Data Security

Understanding Data Communications and Understanding Data Communications and Networks – Networks – William A. Shay William A. Shay (3E)(3E)

Data Security

Data Security‘To ensure that the data is received meaningfullyonly by the intended recipient’Approach – Alter (encrypt) the message (un-intelligible even if intercepted)

- Algorithms- Public key encryption- Secure Transfer over internet

Data SecurityDefinitions:Definitions:‘Changing the encrypted data into its original form – decryption’Plaintext P- original formCipher-text C - encrypted data

Encryption algorithm and key Ek, changes P to CC = Ek(P), Decryption algorithm and key Dk’, changes C to PP = Dk’(C), in many cases k = k’

Data SecurityMono-alphabetic cipher:Mono-alphabetic cipher:‘Replaces each plaintext character with another’- Add 1 to ASCII code of each character- A turns into B, B to C, …- Simple but Rarely used in serious applications- Relatively easy to decipher- Commonly used letters: E, T, O, A, N => if

certain letters appear frequently in cipher-text, probably it is one of these (than Q or Z)

Data SecurityMono-alphabetic cipher:Mono-alphabetic cipher:P = PLEASE ADD MONEY TOC = {;RSDR\SFF\,PMRU\YP\=> \ 4 times=> S Twice => R Thrice=> P TwiceThey may be substitutions of common characters, even blank spaces

Data SecurityMono-alphabetic cipher:Mono-alphabetic cipher:‘Try various combinations of common ones’{;EADE\AFF\,ONEU\YO…(R by E, S by A, P by O)“Replace ‘\’ by blank spaces”{;EADE AFF ,ONEU YOClues: ‘Two letter word ends with O, Three letter

word begins with A followed by repeated letter’{;EADE ADD ,ONEU TO=> With educated guesses, message can be

decrypted

Data SecurityMono-alphabetic cipher:Mono-alphabetic cipher:Drawbacks: preserving particular letter

sequences, frequency with which letters occurPoly-alphabetic Cipher:Poly-alphabetic Cipher:‘Change the frequencies and break-up common

sequences’A plaintext character is not always replaced with

the same one cipher-text character.Replacement = f (P, its position in the message)

Data SecurityPoly-alphabetic Cipher:Poly-alphabetic Cipher:For (int i = 0; i < length of P; i++)

C[i] = P[i] + K + (i mod 3)Assume, K =1.1 is added for positions 0, 3, 6, … 2 is added for positions 1, 4, 7, … 3 is added for positions 2, 5, 8, … THEMTHENTHEY -> UJHNVKFPWIG\=> Repetition has reduced, but still present

Data SecurityPoly-alphabetic Cipher:Poly-alphabetic Cipher:‘THE’ appears as UJH, VKF, WIGIf there were more ‘THE’, the pattern would repeat.Also, there are other patterns:First letters of each ‘THE’ cipher-text are

consecutive – UVW, (also the 2nd one as JKI, and the 3rd one as HFG)

=> Clues for decryption

Data SecurityTransposition Cipher:Transposition Cipher:‘Rearranges the P letters of a message (not Replacing them)’One way – store characters in a 2-dimensional array with m-columns=> First m-characters in 1st row, next m-

characters in 2nd row, …..Determine a permutation of numbers 1 to m:p1, p2, ……, pm

Data SecurityTransposition Cipher:Transposition Cipher:Transmit p1 column first, then p2, ……, then pm.P = ‘FOLLOW THE YELLOW BRICK ROAD’

F O L L OW T H E

Y E L LO W B RI C K RO A D

Data SecurityTransposition Cipher:Transposition Cipher:Transmit columns 2, 4, 3, 1, 5 (permutation)O YWCALHLB LTE KDFW OIOOELRRIf, receiver knows the permutation and the

number of columns -> reconstruct the message

Drawbacks: letter frequencies are preserved, also by grouping the characters in different columns for sequences like ‘THE, IS’ are helpful for guessed-decryption.

