IT5204-Information Systems Security

Security of Information System
Basic Encryption and Decryption

Dr. Kasun De Zoysa
Department of Communication and Media Technologies
University of Colombo School of Computing
University of Colombo
Sri Lanka
UCSC
kasun@ucsc.cmb.ac.lk
All rights reserved. No part of this material may be reproduced and sold.
Objectives:
Understand the concept of encryption/decryption
Describe the different types of ciphers
Identify the characteristics of good cipher
UCSC
1.1 Terminology and Background

Encryption, Decryption and Cryptosystems
Plain Text and Cipher Text
Encryption Algorithms
Cryptanalysis
UCSC
Basic Concept
E
Cipher Algorithm
Cipher Algorithm
C
Encrypted Data
P clear (plain) text, message-readable (intelligible) information

C ciphertext-encrypted information
E encryption (enciphering)-transforming clear text into ciphertext
D decryption (deciphering)-transforming ciphertext back into plaintext
UCSC
Cipher Algorithm
Encrypting algorithm: a mathematical function
having the following form:
C = E (P, Ke) where Ke encryption key
Decryption algorithm: a mathematical function
having the following form:
P = D (C, Kd) where Kd encryption key
UCSC
Cryptanalysis
Attacker (cryptanalysis, intruder) - person that tries
to discover C (compromise the encryption
algorithm)
UCSC
What the Cryptanalyst Has to Work With
Ciphertext only
Full or partial plaintext
Ciphertext of any plain text
Algorithm of ciphertext
UCSC
Types of Cryptanalytic Attacks

Ciphertext only
only knows encryption algorithm and ciphertext, goal is to
identify plaintext
Known plaintext
know encryption algorithm and one or more plaintext &
ciphertext pairs formed with the secret key
Chosen plaintext
know encryption algorithm and can select plaintext and obtain
ciphertext to attack cipher
UCSC
Types of Cryptanalytic Attacks

Chosen ciphertext
know encryption algorithm and can select ciphertext and obtain
plaintext to attack cipher
Chosen text
know encryption algorithm and can select either plaintext or
ciphertext to en/decrypt to attack cipher
UCSC
Brute Force Search

Always possible to simply try every key
Most basic attack, proportional to key size
Assume either know/recognize plaintext
Key Size Number of
(bits)
Alternative Keys
Time required at
106 Decryption/s
32
232 = 4.3 x 109
2.15 milliseconds
56
256 = 7.2 x 1016
10 hours
128
2128 = 3.4 x 1038
5.4 x 1018 years
168
2168 = 3.7 x 1050
5.9 x 1030 years
UCSC
10

1.2 Introduction to Ciphers
Monoalphabetic Substitutions such as the
Caesar Cipher
Cryptanalysis of Monoalphabetic Ciphers
Polyalphabetic Ciphers such as Vigenere
Tableaux
Cryptanalysis of Polyalphabetic Ciphers
Perfect Substitution Cipher such as the Vernam
Cipher
UCSC
Stream and Block Ciphers

11
Machine ciphers
The Enigma Rotor Machine (WW2)
UCSC
The Caesar Cipher
Plain Text
:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text : D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Ci = E(Pi)= Pi+3
UCSC
13
Monoalphabetic Substitutions
Plain Text
Cipher Text : K E Y G H I J K L M N O P Q R S T U V W X Y Z A B C
Letter Frequency
AB C D E FG H I J K LM N O PQ R STUVWXYZ
UCSC
14
Polyalalphabetic Substitutions
Table for Odd Positions
Plain Text
Cipher Text : A D G J N O S V Y B E H K N Q T W Z C F I L O R U X
Table for Even Positions
Plain Text
Cipher Text : N S X C H M R W B G I Q V A F K P U Z E J O T Y D I
Plain Text
: SSIBL
Cipher Text : czysh
UCSC
15
The Perfect Substitution Cipher

One Time Pad
Recipient need identical pad
Pad position should be synchronized
Plain text length = Key length
UCSC
16
The Vernam Cipher

Plain Text
:V E R NA M C
Numeric Equivalent : 21 4 17 13 0 12 2
I P H E R
8 15 7 4 17
+Random Number : 76 48 16 82 44 3 58 11 60 5 48 88
= Sum
: 97 52 33 95 44 15 60 19 75 12 52 105
=Mod 26
: 19 0
17 18 15 8 19 23 12 0 1
Cipher text
: t
s p I t
m a b
Binary Vernam Cipher

Plain Text
:101000111001101
+ Random Stream : 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1
Cipher text
UCSC
:111110010111000
17
The OneOne-Time Pad

If a truly random key as long as the message is used, the
cipher will be secure
Called a One-Time pad
Has unconditional security:
ciphertext bears no statistical relationship to the
plaintext since for any plaintext & any ciphertext there
exists a key mapping one to other
Can only use the key once
Have problem of safe distribution of key
UCSC
18
Transpositions (Permutation)
Columnar Transposition
c1
c6
c11
c2
c7
c12
c3
c8
etc.
c4
c9
c5
c10
c1 c6 c11 c2 c7 c12 c3 c8 ...
Cipher text formed by
c1
c6
c11
UCSC
c2
c7
c12
c3
c8
etc.
c4
c9
c5
c10
19
Block vs Stream Ciphers

Block ciphers process messages in blocks, each of which
is then en/decrypted
Like a substitution on blocks of characters
64-bits or more
Stream ciphers process messages a bit or byte at a time
when en/decrypting
E.g. Vernam cipher, one time pad
Many current ciphers are block ciphers
UCSC
20
Stream Cipher
Key (Optional)
ISSOPMI
Plain text
WEHTUA..
Cipher text
Cipher
Advantage
Speed of transformation
Low error propagation
Cipher text(F)
Plain text (A)
Disadvantage
Low diffusion
Susceptibility to malicious insertion and modifications
UCSC
21
Block Cipher
XN
OI
TP
YR
CN
ES
Key (Optional)
BA
QC
KD
EM
MC
Disadvantage
Plain text
Cipher text
Cipher
Slowness of encryption
Error propagation
Cipher text(FRWSU)
Advantage
Plain text
(AKEDF)
Diffusion
Immunity to insertion
UCSC
22
Block Ciphers
Substitution-Permutation Ciphers
Product cipher
S-P networks is the basis of modern
symmetric cryptography
Substitution box (S-Box)

We have an input as a n bits word
The output will be a n bit word that the
input has been substituted for.
UCSC

1.3 Characteristics of Good Ciphers
Shannon Characteristics
Confusion and Diffusion
Information Theoretic Tests
Unicity Distance
UCSC
24
Characteristic of Good Cipher

Shannon Characteristics - 1949
The amount of secrecy needed should determine
the amount of labor appropriate for encryption and decryption
The set of keys and the encryption algorithm should be free from complexity
The implementation of the process should be as simple as possible
Errors in the ciphering should not propagate and cause corruption of
further information in the message
The size of enciphered text should be no larger than the
text of the original message
UCSC
25
Kerckhoffs Principle
The security of the encryption scheme must depend
only on the secrecy of the key and not on the secrecy
of the algorithms.
Reasons:
Algorithms are difficult to change
Cannot design an algorithm for every pair of users
Expert review
No security through obscurity!
UCSC
26
Confusion and Diffusion
Goal: cipher needs to completely obscure statistical

properties of original plaintext (like a one time pad)
UCSC
27
Confusion
Confusion
The interceptor should not be able to predict
what changing one character in the plaintext
will do to the ciphertext
Plaintext
Ciphertext
UCSC
28
Diffusion
Diffusion
The characteristics of distributing the
information from single plaintext letter over
the entire ciphertext
Plaintext
KAS U N
ANHYJ
Ciphertext
UCSC
29

Secure Encryption Systems
Nandika Kasun
Sri Lanka
UCSC
kasun@cmb.ac.lk
Objectives:
Handle properties of arithmetic, which are the
fundamental of encryption systems
Recognize the concept of symmetric and
asymmetric key cryptography
Describe the different symmetric and asymmetric
key and hash algorithms
UCSC
kasun@cmb.ac.lk

2.1 Properties of Arithmetic Operations
Inverses
Primes
Greatest Common Divisor
Euclidean Algorithm
Modular Arithmetic
Properties of Modular Arithmetic
Computing the inverse
Fermat's Theorem
Algorithm for Computing Inverses
Random number generation
UCSC
kasun@cmb.ac.lk
Prime Numbers
Prime numbers only have divisors of 1 and self they
cannot be written as a product of other numbers
E.g. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53
59 61 67 71 73 79 83 89 97 101 103 107 109
113 127 131 137 139 149 151 157 163 167 173
179 181 191193 197 199
UCSC
kasun@cmb.ac.lk
Prime Factorization
UCSC
kasun@cmb.ac.lk
Primality Testing
In Cryptography, we often need to find large prime
numbers
Traditionally method using trial division
i.e. divide by all numbers (primes) in turn less than
the square root of the number
only works for small numbers
Alternatively can use statistical primality tests based
on properties of primes
for which all primes numbers satisfy property but
some composite numbers, called pseudo-primes, also
satisfy the property
UCSC
kasun@cmb.ac.lk
How to find a large prime?

(Solovay and Strassen)
1. If p is prime and r is any number less than p
gcd(p,r)=1 ; greatest common devisor
2. Jacobi function
J(r,p) = 1
J(r/2)*(-1)(p2-1) /8
J(p mod r, r)*(-1)(r-1)*(p-1) /4
if r=1
if r is even
if r is odd and r = 1
J(r,p) mod p = r(p-1) / 2

Test :
UCSC
kasun@cmb.ac.lk
If test 1 and 2 passes probability(prime p) = 1/2.

Otherwise p should not be prime.
If test repeated k time probability(prime p) = 1/2k
Greatest Common Divisor
Greatest Common Divisor - gcd(a,b)

The largest integer that divides a set of numbers
If p is a prime, for any number q<p, gcd(p,q)=1
gcd(a,b)=gcd(b,a)
Example : gcd(15,10)=5
UCSC
kasun@cmb.ac.lk
Euclidean Algorithm
If x divides a and b, x also divides a-(k*b) for every k

Suppose x divides both a and b; then
a=x*a1; b=x*b1
a-(k*b)=x*a1 - (k*x*b1)
= x*(a1-k*b1)
= x*d
So that x divides (is a factor of) a-(k*b)
Suppose x=gcd(a,b), where a>b
a=m*b+r
a-(m*b)=r So that gcd(b,r)=x
gcd(a,b)=gcd(b,r) a>b>r>=0
UCSC
kasun@cmb.ac.lk
Euclid's GCD Algorithm

An efficient way to find the GCD (a, b)
uses theorem that:
GCD (a, b) = GCD (b, a mod b)
Euclid's Algorithm to compute GCD (a, b):
A=a; B=b;
while (B>0) {
R = A mod B;
A = B;
B = R;
}
return A;
UCSC
kasun@cmb.ac.lk
10
Example: GCD(1970,1066)
1970 = 1 x 1066 + 904
1066 = 1 x 904 + 162
904 = 5 x 162 + 94
162 = 1 x 94 + 68
94 = 1 x 68 + 26
68 = 2 x 26 + 16
26 = 1 x 16 + 10
16 = 1 x 10 + 6
10 = 1 x 6 + 4
6 = 1 x 4 + 2
4 = 2 x 2 + 0
UCSC
kasun@cmb.ac.lk
gcd(1066, 904)
gcd(904, 162)
gcd(162, 94)
gcd(94, 68)
gcd(68, 26)
gcd(26, 16)
gcd(16, 10)
gcd(10, 6)
gcd(6, 4)
gcd(4, 2)
gcd(2, 0)
11
Relatively Prime Numbers & GCD
UCSC
kasun@cmb.ac.lk
12
Finding Inverse
UCSC
kasun@cmb.ac.lk
13
Finding Inverses
UCSC
kasun@cmb.ac.lk
14
Modular Arithmetic
Property
Example
Associatively
a+(b+c) mod n=(a+b) + c mod n

a*(b*c) mod n=(a*b) * c mod n
Commutativity
a+b mod n= b+a mod n

a*b mod n= b*a mod n
Distributivity
a*(b+c) mod n=((a*b) +(a* c)) mod n
Reducibility
(a+b) mod n=((a mod n) +(b mod n)) mod n

(a*b) mod n=((a mod n) *(b mod n)) mod n
UCSC
kasun@cmb.ac.lk
15
Fermats Theorem
States that for any prime p and any element a<p
ap mod p = a
or
ap-1 mod p = 1
1
2
For a prime p and an element a<p,

the inverse of a is the element x such that
ax mod p =1
Combine with equation 2,
ax mod p =1= ap-1 mod p
x= ap-2 mod p
UCSC
kasun@cmb.ac.lk
16
Discrete Logarithms
UCSC
kasun@cmb.ac.lk
17
Random Number Generation

1. Truly Random numbers
Books
CD
2. Pseudo Random numbers

Linear congruential random number generation
Ri+1 = (a * Ri+b) mod n
R1 = (a * R0+b) mod n
R2 = (a * R1+b) mod n
R3 = (a * R2+b) mod n
UCSC
kasun@cmb.ac.lk
18

2.2 Public Key (Asymmetric key)
Encryption Systems
Concept and Characteristics of Public key Encryption
System
Introduction to Merkle-Hellman Knapsacks
Rivest-Shamir-Adelman (RSA) Encryption in Detail
Introduction to Digital Signature Algorithms
The Digital Signature Standard (DSA)
Introduction to Elliptic Curve (EC) Cryptography
UCSC
kasun@cmb.ac.lk
19
Why PublicPublic-Key Cryptography?

