ITIS 6210/8210 Access Control and Security ... - Marc Grosz Wiki
ITIS 6210/8210 Access Control and Security ... - Marc Grosz Wiki
ITIS 6210/8210 Access Control and Security ... - Marc Grosz Wiki
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>ITIS</strong> <strong>6210</strong>/<strong>8210</strong><br />
<strong>Access</strong> <strong>Control</strong> <strong>and</strong><br />
<strong>Security</strong> Architecture<br />
Lecture 1<br />
Professor Mohamed Shehab<br />
mshehab@uncc.edu<br />
Woodward Hall 333F<br />
Office Hours: TUE 1:00-3:00 PM<br />
O Or b by appointment.<br />
it t
IT IS <strong>6210</strong>/<strong>8210</strong><br />
A <strong>Access</strong> <strong>Control</strong> C l <strong>and</strong> d <strong>Security</strong> S i Architecture<br />
A hi<br />
�� Discusses objectives objectives, formal models models, <strong>and</strong><br />
mechanisms for access control, access<br />
control on commercial off-the-shelf systems systems,<br />
<strong>and</strong> security architecture for authorization.<br />
�� Current topics of advanced research in<br />
access control. Content varies depending on<br />
faculty interests, interests research developments developments, <strong>and</strong><br />
student dem<strong>and</strong>.<br />
�� The course provides the students with<br />
h<strong>and</strong>s-on experience in secure system<br />
development through a project project.
Topics include:<br />
�� <strong>Access</strong> <strong>Control</strong> Basics<br />
◦ <strong>Access</strong> <strong>Control</strong> Matrix<br />
◦ <strong>Access</strong> <strong>Control</strong> List<br />
� <strong>Access</strong> <strong>Control</strong> Models<br />
◦ M<strong>and</strong>atory y <strong>Access</strong> <strong>Control</strong><br />
� Chinese Wall Policy<br />
� Biba Model<br />
� BllLPdl Bell-LaPadula MModel d l<br />
� Lattice-based <strong>Access</strong> <strong>Control</strong><br />
◦ Discretionary y <strong>Access</strong> <strong>Control</strong><br />
◦ Role Based <strong>Access</strong> <strong>Control</strong><br />
◦ Location/Temporal/Context p<br />
Based <strong>Access</strong><br />
<strong>Control</strong>
Topics include: (Cont (Cont.) )<br />
�� Delegation Models<br />
� Policy Specification <strong>and</strong> Management<br />
◦ <strong>Security</strong> Assertion Markup Language (SAML)<br />
◦ XACML<br />
◦ XML <strong>Security</strong><br />
� Network Firewall <strong>Access</strong> <strong>Control</strong><br />
� <strong>Security</strong> Architectures<br />
◦ Trust negotiations <strong>and</strong> management<br />
◦ Identity Management<br />
◦ Web Services <strong>Security</strong>
Grading Policy<br />
�� Midterm Exam 25%<br />
� Final Exam 25%<br />
� Project 50%<br />
◦ Presentation 20%<br />
◦ Report 30%<br />
� Both a project proposal <strong>and</strong> final report<br />
are required. q
Recommended Reference Material<br />
�� Books:<br />
◦ Computer <strong>Security</strong>: Art <strong>and</strong> Science,<br />
Matt Bishop, Addison-Wesley<br />
� Research Papers: p<br />
◦ Will be provided.<br />
�� PowerPoint Slides <strong>and</strong> Papers will be posted<br />
on course website:<br />
� http://www.sis.uncc.edu/~mshehab/fall2009/itis<strong>6210</strong>/
Information If Information ti S <strong>Security</strong> it<br />
Basic Concepts
Lecture Outline<br />
�� <strong>Security</strong> Overview<br />
� <strong>Security</strong> Design Principles<br />
� Privacy Overview<br />
�� Cryptography Overview
Information Protection - Why?<br />
�� Information is an important strategic <strong>and</strong><br />
operational asset for any organization.<br />
� Damages <strong>and</strong> misuses of information affect<br />
not only y a single g user or an application; pp ; they y<br />
may have disastrous consequences on the<br />
entire organization organization.<br />
� Additionally, the advent of the Internet as<br />
well as networking capabilities has made the<br />
access to information much easier.
