SystemsSec 2016W Lecture 8
- Designing and Coding Secure Systems by Kenneth Ingham & Anil Somayaji
- Chapter 6: Cryptography Fundamentals - Classic Crypto - Enigma Cipher/Alan Turing/Purple - Tried to break codes with very complex mechanisms with math. Therefore, computing was created to break codes - Codes can be arbitrarily secure if the code book is good enough - The “perfect” cipher - One Time Pad - length of the key = length of the message (also known as the plaintext) - we do an exclusive-or between the key and the plaintext to get our ciphertext - The assumption is that the attacker cannot predict the bits of the key. This can be done with randomization. - The important thing here is that the key can only be used once, hence, “one-time” pad - Randomness - The requirements: looks statistically random & unpredictable - pseudorandom number generators(PRNG) - produces numbers that are statistically random - Using a seed generates a stream of “random” numbers - but if we know the seed, we can produce the same sequence of numbers - we can also reverse engineer the stream of numbers to get the seed - Cryptographically-secure PRNG (stream cipher) - is a one-time pad using a seed generated by the PRNG - Block Ciphers - doing multiple runs of a cipher to encrypt - block sizes varies depending on the block cipher used - DES: 64 bit block size - AES: 256 bit block size - Electronic Code Book (ECB) - uses the same key for each iteration of the encryption - we can find 2 ciphertexts that are equal and find the key - Cryptography alone does not guarantee that your data will not be modified/corrupted - Checksums can detect if things have been corrupted but there are still ways the attacker can get around - Secure Hash Functions - turns data into random data - hash functions can be very efficient but being more efficient makes it easier to break - Hash Function - takes any data and turns it into 256 bits - Rules: - pre-image resistance - given a hash value h, it is hard to find any message m such that h = hash(k, m), where k is the hash key. - collision resistance - computationally infeasible to find two inputs that hash to the same output; that is, two inputs a and b such that H(a) = H(b), and a≠b - one way to try to attack this type of security: birthday attack - Message Authentication Code (MAC) - is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity)
Note: We can check for integrity by comparing the hash of what you’re supposed to get with the hash that you got but this can be thwarted if the attacker controls the network
- Public Key Cryptography
- can be paired with crypto from above to fix many of the problems - but has to be used with some type of crypto mentioned above - 2 keys that form a matched pair - one key inverts operations of the other - encrypt with Key1(public) & decrypt with Key2(private) - people encrypt messages with key1 and only you can decrypt with private key - these keys are very very large - Digital Signatures - ensure who sent the data and that it’s integrity isn’t compromised - Certificate Authority - an entity that issues digital certificates
- GNU privacy guard
- only trusts your keys - we can add other peoples’ keys and sign them - creating a Web of Trust