CS549: Cryptography and Network Security
© by Xiang-Yang Li
Department of Computer Science, IIT
Cryptography and Network Security 1
Notice©
This lecture note (Cryptography and Network Security) is prepared by Xiang-Yang Li. This lecture note has benefited from numerous textbooks and online materials. Especially the “Cryptography and Network Security” 2nd edition by William Stallings and the “Cryptography: Theory and Practice” by Douglas Stinson. You may not modify, publish, or sell, reproduce, create derivative works from, distribute, perform, display, or in any way exploit any of the content, in whole or in part, except as otherwise expressly permitted by the author. The author has used his best efforts in preparing this lecture note. The author makes no warranty of any kind, expressed or implied, with regard to the programs, protocols contained in this lecture note. The author shall not be liable in any event for incidental or consequential damages in connection with, or arising out of, the furnishing, performance, or use of these.
Cryptography and Network Security
2
ABOUT INSTRUCTOR
Cryptography and Network Security
3
About Instructor
Associate Professor IIT PhD/MS from UIUC 1997-2000 BS, BE Tsinghua University 1990-1995
Research Interests: Algorithm design and analysis Wireless networks Game theory Computational geometry Contact Information Phone 312-567-5207 Email:
[email protected] Room 229C, SB
Cryptography and Network Security 4
Office and Office hours
Office
SB 229C, 10 W 31st Street, Chicago.
Office hours
Wednesday 4:10PM – 6:10PM.
Or by contact: email
[email protected], phone 312 567 5207
Cryptography and Network Security
5
Who we are and what we do
Prof. XiangYang Li
http://www.cs.iit.edu/~xli http://www.cs.iit.edu/~winet/
[email protected] Stuart Building 229C
Research Interest Overview
Networks and Algorithms
Wireless Sensor Networks, Cognitive Networks, Social Networks
Topics studied:
Wireless sensor systems for environment monitoring Theoretical performance studies of
Wireless networks Social networks
Hardware/system design and manufacturing Supported by NSF, NSF China, RGC HongKong
Representative Projects
Environment monitoring
Ocean
Sense http://www.cse.ust.hk/~liu/Ocean/index.html GreenObs http://orbsmap.greenorbs.org/
Tracking objects: iLight
OceanSense (2007-)
GreenObs (2008-)
About 1000 sensors World largest WSN
Applications
Chicago Waterway System (Water Reclamation Plant)
CWS
Stickney WRP (world largest)
Ammonia sensor
Dissolved Oxygen sensor
Objectives and Challenges
Objectives: Protect the health and safety of the public, protect the quality of the water supply source (Lake Michigan), improve the quality of water in water-courses, protect businesses and homes from flood damages;
Challenges: Complex system (CWS, WRP, CSO, lake, dame, ….) Systems built many years ago (from 1930’s to 60’s) Difficult to meet new regulations and standards (e.g., ammonia, water effluent) What we can contribute Real time sensor system, decision optimization
Collaborators
Demo
System examples (iLight) (2009-)
System examples (iLight) (2009-)
More sensor/Adhoc/RFID examples
Sensor Network Controlled Mobile Car
Sensor Network Controlled Mobile Car
Systems Developed (Collaborated with Other Schools)
Mesh Nodes, Sensors
Sensor nodes and Mesh Nodes
Sensor nodes
Other Projects
BlueSense BlueSky WiFace
Theoretical Studies
Algorithm Design and Analysis of Practical
Questions
Wireless ad hoc networks Wireless sensor networks RFID Cognitive networks Online optimization (little regret) Computational geometry Game theory and its applications Information theory (such asymptotical behavior of large scale networks)
Where do we publish?
Journals
IEEE/ACM Transactions on Networking, TPDS, Computers, JSAC, ACM Transactions, and so on
Conferences
ACM MobiCom, ACM Mobihoc, ACM STOC, ACM SODA, ACM EC IEEE INFOCOM, ICNP, ICDCS, and so on
Where do our students go?
Graduated students (9 PhDs)
Faculty at North Carolina Charlotte, Washington State University, Minnesota State University, BUPT Researcher at Google, Game designer Stock trader
Students (graduated, current)
ABOUT THE COURSE
Cryptography and Network Security
31
About This Course
Suggested books
Cryptography: Theory and Practice by Douglas R. Stinson CRC press Cryptography and Network Security: Principles and Practice; By William Stallings Prentice Hall
Handbook
of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, CRC Press
I have electronic version!