Developed to address two issues:
key distribution how to have secure communications in
general without having to trust a Key Distribution Center
(KDC) with your key
digital signatures how to verify a message comes

intact from the claimed sender
Whitfield Diffie and Martin Hellman in 1976 known
earlier in classified community
UCSC
kasun@cmb.ac.lk
20
Public--Key Cryptography
Public
Very significant advance in the history of cryptography
Uses two keys a public and a private key
Asymmetric since parties are not equal
Uses clever application of number theoretic concepts to
function
Complements rather than replaces symmetric key
cryptography
UCSC
kasun@cmb.ac.lk
21
Public--Key Cryptography Principles

Public
The use of two keys has consequences in: key

distribution, confidentiality and authentication.
The scheme has six ingredients
UCSC
kasun@cmb.ac.lk
Plaintext
Encryption algorithm
Public and private key
Ciphertext
Decryption algorithm
22
Public Key Encryption
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Public Key of B
A-Sender
Private Key of B

B-Recipient
Decryption
UCSC
kasun@cmb.ac.lk
23
Signing
Encryption
Some
confidential
text (message)
in clear
(readable)
form
Public Key of A
Private Key of A
A-Sender

B-Recipient
Decryption
UCSC
kasun@cmb.ac.lk
24
Public--Key Cryptography
Public
Public-key/two-key/asymmetric cryptography involves
the use of two keys:
a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
UCSC
kasun@cmb.ac.lk
25
Requirements for PublicPublic-Key Cryptography

1. Computationally easy for a party B to
generate a pair (public key KUb, private
key KRb)
2. Easy for sender to generate ciphertext:
C = EKUb (M )
1. Easy for the receiver to decrypt

ciphertect using private key:
M = DKRb (C ) = DKRb [ EKUb ( M )]
UCSC
kasun@cmb.ac.lk
26
Requirements for PublicPublic-Key Cryptography
1. Computationally infeasible to determine

private key (KRb) knowing public key (KUb)
2. Computationally infeasible to recover
message M, knowing KUb and ciphertext C
3. Either of the two keys can be used for
encryption, with the other used for
decryption:
M = DKRb [ EKUb ( M )] = DKUb [ EKRb ( M )]

UCSC
kasun@cmb.ac.lk
27
Security of Public Key Schemes

Like symmetric key schemes brute force exhaustive
search attacks are always theoretically possible
But keys used are much larger (> 512 bits)
Security relies on computationally infeasibility of the
cryptanalysis problem
UCSC
kasun@cmb.ac.lk
28
Public--Key Cryptographic Algorithms

Public
Knapsack based encryption
RSA - Ron Rives, Adi Shamir and Len

Adleman at MIT, in 1977.
RSA is a block cipher
The most widely implemented
Diffie-Hellman
Echange a secret key securely
Compute discrete logarithms
UCSC
kasun@cmb.ac.lk
29
The Knapsack Problem

Given {a1, a2, , an}, and x2{0,1}n, computing
y=f(x)=iaixi is easy, yet finding a subset of {ai}i that
sums up to a given y is NP-complete.
Problems:
1. f cannot be degenerate.
2. f cannot be super-increasing.
Is f hard on average?
Probably not.
Knapsack based encryption given `77 [Merkle,
Hellman], broken `82 [Shamir] and later others.
UCSC
kasun@cmb.ac.lk
Revest--ShamirRevest
Shamir-Adelman (RSA)
By Rivest, Shamir and Adelman in 1978
1. Find 2 large prime numbers p and q (100 digits=512bits)
2. Calculate the product n=p*q (n is around 200 digits)
3. Select large integer e relatively prime to (p-1)(q-1)
Relatively prime means e has no factors in common with (p-1)(q-1).
Easy way is select another prime that is larger than both(p-1) and (q-1).
4. Select d such that e*d mod (p-1)*(q-1)=1
Encryption
C=Pe mod n
Two keys are d and e along with n
Decryption
P=Cd mod n
UCSC
kasun@cmb.ac.lk
31
The RSA Algorithm - Encryption
Plaintext:
M<n
Ciphertext:
C = Me (mod n)
UCSC
kasun@cmb.ac.lk
32
The RSA Algorithm - Decryption
Ciphertext:
Plaintext:
M = Cd (mod n)
UCSC
kasun@cmb.ac.lk
33
Example of RSA Algorithm
UCSC
kasun@cmb.ac.lk
34
RSA - Simple Example

1. Find 2 prime numbers p and q
Let p=11 and q=13
2. Calculate the product n=p*q
n = 11*13=143
3. Select large integer e relatively prime to (p-1)(q-1)
E=11 ; 11 IS Relatively prime to (p-1)(q-1) =10*12=120
4. Select d such that e*d mod (p-1)*(q-1)=1
d=11 because, 11*11 mod 10*12=121 mod 120 =1
Encryption
C=Pe mod n
Let p=7 so that C=711 mod 143; C=106
Decryption
P=Cd mod n
p=10611 mod 143; P=7
UCSC
kasun@cmb.ac.lk
35
El Gamal Algorithm
In 1984 by El Gamal
This algorithm relies on the difficulty of computing
discrete logarithm over finite field
1. First choose a prime p and two integers, a and x, such that a<p and x<p
2. The prime p should be chosen so that (p-1) has a large prime factor q
3. Calculate y=ax mod p
4. The private key is x and public key is y, along with parameter p and a
5. To sign a message m, choose a random integer k ,
0<k<p-1, which has not used before, and which is relatively prime to (p-1)
6. Compute
r = ak mod p
s = k-1 (m-xr) mod (p-1)
Signature is r and s
7. To verify the signature compute yr rx mod p and determine that it is
equivalent to am mod p
UCSC
kasun@cmb.ac.lk
36
Other PublicPublic-Key Cryptographic Algorithms
Digital Signature Standard (DSS)

Makes use of the SHA-1
Not for encryption or key echange
Elliptic-Curve Cryptography (ECC)

Good for smaller bit size
High confidence level, compared with RSA
Very complex
UCSC
kasun@cmb.ac.lk
37
Digital Signature Algorithm (DSA)
Use El Gamal algorithm with few restriction;

Fist, The size of p is specially fixed at 2511 < p < 2512
Second, q, the large prime factor of (p-1) is chosen so that 2159 < q < 2160
Some
confidential
text (message)
in clear
(readable)
form
Hash
UCSC
kasun@cmb.ac.lk
Key
DSA
Signature
38
Elliptic curve cryptography (ECC)

Why ECC?
There are other public key cryptographic systems.
However, we choose to study ECC because
The sub-exponential algorithm of breaking ECC has not been
found, that is : ECC is not less secure than RSA or some other
public key crypto algorithms.
ECC with smaller key size can achieve the same security as
RSA or some other crypto algorithms. Hence ECC is more
efficient for secure wireless applications.
High scalability.
More potential due to EC theory (rich theory with many
alternatives).
UCSC
kasun@cmb.ac.lk
39

2.3 Hash Algorithms
Hash Concept
Description of Hash Algorithms
Message Digest Algorithms
UCSC
kasun@cmb.ac.lk
40
Message Authentication Code (MAC)

Generated by an algorithm that creates a small fixedsized block depending on both message and some key
need not be reversible
Receiver performs same computation on message and
checks if it matches the MAC
Provides assurance that message is unaltered and
comes from sender
UCSC
kasun@cmb.ac.lk
41
Message Authentication Code (MAC)
Message
8
MAC Algorithm
MAC
8
UCSC
kasun@cmb.ac.lk
42
MAC Properties
A MAC is a cryptographic checksum
MAC = CK(M)
condenses a variable-length message M
using a secret key K to a fixed-sized authenticator
It is a many-to-one function
potentially many messages have same MAC but
finding these needs to be very difficult
UCSC
kasun@cmb.ac.lk
43
Requirements for MACs

Given a message and a MAC, it should be infeasible to
find another message with same MAC
MACs should be uniformly distributed
MAC should depend equally on all bits of the message
UCSC
kasun@cmb.ac.lk
44
Approaches to Message Authentication
Authentication Using Conventional Encryption

Only the sender and receiver should share a key
Message Authentication without Message

Encryption
An authentication tag is generated and appended to
each message
Message Authentication Code

Calculate the MAC as a function of the message and
the key. MAC = F(K, M)
UCSC
kasun@cmb.ac.lk
45
UCSC
kasun@cmb.ac.lk
46
Hash Functions
Condenses arbitrary message to fixed size

Usually assume that the hash function is public and
not keyed
MAC which is keyed
Hash used to detect changes to message
Can use in various ways with message
most often to create a digital signature
UCSC
kasun@cmb.ac.lk
47
Hash Function Properties

A Hash Function produces a fingerprint of some
file/message/data
h = H(M)
condenses a variable-length message M to a fixedsized fingerprint
Assumed to be public
UCSC
kasun@cmb.ac.lk
48
Requirements for Hash Functions

Can be applied to any sized message M
Produces fixed-length output h
Easy to compute h = H(M) for any message M
Given h, it is infeasible to find x s.t. H(x) = h
one-way property
Given x, it is infeasible to find y s.t. H(y) = H(x)
weak collision resistance
It is infeasible to find any x,y s.t. H(y) = H(x)
strong collision resistance
UCSC
kasun@cmb.ac.lk
49
Simple Hash Functions

There are several proposals for simple functions
Some are based on XOR of message blocks
Not secure since one can manipulate any message and
either not change hash or manipulate the hash as well
need a stronger cryptographic function
UCSC
kasun@cmb.ac.lk
50
MD5
Designed by Ronald Rivest (the R in RSA)
Latest in a series of MD2, MD4
Produces a 128-bit hash value
Until recently was the most widely used hash algorithm
in recent times have both brute-force & cryptanalytic
concerns
Specified as Internet standard RFC1321
UCSC
kasun@cmb.ac.lk
51
MD5 Overview
1. Pad message so its length is 448 mod 512
2. Append a 64-bit length value to message
3. Initialize 4-word (128-bit) MD buffer (A,B,C,D)
4. Process message in 16-word (512-bit) blocks:
using 4 rounds of 16 bit operations on message block & buffer
add output to buffer input to form new buffer value
5. Output hash value is the final buffer value
UCSC
kasun@cmb.ac.lk
52
MD5 Overview
UCSC
kasun@cmb.ac.lk
53
Strength of MD5
MD5 hash is dependent on all message bits
Rivest claims security is good as can be
Known attacks are:
Berson (92) attacked any 1 round using differential
cryptanalysis (but cant extend)
Boer & Bosselaers (93) found a pseudo collision (again unable
to extend)
Dobbertin (96) created collisions on MD compression function
(but initial constants prevent exploit)
Crypto 2004 attacks on SHA-0 and MD5
Conclusion is that MD5 has been shown to be vulnerable

UCSC
kasun@cmb.ac.lk
54
Secure HASH Functions

Purpose of the HASH function is to produce a
fingerprint.
Properties of a HASH function H :
1.
2.
3.
4.
H can be applied to a block of data at any size

H produces a fixed length output
H(x) is easy to compute for any given x.
For any given block x, it is computationally
infeasible to find x such that H(x) = h
5. For any given block x, it is computationally
infeasible to find y x with H(y) = H(x).
6. It is computationally infeasible to find any pair (x,
y) such that H(x) = H(y)
UCSC
kasun@cmb.ac.lk
55
Message Digest Generation Using SHASHA-1
UCSC
kasun@cmb.ac.lk
56
Comparision--Secure HASH functions

Comparision
SHA-1
MD5
RIPEMD
RIPEMD--160
Digest length
160 bits
128 bits
160 bits
Basic unit of
processing
512 bits
512 bits
512 bits
Number of steps
80 (4 rounds of
20)
64 (4 rounds 160 (5 paired

of 16)
rounds of 16)
Maximum message 264-1 bits

size
UCSC
kasun@cmb.ac.lk
57
Keyed Hash Functions (HMAC)

Create a MAC using a hash function rather than a block
cipher
because hash functions are generally faster
not limited by export controls unlike block ciphers
Hash includes a key along with the message
Original proposal:
KeyedHash = Hash(Key|Message)
some weaknesses were found with this
Eventually led to development of HMAC
UCSC
kasun@cmb.ac.lk
58
HMAC Design Criteria

To use, without modifications, available hash functions.
To allow for easy replaceability of the embedded hash
function in case faster or more secure hash functions are
found or required.
To preserve the original performance of the hash function
without incurring a significant degradation.
To use and handle keys in a simple way.
To have a well-understood cryptographic analysis of the
strength of the authentication mechanism based on
reasonable assumptions on the embedded hash function.
UCSC
kasun@cmb.ac.lk
59
HMAC
Specified as Internet standard RFC2104

Uses hash function on the message:
K+ is the key padded out to size

opad, ipad are specified padding constants
Overhead is just 3 more hash calculations than the
message needs alone
Any of MD5, SHA-1, RIPEMD-160 can be used
UCSC
kasun@cmb.ac.lk
60
HMAC Structure
UCSC
kasun@cmb.ac.lk
61
HMAC Security
know that the security of HMAC relates to that of
the underlying hash algorithm
attacking HMAC requires either:
brute force attack on key used
birthday attack (but since keyed would need to observe a
very large number of messages)
choose hash function used based on speed verses

security constraints
UCSC
kasun@cmb.ac.lk
62

2.4 Secure Secret Key (Symmetric )
Systems
The Data Encryption Standard (DES)
Analyzing and Strengthening of DES
Key Escrow and Clipper
Advance Encryption Standard (AES)
Introduction to Quantum Cryptography
UCSC
kasun@cmb.ac.lk
63
Requirements for Symmetric Key

Cryptography
Two requirements for secure use of symmetric
encryption:
a strong encryption algorithm
a secret key, K, known only to sender / receiver
Y = EK(X)
X = DK(Y)
Assume encryption algorithm is known
Implies a secure channel to distribute key
UCSC
kasun@cmb.ac.lk
64
Symmetric key Cryptograms
Encryption
Some
confidential
text (message)
in clear
(readable)
form

Decryptio
n
UCSC
kasun@cmb.ac.lk
65
Data Encryption Standard (DES)

Most widely used block cipher in world
Adopted in 1977 by NBS (now NIST) as FIPS PUB 46
Encrypts 64-bit data using 56-bit key
Has widespread use
Has been the subject of considerable controversy over
its security
UCSC
kasun@cmb.ac.lk
66
The Data Encryption StandardStandard- (DES)

