Lectures 1 Merged

Computer Security
TMN2073
Lecture 1:
Computer Security Overview
By Dr. Adnan Shahid Khan-UNIMAS @2020
Objectives
Examine the risks involved in computing
Understand the goals of secure computing
Examine the threats to security in computing
Identify the controls available to address the threats
2
Computer Security
What does “SECURE” means to you ?
◦ Protecting your valuable assets?
◦ House, car, office, (physical assets)
◦ Your money? Safe in the bank !
◦ How sure are you that your money in safe
◦ How about your confidential data- email etc.
3
Computer Security
The definition ;
“Computer security is the protection of a company’s assets

by ensuring the safe, uninterrupted operation of the system
and the safeguarding of its computer, programs and data
files”.
Prof. Harold J Highland
State University of New York
4
Computer Security
The protection of the Information and Physical Assets of a computer system.
Involves the measures and controls that ensure CONFIDENTIALITY, INTEGRITY, and AVAILABILITY of
the information processed and stored by a computer.
These include Policies, Procedures, the Hardware and Software tools necessary to protect the
computer systems and the information processed, stored, and transmitted by the systems.
5
Why do we need security in computing ?
The Internet is host to numerous threats:
◦Viruses, worms, Trojan Horses

◦Hacking, Denial of service attacks
◦Masquerading, spoofing
◦Fraud, data theft, malicious damage
The impacts of these can be far-reaching . . .
6
The need for security
Consider the following areas :
1. Banking
2. Education
3. Government
4. Healthcare
5. Retail
6. Telecommunications
What are the principal reasons for security?
7
Types of Security
Physical
◦ e.g Environmental Protection
Logical / System / Technical

◦ e.g. Authentication, Secure Communications
Procedural / Personnel
◦ e.g Security Policy
8
Principles and Concepts
1- Security Requirements
2- Security Threats/Attacks
2- Security Controls
http://www.aiqus.com/wiki/Computer_Security
9
For this course, we will consider there is a wireless communication between two parties
WIRELESS LINK
Consider two different communicating nodes/participating devices/client-server.

Alice and Bob are very traditional names in computer security as two
Communicating bodies.
Security issues occurs once more then ONE devices communicate with each other,
Even if we insert PENDRIVE, the chances of injection of virus etc. is high (two nodes communicate i.e. host & pen drive)
Alice and Bob are using cellular network
(just an example, or any networks)
WIRELESS LINK
Communication Requirements or Security Requirements?
see & alter their communication

Before communication, Alice and Bob need required that no one should
They also required their communication must be continuous and available as far as
they required their communication. If Alice/bob is uploading/downloading any video files,
the data must be available throughout the session. And
Since, they are very far, so both required that both partner must be legitimate, For instance: if Alice send some message
So at the end of day, Alice must accept that she send the message and vice versa.
On the other hand, the network provider must ensure that the network is secure.
WIRELESS LINK
Communication Requirements or Security Requirements? Confidentiality Integrity

see & alter their communication
Before communication, Alice and Bob need required that no one should
They also required their communication must be continuous and available as far as
they required their communication. If Alice/bob is uploading/downloading any video files,
the data must be available throughout the session. And
Availability
Since, they are very far, so both required that both partner must be legitimate, For instance: if Alice send some message
So at the end of day, Alice must accept/agrees that she send the message and vice versa.
On the other hand, the network provider must ensure that the network is secure. Non-Repudiation
Security Requirements/Goals
Confidentiality
Integrity
Availability
Non-repudiation
http://www.aiqus.com/wiki/Computer_Security
13
Confidentiality
The protection of data from unauthorized disclosure to a third party.
Protection from passive attack.
Sometimes called secrecy or privacy.
Level of protection:
– Protect all user data transmitted between two users over a period of time.
– Protect a single message or even specific fields within a message.
Protect the traffic flow from analysis

– Requires that an attacker not be able to observe the source and destination, frequency, length, or other
characteristic of the traffic.
14
Integrity
The assurance of data is not altered or destroyed in an unauthorized manner.
Can apply to a stream of messages, a single message, or selected field within a message.
Relates to active attack – detection rather than prevention.
15
Availability
The continuous operation of computing system to ensure legitimate users have access to the
data.
Applies both to data and to services
Assets are accessible to authorized parties at appropriate times.
If some person or system has legitimate access to a particular set of object, that access should
not be prevented.
Opposite of denial of service (DoS).
16
Non-repudiation
The guarantee that something came from the source it claims.
Prevents either sender or receiver from denying a transmitted message.
When a message is sent, the receiver can prove that the message was in fact sent by alleged
sender.
When a message is received, the sender can prove that the message was in fact received by the
alleged receiver.
17
SECURITY THREATS
Security Requirements
CONFIDENTIALITY INTEGRITY AVAILABILITY NON-REPUDIATION
To me as a researcher, there is no other things

These are four main attempts or pre-requisites to
Attempt any other attacks- later we will discuss
INTERCEPTION INTERRUPTION FABRICATION

Attackers wants to see the data, modify the data, cut the link, or insert unwanted data
MODIFICATION What else attackers want to do?
Security Threats
RELATIONSHIP BETWEEN SECURITY REQUIREMENTS
& SECURITY THREATS
SECURITY REQUIREMENTS SECURITY THREATS
CONFIDENTIALITY INTERCEPTION
INTEGRITY MODIFICATION/FABRICATION
AVAILABILITY INTERRUPTION
NON-REPUDIATION INTERCEPTION/MODIFICATION/FABRICATION
Security Threats/Attacks
Threats
– A set of circumstances that has the potential to cause lost or harm to a computing system.
Vulnerability
– A weakness in the security system that might be exploited to cause lost or harm.
Control
– A protective measure.
– An action, device, procedure, or technique that removes or reduces a vulnerability.
Relationship:
A threat is blocked by control of a vulnerability.
21
MOM
Method, Opportunity, Motive
Method – the skills, knowledge, tools, and other things with which to be
able to pull off the attack.
Opportunity – the time and access to accomplish attack.
Motive – a reason to want to perform attack against system.
22
Security Threats
There are 4 general categories:
1. Interruption
2. Interception
3. Modification
4. Fabrication
http://www.thetechaxis.com
2
3
Interruption
An asset of the system is destroyed or becomes unavailable or unusable.
Attack on availability.
Examples: destruction of a piece of hardware such as a hard disk, the cutting of communication
line, the disabling of the file management system
24
Interception
An unauthorized party gains access to an asset.
Attack on confidentiality.
The unauthorized party could be a person, a program, or a computer.
Examples: wiretapping to capture data in a network, unauthorized copying of files or programs.
25
Modification
An unauthorized party not only gains access to but tampers with an asset.
Attack on integrity.
Examples: changing values in a data file, altering a program so that it performs differently,
modifying the content of messages being transmitted in a network.
26
Fabrication
An unauthorized party inserts counterfeit objects into the system.
Attack on authenticity.
Examples: the insertion of spurious messages in a network, the addition of records to a file.
27
Security Threats (illustration)
Information Information
source destination
Normal Flow
Interruption Interception
Modification Fabrication
28
Vulnerabilities
Interruption (DoS) Interception (Theft)
Fabrication
Modification HARDWARE
(substitution)
Interruption (Deletion)
Interruption (Loss)
Interception
SOFTWARE Fabrication DATA

