Computer Systems and Network Security Essentials

Posted on Jan 12, 2025 in Archaeology

Why Aren’t All Computer Systems Secure?

• Cost/Benefit Issues
• Security Costs
• Users perceive no personal threat to themselves
• Ignorance

Legacy and Retrofitting

• We are constrained by legacy issues:
  • Core Internet design
  • Popular programming languages
  • Commercial operating systems
• All developed before security was a concern
• Retrofitting security works poorly

Problems With Patching

• Usually done under pressure:
  • So generally quick and dirty
• Tends to deal with obvious and immediate problem:
  • Not with underlying cause
• Hard (sometimes impossible) to get patch to everyone
• Since it’s not organic security, patches sometimes introduce new security problems

Definitions

• Security is a policy:
  • “No unauthorized user may access this file”
• Protection is a mechanism:
  • “The system checks user identity against access permissions”
• Protection mechanisms implement security policies
• A vulnerability is a weakness that can allow an attacker to cause problems.
• An exploit is an actual incident of taking advantage of a vulnerability

What Are Our Security Goals?

• CIA
  • Confidentiality: If it’s supposed to be a secret, be careful who hears it
  • Integrity: Don’t let someone change something they shouldn’t
  • Availability: Don’t let someone stop others from using services

Threats

• Theft
• Privacy
• Destruction
• Interruption or interference with computer-controlled services

Interruption Threats

• Denial of service, a threat to availability
  • Destruction of hardware, software, or data
  • Interference with a communications channel
  • Overloading a shared resource

Interception Threats

• Data or services are provided to an unauthorized party
• Either in conjunction with or independent of a legitimate request
• A threat to confidentiality
• Occur how?
  • Eavesdropping
  • Masquerading
  • Break-ins
  • Illicit data copying

Modification Threats

• Unauthorized parties modify the data
• Either on the way to the users
• Or permanently at the servers
• A threat to integrity
• Occur?
  • Interception of data requests/replies
  • Masquerading
  • Break-ins
  • Flaws in applications allowing unintended modifications
  • Other forms of illicit access to servers and their services

Fabrication Threats

• Unauthorized parties insert counterfeit objects into the system
• Causing improper changes in data
• Or improper use of system resources
• Or other bad behavior
• A threat to integrity
• Occur?
  • Masquerading
  • Bypassing protection mechanisms
  • Duplication of legitimate requests/responses

Destruction Threats

• Destroy data, hardware, software, etc.
• Often easier to destroy something than usefully modify it
• Often (not always) requires physical access:
  • Stuxnet destroyed centrifuges
• Destruction threats primarily threaten availability

Active Threats Vs. Passive Threats

• Passive threats are forms of eavesdropping:
  • No modification, injections of requests, etc.
• Active threats are more aggressive
• Passive threats are mostly to secrecy
• Active threats are to all properties

Benefits of a Network

• Information sharing
• Hardware sharing
• Software sharing
• Collaborative environment

Routers

Routers connect two or more networks and forward data packets between them. When data arrives from one of the segments, the router decides, according to its routing table, to which segment to forward that data.

The term gateway refers to special-purpose devices that perform protocol conversions. Gateways implement application layer conversions of information received from various protocols.

Network architecture

• Peer-to-peer architecture
• Client/server architecture

• Switch
  • Like hub but with intelligent
  • Better performance
• Router
  • Forward packets from one LAN to another

Link Layer: includes device driver and network interface card

Network Layer: handles the movement of packets, i.e. Routing

Transport Layer: provides a reliable flow of data between two hosts

Application Layer: handles the details of the particular application

VPN (Virtual Private Network)

A secure tunnel to a private network through a public network

IP

• Responsible for end-to-end transmission
• Sends data in individual packets
• Maximum size of packet is determined by the networks:
  • Fragmented if too large
• Unreliable:
  • Packets might be lost, corrupted, duplicated, delivered out of order
• Routing Table:
  • Destination IP address, IP address of a next-hop router, Flags, Network interface specification

Important Network Characteristics for Security

• Degree of locality
• Media used (wires vs satellite)
• Protocols used

The Protocol

The protocol defines a set of rules that will always be followed

• But usually not quite complete
• And they assume everyone is at least trying to play by the rules:
  • What if they don’t?
• Specific attacks exist against specific protocols