Background and History
National Bureau of Standards (NBS),
issued call for a public encryption algorithm in August 1974
DES based on Lucifer from IBM
DES is officially adapted as a U.S. federal standard on 23rd November 1976
Overview of DES
Plain text is encrypted as block of 64 bits
Normal key length 56 bits
Algorithm derived from two concepts of Shannons theory, confusion and
diffusion
Confusion - Piece of information changed,
so that the output bits have no relationship to input bits
Diffusion - Attempts to spread the effect of one plain test bit to
other bits in the cipher text
UCSC
kasun@cmb.ac.lk
67
DES
Input
Key
Initial Permutation
Left Half L0 Right Half R0
Substitution
Substitution
Permutation
Permutation

Substitution
Permutation
+
Inverse Initial Permutation
UCSC
kasun@cmb.ac.lk
Output
68
Strength of DES Key Size

56-bit keys have 256 = 7.2 x 1016 values
Brute force search looks hard
Recent advances have shown that this is possible
in 1997 on Internet in a few months
in 1998 on DES Cracker dedicated h/w (EFF) in a
less than 3 days (cost: $250,000)
in 1999 above combined in 22hrs!
Now we have alternatives to DES
UCSC
kasun@cmb.ac.lk
69
Weakness of the DES
Complements
Weak Keys
Eg:
0101 0101 0101 0101
FEFE FEFE FEFE FEFE
1F1F 1F1F 1F1F 1F1F
E0E0 E0E0 E0E0 E0E0
Semi-Weak Keys
Design Weakness
Key Clustering
UCSC
kasun@cmb.ac.lk
70
Triple DES
Clear Text
K1
DES
K2
DES
K3
DES
Cipher Text
UCSC
kasun@cmb.ac.lk
71
Triple--DES with TwoTriple

Two-Keys
Use 3 encryptions
would seem to need 3 distinct keys
But can use 2 keys with E-D-E sequence
C = EK1[DK2[EK1[P]]]
Note: encrypt & decrypt equivalent in security
if K1=K2 then can work with single DES
Standardized in ANSI X9.17 & ISO8732

No current known practical attacks
UCSC
kasun@cmb.ac.lk
72
DES-- AES
DES
Clearly, a replacement for DES was needed
have theoretical attacks that can break it
have demonstrated exhaustive key search attacks
Can use Triple-DES but slow with small blocks
NIST issued a call for ciphers in 1997
15 candidates accepted in June 1998
5 were short listed in August 1999
Rijndael was selected as the AES in October 2000
Issued as FIPS PUB 197 standard in November 2001
UCSC
kasun@cmb.ac.lk
73
AES Requirements
Private key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger & faster than Triple-DES
Active life of 20-30 years (+ archival use)
Provide full specification & design details
Both C & Java implementations
NIST has released all submissions &
unclassified analyses
UCSC
kasun@cmb.ac.lk
74
AES Shortlist
After testing and evaluation, shortlist in August 1999:
MARS (IBM) - complex, fast, high security margin
RC6 (USA) - v. simple, v. fast, low security margin
Rijndael (Belgium) - clean, fast, good security margin
Serpent (Euro) - slow, clean, v. high security margin
Twofish (USA) - complex, v. fast, high security margin
Then subject to further analysis & comment

Saw contrast between algorithms with
few complex rounds verses many simple rounds
which refined existing ciphers verses new proposals
UCSC
kasun@cmb.ac.lk
75

In 2001, National Institute of Standards and
Technology (NIST) issued AES known as FIPS 197
AES is based on Rijndael proposed by Joan
Daemen, Vincent Rijmen from Belgium
UCSC
kasun@cmb.ac.lk
76

AES has block length 128
Supported key lengths are 128, 192 and 256
AES requires 10 rounds of processing
Key is expanded into 10 individual keys
Decryption algorithm uses the expanded keys in
reverse order
Decryption algorithm is not identical to the encryption
algorithm
UCSC
kasun@cmb.ac.lk
77
Block CiphersCiphers- Modes of Operation

Block ciphers encrypt fixed size blocks
E.g. DES encrypts 64-bit blocks, with 56-bit key
Given that one needs to encrypt arbitrary amount of information,
how do we use in practice,
Four modes were defined for DES in ANSI standard
ANSI X3.106-1983 Modes of Use
Subsequently now have 5 for DES and AES
UCSC
kasun@cmb.ac.lk
78
Electronic Code Book Mode (ECB)

Clear text
8
DES
DES
DES
DES
Cipher text
UCSC
kasun@cmb.ac.lk
79
Electronic Codebook Book (ECB)
UCSC
kasun@cmb.ac.lk
80
Advantages and Limitations of ECB

Repetitions in message may show in ciphertext if
aligned with message block particularly with data such
graphics or with
Messages that change very little
Weakness due to encrypted message blocks being
independent
Main use is sending a few blocks of data
UCSC
kasun@cmb.ac.lk
81
Cipher Block Chaining (CBC)
UCSC
kasun@cmb.ac.lk
82
Cipher Block Chaining Mode (CBC)

Clear text
8
IV
K
DES
DES
DES
DES
Cipher text
UCSC
kasun@cmb.ac.lk
83
MAC based on CBC
Message
8
IV
DES
DES
DES
DES
MAC
864
UCSC
kasun@cmb.ac.lk
864
864
8
84
Advantages and Limitations of CBC

Each ciphertext block depends on all preceding message blocks thus
a change in the message affects all ciphertext blocks after the change
as well as the original block
Need Initial Value (IV) known to sender & receiver however if IV
is sent in the clear, an attacker can change bits of the first block, and
change IV to compensate hence either IV must be a fixed value or it
must be sent encrypted in ECB mode before rest of message
At end of message, handle possible last short block by padding
either with known non-data value (e.g. nulls) or pad last block with
count of pad size
UCSC
kasun@cmb.ac.lk
85
Cipher Feedback Mode (CFB)
UCSC
kasun@cmb.ac.lk
86
Output Feedback Mode (OFB)
UCSC
kasun@cmb.ac.lk
87
Key Escrow Standard

Key
Clear Text
Skipjack
Encryption
Escrow
Agency
Cipher Text
Decryption
Decryption
32 rounds
80 bit key
64 bit block of plain text
UCSC
kasun@cmb.ac.lk
Clear Text
88
Other Symmetric Block Ciphers

International Data Encryption
Algorithm (IDEA)
128-bit key
Used in PGP
Blowfish
Easy to implement
High execution speed
Run in less than 5K of memory
UCSC
kasun@cmb.ac.lk
89
Other Symmetric Block Ciphers

RC5
Suitable for hardware and software
Fast, simple
Adaptable to processors of different word lengths
Variable number of rounds
Variable-length key
Low memory requirement
High security
Data-dependent rotations
Cast-128
Key size from 40 to 128 bits
The round
function differs from round to round
UCSC
kasun@cmb.ac.lk
90
Stream Ciphers
Process the message bit by bit (as a stream)
Typically have a (pseudo) random stream key
Combined (XOR) with plaintext bit by bit
Randomness of stream key completely destroys any
statistically properties in the message
Ci = Mi XOR StreamKeyi
But must never reuse stream key

otherwise can remove effect and recover messages
UCSC
kasun@cmb.ac.lk
91
Stream Cipher Properties

Some design considerations are:
long period with no repetitions
statistically random
depends on large enough key
large linear complexity
correlation immunity
confusion
diffusion
use of highly non-linear Boolean functions
UCSC
kasun@cmb.ac.lk
92
RC4
A proprietary cipher owned by RSA DSI
Another Ron Rivest design, simple but effective
Variable key size, byte-oriented stream cipher
Widely used (web SSL/TLS, wireless WEP)
Key forms random permutation of all 8-bit
values
Uses that permutation to scramble input
information processed a byte at a time
UCSC
kasun@cmb.ac.lk
93
RC4 Security
Claimed secure against known attacks
have some analyses, none practical
Result is very non-linear
Since RC4 is a stream cipher, must never reuse a key
UCSC
kasun@cmb.ac.lk
94
Advantages & Disadvantages

Advantages
Algorithms are fast
Encryption & decryption are handled by same key
As long as the key remains secret, the system also
provide authentication
Disadvantages
Key is revealed, the interceptors can decrypt
all encrypted information
Key distribution problem
Number of keys increases with the square of the
number of people exchanging secret information
UCSC
kasun@cmb.ac.lk
95
The Main contribution of

Quantum Cryptography.
It solved the key distribution problem.
Unconditionally secure key distribution method
proposed by Charles Bennett and Gilles Brassard
in 1984. The method is called BB84.
Once key is securely received it can be used to
encrypt messages transmitted by conventional
channels.
UCSC
kasun@cmb.ac.lk
Security of quantum key

distribution
Quantum cryptography obtains its fundamental
security from the fact that information is carried
by a single photon, and each photon will be altered
as soon as it is read.
This makes impossible to intercept message
without being detected.
UCSC
kasun@cmb.ac.lk
Quantum Computing algorithm

for factoring.
In 1994 Peter Shor from the AT&T Bell
Laboratory showed that in principle a quantum
computer could factor a very long product of
primes in seconds.
Shors algorithm time computational complexity is
T n =O[ ln n ]
Once a quantum computer is built the RSA method

would not be safe.
UCSC
kasun@cmb.ac.lk
Questions???
UCSC
kasun@cmb.ac.lk
99

Applied Cryptography Protocols
and Practice
Nandika Kasun
Sri Lanka
UCSC
kasun@cmb.ac.lk
Objectives:
Applied Cryptography, Protocol and Practice
Describe different key management protocols
Understand the concept of public key
infrastructure and related technologies
Describe the advance cryptographic protocols
Understand the legal issues related to security of
information systems
UCSC
kasun@cmb.ac.lk
Applied Cryptography
Protocols and Practice
3.1
Key Management Protocols
Solving Key Distribution Problem

Diffie-Hellman Algorithm
Key Exchange with Public Key Cryptography
UCSC
kasun@cmb.ac.lk
Key Distribution Problem

Nimal
Kamala
Amal
Kamla and Amal would like to communicate in

absolute security in the presence of an eavesdropper,
Nimal.
To do so, they need to share a common random string
of number----key
UCSC
kasun@cmb.ac.lk
Diffie-Hellman Key Agreement

Published in 1976
Based on difficulty of calculating discrete logarithm in
a finite field
Two parties agreed on two large numbers n and g,
such that g is a prime with respect to n
C
A
X
Y
X=gx mod n
k=Yx mod n= gxy mod n
UCSC
kasun@cmb.ac.lk
Y=gy mod n
k=Xy mod n= gxy mod n
Possible to do man in the middle attack

Diffie-Hellman Key Exchange
UCSC
kasun@cmb.ac.lk
Storage and Handling Public Keys

Keys
Server
UCSC
kasun@cmb.ac.lk
A B
Secure Sending of secret key

A B
A
Key
A
UCSC
kasun@cmb.ac.lk
(Digital Envelope)
Recovery of Secret Key

A B
A
Key
B
UCSC
kasun@cmb.ac.lk
Authenticity of Sender
A B
Key
A
UCSC
kasun@cmb.ac.lk
(Digital Signature)
10
Verification of Signature
A B
A
Key
UCSC
kasun@cmb.ac.lk
11
Authenticity of Sender and Receiver

A B
A
UCSC
kasun@cmb.ac.lk
Key
A
12
Full Verification
(Senders/Receivers
Authenticity, Message
Protection and Integrity
A B
)
A
B
Key
A
UCSC
kasun@cmb.ac.lk
B
13
3.2
Public Key Infrastructure (PKI)
Concept of Digital Certificate

Certificate Authorities and it's roles
Digital Certificates
Types of Public Key Infrastructures
UCSC
kasun@cmb.ac.lk
14
Public Key Infrastructure (PKI)

Main cryptographic tools, PKI
How to distribute public keys ?
Public Key Server (PKS), key exchange protocols
Public Key Infrastructure (PKI):

PKI = N x (Entities with private keys) + public key exchange system
REM: Public Key algorithms are slow
Need to use both Public & Secret Key Cryptography
Public Key Protocols work in 3 phases
1. Authentication via Public Key Cryptography (challenge)
2. Exchange of a session Secret Key, encrypted with Public Key Crypto
3. Session encrypted with Symmetric Cryptography
UCSC
kasun@cmb.ac.lk
Certificate Authority
ACertificates
Keys
Server
CA
MAC
UCSC
kasun@cmb.ac.lk
MAC
16
Certificates
A certificate binds an entity with its public key.
Its just a digitally signed piece of data.
digital ID card
Certificate =
an entitys description (name, etc.)
+
entitys public key
+
expiration date, serial number, etc.
+
CAs name
+
a signature issued by a CA
UCSC
kasun@cmb.ac.lk
The certificate is issued

and signed by a trusted
Certificate Authority (CA)
Digital signature:
CA signature = certificate hash,
encrypted with CAs private key
17
Internal Structure of Certificate

Version
Serial Number
Signature Algorithm
Issuer
Subject
Validity
Subject Public Key Information
Extensions
Signature
UCSC
kasun@cmb.ac.lk
MAC
18
Structure of Distinguish Name
Country Name
State and Province Name
Locality Name
Organization Name
Organization Unit Name
Common Name
Email Address
URL
UCSC
kasun@cmb.ac.lk
19
Certificate Types
Digital Signature
Key Encipherment
Data Encipherment
Key Certificate Signature
CRL Signature
Object Signing
MAC
UCSC
kasun@cmb.ac.lk
20
Root Certificate
UCSC
kasun@cmb.ac.lk
21
Certificate Hierarchy
CA
CA
UCSC
kasun@cmb.ac.lk
CA
22
CA Hierarchy in Practice
UCSC
kasun@cmb.ac.lk
23
Alternative Trust Hierarchies
UCSC
kasun@cmb.ac.lk
24
Cross Certification
RCA
RCA
BCA
BCA
CCA
GCA
GCA
CCA
UCSC
kasun@cmb.ac.lk
B
25
Bridge CA
CRL:
Justice User 6
Justice User 88
Coast Guard
CRL
BCA (L1)
CML Validates
Certificate Path
Armed Forces CRL