Data SecurityBit-Level ciphering:Bit-Level ciphering:‘Previous methods are applicable to character

sequences’‘Files may contain raw bits (execution files), This

method handles them’- Encryption key is a randomly chosen bit-string- Message bit string is divided into substrings- Length is the same as that of the key

Data Security

Encrypted string = message string XOR key- Decryption: Encrypted string XOR key- E (algorithm) is same as D (algorithm)- pi is a plaintext bit, if encryption key contains

‘0’ in that position: pi XOR 0 XOR 0 = pi

if encryption key contains ‘1’ in that position: pi XOR 1 XOR 1 = pi XOR (1 XOR 1) = pi XOR 0 = pi

Data Security

‘Security depends partly on the length of the key’

- Short key => many substrings => more chance of repetition of the encrypted substring, susceptible

- In extreme case, the key length = message length => each bit is encrypted uniquely

- If the key-bits are random => unbreakable code (but long key needs to be transferred)

Data Security

Data Encryption Standards (DES):Data Encryption Standards (DES):‘Approach is to keep the key short compared to the

message and to use complex procedure to encrypt the message’

- Based on ‘block-cipher’- Divides the message into 64-bit blocks, uses a key

to employ a complex transformation.- It uses transposition (rearrangement) and

substitution (replacing one bit-group with another

Data SecuritySteps:- Transposition on the block data and the key- 16 successive encryptions with different keys

derived from the original, output of one fed to the next input

- Swap (32 bits)- Reverse transposition (of the 1st step)

Data SecurityEncryption operations:data = C64 = L32 R32, K56 = key(R32: transpose, duplicate bits) results in R48(K56: shift on each half, transpose) results in K56R48 XOR K48 (first) = X48Divide into 8 (6-bit) groups Substitute each by 4-bit valueCombine into a 32-bit string, transpose = X32

Data Security

L32 XOR X32 = X32Form final 64 bits = R32 X32‘Idea was to develop a method with many

convoluted steps’- If the same 64-bit block occurs more than

once, it generates the same cipher-text.‘Cipher Block Chaining (CBC)’ disrupts that

pattern.

Data SecurityCBC:Initialization vector (IV):Block 1 XOR IV -> DES -> Block 1CBlock 1C XOR Block 2 -> DES -> Block 2C Block 2C XOR Block 3 -> DES -> Block 3C …Cipher-text = f (plaintext, its position)=> Same plain text in different positions means

different cipher text also

Data Security

• DES Effectiveness: Brute force method of attack – trying all possible keys -> 256 possible keys, it was possible to break the code in hours using gigahertz processors.

• Using 128-bit key => 9.5 * 1015 years to try all possible keys @ 1015 keys per second

Data Security

Public Key Encryption (PKE):Public Key Encryption (PKE):‘Knowing the encryption key and the algorithm

renders decryption easy’‘PKE makes decryption algorithm and key

determination difficult even when encryption algorithm and key are known’

- Many sources can send message using same Ek. Only the receiver knows the Dk’.

Data SecurityRSA algorithm:- Uses modulo-arithmetic and factorization of

very large numbers- Cipher-text is easy to calculate but difficult to

break1.Assign simple code to letters (1 to 26 for ‘a’ to

‘z’)2.Choose ‘n’ (200 or more digits) as a product of

two large prime numbers p, q.

Data Security

For simplicity, n = p * q = 11 * 7 = 773. Find a number K that is relatively prime (no

common factors except 1) to (p-1) * (q-1). Choose k = 7 as the encryption key (there is always a k)

4. Divide the message into components (with many letters in one, avoids repetition), For simplicity: “hello” divided as h, e, l, l, o

Data Security

5. For each component, concatenate all the binary code of each letter and interpret it as an integer. Here, integers are: 8, 5, 12, 12, 15.

6. Encrypt the message by raising each number to the power of k (modulo n)

Encrypted message = 57 47 12 12 71 Decryption:1. Find a value k’ such that (k * k’) – 1 is evenly

divisible by (p-1) * (q-1). K’ is the decryption key .