Information <strong>Security</strong>: Examples<br />
�� Consider a payroll database in a corporation corporation,<br />
it must be ensured that:<br />
◦ Salaries of individual employees are not disclosed<br />
to arbitrary users of the database.<br />
◦ Salaries are modified by only those individuals<br />
that are properly p p y authorized.<br />
◦ Paychecks are verified by individuals different<br />
than the ones who issued them.<br />
◦ Paychecks are printed on time at the end of each<br />
pay period period.
What is Information <strong>Security</strong>?<br />
� Confidentiality<br />
◦ Is this all?<br />
◦ Why not?<br />
� Availability<br />
◦ To whom?<br />
�� Authentication<br />
◦ Still not there<br />
� IIntegrity i
Confidentiality<br />
�� Refers to information protection from<br />
unauthorized read operations.<br />
� First formal work in computer security was<br />
motivated by y the military’s y attempt p to<br />
implement controls to enforce a “need to<br />
know” know principle. principle<br />
� Confidentiality also applies to the existence<br />
of data, which is sometimes more revealing<br />
than the data itself.
Integrity<br />
�� Refers to information protection from<br />
modifications; it involves several goals:<br />
◦ Data integrity, ensuring the integrity of<br />
information with respect to the original<br />
information.<br />
◦ Origin g integrity, g y, ensuring g source of the data, ,<br />
often referred to as authentication.<br />
◦ Semantic Integrity, protecting information from<br />
incorrect modifications.
Integrity Example<br />
�� A newspaper may print information<br />
obtained from a leak at the White house,<br />
but attributes it to the wrong source.<br />
◦ This obeys data integrity.<br />
y g y<br />
◦ Violates origin integrity.
Availability<br />
�� It ensures that access to information is<br />
not denied to authorized subjects.<br />
�� Attempts to block availability, availability are called<br />
denial of service attacks.<br />
� Example, p ,<br />
SMURF attack.
Additional Information <strong>Security</strong><br />
Requirements<br />
�� Information Quality – it is not considered<br />
traditionally as part of information<br />
security but it is very relevant.<br />
� Completeness – it refers to ensure that<br />
subjects bj t receive i all ll iinformation f ti th they are<br />
entitled to access, according to the stated<br />
security policies.
Classes of Threats<br />
�� Disclosure<br />
◦ Snooping,Trojan Horses<br />
� Deception<br />
◦ Modification, spoofing, repudiation of origin,<br />
denial of receipt<br />
�� Disruption<br />
◦ Modification<br />
� Usurpation (Unauthorized <strong>Control</strong>)<br />
◦ Modification, spoofing, delay, denial of service
Goals of <strong>Security</strong><br />
�� Prevention<br />
◦ Prevent attackers from violating security<br />
policy<br />
� Detection<br />
◦ Detect attackers’ violation of security policy<br />
�� Recovery<br />
◦ Stop attack, assess <strong>and</strong> repair damage<br />
◦ Continue to function correctly even if attack<br />
succeeds
Policy <strong>and</strong> Mechanism<br />
�� A <strong>Security</strong> Policy:<br />
◦ Is a statement of what is <strong>and</strong> what is not<br />
allowed allowed.<br />
� A <strong>Security</strong> Mechanism:<br />
◦ I Is a method, h d tool, l or procedure d for f enforcing f<br />
a security policy.<br />
E l<br />
� Example:<br />
◦ Policy - “Students should not copy from each<br />
other”.<br />
◦ Mechanism – Use an online paper correlator.
