Security Overview,

Threat Pragmatics
&
Cryptography
Issue Date:
Revision:
 Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics

2
3
 Why Security?
• The Internet was designed for connectivity
– Trust was assumed
– Security protocols added on top of the TCP/IP

• The Internet has become fundamental to our daily

activities (business, work, and personal)

4
 Internet Evolution

LAN connectivity Content driven Data on the Cloud

(email, web, music, video)

Security (threats and challenges) change as the

Internet evolves!

5
 Not-so Recent Incidents
• Slingshot (March 2018) - APT

– Active since 2012!

– Compromise MikroTik routers

• not much clarity to on how they do it, but assumed to be based on the
ChimayRed exploit - https://github.com/BigNerd95/Chimay-Red

– replace one of the dll in the router's file system with a

malicious one (ipv4.dll)
• loaded into user's computer when they run the Winbox tool

– Once infected
• capture screenshots, collect network info, passwords on browsers,. key
strokes etc

6
 Not-so Recent Incidents
• Meltdown/Spectre (Jan 2018)

– Exploits processor vulnerabilities!

• Intel, AMD, ARM

– Meltdown (CVE-2017-5754):
• Breaks the isolation between programs & OS
• An application could read kernel memory locations

– Spectre (CVE-2017-5753/CVE-2017-5715)
• Breaks isolation between applications
• An application could read other application
memory

7
 Not-so Recent Incidents
• (Not)Petya Ransomware/Wiper (June 2017)
– Exploited a backdoor in MeDoc accounting suite
• Update pushed on June 22 from an update server (stolen credentials)
• proxied to the attacker’s machine (176.31.182.167)

– Spread laterally across the network (June 27)

• EternalBlue exploit (SMB exploit: MS17-010)
• through PsExec/WMIC using clear-text passwords from memory
• C:\Windows\perfc.dat hosted the post-exploit code (called by
rundll32.exe)

8
 Not-so Recent Incidents
• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries
– Remote code execution in SMBv1 using EternalBlue exploit
• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)
• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017

9
 Not-so Recent Incidents
• SHA-1 is broken (Feb 23, 2017)
– colliding PDF files: obtain same SHA-1 hash of two different
pdf files, which can be abused as a valid signature on the
second PDF file.
• https://shattered.io

10
 Find any device
• shodan.io

11
 haveibeenpwned.com
• Have you been compromised?
– Tracks compromised accounts and released into the wild
• 364 pwned websites
• >7 million pwned accounts
• ~100K pastes

[email protected]

12
 Acknowledgment
• Most of the content from:

Steven M.Bellovin’s “Thinking Security”

https://www.cs.columbia.edu/~smb/

13
 Before we start…
• What are we protecting - asset? and
• From whom?

• All security system designs should be based on these

questions!

14
 Attack Motivation
(Who are your Enemies?)

• Nation states want SECRETS

• Organized criminals want
MONEY
• Protesters or activists want
ATTENTION
• Hackers and researchers
want KNOWLEDGE
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html

Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014

15
Who are your Enemies?
• Script kiddies:
– little real ability, but can cause
damage if you’re careless

• Money makers:
– Hack into machines, turn them
into spam engines, etc.

• Government intelligence
agencies, AKA Nation State
Adversaries

16
 The Threat Matrix

Opportunistic Advanced Persistent

hacks Threats

Joy hacks Targeted attacks

Degree of Focus

Source: Thinking Security – Steve M. Bellovin

17
 Joy Hacks
• For fun
– with little skill using known exploits

• Minimal damage
– especially unpatched machines

• Random targets
– anyone they can hit

• Most hackers start this way

– learning curve

18
 Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom
they hit
– Know many different vulnerabilities and techniques

• Profiting is the goal - bank account thefts, botnets,

ransomwares….
– WannaCry? Petya?

• Most phishers, virus writers, etc.