Data Security

Here, (p-1) * (q-1) = 60, k’ = 43 works well. (there is always a k’)

2. Raise each encrypted number to the power of k’ (modulo n)

Results are the original numbers 8, 5, 12, 12, 15.Potential problem: How to find 71 43 modulo 77?Break the power in 2, 4, 8, …Find the modulo for lowest to the highest.

Data Security

• How secure is RSA?‘n’ and ‘k’ are needed for encryption, If they are intercepted, K’ could be deduced.However, it needs ‘p’ and ‘q’ – the factors of ‘n’.• If ‘n’ is large (200 or more digits) => difficult,

time-consuming

Data Security

Transport layer security (TLS) and Server Authentication:

‘To ensure access to the proper encryption methods and keys to protect privacy’

‘Also to ascertain the legitimacy of the site connected to’

‘Secure Sockets Layer (SSL) and Transport Layer Security Protocols, X.509 certificates’

Data Security‘TLS and SSL lies between application layer and

transport layer’Sender side: encrypts the message from application

layer and passes it to the transport layer Receiver side: receives the message from transport

layer and passes the decrypted message to the application layer

‘TLS has the ability to revert to SSL 3.0, there are some low level differences’

Data Security

X.509 certificate:‘Electronic ID to prove that a site is what it

claims to be’‘Certificate Authority (CA) issues certificates’‘Consumer maintains a list of trustworthy CAs in

his computer’‘Trusted CA list is developed over the time’‘Certificate contains a period of validity and two

fingerprints’

Data Security‘Authentication is the process of validating the

identity of the message-source’‘Fingerprints are values calculated using some

algorithms for authentication’Browser:

- downloads the server certificate- checks the period of validity- checks the fingerprints- checks the CA

‘All must be affirmative in order to proceed’

Data Security‘An initial set of exchange takes place between

the server and the client – handshake’‘Handshake defines the cryptographic routines,

key exchanges, and authentication process’1. Client to server: highest TLS (SSL) version

available, a list of encryption algorithms, a list of key exchange algorithms, and a list of supported compression methods.

Data Security2. Server chooses each one of the above items from

the suggested list of the client. It also sends its certificate.

3. Client needs to authenticate the certificate. Issuing CA attaches a digital signature / Fingerprints to it. Two methods are used to provide extra security. Also, it verifies the domain name in the certificate with that of server.

4. Client sends key to server.5. If required, server may authenticate the client.6. Both client and server exchanges session-keys.

Data Security

7. Both sides confirm this arrangements and start secure-communication.

# If user A wants to send an encrypted message to user B, the plaintext is encrypted with the public key of _.

a) User A b) User B c) The network d) (a) or (b)

Data SecurityFirewallsFirewalls‘Machines are at risk when they are not actively

doing anything’‘Risk comes from malicious attacks disrupting

activities, causing harm’‘Challenge is to prevent attacks from being

successful’‘All internet traffic has to pass through special

machine(s) – Firewall’

Data Security‘It examines passing traffic to look for possible

threats’‘The challenge is to identify the threats’IP – layer 3, TCP – layer 4IP packet contains data, source and destination

addresses, layer 4 protocol (TCP / UDP) using it.

Server is identified by IP address and the specific service by port number

Data SecurityTelnet – Port 23, FTP - Port 21, SMTP - Port 25 Some approaches:Packet Filtering:‘Examine the header of each packet and decide’Decision may base on:

- Address field- port number- transport protocol represented

Data SecurityExample decisions:- Allow any incoming packet with TCP port

designation of 23 (allowing remote login to any machine)

- Allow any incoming packet with TCP port designation of 23 with destination address found in a maintained list. Implication?

- Allow any outgoing packet with destination address found in a maintained list. Implication?

Data SecurityThe above specifies criteria to allow packets.=> Blocks unless otherwise specified (default)Alternative: Allows unless otherwise specified

(default)- Block any incoming packet with TCP port

designation of 23. Implication?- Block any incoming packet with source

address found in a maintained list. Implication?

