CRYPTOGRAPHY

AND
NETWORK SECURITY
UNIT - I

Computer Security
It

is the protection afforded to an

automated information system in order to
attain the applicable objectives of
preserving the integrity, availability and
confidentiality of information system
resources (includes hardware, software,
firmware,
information/data,
and
telecommunications)

Key Security Concepts

Levels of Impact
Levels

of security defines 3 levels of

impact from a security breach

Low
Moderate
High

Low Impact

The loss could be expected to have a limited adverse effect on

organizational
operations,
organizational
assets,
or
individuals.
A limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might
(i)
Cause a degradation in mission capability to an extent
and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is
noticeably reduced;
(ii)
Result in minor damage to organizational assets;
(iii)
Result in minor financial loss; or
(iv)
Result in minor harm to individuals.

Moderate Impact
The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals.
A serious adverse effect means that, for example, the loss
might

(i)

(ii)
(iii)
(iv)

Cause a significant degradation in mission capability to an

extent and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is
significantly reduced;
Result in significant damage to organizational assets;
Result in significant financial loss; or
Result in significant harm to individuals that does not involve
loss of life or serious, life-threatening injuries.

High Impact
The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational
assets, or individuals.
A severe or catastrophic adverse effect means that, for
example, the loss might
(i)
Cause a severe degradation in or loss of mission
capability to an extent and duration that the organization is
not able to perform one or more of its primary functions;
(ii)
Result in major damage to organizational assets;
(iii)
Result in major financial loss; or
(iv)
Result in severe or catastrophic harm to individuals
involving loss of life or serious life threatening injuries.

Security Requirements
Confidentiality student grades
Integrity patient information
Availability authentication service
Authenticity admission ticket
Non-repudiation stock sell order

Aspects of Security
consider 3 aspects of information security:

Security attack
Security mechanism (control)
Security service

Terms

Threat a potential for violation of security

Vulnerability a way by which loss can happen
Attack an assault on system security, a
deliberate attempt to evade security services

Passive Attack - Interception

Passive Attack: Traffic Analysis

Observe traffic pattern

Active Attack: Interruption

Block delivery of message

Active Attack: Fabrication

Fabricate message

Active Attack: Replay

Active Attack: Modification

Modify message

Handling Attacks

Passive attacks focus on Prevention

Easy to stop
Hard to detect

Active attacks focus on Detection and

Recovery
Hard to stop
Easy to detect

Security Service

Enhance security of data processing systems

and information transfers of an organization
Intended to counter security attacks
Using one or more security mechanisms
Often replicates functions normally associated
with physical documents
which, for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be notarized or witnessed; be
recorded or licensed

Security Services
X.800:

a service provided by a protocol layer of

communicating open systems, which ensures
adequate security of the systems or of data
transfers
RFC 2828:

a processing or communication service

provided by a system to give a specific kind of
protection to system resources

Security Services (X.800)

Authentication - assurance that communicating

entity is the one claimed

have both peer-entity & data origin authentication

Access Control - prevention of the unauthorized

use of a resource
Data Confidentiality protection of data from
unauthorized disclosure
Data Integrity - assurance that data received is
as sent by an authorized entity
Non-Repudiation - protection against denial by
one of the parties in a communication
Availability resource accessible/usable

Security Mechanism
feature

designed to detect, prevent, or

recover from a security attack
no single mechanism that will support all
services required
however one particular element underlies
many of the security mechanisms in use:

cryptographic techniques

Security Mechanisms (X.800)

specific security mechanisms:

Encipherment, digital signatures, access

controls,
data
integrity,
authentication
exchange, traffic padding, routing control,
notarization

pervasive security mechanisms:

Trusted functionality, security labels, event

detection, security audit trails, security
recovery

Model for Network Security

Model for Network Security

using this model requires us to:

1.

2.

3.

4.

design a suitable algorithm for the security

transformation
generate the secret information (keys) used
by the algorithm
develop methods to distribute and share the
secret information
specify a protocol enabling the principals to
use
the
transformation
and
secret
information for a security service

Model for Network Access

Security

Model for Network Access

Security

using this model requires us to:

select appropriate gatekeeper functions to
identify users
implement security controls to ensure only
authorised
users
access
designated
information or resources

1.