Policy <strong>and</strong> Mechanism (Cont (Cont.) )<br />
�� Policies define security security, <strong>and</strong> mechanisms<br />
enforce security<br />
◦ Confidentiality<br />
◦ Integrity g y<br />
◦ Availability<br />
�� Composition of policies<br />
◦ If policies conflict, discrepancies may create<br />
security vulnerabilities
Policy <strong>and</strong> Mechanism (Cont (Cont.) )<br />
� PPolicies li i<br />
◦ Unambiguously g y partition p system y states<br />
◦ Correctly capture security requirements<br />
� Mechanisms<br />
◦ Assumed to enforce policy<br />
◦ Support mechanisms work correctly
Types of Mechanism<br />
Secure Precise Broad<br />
Set of reachable<br />
Set of secure<br />
states states
Information <strong>Security</strong> – Mechanisms<br />
�� Confidentiality is enforced by the access<br />
control mechanism.<br />
� Integrity is enforced by the access control<br />
mechanism <strong>and</strong> by y the semantic integrity g y<br />
constraints<br />
� Availability is enforced by the recovery<br />
mechanism <strong>and</strong> by detection techniques for<br />
DDoS S attacks k – an example l of f which hi h is i query<br />
flood
Information <strong>Security</strong> <strong>Security</strong>- Additional<br />
Mechanisms:<br />
�� User authentication - to verify the identity of<br />
subjects wishing to access the information.<br />
� IInformation f i authentication h i i - to ensure<br />
information authenticity - it is supported by<br />
signature i t mechanisms. h i<br />
� Encryption - to protect information when being<br />
transmitted across systems <strong>and</strong> when being<br />
stored on secondary storage.<br />
� Intrusion detection – to protect against<br />
impersonation of legitimate users <strong>and</strong> also<br />
against insider threats.
Information <strong>Security</strong> – How?<br />
�� Information must be protected at various<br />
levels:<br />
◦ The operating system<br />
◦ The network<br />
◦ The data management system<br />
◦ Physical protection is also important
Data vs Information<br />
�� Computer security is about controlling access<br />
to information <strong>and</strong> resources<br />
� <strong>Control</strong>ling access to information can<br />
sometimes be quite elusive <strong>and</strong> it is often<br />
replaced by the more straightforward goal of<br />
controlling ll access to data d<br />
� The distinction between data <strong>and</strong> information<br />
i is subtle btl but b t it i is also l the th root t of f some of f the th<br />
more difficult problems in computer security<br />
� Data represents information Information is the<br />
� Data represents information. Information is the<br />
(subjective) interpretation of data
Data vs Information Information (Cont.) (Cont (Cont.) )<br />
Data Physical phenomena chosen by convention<br />
to represent certain aspects of our conceptual<br />
<strong>and</strong> real world. The meaning we assign to data<br />
are called information. Data is used to transmit<br />
<strong>and</strong> store information <strong>and</strong> to derive new<br />
information by manipulating the data according<br />
to formal rules.<br />
from:<br />
P.Brinch Hansen. Operating Systems Principles.<br />
Prentice Prentice-Hall, Hall 1973 1973.
Data vs Information Information (Cont.) (Cont (Cont.) )<br />
�� Protecting information means to protect<br />
not only the data directly representing<br />
the information<br />
� Information must be protected also<br />
i i i h h<br />
against transmissions through:<br />
◦ Covert channels<br />
◦ Inference<br />
� It is typical of database systems<br />
� It refers to the derivation of sensitive information<br />
from non-sensitive data
Inference - Example<br />
Name Sex Programme Units Grade Ave<br />
Alma F MBA 8 63<br />
Bill M CS 15 58<br />
Carol F CS 16 70<br />
DDon M MIS 22 75<br />
Errol M CS 8 66<br />
Flora F MIS 16 81<br />
Gala F MBA 23 68<br />
Homer M CS 7 50<br />
Igor M MIS 21 70
Inference – Example Example (Cont.) (Cont (Cont.) )<br />
� Assume that there is a policy stating that the average grade<br />
of a single student cannot be disclosed; however statistical<br />
summaries can be disclosed<br />
� Suppose that an attacker knows that Carol is a female CS<br />
student<br />
� B By combining bi i the h results l of f the h ffollowing ll i llegitimate i i<br />
queries:<br />
◦ Q1: SELECT Count (*) FROM Students WHERE Sex =‘F’ = F AND<br />
Programme = ‘CS’<br />
◦ Q2: SELECT Avg (Grade Ave) FROM Students WHERE Sex =‘F’<br />
AND Programme = ‘CS’<br />
� The attacker learns from Q1 that there is only one female<br />
student t d t so th the value l 70 returned t d b by Q2 is i precisely i l h her<br />
average grade
Information <strong>Security</strong>:<br />
A Complete Solution.<br />
�It consists of:<br />
◦ First defining a security policy policy.<br />
◦ Then choosing g some mechanism to<br />
enforce the policy.<br />
◦ Fi Finally ll providing idi assurance that h bboth h<br />
the mechanism <strong>and</strong> the policy p y are<br />
sound.