Interception Modification
Fabrication
Modification (Logic bomb)
29
Hardware Vulnerabilities
Add, change, remove devices.
Intercept the traffic to devices.
Flooding devices with traffic until they can no longer function.
Drench with water, burn, frozen, gas, and electrocute with power surge.
Spill, kick, slap, bump, jar, punch.
Shot, stab.
Bombs, fires, collisions.
Others
30
Software Vulnerabilities
Replace, change, destroy software maliciously.
Modify, delete, misplace software accidentally.
Logic bomb, Trojan horse, virus, trapdoor, information leaks.
Unauthorized copying of software (pirated software).
31
Data Vulnerabilities
Tapping wires, planting bugs in output devices, filter through trash receptacles, monitoring
electromagnetic radiation, bribing key employees, inferring one data point from other values,
requesting the data.
Stealing, buying, finding, hearing data.
Modifying data.
32
Security Control
Legal and ethical restrictions on computer-based crime.
Controls are needed to preserve Confidentiality, Integrity, and Availability.
Physical controls
Encryption
Software controls
Hardware controls
Policies and procedures
33
Q&A
34
Computer Security
TMN 2073
Lecture 2:
Cryptography and
Basic Security Mechanisms
Lecture Outline
Basic Terminology, Background and Notation
Cryptography Techniques
Cryptanalysis
Types of Algorithm
“Good” Cipher
2
Cryptography - What is it?
The definition:
Cryptography – ‘ A secret manner of writing, either by arbitrary characters, by using letters or
characters in other than their ordinary sense, or by other methods intelligible only to those
possessing the key ’.
(Oxford Dictionary, 2006)
Cryptography(secret writing)
- Is the strongest tool for controlling against many kinds of security threats.
(Security in Computing 4th Ed , 2007)
3
Introduction
Transformation of information into an encrypted form that cannot
be read by third parties
Originally used almost exclusively for diplomatic and military
communications
◦ fundamental change in recent days due to public / commercial
use of IT- based communications
May be applied to data communications or stored information
4
CRYTPGRAPHY
STUDY OF CRYPTOGRAPHY IS CRYTOLOGY
Cryptology = Cryptography + Cryptanalysis

PLAINTEXT P = D(C) PLAINTEXT
(PT) P = D(C)= D(E(P)) (PT)
ENCRYPT/DECRYPT –SAME KEY (SYMMETRIC ENCRYPTION)
ENCRYPTION ALGORITHM DECRYPTION ALGORITHM
ENCRYPT/DECRYPT –DIFFERENT KEY (ASYMMETRIC ENCRYPTION)

CIPHERTEXT CIPHERTEXT
C = E(P)
CT CT
CRYTPANALYSIS
INSURE CHANNEL
Basic Terminology & Notation (1)
Plaintext
◦ plaintext is the readable message or data which will be used by the cryptographic process.
Ciphertext
◦ ciphertext is the un-readable message or data which is the outcome of the cryptographic process.
◦ 2 different key produce 2 different ciphertext
Encryption [encode]
◦ encryption is the process of turning plaintext into ciphertext
◦ Use encryption algorithm
6
cont…
Decryption [decode]
◦ decryption is the process of turning ciphertext into plaintext.
Cryptography
◦ a cipher system where plaintext is transformed into ciphertext using an algorithm
◦ at the recipient end, the message is deciphered to recover the original
Cryptanalysis
◦ used by an interceptor on the ciphertext to determine the plaintext information
Cryptology = Cryptography + Cryptanalysis
7
Implementing Cryptography
Simplest arrangements rely on secrecy of the cryptographic algorithm
◦ once discovered all the information is insecure
Security improved by using a key :

◦ constant algorithm, but produces different output depending on key value
◦ key can be changed if compromise suspected
◦ Number of possible keys = ‘key space’
◦ problem with key distribution - require secure protocols
8
Basic Cryptographic Scheme
original
plaintext ciphertext plaintext
ENCRYPTION DECRYPTION
P E C D P
◼ P = <p1, p2, ..., pn> pi = i-th char of P

◼ P = “DO NOT TELL ANYBODY” p1 = “D”, p2 = “O”, etc.
◼ By convention, cleartext in uppercase
◼ C = <c1, c2, ..., cn> ci = i-th char of C

◼ C = “ep opu ufmm bozcpez” c1 = “e”, c2 = “p”, etc.
◼ By convention, ciphertext in lowercase
9
Formal Notation
ENCRYPTION DECRYPTION original
plaintext ciphertext plaintext
ENCODING DECODING
P ENCIPHERING C DECIPHERING P
E D
◼ C = E(P) E – encryption rule/algorithm
◼ P = D(C) D – decryption rule/algorithm
◼ We need a cryptosystem, where:
◼ P = D(C)= D(E(P))
◼ i.e., able to get the original message back
10
Cryptographic Techniques Vernam Cipher
By Gilbert Vernam for AT&T
Immune to most cryptanalytic attacks
Modulo 2 transformations using binary (XOR)
Key (K) Key (K)
+ +
Plaintext (P) Ciphertext (C) Plaintext
= (P + K) = (P + K) + K = P
e.g. P = 110101, K = 101010

◦ P + K = 011111 = C
◦ C + K = 110101 = P
11
Benefits of Cryptography
It’s just an improvement but not a Solution!
◦ Minimizes problems
◦ Doesn’t solve them
◦ Remember: There is no solution!
◦ Adds an envelope (encoding) to an open postcard (cleartext)
Cryptographic Techniques
Transposition
◦ the method by which symbols in the plaintext are moved into different
positions in the ciphertext.
Substitution
◦ the method by which symbols in the plaintext are replaced with
different (usually) symbols in the ciphertext.
Concealment
◦ the method by which additional symbols are placed in the ciphertext to
conceal the content.
13
Cryptographic Techniques Transposition
Rearrangement of the order of bits in a data block according to a fixed permutation
Total number 1’s and 0’s is preserved
Only secure if each message has its own transposition
Simple transposition may be target of brute force attack :
◦ attempting each permutation of encrypted text
Use of transposition matrix is more secure
14
Transposition Methods
Simple Transposition
transposition using matrix
Plaintext SECRET ILOVEASECURITYSUBJECT
S R
E T I L O V E
Encrypt C E S E C U R
R S I T Y S U
E C B J E C T
T E
Ciphertext RTESCE ISIBLETJOCYEVUSCERUT
15
Substitution
Systematic replacement of one symbol by another
Uses a lookup table
Number of 1’s and 0’s not preserved
Vulnerable to statistical analysis
◦ e.g. based upon frequency of character occurrence
E.g. Caesar Cipher (3 place offset in alphabet)
16
Example of Substitution
(Plaintext)
secretmessage
Encrypt
VHFUHWPHVVDJH
(Ciphertext)
ci = E ( pi ) = pi + 3
17
Concealment :
◦ Message symbols are mixed up with many other symbols that carry no useful
information
◦ Gives considerable security, but can greatly expand the message
18
Shannon’s “Rules”
1. The amount of secrecy needed should determine the amount of labor
appropriate for the encryption and decryption.
2. The set of keys and the enciphering algorithm should be free from
complexity.
3. The implementation of the process should be as simple as possible.
4. Errors in ciphering should not propagate and cause corruption of further
information in the message.
5. The size of the ciphertext should be no larger than the plaintext.
19
Cryptanalysis (1)
Cryptanalyst attempts to deduce the original meaning of the ciphertext
message.
Cryptanalysts goals:
◦ Break a single msg
◦ Recognize patterns in encrypted msgs, to be able to break the subsequent ones
◦ Infer meaning without breaking encryption
◦ Unusual volume of msgs between enemy troops may indicate a coming attack
◦ Busiest node may be enemy headquarters
◦ Deduce the key, to facilitate breaking subsequent msgs
◦ Find vulnerabilities in implementation or environment of an encryption algorithm
◦ Find a general weakness in an encryption algorithm
20
Cryptanalysis (2)
Information used for cryptanalysts:
◦ Intercepted encrypted msgs
◦ Known encryption algorithms
◦ Intercepted plaintext
◦ Data known or suspected to be ciphertext
◦ Math or statistical tools and techniques
◦ Properties of natural languages
◦ Esp. adversary’s natural language
◦ To confuse the Japanese cryptanalysts, Americans used Navajo language in WW2
◦ Propertiers of computer systems
21
Classification of
Cryptosystems -
Keys
Keyless Keyed cryptosystems

