Network security - FTP Directory Listing

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

82 εμφανίσεις

Network security

Basic encryption techniques

Luk Stoops VUB
-

programming laboratory

Security Problems


Student


To have fun snooping on people’s email


Hacker


To test out someone’s security system; steal data


Sales rep


To claim to represent all of Europe, not just Andorra


Businessman


To discover a competitor’s strategic marketing plan

Security Problems


Ex
-
employee


To get revenge for being fired


Accountant


To Embezzle money from a company


Stockbroker


To deny a promise made to a customer by email

Security Problems


Con man


To steal creditcard numbers for sale


Spy


To learn an enemy’s military strength


Terrorist


To steal germ warfare secrets





...

Network Security


Secrecy


user authorisation


Authentication


determining who you are talking to


Nonrepudiation


signatures


Integrity control


received message, is it not modified ?

Traditional Cryptography

Encryption

Decryption

Plaintext

P

Plaintext

P

Intruder

Encryption key

Ek

Decryption Key

Dk

Ciphertext

C=Ek(P)

Some Terminology


Cryptanalysis


The art of breaking ciphers


Cryptography


The art of devising ciphers


Cryptology


Cryptanalysis & Cryptography


Method of Encryption


Cryptanalyst knows method of encryption


Amount of effort to invent, test and install a
new method every time the old method is
compromised or thought to be compromised
has always made it impractical to keep this
secret


This is where the
key

enters

The Key


Combination Lock


2 digits = 100 possibilities


3digits = 1000 possibilities


Workfactor for the cryptanalyst by
exhaustive search of the key space is
exponential in the key length


range from 64
-
bit to 256
-
bits keys

Cryptoanalyst Variations


Ciphertext only


only ciphertext


Known plaintext (“please login”)


matched ciphertext and plaintext


Chosen plaintext


matched ciphertext and chosen plaintext

Substitution Cipher

A
BCDEFG
H
IJK
L
MNOPQRSTUVWXYZ

B
CDEFGH
I
JKL
M
NOPQRSTUVWXYZA



Caesar cipher

ABCDEFG
H
IJKLMNOPQRSTUVW
X
Y
Z

QWERTYU
I
OPASDFGHJKLZXCV
B
N
M

Monoalphabetic substitution

Monoalphabetic Substitution


26! = 4 . 10 possible keys


1
m
sec per solution = 10 years


Statistical properties


most common letters: e, t, o, a, n, i, …


most common digrams: th, in, er, re, an


most common trigrams: the, ing, and, ion


Counting relative frequencies and assigning
most common letters, then digrams ..


Guessing likely words (financial)

26

13

Transposition Cipher


Reorder the letters but do not disguise them


afllskaselawabtoosscdlnmoman


esilyntrnntsoepaedobueriricc


Breaking transposition ciphers


Frequency analysis: normal pattern


guess number of columns


digrams depend on keylength


ordering found by english


plaintext digrams



MEGABUCK

74512836

pleasetr

ansferon

emillion

dollarst

omyswiss

bankacco

untabcde


One
-
Time Pads


Unbreakable cipher


A



B


C


010000010100001001000011

data


101100110101010011010100

random bit key


111100100001011010010111

ciphertext



key on CD ?

Cryptographic principles


All encrypted messages must contain some
redundancy information


active intruders cannot send random junk


easier to break the message


Prevent active intruders from playing back
old messages (timestamps)

Secret
-
Key Algorithms



Complex and involuted encryption algorithm

P
ermutation
S
ubstitution

2
12

= 4096

8 x 4 = 32

Data Encryption Standard (DES)

DES (cont.)


IBM 1977


No longer secure in its original form


Parameterised by 56
-
bit key


19 stages


Decryption with same key in reverse order


Complexity lies in iteration function







(S
-

& P boxes)


DES Subversion


DES is basically a monoalphabetic substitution


Encrypting a longer message is done by breaking
it up in consecutive 8
-
byte (64
-
bit) blocks

DES Chaining


Chaining makes block i a function of all previous blocks


Same plaintext no longer maps onto the same cyphertext

Random initialisation vector IV

DES Cipher Feedback Mode


Byte
-
by
-
byte encryption


initialisation vector needed

Congratulations ! You have won the Chinese Lottery.

To collect, please call 0800
-
11111111

Breaking DES


Original 128
-
bit key reduced to 56 under NSA pressure


1977 20 million $ DES breaking machine in one day


140.000 people checking 7x10
16
keys in a month


Chinese Lottery


1.2 billion people with chip that searches 1 million
encryption's / sec


within 60 sec key is found

Des Cracker


July 17, 1998: EFF Builds DES Cracker


$220,000 device


Average of 4.5 days to crack a key


June 8, 1998: government :



“FBI is unable to crack DES”


56
-
bit key is too short

http://www.eff.org/descracker/

Breaking DES (cont.)


Insecure DES is still widely used for secure
applications such as banking


Using DES 2 times ?


2
112
= 10
33


1 billion DES chips, 1 billion operations / sec
takes 100 million years


meet
-
in
-
the
-
middle attack: 2
57
operations

Triple Encryption DES


EDE for backward compatibility with
single
-
key DES systems (k1 = k2)


No breaking method known


Not enough silicon in the universe.


Not enough time before sun burns out.