Cryptography and Network Security 32
Grading and Others
Grading (IIT main campus and local)
Homework 20% Final Exam 30% (closed book on final exam week, 2012) Group Programming Projects 20% (select your own topic, ),
Programming project: include a final presentation and demo
Group Paper Presentation 15%:
Select topics from the list, presentation are in order of topics
Individual Term Paper report 15%
10-15 pages report of some research results in IEEE format (font size 10)
India session
Homework 20%, final exam 40%, individual programming projects 25%, individual term paper 15%,
Policy
Do it yourself Can use library, Internet and so on, but you have to cite the sources when you use this information
Cryptography and Network Security 33
Homeworks
Do it independently
Staple your solution For group report,
No discussion No copy Can use reference books
Write your name also, you could discuss with classmates then write your own group’s report (about 15 pages for the topic you selected)
For project (presentation
and programming)
Type your solution!
For presentation by main campus students: You SHOULD collaborate with your group member and you SHOULD make enough contributions to get credit Others : do it yourself
• print it then submit
• Or submit it electronically
Cryptography and Network Security 34
Topics
Introduction Number Theory Traditional Methods: secret key system
Modern Methods: Public Key System
Digital Signature and others Other topics:
secret sharing, zero-knowledge proof, bit commitment, oblivious transfer,…
Cryptography and Network Security
35
Organization
Chapters
Introduction Number Theory Conventional Encryption Block Ciphers Public Key System Key Management Hash Function and Digital Signature Identification Secret Sharing Pseudo-random number Generation Email Security Others
Cryptography and Network Security 36
Cryptography and Network Security
Introduction
Xiang-Yang Li
Cryptography and Network Security
37
Introduction
The art of war teaches us not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. --The art of War, Sun Tzu 孙子兵法
Cryptography and Network Security 38
Information Security
From wikipedia
Cryptography and Network Security 39
C.I.A
Confidentiality, Integrity and Availability Information Systems are decomposed in
three main portions, hardware, software and communications
with the purpose to identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers:
Physical, personal and organizational
Cryptography and Network Security
40
Various Securities
Data security
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled.
Computer Security
The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Malware: malicious software
includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware,
Network Security
protect the network and the network-accessible resources from unauthorized access, consistent and continuous monitoring and measurement of its effectiveness Cryptography and Network Security
41
Network Security
network security and information security are
often used interchangeably
network security is generally taken as providing
protection at the boundaries of an organization
Network security starts from authenticating any user, most likely a username and a password An intrusion prevention system (IPS)[2] helps detect and prevent such malware. IPS also monitors for suspicious network traffic for contents, volume and anomalies to protect the network from attacks such as denial of service
Cryptography and Network Security 42
Criteria for Desirable Cryptosystems
Confidence in Security established Is it based on hard or intractable problems?
Practical Efficiency Space, time and so on Explicitness About its environment assumptions, security service offered, special cases in math assumptions, Protection tuned to application needs No less, no more Security protocols cannot do all: man does what man can do, machine does what machine can do Openness
Cryptography and Network Security 43
Or how can I know the method is secure?
Most important
Security first Efficiency, resource utilization, and
security tradeoffs
This is especially the case for resource constrained networks such as wireless sensor networks
Limited power supply (thus limited communication, and computation), limited storage space
Cryptography and Network Security
44
Cryptography
Cryptography (from Greek
means of converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge — the art of encryption. Past: Cryptography helped ensure secrecy in important communications, such as those of spies, military leaders, and diplomats. In recent decades, cryptography has expanded its remit in two ways
gráphein, "to write") is, traditionally, the study of
kryptós, "hidden", and
mechanisms for more than just keeping secrets: schemes like digital signatures and digital cash, for example. in widespread use by many civilians, and users are not aware of it.