Root
Justice
Armed Forces
ICA
FBI
CRL:
FBI User 6
FBI User 8
Army CA
Navy CA
AF CA
CPDL Builds
Certificate Path
FBI User 5
Entrust User Signs

and Transmits
Encrypted Message
to SPYRYUS User
UCSC
kasun@cmb.ac.lk
Navy User 7
JASDFL;K
Original
ASDFL;KJA
Message
SD2
(Decrypted,
Sig Verified)
04978AS
SPYRUS User Verifies

Entrust User Signature
Cert, Verifies
Signature, Decrypts
and Displays Message
26
Certificate Revocation
Revocation is managed with a Certificate Revocation List
(CRL), a form of anti-certificate which cancels a certificate
Equivalent to 1970s-era credit card blacklist booklets
Relying parties are expected to check CRLs before using
a certificate
This certificate is valid unless you hear somewhere that it isnt
UCSC
kasun@cmb.ac.lk
27
CRL Distribution Problems

CRLs have a fixed validity period
Valid from issue date to expiry date
At expiry date, all relying parties connect to the CA to fetch the
new CRL
Massive peak loads when a CRL expires (DDOS attack)
Issuing CRLs to provide timely revocation exacerbates the
problem
10M clients download a 1MB CRL issued once a minute =
~150GB/s traffic
Even per-minute CRLs arent timely enough for high-value
transactions with interest calculated by the minute
UCSC
kasun@cmb.ac.lk
28
Online Status Checking

Online Certificate Status Protocol, OCSP
Inquires of the issuing CA whether a given certificate is still valid
Acts as a simple responder for querying CRLs
Still requires the use of a CRL to check validity
OCSP acts as a selective CRL protocol
Standard CRL process: Send me a CRL for everything youve got
OCSP process: Send me a pseudo-CRL/OCSP response for only
these certs
Lightweight pseudo-CRL avoids CRL size problems
Reply is created on the spot in response to the request
Ephemeral pseudo-CRL avoids CRL validity period problems
UCSC
kasun@cmb.ac.lk
29
Online Certificate Status Protocol (OCSP)
Returned status values are non-orthogonal

Status = good, revoked, or unknown
Not revoked doesnt necessarily mean good

Unknown could be anything from Certificate was never
issued to It was issued but I cant find a CRL for it
UCSC
kasun@cmb.ac.lk
30
OCSP Problems
Problems are due in some extent to the CRL-based origins
of OCSP
CRL can only report a negative result
Not revoked doesnt mean a cert was ever issued
Some OCSP implementations will report I cant find a
CRL as Good
Some relying party implementations will assume revoked
not good, so any other status = good
Much debate among implementors about OCSP semantics
UCSC
kasun@cmb.ac.lk
31
Other Online Validation Protocols

Simple Certificate Validation Protocol (SCVP)
Relying party submits a full chain of certificates
Server indicates whether the chain can be verified
Aimed mostly at thin clients
Data Validation and Certification Server Protocols (DVCS)
Provides facilities similar to SCVP disguised as a general third-party

data validation mechanism
Integrated CA Services Protocol (ICAP)

Real-time Certificate Status Protocol (RCSP)
Web-based Certificate Access Protocol (WebCAP)
Delegated Path Validation (DPV)
Offshoot of the SCVP/DVCS debate and an OCSP alternative OCSP-X
UCSC
kasun@cmb.ac.lk
32
3.3 Legal Issues
Copyrights
Patents
Trade Secrets
Computer Crime
Cryptography and the Law
UCSC
kasun@cmb.ac.lk
33
Legal Issues
UCSC
kasun@cmb.ac.lk
34
Why Laws? (1)

Laws and computer security are related in several ways.
First, laws affect privacy and secrecy. These statutes
often apply to the rights of individuals to keep personal
matters private.
Second, laws regulate the use, development, and
ownership of data and programs. Patents, copyrights, an
trade secrets are legal devices to protect the rights of dev
elopers and owners of the programs and data.
Third, laws affect actions that can be taken to protect the
secrecy, integrity, and availability of computer
information service.
UCSC
kasun@cmb.ac.lk
35
Why Laws? (2)

The laws of computer security affect programmers,
designers, users, and maintainers of computing systems
and computerised data banks.
These laws provide protection, but they also regulate
the behaviour of people who use computers.
Before recommending change, however, professionals
must understand the current state of computers and th
e law.
UCSC
kasun@cmb.ac.lk
36
Protecting Programs and Data

There are three common used ways to provide
protections by laws:
Copyright
Patent
Trade Secret
UCSC
kasun@cmb.ac.lk
37
Copyrights
Copyrights are designed to protect the expression of
ideas. Thus, a copyright applies to a creative work, suc
h as a story, photograph, song, or pencil sketch. The ri
ght to copy an expression of an idea is protected by a c
opyright.
Copyright gives the author/programmer exclusive
right to make copies of the expression and sell them to
the public. That is, only the author can sell copies of th
e authors book (except, of course, for booksellers or ot
hers working as the agents of the author).
UCSC
kasun@cmb.ac.lk
38
Copyrights - Originality of Work

The work being copyrighted must be original to the
author. A work can be copyrighted even if it contains so
me public domain material, as long as there is some origi
nality, too.
For example, a music historian could copyright a
collection of folksongs even if some are in the public dom
ain. In order to be subject to copyright, something in or a
bout the collection would have to be original. The historia
n might argue that collecting the songs, selecting which o
nes to include, and putting them in order was the original
part. In this case, the copyright law would not protect the
folk songs, but the specific selection and organisation.
UCSC
kasun@cmb.ac.lk
39
Copyright - Fair Use of Material

The copyright law indicates that the copyrighted
object is subject to fair use.
Specifically, the law allows fair use of a
copyrighted work, including such use by reproductio
n in copies, for purposes such as criticism, comme
nt, news reporting, teaching (including multiple copi
es for classroom use), scholarship and research.
The copyright law usually upholds the authors
right to a fair return for the work, while encouragi
ng others to use the underlying ideas.
UCSC
kasun@cmb.ac.lk
40
Copyright - Infringement
The infringement must be substantial, and it must
be copying, not independent work.
In theory, two people might write identically the
same song independently, neither knowing the othe
r. These two people would both be entitled to copyr
ight protection for their work.
UCSC
kasun@cmb.ac.lk
41
Copyrights for Computer Works

Can a computer program be copyrighted?
YES. The algorithm is the idea, and the statements
of the programming language are the expression of
the idea.
Therefore, protection is allowed for the program
statements themselves, but not for the design: copy
ing the code intact is prohibited, but reimplementi
ng the algorithm is permitted.
UCSC
kasun@cmb.ac.lk
42
Patents
Patents are unlike copyrights in that they protect
inventions, not works of the mind.
The distinction between patents and copyrights is
that patents were intended to apply to the results of
science, technology, and engineering, whereas copy
rights were meant to cover works in the arts, literat
ure, and written scholarship.
The patents law excludes newly discovered laws of
nature [and] mental processes.
UCSC
kasun@cmb.ac.lk
43
Patents - Requirement of Novelty

If two composers happen to compose the same song
independently at different times, copyright law
would allow both of them to have copyright.
If two inventors devised the same invention, the
patent goes to the person who invented it first, rega
rdless of who filed the patent first.
UCSC
kasun@cmb.ac.lk
44
Patent - Infringement (1)

A patent holder must oppose all infringement.
With a copyright, the holder can choose which cases
to prosecute, ignoring small infringements and
waiting for serious infractions where the infringeme
nt is great enough to ensure success in court or to ju
stify the cost of the court case.
However, failing to sue a patent infringement - even
a small one or the patent holder does not know abo
ut - can mean losing the patent rights entirely.
UCSC
kasun@cmb.ac.lk
45
Patent - Infringement (1)

But, unlike copyright infringement, a patent holder
does not have to prove that the infringer copied the i
nvention;
a patent infringement occurs even if someone
independently invents the same thing, without know
ledge of the patented invention.
UCSC
kasun@cmb.ac.lk
46
Patents - Computer Objects

The patent has not encouraged patents of
computer software.
For a long time, computer programs were seen as
the representation of an algorithm was a fact of
nature, which is not subject to patent.
There was a case on a request to patent a process
for converting decimal numbers into binary. The S
upreme Court rejected the claim, saying it seemed
to attempt to patent an abstract idea, in short, an a
lgorithm. But the underlying algorithm is precisely
what most software developers would like to protec
t.
UCSC
kasun@cmb.ac.lk
47
Trade Secret
A trade secret is information that gives one company a
competitive edge over others. For example, the
formula for a soft drink is a trade secret, as is a maili
ng list of customers, or information about a product d
ue to be announced in a few months.
The distinguishing characteristic of a trade secret is
that it must always be kept secret. The owner must ta
ke precautions to protect the secret, such as storing it
in a safe, encrypting it in a computer file, or making e
mployees sign a statement that they will not disclose t
he secret.
UCSC
kasun@cmb.ac.lk
48
Trade Secret - Computer Objects (1)

Trade secret protection applies very well to
computer software.
The underlying algorithm of a computer program is
novel, but its novelty depends on nobody elses
knowing it.
Trade secret protection allows distribution of the
result of a secret (the executable program) while still
keeping the program design hidden.
UCSC
kasun@cmb.ac.lk
49
Trade Secret - Computer Objects (2)

Trade secret protection does not cover copying a
product (specifically a computer program), so that it
cannot protect against a pirate who sells copies of so
meone elses program without permission.
However, trade secret protection makes it illegal to
steal a secret algorithm and use it in another produc
t.
UCSC
kasun@cmb.ac.lk
50
Comparisons
Copyright
Protects
Expression of idea,
not idea itself
Patent
Invention; the way
something works
Trade Secret
A secret competive
advantage
Protected object Yes; intention is to Design filed ar

made public
promote publication patent office
No
Requirement to
distribute
Yes
No
No
Ease of filing
Very easy,
do-it-yourself
Very complicated;
specialist lawyer
suggested
No filing
Duration
Life of human
19 years
originator or 75
years for a company
Legal protection Sue if copy sold
UCSC
kasun@cmb.ac.lk
Sue if invention
copied
Indefinite
Sue of secret
improperly obtained
51
Rights of Employees and Employers

Employers hire employees to generate ideas and
make products. Thus, the protection offered by cop
yrights, patents, and trade secrets applies to the ide
a and products.
However, considering the issue of who owns the
ideas and products is much more complex.
Ownership is an issue of computer security because
it relates to the rights of an employer to protect the
secrecy and integrity of works produced by the
employees.
UCSC
kasun@cmb.ac.lk
52
Ownership of the Products (1)

Ownership of a patent - The person who owns a work
under patent or copyright law is the inventor.
Therefore, employee can has the right of the patent.
However, in a patent law, it is important to know
who files the patent. If an employee lets an employer
patent an invention, the employer is deemed to own t
he patent and , therefore, the right to the invention.
The employer also has the right to patent if the
employees job functions included inventing the
product.
UCSC
kasun@cmb.ac.lk
53

Ownership of a copyright - Ownership of a copy
right is similar to ownership of a patent.
The author (programmer) is the presumed owner
of the work.
Normally, the owner has all rights to an object.
However, a special situation known as work for
hire applies to many copyrights for development of
software or other products.
UCSC
kasun@cmb.ac.lk
54

Trade secret protection - In the event a trade secret
is revealed, the owner can prosecute the revealer fo
r damages suffered.
But first, ownership must be established because
only the owner can be harmed.
A company owns the trade secrets of its business as
confidential data. As soon as a secret is developed,
the company becomes the owner.
UCSC
kasun@cmb.ac.lk
55

Employment contracts - Sometimes there is no
contract between the software developer and a
possible employer. However, commonly an
employment contract will spell out rights of
ownership. Having a contract is desirable both for
employees and employers so that both will
understand their rights and responsibilities.
UCSC
kasun@cmb.ac.lk
56
Why Computer Crime is Hard to Define? (1)

Understanding
Neither courts, lawyers, police agents, nor jurors
necessarily understand computers.
Fingerprints
Polices and courts for years depended on tangible
evidence, such as fingerprints. But with many
computer crimes there simply are no fingerprints, n
o physical clues.
UCSC
kasun@cmb.ac.lk
57
Why Computer Crime is Hard to Define? (2)

Form of Assets
We know what cash is, or diamonds, or even
negotiable securities. But are 20 invisible magnetic
spots really equivalent to a million dollars?
Juveniles
Many computer crimes involve juveniles. Society
understands immaturity and can treat even very se
rious crimes by juveniles as being done with less un
derstanding than when the same crime is committe
d by an adult.
UCSC
kasun@cmb.ac.lk
58
Type of Crimes Committed (1)

Telecommunications Fraud
It is defined as avoiding paying telephone charges by
misrepresentation as a legitimate user.
Embezzlement
It involves using the computer to steal or divert funds
illegally.
Hacking
It denotes a compulsive programmer or user who
explores, tests, and pushes computers and communicati
ons system to their limits - often illegal activities.
UCSC
kasun@cmb.ac.lk
59

Automatic Teller Machine Fraud
It involves using an ATM machine for a fraudulent
activity - faking deposits, erasing withdrawals, divertin
g funds from another persons account through stolen
PIN numbers.
Records Tampering
It involves the alteration, loss, or destruction of
computerised records.
Acts of Disgruntled Employees

They often use a computer for revenge against their
employer.
UCSC
kasun@cmb.ac.lk
60

Child Pornography and Abuse
They are illegal or inappropriate arts of a sexual nature
committed with a minor or child, such as
photographing or videotaping.
Drug Crimes
Drug dealers use computers to communicate
anonymously with each other and to keep records of dr
ug deals.
Organised Crime
For all kinds of crime, the computer system may be
used as their tools.
UCSC
kasun@cmb.ac.lk
61
Cryptography and the Law

Cryptography is a regulated activity, but the issues
are a little less clear-cut, in part because there is
little open discussion of the subject.
Everybody wants cryptography e.g. business,
individual, criminal, bankers, and government.
France prohibits use of encryption by individuals,
asserting that in order to control terrorism, it must
have access to communications of suspected terrori
sts.
UCSC
kasun@cmb.ac.lk
62
Questions?
UCSC
kasun@cmb.ac.lk
63