Wiretapping

• Passive wiretapping is listening in illicitly on conversations
• Active wiretapping is injecting traffic illicitly
• Packet sniffers can listen to all traffic on a broadcast medium:
  • Ethernet or 802.11, e.g.
• Wiretapping on wireless often just a matter of putting up an antenna

Impersonation

• A packet comes in over the network:
  • With some source indicated in its header
• Often, the action to be taken with the packet depends on the source
• But attackers may be able to create packets with false sources

Violations of Message Confidentiality

• Other problems can cause messages to be inappropriately divulged
• Misdelivery can send a message to the wrong place:
  • Clever attackers can make it happen
• Message can be read at an intermediate gateway or a router
• Sometimes an intruder can get useful information just by traffic analysis.

Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted.

Message Integrity

• Even if the attacker can’t create the packets he wants, sometimes he can alter proper packets
• To change the effect of what they will do
• Typically requires access to part of the path message takes

Denial of Service

• Attacks that prevent legitimate users from doing their work
• By flooding the network
• Or corrupting routing tables
• Or flooding routers
• Or destroying key packets

How Do Denial of Service Attacks Occur?

• Basically, the attacker injects some form of traffic
• Most current networks aren’t built to throttle uncooperative parties very well
• All-inclusive nature of the Internet makes basic access trivial
• Universality of IP makes reaching most of the network easy

Attack Methods

• Pure flooding:
  • Of network connection
  • Or of upstream network
• Overwhelm some other resource:
  • SYN flood
  • CPU resources
  • Memory resources
  • Application level resource
• Direct or reflection
• IP spoofing allows easy hiding
• Distributed nature makes legal approaches hard
• Attacker can choose all aspects of his attack packets:
  • Can be a lot like good ones

Basic Defense Approaches

• Overprovisioning
• Dynamic increases in provisioning
• Hiding
• Tracking attackers
• Legal approaches
• Reducing volume of attack
• None of these are totally effective

Source Address Filtering

• Filtering out some packets because of their source address value:
  • Usually because you believe their source address is spoofed
• Often called ingress filtering:
  • Or egress filtering

Source Address Filtering for Address Assurance

• Router “knows” what network it sits in front of:
  • In particular, knows IP addresses of machines there
• Filter outgoing packets with source addresses not in that range
• Prevents your users from spoofing other nodes’ addresses:
  • But not from spoofing each other’s

Source Address Filtering in the Other Direction

• Often called egress filtering:
  • Or ingress filtering
• Occurs as packets leave the Internet and enter a border router:
  • On way to that router’s network
• What addresses shouldn’t be coming into your local network?

Other Forms of Filtering

• One can filter on things other than source address:
  • Such as worm signatures, unknown protocol identifiers, etc.
• Also, there are unallocated IP addresses in IPv4 space:
  • Can filter for packets going to or coming from those addresses
• Some source addresses for local use only:
  • Internet routers can drop packets to/from them

Realistic Limits on Filtering

• Little filtering possible in Internet core:
  • Packets being handled too fast
  • Backbone providers don’t want to filter
  • Damage great if you screw it up
• Filtering near edges has its own limits:
  • In what’s possible
  • In what’s affordable
  • In what the router owners will do

Rate Limits

• Many routers can place limits on the traffic they send to a destination
• Ensuring that the destination isn’t overloaded:
  • Popular for denial of service defenses
• Limits can be defined somewhat flexibly
• But often not enough flexibility to let the good traffic through and stop the bad

Padding

• Sometimes you don’t want intruders to know what your traffic characteristics are
• Padding adds extra traffic to hide the real stuff
• Fake traffic must look like real traffic:
  • Usually means encrypt it all
• Must be done carefully, or clever attackers can tell the good stuff from the noise

Routing Control

• Use ability to control message routing to conceal the traffic in the network
• Used in onion routing to hide who is sending traffic to whom:
  • For anonymization purposes
• Routing control also used in some network defense:
  • To hide real location of a machine (SOS DDOS defense system)

What is a Firewall?