2.

note that model does not include:

1.

2.
3.

monitoring of system for successful

penetration
monitoring of authorized users for misuse
audit logging for forensic uses, etc.

DOS (DENIAL-OF-SERVICE) ATTACK

DDOS (DISTRIBUTED DENIALOF-SERVICE) ATTACK

SESSION HIJACKING
It means stealing of the session-id and using it to impersonate and
access data
It is a passive attack and is difficult to detect

Attack Methods

Guessing Session Id

Session Fixing

same subnet as client or server

Man in the Middle Attack (SSL)

trusting private networks, vulnerabilites in web servers, etc

Session Sniffing (typical on non SSL sessions)

predictable, session created before authenticated

Security Vulnerabilities in Hops

shorter length, predictable

ARP Poisoning, DNS Spoofing

Cross Site Scripting (XSS)

User trusting source, application vulnerability

Session Sniffing

Defence Methods

Educating the users

Using high entropy in session id generation (see Tomcat e.g.)

reduce window of vulnerability

Using Context data for validating session-ids.

limit damage if session is hijacked

Re-generating session-ids

difficult to sniff

Forcing Re-authentication or step-up authentication

reduce window of vulnerability

Using SSL for all communications

Higher the entropy more difficult to predict

Timing out sessions

Paying attention to https vs. non-https

Properly signing out
Not clicking on links but copying and pasting them.

make it difficult to use a hijacked id

Input validation

prevent XSS and other vulnerabilities

SPOOFING
Spoofing

attack is an attack in which one

person masquerades as another by
falsifying data and gain the legitimate
advantage. It may by IP spoofing or man-inmiddle attack.
Types:

Protocol Spoofing
DNS Spoofing
MAC Spoofing

PROTOCOL SPOOFING

DNS SPOOFING

MAC SPOOFING

SOFTWARE VULNERABILITIES
BUFFER OVERFLOW
HEAP OVERFLOW
FORMAT STRING VULNERABILITIES

BUFFER OVERFLOW
Lower
memory
addresses

Higher
memory
addresses

A process in memory:
- text (Program code; marked
read-only, so any attempts to
write to it will result in
segmentation fault)
- data segment (Global and
static variables)
- stack (Dynamic variables)
The process is blocked and is
rescheduled to run again with a
larger memory space if the user
attack exhausts available memory.

Stack Basics

A stack is contiguous block of memory containing data.

Stack pointer (SP) a register that points to the top of
the stack.
The bottom of the stack is at fixed address.
Its size is dynamically adjusted by kernel at run time.
CPU implements instructions to PUSH onto and POP off
the stack.

Stack Basics
Lower memory
addresses

A stack consists of logical stack frames

that are pushed when calling a function
and popped when returning. Frame pointer
(FP) points to a fixed location within a frame.

When a function is called, the return

address, stack frame pointer and the
variables are pushed on the stack (in
that order).

So the return address has a higher

address as the buffer.

When we overflow the buffer, the return

address will be overwritten.

High memory
addresses

void function(){

return;
}
void main(){
..
Function();
..
}

Another Example Code

void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
}
void main(){
function(1,2,3);
}

Stack layout for the example

code
bottom of
memory
buffer2
<------ [
Top of stack

top of
memory
buffer1 sfp ret a b c
][
][ ][ ][ ][ ][ ]
bottom of stack

General Form of Security Attack Achieves Two

Goals:
1. Inject the attack code, which is typically a
small sequence of instructions that spawns a
shell, into a running process.
2. Change the execution path of the running
process to execute the attack code.
Overflowing stack buffers can achieve both
goals simultaneously.

How can we place arbitrary

instruction into its address
space?

-place the code that you are trying to

execute in the buffer we are overflowing,
and overwrite the return address so it
points back into the buffer.