Operating Systems, Database and
Program Security
Nandika Kasun
Sri Lanka
UCSC
kasun@cmb.ac.lk
Objectives:
Operating systems, database and program
security:
Identify the security features of ordinary and trusted
operating system
Evaluate the operating system security
Understand the security requirement of databases
Describe the types of computer virus and protection
methods
UCSC
kasun@cmb.ac.lk

Program Security
4.1 Operating Systems Security
Security Policies
Models of Security
Security Features of Ordinary Operating
System
Security Features of Trusted Operating System
UCSC
kasun@cmb.ac.lk
Computer System Components

Hardware
Provides basic computing resources (CPU, memory, I/O

devices).
Operating system
Controls and coordinates the use of the hardware among

the various application programs.
Applications programs
Define the ways in which the system resources are used

to solve the computing problems of the users.
Users
E.g., people, machines, other computers.
UCSC
kasun@cmb.ac.lk
Operating System
Operating systems provide the fundamental
mechanisms for securing computer processing. Since
the 1960s, operating systems designers have explored
how to build secure operating systems operating
systems whose mechanisms protect the system
against a motivated adversary. Recently, the
importance of ensuring such security has become a
mainstream issue for all operating systems.
UCSC
kasun@cmb.ac.lk
What Security Goals Does

Operating System Provide?
Goal 1: enabling multiple users securely
share a computer
Separation and sharing of processes, memory,
files, devices, etc.
How to achieve it?
memory protection
processor modes
authentication
file access control
UCSC
kasun@cmb.ac.lk
What Security Goals Does

Operating System Provide?
Goal 2: ensure secure operation in
networked environment
How to achieve it?
Authentication
Access Control
Logging & Auditing
Intrusion Detection
Recovery
UCSC
kasun@cmb.ac.lk
Memory Protection: access

control to memory
Ensures that one users process cannot
access others memory
fence
relocation
base/bounds register
segmentation
paging
Operating system and user processes need to

have different privileges
UCSC
kasun@cmb.ac.lk
CPU Modes (a.k.a. processor

modes or privilege
System mode (privileged mode, master mode, kernel mode)
can execute any instruction and access any memory locations, e.g.,
accessing hardware devices, enabling and disabling interrupts,
changing privileged processor state, accessing memory
management units, modifying registers for various descriptor tables
.
User mode
access to memory is limited, cannot execute some instructions
Transition from user mode to system mode must be done

through well defined call gates (system calls)
Reading: http://en.wikipedia.org/wiki/CPU_modes
UCSC
kasun@cmb.ac.lk
Placing Security in Lower Layers

Applications
Services
OS
OS Kernel
Hardware
Two good reasons to place security in lower layers:
1.
It may be possible to evaluate security to a higher level of
assurance.
2.
Putting security mechanisms into the core of the system reduces
performance overheads caused by security.
UCSC
kasun@cmb.ac.lk
10
Three major tasks

Operating systems must provide efficient
resource mechanisms,
Second, it is the operating systems
responsibility to switch among the processes
fairly
Third, access to resources should be
controlled, such that one process cannot
inadvertently or maliciously impact the
execution of another.
UCSC
kasun@cmb.ac.lk
Operating System Security
The reference monitor is an abstract concept, the security kernel is its

implementation, and the trusted computing base contains the security
kernel among other protection mechanisms.
Three rules:
1.
Keep the security kernel of an operating system as simple as possible.
2.
Users must not be able to modify the operating system.
3.
Operating system has to prevent users from accidentally or
intentionally accessing other users data.
UCSC
kasun@cmb.ac.lk
12
Access Control
An access enforcement mechanism authorizes requests
from multiple subjects (e.g. users, processes, etc.) to
perform operations (e.g., read, write, etc.) on
objects (e.g., files, sockets, etc.).
An operating system provides an access enforcement
mechanism.
Two fundamental concepts of access control:
a protection system that defines the access control

specification and
a reference monitor that is the systems access

enforcement mechanism that enforces this
specification.
UCSC
kasun@cmb.ac.lk
Protection system
A protection system consists of a protection state, which describes the
operations that system subjects can perform on system objects, and a
set of protection state operations, which enable modification of that
state.
A protection system enables the definition and management of a
protection state. A protection state consists of the specific system
subjects, the specific system objects, and the operations that those
subjects can perform on those objects.
The access matrix is used to define the protection domain of a process.
UCSC
kasun@cmb.ac.lk
Lanpson's access Matric
Problems with access matrix

Untrusted processes can tamper with the protection system.
A protection system that permits untrusted processes to modify the protection
state is called a discretionary access control (DAC) system.
Mandatory protection system

A mandatory protection system is a protection system that can only be
modified by trusted administrators via trusted software, consisting of the
following state representations:
A mandatory protection state is a protection state where subjects and objects
are represented by labels where the state describes the operations that
subject labels may take upon object labels;
A labelling state for mapping processes and system resource objects to labels;
A transition state that describes the legal ways that processes and system
resource objects may be relabeled.
UCSC
kasun@cmb.ac.lk
Mandatory access control

A label is simply an abstract identifierthe assignment of permissions to a
label defines its security semantics. Labels are tamperproof .
Trusted administrators define the access matrixs labels and set the
operations that subjects of particular labels can perform on objects of
particular labels. Such protection systems are mandatory access control
(MAC) systems because the protection system is immutable to untrusted
processes.
UCSC
kasun@cmb.ac.lk
UCSC
kasun@cmb.ac.lk
A Mandatory Protection System: The protection State is

defined in terms of labels and is immutable. The
immutable labeling state and transition state enable the
definition and management of the labels for system
subjects and objects.
A reference monitor is the classical access enforcement mechanism. It

takes a request as input, and returns a binary response Indicating whether
the request is authorized by the reference monitors access control policy.
We identify three distinct components of a reference monitor:
(1) its interface -The interface defines where the authorization module
needs to be invoked to perform an authorization query to the
protection state, a labeling query to the labeling state, or a transition
query to the transition state.
(2) its authorization module-determines the exact queries that are to be
made to the policy store. ;
(3) Its policy store-The policy store responds to authorization, labeling,
and transition queries based on the protection system that it maintains.
UCSC
kasun@cmb.ac.lk
A Reference monitor is a component that authorizes access requests at the

reference monitor interface defined by individual hooks that invoke the reference
monitor's authorization module to submit an authorization query to the policy
store. The policy store answers authorization queries, labeling queries, and label
transition queries using the corresponding states.
UCSC
kasun@cmb.ac.lk
Microkernel vs. Monolithic System

Monolithic kernel
one big kernel provides all services, e.g., file system,
network services, device drivers, etc.
e.g., Linux 2.6 kernel has about 6 millions of code
Microkernel
implement many services as processes
Difference between kernel mode and processes

running as root (or superuser, administrator)
UCSC
kasun@cmb.ac.lk
20
Microkernel vs. Monolithic System

Most operating systems are monolithic, that is
the whole operating system is a single a.out file
that runs in kernel mode.
The alternative is a microkernel-based system,
in which most of the OS runs as separate
processes, mostly outside the kernel. They
communicate by message passing.
Reference: The Tanenbaum-Torvalds Debate
available at
http://www.oreilly.com/catalog/opensources/book/appa.html
UCSC
kasun@cmb.ac.lk
21
Security Evaluation
Users of secure systems need some kind of
assurance that the products they use
provide adequate security. They could:
1. Rely on the word of the
manufacturer/service provider?
2. Test the system themselves.
3. Rely on an impartial assessment by
an independent body (evaluation).
UCSC
kasun@cmb.ac.lk
22
Evaluation Criteria
The Trusted Computer Security Evaluation Criteria (TCSEC,
Orange Book) were the first evaluation criteria to gain wide
acceptance.
A number of other criteria have since been developed to improve
on the Orange Book and to unify different criteria which have
arisen:
Information Technology Security Evaluation (ITSEC)
Canadian Trusted Computer Product Evaluation Criteria
Federal Criteria
Common Criteria
UCSC
kasun@cmb.ac.lk
23
Target of the Evaluation

Evaluation criteria refer to either
Products
We have to find an accepted set of generic requirements
(Security classes of Orange Book and the protection profile of
Federal and Common Criteria)
Systems
Requirements capture and analysis becomes part of each
individual evaluation (ITSEC).
Where is the borderline between a security evalution and the task
of security consultant?
UCSC
kasun@cmb.ac.lk
24
Method and Structure of the Evaluation

Security Evaluation can be product oriented or process oriented.
The concepts of Repeatability and Reproducibility
Three aspects are addressed in an evaluation criteria:
Functionality: The security features of a system.
Effectiveness: Are the mechanisms used appropriate for
the given security requirement?
Assurance: The thoroughness of the evaluation.
UCSC
kasun@cmb.ac.lk
25
Orange Book
Although the efforts were concentrated in the national security
in USA, the document also provides:
A yardstick for users to assess the degree of trust that can
be placed in a computer security system.
Guidance for manufacturers of computer security systems
A basis for specifying security requirements when
acquiring a computer security system.
UCSC
kasun@cmb.ac.lk
26
Classification of OS Security
D Minimal Protection
C1 Discretionary Security Protection: intended for an environment
where co-operating users process the data at the same level of integrity.
C2 Controlled Access Protection: make users individually accountable
for their actions. Most reasonable class for commercial applications.
B1 Labelled Security Protection: intended to handle classified data
and enforce mandatory policies. Include thorough security testing.
B2 Structured Protection: Increases assurance by adding
requirements to the design. e.g. Covert channel analysis.
B3 Security Domains: Highly resistant to penetration.
A1 Verified Design: Adds formal model for security policy.
UCSC
kasun@cmb.ac.lk
27
Common Criteria
Starting in late 90s, the Common Criteria merges ideas from its
various predecessors. The ultimate goal is an internationally set
of criteria in the form of an ISO standard.
It separates functional and security requirements from the
intensity of required testing.
Evaluation assurance levels from 1 to 7.
EAL1: Tester reads documentation and performs some tests to
confirm documented functionality.
EAL7: Developer provides formal functional specification and
high-level design, security functions must be simple enough for
formal analysis.
UCSC
kasun@cmb.ac.lk
28
Red Book
Red Book attempts to address network security with the
concepts and terminology of Orange Book.
Q: Are computer networks simply a specific example for computer
systems?
A: We must distinguish two different types of networks:
1.
Networks of independent components.
2.
Centralised networks (only this one is considered in Red Book).
UCSC
kasun@cmb.ac.lk
29
Trusted Computing (TC)

The Trusted Computing Group is an alliance of Microsoft, Intel,
IBM, HP and AMD which promotes a standard for a more secure
PC.
Their definition of security is controversial, though.
TC provides a computing platform on which you can not tamper
with the application software, and where these applications can
communicate securely with their authors and with each other.
The original motivation was digital rights management.
There is an excellent FAQ about Trusted Computing available at
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
UCSC
kasun@cmb.ac.lk
30
Security Features
Identification and Authentication
Object Reuse Protection
Prevent leaks via reallocation
Clean before re-use
Complete Mediation
Mediate all means of access
File access plus direct memory access if possible
Mediate on each access, not generally done for files
UCSC
kasun@cmb.ac.lk
31
More Security Features

Trusted Path
Give end user means to determine they are
really talking with OS
Secure Attention Key (SAK): key sequence that
cannot be intercepted by non-OS
Ctl-Alt-Del in Windows
Rootkit
Or security relevant changes only made during

system boot
UCSC
kasun@cmb.ac.lk
32
More Security Features

Audit
Must be able to review and recreate security relevant changes
Must protect log
Log growth
Originally assumed security officer would review directly
Can by used for backing evidence
Really want to detect anomalies

Intrusion detection
UCSC
kasun@cmb.ac.lk
33

Program Security
4.2 Database Security
Security Requirements of Databases
Reliability and Integrity
Protection of Sensitive Data
Inference Problem: Direct and Indirect Attacks
Disaster Recovery
UCSC
kasun@cmb.ac.lk
34
Database Security
Database system security is more than securing
the database
Secure database
Secure DBMS
Secure applications
Secure operating system in relation to database system
Secure web server in relation to database system
Secure network environment in relation to database
system
UCSC
kasun@cmb.ac.lk
35
Layered Database Security
UCSC
kasun@cmb.ac.lk
Securing Database
Users, Passwords
Default users/passwords
sys, system accounts privileged, change default passwords
scott account well-known account and password, change it
- general password policies (length,

domain, changing, protection)
Privileges, Roles, Grant/Revoke
Privileges
System - actions
Objects data
Roles (pre-defined and user-defined role)
Collections of system privileges (example: DBA role)
Grant / Revoke
Giving (removing ) privileges or roles to (from) users
UCSC
kasun@cmb.ac.lk
37
Data Confidentiality
AES
Files
encryption
Key
Fields encryption
Enc
UCSC
kasun@cmb.ac.lk
Enc
Enc
Clear
Confidentiality and Integrity Combined
AE
S
Key
* searching
* updates
UCSC
kasun@cmb.ac.lk
MAC
Processing of Encrypted Files in Database

Management Systems (DBMS)
* searching
* updates
Query
processing
UCSC
kasun@cmb.ac.lk
DBM
S
Data
processing
Protection of Key and MAC
AE
S
XXX
UCSC
kasun@cmb.ac.lk
Key
MAC
Access Control Principles
Access control
Who can do ...
what ...
with which resource ?
Read
UCSC
kasun@cmb.ac.lk
File A
Copy
File B
Access Control Files and Directories

* Legal users
* Illegal users
UCSC
kasun@cmb.ac.lk
Access Control Files and Directories
* Authorized users
* Unauthorized users
UCSC
kasun@cmb.ac.lk
Fundamental Model of Access Control
File A
Read
Subjects
UCSC
kasun@cmb.ac.lk
Access
requests
Reference
monitor
Objects
Authorization Schemes
* ID-based
* Role-based
* User ID
* Role
UCSC
kasun@cmb.ac.lk
Identity based Access Control
?
Identity
John Smith
3423342
UCSC
kasun@cmb.ac.lk