• A machine to protect a network from malicious external attacks
• Typically a machine that sits between a LAN/WAN and the Internet
• Running special software to regulate network traffic

Firewalls and Perimeter Defense

• Firewalls implement a form of security called perimeter defense
• Protect the inside of something by defending the outside strongly:
  • The firewall machine is often called a bastion host
• Control the entry and exit points
• HOWEVER, breaching the perimeter compromises all security
• Perimeter defense is part of the solution, not the entire solution

The Brass Tacks of Firewalls

• Examine each incoming packet
• Decide to let the packet through or drop it:
  • Criteria could be simple or complex
• Perhaps log the decision
• Maybe send rejected packets elsewhere

Types of Firewalls

• Filtering gateways:
  • AKA screening routers
• Application level gateways:
  • AKA proxy gateways
• Reverse firewalls

Filtering Gateways

• Based on packet header information:
  • Primarily, IP addresses, port numbers, and protocol numbers
• Based on that information, either let the packet through or reject it
• Stateless firewalls

Example Use of Filtering Gateways

• Allow particular external machines to telnet into specific internal machines:
  • Denying telnet to other machines
• Or allow full access to some external machines
• And none to others

A Fundamental Problem

• IP addresses can be spoofed
• If your filtering firewall trusts packet headers, it offers little protection

Filtering Based on Ports

• Most incoming traffic is destined for a particular machine and port:
  • Which can be derived from the IP and TCP headers
• Only let through packets to select machines at specific ports
• Makes it impossible to externally exploit flaws in little-used ports:
  • If you configure the firewall right

Pros and Cons of Filtering Gateways

• Pros:
  • Fast
  • Cheap
  • Flexible
  • Transparent
• Cons:
  • Limited capabilities
  • Dependent on header authentication
  • Generally poor logging
  • May rely on router security

Application Level Gateways

• Also known as proxy gateways
• Firewalls that understand the application-level details of network traffic:
  • To some degree
• Traffic is accepted or rejected based on the probable results of accepting it
• Stateful firewalls

How it Works

• The firewall serves as a general framework
• Various proxies are plugged into the framework
• Incoming packets are examined:
  • Handed to the appropriate proxy
• Proxy typically accepts or rejects

Deep Packet Inspection

• Another name for typical activity of application level firewalls
• Looking into packets beyond their headers:
  • Especially the IP header
• “Deep” sometimes also means deeper understanding of what’s going on:
  • Though not always

Firewall Proxies

• Programs capable of understanding particular kinds of traffic:
  • E.g., FTP, HTTP, videoconferencing
• Proxies are specialized
• A good proxy has deep understanding of the network application
• Typically limited by complexity and performance issues

Pros and Cons of Application Level Gateways

• Pros:
  • Highly flexible
  • Good logging
  • Content-based filtering
  • Potentially transparent
• Cons:
  • Slower
  • More complex and expensive
  • Highly dependent on proxy quality

Reverse Firewalls

• Normal firewalls keep stuff from the outside from getting inside
• Reverse firewalls keep stuff from the insider from getting outside
• Often co-located with regular firewalls

Why Need Them?

• Concealing details of your network from attackers
• Preventing compromised machines from sending things out

Firewall Characteristics

• Statefulness
• Transparency
• Handling authentication
• Handling encryption

Stateful Firewalls

• Much network traffic is connection-oriented:
  • E.g., telnet and videoconferencing
• Proper handling of that traffic requires the firewall to maintain state
• But handling information about connections is more complex

Port Scanning

• The process of examining a range of IP addresses to determine what services are running on a network.
• Finds open ports on a computer and the services running on it:
  • Security audit or used by attacker to find services they can break into
• Use a zone transfer with the “dig” command to obtain a network’s IP addresses.
• Determine subnetted and class
• Verify which computers are active
• Use a port scanner to ping the range of IP addresses you discovered.

Port States

• Open:
  • A service process is listening at the port.
  • If the OS receives a SYN at an open port, this is the first packet of the three way handshake.
• Closed:
  • No process is listening at the port.
  • If the OS receives a SYN at a closed port, an RST is sent.
• Filtered:
  • A packet filter is listening at the port.

