someone  isn’t  lying  to  me!  

Alice   Bob  

What  Does  Bob  Do?  

Alice’s  Bank  

Statement  

Now  Bob  has  two  things  to  send  Alice,  a  message  and  a  digital  signature.  

Alice’s  Bank  

Statement  0110110110110101

1011010011010110

Hash  Func;on    H   Digest Encrypt  with  

bank’s  private  key   0110110110110101

Signature

A  digest  encrypted  with  a  private  key  is  called  a  digital  signature.  

     

Page 10: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

10

How  Do  Digital  Signatures  Work?  

Hey,  can  you  send  me  my  banking  informa;on,  please  sign  it  so  I  

know  someone  isn’t  lying  to  me!  

Alice   Bob  

Alice’s  Bank  

Statement  0110110110110101

How  Does  Alice  Verify?  

Alice’s  Bank  

Statement  

0110110110110101

They  match!  So  someone  with  Bob’s  secret  must  have  signed  the  document!  

Signature Decrypt  with  bank’s  public  key   10110100

11010110

Digest

1011010011010110

Hash  Func;on    H   Digest

q  Issue:  -  what  if  Bob  generates  his  own  (private,  public)  key,  then  sends  

the  public  key  to  Alice  claiming  to  be  the  bank’s  public  key?  

Page 11: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

11

Authen3ca3on  of  Public  Keys  

q  Algorithms  to  generate  a  matched  pair  of  public  and  private  keys  are  publicly  known  

q  How  can  Alice  guarantee  that  the  public  key  Bob  claims  really  belongs  to  Bob?  

q  Solu;on  is  the  public  key  cer'ficate  -  Statement  specifying  the  key  and  iden;ty  -  Signed  by  a  Cer'fica'on  Authority  

Cer3fica3on  Authority  (CA)  

q  Trusted  en;ty  that  issues  public-­‐key  cer;ficates  -­‐  A  public-­‐key  cer;ficate,  or  simply  a  cer'ficate,  is  a  signed  statement  binding  a  public  key  to  an  iden;fy    

q  Cer;fica;on  Authority    -­‐  Binds  a  public  key  to  an  en;ty  and  issues  a  cer;ficate  -­‐  The  CA  itself  has  a  well-­‐known  public  key  -­‐  The  CA  signs  the  cer;ficate  with  its  private  key  

Page 12: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

12

Public  Key  Infrastructure  and  Cer3ficates  

Authenticity  of  public  keys  depends  on  the  authenticity  of  CA’s  public  key,  PKverisign  Verisign’s

private key

amazon.com  (subject  ID)  and  public  key  

Hash function

Signature function

Sent  to  online  customer  

CA:  Verisign  

CA’s certificates are installed by Microsoft, Apple, Firefox, etc.

Verify Amazon’s certificate using PKverisign

q  To  be  able  to  do  business,  amazon  gets  a  public  key  cer;ficate  from  Verisign  

q  If  Alice  wants  to  shop  on  amazon,  amazon  sends  its  cer;ficate  to  Alice  

q  Verisign’s  public  key  is  already  preinstalled  in  Alice’s  browser    

Click  here  for  Security  Info  

Page 13: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

13

Unencrypted  Connec3on  

Encrypted  Connec3on  

Page 14: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

14

Signed  by  Symantec  

Review:  Hash  Func3ons  

hash function H The quick brown fox... 85d013f4

hash function H The quick red fox... ad917c7f

■  H is a one-way function that produces a message digest -  One-way property: can’t recover m from H(m) -  Possible to have H(m1) = H(m2) for m1 ≠ m2

■  H(m) has fixed-length, regardless of the length of m

Message m Message Digest H(m)

Page 15: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

15

The quick brown fox... hash function 85d013f4

85d013f4 encrypt

0110111010010001 key Kprivate

a3ff369b

The quick brown fox... a3ff369b

a3ff369b decrypt

0110111010010001 key Kpublic

85d013f4

The quick brown fox... hash function 85d013f4 OK

The quick red fox...