19
 Targeted Attacks
• Have a specific target!

• Research the target and tailor attacks

– physical reconnaissance

• At worst, an insider (behind all your defenses)

– Not-so happy employee L

• Watch for tools like “spear-phishing”

• May use 0-days

20
 Advanced Persistent Threats
• Highly skilled (well funded) - specific targets
– Mostly 0-days

• Sometimes (not always) working for a nation-state

– Think Stuxnet (up to four 0-days were used)

• May use non-cyber means:

– burglary, bribery, and blackmail

• Note: many lesser attacks blamed on APTs

21
 Are you a Target?

• Biggest risk?
– assuming you are not interesting enough!

• Vendors/System Integrators and their take

on security:
– Either Underwhelming or Overwhelming L

22
 Defense Strategies

• Depends on what you’re trying to protect

– Assets

• Tactics that keep out teenagers won’t keep

out a well-funded agency

• But stronger defenses are often much more

expensive and cause great inconvenience

23
 What Are You Protecting?
• Identify your critical Assets
– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?

• Place a Value on the Asset

– Different assets require different level of protection
– Security measures must be in proportion with asset value
• How much can you afford?

• Determine Likelihood of breaches

– threats and vulnerabilities?

24
 Exercise
• Imagine you had a bar of gold to protect

– What container would you put it in?

– What room would the container be in?
– What locks are on the doors?
– Where is the room located in the building?
– What cameras are watching the room and building?
– What humans are watching the cameras?
– Who will respond with force to a theft attempt?
– How much did all of these cost?

25
Threats, Vulnerability, and Risks

• Threat • Vulnerability
– circumstance or – A weakness in an asset that can
event with potential be exploited
to cause harm to an • Software bugs
asset • Design flaws/protocol bugs
• Configuration mistakes
• Lack of encryption
• Lack of or no physical security

• Risk
– The likelihood that a particular vulnerability will be exploited
Risk = Threat x Vulnerability
Risk = Impact (Consequence) x Threat x Vulnerability

26
 Risk Assessment Matrix

• Managing risks
– Probability-Impact matrix to define the
level of risk
• Commonly used in real-world risk assessment

High Medium High High

IMPACT

Medium Low Medium High

Low Low Low Medium

Low Medium High

LIKELIHOOD

27
 Measuring Risks

Risk = Threat x Vulnerability x Consequence

Probability/Likelihood x Impact
Threat Actor: Likelihood (discovery and Technical:
- Skill exploit): - CIA
- Motive - Discovery ease
- Opportunity - Exploit ease Business:
- Resources - Awareness - Financial
- Detection - Reputation
- Legal
implications

https://securityintelligence.com/simplifying-risk-management/

28
 Exercise
• Discuss:
– Some recent vulnerabilities
– How does it fit into the risk matrix?

• Place a risk in the matrix by assigning

ratings to its High Medium High High
– Severity/impact, and

IMPACT
– Probability Medium Low Medium High

Low Low Low Medium

• Remember: Low Medium High

Risk = Asset (or Impact) x Threat x Vulnerability

LIKELIHOOD/
PROBABILITY

29
 Against Joy Hacks

• By definition, joy hackers use known

exploits

• Patches exist for known exploits:

– Security updates/system patches
– Update antivirus database

• Ordinary enterprise-grade firewalls

– Closer to users/services

30
 Against Opportunistic Hacks

• Sophisticated techniques used

• You need multiple layers of defense

– Firewalls near users and services
– Host hardening
• Apply security updates, patches, AVs
– Monitoring
• Intrusion detection
• attention to log files

31
 Against Targeted Attacks
• Targeted attacks exploit knowledge of target
– Try to block or detect reconnaissance
– Security policies and procedures matter a lot
• How do you respond to phone callers?
• What do people do with unexpected email attachments?
• USB sticks in the parking lot?

• Hardest case: disgruntled employee or ex-employee

– Already behind your defenses
– Think Manning & Snowden

32
 Against APTs
• L VERY VERY hard to defend against!
• Use all of the previous defenses
– There are no sure answers

• Pay special attention to policies and procedures

• Investigate all oddities

33
 Defense in Depth

• Layer your security controls

– Provides redundancy in case of failure

https://commons.wikimedia.org/wiki/File:Caerphilly_aerial.jpg

34
 Example of Security Controls

Category Example of Controls Purpose

Make everyone aware of the
Policy & Cyber Security Policy, Incident importance of security, define
Procedure Handling Procedure role and responsibilities (pre and
post incident), understand scope
of the problem
Technical Firewall, Intrusion Detection Prevent and detect potential
System, AV, Logging Systems attacks, mitigate risk of breach