O1 O2 O3 O4 O5 O6
S1
S2
S3
S4
S5
S6
UCSC
kasun@cmb.ac.lk
r, w
x, d
l, c

grant select on
EMPLOYEES to ASOK;
orders
candidates
customers
employees
asoks schema
alices schema
all_users
Public objects
UCSC
kasun@cmb.ac.lk
49
Role based Access Control
Doctor
UCSC
kasun@cmb.ac.lk
Role based Access Control

LECTURER
grant all privileges on

EMPLOYEES to role LECTURER;
grant LECTURER to
USER1;
DBA
candidates
employees
hrdata schema
UCSC
kasun@cmb.ac.lk
51
Role based Dynamic Access Control
Attrib cert
Doctor
UCSC
kasun@cmb.ac.lk
Attribute Certificates (AC)

PKCs may include life/long lasting attributes.
if the attribute doesnt expire before the related PKC, then
the attribute may be included in the PKC.
ACs should be used for short lasting attributes:

if the attribute expires before the related PKC,
then the attribute should placed in an AC.
UCSC
kasun@cmb.ac.lk
53
Difference between PKC and AC

PKC is passport and AC is visa
Public Key Certificate (PKC)Attribute Certificate (AC)
Public Key
PKC binds a subject
and a public key
UCSC
kasun@cmb.ac.lk
Version
Version
Serial Number
Serial Number
Signature ID
Signature ID
Subject
Holder
Issuer
Issuer
Validity Period
Validity Period
Subject Public Key

Info
Extensions
Attributes
Signature
Extensions
Signature
No Public Key
AC binds a holder
and attributes
54
Attribute Authority (AA)

AA Attribute Authority (also called AC
Issuer)
An authority trusted by one or more users to create
and sign attribute certificate. It is important to note
that the AA is responsible for the attribute
certificates during their whole lifetime, not just for
issuing them.
AA can be any entity in the network having

objects in its control.
UCSC
kasun@cmb.ac.lk
55
SQL Injection
Example: SQL Injection Attack through Web Application
Application tracks own usernames and passwords in database
Client accepts username and password, passes as parameters
Application Java code contains SQL statement:
String query = "SELECT * FROM users_table " +
" WHERE username = " + " " + username + " " +
" AND password = " + " " + password + " " ;
UCSC
Expecting one row to be returned if success, no rows if failure

Attacker enters any username, password of: Aa OR =
Query becomes: SELECT * FROM users_table WHERE
username = anyname AND password = Aa OR = ;
// F or T => T
All user rows returned to application
If application checking for 0 vs. more than 0 rows, attacker is in
kasun@cmb.ac.lk
56
Data Inference
A .....
10
B .....
20
UCSC
kasun@cmb.ac.lk
A+B
A-B
Data Dependency
For example, suppose that an attacker wishes to find

out the salary of A1. He can do this by asking for the
average salaries of A1, A2 and A3 and of A2, A3.
Avg(A1,A2,A3)*3=16=A1+A2+A3
A1=5,A2=
3,
A3=8
UCSC
kasun@cmb.ac.lk
Avg(A2,A3)*2=11=A2+A3
Data Classification
10
A .....
10
B .....
20
UCSC
kasun@cmb.ac.lk
15
Individual Salary High Classification
UCSC
kasun@cmb.ac.lk
Average Salary Low Classification
$
123
UCSC
kasun@cmb.ac.lk
Database Queries
UCSC
kasun@cmb.ac.lk
123
4
John
$
123
Small Query Window
1
UCSC
Kamala
Professor
UCSC
kasun@cmb.ac.lk
Additions to Small Query Window
1
UCSC
Kamala
Professor
UCSC
kasun@cmb.ac.lk
20K < Rs
<30K
To avoid disasters:
Back-up files
Store backups securely:
off-site, locked
Twin sites for computer equipment

Insure with a disaster recovery firm - loan of
equipped premises
Disaster Recovery plan essential
Prioritise programs to be up & running first
Notification to staff of procedure
Test the planning (like fire practice)!
UCSC
kasun@cmb.ac.lk
Preventing your own

disasters
no eating or drinking near the computer

no extremes of environment (heat, smoke)
clean & lock your computer!
backup hard disk files and floppy disks
store backups safely
write protect disks
UCSC
kasun@cmb.ac.lk
Why backup?
disks dont last forever

liquids + disks = disaster
magnetic fields damage disks
files are damaged if a power failure happens
during saving or loading
accidental deletion by YOU!
network crashes
UCSC
kasun@cmb.ac.lk
Disaster Recovery Plans

Single system or device failures - Includes a network
device, disk, motherboard, network interface card, or
component failure.
Data center events - Provides procedures for a major event
within a data center.
Site events - Identifies the critical capabilities that need to
be restored.
Testing the DRP - Identifies key employees and performs
walkthroughs of the plan periodically.
UCSC
kasun@cmb.ac.lk
68
Backup Policy
Frequency of backups - Identifies how often
backups actually occur.
Storage of backups - Defines how to store backups
in a secure location. It also states the mechanism
for requesting and restoring backups.
Information to be backed up - Identifies which
data needs to be backed up more frequently.
UCSC
kasun@cmb.ac.lk
69

Program Security
4.3 Program Security
Kinds of Malicious Code
How Viruses Attach and Gain Control
Homes for Viruses
Virus Signatures
Preventing Virus Infection
Trapdoors
Convert Channels
Control Against Program Threats
Java mobile codes
UCSC
kasun@cmb.ac.lk
70
Malicious Software
Malicious code often masquerades as good
software or attaches itself to good software
Some malicious programs need host
programs
Trojan horses, logic bombs, viruses
Others can exist and propagate
independently
Worms, automated viruses
There are many infection vectors and
propagation mechanisms
UCSC
kasun@cmb.ac.lk
71
Malicious Software
UCSC
kasun@cmb.ac.lk
72
Trojan Horses
A trojan horse is malicious code hidden in an
apparently useful host program
When the host program is executed, trojan
does something harmful or unwanted
Trojans do not replicate
This is the main difference from worms and
viruses
UCSC
kasun@cmb.ac.lk
73
Zombie
program which secretly takes over
another networked computer
then uses it to indirectly launch
attacks
often used to launch distributed
denial of service (DDoS) attacks
exploits known flaws in network
systems
UCSC
kasun@cmb.ac.lk
74
What is a computer virus?

A program that reproduces itself
Affects software, not the actual machine
Many different types:
file:
macro:
boot or partition, etc.
May lie dormant

Can strike at any time
UCSC
kasun@cmb.ac.lk
Viruses
Virus propagates by infecting other programs
Automatically creates copies of itself, but to propagate, a
human has to run an infected program
Self-propagating malicious programs are usually called
worms
Viruses employ many propagation methods

Insert a copy into every executable (.COM, .EXE)
Insert a copy into boot sectors of disks
Stoned virus infected PCs booted from infected
floppies, stayed in memory and infected every floppy
inserted into PC
Infect TSR (terminate-and-stay-resident) routines
By infecting a common OS routine, a virus can always
memory
and infect all disks, executables, etc.76
UCSC stayAllinrights
reserved. No part of this material may be reproduced and sold.
kasun@cmb.ac.lk
What do viruses do?
Non-destructive viruses
Print unexpected message, make a sound

Examples: Peace, Red Cross, Bubbleboy
Destructive viruses
Destroy data and files
Examples: Michelangelo, Dark Avenger, Joshi,
Stealth (makes hard disk inoperable) etc.
Millions of viruses and hundreds of different

effects
Non-destructive viruses still waste time
UCSC
kasun@cmb.ac.lk
Protection against viruses
Few computer systems are totally secure

Buy from a reputable computer dealers
Buy "shrink-wrapped" software
Always suspect any other software
Make executables read only
Write protect diskettes
Careful with internet & email files
Use scanning software (anti-virus) to check for
viruses
UCSC
kasun@cmb.ac.lk
If you find a virus
DONT PANIC
Work systematically. DONT RUSH
Tell system manager - IT Services
Clean up
Disinfect and Retrieve clean files
Destroy disk
Ask for help if you are not sure!
UCSC
kasun@cmb.ac.lk
Cryptovirus
A cryptovirus is a virus embedding and using a
public-key (http://www.cryptovirology.com/)
First Technique
Use the private key to encrypt the payload
Second Technique
Use a symmetric key to encrypt payload
Use the private key to encrypt the symmetric key
UCSC
kasun@cmb.ac.lk
80
Worms
replicating but not infecting program
typically spreads over a network
cf Morris Internet Worm in 1988, led to creation of
CERTs
using users distributed privileges or by

exploiting system vulnerabilities
widely used by hackers to create zombie PC's,
subsequently used for further attacks, esp DoS
major issue is lack of security of permanently
connected systems, esp PC's
UCSC
kasun@cmb.ac.lk
81
Virus (and Worm) Phases

1. Dormant
2. Propagation
* search for other systems to infect
* establish connection to target remote system
* replicate self onto remote system
1. Trigger
2. Execute
UCSC
kasun@cmb.ac.lk
82
Anti-Virus Technologies
Simple anti-virus scanners
Look for signatures (fragments of known viruses)
Heuristics for recognizing code associated with viruses
For example, polymorphic viruses often use decryption
loops
Integrity checking to find modified files
Record file sizes, checksums, MACs (keyed hashes of
contents)
Generic decryption and emulation scanners

Goal: detect polymorphic viruses with known body
Emulate CPU execution for a few hundred instructions,
virus will eventually decrypt, can recognize known body
Does not work very well against metamorphic viruses and
83
UCSC virusesAllnot
rightslocated
reserved. No part
of thisbeginning
material may be reproduced
and sold.
near
of infected
executable
kasun@cmb.ac.lk
Possible Counter Measures

Update all softwares like operating system, drivers all softwares
that use the internet and update anti virus and anti spyware
Install inbound and outbound firewall
Encrypt important data

Backup the data regularly
Install third party registry editor, traffic monitoring software
Disable autorun feature
Hope antivirus vendors find a cure for it in near future
Use open source software and operating

systems
UCSC
kasun@cmb.ac.lk
84
Applets
An applet is a typically small program embedded in
another application, generally a Web browser that
provides a JVM.
An applets host program provides an applet context
in which the applet executes.
An applet is generally launched from an HTML
document with an APPLET tag that specifies the
URL for the applet bytecodes
UCSC
kasun@cmb.ac.lk
85
Applet security
Applets typically execute under a strict
security manager that prevents an applet
from
Accessing the local disk to read, write, delete,
or execute files.
Loading nonstandard libraries.
Opening connections to arbitrary hosts.
UCSC
kasun@cmb.ac.lk
86
Applet security
The tight applet security is sometimes
described as sandbox security to suggest
that an applet must play within a
confined area from which it must not
venture.
An applet is allowed to open a socket to
the server from which is downloaded, thus
enabling socket-based communications.
UCSC
kasun@cmb.ac.lk
87
Java Signed Applet:
Compile the applet

Create a JAR file
Generate Keys
Sign the JAR file
Export the Public Key Certificate
Import the Certificate as a Trusted Certificate
Create the policy file
Run the applet
UCSC
kasun@cmb.ac.lk
Creating a Jar file:
E:\JavaExamples>javac writeFile.java
E:\JavaExamples>jar -cvf writeFile.jar
writeFile.class
added manifest adding: writeFile.class(in =
1747) (out= 984)(deflated 43%)
UCSC
kasun@cmb.ac.lk
Signing a Applet:
E:\JavaExamples\SSL>keytool -genkey -alias
kasun -keystore writeFile
E:\JavaExamples\SSL>jarsigner -keystore
writeFile writeFile.jar kasun
Enter Passphrase for keystore: writeFile
E:\JavaExamples\SSL>jarsigner -verify
writeFile.jar
jar verified.
UCSC
kasun@cmb.ac.lk
Run a Signed Applet:

<applet code="writeFile.class"
archive="writeFile.jar"
width=400 height=400>
</applet>
UCSC
kasun@cmb.ac.lk
Questions?
UCSC
kasun@cmb.ac.lk
92

Security in Networks and
Distributed Systems
Nandika Kasun
Sri Lanka
UCSC
kasun@cmb.ac.lk
Objectives:
Security in networks and distributed systems:
Describe the authentication mechanisms and protocols in
open network environment
Design security polices and network protection systems
to prevent unauthorized access in open network
environment
Identify the security requirement of the Internet
Describe the existing security solutions and protocols
Design new solutions to address the security problems in
open network environment
UCSC
kasun@cmb.ac.lk

Distributed Systems
5.1 Network Security
UCSC
kasun@cmb.ac.lk
Network Security Issues such as

Impersonation, Message Confidentiality,
Message Integrity, Code Integrity, Denial
of Service
IP Security (IPSec ) protocol and Virtual
Private Networks (VPN)
Securing wireless (IEEE 802.11) networks
PKI based Authentication and Kerberos
Authentication
Biometrics Authentication Mechanisms
Access Control Mechanisms
Firewalls
IP Security Overview
Benefits of IPSec
Transparent to applications (below transport layer
(TCP, UDP)
Provide security for individual users
IPSec can assure that:

A router or neighbor advertisement comes from an
authorized router
A redirect message comes from the router to which
the initial packet was sent
A routing update is not forged
UCSC
kasun@cmb.ac.lk
What can IPSEC do for us?
Authentication
Integrity
Access control
Confidentiality
Replay protection (Partial)
UCSC
kasun@cmb.ac.lk
Types of communications
Host To Host
Host To Security Gateway
Security Gateway To Security Gateway

Security Gateway = Firewall
Also refer to as Network (i.e. Network To
Network)
UCSC
kasun@cmb.ac.lk
How does IPSEC work?