Types of Port Scans

• SYN scan:
  • In a normal TCP session, a packet is sent to another computer with the SYN flag set.
  • The receiving computer sends back a packet with the SYN/ACK flag set, indicating an acknowledgment.
  • The sending computer then sends a packet with the ACK flag set.
  • If the port the SYN packet is sent to is closed, the computer responds with an RST/ACK (reset/acknowledgment) packet.
  • If an attacker’s computer receives a SYN/ACK packet, it responds quickly with an RST/ACK packet, closing the session.
  • This is done so that a full TCP connection is never made and logged as a transaction. In this sense, it’s “stealthy.”
  • After all, attackers don’t want a transaction logged showing their connection to the attacked computer and listing their IP addresses.
• Connect scan:
  • A connect scan is similar to a SYN scan, except that it does complete the three-way handshake.
  • Attacked computer most likely logs the transaction or connection
  • Therefore, unlike a SYN scan, a connect scan isn’t stealthy and can be detected easily.
• NULL scan:
  • In a NULL scan, all packet flags are turned off.
  • A closed port responds to a NULL scan with an RST packet, so if no packet is received, the best guess is that the port is open.
• XMAS scan:
  • In this type of scan, the FIN flags are set.
  • Closed ports respond to this type of packet with an RST packet.
  • This scan can be used to determine which ports are open.
  • For example, an attacker could send this packet to port 53 on a system and see whether an RST packet is returned. If not, the DNS port might be open.
• ACK scan:
  • Attackers typically use ACK scans to get past a firewall or other filtering device.
  • A filtering device looks for the SYN packet, the first packet in the three-way handshake, that the ACK packet was part of.
  • Remember this packet order: SYN, SYN/ACK, and ACK.
  • If the attacked port returns an RST packet, the packet filter was fooled, or there’s no packet-filtering device.
  • In either case, the attacked port is considered to be “unfiltered.”
• FIN scan:
  • In this type of scan, a FIN packet is sent to the target computer.
  • If the port is closed, it sends back an RST packet.
  • When a three-way handshake ends, both parties send a FIN packet to end the connection.
• UDP scan:
  • In this type of scan, a UDP packet is sent to the target computer.
  • If the port sends back an ICMP “Port Unreachable” message, the port is closed.
  • Again, not getting that message might imply the port is open, but this isn’t always true.
  • A firewall or packet-filtering device could undermine your assumptions

Details on Scan

• A computer that receives a SYN packet from a remote computer responds with a SYN/ACK packet if its port is open.
• If a port is closed and receives a SYN packet, it sends back an RST/ACK packet.
• Determining whether a port is filtered is more complex.

Ping Sweeps

• Port scanners can also be used to conduct a ping sweep of a large network to identify which IP addresses belong to active hosts. (live host)
• The problem with relying on ping sweeps to identify live hosts is that a computer might be shut down at the time of the sweep and indicate that the IP address doesn’t belong to a live host.
• Many network administrators configure nodes to not respond to an ICMP Echo Request (type 8) with an ICMP Echo Reply (type 0).
• Also, firewall filtering out ICMP traffic

TCP SYN Scanning

• Often referred to as half-open scanning.
• Send a SYN packet
• Wait for a response.
  • A SYN/ACK indicates the port is listening.
  • If a SYN/ACK is received, send an RST to tear down the connection immediately.
• Most sites do not log these.
• Need root privileges to build SYN packets.

TCP FIN Scanning

• Send a FIN packet (without a preceding SYN etc.)
• FIN packets may pass through firewalls
• Closed ports reply with RST.
• Open ports ignore the FIN packet.
• Some hosts violate RFC.
  • Reply with RST’s regardless of the port state
  • Thus, are not vulnerable to this scan.

TCP Reverse Identd Scanning

• Identd protocol (RFC 1413): Disclose the username of the owner of any process connected via TCP, even if that process didn’t initiate the connection.
• Example: connect to the http port (80), and then use identd to find out whether the server is running as root.
• Must have full TCP connection to the port.

UDP Scan

• Most hosts send an ICMP_PORT_UNREACH error when you send a packet to a closed UDP port.
  • Can find out if a port is NOT open
• Slow: the ICMP error message rate is limited.
• Need to be root for access to raw ICMP socket.
• Non-root users cannot read port unreachable errors directly.

Stealth Scan

• Include fragmented packets, SYN scanning, FIN scanning etc.
• Scan slowly
• Firing packets with fake IPs:
  • Flood with spoofed scans and embed one scan from the real source (network) address.

External Intrusions Vs Internal

Intrusion detection system usually examines log. Can run offline since a lot of overhead but won’t catch in real time.