Physical CCTV, Locks, Biometrics, Secure Prevent physical theft of

working space information assets or
unauthorized physical
access

35
 However…

• Every machine (connected) is valuable

• They could be turned into bots

– Send spam, launch DDoS, host phishing sites
– Sniff your local traffic

• Defense:
– watch outbound traffic from your network

36
 Summary
• Use proper crypto

• Layer your defenses:

– Policies, Procedures, and Awareness
• Strictly follow
• Revise and audit frequently
– Physical security
– Firewalls closer to services/users
– Host hardening
• Updated patches and AVs
– Application Hardening
– Backup important data
– IDS/IPS (anomaly detection)

37
 Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics

38
 Goals of Security

SECURITY
Confidentiality Integrity Availability

prevent safeguard the authorized users

unauthorized use accuracy and have reliable and
or disclosure of completeness of timely access to
information information information

39
 Access Control
• To permit or deny the use of resource(s)

• All about:
– Authentication (who is the user)
– Authorization (who is allowed to use what)
– Accountability (what did the user do)
 Authentication
• Verify a user’s identity
– “User” may refer to:
• a person
• an application or process
• a machine or device

• Identification comes before authentication

– Ex: username to establish user’s identity

• To prove identity, a user must present either:

– What you know (passwords, passphrase, PIN)
– What you have (token, smart cards, passcodes, RFID)
– Who you are (biometrics such as fingerprints and iris scan,
signature or voice)
 Strong Authentication
• An absolute requirement!

• Two-factor authentication
– Passwords (something only you know)
– Tokens (something only you have)

• Examples:
– Passwords
– Tokens
– PINs
– Biometrics
– Certificates
 Two-factor Authentication
• At least two authentication ‘factors’ to prove user’s
identity
– something you know
• Username/password
– something “only” you have
• Token using a one-time password (OTP), or a SMS code

• OTP is generated using a device in physical

possession of the user
– generated each time and expires after some time
– through applications on your device
• Authy/Google Authenticator
 Authorization
• Defines the user’s rights and permissions on a
system
– Typically ‘if authenticated’

• Grants a user access to a resource and actions they

are permitted to perform on that resource
 Authorization Concepts
• Authorization Creep
– When users may possess unnecessarily high access
privileges within an organization

• Default to Zero (Zero trust)

– Start with zero access and build on top of that

• Principle of lease privilege

– give access only to information that the user absolutely need
 Authorization - Single Sign On
• User logs in only once and gains access to all authorized
resources within a system
• Benefits:
– Ease of use
– Reduces logon cycle (time spent re-entering passwords for the
same identity)
• Common SSO technologies:
– Kerberos (prevents replays – T_REQ:timestamp/lifetime)
– RADIUS
– OTP Token
– SAML/OpenID
• Disadvantage: Single point of attack
– May need to mix with MFA
 Accounting
• What did the user do with the resource?

• Actions of an entity to be traced back uniquely to

that entity
– Senders cannot deny sending information
– Receivers cannot deny receiving it
– Users cannot deny performing a certain action

• Supports nonrepudiation, deterrence, fault isolation,

intrusion detection and prevention and after-action
recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
 Types of Access Control
• Centralized Access Control
– RADIUS
• Encrypts the password
– TACACS+
• Encrypts the entire message
– Diameter (TCP)
• Enhanced RADIUS (reliable and secure channel)

• Decentralized Access Control

– User database maintained on the resource
• Not scalable
• No method for consistent control
 Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics

49
 Target
• Targets could be:
– Network infrastructure
– Network services
– Application services
– End user machines
 Uneven Playing Field