<strong>Security</strong> Design Principles
Overview<br />
� Saltzer <strong>and</strong> Schroeder [1975] defined the 8 principles that<br />
are based on the ideas of f simplicity <strong>and</strong> restriction<br />
� Simplicity<br />
◦ Less to go wrong<br />
◦ Fewer possible inconsistencies<br />
◦ Easy to underst<strong>and</strong><br />
� Restriction<br />
◦ Minimize access – an entity can access only information<br />
it needs (also known as “need to know” principle)<br />
◦ Inhibit communication – an entity can communicate<br />
with other entities only when necessary, <strong>and</strong> in few (<strong>and</strong><br />
narrow) ways as possible
Principle of Least Privilege<br />
�� The principle of least privilege states that an<br />
entity should be given only those privileges<br />
that it needs in order to complete its task<br />
◦ The function of an entity, y <strong>and</strong> not its identity, y<br />
should control the assignment of rights<br />
◦ Rights should be added as needed, discarded<br />
after use
Principle of Fail Fail-Safe Safe Defaults<br />
�� The principle of fail fail-safe safe defaults state<br />
that, unless an entity is given explicit<br />
access to an object, it should be denied<br />
access to that object j<br />
◦ This principle requires that the default access<br />
permission to an object be none
Principle of Economy of Mechanism<br />
�� The principle of economy of mechanism<br />
states that security mechanisms should be as<br />
simple as possible<br />
� Simpler means less can go wrong<br />
◦ And when errors occur, occur they are easier to<br />
underst<strong>and</strong> <strong>and</strong> fix<br />
�� Interfaces <strong>and</strong> interactions<br />
◦ Interfaces to other modules are crucial, because<br />
modules often make implicit assumptions about<br />
input or output parameters or the current<br />
system state
Principle of Complete Mediation<br />
�� The principle of complete mediation<br />
requires that all accesses to objects be<br />
checked to ensure that they are allowed<br />
� Usually done once, on first action<br />
◦ UNIX: access checked on open, not checked<br />
thereafter<br />
◦ If permissions change after, may get<br />
unauthorized access<br />
◦ This approach violates the principle of<br />
complete mediation
Principle of Open Design<br />
�� The principle of open design states that the<br />
security of a mechanism should not depend<br />
on secrecy of f it its ddesign i or iimplementation l t ti<br />
◦ If the strength of a program’s security depends on<br />
the ignorance of f user, a knowledgeable user can<br />
defeat the security mechanism<br />
� “S “<strong>Security</strong> through h h obscurity” b ” is not a good d principle l<br />
◦ This principles does not apply to information<br />
such h as passwords d or cryptographic hi keys k (these ( h<br />
are data <strong>and</strong> not algorithms)
Principle of Open Design (Cont (Cont.) )<br />
�� Issues of proprietary software <strong>and</strong> trade<br />
secrets complicate the application of this<br />
principle<br />
� In some cases companies do not want<br />
their hi ddesigns i made d public bli to protect them h<br />
from competitors<br />
� The principle then requires that the<br />
design g <strong>and</strong> implementation p<br />
be available to<br />
people barred from disclosing it outside<br />
the company p y
Principle of Separation of Privilege<br />
�� The principle of separation of privileges<br />
states that a system should not grant<br />
permission based on a single condition condition.<br />
� In other words: more than one condition<br />
must b be verified ifi d i in order d to gain i access<br />
◦ Separation of duty<br />
� Example: company check for more than $75,000 must<br />
be signed by two officers of the company<br />
� EExample: l O On BBerkeley-based k l b d versions i of f Unix, U i a user<br />
is not allowed to change from his accounts to the<br />
root account unless two conditions are verified: (i) ( ) the<br />
user knows the root password; (ii) the user is in the<br />
wheel group (with GID 0)
Principle of Least Common Mechanism<br />
�� The principle of least common<br />
mechanism states that mechanisms used<br />
to access resources should not be shared<br />
◦ Information can flow along g shared channels<br />
◦ Covert channels<br />
�� Isolation<br />
◦ Virtual machines<br />
◦ S<strong>and</strong>boxes
Principle of Least Common Mechanism<br />
(Example)<br />
�� For example example, serving an application on the<br />
Internet allows both attackers <strong>and</strong> users to<br />
gain access to the application application. Sensitive<br />
information can potentially be shared<br />
between the subjects via the mechanism.<br />
� A different mechanism for each subject or<br />
class of subjects can provide flexibility of<br />
access control among various users <strong>and</strong><br />
prevent potential security violations that<br />
would otherwise occur if only one<br />
mechanism was implemented.