Failures In Intrusion Detection

• False positives:
  • Legitimate activity identified as an intrusion
• False negatives:
  • An intrusion not noticed
• Subversion errors:
  • Attacks on the intrusion detection system

Desired Characteristics in Intrusion Detection

• Continuously running
• Fault tolerant
• Subversion resistant
• Minimal overhead
• Must observe deviations
• Easily tailorable
• Evolving
• Difficult to fool

Host Intrusion Detection

• Run the intrusion detection system on a single computer,
• Look for problems only on that computer

Advantages

• Lots of information to work with
• Only need to deal with problems on one machine
• Can get information in readily understandable form

Network Intrusion Detection

• Do the same for a local (or wide) area network
• Either by using distributed systems techniques
• Or (more commonly) by sniffing network traffic

Advantages

• Need not use up any resources on users’ machines
• Easier to properly configure for large installations
• Can observe things affecting multiple machines

Sensors

• Use programs called sensors to grab only relevant data
• Sensors quickly examine network traffic:
  • Record the relevant stuff
  • Discard the rest
• If you design sensors right, greatly reduces the problem of data volume

APPLICATION SPECIFIC IDS – less overhead, tuned to one application

Styles of Intrusion Detection

• Misuse intrusion detection:
  • Try to detect things known to be bad
• Anomaly intrusion detection:
  • Try to detect deviations from normal behavior
• Specification intrusion detection:
  • Try to detect deviations from defined “good states

Misuse Detection (Signature-Based)

• Determine what actions are undesirable
• Watch for those to occur
• Signal an alert when they happen
• Often referred to as signature detection

Level of Misuse Detection

• Could look for specific attacks:
  • E.g., SYN floods or IP spoofing
• But that only detects already-known attacks
• Better to also look for known suspicious behavior:
  • Like trying to become root
  • Or changing file permissions

How Is Misuse Detected?

• By examining logs ▫ Only works after the fact • By monitoring system activities ▫ Often hard to trap what you need to see • By scanning the state of the system ▫ Can’t trap actions that don’t leave traces • By sniffing the network ▫ For network intrusion detection systems Pluses and Minuses of Misuse Detection +Few false positives +Simple technology +Hard to fool • At least about things it knows about –Only detects known problems –Gradually becomes less useful if not updated –Sometimes signatures are hard to generate Misuse Detection and Commercial Systems • Essentially all commercial intrusion detection systems primarily detect misuse ▫ Generally using signatures of attacks • Many of these systems are very similar ▫ Differing only in details • Differentiated primarily by quality of their signature library ▫ How large, how quickly updated  Anomaly Detection • Misuse detection can only detect known problems • And many potential misuses can also be perfectly legitimate • Anomaly detection instead builds a model of valid behavior ▫ And watches for deviations Methods of Anomaly Detection • Statistical models ▫ User behavior ▫ Program behavior ▫ Overall system/network behavior • Expert systems • Pattern matching of various sorts Pluses and Minuses of Anomaly Detection +Can detect previously unknown attacks +Not deceived by trivial changes in attack –Hard to identify and diagnose nature of attacks –Unless careful, may be prone to many false positives –Depending on method, can be expensive and complex — most academic research on anomoly dectection IDS, promising but few effective systems use it Specification Detection • Define some set of states of the system as good • Detect when the system is in a different state • Signal a problem if it is How Does This Differ From Misuse and Anomaly Detection? • Misuse detection says that certain things are bad • Anomaly detection says deviations from statistically normal behavior are bad • Specification detection defines exactly what is good and calls the rest bad

Protocol Anomaly Detection • Really a form of specification intrusion detection • Based on precise definitions of network protocols • Can easily detect deviations • Incorporated into some commercial systems ▫ E.g., Snort and Checkpoint Pluses and Minuses of Specification Detection +Allows formalization of what you’re looking for +Limits where you need to look +Can detect unknown attacks – Only effective when one can specify correct state – Based on locating right states to examine – Maybe attackers can do what they want without changing from a “good” state Evolving Intrusion Detection • A static, globally useful intrusion detection solution is impossible ▫ Good behavior on one system is bad behavior on another ▫ Behaviors change and new vulnerabilities are discovered • Intrusion detection systems must change to meet needs How evolve? • Manually or semi-automatically ▫ New information added that allows them to detect new kinds of attacks • Automatically ▫ Deduce new problems or things to watch for without human intervention Problem With Manually Evolving Systems • System/network administrator action is required for each change ▫ To be really effective, not just manual installation ▫ More customized to the environment • Too heavy a burden to change very often • So they change slowly, akin to software updates Problem With Evolving Intrusion Detection Systems • Very clever intruders can use the evolution against them • Instead of immediately performing dangerous actions, evolve towards them • If the intruder is more clever than the system, the system gradually accepts the new behavior • Possible with manual changing systems, but harder for attackers to succeed Intrusion Detection Tuning • Generally, there’s a tradeoff between false positives and false negatives • You can tune the system to decrease one ▫ Usually at cost of increasing the other • Choice depends on one’s situation