Cryptography and Network Security 45
Crypto-graphy, -analysis, -logy
The study of how to circumvent the use of cryptography is
called cryptanalysis, or codebreaking. Cryptography and cryptanalysis are sometimes grouped together under the umbrella term cryptology, encompassing the entire subject. In practice, "cryptography" is also often used to refer to the field as a whole; crypto is an informal abbreviation. Cryptography is an interdisciplinary subject,
linguistics Mathematics: number theory, information theory, computational complexity, statistics and combinatorics engineering
Cryptography and Network Security
46
Close, but different fields
Steganography the study of hiding the very existence of a message, and not necessarily the contents of the message itself (for example, microdots, or invisible ink) http://en.wikipedia.org/wiki/Steganography Traffic analysis which is the analysis of patterns of communication in order to learn secret information
The messages could be encrypted
http://en.wikipedia.org/wiki/Traffic_analysis
Cryptography and Network Security
47
Steganography
Some techniques
Concealing messages within the lowest bits of noisy images or sound files. Invisible ink Concealing data within encrypted data
Polybius square Hidden messages on messenger's body
Cryptography and Network Security
48
Stenography Example
Last 2 bits
Cryptography and Network Security
49
Tools for Stenography
http://www.jjtc.com/Steganography/toolm
atrix.htm
Cryptography and Network Security
50
Network Security Model
Trusted Third Party
Principal Principal
(sender)
(receiver)
Security transformation
Security transformation
attacker
Cryptography and Network Security 51
Attacks, Services and Mechanisms
Security Attacks Action compromises the information security Could be passive or active attacks Security Services Actions that can prevent, detect such attacks. Such as authentication, identification, encryption, signature, secret sharing and so on. Security mechanism The ways to provide such services Detect, prevent and recover from a security attack
Cryptography and Network Security
52
Attacks
Passive attacks
Interception
Release of message contents Traffic analysis
Active attacks
Interruption, modification, fabrication
Masquerade Replay Modification Denial of service
Cryptography and Network Security
53
Information Transferring
Cryptography and Network Security
54
Attack: Interruption
Cut wire lines, Jam wireless signals, Drop packets,
Cryptography and Network Security
55
Attack: Interception
Wiring, eavesdrop
Cryptography and Network Security 56
Attack: Modification
intercept
Replaced info
Cryptography and Network Security
57
Attack: Fabrication
Ali: this is …
Also called impersonation Ali: this is …
Cryptography and Network Security 58
Attacks, Services and Mechanisms
Security Attacks Action compromises the information security Could be passive or active attacks Security Services Actions that can prevent, detect such attacks. Such as authentication, identification, encryption, signature, secret sharing and so on. Security mechanism The ways to provide such services Detect, prevent and recover from a security attack
Cryptography and Network Security
59
Important Services of Security
Confidentiality, also known as secrecy:
only an authorized recipient should be able to extract the contents of the message from its encrypted form. Otherwise, it should not be possible to obtain any significant information about the message contents. the recipient should be able to determine if the message has been altered during transmission. the recipient should be able to identify the sender, and verify that the purported sender actually did send the message. the sender should not be able to deny sending the message.
Cryptography and Network Security 60
Integrity:
Authentication:
Non-repudiation:
Secure Communication
protecting data locally only solves a minor part of
the problem.
The major challenge that is introduced by the
Web Service security requirements is to secure data transport between the different components.
Combining mechanisms at different levels of the
Web Services protocol stack can help secure data transport (see figure next page).
Cryptography and Network Security
61
Secure Communication
Cryptography and Network Security
62
Secure Communication
The combined protocol HTTP/TLS or SSL is often
referred to as HTTPS (see figure). SSL was originally developed by Netscape for secure communication on the Internet, and was built into their browsers. SSL version 3 was then adopted by IETF and standardized as the Transport Layer Security (TLS) protocol. Use of Public Key Infrastructure (PKI) for session key exchange during the handshake phase of TLS has been quite successful in enabling Web commerce in recent years. TLS also has some known vulnerabilities: it is susceptible to man-in-the-middle attacks and denial-of-service attacks.
Cryptography and Network Security 63
SOAP security
SOAP (Simple Object Access Protocol) is designed to pass
through firewalls as HTTP. This is disquieting from a security point of view. Today, the only way we can recognize a SOAP message is by parsing XML at the firewall. The SOAP protocol makes no distinction between reads and writes on a method level, making it impossible to filter away potentially dangerous writes. This means that a method either needs to be fully trusted or not trusted at all. The SOAP specification does not address security issues directly, but allows for them to be implemented as extensions.
As an example, the extension SOAP-DSIG defines the syntax and processing rules for digitally signing SOAP messages and validating signatures. Digital signatures in SOAP messages provide integrity and non-repudiation mechanisms.