We want:
bottom of
memory

top of
memory

DDDDDDDEEEEEEEEEEEE EEEE FFFF FFFF FFFF FFFF

89ABCDEF0123456789AB CDEF 0123 4567 89AB CDEF
buffer
sfp ret a
b
c
<---- [SSSSSSSSSSSSSSSSSSS] [SSSS][0xD8][0x01][0x02][0x03]
^
|
|____________________________|
top of
stack

bottom of
stack

(i) Before the attack

(ii) after injecting the attack

(iii) executing the attack

code

HEAP OVERFLOW
A heap overflow is a type of buffer overflow that
occurs in the heap data area.

Format String Vulnerabilities

The Format functions
Functionality

used to convert simple C datatypes to

a string representation
allow to specify the format of the
representation
process the resulting string (output to
stderr, stdout, syslog, ...)

The Format Functions(Cont.)

How

the format function works

the format string controls the behaviour of the

function
it specifies the type of parameters that should
be printed
parameters are saved on the stack (pushed)
saved either directly (by value), or indirectly (by
reference)

The calling function

has to know how many parameters it pushes to
the stack, since it has to do the stack
correction, when the format function returns

The Format Functions(Cont)

Some format parameters
parameter

output

passed as

%d

decimal (int)

value

%u

unsigned decimal
(unsigned int)
hexadecimal (unsigned
int)
string ((const) (unsigned)
char *)

value

number of bytes written

so far, (* int)

reference

%x
%s
%n

value
reference

The Format Funtions(Cont)

The stack and its role at format strings
printf ("Number %d has no address, number %d
has:%08x\n
A
address of the format
, i, a, &a);
string

value of the variable i

value of the variable a

&a

address of the variable i

Format String Vulnerabilities

Vulnerable Type
Viewing Process Memory
Exploitation

Vulnerable Type

Type 1:

char tmpbuf[512];
snprintf (tmpbuf, sizeof (tmpbuf), "foo: %s", user);
tmpbuf[sizeof (tmpbuf) - 1] = \0;
syslog (LOG_NOTICE, tmpbuf);

Type 2:

int Error (char *fmt, ...);

int someotherfunc (char *user)
{
Error (user);
}

Vulnerable Type(Solution)
Type 1:

pscan or TESOgcc tools

Type 2:

Manual check if format funtion or not.

Viewing Process Memory

printf(AAA0_%08x.%08x.%08x.%08x.

%08x.%08x.%08x.%08x);
AAA0_08048560.4000d360.40027154.
30414141.3830255f.30252e78.252e7838
.2e783830

Exploitation
Primarily

concept: to change return

address (Instrument Pointer).
Exploit method

Similar to common buffer overflows

Through pure format strings

SQL INJECTION
SQL Injection is a technique that can be
used to attack on data driven applications.
It will occurs when developers fails to
validate user input before using it to query
a relational database. This is mostly
known as an attack for websites but can
be used to attack any type of SQL
database.

PHISHING
Phishing

is an act of attempting to acquire

information such as username, password
and credit cart details by acting as a
legitimate
entity
in
an
electronic
communication. Phishing technique was
described in 1987.

BASICS OF CRYPTOGRAPHY
Deciphering

or decryption:
plaintext from ciphertext

Decryption algorithm:

recovering

performs decryption

Two inputs: ciphertext and secret key

Secret key:

same key used for encryption

and decryption

Also referred to as a symmetric key

 Cipher or cryptographic system

: a scheme

for encryption and decryption

Cryptography:

science of studying ciphers

Cryptanalysis:

science of studying attacks

against cryptographic systems

Cryptology:

cryptography + cryptanalysis

61

Ciphers

Symmetric cipher: same key used for

encryption and decryption

Block cipher: encrypts a block of plaintext at a

time (typically 64 or 128 bits)

Stream cipher: encrypts data one bit or one byte

at a time

Asymmetric cipher: different keys used for

encryption and decryption
62

Symmetric Encryption
or conventional /

secret-key / single-key
sender and recipient share a common key
all classical encryption algorithms are
symmetric
The only type of ciphers prior to the
invention of asymmetric-key ciphers in
1970s
by far most widely used
63