• The defender has to think about the entire

perimeter
– all the weakness

• The attacker has to find only one weakness

• This is not good news for defenders

51
 Attack Surface
• Entire Perimeter you have to Defend

Firewall

SMTP Application

Web Server
DNS

Power Fiber

52
 Soft Gooey Inside
• But it is not just the perimeter!
Firewall

SMTP Application

USB Sticks
Spearfishing
Web Server Passwords DNS
Ex-Employees
SysAdmins

Fiber
Power

53
 Attacks on Different Layers
Application Layer 7: HTTP, FTP, IMAP, LDAP, NTP,
Application
Radius, SSH, SMTP, SNMP, Telnet, DNS,
DHCP
Presentation DNS Poisoning, Phishing,
SQL injection, Spam/Scam

Session Layer 5: NFS, Socks

Transport
Transport Layer 4: TCP, UDP, SCTP
TCP attacks, Routing
attack, SYN flooding
Network Internet
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
Ping/ICMP
Flood, Sniffing
Data Link Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Network Access
ARP spoofing, MAC
Physical (Link Layer)
flooding

OSI Reference Model TCP/IP Model

54
 Layer 2 Attacks
• ARP Spoofing
• MAC attacks
• DHCP attacks
• VLAN hopping

55
 ARP Spoofing
I want to connect to Wait, I am 10.0.0.3!
10.0.0.3. I don’t know the
MAC address

10.0.0.2
BB-BB-BB-BB-BB-BB
ARP Request

10.0.0.3
10.0.0.1 ARP Reply CC-CC-CC-CC-CC-CC
AA-AA-AA-AA-AA-AA

AR
PR
ep
ly
ARP Cache poisoned. Machine A 10.0.0.4
connects to Machine D (not C) DD-DD-DD-DD-DD-DD

I am 10.0.0.3. This is my
MAC address

56
 MAC Flooding
• Exploits the limitation of all switches
– CAM stores mapping of individual MAC addresses to source
ports
– Finite memory

• Attacker floods the CAM table using spoofed source

MAC addresses

57
 DHCP Attacks
• DHCP Starvation Attack
– Broadcasting vast number of DHCP requests with spoofed
MAC address simultaneously.

• DHCP Spoofing
– Rogue DHCP

58
 Wireless Attacks- MITM
• Creates a fake access point and have clients
authenticate to it instead of a legitimate one.
• Capture traffic (usernames, passwords)

59
 Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless
security
• 104-bit WEP key:
– 50% of the time broken with 45k packets
– 95% of the time with 85k packets (in less than 60 seconds)
Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds",
Proceedings of the 8th international conference on Information security
applications, 2007

• Use WPA2 (wired protected access)

– WPA – 256-bit key
– WPA2 - AES

60
 Link-Layer Defense
• Dynamic ARP Inspection
– Protects against ARP spoofing

– uses DHCP Snooping

– forward ARP packets on Trusted interfaces without checks

– intercept all ARP packets on Untrusted ports and check

against IP-to-MAC binding
• Drop (and log) if no valid binding

61
 Link-Layer Defense
• Port Security
– Protects the MAC table

– Limit the number of MACs per port (static or sticky learning)

• Forwards valid frames (valid source MACs), and drops invalid frames

– Violation could trigger:

• Dropping of invalid frames and port shutdown, or
• Drop frames with/without notification

62
 Link-Layer Defense
• 802.1X
– Identity based network access control
– Protection against rogue devices (DHCP or AP) attaching to
a LAN

Client Authenticator AAA Server

EAP-Request/Id
EAP-Response/Id Access-Request

EAP-Request/pw Access-Challenge

EAP-Response/pw Access-Request
EAP-Success Access-Accept

Port Authorized

Image Source: www.en.wikipedia.org/wiki/IEEE_802.1X

63
 Layer 3 Attacks
• ICMP Attacks
– ICMP Smurf/Flood
– Ping of death

• Routing (control plane) attacks

64
 ICMP Flood/Smurf

Echo request Echo request

Broadcast
Network Address

Attacker
Echo reply to actual
destination
Other forms of ICMP attack:
-Ping of death

• Defense:
– Disable directed broadcast
no ip directed-broadcast
Victim

65
 Routing Protocol Attacks
• Malicious route insertion
– Poison routing table
– To divert traffic and eavesdrop
• Analyse/Modify/Drop packets

• BGP attacks
– hijack prefixes
– Tamper the path information

66
Defense- Routing Attacks
• Authenticate source of routing
updates CA
– Peer authentication X.509 Cert

Signed by Parent’s Private Key

• Origin Validation RFC 3779
Extension
– Rolled out today as RPKI
– ROA (resource certificate) signed by IP Resources
the owner (Addr & ASN)
• Verifies the origin AS (signed route
announcement) SIA – URI (repository) for
where this Publishes
• Path Validation Subject Public Key
– Sign the full path (ASNs traversed) (algorithm and key)
• In IETF process as BGPsec

67
 SYN Flooding
SYN

Server
SYN+ACK (Victim)

Attacker
ACK?