Cryptography and Network Security
64
PKI
PKI key management provides a sophisticated framework for
securely exchanging and managing keys. The two main technological features, which a PKI can provide to Web Services, are:
Note that the features provided by PKI address the same
Encryption of messages: by using the public key of the recipient Digital signatures: non-repudiation mechanisms provided by PKI and defined in SOAP standards may provide Web Services applications with legal protection mechanisms
basic needs as those that are recognized by the standardization organizations as being important in a Web Services context. In Web Services, PKI mainly intervenes at two levels:
At the SOAP level (non-repudiation, integrity) At the HTTPS level (TLS session negotiation, eventually assuring authentication, integrity and privacy)
Cryptography and Network Security 65
Some basic Concepts
Cryptography and Network Security
66
Cryptography
Cryptography is the study of
Secret (crypto-) writing (-graphy)
Concerned with developing algorithms:
Conceal the context of some message from all except the sender and recipient (privacy or secrecy), and/or Verify the correctness of a message to the recipient (authentication) Form the basis of many technological solutions to computer and communications security problems
Cryptography and Network Security
67
Basic Concepts
Cryptography
encompassing the principles and methods of transforming an intelligible message into one that is unintelligible, and then retransforming that message back to its original form The original intelligible message The transformed message Is treated as a non-negative integer hereafter
Cryptography and Network Security 68
Plaintext
Ciphertext
Message
Basic Concepts
Cipher An algorithm for transforming an intelligible message into unintelligible by transposition and/or substitution, or some other techniques Keys Some critical information used by the cipher, known only to the sender and/or receiver Encipher (encode) The process of converting plaintext to ciphertext Decipher (decode) The process of converting ciphertext back into plaintext
Cryptography and Network Security 69
Basic Concepts
cipher
an
algorithm for encryption and decryption. The exact operation of ciphers is normally controlled by a key — some secret piece of information that customizes how the ciphertext is produced
Protocols
specify the details of how ciphers (and other cryptographic primitives) are to be used to achieve specific tasks. A suite of protocols, ciphers, key management, userprescribed actions implemented together as a system constitute a cryptosystem; this is what an end-user interacts with, e.g. PGP
Cryptography and Network Security 70
Encryption and Decryption
Decipher P = D(K2)(C) Plaintext ciphertext
Encipher C = E(K1)(P)
K1, K2: from keyspace These two keys could be different; could be difficult to get one from the other
Cryptography and Network Security 71
What is Security?
Two fundamentally different securities Unconditional security
No matter how much computational power is available, the cipher cannot be broken Using Shannon’s information theory The entropy of the message I(M) is same as the entropy of the message I(M|C) when known the ciphertext (and possible more) Given limited computing resources (e.g time needed for calculations is greater than age of universe), the cipher cannot be broken What do we mean “broken”? Proved by some complexity equivalence approach
Computational security
Cryptography and Network Security
72
Visual Cryptography
By:
Moni Naor Adi Shamir
Visual Cryptography
Visual Cryptography is a secret-sharing method that
encrypts a secret image into several shares but requires neither computer nor calculations to decrypt the secret image. Instead, the secret image is reconstructed visually: simply by overlaying the encrypted shares the secret image becomes clearly visible
A Visual Cryptography Scheme (VCS) on a set Ρ of n
participants is a method of encoding a 'secret' image into n shares such that original image is obtained only by stacking specific combinations of the shares onto each other.
Advantage of Visual Cryptography
Simple to implement Encryption don’t required any NP-Hard problem
dependency Decryption algorithm not required (Use a human Visual System). So a person unknown to cryptography can decrypt the message. We can send cipher text through FAX or E-MAIL Infinite Computation Power can’t predict the message.
Introduction:
Cryptography:
Plain Text Plain Text Channel
Encryption Decryption
Cipher Text
Visual Cryptography:
Plaintext (in form of image)
Encryption (creating shares) Channel (Fax, Email) Decryption (Human Visual System)
Example:
Secret Image
Share1 Stacking the reveals the
share secret
Share2
Encoding of Pixels:
Original Pixel
Share1 Share2 overlaid
Note: White is actually transparent
Computer Representation of pixels
Visual Cryptography scheme represented in computer
using n x m Basis matrices
Original Pixel
share1 s1= share2
s0=
overlaid Image
(2,2) Model
1. Construct two 2x2 basis matrices as:
s0=
1 0
0 1
s1= 1 1
0 0
2.Using the permutated basis matrices, each pixel from the secret image will be encoded into two sub pixels on each participant's share. A black pixel on the secret image will be encoded on the ith participant's share as the ith row of matrix S1, where a 1 represents a black sub pixel and a 0 represents a white sub pixel. Similarly, a white pixel on the secret image will be encoded on the ith participant's share as the ith row of matrix S0.
Cont…..
3. Before encoding each pixel from the secret image onto each share, randomly permute the columns of the basis matrices S0 and S1 3.1 This VCS (Visual Cryptography Scheme) divides each pixel in the secret image into m=2 sub pixels. 3.2 It has a contrast of α(m)·m=1 and a relative contrast of α(m)=1/2.