SYMMETRIC CIPHER MODEL

Requirements
two requirements for secure use of

symmetric encryption:

a strong encryption algorithm

a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)

assume encryption algorithm

is known
implies a secure channel to distribute key

Cryptography
can characterize by:

type of encryption operations used

substitution / transposition / product

number of keys used

single-key or private / two-key or public

way in which plaintext is processed

block / stream

Classical Substitution Ciphers

where

letters of plaintext are replaced by

other letters or by numbers or symbols
or if plaintext is viewed as a sequence of
bits, then substitution involves replacing
plaintext bit patterns with ciphertext bit
patterns

Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter on
example:

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

Caesar Cipher
can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

mathematically give each letter a number

a b c
0 1 2
n o
13 14

d e f
3 4 5
p q
15 16

g h i
6 7 8
r s
17 18

j k l m
9 10 11 12
t u v w x y Z
19 20 21 22 23 24 25

then have Caesar cipher as:

C = E(p) = (p + k) mod (26)

p = D(C) = (C k) mod (26)

Cryptanalysis of Caesar
Cipher

only have 26 possible ciphers

A maps to A,B,..Z

could simply try each in turn

a brute force search
given ciphertext, just try all shifts of letters
do need to recognize when have plaintext
eg. break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Cipher

rather than just shifting the alphabet

could shuffle (jumble) the letters arbitrarily
each plaintext letter maps to a different random
ciphertext letter
hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher
Security

now have a total of 26! = 4 x 1026 keys

with so many keys, might think is secure
but would be

!!!WRONG!!!
problem is language characteristics

Language Redundancy and

Cryptanalysis

human languages are redundant

eg "th lrd s m shphrd shll nt wnt"
letters are not equally commonly used
in English e is by far the most common letter
then T,R,N,I,O,A,S
other letters are fairly rare
cf. Z,J,K,Q,X
have tables of single, double & triple letter
frequencies

English Letter Frequencies

Use in Cryptanalysis

key concept - monoalphabetic substitution

ciphers do not change relative letter frequencies
discovered by Arabian scientists in 9th century
calculate letter frequencies for ciphertext
compare counts/plots against known values
if Caesar cipher look for common peaks/troughs

peaks at: A-E-I triple, NO pair, RST triple

troughs at: JK, X-Z

for monoalphabetic must identify each letter

tables of common double/triple letters help

Playfair Cipher
not even the large number of keys in a

monoalphabetic cipher provides security

one approach to improving security was to
encrypt multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854,
but named after his friend Baron Playfair

Playfair Key Matrix

a 5X5 matrix of letters based on a

keyword
fill in letters of keyword (sans duplicates)
fill rest of matrix with other letters
eg. using the keyword MONARCHY
MONAR
CHYBD
EFGIK
LPQST
UVWXZ

Encrypting and Decrypting

plaintext encrypted two letters at a time:

1.

2.

3.

4.

if a pair is a repeated letter, insert a filler like 'X',

eg. "balloon" encrypts as "ba lx lo on"
if both letters fall in the same row, replace each with
letter to right (wrapping back to start from end),
eg. ar" encrypts as "RM"
if both letters fall in the same column, replace each
with the letter below it (again wrapping to top from
bottom), eg. mu" encrypts to "CM"
otherwise each letter is replaced by the one in its
row in the column of the other letter of the pair, eg.
hs" encrypts to "BP", and ea" to "IM" or "JM" (as
desired)

Security of the Playfair Cipher

security much improved over monoalphabetic

since have 26 x 26 = 676 digrams
would need a 676 entry frequency table to
analyse (verses 26 for a monoalphabetic)
and correspondingly more ciphertext
was widely used for many years (eg. US &
British military in WW1)
it can be broken, given a few hundred letters
since still has much of plaintext structure

Polyalphabetic Ciphers

another approach to improving security is to use

multiple cipher alphabets
called polyalphabetic substitution ciphers
makes cryptanalysis harder with more alphabets
to guess and flatter frequency distribution
use a key to select which alphabet is used for
each letter of the message
use each alphabet in turn
repeat from start after end of key is reached