• Exploits the TCP 3-way handshake

• Attacker sends a series of SYN packets
• No ACK

• Retains state for bogus half-open connections

– Finite SYN_RECV queue size
– no more resources (memory) to for new legitimate
connections – drops!

68
 SYN Flood - Defense
• SYN Cookies
– MD5 hash (src IP, src port, dst IP, dst port, and ISN in SYN)
• Sent back as ISN in its SYN-ACK

– no states for half-open connections in memory

• until valid ACK: SEQ = ISN+1
• Store state after valid ACK

Enable:
vi /etc/sysctl.conf
Þ net.ipv4.tcp_syncookies = 1

Verify:
Þ cat /proc/sys/net/ipv4_tcpsyncookies
Þ sysctl –n net ipv4.tcp_syncookies

69
 Application Layer Attacks
• Very common:
– Scripting vulnerabilities

– Buffer overflow

– Cookie poisoning
• Tamper session information

– X-site scripting
• Client-side code injection

– SQL injection

70
 Application Layer - Defense
• User input validation
– SQL injection, X-site scripting

• Pen-test or vulnerability scan by experts

– Scripting vulnerabilities
– Buffer overflow (bounds checking)

71
 Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4
• On L7, DoS attack targets applications disguised as
legitimate packets
– exhaust application resources (bandwidth, ports, protocol
weakness)

• Includes:
– Slowloris
– RUDY (R-U-Dead Yet)
• POST request with long content length and write forms slowly
– LOIC/HOIC (Low/high orbit Ion canon)
• TCP/UDP/HTTP requests (H-only HTTP with scripts)

72
 Layer 7 DDoS – Slowloris
• Incomplete HTTP requests
– No blank line (\r\n) in request header

• Properties
– Low bandwidth
– Keep threads active
• Only affects threaded web servers (Apache)
• Doesn’t work through load balancers
– Keepalives to reset timeout

73
 Layer 7 DDoS – Defense
• Load balancers
– Delayed binding
– Perform HTTP Request header completeness check
• Request not sent to server until the final \r\n (CRLF) received from client

• Non-threaded webservers
– not vulnerable to slow header attacks

• ModSecurity
– Open source WAF plugin for Apache
– embedded or reverse proxy mode
• In front of the web server

74
 DNS Changer
• Anyone who controls Countries affected by
DNSChanger (2012):
your DNS controls what
you see!

• How:
– infect computers with
malware
– malware changes the user’s
DNS settings
• to attacker’s resolvers (specific Image Source: Kaspersky
address blocks)

75
 DNS Changer - Defense
• Find out if you are infected
– FBI:
• forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
• 64.28.176.0/20; 67.210.0.0/20; 77.67.83.0/24; 85.255.112.0/20;
93.188.160.0/23; 213.109.64.0/20

– DNSChanger Working Group:

• www.dcwg.org/fix/

• Clean up:
– Run free anti-malware tools
• DNSChanger WG site maintains clean-up guides and list of free tools to
remove the malware
– firewall rules to only allow queries to legitimate servers

76
 DNS Cache Poisoning
• Resolvers caching incorrect records that did not
originate from authoritative DNS servers

• Result:
– redirect to sites (controlled by the attacker)

77
 DNS Cache Poisoning

1 3
www.tashi.com 192.168.1.99
I want to access
www.tashi.com QID=64569
(pretending to be
QID=64570 the authoritative
zone)
QID=64571 match!