Host To Host
Host A
IPsec (SA)
No
IPse
Host B
sec
P
I
o
N
Other Hosts
UCSC
kasun@cmb.ac.lk
Host To Security Gateway
Host A
Security
Gateway
IPsec (SA)
No IPsec
Other Hosts
UCSC
kasun@cmb.ac.lk
OR
NAT
ROUTE
Internal
Network
Security Gateway to Security Gateway
Security
Gateway
IPsec (SA)
Security
Gateway
OR
Internal
Network
UCSC
kasun@cmb.ac.lk
IPC-NAT
ROUTE
Internal
Network
Security Associations (SA)

A one way relationsship between a
sender and a receiver.
Identified by three parameters:
Security Parameter Index (SPI)
IP Destination address
Security Protocol Identifier
Stored in the SPD (Security Policy Database)
UCSC
kasun@cmb.ac.lk
10
Security Policy Database (SPD)

Each entry defines a subset of IP traffic and points to an
SA for that traffic: defined using IP and upper layer
protocol field values called selectors.
Outbound traffic processing includes:
Compare the values of the selector fields against
SPD to find an SPD entry
Determine the SA for this packet and associated SPI
Do the required IPSec processing (AH or ESP)
UCSC
kasun@cmb.ac.lk
11
Types of IPSEC Connections

Transport Mode
Does not encrypt the entire packet

Uses original IP Header
Faster
Tunnel Mode
UCSC
kasun@cmb.ac.lk
Encrypts entire packet including IP Header (ESP)

Creates a new IP header
Slower
12
Security Associations (SA)

Transport Mode
SA
Tunnel Mode
SA
AH
Authenticates IP payload
and selected portions of IP
header and IPv6 extension
headers
Authenticates entire
inner IP packet plus
selected portions of
outer IP header
ESP
Encrypts IP payload and

any IPv6 extension header
Encrypts inner IP packet
ESP with
authentication
Encrypts IP payload and

any IPv6 extension header.
Authenticates IP payload
but no IP header
Encrypts inner IP
packet. Authenticates
inner IP packet.
UCSC
kasun@cmb.ac.lk
13
Normal TCP/IP Packet

Application Layers (5-7) / Data
TCP/UDP Header (Layer 4)
IP Header (Layer 3)
Frame Header (Layer 2)
OR
Frame Hdr
UCSC
kasun@cmb.ac.lk
IP Hdr
TCP/UDP
Data
14
AH (Authentication Header)
IP Protocol 51
Provides authentication of packets
Does not encrypt the payload
Transport Mode
IP Hdr
AH
TCP/UDP
Data
AH
Org. IP Hdr
TCP/UDP
Tunnel Mode
New
IP IP
HdrHdr
UCSC
kasun@cmb.ac.lk
Data
15
Transport vs Tunnel Mode ESP

Transport mode is used to encrypt & optionally
authenticate IP data
data protected but header left in clear
can do traffic analysis but is efficient
good for ESP host to host traffic
Tunnel mode encrypts entire IP packet
add new header for next hop
good for VPNs, gateway to gateway security
UCSC
kasun@cmb.ac.lk
16
ESP (Encapsulating Security Payload)
IP Protocol 50
Encrypts the Payload
Provides Encryption and Authentication
Transport Mode
IP Hdr
AH
ESP
TCP/UDP
AH
ESP
Org. IP
Hdr
Data
Tunnel Mode
New IP Hdr
UCSC
kasun@cmb.ac.lk
TCP/UDP
Data
17
IPSec Pitfalls
Too complicated, many different ways to
configure
Can be configured insecurely
Client security is an issue
UCSC
kasun@cmb.ac.lk
18
VPN (Virtual Private Network)

A Virtual Private
Network Carries Private
Traffic Over
a Public Network
Secure communications between two

hosts or networks
IPsec is one of the more popular VPN
technology's
UCSC
kasun@cmb.ac.lk
19
What is VPN ?
UCSC
kasun@cmb.ac.lk
20
Types of VPN
UCSC
kasun@cmb.ac.lk
21
When to VPN ?
UCSC
kasun@cmb.ac.lk
22
VPN Security Issues

Authentication methods supported
Encryption methods supported
Key Management
Data stream filtering for viruses, JAVA, active X
Supported certificate authorities
Encryption Layer: Datalink, network, session,
application. Higher Layer . More granular
Granularity of Security: Departmental level,
Application level, Role-based
UCSC
kasun@cmb.ac.lk
23
Security Risk of Wireless
Bypassing the firewalls

Short message service spamming
Malicious downloadable code or content
Weak Encryption key or non-existent
Turning on wireless encryption does not mean
data is protected end-to-end
Wired portion of the traffic may travel in the
clear
UCSC
kasun@cmb.ac.lk
Security Problems
Unauthorized or rogue access points on trusted
networks
Access to network by unauthorized clients (theft of
service, "war driving")
Interception and monitoring of wireless traffic
range can be hundreds of feet
packet analyser software freely available
Jamming is easy, unlicensed frequency
UCSC
kasun@cmb.ac.lk
25
Security Problems (cont'd)

Client-to-client attacks (in ad hoc mode)
Denial or degradation of service
flood with bogus packets, association/authentication
requests,
Misconfiguration possibilities
no encryption used
weak (guessable) password used to generate key
weak protection of encryption key on client machine
weak protection of management interface for access
point
UCSC
kasun@cmb.ac.lk
26
(In)Security in 802.11b
Authentication is the process of proving

identity
open: just supply correct SSID

shared key: relies on WEP
WEP: Wired Equivalent Privacy
UCSC
kasun@cmb.ac.lk
27
WEP
Without WEP, no confidentiality, integrity, or

authentication of user data
The cipher used in WEP is RC4, keylength from 40 up
to 128 bits
Key is shared by all clients and the base station
compromising one node compromises network
Manual key distribution among clients makes changing
the key difficult
UCSC
kasun@cmb.ac.lk
28
WEP Encryption Weakness
Initialization Vector (IV) used during encryption is only

24 bits long
Key to cracking: find packets with duplicate public IVs
repetition of IV guaranteed on busy networks due to
small IV space
Tools: WEPCrack, AirSnort
15 minutes to 24 hours to collect enough packets
UCSC
kasun@cmb.ac.lk
29
Recommendations: General
Get informed about risks!
Regular security audits and penetration assessments
Require "strong" passwords, limit number of login
attempts
Disable ad hoc mode
invites access by unauthorized nodes to your
computer
UCSC
kasun@cmb.ac.lk
30
Recommendations:WLAN Security
WEP (fair)
enable wireless frame encryption
use longest key
change the WEP key regularly (manually)
802.1X and WPA (user authentication + dynamic keys)

(better)
use as soon as practical and stable
set rekeying to occur every few hours
802.11i (best)
upgrade / use when available and supported
UCSC
kasun@cmb.ac.lk
31
What is Kerberos?
The 3-headed dog who guards the entrance to Hades

Network Authentication Protocol
Used in:
Client/Server
Peer-to-Peer
Developed by the Massachusetts Institute of

Technology (MIT) s Project Athena
Current Release Version 5
Adoption by Microsoft Windows 2000
UCSC
kasun@cmb.ac.lk
32
Kerberos Message 1
Authentication Server
User
User logs on to workstation

and requests service on
application server
Request is passed over to
the Authentication Server
Application
Server
UCSC
kasun@cmb.ac.lk
Kerberos Message 2
User
Application
Server
UCSC
kasun@cmb.ac.lk
AS verifies user access

rights,
creates TG ticket and session
key, encrypts using key
derived from users password
and sends back to user
Kerberos Message 3
User
WS prompts user for userID
and a password, decrypts and
verifies the ticket, and sends
new request to the TGS
Application
Server
UCSC
kasun@cmb.ac.lk
Kerberos Message 4
User
TGS decrypts ticket and
authenticator, verifies
request
and creates ticket for the
requested server
Application
Server
UCSC
kasun@cmb.ac.lk
Kerberos Message 5
User
WS sends the ticket and

the authenticator to the
requested server
Application
Server
UCSC
kasun@cmb.ac.lk
Kerberos Message 6
User
Application
Server
UCSC
kasun@cmb.ac.lk
Server verifies the ticket

and
the authenticator and if
OK,
grants access to the
requested server
Strong Authentication Protocol

Initiator
Generates an
authentication token
(Step 1)
Verifies the
(Step 6)
Generates new
(Step 7)
UCSC
kasun@cmb.ac.lk
Verifier
Sends the
Verifies the
(Step 2)
(Step 3)
Sends the
(Step 5)
Sends the
(Step 8)
Generates new
(Step 4)
Verifies the
(Step 9)
39
Authenticity of Public Keys

A B
S
S
?
S A
A
UCSC
kasun@cmb.ac.lk
Authentication in Open Networks Certificates

CA A B
CA
CA A
UCSC
kasun@cmb.ac.lk
CA
CA B
Remote Authentication
CA
Registration
Administration
Application
Server
User
UCSC
kasun@cmb.ac.lk
42
Authentication with Biometrics

Automated methods of identity verification or
identification based on the principle of measurable
physiological or behavioral characteristics.
Example: Fingerprint, an iris pattern, a voice sample.
Biometric characteristics should be unique and not

duplicable or transferable.
UCSC
kasun@cmb.ac.lk
What is a Firewall?
A choke point of control and monitoring
interconnects networks with differing trust
imposes restrictions on network services
only authorized traffic is allowed
auditing and controlling access
can implement alarms for abnormal behavior
is (supposedly) itself immune to penetration
provides perimeter defense
UCSC
kasun@cmb.ac.lk
44
Purpose of a Firewall
Basically, a firewall does three things to protect
the network:
It blocks incoming data that might contain a
hacker attack.
Hide internal addresses from Internet hackers.
This is called NAT.
It screens outgoing traffic to limit Internet use
and/or access to remote sites.
UCSC
kasun@cmb.ac.lk
45
Limitation of a Firewall
Cannot protect from attacks bypassing it
Cannot protect against internal threats
E.g. disgruntled employee
Cannot protect against transfer of all virus

infected programs or files because of huge
range of O/S & file types
UCSC
kasun@cmb.ac.lk
46
Types of Firewall
UCSC
kasun@cmb.ac.lk
Packet Filters
Stateful Packet Filters
Application Level Gateway
Circuit Level Gateway
47
Packet Filter Firewalls

Simple concept
Examine each IP packet (no context) and
permit or deny according to rules
Restrict access to services (ports)
Possible default policies:
that not expressly permitted is prohibited
that not expressly prohibited is permitted
UCSC
kasun@cmb.ac.lk
48
Attacks on Packet Filters

IP address spoofing
Fake source address to be a trusted one
Countermeasure: Discard packets with inside source address
arriving on an external interface
Source routing attacks

Attacker sets a route other than default
Countermeasure: Block source routed packets
Tiny fragment attacks

Split header info over several tiny packets to circumvent
rules that depend on TCP header information
Countermeasure: Either discard or reassemble before check
UCSC
kasun@cmb.ac.lk
49
Stateful Packet Filters

Examine each IP packet in context
keeps tracks of client-server sessions
checks each packet validly belongs to one
Better able to detect bogus packets out of context
E.g. permit ftp data connection from outside the
firewall to inside, provided the corresponding control
connection from inside to outside is still open between
same machines and on expected ports.
UCSC
kasun@cmb.ac.lk
50
Application-level Gateway (proxy)
Use an application specific gateway/proxy

Has full access to protocol
User requests service from proxy

Proxy validates request as legal
Then forwards request and returns result to user
Need separate proxies for each service
some services naturally support proxying

others are more problematic
custom services generally not supported
Ex: HTTP for Web
FTP for file transfers
SMTP/POP3 for e-mail
UCSC
kasun@cmb.ac.lk
51
Circuit Level Gateway

Relays two TCP connections
Imposes security by limiting which
connections are allowed
Once created, usually relays traffic without
examining contents
Typically used, when it trusts internal users
by allowing general outbound connections
E.g. SOCKS server
UCSC
kasun@cmb.ac.lk
52
Features and Functionality

A wide range of additional features and
functionalities are being integrated into
standard firewall products.
These are
Demilitarized zone (DMZ)
Content filtering
Virtual private networking (VPN).
UCSC
kasun@cmb.ac.lk
53
Demilitarized Zone Firewalls

A secure system that supports a limited number of
applications for use by outsiders.
For example, a company that hosts a Web site or
sells its products or services over the Internet
UCSC
kasun@cmb.ac.lk
54

Distributed Systems
5.2 Web Security
Solving Privacy Problems
Solving Authentication Problems
Secure Socket Layer (SSL) Protocol
Secure Electronic Transaction (SET)
Protocol
Safe Guarding Web Servers
UCSC
kasun@cmb.ac.lk
55
How the Internet Works -2
UCSC
kasun@cmb.ac.lk
56
Stateless protocol
Problems :
1.
2.
3.
4.
5.
UCSC
kasun@cmb.ac.lk
html
Authentication of clients (browser)

Authentication of users
Authentication of WWW servers CGI
Protection of html documents
Control of access
Remote login
Problems :
WWW Server
1. Open system
2. Stateless protocol
3. Single login
UCSC
kasun@cmb.ac.lk
Access Control for Users
Access Ctrl
Table
WWW Server
Problems :
1. Decisions
2. Administration
3. Enforcement
UCSC
kasun@cmb.ac.lk
Protection of Messages
WWW Server
UCSC
kasun@cmb.ac.lk
Protection of Documents
In transmission
HTML
Doc
WWW Server
In storage
HTML
Doc
UCSC
kasun@cmb.ac.lk
HTML
Doc
SSL and TLS

SSL was originated by Netscape
TLS working group was formed within IETF
First version of TLS can be viewed as an SSLv3.1
UCSC
kasun@cmb.ac.lk
62
SSL Architecture
UCSC
kasun@cmb.ac.lk
63
SSL Record Protocol Operation
UCSC
kasun@cmb.ac.lk
64
Handshake Protocol
The most complex part of SSL.
Allows the server and client to
authenticate each other.
Negotiate encryption, MAC algorithm and
cryptographic keys.
Used before any application data are
transmitted.
UCSC
kasun@cmb.ac.lk
65
Secure WWW (SSL)

Secure client/server (WWW) protocol:
1. Server Authentication
2. Client Authentication (optional)
3. Negotiation of the encryption algorithm
4. Establishment of the session key
5. Encryption of http messages (DES, RC4, etc.)
6. Integrity of http messages (MD2)
UCSC
kasun@cmb.ac.lk
Secure WWW (SSL)
WWW Server
Phase 1: Hello phase
Phase 2: Keys Exchange phase
Phase 3: Session Key Creation phase
Phase 4: Server Verify phase
Phase 5: Client Authentication phase
Phase 6: Finished phase
UCSC
kasun@cmb.ac.lk
Transport Layer Security

