Date post: | 18-Feb-2017 |
Category: |
Technology |
Upload: | invisibits |
View: | 174 times |
Download: | 0 times |
12/8/2015
AppCrypto Team
What does it mean a system to be secure?
It boils down to the trust you place on the system!
Guru
Trust on the system
How secure is the system
You decide to safeguard your valuable assets like hardly used gold jewelries in a bank instead of keeping them in your house.
Guru
You are placing more trust on the bank’s ability to safeguard your valuable asset
than your own house.
You learn this fact by experience – you
friends valuable assets kept at home
got robbed.
None of your friends have had any bad
experience with the bank safeguarding
their assets.
Secure systems are built to satisfy the following security goals.
Guru
Integrity Availability
Confidentiality
Authentication
Non-repudiation
We will not discuss availability in this presentation as cryptography is not generally used to assure availability (i.e. the service is available whenever you need it) Guru
Denial of Service (DoS) attacks disrupts the available it of a service.
Can I trust the system not to show my sensitive data to any unauthorized parties?
Guru
Can I trust the system not to modify my data by any unauthorized parties?
Can I trust the system not to allow to impersonate me to the system?
Can I trust the system to hold each individual accountable of their actions?
Confidentiality
Integrity
Authentication
Non-repudiation
Confidentiality
Integrity
Authentication
Non-repudiation
Cryptography
Can’t read!
Can’t modify!
Can’t impersonate!
Can’t deny doing!
Trust sounds intuitive, but how do I objectively measure trust?
What does it mean a system to be secure?
Guru
The measure of trust (how secure your system) depends on who you are trying to protect against. We call it the attack model.
An Attack model captures the capabilities, collisions and intentions of adversaries.
An adversary is a bad user who want to break
the security of your system.
Guru
In order to demonstrate trust in the system under the given attack model
We need to prove the security of the cryptographic protocols under that attack model.
A cryptographic protocol secure under one attack model (e.g. attacker can see one message) may not be secure under more stronger attack model (e.g. attacker can see many messages).
Guru
Usually, most of us will be using time tested and proven cryptographic primitives such as ciphers, message authentication codes, digital signatures.
We will be constructing new protocols using these primitives. However, we need to make sure that our protocols are secure under the chosen attack model.
A cryptographic protocol built using secure cryptographic primitives may not necessarily be secure if not built right.
Adversary
Capabilities
Intentions
In cryptography, we assume that attackers
have limited computational power. In other words, they are computationally
bounded.
There could be passive attackers or active attackers. Passive attackers simply listens to your
messages whereas much more powerful
active attacks modify your messages.
Collisions
Multiple adversaries may collude together to break a cryptographic
protocol.
Let’s look at the security goals that are directly tied to cryptography mentioned earlier.
Guru
Confidentiality
Can’t read!
Ciphertext (C) Encrypt Plaintext (M)
Plaintext(M) Decrypt Ciphertext(C)
Use cipher.
The message to be encrypted is called
“plaintext”
The encrypted message is called
“ciphertext”
Ciphers
Symmetric ciphers
Asymmetric ciphers
Also called “Symmetric Key Cryptosystems”
Also called “Public Key Cryptosystems”
Alice Bob
Alice and Bob share the same key.
Alice Bob
Alice and Bob do not share the same key. Public key & Private
key pair
Roughly speaking, a cipher is secure if it is hard to obtain plaintext from the ciphertext without knowing the key used. Guru
In a cipher, only the key is secret; everything else (encryption algorithm, decryption algorithm) is public.
Alice Bob
Messages exchanged in a TLS protocol are encrypted using a symmetric cipher.
Integrity
Can’t modify!
Cryptographic Hashing Algorithm
Document
Key
Secure Hash
Alice Bob
Messages exchanged in a TLS protocol are hashed using a keyed hash algorithm.
Send the hash along with the document to the receiver.
Receiver can compute the hash and compare to verify.
Message Hash
Use hashing.
Authentication
Can’t impersonate!
Use hashing, Public Key Ciphers (certificates).
Three ways to authenticate
Use what you have (e.g. key, badge, certificates)
Use what you know (e.g. passwords, PINs)
Use what you are (e.g. fingerprints, iris)
Password authentication (Server: am I talking to Alice?)
Alice Server (www.example.com)
Hash pwd Salt Password
Certificate based authentication (Alice: Am I taking to example.com?)
Alice Server (www.example.com)
Example.com certificate
Example.com certificate
Check if the certificate is signed by a trusted root
authority.
Check if the new hash matches the
stored one.
Transfer $1M to Bob
Non-repudiation
Can’t deny doing!
Use Public Key Ciphers (digital signatures).
Alice
Public key Private key
Transfer $1M to Bob
Digitally signed using Alice’s private key
Alice cannot later deny that she did not order bank to transfer as it has her digital signature on it
(only she can produce that signature)
Verify signature using Alice’s public key
The security of a system boils down to the trust.
Cryptography is a tool that we can use to build trust in security services (confidentiality, integrity, authentication and non-repudiation) and in turn in systems build using these security services.
If the foundation of your house (cryptographic tools used) is not
strong, your house (software system) will collapse!
Guru