CMSC 414 Computer and Network Security Lecture 2
- Slides: 30
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz
JCE tutorial ¨ In class next Wednesday ¨ HW 1 will use it
Assigned readings from lecture 1 ¨ “Inside the Twisted Mind of the Security Professional” ¨ “We are All Security Customers” ¨ “Information Security and Externalities” ¨ Comments?
A high-level survey of cryptography
Caveats ¨ Everything I present will be (relatively) informal – I may simplify, but I will not say anything that is an outright lie… ¨ Cryptography offers formal definitions and rigorous proofs of security (neither of which we will cover here) – For more details, take CMSC 456 in the Fall (or read my book)! ¨ If you think you already know cryptography from somewhere else (CMSC 456, CISSP, your job, the news), you are probably mistaken
Goals of cryptography ¨ Crypto deals primarily with three goals: – Confidentiality – Integrity (of data) – Authentication (of resources, people, systems) ¨ Other goals also considered – E. g. , non-repudiation – E-cash (e. g. , double spending) – General secure multi-party computation – Anonymity – …
Private- vs. public-key settings ¨ For the basic goals, there are two settings: – Private-key / shared-key / symmetric-key / secret-key – Public-key ¨ The private-key setting is the “classical” one (thousands of years old) ¨ The public-key setting dates to the 1970 s
Private-key cryptography ¨ The communicating parties share some information that is random and secret – This shared information is called a key – Key is not known to an attacker – This key must be shared (somehow) in advance of their communication
To emphasize ¨ Alice and Bob share a key K – Must be shared securely – Must be completely random – Must be kept completely secret from attacker ¨ We don’t discuss (for now) how they do this – You can imagine they meet on a dark street corner and Alice hands a USB device (with a key on it) to Bob
Private-key cryptography ¨ For confidentiality: – Private-key (symmetric-key) encryption ¨ For data integrity: – Message authentication codes
Canonical applications ¨ Two (or more) distinct parties communicating over an insecure network – E. g. , secure communication ¨ A single party who is communicating “with itself” over time – E. g. , secure storage
Bob Alice K K shared info K Bob K
Bob K
Security? ¨ We will specify the exact threat model being addressed ¨ We will also specify the security guarantees that are ensured, within this threat model – Here: informally; CMSC 456: formally ¨ Crucial to understand these issues before crypto can be successfully deployed! – Make sure the stated threat model matches your application – Make sure the security guarantees are what you need
Security through obscurity? ¨ Always assume that the full details of crypto protocols and algorithms are public – Known as Kerckhoffs’ principle – The only secret information is a key ¨ “Security through obscurity” is a bad idea… – True in general; even more true in the case of cryptography – Home-brewed solutions are BAD! – Standardized, widely-accepted solutions are GOOD!
Security through obscurity? ¨ Why not? ¨ Easier to maintain secrecy of a key than an algorithm – Reverse engineering – Social engineering – Insider attacks ¨ Easier to change the key than the algorithm ¨ In general setting, much easier to share an algorithm than for everyone to use their own
Private-key encryption
Functional definition ¨ Encryption algorithm: – Takes a key and a message (plaintext), and outputs a ciphertext – c EK(m) possibly randomized! ¨ Decryption algorithm: – Takes a key and a ciphertext, and outputs a message (or perhaps an error) – m = DK(c) ¨ Correctness: for all K, we have DK(EK(m)) = m ¨ We have not yet said anything about security…
Bob Alice K shared info K Bob Alice c K c EK(m) K m=DK(c)
A classic example: shift cipher ¨ Assume the English uppercase alphabet (no lowercase, punctuation, etc. ) – View letters as numbers in {0, …, 25} ¨ The key is a random letter of the alphabet ¨ Encryption done by addition modulo 26 ¨ Is this secure? – Exhaustive key search – Automated determination of the key
Another example: substitution cipher ¨ The key is a random permutation of the alphabet – Note: key space is huge! ¨ Encryption done in the natural way ¨ Is this secure? – Frequency analysis ¨ A large key space is necessary, but not sufficient, for security
Another example: Vigenere cipher ¨ More complicated version of shift cipher ¨ Believed to be secure for over 100 years ¨ Is it secure?
Attacking the Vigenere cipher ¨ Let pi (for i=0, …, 25) denote the frequency of letter i in English-language text – Known that Σ pi 2 ≈ 0. 065 ¨ For each candidate period t, compute frequencies {qi} of letters in the sequence c 0, ct, c 2 t, … ¨ For the correct value of t, we expect Σ qi 2 ≈ 0. 065 – For incorrect values of t, we expect Σ qi 2 ≈ 1/26 ¨ Once we have the period, can use frequency analysis as in the case of the shift cipher
Moral of the story? ¨ Don’t use “simple” schemes ¨ Don’t use schemes that you design yourself – Use schemes that other people have already designed analyzed…
A fundamental problem ¨ A fundamental problem with “classical” cryptography is that no definition of security was ever specified – It was not even clear what it meant for a scheme to be “secure” ¨ As a consequence, proving security was not even an option – So how can you know when something is secure? – (Or is at least based on well-studied, widely-believed assumptions)
Defining security? ¨ What is a good definition? ¨ Why is a good definition important?
Security goals? ¨ Adversary unable to recover the key – Necessary, but meaningless on its own… ¨ Adversary unable to recover entire plaintext – Good, but is it enough? ¨ Adversary unable to determine any information at all about the plaintext – Formalize? – Sounds great! – Can we achieve it?
Note ¨ Even given our definition, we need to consider the threat model – Multiple messages or a single message? – Passive/active adversary? – Chosen-plaintext attacks? ¨ The threat model matters! – The classical ciphers we have seen are immediately broken by a known-plaintext attack
Defining secrecy (take 1) ¨ Even an adversary running for an unbounded amount of time learns nothing about the message from the ciphertext ¨ Perfect secrecy ¨ Formally, for all distributions over the message space, all m, and all c: Pr[M=m | C=c] = Pr[M=m]
Next time: the one-time pad; its limitations; overcoming these limitations
- Cmsc414 umd
- Cmsc 414
- Cmsc 414
- Cmsc 414
- Computer security 161 cryptocurrency lecture
- Wireless security in cryptography and network security
- Security security security
- Computer and network security
- Osi security services
- Guide to network security
- Electronic mail security in network security
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- 01:640:244 lecture notes - lecture 15: plat, idah, farad
- Computer & network security
- Gcd of 414 and 662
- Topology in computer
- Mil-std-414
- Mil std 414
- Mil-std-414
- 414 climate change
- Cs 414
- Cse414
- Graph neural network lecture
- Network management principles and practice
- E commerce security meaning
- Computer-aided drug design lecture notes
- Architecture lecture notes
- Isa definition computer
- 5g americas
- Network security design and implementation