Principle of Psychological Acceptability<br />
� The principle p p of psychological p y g acceptability p y states<br />
that security mechanisms should not make the<br />
resource more difficult to access than if the security<br />
mechanisms were not present<br />
◦ Hide complexity introduced by security mechanisms<br />
◦ Ease of f installation, configuration, f use<br />
◦ Human factors critical here<br />
◦ O On the th other th h<strong>and</strong>, h d security it requires i that th t th the messages<br />
impart no unnecessary information<br />
� For example, p , if a user supplies pp the wrong g p password, , the system y<br />
should reject the attempt with a message saying that the login<br />
failed. If it were to say that the password was incorrect, the user<br />
would know that the account name was legitimate g
Privacy
Privacy ??<br />
�� Information Privacy is the ability of an<br />
individual to control the use <strong>and</strong> dissemination<br />
of information that relates to himself or<br />
herself.<br />
�� The word “Privacy” Privacy means different things in<br />
different contexts:<br />
◦ Freedom from intrusion intrusion.<br />
◦ <strong>Control</strong> of personal information.<br />
◦ <strong>Control</strong> of one’s one s image or name name.<br />
� The historic driver of the privacy problem is<br />
the “bad bad people” people problem problem.
Approaches to Privacy<br />
Enforcement<br />
� GGovernmental l SSt<strong>and</strong>ards d d<br />
◦ Enforcement by regulatory agencies, states, etc.<br />
� Industry St<strong>and</strong>ards<br />
◦ “Codes Codes of conduct” conduct<br />
◦ Limited enforcement through licensing<br />
◦ Limited enforcement from government<br />
� Unregulated g Market<br />
◦ Reputation<br />
�� Technology can help in all of these cases cases.
Fair Fair Credit Credit Reporting Reporting Act, Act 1970<br />
1970<br />
�� Right to:<br />
◦ See your credit report.<br />
◦ Challenge incorrect information.<br />
◦ Information automatically y expire p after 7 years. y<br />
◦ Know who accesses your report.<br />
◦ Free credit report if you are denied credit credit.
The Code of Fair Information<br />
Practice (1973)<br />
�� Included:<br />
◦ No Secret record-keeping systems.<br />
◦ Right to see your record.<br />
◦ Information obtained for one purpose p p may y<br />
not be used for another purpose.<br />
◦ Right to correct or amend incorrect records records.<br />
◦ Organizations must assure the reliability of<br />
data <strong>and</strong> take precautions to prevent misuse misuse.
Other Privacy Acts<br />
�� HIPAA: Health Insurance Portability<br />
<strong>and</strong> Accountability Act<br />
� COPPA COPPA: Child Children’s ’ Online O li Privacy P i<br />
Protection Act<br />
◦ Applies to online collection of info on<br />
children under 13.<br />
� Gramm-Leach-Bliley Act<br />
� Sarbanes-Oxley: Public Company<br />
y p y<br />
Accounting Reform <strong>and</strong> Investor<br />
Protection Act
Other Privacy Acts<br />
�� Gramm Gramm-Leach-Bliley Leach Bliley Act<br />
◦ Consumers must be informed of privacy<br />
policies<br />
� Initial notice<br />
� Annual notice<br />
� Notices were mostly ignored!<br />
◦ Consumers must have a chance to “opt-out”<br />
� Many y different ways y to “opt-out” p<br />
� Have you ever opted out?