3
-
key EEE system is even better (168
-
bits)

I
nternational
D
ata
E
ncryption
A
lgorithm

IDEA


Swiss


128
-
bit


generates


52


16
-
bit keys


6 / iteration


4 / transform

A
dvanced
E
ncryption
S
tandard


1972:

N
ational
I
nstitute of
S
tandards and
T
echnology


public request for encryption algorithm


DES


January 1997: new public request for AES


15 submissions in June 1998 (12 survived)


March 1999 (5 candidates)


January 2000 (winner)


http://www.nist.gov/aes/

Public
-
Key Algorithms


Key protection and distribution problem


1976 Diffie and Hellman (Stanford univ.)


encryption and decryption key are different


decryption key can not be derived from the
encryption key


encryption key is made public

A

B

Ea

Da

Eb

Db

Eb(p)

RSA Algorithm


R
ivest,
S
hamir,
A
dleman


based on the difficulty of factoring large
numbers


Factoring a 200
-
digit number requires


4 billion years of computer time


too slow for encrypting large volumes of data


Used to distribute a one
-
time session keys for
use with DES or IDEA

Knapsack algorithm


Merkle and Hellmann 1978


Large number of objects with different weight


selecting a subset in knapsack


total weight and list of possible objects is public



broken by Shamir and Rivest

Authentication

Alice

Bob

Trudy


Technique used by a process to verify that
its communication partner is who it is
supposed to be

Key


Distribution

Centre

Authentication

Shared Secret Key


Key agreed upon on the telephone or in person


R random 128
-
bit number

Authentication

Shared Secret Key (cont.)


Combining information








But ...

Authentication

The Reflection Attack


Designing a correct authentication protocol
is harder than it looks

Authentication

Safety rules


Have the initiator prove who she is before
the responder has to


Have the initiator and responder use
different keys for proof (K
ab

K
ab
’)


Have the initiator and responder draw their
challenges from different sets


(even & odd numbers)



Authentication

Establishing a Shared Key


Diffie
-
Hellman key exchange


n, g, (n
-
1)/2 : large prime numbers


512
-
bit

512
-
bit



But ...

Authentication

The Bucket Brigade Attack


(wo)man
-
in
-
the
-
middle attack








Interlock protocol (a/2
-

b/2
-

a/2
-

b/2)

Authentication

Key Distribution Center


Ks = session key






Authentication happens for free


But ...

Authentication

Replay Attack


Trudy gets a job from Alice


Alice ask Bob to transfer money to Trudy





Trudy, snooping on the network copies the
message (2) and the money
--
transfer request
that follows it


Trudy replays this messages

KDBC

Authentication

Needman
-
Schroeder


Timestamps


Unique message number (nonce)


Multiway challenge
-
response protocol

Authentication

Kerberos


Used in many real systems


Authentication server


Ticket
-
Granting server

Authentication

Public
-
Key


Public keys must be known


Public keys in a public database ?


bucket brigade attack possible

Digital Signatures


Signing

(
an order to buy a ton of gold)



1

The receiver can verify the claimed identity of
the sender

2

The sender cannot later repudiate the contents
of the message


3

The receiver cannot possibly have concocted
the message himself

Digital Signatures

Secret
-
Key Signatures


Proof that the message came from Alice


BB only accept messages from A if encrypted with Ka


Bob produces exhibit K
BB
(A,t,P)


R
A
(random number) + t (timestamp) to prevent


replay attacks


Big Brother

Digital Signatures

Public
-
Key Signatures


Does not require a trusted authority


P = E(D(P)) = D(E(P))


Proof: Bob produces exhibit P and D
A
(P)






But...

Digital Signatures
Public
-
Key Problems


Alice discloses her secret key


If the price of gold drops, she can repudiate
here message to Bob by telling the police here
key was stolen


Alice decides to change her key


Some authority should record all key changes
and their dates


Digital Signatures
Message Digests


Authentication without secrecy


Given P, it is easy to compute MD(P)


Given MD(P), it is effectively impossible to find P


No one can generate two messages that have the same
message digest


MD5 Rivest (RSA)


SHA Secure Hash Algorithm (NIST, 1993)

Digital Signatures

Digest in SET


Changing a single bit in the message will
change roughly half the bits in the message
digest.

Digital Signatures
D
igital
S
ignature
S
tandard


1991, National Institute of Standards and Technology


El Gamal public
-
key algorithm


difficulty of computing discrete logarithms


Too secret (NSA)

Too new (not yet thoroughly analysed)

Too slow (10 to 40 times slower than RSA)

Too insecure (512
-
bit key)

Email Privacy


P
retty
G
ood
P
rivacy
(Zimmermann)


Privacy


Authentication


Digital signatures


Compression


Free of charge via the Internet



P
rivacy
E
nhanced
M
ail

PGP

Content +

typing speed

Cipher
feedback
mode

PGP message


RSA key lengths


Casual (384
-
bit): can be broken with large budget


Commercial (512
-
bit): breakable by TLA organisations


Military (1024): not breakable by anyone on earth


Alien (2048): not breakable by anyone in the universe

Browser security


SSL (
S
ecure
S
ocket
L
ayer)
-

Netscape


Public key cryptography.


Certificates (verisign, Belsign, AT&T …)


data encryption


server authentication


message integrity


client authentication

Java Security API


import java.security.*;



MessageDigest messagedigest =
MessageDigest.getInstance(”SHA”);



KeyPairGenerator keypairgenerator =
KeyPairGenerator.getInstance(”DSA”);



Signature signature =
Signature.getInstance(”DSA”);


{ Signature signature =


Signature.getInstance("DSA");



signature.initSign(privatekey);


int n = 0;


byte [] s = new byte [1000];


while ((n = inputstreamMessage.read(s)) >
-
1)


{


signature.update(s, 0, n);


}


s = signature.sign();


return s;


}

Signing an input stream in Java

Suggested Readings



Tanenbaum, Andrew, S., ”Computer Networks”


Anderson,R., “Why Cryptosystems Fail”


Kaufman et al., “Network Security”


Schneier, “Applied Crypthography”


Dr. Dobb’s journal, december 1998