2
QID=64571
Client DNS Caching Root/GTLD
Server

QID=64571
3
www.tashi.com 192.168.1.1
WebServer
(192.168.1.1) ns.tashi.co
m

78
 Cache Poisoning - Defense
• DNSSEC – DNS security extensions
– Uses public-key crypto
• Records (RRset) signed with private key (authenticity and integrity)
• Signatures (RRSIG) published in DNS responses
• Public key published (DNSKEY) to verify signatures
• Child zones sign their records with their pvt key
• Parent sings the hash of child’s public key - DS (chain-of-trust)

79
 Cache Poisoning - Defense
t
. ne
ic
a pn bit)
w. DO DS ral)

🔑
w
Recursive Server w ( G, r Root Server
R SI refe
(root’s public key) R d
2 i gn
e
(S
Where is 3
1 www.apnic.net? www.apnic.net
4 (DO bit)
8 www.apnic.net RRSIG, DNSKEY , DS
Client is at Cache 5 (Signed referral)
(stub Resolver) 61.45.255.100 .net TLD
(Secure
resolution) 6 www
.ap
61. (DO nic.n
45. bit et
7 255
.10
(Si DNS 0, R
)

gne KEY RSI

d a G,

🗝
nsw apnic.net
er)
(authoritative)

80
 Amplification Attacks
• Exploits UDP protocol to return large amplified
amounts of data
– small request, LARGE reply

• Examples:
– DNS
– NTP
– Memcached

81
 DNS Amplification Attack
• A type of reflection attack combined with
amplification
– Source of attack is reflected off other machine(s)
– Traffic received is bigger (amplified) than the traffic sent by
the attacker

• UDP packet’s source address is spoofed

82
 DNS Amplification
Root/GTLD

Open DNS Resolvers

Bots

Queries (ANY) with

spoofed (victim’s) IP ns.example.com
www.example.com 192.168.1.1
dig ANY www.example.com @8.8.8.8
+edns=0 +notcp +bufsize=4096 +dnssec

Victim
Attacker

83
 Source IP spoofing – Defense
• BCP38 (RFC2827)
– Since 1998!
– https://tools.ietf.org/html/bcp38

• Only allow traffic with valid source addresses to

– Leave your network
• Only from your own address space

– To enter/transit your network

• Only from downstream customer address space

84
 uRPF – Unicast Reverse Path
• Unicast Reverse Path Forwarding (uRPF)
– Router verifies if the source address of any packets received
is in the FIB table and reachable (routing table)
• Drop if not valid!
– Recommended on customer facing interfaces

85
 NTP Amplification
• UDP 123
• NTP versions older than v4.2.7p26 vulnerable to
“monlist” attack (CVE-2013-5211)

– made easier by Open NTP servers (time.google.com)

– Monlist fetches the MRU list of NTP (600) associations

ntpdc -c -n monlist <NTP-Server-IP>

• Several incidents in 2014

– 400Gbps attack on cloud provider

86
 NTP Amplification - Defense
• BCP38
• Upgrade NTP (ntpd) server
– to v4.2.7p26 or later
– Removes/disables “monlist” command; replaced with
“mrulist”
• Requires proof that the command came from the address in the NTP
packet

• In older versions:
– disable ntp monitor and do not answer ntpq/ntpdc queries
vi /etc/ntp.conf

disable monitor
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

87
 Transport Layer Security
• SSL/TLS
• Secure Shell (SSH)

88
 Application Layer Security -
Encryption
• HTTPS
– PKI/centralised trust

• PGP (Pretty Good Privacy)

– Web of trust (decentralised trust)

• SMIME (Secure Multipurpose Internet Mail

Extensions)
– Chain of trust (centralised trust/CA)

89
 Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics

90
 Cryptography
• All about hiding information in plain sight!

91
 Cryptography Basics
• At its core is the aim to change ordered data into a
seemingly random string
– Using a secret key

C = F(P, k)
P – plain text
C – cipher text
k – cryptographic key

92
 Key is the key
• key length is a measure in bits
• key space is the number of possibilities that can be
generated by a specific key length

• Example :
– 22 key = a keyspace of 4
– 24 key = a keyspace of 16
– 240 key = a keyspace of 1,099,511,627,776

93
 Key is the key
• Assume everyone knows your encryption/decryption
algorithm
– Security of encryption lies in the secrecy of the keys, not the
algorithm!
• Kerckhoff’s Principle (1883)

• How do we keep them safe and secure?