Vigenre Cipher
simplest polyalphabetic substitution cipher

is the Vigenre Cipher

effectively multiple caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith letter specifies ith alphabet to use
use each alphabet in turn
repeat from start after d letters in message
decryption simply works in reverse

Example

write the plaintext out

write the keyword repeated above it
use each key letter as a caesar cipher key
encrypt the corresponding plaintext letter
eg using keyword deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Security of Vigenre Ciphers

have multiple ciphertext letters for each

plaintext letter
hence letter frequencies are obscured
but not totally lost
start with letter frequencies

see if look monoalphabetic or not

if not, then need to determine number of

alphabets, since then can attach each

One-Time Pad
if a truly random

key as long as the

message is used, the cipher will be secure
called a One-Time pad
is unbreakable since ciphertext bears no
statistical relationship to the plaintext
since for any plaintext & any ciphertext
there exists a key mapping one to other
can only use the key once though
have problem of safe distribution of key

Transposition Ciphers
now consider classical

transposition or

permutation ciphers
these hide the message by rearranging
the letter order
without altering the actual letters used
can recognise these since have the same
frequency distribution as the original text

Rail Fence cipher

write message letters out diagonally over

a number of rows
then read off cipher row by row
eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t

giving ciphertext
MEMATRHTGPRYETEFETEOAAT

Row Transposition Ciphers

a more complex scheme
write letters of message out in rows over a

specified number of columns

then reorder the columns according to
some key before reading off the rows
Key:
3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Rotor Machines

before modern ciphers, rotor machines were

most common product cipher
were widely used in WW2

German Enigma, Allied Hagelin, Japanese Purple

implemented a very complex, varying

substitution cipher
used a series of cylinders, each giving one
substitution, which rotated and changed after
each letter was encrypted
with 3 cylinders have 263=17576 alphabets

Steganography
an alternative to encryption
hides existence of message

using only a subset of letters/words in a

longer message marked in some way
using invisible ink
hiding in LSB in graphic image or sound file

has drawbacks

high overhead to hide relatively few info bits

Other Cipher Properties

Confusion
Diffusion

Confusion and Diffusion

cipher needs to completely obscure statistical properties of

original message
a one-time pad does this
more practically Shannon suggested combining elements
to obtain:
diffusion dissipates statistical structure of plaintext over
bulk of ciphertext
confusion makes relationship between ciphertext and
key as complex as possible

Fall, 2005

CPSC499 Information Security Management

Block and Stream Ciphers

block ciphers process messages

into
blocks, each of which is then en/decrypted
like a substitution on very big characters

64-bits or more

stream ciphers

process messages a bit or

byte at a time when en/decrypting
many current ciphers are block ciphers
hence are focus of course

Block Ciphers

Operates on a single chunk (block) of plaintext

For example, 64 bits for DES
Same key is reused for each block (can use short keys)
Result should look like a random permutation
As if plaintext bits were randomly shuffled
Only computational guarantee of secrecy
Not impossible to break, just very expensive
If there is no efficient algorithm (unproven
assumption!), then can only break by brute-force,
try-every-possible-key search
Time/cost of breaking the cipher exceeds the value
and/or useful lifetime of protected information

Permutation

1
2
3
4

1
2
3
4

CODE becomes DCEO

For N-bit input, N! possible permutations

Idea: split plaintext into blocks, for each block use secret
key to pick a permutation, rinse and repeat
Without the key, permutation should look random

Block Cipher Operation

Block of plaintext
S

repeat for several rounds

Block of ciphertext

Key
Add some secret
key bits
toS-box
provide
Each
permutes
confusion
its input bits in a
random-looking way
to provide diffusion
(spread plaintext bits
throughout ciphertext)
Procedure must be
reversible
(for decryption)

Block Cipher Principles

needed since must be able to decrypt ciphertext

to recover messages efficiently
block ciphers look like an extremely large
substitution
instead create from smaller building blocks

using idea of a product cipher