The same record format as the SSL record format.
Defined in RFC 2246.
Similar to SSLv3.
Differences in the:
version number
message authentication code
pseudorandom function
alert codes
cipher suites
client certificate types
certificate_verify and finished message
cryptographic computations
padding
UCSC
kasun@cmb.ac.lk
68
Trust
Now imagine a web browser showing
the lock on a web page. Who says that
the lock represents an SSL or
otherwise encrypted page?
UCSC
kasun@cmb.ac.lk
Certificate VerificationTCA
PCA
HCA
PCA
Certification
Infrastructure
HCA
LCA
LCA
Security Protocols
App
client
App
server
Trusted certificate handling

Certificate chain verification
Certificate Revocation List (CRL) handling
Certificate extension verification
UCSC
kasun@cmb.ac.lk
70
(Un)Trusted Certificates
Pre-installed
trusted certificates
Week key length
certificates
Could be replaced
UCSC
kasun@cmb.ac.lk
71
Secure Sockets Layer Apache

Compile and install mod_ssl module.
Create a public/private key pair.
Get public key signed by certificate authority,
yielding a certificate.
Install certificate and configure Apache to find it.
Restart
UCSC
kasun@cmb.ac.lk
Create Self-signed Certificate

You can generate a self-signed host certificate using
the following command:
openssl req -new -x509 -out host.pem
(Your private key will be saved to privkey.pem file

and self-signed certificate will be saved to host.pem
file.)
UCSC
kasun@cmb.ac.lk
Creating a Certificate Request

To create a certificate request, use the following command:
openssl req -new -nodes -out req.pem -keyout key.pem
(Your private key will be saved to key.pem file and certificate
request will be saved to req.pem file.)
req.pem:
-----BEGIN CERTIFICATE REQUEST----MIIBlDCB/gIBADBVMQswCQYDVQQGEwJMSzEQMA4GA1UEBxMHQ29sb21ibzEMMAoG
A1UEChMDQ01CMQ0wCwYDVQQLEwRVQ1NDMRcwFQYDVQQDEw51Y3NjLmNtYi5hYy5s
azCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9XZEtFxoVbGhH9nrWKRi1avK
lMKKobVkgS99b9bcwnJ6zh7ZXwoiNBO1UNyDUuWrxxlZxcChnzds0UvEHVJatPYM
8+XwQpOmobIK/3E9f9SYh6OVbNxAIoLAXXoHBzV8YysyuxqEPFqmZW94TnfTUFWC
TTuwKPIourOZI1zhyW8CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBABBDlwxgDxqd
wpnfGUuRiIsp2C5KxHFAsVKvVwpRhlgdihcrYXpY2xNq1OTnqqS2dts2pO+xPuEP
nAREnFABPxsqn95/mr+T91bah/2eBuhbJ9TjzxY9wWebTNMrk9CFygqlYldniizd
mhWMWQuqSnXSS5oC/+itEtAd64hWHv0Q
-----END CERTIFICATE REQUEST-----
UCSC
kasun@cmb.ac.lk
Obtaining a Server Certificate

Convince a Certificate Authority to Sign your Certificate:
Submit the req.pem file to Verisign or Thawte for signing
(pay the fee) or
Submit the req.pem file to www.cacert.org or ca.cmb.ac.lk
(Free).
They will eventually mail you back a signed certificate.
UCSC
kasun@cmb.ac.lk
Authenticating with SSL

Give users of your intranet client certificates to authenticate with.
Advantages: No passwords to mess around with.
Disadvantages: Certificate management is hard.
Creating Client Certificates
OpenSSL will do that.
UCSC
kasun@cmb.ac.lk
Secure Socket Layer (SSL)

Optional user authentication
No document level protection
No Non-repudiation
UCSC
kasun@cmb.ac.lk
77
Secure Credit Card Payments (SSL)

The Internet
SSL
Merchant
Customer
Problems :
-
customers authenticity
impersonation
servers authenticity
fraud at ME server
non-repudiation
E-Commerce Servers
CGI, JSP, ASP..

Transfers :
Transfers :
- Manual/WWW
- proprietary
products
Problems :
- non-standard
- insecure?
UCSC
kasun@cmb.ac.lk
Banking Network
Problems :
Expensive to maintain
Close networks
Insecure
products???
All rights reserved.
No part of this
material may be reproduced and sold.
- private lines
- FTP
- proprietary
products
Problems :
- non-standard
- insecure?
78
SET Payment System

Payment
Gateway
Merchant
Cardholder
PInitReq
PInitRes
PReq
AuthReq
AuthRes
PRes
CapReq
CapRes
UCSC
kasun@cmb.ac.lk
SET PReq Message
ME
PGW
Order
UCSC
kasun@cmb.ac.lk
Payment
Gateway
Merchant
Cardholder
Order
Sign
CC
Payment (CC)
CC
Sign
DoubleSign
Problems of Single SignOn
Solution
Once login
Multiple services
Single Sign-on
Different web sites are under completely different

administrative control
Microsoft Passport Microsofts ambitious attempt to
provide this service
UCSC
kasun@cmb.ac.lk
81
Microsoft .NET Passport

Centralized identity system based on symmetric
cryptography.
Designed to use existing web technologies
HTTP redirects,JavaScript, Cookies,SSL
Heart of the entire system - A single system located in

the passport.com internet domain
Unique identifier for every user
This is sent back in the form of an encrypted ticket.
UCSC
kasun@cmb.ac.lk
82
How .NET Passport Works?

Passport Server
Resource
Manager
1. Initial resource request

1. Redirect to passport
ion
t
tica
1. Passport authentication
request
1
5
T
Con
tent
hen
Aut
1. Authentication response
1. Authenticated resource
request
6. Content delivery.
User (Browser)
UCSC
kasun@cmb.ac.lk
83
Risks of Passport?
Global centralization
Lack of documentation
Passport uses a simple password
authentication mechanism
Problem of encryption algorithm
Problems with SSL protocol
UCSC
kasun@cmb.ac.lk
84

Distributed Systems
5.3 Secure Electronic Mail
Privacy Enhanced Email (PEM)
Pretty Good Privacy (PGP)
Public Key Cryptography StandardsPKCS#7
Secure/Multipurpose Internet Mail
Extensions (S/MIME)
UCSC
kasun@cmb.ac.lk
85
Email is in the Clear

Email A Postcard Written in Pencil
UCSC
kasun@cmb.ac.lk
http://www.cert.org/homeusers/email_postcard.html
86
E-mail Security
Pretty Good Privacy (PGP) (www.pgp.com)
Philip R. Zimmerman is the creator of PGP.
PGP provides a confidentiality and authentication
service that can be used for electronic mail and file
storage applications.
S/MIME
Secure/Multipurpose Internet Mail Extension
S/MIME will probably emerge as the industry
standard.
PGP for personal e-mail security
UCSC
kasun@cmb.ac.lk
87
Why Is PGP Popular?

It is availiable free on a variety of
platforms.
Based on well known algorithms.
Wide range of applicability
Not developed or controlled by
governmental or standards organizations
UCSC
kasun@cmb.ac.lk
88
Operational Description
Consist of five services:
UCSC
kasun@cmb.ac.lk
Authentication
Confidentiality
Compression
E-mail compatibility
Segmentation
89
PGP Public Keys
UCSC
kasun@cmb.ac.lk
90
MIME content (mixed)

MIME content headers
text/plain
text/richtext
multipart/mixed
multipart/parallel
multipart/alternative
multipart/digest
message/rfc822
message/partial
message/external-body
image/jpeg
image/gif
video/mpeg
audio/basic
application/postscript
application/octet-stream
UCSC
kasun@cmb.ac.lk
MIME content headers

From: Dr William Buchanan
<w.buchanan@napier.ac.uk>
MIME-Version: 1.0
To: w.buchanan@napier.ac.uk
Subject: Any subject
Content-Type: multipart/mixed;
boundary=boundary name
This part of the message will be ignored.
-- boundary name
Content-Type: multipart/mixed;
boundary=boundary name
This is the first mail message part.
-- boundary name
And this is the second mail message part.
-- boundary name --
Securing a MIME entity

MIME entity is prepared according to the
normal rules for MIME message
preparation
prepared MIME entity is processed by
S/MIME to produce a PKCS object
the PKCS object is treated as message
content and wrapped in MIME
UCSC
kasun@cmb.ac.lk
92
PKCS7 signed data

Version
(Set of) Digest Algorithms
Content type
Content Info
Content
Set of certificates
Version
Set of CRLs
Signer ID (issuer and ser. no.)

Digest Algorithm
Signer Info
Authenticated Attributes
Digest Encryption Alg.
UCSC
kasun@cmb.ac.lk
Encrypted digest (signature)
93
PKCS7 enveloped data

Version
Originator Info
Version
Recipient ID (issuer and s.no.)
Recipient Info
Key Encryption Algorithm
Encrypted Key
Encrypted Content Info
Content type
Content Encryption Alg.
Encrypted Content
UCSC
kasun@cmb.ac.lk
94
S/MIME Functions
Enveloped Data: Encrypted content and
encrypted session keys for recipients.
Signed Data: Message Digest encrypted with
private key of signer.
Clear-Signed Data: Signed but not encrypted.
Signed and Enveloped Data: Various orderings
for encrypting and signing.
UCSC
kasun@cmb.ac.lk
95
Algorithms Used
Message Digesting: SHA-1 and MDS
Digital Signatures: DSS
Secret-Key Encryption: Triple-DES, RC2/40
(exportable)
Public-Private Key Encryption: RSA with key
sizes of 512 and 1024 bits, and Diffie-Hellman
(for session keys).
UCSC
kasun@cmb.ac.lk
96
User Agent Role

S/MIME uses Public-Key Certificates - X.509
version 3 signed by Certification Authority
Functions:
Key Generation - Diffie-Hellman, DSS, and RSA keypairs.
Registration - Public keys must be registered with
X.509 CA.
Certificate Storage - Local (as in browser application)
for different services.
Signed and Enveloped Data - Various orderings for
encrypting and signing.
UCSC
kasun@cmb.ac.lk
97
Attachments
Computer viruses and other malicious software are
often spread through email attachments.
If a file attached to an email contains a virus, it is
often launched when you open (or double-click) the
attachment.
Dont open email attachments unless you know
whom it is from and you were expecting it.
UCSC
kasun@cmb.ac.lk
Should you open attachments?

If it is suspicious, do not open it!
What is suspicious?
Not work-related.
The email containing the attachment was not addressed to
you, specifically, by name.
Incorrect or suspicious filename.
Unexpected attachments.
Attachments with suspicious or unknown file extensions
(e.g., .exe, .vbs, .bin, .com, .pif, or .zzx)
Unusual topic lines: Your car?; Oh!; Nice Pic!;
Family Update!; Very Funny!
UCSC
kasun@cmb.ac.lk
Email best practices

Use the BCC field when
sending to large
distribution lists.
Protects recipients email addresses
Prevents Reply to All issues
Avoid use of large distribution lists unless legitimate
business purpose.
E.g., All Faculty/Staff list
Use TCU Announce instead
Beware of Reply to All button
Dont forward chain email letters.
UCSC
kasun@cmb.ac.lk
What is spam?
Spam is anonymous, unsolicited junk email sent
indiscriminately to huge numbers of recipients.
What for?
Advertising goods and services (often of a dubious
nature)
Quasi-charity appeals
Financial scams
Chain letters
Phishing attempts
Spread malware and viruses
UCSC
kasun@cmb.ac.lk
TCU Information Security Services
Questions?
UCSC
kasun@cmb.ac.lk
102

IT5204-Information Systems Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT5204-Information Systems Security

Uploaded by

Copyright:

Available Formats

Security of Information System

Basic Encryption and Decryption

Basic Encryption and Decryption

1.1 Terminology and Background

P clear (plain) text, message-readable (intelligible) information

What the Cryptanalyst Has to Work With

Types of Cryptanalytic Attacks

Types of Cryptanalytic Attacks

Brute Force Search

232 = 4.3 x 109

256 = 7.2 x 1016

2128 = 3.4 x 1038

5.4 x 1018 years

2168 = 3.7 x 1050

5.9 x 1030 years

Basic Encryption and Decryption

Stream and Block Ciphers

The Caesar Cipher

Cipher Text : czysh

The Perfect Substitution Cipher

The Vernam Cipher

Binary Vernam Cipher

The OneOne-Time Pad

c1 c6 c11 c2 c7 c12 c3 c8 ...

Cipher text formed by

Block vs Stream Ciphers

Substitution box (S-Box)

Basic Encryption and Decryption

Characteristic of Good Cipher

Confusion and Diffusion

Goal: cipher needs to completely obscure statistical

Security of Information System

Secure Encryption Systems

How to find a large prime?

J(r,p) mod p = r(p-1) / 2

If test 1 and 2 passes probability(prime p) = 1/2.

Greatest Common Divisor

Greatest Common Divisor - gcd(a,b)

If x divides a and b, x also divides a-(k*b) for every k

Euclid's GCD Algorithm

Relatively Prime Numbers & GCD

a+(b+c) mod n=(a+b) + c mod n

a+b mod n= b+a mod n

a*(b+c) mod n=((a*b) +(a* c)) mod n

(a+b) mod n=((a mod n) +(b mod n)) mod n

States that for any prime p and any element a<p

For a prime p and an element a<p,

Random Number Generation

2. Pseudo Random numbers

Secure Encryption Systems

Why PublicPublic-Key Cryptography?

digital signatures how to verify a message comes

Public--Key Cryptography Principles

The use of two keys has consequences in: key

Public Key Encryption

Requirements for PublicPublic-Key Cryptography

1. Easy for the receiver to decrypt

Requirements for PublicPublic-Key Cryptography

1. Computationally infeasible to determine

M = DKRb [ EKUb ( M )] = DKUb [ EKRb ( M )]

Security of Public Key Schemes

Public--Key Cryptographic Algorithms

Knapsack based encryption

RSA - Ron Rives, Adi Shamir and Len

a(b+c) mod n=((ab) +(a* c)) mod n