Home Verkennen Help
Registreren Inloggen
Nimayer
/
polimd
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 3a01a30cf2
Aftakkingen Labels
polimd
/
Computer Security
/
lesson_02.md

lesson_02.md 6.6 KB
Geschiedenis Ruwe

Computer Security - lesson 2

Stefano Zanero

11 March 2016

Security as risk management

In the equation Risk=AssetxVulnerabilities X Threats

We can control only the vulnerabilities, and we need to reduce the risk by reducing vulnerabilites. There is a direct cost of doing security and it is composed of:

  • Management cost
  • Operational cost
  • Equipment

But the more relevant part are the indirect costs

  • Less usability es: a phone with pinlock is more slow than a locked one or airport security makes traveling slower.
  • Slower performance

Doing some types of security checks can reduce productivity We need to balance these costs with the risk reduction.

Security is not a problem that can be solved by throwing money at it, For example adding another layer of metal to the caveau will not make it more secure if the keypad is still broken.

Airport security example

Under the airport security identity checks are not a security measure, because we have not a list of terrorist names and anyway they won't use their real name; identity checks are only a commercial measure, to avoid ticket reselling.

The buddy systems: requiring two different people for doing a particular job is used in finance, nuclear weapons or flights cockpit. The positive bag match is making sure that the luggage is loaded on the plane only if the passenger is taking the plane - Backerby disaster

The airlines policies are thought to avoid anything but the suicide attacks

Before 9/11 policies were only considering non suicide hijackers After 9/11 the plane is considered as a weapon and the cabin is locked during flight And in case of hijacking the pilot has to land the plane somewhere regardless of what happens outside the cabin.

The liquid restriction policy was made after a failed liquid bomb attack, it failed because the metal detector avoided carrying a detonator. and it was not necessary but it was made because people wanted to know that a countermeasure was taken.

The liquid restraint is still there because it can't be taken away, otherwise someone could blame you even if the restraint would have been not effective.

Bad security measures are taken because they fit well in the agenda of people taking decisions. More things often result in more hassle and in more cost but they do not raise security. On the contrary the illusion of security is a security breach itself.

For example lithium batteries are a more serious issue for security but a cellphone ban would destroy the business.

Boundaries

A trusted element is not a trustworthy one but is the one that when compromised, breaks the system. For example in a computer the CPU is a trusted device because you trust it on making its work. So we set a boundary on things you can't control.

A little more paranoia is helpful, but in general you need to be secure against the enemy that you think you're facing, for example the NSA, your employer, your fiancee.

Cryptography

Starting from the greek society writing became more diffused and some systems were created like the strip of sheep skin rounded over a particular stick In the following centuries cryptography was more of a wit game (creating/breaking it) While during WWII cryptography (and its cracking by Turing) played a key role.

Alan Turing worked at Bletchley Park and created The Bomb, based on poland models it was not general purpose but it breaked the Enigma code.

Shannon was also an important subject for Crypto history. In 1949 wrote a paper named "Communication theory of secrecy" And we are still using the same terminology (plaintext, cyphertext)

Shannon used the Kerckhoffs principle (1883) in his paper and it is the following: A cryptographic system is secure only if the attacker can't break it even knowing the algorithm. This makes necessary a key to use with the algorithm to avoid the algorithm itself being sufficient to decrypt Also we must not be able to derive the key from a plaintext and cyphertext couple.

Shannon wondered if there exists a perfect cipher. A perfect cipher should not diffuse information. An example of information diffusion is the other players moves in a card game.

Shannon theorem

In a perfect cipher the number of keys must be greater or equal to the number of possible messages

If we have less keys than messages, i can say that the ciphertext generated by those keys are excluded this way we have an information leak.

So perfect cipher exists, the minimal one is called one time pad XOR is an operation used often in cryptography because it is reversible.

The key used in one time pad is burned when used, and you need to communicate securely a key as long as the message, so it is practically unusable.

Practically no real world cypher is perfect

Imperfections and brute force

The keys can be found by bruteforcing or trying all the possible keys until you find an output that makes sense. If the key is as long as the message, we can get all the possible cyphertexts that makes sense not only the right one.

Any real world algorithm is vulnerable to bruteforce

That is an uneliminable issue An algorithm is broken if there is a faster way than bruteforce to break it

Breaking cyphers

  • cyphertext attack analyst has only ciphertexts with the same given key. This attack is the most powerful because we need only cyphertext (less requirements)
  • known plaintext attack

  • chosen plaintext attack

    We don't have a way to know if an algorithm is robust, we can only try to break it and if we succeed we know it wasn't

In symmetric cryphtography we need to share securely the key, this is an Elephant in the room problem, (a problem that is enourmous but nobody speaks about).

It was an issue until in 1976 Diffie and Hellman introduced asymmetric encryption.

exercise: broke the zip example without bruteforcing

Symmetric encryption

Substitution also called Caesar cipher, every letter is shifted of the key amount.

  • issues: english have only 26 charachters so we have only 25 keys (bruteforce). It is also a monoalphabetic cypher, so repetitions and structured of the words are visible.
  • polyalphabetic way: More secure way of doing it Transposition (or diffusion) means swapping the values of given bits
  • For example by writing horizontally in a matrix the charachters of the plaintext and reading vertically the cyphertext
  • It can't be breaked by pen and paper but with a simple python program.

Modern diffusion and substitution algorithms: DES, IDEA, AES

Case study: DES

During auditing NSA suggested the adoption of different S-boxes than the originals S-Boxes: tables for doing substitutions.