94
 Work Factor
• The amount of processing power and time to break
a crypto system
– No system is unbreakable!

• The idea is to make it “expensive” to break/guess

95
Encryption and Decryption

ENCRYPTION DECRYPTION
ALGORITHM ALGORITHM

Plaintext (P) Cipher Text (C) Plaintext (P)

Encryption Key Decryption Key

96
 Symmetric & Asymmetric keys
• Two categories of cryptographic methods
– Symmetric and Asymmetric key encryption

97
 Symmetric Encryption
• Same key is used to encrypt and decrypt
– Both sender and receiver needs to know the key
• Also called shared secret-key cryptography
– The key must be kept a “secret” to maintain security

• Follows the more traditional form of cryptography

(pre 1970)
– key lengths ranging from 40 to 256 bits

• Widely used examples:

– DES/3DES, AES, RC4/6

98
 Symmetric Encryption

ENCRYPTION DECRYPTION
ALGORITHM ALGORITHM

Plain text Cipher text Plaintext

Encryption Key Decryption Key

Same shared secret-key

99
 Symmetric Encryption
• Advantages
– fast computation since the algorithms require small number
of operations

• Disadvantages:
– The sender and receiver needs to know the shared secret
key before any encrypted conversation starts
• How do we securely distribute the shared secret-key between the sender
and receiver?

– What if you want to communicate with multiple people, and

each communication needs to be confidential?
• How many keys do we have to manage? A key for each!
• Key EXPLOSION!

100
Symmetric Key Algorithms
Symmetric Algorithm Key Size
DES 56-bit keys (8 bits parity)
Triple DES (3DES) 112-bit and 168-bit keys
AES 128, 192, and 256-bit keys
Software Encryption (SEAL) 160-bit keys
RC2 40 and 64-bit keys
RC4 1 to 256-bit keys
RC5 0 to 2040-bit keys
RC6 128, 192, and 256-bit keys
Blowfish 32 to 448-bit keys

Note:
• Longer keys are more difficult to crack, but more
computationally expensive.

101
 Diffie-Hellman key ‘exchange’
• DH algorithm
– secure way to generate a shared secret between two
parties
– The key is NEVER exchanged or transmitted

102
 DH key ‘exchange’
– Alice and Bob agree on two random primes (x and y)

– Alice and Bob pick a secret number each (a and b)

• Which they DON’T share

– Alice computes A = xa mod y and sends to Bob

– Bob computes B = xb mod y and sends to Alice

– Alice then computes:

S = Ba mod y = (xb mod y)a mod y = xba mod y

– Bob also computes:

S = Ab mod y = (xa mod y)b mod y = xab mod y

103
 DH in Colour J

+ +

+ +

Image source: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

104
 Diffie-Hellman key ‘exchange’
• Without even knowing what secret each used, Alice
and Bob generated the same result!
– The shared-secret

– Even if evil “Eve” is listening on the wire

• Can see x, y, A, B

– She cannot compute the same result since she would not
know Bob and Alice’s secret

• Unlike normal exponentiation, which we can compute by ey=logey

• modular exponentiation or modular log(x) is difficult to
compute!

105
 Asymmetric Encryption
• Also called public-key cryptography

• Use of Public-Private key pair

– The key pairs are mathematically linked
– Messages encrypted with one key can only be decrypted by
the other key of the key pair

• The decryption key cannot, at least in a reasonable

amount of time, be calculated from the encryption key
and vice-versa

106
 Asymmetric Encryption

🗝 Private Key 🔑 Public Key

ENCRYPTION DECRYPTION
ALGORITHM ALGORITHM

Plaintext
🔑
Encryption Key
Ciphertext
🗝
Decryption Key
Plaintext

🗝 🔑
107
 Asymmetric Encryption
• Advantages:
– Solves the key explosion and distribution problem
– No exchange of confidential information before
communication
• Public key is published (everyone knows)
• Private key is kept secret (only the owner knows)