Data Security- Block any incoming packet with destination

address found in a maintained list. Implication?

- Block any outgoing packet with source and destination addresses found in a maintained list. Implication?

Better ‘default’ approach? Block packet – nothing will pass unless explicitly stated,

Ensures more security.

Data SecurityApplication Level Gateway:Packet filtering works at layer 3, making decision on

packet contents, inflexible on an action within an application.

Gateway provides that flexibility, works at a higher layer.

‘Allow for file transfer – download files but not upload’

‘More logic into a firewall that understands the applications and their abilities – called proxy server’

Data Security

‘Special programs for each type of application it needs to watch.’

‘It examines application layer requests and allows (denies) based on the information provided to the firewall’

‘A gateway program for each application’- Main advantage: flexibility- Significant overhead

Data SecurityStateful Inspection:‘Works at the network layer and avoids

overhead’‘It examines the contents of a packet in the

context of what has happened previously’Example: a ‘ping’ command response indicates

that a device is reachable and the time needed for a round-trip’

=> Command sends an echo request and site responds with echo response

Data Security

Stateful inspection ensures that a response packet is not allowed unless there was a previous request.

Also the source and the destination should reverse in these two events. (security against denial-of-service attack)

Data SecurityVirusesViruses‘A collection of instructions attached to an

executable file that does something not intended originally’

Virus attachment to a file -> infected fileWorms usually appear as a separate program,

intruding a system, threatening security.‘Infected file contains a branch instruction to

unintended tasks, and branches to some point of the original code’ - diagram

Data Security‘User may not be aware of the virus unless it

causes a major distraction’‘Worst viruses avoid massive, immediate

destruction, rather making small, unnoticeable changes over time’

‘As such, even back-ups may be infected’‘Virus may probe file system looking for

executable files on disk, if found, it duplicates itself and stores a copy in the file’

Data Security

Memory Resident viruses:‘Resides in memory, attacks a file when it enters

the memory’It needs to be referenced to be executed. It may use the interrupt mechanism to do so.‘Modifies the Interrupt table with vectors

pointing to the virus instead’

Data Security

Early Antivirus programs worked by looking for signature – a sequence of bytes contained in the virus- at the beginning and end of file.

Signatures were encrypted and the decryption algorithm was added to virus.

Antivirus programs looked for byte patterns of decryption algorithm, examined decrypted result and look for signatures – proved quite successful

Data SecurityVirus Sources:Virus Sources:‘Individuals trying to invade a system’‘It spreads by sharing resources – through

removable disks, networks’‘Prevention is the best approach’Internet worm:Internet worm:‘Replicates quickly throughout internet, clogging

communications, forcing system shut down’

Data Security

One approach taken by the worm:‘Used an utility program that allows one user to

obtain information of other user’‘A flaw that did not check for buffer-overflow

was exploited’‘The worm was able to overflow the buffer and

overwrote part of the system stack’‘The original return address was lost, pointing to

some instructions in the buffer’

Data Security

‘This enabled it to copy itself and infect new machines’

Data Security# # Mono- alphabetic cipher has no real value

where serious security is needed. T/F# # Public key encryption allows different people

to use the same encryption key even when they are not supposed to know what another person is sending. T/F

## Any block cipher that encrypts a block at a time is essentially a substitution cipher, replacing one block with another. T/F

Data Security## An encryption method that uses longer key is

more secure than one that uses a shorter key. T/F

# # The most serious viruses destroy a lot of data very quickly. T/F

## Firewalls are commonly used to protect a network against incoming viruses. T/F

Data Security

## A _ can forward or block packets based on the information in the network and transport layer headers.

a) Proxy Firewall b) Packet filter firewallc) Message Digest d) Private key

# # A _ can forward or block packets based on the information in the message itself.

a) Proxy Firewall b) Packet filter firewallc) Message Digest d) Private key