Practicalities of Operation • Most commercial intrusion detection systems are add-ons ▫ They run as normal applications • They must make use of readily available information ▫ Audit logged information ▫ Sniffed packets ▫ Output of systems calls they make • And performance is very important Practicalities of Audit Logs for IDS • Operating systems only log certain stuff • They don’t necessarily log what an intrusion detection system really needs • They produce large amounts of data ▫ Expensive to process ▫ Expensive to store • If attack was successful, logs may be corrupted

What Does an IDS Do When It Detects an Attack? • Automated response ▫ Shut down the “attacker” ▫ Or more carefully protect the attacked service • Alarms ▫ Notify a system administrator  Often via special console ▫ Who investigates and takes action • Logging ▫ Just keep record for later investigation Consequences of the Choices • Automated ▫ Too many false positives and your network stops working ▫ Is the automated response effective? • Alarm ▫ Too many false positives and your administrator ignores them ▫ Is the administrator able to determine what’s going on fast enough? • Logging ▫ Doesn’t necessarily lead to any action False Positives and IDS Systems • For automated response, what happens? • Something gets shut off that shouldn’t be ▫ May be a lot of work to turn it on again • For manual response, what happens? • Either a human investigates and dismisses it • Or nothing happens • If human looks at it, can take a lot of his time What Are Your Choices? • Tune to a lower FPR ▫ Usually causing more false negatives ▫ If too many of those, system is useless • Have triage system for signals ▫ If first step is still human, still expensive ▫ Maybe you can automate some of it? • Ignore your IDS’ signals ▫ In which case, why bother with it at all?

Intrusion Prevention Systems (Snort, Bro, RealSecure ISS, NetRanger) – Essentially a buzzword for IDS that takes automatic action when intrusion is detected • Goal is to quickly take remedial actions to threats • Since IPSs are automated, false positives could be very, very bad Snort • Network intrusion detection system • Public domain ▫ Designed for Linux ▫ But also runs on Windows and Mac • Designed for high extensibility ▫ Allows easy plug-ins for detection ▫ And rule-based description of good & bad traffic • Very widely used Bro • Like Snort, public domain network based IDS • Developed at LBL • Includes more sophisticated non-signature methods than Snort • More general and extensible than Snort • Maybe not as easy to use RealSecure ISS • Commercial IDS • Bundled into IBM security products • Distributed client/server architecture ▫ Incorporates network and host components • Other components report to server on dedicated machine NetRanger • Bundled into Cisco products ▫ Under a different name • For use in network environments ▫ “Sensors” in promiscuous mode capture packets off the local network • Examines data flows ▫ Raises alarm for suspicious flows • Using misuse detection techniques ▫ Based on a signature database ids called failed technology. use multiple IDSs • General concept has never quite lived up to its promise • Yet alternatives are clearly failing ▫ We aren’t keeping the bad guys out • So research and development continues • And most serious people use them ▫ Even if they are imperfect             Conclusions • Intrusion detection systems are helpful enough that those who care about security should use them • They are not yet terribly sophisticated ▫ Which implies they aren’t that effective • Much research continues to improve them • Not clear if they’ll ever achieve what the original inventors hoped for