• Disadvantages
– Much slower than symmetric algorithms

108
 Asymmetric Key Algorithms
Algorithm Key Size Description
(bits)
RSA 512-2048 - Rivest-Shamir-Adlemen
- Based on factoring 100 to 200 digit prime numbers
- Base on the assumption that while it is easy to compute products of two large
numbers, it is very difficult to factor a large number to be a product of two primes
DSA 512-1024 - Digital signature algorithm
- Provides capability for authenticating messages
DH 512, 1024, - Diffie-Hellman
2048 - Allows two parties to agree on a key to encrypt messages (used for secret key
exchange)
- Security based on the assumption that while it is easy to raise a number to a
certain power, it is difficult to find out which power was used

ElGamal 512-1024 - Based on DH key agreement

- Used in GPG/PGP
- Encrypted message becomes twice the size of the original (hence used only for
sharing secret keys)
Elliptical 160 - Keys are much smaller
curve - Can adapt many algorithms – DH or ElGamal

109
 Hash Functions
• Takes a message of arbitrary length and outputs a
small fixed-length code
– called the hash or message digest, or digital fingerprint

• One-way mathematical function

– Easy to compute, difficult to reverse
• Single bit change in input => large indeterminate change in output

• Uses:
– Verifying integrity
– Digitally signing documents
– Authentication (Hashing passwords)

110
 Hash Functions
• A form of signature that uniquely represents a data

Arbitrary length
data

Hash
Function

Fixed-length
a88997dfha234
Hash value

111
 Well-known Hash Functions
• Message Digest (MD) Algorithm
– Outputs a 128-bit fingerprint of an arbitrary-length input
– MD5 is widely-used
• Collisions found since 2013

• Secure Hash Algorithm (SHA)

– SHA-1 produces a 160-bit message digest
L
• Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec)
– Use SHA-2 and SHA-3 (produce longer hash values)

112
 Digital Signature
• Electronic documents can be signed
– to prove the identity of the sender, and
– the integrity of the message

• Encrypted hash of the message

– Hash the data
– Encrypt the hash with the sender’s private key

🗝
Digital
Document Hash
Signature
Hashing Encryption
(Sender’s Private Key)

113
 Digital Signature Validation
• Sender
– Appends the signature to the original document
– Sends to receiver

• Receiver
– Computes the hash of the received data
• Using same hash function

– Decrypts the encrypted hash (signature) using sender’s

public key
• Authentication

– Compares the hashes

• If match, the data was not modified (integrity) and signed by the sender

114
Digital Signature Validation

SENDER RECEIVER

Document Hash
Document Hash
Function Equal?
Digital
Digital
🔑
Signature
Signature Hash
Decryption
(Sender's Public Key)

115
 Example

https://www.gpg4win.org (Windows)
https://www.gpgtools.org (OS X)

116
Password - Length vs
Complexity

source : http://xkcd.com/936/
 Complexity vs Length

• Entropy: randomness in H (bits) = log(C) / log(2) * L

the password
Where C – character set
L – password length
• Bits of Entropy: indicates
how difficult it is to crack – Character sets
• Numbers: 0-9
a password • Alphas (upper): A-Z
• Alphas (lower): a-z
• Specials: *+-%&$#![]{}\@/~ etc
• Difficulty to guess = 2H
 Complexity vs Length
Password Length
8 12 16 20 24 28 32
Alphanumeric +
specials 94 52.4367 78.65507 104.873 131.092 157.3101 183.528 209.7468

Alphanumeric 62 47.6336 71.45036 95.2671 119.084 142.9007 166.717 190.5343

Upper and Lower Bits of
alpha 52 45.6035 68.40528 91.207 114.009 136.8106 159.612 182.4141 Entropy
Upper or Lower
alpha 26 37.6035 56.40528 75.207 94.0088 112.8106 131.612 150.4141

Numbers 10 26.5754 39.86314 53.1508 66.4386 79.72627 93.014 106.3017

• Password length is more important than complexity!

– Ex:
• Same/more level of entropy using passwords with a 26 character set (12
characters long), as a character set of 94 (all possible ASCII) that’s 8
characters long!
 PKI Recap
• 🔑 Public Key
• 🗝 Private Key
• 📝 Message

• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted
• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated

120
121