cryptosystems
- Less secure 1. Symmetric cryptosystem KE = KD
- classic, using the same key
2. Asymmetric cryptosystem: KE ≠ KD
- using the same key
22
Breakable Encryption
An encryption algorithm is called breakable
- given enough time and data, an analyst can determine the algorithm.
-
Breakable encryption
◦ Practical cryptosystems almost always are breakable, given adequate time and computing power
[cf. J. Leiwo, VU, NL]
23
Requirements for Crypto Protocols
◦ Messages should get to destination
◦ Only the recipient should get it
◦ Only the recipient should see it
◦ Proof of the sender’s identity
◦ Message shouldn’t be corrupted in transit
◦ Message should be sent/received once
◦ Proofs that message was sent/received (non-repudiation)
24
Making “Good” Ciphers
Cipher = encryption algorithm
25
1. Criteria for “Good” Ciphers (1)
◼ “Good” depends on intended application
◼ Substitution
◼ C hides chars of P
◼ If > 1 key, C dissipates high frequency chars
◼ Transposition
◼ C scrambles text => hides n-grams for n > 1
◼ Product ciphers
◼ Can do all of the aboveWhat is more important for your app?
What facilities available to sender/receiver?
◼ E.g., no supercomputer support on the battlefield
26
Criteria for “Good” Ciphers (2)
◼ Claude Shannon’s criteria (1949):
1. Needed degree of secrecy should determine amount of labor

◼ How long does the data need to stay secret?
(cf. Principle of Adequate Protection)

2. Set of keys and enciphering algorithm should be free from complexity
◼ Can choose any keys or any plaintext for given E
◼ E not too complex (cf. Principle of Effectiveness)

3. Implementation should be as simple as possible
◼ Complexity => errors (cf. Principle of Effectiveness)
27
◼ Shannon’s criteria (1949) – cont.
4. Propagation of errors should be limited

◼ Errors happen => their effects should be limited
◼ One error should not invlidate the whole C
(None of the 4 Principles — Missing? — Invent a new Principle?)
5. Size / storage of C should be restricted

◼ Size (C) should not be > size (P)
◼ More text is more data for cryptanalysts to work with
◼ Need more space for storage, more time to send
(cf. Principle of Effectiveness)

◼ Proposed at the dawn of computer era – still valid!
28
◼ Characteristics of good encryption schemes
◼ Confusion:
interceptor cannot predict what will happen to C when she changes one char in P
◼ E with good confusion:
hides well relationship between P “+” K, and C

◼ Diffusion:
changes in P spread out over many parts of C
◼ Good diffusion => attacker needs access to much of C to infer E
29
◼ Commercial Principles of Sound Encryption Systems
1. Sound mathematics
▪ Proven vs. not broken so far
2. Verified by expert analysis
▪ Including outside experts
3. Stood the test of time
▪ Long-term success is not a guarantee
▪ Still. Flows in many E’s discovered soon after their release
◼ Examples of popular commercial E’s:
DES = Data Encryption Standard
◼ DES / RSA / AES RSA = Rivest-Shamir-Adelman
AES = Advanced Encryption Standard (rel. new)
[cf. A. Striegel]
30
Types of Algorithm
Symmetric algorithm
◦ uses a common secret key at sender and receiver ends
◦ aka secret or private key cryptography
◦ e.g. DES, IDEA
Asymmetric algorithm
◦ uses a pair of keys, one secret and one public
◦ aka public key cryptography
◦ e.g. RSA
31
Symmetric Algorithm
32
Asymmetric Algorithm
33
Symmetric and Asymmetric Cryptosystems (2)
◼ Problems with symmetric encryption:
◼ Ensuring security of the “key channel”
◼ Need an efficient key distribution infrastructure
◼ A separate key needed for each communicating S-R
pair
◼ For n communicating users, need:
n * (n -1) /2 keys
34
◼ Asymmetric encryption = public key encryption (PKE)

◼ KE ≠ KD — public and private keys
◼ PKE systems eliminate symmetric encr. problems

◼ Need no secure key distribution channel
◼ => easy key distribution
35
◼ One PKE approach:
◼ R keeps her private key KD
◼ R can distribute the correspoding public key KE to anybody who wants to

send encrypted msgs to her
◼ No need for secure channel to send KE
◼ Can even post the key on an open Web site — it is public!
◼ Only private KD can decode msgs encoded with public KE!

◼ Anybody (KE is public) can encode
◼ Only owner of KD can decode
36
Symm. vs. Asymm. Key Algorithms
Symmetric Asymmetric
Key: K (= KD = KE) ◼ Key pair: < KE, KD >, KD ≠ KE
K kept secret ◼ KD kept secret

KE public (usually; or known to n users)
K agreed upon between 2 parties in
advance
◼ KE distributed to k users before first
Like using a “simple” communication (by owner of KD)
safe (with one door)
◦ Need safe key to deposit doc in ◼ Like using a safe with locked deposit slot
safe ◼ Need deposit slot key to slide doc into
◦ Need safe key to get doc from safe
safe ◼ Need safe door key to get doc from safe
37
Need for Key Management
◼ Private key must be carefully managed in both SE and PKE

(asymm.) cryptosystems
◼ Storing / safeguarding / activating-deactivating
Keys can expire - e.g. to take a key

away from a fired employee
◼ Public key must be carefully distributed in PKE systems