Security of One-Time Pads • • Essentially, use a new substitution alphabet for every character • Substitution alphabets chosen purely at randomPolyalphabetic Ciphers • Ciphers that don’t always translate a given plaintext character into the same ciphertext character. ie, use different substitutions for odd and even positions.Permutation Ciphers • Doesn’t change the characters in the message, Just where they occur.  character frequency analysiswont help cryptanalyst Public Key Encryption Systems • The encrypter and decrypter have different keys: C = E(Ke ,P)   P = D(Kd ,C) • Often, works the other way, too: C’= E(Kd , P)   P =D(Ke ,C’) Types of Attacks on Cryptosystems  •Ciphertext only• Known plaintext•Chosen plaintext*Algorithm & ciphertext– Timing attacks • Monoalphabetic substitutions – Each plaintext letter maps to a single, unique ciphertext letter Superencipherment: First translate message using a code book, Then encipher the result. Practical Use of Public Key Cryptography: • Keys are created in pairs • One key is kept secret by the owner • The other is made public to the world • If you want to send an encrypted message to someone, encrypt with his public key – Only he has private key to decrypt Key Management Issues • To communicate via shared key cryptography, key must be distributed – In trusted fashion • To communicate via public key cryptography, need to find out each other’s public key – “Simply publish public keys

”Issues of Key Publication • Security of public key cryptography depends on using the right public key • If I am fooled into using the wrong one, that key’s owner reads my message • Need high assurance that a given key belongs to a particular person • Which requires a key distribution infrastructure RSA Algorithm • Most popular public key cryptographic algorithm • In wide use • Has withstood much cryptanalysis • Based on hard problem of factoring large numbers

Using Cryptography for Authentication • If both parties cooperative, standard cryptography can authenticate • What if three parties want to share a key? –No longer certain who created anything – Public key cryptography can solve this problem • What if I want to prove authenticity without secrecy? Authentication With Shared Keys • If only two people know the key, and I didn’t create a properly encrypted message – The other guy must have • But what if he claims he didn’t? • Or what if there are more than two? • Requires authentication servers Authentication With Public Keys • If I want to “sign” a message, encrypt it with my private key • Only I know private key, so no one else could create that message • Everyone knows my public key, so everyone can check my claim directly

Combined Use of Symmetric and Asymmetric Cryptography • Common to use both in a single session • Asymmetric cryptography essentially used to “bootstrap” symmetric crypto • Use RSA (or another PK algorithm) to authenticate and establish a session key • Use AES with that session key for the rest of the transmission Signatures With Shared Key Encryption • Requires a trusted third party • Signer encrypts document with secret key shared with third party • Receiver checks validity of signature by consulting with trusted third party • Third party required so receiver can’t forge the signature

Stream and Block Ciphers • Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext • Block ciphers work on a given sized chunk of data at a time Advantages of Stream Ciphers: + Speed of encryption and decryption + Low error propagation (Errors affect only the symbol where the error occurred) Disadvantages of Stream Ciphers  – Low diffusion (Each symbol separately encrypted); – Susceptible to insertions and modifications; – Not good match for many common uses of cryptography; Advantages of Block Ciphers + Good diffusion (Easier to make a set of encrypted characters depend on each other); Most common Internet crypto done with block ciphers Disadvantages of Block Ciphers – Slower (Need to wait for block of data before encryption/decryption starts); – Worse error propagation (Errors affect entire blocks); issues• Let’s say you have a bunch of data to encrypt Using the same cipher and key • How do you encrypt the entire set of data? –Given block ciphers have limited block size – And stream ciphers just keep going. Each block of data was independently encrypted(With the same key) • So two blocks with identical plaintext encrypt to the same ciphertext • Not usually a good thing • We used the wrong cryptographic mode (Electronic Codebook (ECB) Mode and get insertion attk) 

Cryptographic Modes •; Cipher Block Chaining Mode • Adds feedback into encryption process • The encrypted version of the previous block is used to encrypt this block • For block X+1, XOR the plaintext with the ciphertext of block X – Then encrypt the result; • Each block’s encryption depends on all previous blocks’ contents • Decryption is similar • • CBC as described would encrypt the first block of the same message sent twice the same way both times Ties together a group of related encrypted blocks • Hides that two blocks are identical • Foils insertion attacks

Initialization Vectors(IV) • A technique used with CBC etc • Ensures that encryption results are always unique – Even for duplicate message using the same key • XOR a random string with the first block – plaintext (XOR) IV – Then do CBC for subsequent blocks Digital Certificate Contents • Name of holder • Public key of holder • Name of trusted third party (certificate authority) • DIGITAL SIGNATURE OF CERTIFICATE AUTHORITY • Data on which hash and public-key algorithms have been used • Other business or personal informationCertification Chains: Childrn have unique relative names