Other Privacy Acts<br />
�� Sarbanes Sarbanes-Oxley: Oxley: Public Company<br />
Accounting Reform <strong>and</strong> Investor<br />
Protection Act<br />
◦ Insider Trading<br />
◦ Conflict of Interest<br />
◦ Public disclosures<br />
◦ Public disclosures<br />
◦ Assessment of internal controls<br />
◦ M<strong>and</strong>atory disclosures
Example: Patient Records<br />
Name a e SSN SS DOB O Sex Se Zip p<br />
Code<br />
Disease sease<br />
DOB<br />
1/21/76<br />
4/13/86<br />
2/28/76<br />
1/21/76<br />
4/13/86<br />
2/28/76<br />
Sex Andre<br />
BBarbra b<br />
Male James<br />
Female Bob<br />
Male Carol<br />
Male Alice<br />
Female<br />
Female<br />
Zip 400-44-1234 Disease 1/21/76<br />
Code 420 420-33-1434 33 1434 4/13/86<br />
53715 603-00-1444 Heart 2/28/76 Disease<br />
53715 412-22-1111 412 22 1111 Hepatitis p 1/21/76<br />
53703 210-12-2222 Bronchitis 4/13/86<br />
53703 450-45-6666 Broken 2/28/76 Arm<br />
53706 Flu<br />
53706 Hang Nail<br />
Male 53715 Heart Disease<br />
Name DOB Sex Zip p<br />
FFemale l 53715 HHepatitis<br />
Code<br />
Male<br />
Andre<br />
53703<br />
1/21/76<br />
Bronchitis<br />
Male 53715<br />
Male<br />
BBethh 53703<br />
1/10/81<br />
Broken<br />
FFemale l<br />
Arm<br />
55410<br />
Female<br />
Carol<br />
53706<br />
10/1/44<br />
Flu<br />
Female 90210<br />
Female<br />
Dan<br />
53706<br />
2/21/84<br />
Hang<br />
Male<br />
Nail<br />
02174<br />
Ellen 4/19/72 Female 02237<br />
Voter Registration Data<br />
Rl Released d Medical Md l Data<br />
D
Cryptography Overview
Cryptography<br />
� Basic assumptions<br />
◦ Message to be encrypted<br />
◦ Algorithms (publicly known) to encrypt/decrypt message<br />
◦ Key y( (known only yto sender/recipient) p )<br />
◦ Given only algorithms <strong>and</strong> encrypted message, nobody knows a<br />
method to decrypt that is significantly faster than trying all keys<br />
� Types of attacks<br />
◦ Ciphertext only<br />
◦ Known plaintext<br />
◦ Chosen plaintext<br />
� Real attacks generally don’t break cryptography!<br />
◦ Don’t pick the lock, tunnel into the vault
Symmetric Cryptography<br />
�� The secret key that seals also unseals<br />
◦ M’ = f(M,key) encryption or sealing<br />
◦ M = f’(M’ f’(M’,key) k ) ddecryption p i or unsealing li<br />
� Uses:<br />
◦ Prevent eavesdropping<br />
� Must be secure channel for key exchange<br />
◦ Secure storage<br />
� I have to remember my key<br />
◦ Authentication<br />
� Challenge/response<br />
◦ Integrity Check<br />
� Checksum on the message<br />
� Encrypt the checksum
Public Key ( (Assymetric ( (Assymetric Assymetric) ) Cryptography<br />
�� First published in 1976 (Diffie (Diffie-Hellman) Hellman)<br />
◦ More common today: RSA<br />
� Matched pair of keys<br />
◦ Public key (e) to encrypt<br />
◦ Private key (d) to decrypt<br />
� F For iintegrity, i encrypt checksum h k with i h<br />
sender’s private key<br />
◦ Only sender’s public key will decrypt properly
Public Key ( (Assymetric ( (Assymetric Assymetric) ) Cryptography<br />
�� Uses:<br />
◦ Prevent eavesdropping<br />
◦ Authentication<br />
◦ Integrity g y<br />
� Problem: public key algorithms slow<br />
◦ SSolution: l ti Use U t to share h secret t key<br />
k
Public Key Cryptography:<br />
Non Non-repudiation repudiation<br />
�� Message Integrity Checksum (MAC) can<br />