=> Key management is a major issue
38
OUR FOCUS
ASYMMETRIC CRYPTOGRAPHY
FOCUS ON ASYMMETRIC CRYPTOSYSTEM, FEASBILBE FOR
WIRELSS COMMUNICATION
ASYMMETRIC CRYPTOSYSTEM
AKA- PUBLIC KEY CRYPTOGRAPHY
PUBLIC KEY (ALICE) PUBLIC KEY (BOB)
PRIVATE KEY (ALICE) PRIVATE KEY (BOB)
PLAINTEXT PLAINTEXT
(PT) (PT)
PUBLIC KEY (BOB) PRIVATE KEY (BOB)
CT CT
CRYTPANALYSIS
Example
Email address:
adnan.unimas@gmail.com (public key)
********** (private key)
Sender: if X, THEN, X will use my public key (available online etc)
To encrypt his/her message, later, adnan will use his private key to
PLAINTEXT Decrypt the message. PLAINTEXT
(PT) (PT)
CT CT
CRYTPANALYSIS
PRIVATE KEY (ALICE) SEEMS SECURED RIGHT? PRIVATE KEY (BOB)
USUALLY, ONCE I RECEIVED MESSAGE FROM ANYONE
I WILL USE MY PASSWORD TO DECRYPT THE MESSAGE
Example
Email address:
adnan.unimas@gmail.com (public key)
********** (private key)
Sender: if X, THEN, X will use my public key (available online etc)
To encrypt his/her message, later, adnan will use his private key to
PLAINTEXT Decrypt the message. PLAINTEXT
(PT) (PT)
CT CT
CRYTPANALYSIS
PRIVATE KEY (ALICE)
X PRIVATE KEY (BOB)
POSSIBLE ATTACK
“IMPERSONATION”
ANYONE CAN SEND ME “email”
There is no method to verify who is the
PLAINTEXT PLAINTEXT
(PT)
sender or either the (PT)
PUBLIC KEY (BOB) Sender is LEGITIMATE USER PRIVATE KEY (BOB)
CT CT
CRYTPANALYSIS
POSSIBLE SOLUTION
PUBLIC KEY INFRASTRUCTURE
PLAINTEXT AKA “PKI” PLAINTEXT
(PT) (PT)
CT CT
CRYTPANALYSIS
Public Key Encryption
Aka asymmetric-key
P K E uses 2 different keys at once
◦ Private key
- known only to your computer
◦ Public key
- given by your computer to any computer that
wants to communicate securely with it
Adapted from how stuffworks
46
Problem with public key encryption
Encryption is primarily composed of public key /
private key systems in the modern world.
The main problems with any system to distribute
public keys are:
1. How do you know
1. this is in fact the right key for the party you wish to communicate
with?
2. the information associated with the key is correct (i.e. name, email address, etc.)?
3. the key has not been revoked (i.e. if it is stolen the owner would want people to stop using it)?
47 47
cont…
Difficulty of knowing whether a public key is really owned by the person it is claimed to belong to.
– A user could advertise that a public key belongs to Siti when in fact it doesn’t; that user could then intercept messages
intended for Siti and decrypt them with the private key belonging to the key pair.
Since you cannot meet every single person you wish to communicate with and verify all the
details there is a need for a solution.
Public Key Infrastructure allows for distribution (and to some degree management) of
public keys, thus allowing people to encrypt/decrypt, sign and verify data from other people.
48
49
Computer
Security
TMN 2073
http://web-vuln.blogspot.com/2011/09/let-us-more-aware-of-computer-security.html
Lecture 3:
Cryptography -Part II
RECAP
PRIVATE KEY (ALICE)
X PRIVATE KEY (BOB)
POSSIBLE ATTACK
“IMPERSONATION”
ANYONE CAN SEND ME “email”
There is no method to verify who is the
sender or either the
PLAINTEXT PLAINTEXT
(PT)
Sender is LEGITIMATE USER (PT)
CT CT
CRYTPANALYSIS
POSSIBLE SOLUTION
PUBLIC KEY INFRASTRUCTURE
PLAINTEXT AKA “PKI” PLAINTEXT
(PT) (PT)
CT CT
CRYTPANALYSIS
USER SELECT TWO KEYS
SUBMIT THESE KEYS ALONG WITH OTHER CREDENTIALS TO REGISTRATION AUTHORITY
REGISTRATION AUTHORITY VERIFIES THE DOCUMENTS AND SUBMIT TO CERTIFICATE AUTHORITY
CERTIFICATE AUTHORITY BINDS THESE TWO KEYS AND CREATE DIGITAL CERTIFICATE OR DIGITAL SIGNATURE
CONFIDENTIALITY, INTEGRITY, AVAILABILITY & NON-REPUDIATION
How Does PKI Secure Message?
(PT) (PT)
CONFIDENTIALITY D(PT)
E(PT)
CT CT
H(CT) INTEGRITY H(CT)=H(CT)
H(CT)
CT+H(CT)
CT+H(CT)
DIGITAL SIGNATURE NON-REPUDIATION APPLY PUBLIC KEY ALICE DIGITAL SIGNATURE
=E[CT+H(CT)]PRIVATE KEY ALICE =E[CT+H(CT)]PRIVATE KEY ALICE
DS DS
AVAILABILITY
What is Registration Authority (RA)?
During your initial registration process at UNIMAS VERIFICATION3

You need to fill in the form, fill all credentials
For instance REGISTRATION2
1- FULL NAME
2-PARENTS NAME KEY GENERATION1
3-HOME ADDRESS
4-IC NUMBER
5- USERNAME (USUALLY ADMIN DO ON BEHALF OF YOU)
5- ALL IMPORTANCE CREDENTIAL THAT
SHOWS URS COMPLETE IDENTITY
SHOW ORIGINAL DOCUMENTS AT COUNTER VERIFICATION3’
In Return they will give you CA

STUDENT ID and user identity (yours IC will be your password)
They will inform you, you may change your password, your ID will be activated within 24 hours
For lecturers, they usually ask suggest to give 5-7 characters user name with IC as a password. KEY CREATION4
LIFE CYCLE OF KEYS KEY REGISTRATION KEY CREATION RENEWAL REVOCATION
CERTIFICATE CREATION PROCESS
Key generation---Two approaches:
The subject (user/organization) can create a private and public key pair using some software (usually a part of the Web Browser or Web
Server) or special software programs. The RA can generate a key pair on behalf of the subject.
Registration---Required only if the user generates the key pair.- personal certificate, User has to send the public key and the associated
registration information (e.g. subject name, etc.) and all the evidence about herself to the RA.
Verification---After the registration process is complete, the RA has to verify the user’s credentials. Why verify?
◦ The RA needs to verify the user’s credentials (evidence provided) and ensure that they are acceptable.
◦ To ensure that the user who requesting for the certificate does indeed posses the private key corresponding to the given public key - Proof
Of Possession (POP).
Certificate creation---The RA passes on all the details of the user to the CA. The CA does its own verification (if required) and creates a DC for
the user using program for creating certificate in the X.509 format. Then, the CA sends the certificate to the user, and also retains a copy of the
certificate for its own record in a certification directory/certificate repository. The DC can be attached to an email or the CA can send an email
to user, informing that the certificate is ready and can be downloaded from the CA’s site.
8
USER SELECT TWO KEYS
SUBMIT THESE KEYS ALONG WITH OTHER CREDENTIALS TO REGISTRATION AUTHORITY
REGISTRATION AUTHORITY VERIFIES THE DOCUMENTS AND SUBMIT TO CERTIFICATE AUTHORITY
CERTIFICATE AUTHORITY BINDS THESE TWO KEYS AND CREATE DIGITAL CERTIFICATE OR DIGITAL SIGNATURE
CONFIDENTIALITY, INTEGRITY, AVAILABILITY & NON-REPUDIATION
How Does PKI Secure Message?
(PT) CONFIDENTIALITY- ENCRYPTION/DECRYPTION (PT)

E(PT) D(PT)
CT CT
H(CT) INTEGRITY-HASHING H(CT)=H(CT)
H(CT)
CT+H(CT)
NON-REPUDIATION-ENCRYPTION USING SENDER PRIVATE KEY CT+H(CT)
APPLY PUBLIC KEY ALICE
DIGITAL SIGNATURE DIGITAL SIGNATURE
=E[CT+H(CT)]PRIVATE KEY ALICE =E[CT+H(CT)]PRIVATE KEY ALICE
DS DS
AVAILABILITY
What is the PKI Made of?
IS NOT AUTHENTICATION MECHANISM OR ANY SECURITY SCHEME ITS AN INFRASTRUCTURE
It uses digital signature as an authentication mechanism along with

public key cryptography (with two mathematically Related keys i.e. public key and private key)
PKI consists of the following components:

1- Certification Authority (CA) to issue certificates.
2- Digital certificates
3- Applications that are written to use the PKI.
4- Policies that govern the operation of the PKI.
What is Registration Authority (RA)?
A registration authority is responsible for
“Processing digital certificate requests received from subscribers”
The RA firstly checks that requests are valid and comply with the certification practice statement and
certificate policy.
It then authenticates the identity of the user in accordance with any requirements in the certification
practice statement and certificate policy.
Once satisfied, the RA forwards the request to the certification authority to sign and issue a digital
certificate to the intended certificate holder.
The quality of the registration process determines the level of trust that can be placed in the digital
certificates.
12
CERTIFICATE AUTHORITY
To understand CA, we must know how keys are created
The CA is one of the entities that provides the element of trust for the PKI. A party relying on
a digital certificate trusts the CA to have correctly included the certificate holder's public key,
and other details, in the digital certificate, and to have digitally signed the digital certificate to
validate its authenticity and integrity
What are Digital Certificates?
What do they do?
A digital certificate is one of the foundations of a public key infrastructure (PKI).
A digital certificate is in many ways the electronic equivalent of a passport or driver's license, and may be
used to identify and authenticate someone making online transactions.
Digital certificates are digital files that certify the identity of an individual or institution seeking access to
computer-based information.
In enabling such access, they serve the same purpose as a driver’s license or ID card. – to prove that you
have the right to access information/ services online
14
A digital certificate is issued to a certificate holder by a certification authority on the request of a
registration authority. Details on a digital certificate include the certificate holder’s name, their
public key, the name of the certification authority and an indication of the certificate policy
under which it was issued.
CA creates the digital certificate, incorporating the public key and signs it, protecting the
integrity of the information.
The public key in a digital certificate is linked to the private key. The certificate holder must hold
the private key securely
15 15
The digital certificate links the identifier of an individual or institution to a digital public key.
Used in conjunction with encryption, Digital Certificates provide a more complete security
solution, assuring the identity of all parties involved in a transaction.
The sender can also digitally sign the message using their own private key to prove that the message
originated from them. If the message has been digitally signed, the recipient would verify the sender by
obtaining the sender's digital certificate from a trusted directory and using this to verify the sender's digital
signature.
The effectiveness and reliability of the digital certificate is based on the confidence all parties to a
transaction have in the structure, policies and procedures surrounding the PKI system.
16
How are certificates issued ?
A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key.
CA issues a certificate associated with a key pair to a user (or computer) whose identity it has already verified.
Is a trusted authority for certifying individuals’ identities and creating an electronic document (digital certificate)
indicating that individuals are who they say they are.
A Digital Certificate typically contains the:

Owner's public key
Owner's name
Expiration date of the public key
Name of the issuer (the CA that issued the Digital Certificate)
Serial number of the Digital Certificate
Digital signature of the issuer
17
PKI Trust Model: Browser Model
Applications that are written to use the PKI.
A number of CA certificates are pre-installed as part of the browser.

- Installed certificates are used as trusted ‘root’ CA certificate for verifying
incoming certificate.
The browser’s user is trusting the browser vendor who supplied the installed
certificates, rather than a root CA.
Used by most browsers, including Netscape Navigator, Mozilla and Microsoft
Internet Explorer.
18
PKI Policies:
Certification Practice Statement (CPS)
• PKI policies lay out rules governing
– key security,
– the process for issuing,
– renewing and revoking certificates,
– default certificate lifetimes, and so forth.
• Public (commercial) PKIs such as VeriSign are required to publish a document called a Certificate Practice Statement (CPS).
• Every CA should have CPS that outlines

– How identities are verified
– The steps the CA follows to generate, maintain, and transmit certificates
– Why the CA can be trusted to fulfill its responsibilities
– Describes how keys are secured
19
Certificate Server (CS)
The actual service that issues certificates based on the data provided during the initial registration
process.
Constructs and populates the digital certificate (DS) with the necessary information and combines the
user’s public key with the resulting certificate.
20
Issuance, Management and Revocation of Certificates
❑When Request for a certificate is made to a CA, a key pair must be created and signed by the requestor, then
the public key is sent to the CA
❑CA must verify the signature and identity based on its policies
❑CA signs the user’s public key with the CA’s private key. This creates the certificate, which is then sent back to
the requestor. The certificate can then be published.
❑Certificates are generally stored on the requestor’s computer, but they can be moved (exported) to another computer.
You also can export the certificate to back it up, and then import it to restore it.
❑Many reasons a certificate might need to be revoked.
❑key is compromised
❑user leaves the organization
❑Done by publishing and distributing a Certificate Revocation List (CRL).
21
Computer
Security
TMN 2073
Authenticated.
Enter username Enter username

& Password. & Password.
Auth-Req
Auth-Rsp. Auth-Rsp. Auth-Req
CIMB BANK
Challenge
User Name
Password
Username or Password can be

Any IDENTIFICATION (WHAT USER HAVE)
EVEN BIOMETRICS.
INSECURE CHANNEL
CRYPTANALYSIS
User Identification & Authentication
1. Users must be identified to enable :

◦ user-specific access controls.
◦ individual accountability for activities.
2. Claimed identities must be authenticated
◦ first line of system protection;
◦ safeguards against abuse by external parties or unauthorized
insiders;
3
Some Terminology
Authentication
◦ Process of identifying an individual usually based on a username and password
◦ What is Authentication ? Authentication is the act of confirming the truth of an attribute of a
datum or entity. This might involve confirming the identity of a person or software program,
tracing the origins of an artifact, or ensuring that a product is what its packaging and labeling
claims to be. Authentication often involves verifying the validity of at least one form of
identification.
Authorization
◦ Process of giving individuals access to system objects based on their identity
Identification
◦ An act or instance of identifying ; the state of being identified
◦ Something that identifies a person, animal, or thing: Your student ID ???
4
Authentication Strategies
• Three main approaches to authentication :
1. Something the user knows:

• Passwords
• PIN Numbers
• Passphrases
• A secret handshake
• Mothers maiden name
IDENTIFICATION AND AUTHENTICATION 5

cont...
2. Something the user has
• Identity badges
• Physical keys
• Drivers licence
• Uniform - recognizable
6
cont...
3. Something the user is
• a biometric characteristics of a user;
• Finger print
• Iris
• Hand geometry
• Finger geometry
• Face geometry
• Ear shape
• Retina
7
Authenticated.
Enter username Enter username

& Password. & Password.
Auth-Req
Auth-Rsp. Auth-Rsp. Auth-Req
CIMB BANK
Challenge
User Name
Password
Username or Password can be

