Definitions

  • confidentiality refers to the fact that a message should not be readable to anybody but the intended reciever
  • authentiation refers to confirming the sender and receiver’s identities
  • message integrity ensures the message was not altered in transmission
  • availability refers to a service being accessible and available to a users

What are we stopping

  • eavesdropping
  • impersonation
  • hijacking
  • denial of service

Sniffing

In broadcast media such as ethernet and wireless, packets can be sniffed by a promiscuous network interface.

IP Spoofing

Packets can be transmited with a falsified source address

Denial of Service

In the context of networking, denial of service attacks make resources unavailable to legitimate traffic by overwhelming server resources, often bandwidth with bogus traffic. This is often done through the use of a botnet.

Defense

  • Authentication
  • Confidentiality
  • Integrity checks
  • Access restrictions
  • Firewalls

Symetric Cryptography

In cryptography, a message $m$ can be represented as being encrypted by the key $K_A$ as such: $K_A(m)$.

There are a few attacks which can break an encryption scheme

Ciphertext-only attack

  • With only the ciphertext, an attacker can brute-force the key
  • For weaker algorithms, the ciphertext can be heuristically and statistically analysed to derive the key (ie via entropy analysis)

Known-plantext attack

  • With weaker algorithms, knowing the plaintext can allow an attacker to derive the key by knowing how it maps to the ciphertext
  • Chosen-plaintext attack allows the attacker to generate ciphertext for a chosen plaintext, making it easier to derive the key

DES

Data Encryption Standard was created by NIST in 1993.

  • 53-bit symmetric key, 64-bit plaintext input
  • block cipher with cipher block chaining
  • DES can be trivially defeated in under a day on modern systems
  • There is no known good analytic attack
  • 3DES is a more secure version which uses 3 separete keys to encrypt three separate times

AES

Advanced Encryption Standard was created in 2001 to replace DES

  • Uses 128-bit blocks
  • 128, 192 or 256 bit keys
  • Considered impossible to brute force on current hardware (over 100 trillion times harder than DES)

Public Key Cryptography

Symmetric key cryptography is flawed as it requires the sender and receiver to know a shared secret key.
How can they agree on one if they never meet?

Public key cryptography achieves this, one notable algorithm is RSA

Digital Signatures

A message encrypted by a public key can only be decrypted by the corresponding private key and vice-versa.
This can be used to digitally “sign” messages by encrypting it with a private key, which allows it to be verified via the public key.

It is computationally expensive to encrypt long messages, so instead typically only a “message digest” is used for signing, essentially the message is hashed and the hash is encrypted signed.

Internet Checksum

Internet checksum, used notably in the header of IPv4 packets has some properties of a hash function, however, finding conflicts is trivial.
As such, it is important a strong algorithm is picked for message digest calculation, such as SHA256.

MD5 is still commonly used…

  • At 25C3, MD5 was demonstrated to be broken by a cluster of PlayStation 3s, which allowed researchers to convert a RapidSSL-issued certificate into a valid CA certificate.
  • In 2012, Flame malware utilised a Microsoft hash conflict to forge a Windows code-signing certificate

SHA1 is disapointingly, also still used despite it being broken in similar ways

Certificate Authorities

Even with public keys, a way to validate that a public key actually represents someone is needed. Hence, certificate authorities.
A certificate authority binds a public key to a particular entity, this proves that anything that is signed with the corresponding private key came from that entity!

Encryption in practice

In practice, such as with email, asymmetric encryption is used to encrypt a symmetric key, and that symmetric key is used to encrypt the message as the symmetric key is easier to encrypt asymmetrically than the entire message.

TLS

It’s the most widely deployed security protocol above the transport layer.
It provides confidentialiy, integrity AND authentication. It can be used by any application.