convince Recipient that Sender created message<br />
◦ Message correct, from right source<br />
� But can’t convince anyone else!<br />
◦ Sender, recipient share key<br />
◦ Either could generate message<br />
� Public key solves this problem<br />
◦ Private key required to encrypt<br />
◦ Only y<br />
known to sender
Public Key Cryptography<br />
�� Public key d d, private key e<br />
◦ m = e(d(m)) = d(e(m))<br />
� Given d, d(m), hard to find m<br />
◦ same for e, e(m)<br />
� Given d, hard to find e<br />
◦ same for e, d<br />
� Most based on modular arithmetic<br />
◦ Modular exponentiation
Algorithms: Diffie Diffie-Hellman Hellman<br />
�� Goal: Two parties agree on common<br />
number<br />
◦ E E.g., l learn shared h d key k<br />
� Initial: large prime p, g < p<br />
◦ publicly known<br />
� Each chooses secret<br />
� T = g s mod p<br />
� Exchange <strong>and</strong> repeat<br />
� Exchange <strong>and</strong> repeat<br />
◦ Result is the same
Algorithms: Diffie Diffie-Hellman Hellman (Problems)<br />
�� Authentication<br />
◦ Am I talking to the right person?<br />
� Man in the middle<br />
◦ Sets up session with either end
Algorithms: RSA<br />
(Rivest, Shamir, Adleman)<br />
�� Key generation<br />
◦ Choose primes p,q<br />
◦ Ch Choose e relatively l ti l prime i t to ( (p-1)(q-1) 1)( 1)<br />
◦ Public key <br />
◦ PPrivate i key k d where h d = 1/(e 1/( mod d ( (p-1)(q-1)) 1)( 1))<br />
� Encrypt: c = me mod n<br />
◦ Decrypt: m = c d mod n<br />
� de = 1 mod (p-1)(q-1), so m = (m e ) d mod n<br />
� Breakable if we can factor (why?)
Hash Algorithms<br />
�� Transform arbitrarily long message m into (short)<br />
fixed-length message h(m)<br />
◦ Must be easy to compute h(m)<br />
◦ Given h(m), hard to find (an) m<br />
◦ Hard to find m 1 <strong>and</strong> m 2 such that h(m ( 1)=h(m 1) ( 2) 2)<br />
� Goal: h(m) should appear r<strong>and</strong>om<br />
◦ Non-trivial to define “appear pp r<strong>and</strong>om”<br />
� Uses<br />
◦ Password storage g (easy ( y to verify y that it is probably p y<br />
correct)<br />
◦ Integrity: Send m, h(m|s)<br />
◦ Storage integrity
Changing one input bit should<br />
change ~50% of the output bits.<br />
Message MD5<br />
“this is a test” ff22941336956098ae9a564289d1bf1b<br />
“this is c test” c5e530b91f5f324b1e64d3ee7a21d573<br />
“this is a test ” 6df4c47dba4b01ccf4b5e0d9a7b8d925
128 ? 128 ?<br />
How big is 2 2128 How big is 2 2128 �� MD5 is 128 bits long<br />
� 2 128 =<br />
340,282,366,920,938,463,463,374,607,431,7<br />
68,211,456 , ,<br />
� If you could try a billion 2 combinations a<br />
second, d it would ld take t k 10,790 10 790 billion billi years
Message Digest Algorithms<br />
�� Rivest Functions:<br />
◦ MD2 (128 bits)<br />
◦ MD4 (128 bits)<br />
◦ MD5 (128 ( bits) )<br />
� NIST Functions:<br />
◦ SHA (160 bits) bit ) SHA SHA-1 1 (160 bit bits) )<br />
◦ SHA-512, SHA-1024<br />
� Other Functions:<br />
◦ Snerfu, N-Hash, N Hash, RIPE-MD, RIPE MD, HAVAL
(Strange) Hash Uses<br />
�� Authentication<br />
◦ A sends challenge rA ◦ B responds with h(k|r h(k|rA) A) <strong>and</strong> r B<br />
◦ A responds with h(k|rB) � Integrity / Message Authentication Code<br />
◦ h(m | k)<br />
�� Generate a one-time one time pad<br />
◦ h(k | r) gives first block, then h(k | bi-1) gives bi �� Can also generate a hash using symmetric<br />
encryption<br />
67