Any IDENTIFICATION (WHAT USER HAVE)
EVEN BIOMETRICS.
Authentication Protocol Types
❖Unilateral Authentication
❖Only one party is authenticated, usually server authenticate client
❖Mutual Authentication
❖Both parties authenticate each other
❖One factor authentication
❖this is “something a user knows.” The most recognized type of one-factor
authentication method is the password.
❖TWO factor authentication
❖in addition to the first factor, the second factor is “something a user
has.” Examples of something a user has are a signed digital certificate or
even a biometric such as a fingerprint. .
❖Multifactor Authentication
❖in addition to the previous two factors, the third factor is “something a user
is.” Examples of a third factor are all biometric such as the user’s voice, hand
configuration, a fingerprint, a retina scan or similar. The most recognized
form of three-factor authentication is usually the retina scan.
9
AUTHENTICATION FACTORS
Authentication factors classically fall into three categories:
Knowledge factors: include things a user must know in order to log in: User
names, IDs, passwords and personal identification numbers (PINs) all fall
into this category. (ONE FACTOR AUTHENTICATION)
Possession factors: include anything a user must have in his possession to
log in. This category includes one-time password tokens (OTP tokens), key
fobs, smartphones with OTP apps, employee ID cards and SIM cards.
(TWO FACTOR AUTHENTICATION)
Inherence factors: include any biological traits the user is that are
confirmed for log in. This category includes the scope of biometrics such
as retina scans, iris scans, fingerprint scans, finger vein scans, facial
recognition, voice recognition, hand geometry and even earlobe geometry.
(THREE/MULTI-FACTOR AUTHENTICATION)
10
Secure Protocol-Basics
A protocol is a set of rules for exchanging messages between 2 or more
entities/parties where a message is a unit of information/data sent from
one entity/party to another as part of a protocol.
A protocol has a number of rounds(>1) and a number of messages(>1)
A round is a basic unit of protocol time:
1. Wake up because of: a) Alarm clock b) Initial start or c) Receive
message(s) from other(s) or Initialization
2. Compute something
3. Send message(s) to others
4. Repeat steps 2-3, if needed
5. Wait for message(s) or sleep until alarm clock
11
One factor Authentication
user knows
UNILATERAL AUTHENTICATION
Client Auth-Req-CIMB BANK-WWW.CIMBCLICKS.MY Server

Auth-RspChallenge-User Name &Password
Entered User Name & Password
Authenticated
DON’T KNOW EITHER SERVER IS LEGITIMATE OR NOT

CHANCES OF PHISHING OR IMPERSONATION IS HIGH
AND CAN CAUSE MAN IN THE MIDDLE ATTACK
Same goes for CLIENT- if spoofing and offline guessing is successful
SERVICES AVAILABILITY
user knows
MUTUAL AUTHENTICATION AUTHENTICATION

Auth-RspChallenge-User Name-
Entered User Name
Matched SECURED WORD– Challenge 2-Enter Password
Entered Password
Authenticated
SECRET WORD WAS ONLY SAVED DURING REGISTRATION

PROCESS AT SERVER, SO ONLY LEGITIMATE SERVER CAN
TELL YOU ABOUT THE SECURE WORD
So in this both parties authenticate each other
user knows
MUTUAL AUTHENTICATION AUTHENTICATION

Entered User Name
Matched SECURED WORD– Challenge 2-Enter Password
Entered Password
Authenticated
SECRET WORD WAS ONLY SAVED DURING REGISTRATION, PROCESS AT SERVER, SO ONLY LEGITIMATE
SERVER CAN TELL YOU ABOUT THE SECURE WORD
TWO WAY PHISHING OR IMPERSONATION IS AGAIN VERY HIGH
FIRST ATTACKER TRY TO DO CRYPTANALYSIS AND DO
SPOOFING (EMAIL SEND THROUGH LINK, USER CLICK THE LINK, AND ATTACKERS GET SOME CREDENTIALS)
AND THEN OFFLINE PASSWORD GUESSING (ONCE PASSWORD GUESSED)
CREATE PHISHING CLIENT TO THE SERVER AND GET HOLD OF THE COMMUNICATION
CALLED MAN IN THE MIDDLE ATTACK
Two factor Authentication
user knows
TWO FACTOR MUTUAL AUTHENTICATION

user
Entered User Name
knows
Matched Registered Phrase – Mutual Authentication- verify- BOB
Challenge 2-Enter Password
Entered Password
Authenticated
For Services Request- Payments user has

One-time Password Send to User (users devices)
User entered the OTP and avail the services
Three factor Authentication
user knows
MULTIFACTOR MUTUAL AUTHENTICATION

Entered User Name user
Matched Registered Phrase – Mutual Authentication- verify- BOB knows
Challenge 2-Enter Password
Entered Password
Authenticated
For Services Request- Payments

One-time Password Send to User (users devices) user has
User entered the OTP and avail the services
Challenge 3- Enter your right index finger- Sometime at airport user is

User Press the Right index fingerprint
AUTHENTICATIONS OVER NETWORKS
(UNDERSTANDING ATTACKS IN NETWORKS) - NETWORK SECURITY
TO PROPER UNDERSTAND ATTACKS ON NETWORKS (NETWORK MEANS

WIRELESS NETWORKS), THE MOST IMPORTANT THING TO UNDERSTAND
IS
“PASSWORD”
12 steps an attacker might try (start w/ ‘most
probable’ guesses)
1) No password
2) Same as user ID
3) User’s name or derived from it
4) Common word list plus common names and patterns
▪ Ex. common patterns: ‘asdfg’ – consecutive keyboard keys, ‘aaaa’
5) Short college dictionary
6) Complete English word list
7) Common non-English language dictionaries
8) Short college dictionary with capitalizations & substitutions
▪ E.g. PaSsWoRd, pa$$w0rd
▪ Substitutions include: a -> @, e -> 3, i/l -> 1, o -> 0, s -> $, ...
9) Complete English with capitalization and substitutions
10) Common non-English dictionaries with capitalization and substitutions
11) Brute force, lowercase alphabetic characters
12) Brute force, full character set
13) System Search using Sniffing and Spoofing
18
1. Previously Password is save as 2. Later, Password was
encrypted using any 4. CHANCES to get same Password is high, so it is advisable
Plaintext but protecting by Access
encryption algorithm, usually to use SALT value, for example, Alice Password & Bob
Control.
entire table or specific Password same, so we hashed Alice password plus any Salt
Memory dump and searching for
columns are encrypted. Value and then store in database.
pwd table
Get pwd table from system backups Penetrate Memory or H(pwdAlice+saltAlice)]
Backups often include no file Finding the key become
protection – security of backups Possible
relies on physical security
Get pwd file by attacking disk
3. DURING REGISTRATION
PROCESS
Enter Password
H(Password)
SAVE IN DATABASE
5. SNIFFING, SPOOFING, IMPERSONATIONS ETC

ATTACKER GET THE PASSWORD LISTS INCLUDING ALL OTHER CREDENTIALS
EXAMPLE
E.g: Click the Link- Attacker Install Malware, Malware later do System Search,
List of Potential Passwords LIST OF PASSWORDS IN Get the Hashed Password File.
HASH VALUES
6. WRITE SCRIPT TO TRANSFORM WORD BY WORD IN SEQUENTIAL THE LIST OF

PASSWORD AND HASH THE VALUES
X1 AND SEE EITHER ANY VALUES CONCIDE IN THE AVAILABLE HASH VALUES
ABC123 X2 (BRUTE FORCE ATTACK(Dictionary Attack))
122456 X3
HUHUJYJ X4
NJHUYHG X5
NJUHYHG X6
7. IF SAY H(JUHUNNM) = X7
JUHUB X7
Which means
JUHUNNM .
JUHUNNM is the potential passwords, so later attacker will
.
use this password to get control of the link
.
XN
IMPERSONATION ATTACK, REPLAY ATTACK,
DENIAL OF SERVICE ATTACK &
MAN IN THE MIDDLE ATTACK
VICTIM SERVER
ORIGINAL CONNECTION
LINK SNIFFING, SPOOFING

OFFLINE PASSWORD
GUESSING
BRUTE FORCE ATTACK
ATTACKER
(DICTIONARY ATTACK)
IMPERSONATION ATTACK IMPERSONATE LEGITIMATE
USER (VICTIM) REPLAY MESSAGE
GET CHALLENGE MESSAGE
USE GUESSED PASSORD- IF SEVERAL REPLAY ATTACK, USUALLY 20