The quick red fox... ad917c7f Bad!

digest

signature

signature digest

Review:  Digital  Signature

Password Security

Page 16: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

16

Guidelines  for  Passwords  q  Easy  to  remember,  hard  to  guess  q  Don’t  use  family  or  pet  names  q  Don’t  make  it  accessible  q  Use  combina;on  uppercase/lowercase  leFers,  digits  

and  special  characters  q  Don’t  leave  computer  when  logged  in  q  Don’t  ever  tell  anyone  q  Don’t  include  in  an  email  q  Don’t  use  the  same  password  in  lots  of  places  

Good  and  Bad  Passwords  

q  Bad  passwords  -  frank  -  Fido  -  password  -  4444  -  Pikachu  -  102560  -  Aus;nStamp  

q  Good  Passwords?  -  jfIej,43j-­‐EmmL+y  -  09864376537263  -  P0kem0N  -  FSa7Yago  -  0nceuP0nAt1m8  -  PokeGCTall150  

Page 17: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

17

How  to  Store  Passwords?  

q  Where  are  passwords  stored?  -  Bad  idea  to  store  passwords  as  plain  text  in  a  file  

q  But  need  a  way  to  verify  passwords  q  Cryptographic  solu;on:  Hash  the  passwords  

-  Store  digest  =  Hash(password)  -  Password  file  does  not  reveal  the  passwords  

-  But  aFacker  with  password  file  can  try  to  guess  passguess  and  check  if  digest  is  iden;cal  to  Hash(passguess)  

-  If  yes,  the  aFacker  has  found  the  password!  

Dic3onary  ARack  

q  AFacker  pre-­‐computes  Hash(x)  for  all  x  in  a  dic3onary  of  common  passwords  

q  Suppose  aFacker  gets  access  to  password  file  containing  hashed  passwords  -  AFacker  only  needs  to  compare  hashes  to  his  pre-­‐

computed  dic;onary  -  Same  aFack  will  work  each  ;me  

q  Can  we  prevent  this  aFack?  Or  at  least  make  aFacker’s  job  more  difficult?  

Page 18: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

18

Dic3onary  ARack  vs.  Brute-­‐Force  ARack  

ü  Words,  phrases,  common  passwords  

ü  Further  processing  –  replacing  “hello”  with  “h3110”  

ü  Try  all  possible  combina;ons  up  to  a  given  length  

ü  Computa;onally  more  expensive  

Password  Cracking:  Do  the  Math  

q  Assump;ons  -  Passwords  are  8  chars,  128  choices  per  character  -  Then  1288  =  256  possible  passwords  

q  Research  presented  at  Password12  in  Norway  shows  that  8-­‐character  passwords  are  no  longer  safe  -  a  25-­‐GPU  cluster  can  cycle  through  

350  billion  guesses  per  second  -  any  password  can  be  cracked  in  just  

5.5  hours  

Page 19: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

19

q  Prepend  a  random  string  (salt)  to  each  new  password  -  Usually  same  size  as  the  output  digest  

q  Compute  digest  =  Hash(salt+password)  and  store  the  pair  (salt,  digest)  in  the  password  file  

q  Note:  the  salt  is  not  secret  q  Easy  to  verify  password,  difficult  to  crack  q  AFacker  would  have  to  recompute  dic;onary  hashes  for  each  

user  ⎯  lots  more  work!  

Making  Password  Cracking  Harder    

What is Social Engineering?

*http://bash.org/?244321

q  Manipula;ng  a  person  into  divulging  confiden;al  informa;on  

Page 20: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

20

The  BoRom  Line  q  Password  cracking  is  too  easy!  

-  Users  choose  bad  passwords  -  Social  engineering  aFacks  -  Password  cracking  tools  available  online  

q  Password  Crackers  q  Password  Portal  q  L0phtCrack  and  LC4  (Windows)  q  John  the  Ripper  (Unix)  

q  The  bad  guy  has  all  of  the  advantages  q  Passwords  are  a  big  security  problem  

File Security

Page 21: Basics of Cryptography Password Security File Security1 Basics of Cryptography Password Security File Security SecurityGoal: Confidenality)! Suppose’you’are’acustomer’using’acreditcard’to’

21

File  Permissions    q  Files  must  be  protected  from  unauthorized  reading  

and  wri;ng  ac;ons  q  Data  resides  in  files;  protec;ng  files  protects  data  q  File  permissions  

-  Read,  write,  and  execute  privileges  -  In  Windows,  change  permission  on  the  Security  tab  on  a  

file’s  Proper;es  dialog  box  -  In  Unix,  three  permission  sewngs:  owner;  group  to  which  

owner  belongs;  all  other  users;  each  sewng  consist  of  rwx  (r  for  reading,  w  for  wri;ng,  and  x  for  execu;ng)  

Unix  File  Permissions    q  chmod  command  used  to  change  file  permissions  

q  Example:  chmod    644    filename  

1 1 0 1 0 0 1 0 0