FAILED REDO ALL PROCESS TIMES OR SIMETIME ITS ONLY 3 TIMES,
TYPICAL REPLAY ATTACK THE SERVER WILL EXHAUST (DOING
UNNECESSARY COMPUTIOANL) THUS
WILL DENY THE LEGITIMATE USER FOR
THE SERVICE REQUEST
USE GUESSED PASSWORD- IF SUCCESSFUL MAN IN THE MIDDLE ATTACK
EXAMPLE-FACEBOOK WRONG
PASSWORD ENTER...
EXAMPLE OF AUTHENTICATION PROTOCOLS AND VULNERABILITIES
ALICE BOB
[IDA]KB
Alice send her IDENTITY encrypted with BOB public key
ATTACKER/ADVERSARY
TO DEAL WITH MODIFICATION & IMPERSONATION
Minus sign means

ALICE Encrypted with Private key BOB
Encrypted with Public key, In literature there is sometime PLUS sign
[[IDA , H(IDA)]KA-]KB +,
KB Uusally we ignore the Plus sign for public key encryption
Alice send her IDENTITY together with Hashed of identity, encrypted by Alice private key and encrypt the whole message with BOB public
key
ATTACKER/ADVERSARY
TO DEAL WITH REPLAY ATTACK
ALICE BOB
[[IDA ,TS ,H(IDA, TS)]KA-]KB e1
Alice send her IDENTITY together with Timestamps & Hashed of identity, and Timestamps, AND encrypted by Alice private key and encrypt
the whole message with BOB public key
e2 e1>e2
ATTACKER/ADVERSARY
UNILATERAL AUTHENTICATION
ALICE BOB
[[IDA ,TSA ,H(IDA, TSA)]KA-]KB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CH]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CH’]KA
AUTHORIZED
SECURITY
ANALYSIS
ALICE BOB
[[IDA ,TSA ,H(IDA, TSA)]KA-]KB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CH]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CH’]KA
AUTHORIZED
ITS UNILATERAL AUTHENTICATION, ONLY BOB AUTHENTICATE ALICE

CHANCES OF MAN IN THE MIDDLE ATTACK
MUTUAL AUTHENTICATION
ALICE BOB
[[IDA ,TSA ,H(IDA, TSA)]KA- CHA]KB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA’,CHB]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1,CHB’]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1’,CHB1, AK]K
AUTHORIZED
ITS MUTUAL AUTHENTICATION

SECURITY
ANALYSIS
ALICE BOB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1’,CHB1, AK]K
AUTHORIZED
Password Guessing
ITS MUTUAL AUTHENTICATION is still Possible
TWO FACTOR MUTUAL AUT
ALICE BOB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1’,CHB1,ACK
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12,CHB1’, REQ]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12, OTP]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12’, OTP’]KA
AUTHORIZED
SECURITY
High Level Authentication Protocol ANALYSIS
Mostly Online Banking System is Using
Two factor Authentication
However, still chances to get OTP, theft of mobile devices is there.
ALICE BOB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1’,CHB1,ACK
AUTHORIZED
MULTI FACTOR MUTUAL AU
ALICE [[IDA ,TSA ,H(IDA, TSA)]KA- CHA]KB BOB

[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA1’,CHB1,ACK]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12,CHB1’, REQ’]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12, OTP,B]KA
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12’, OTP’, B’]K
AUTHORIZED
SECURITY
No More Lightweight- High authentication overhead and ANALYSIS
High Computational Cost

AUTHORIZED
AUTHENTICATION OVERHEAD
TEN MESSAGE IS TRANSFFERED TO GET
THE SERVICE- USUALLY TRANSFERRING
LESS NUMBER OF MESSAGE IS
ADVISABLE

AUTHORIZED
COMPUTATIONAL
AROUND COST 60
ROUGHLY
COMPUTATIONS
IT IS ADVISABLE TO HAVE
LIGHTWEIGTH
AUTHENTICATION
ALICE [[IDA ,TSA ,H(IDA, TSA)]KAPROTOCOL
- CH ]
A KB BOB
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12, OTP,B]K
[[IDA ,TSA , IDB ,TSB H(IDA, TSA, IDB ,TSB )]KB- CHA12’,CHB12’, OTP’, B’]
AUTHORIZED
2019
EVALUATE
1-TYPE OF AUTHENTICATION PR
2- ATTACKS POSSIBLE & MITIGA
3- AUTHENTICATION OVERHEAD
4-COMPUTATIONAL COST
SOME BASIC FACTORS
USERNAME
PASSWORD
RANDOM NUMBER
CHALLENGE
TIMESTAMPS
ONE TIME PASSWORD
BIOMETRICS
SUPPORTING SLIDES-LITEARTURE
REVIEW
Search system list of pwds
▪System must keep list of passwords to authenticate logging users
▪Attacker may try to capture pwd list
▪Pwd lists:
1) Plaintext system pwd file
2) Encrypted pwd file
a. Conventional encryption
b. One-way encryption
1) Plaintext system pwd file
▪ Protected w/ strong access controls
▪ Only OS can access it
▪ Better: only some OS modules that really need access to pwd list can
access it
▪ Otherwise any OS penetration is pwd file penetration
▪ Attacker’s ways of getting plaintext pwd files:

▪ Memory dump and searching for pwd table
▪ Get pwd table from system backups
▪ Backups often include no file protection – security of backups relies on physical security
an access controls
▪ Get pwd file by attacking disk
2) Encrypted pwd file
▪Two approaches:
a. Conventional encryption / b. One-way encryption
a.Conventional encryption
▪ Encrypts entire pwd table
OR
encrypts pwd column of pwd table
▪Pwd comparison procedure:

▪ When logging principal provides (cleartext) pwd, OS decrypts pwd from pwd table
▪ OS compares principal’s (clrtxt) pwd w/ decrypted pwd
▪Exposure 1: when decrypted pwd is for an instant in memory

▪ Attacker who penetrates memory can get it
▪Exposure 2: attacker finding encryption key
b. One-way encryption (hashing)
▪Better solution - no pwd exposure in memory
▪Pwd encrypted w/ one-way hash function and store
▪Pwd comparison procedure:
▪ When logging principal provides (cleartext) pwd, OS hashes principal’s pwd (w/ one-way
encryption)
▪ Hash of principal’s pwd is compared with pwd hash from pwd table
▪Advantages of one-way encryption:

▪ Pwd file can be stored in plain view
▪ Backup files not a problem any more
Problem: If Alice and Bill selected the same pwd (e.g., Kalamazoo) and Bill
◼
reads pwd file (stored in plain view), Bill learns Alice’s pwd
◼ Solution: salt value is used to perturb hash function

◼ Hashed value and salt stored in pwd table:
◼ [Alice, saltAlice, H(pwdAlice+saltAlice)] stored for Alice

◼ [Bill, saltBill, H(pwdBill+saltBill)] stored for Bill
=> hashed Alice’s pwd ≠ hashed Bill’s pwd (even if pwdAlice = pwdBill)
◼ When Principal X logs in, system gets saltX and calculates E(pwdX+saltX)
If result is the same as hash stored for X, X is authenticated
HOW PASSWORD GUESSING
OCCUR
Sniffing
Sniffers work by
◦ examining streams of data packets that flow between computers on a network as well as
between networked computers and the larger Internet.
◦ allows IT professionals, end users or malicious intruders to examine any packet, regardless of
destination.
It's possible to configure sniffers in two ways. The first is "unfiltered," meaning they
will capture all packets possible and write them to a local hard drive for later
examination. Next is "filtered" mode, meaning analyzers will only capture packets
that contain specific data elements.
Packet sniffers can be used on both wired and wireless networks — their efficacy
depends on how much they are able to "see" as a result of network security
protocols. On a wired network, sniffers might have access to the packets of every
connected machine or may be limited by the placement of network switches. On a
wireless network, most sniffers can only scan one channel at a time, but the use of
multiple wireless interfaces can expand this capability.
Using a sniffer, it's possible to capture almost any information — for example, which
websites that a user visits, what is viewed on the site, the contents and destination
of any email along with details about any downloaded files.
Protocol analyzers are often used by companies to keep track of network use by
employees and are also a part of many reputable antivirus software packages.
It's worth noting, however, that these analyzers can also be used for malicious
purposes. If a user is convinced to download malware-laden email attachments or
infected files from a website, it's possible for an unauthorized packet sniffer to be
installed on a corporate network. Once in place, the packet sniffer can record any
data transmitted and send it to a command and control (C&C) server for further
analysis. It's then possible for hackers to attempt packet injection or man-in-the-
middle attacks, along with compromising any data that was not encrypted before
being sent.
Proper use of packet sniffers can help clean up network traffic and limit malware
infections; to protect against malicious use, however, intelligent security software is
required.
Email spoofing
Email spoofing is a technique used in spam and phishing attacks to trick
users into thinking a message came from a person or entity they either
know or can trust.
In spoofing attacks, the sender forges email headers so that client
software displays the fraudulent sender address. If it’s a name they
recognize, they’re more likely to trust it. So they’ll click malicious links,
open malware attachments, send sensitive data and even wire
corporate funds.
Recipient servers and antimalware software can help detect and filter
spoofed messages. Unfortunately, not every email service has security
protocols in place. Still, users can review email headers packaged with
every message to determine whether the sender address is forged.
They attempt to gain your trust so you will click on a link to a fraudulent
website, share private information, or open an attachment on your phone,
tablet or computer.
Clicking on a phishing link or opening an attachment in one of these
messages may install malware, like viruses, spyware or ransomware, on
your device. This is all done behind the scenes, so it is undetectable to the
average user. Once the malware has been installed, it could harvest your
sensitive information, send out more phishing emails to contacts in your
address book or provide a scammer with remote access to your device.
Unfortunately, phishing messages are becoming harder and harder to
identify. Since these scams are becoming increasingly sophisticated, there is
a high probability either you or someone who uses your devices will fall
victim to phishing at some point. For tips on how to protect yourself from
these messages, read How to Spot a Phishing Email.
Offline guessing
Sniffing and Spoofing and get the credentials (hashed passwords)
Dictionary attack
During a dictionary attack, a program systematically enters words from a list
as passwords to gain access to a system, account, or encrypted file. A
dictionary attack can be performed both online and offline.
In an online attack, the attacker repeatedly tries to log in or gain access like
any other user. This type of attack works better if the hacker has a list of
likely passwords. If the attack takes too long, it might get noticed by a
system administrator or the original user.
During an offline attack, however, there are no network limitations to how
many times you can guess the password. To do it, hackers need to get their
hands on the password storage file from the system they want to access, so
it’s more complicated than an online attack. But once they have the correct
password, they will be able to log in without anyone noticing.
Brute force attacks are also used to guess passwords. They mostly rely on
the computing power of the attacker’s computer. During a brute force
attack, a program also automatically enters combinations of letters,
symbols, and numbers, but in this case, they are entirely random. Brute
force attacks can also be performed online and offline.
However, there are 1,022,000 words in the English language. By using the
alphabet and numbers 0-9, you can make 218,340,105,584,896 eight-
character passwords. In this case, a dictionary attack is much more likely to
succeed, given that the password will be a simple English word. And it will
most likely be a simple English word. A basic brute force attack would take
much more time and is less likely to be successful.
Dictionary attacks are brute force attacks in nature. The only difference is
that dictionary attacks are more efficient – they usually don’t need to try as
many combinations to succeed. However, if the password is a truly unique
one, a dictionary attack won’t work. In that case, using brute force is the
only option.
Q&A
References
Adapted from Prof. Dr. Steven Furnell, University of Plymouth, 2005, UK
49
50

Lectures 1 Merged

Uploaded by

Copyright:

Available Formats

Lectures 1 Merged

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lectures 1 Merged

Uploaded by

Copyright:

Available Formats

Computer Security

“Computer security is the protection of a company’s assets

◦Viruses, worms, Trojan Horses

The impacts of these can be far-reaching . . .

What are the principal reasons for security?

Logical / System / Technical

Consider two different communicating nodes/participating devices/client-server.

Communication Requirements or Security Requirements?

see & alter their communication

Communication Requirements or Security Requirements? Confidentiality Integrity

Protection from passive attack.

Sometimes called secrecy or privacy.

Protect the traffic flow from analysis

CONFIDENTIALITY INTEGRITY AVAILABILITY NON-REPUDIATION

To me as a researcher, there is no other things

INTERCEPTION INTERRUPTION FABRICATION

SOFTWARE Fabrication DATA

STUDY OF CRYPTOGRAPHY IS CRYTOLOGY

Cryptology = Cryptography + Cryptanalysis

ENCRYPT/DECRYPT –DIFFERENT KEY (ASYMMETRIC ENCRYPTION)

Cryptology = Cryptography + Cryptanalysis

Security improved by using a key :

◼ P = <p1, p2, ..., pn> pi = i-th char of P

◼ C = <c1, c2, ..., cn> ci = i-th char of C

◼ i.e., able to get the original message back

e.g. P = 110101, K = 101010

Use of transposition matrix is more secure

Ciphertext RTESCE ISIBLETJOCYEVUSCERUT

E.g. Caesar Cipher (3 place offset in alphabet)

Keyless Keyed cryptosystems

◼ If > 1 key, C dissipates high frequency chars

1. Needed degree of secrecy should determine amount of labor

(cf. Principle of Adequate Protection)

◼ E not too complex (cf. Principle of Effectiveness)

4. Propagation of errors should be limited

◼ One error should not invlidate the whole C

(None of the 4 Principles — Missing? — Invent a new Principle?)

5. Size / storage of C should be restricted

◼ More text is more data for cryptanalysts to work with

◼ Need more space for storage, more time to send

(cf. Principle of Effectiveness)

hides well relationship between P “+” K, and C

◼ Need an efficient key distribution infrastructure

◼ A separate key needed for each communicating S-R

◼ Asymmetric encryption = public key encryption (PKE)

◼ PKE systems eliminate symmetric encr. problems

◼ R can distribute the correspoding public key KE to anybody who wants to

◼ Can even post the key on an open Web site — it is public!

◼ Only private KD can decode msgs encoded with public KE!

◼ Only owner of KD can decode

Key: K (= KD = KE) ◼ Key pair: < KE, KD >, KD ≠ KE

K kept secret ◼ KD kept secret

◼ Private key must be carefully managed in both SE and PKE

Keys can expire - e.g. to take a key

◼ Public key must be carefully distributed in PKE systems

How Does PKI Secure Message?

During your initial registration process at UNIMAS VERIFICATION3

In Return they will give you CA

How Does PKI Secure Message?

(PT) CONFIDENTIALITY- ENCRYPTION/DECRYPTION (PT)