The new computer based land

Hashing: One-way function, m/p -> h(m)

a. its NOT encryption. (no idea of de-hashing);
b. its normally fixed-size output;
c. not 1-to-1, many-to-1;

Information and system security...

...can apply to governments, infrastructure, org

personal security... What is a framework for thin

size (in bits) of keys determines how long to brute-force

14 bits, too small; (keysize) 2^14 keys, (keyspace)Frameworks:
56 bits, marginal;
2^56 keys
128 bits, minimum;
2^128 keys

Ross Andersons PIMA

private key (easy)> public key

public key (hard)> private key
p*q easy (O(k))
factorise pq hard (O(2^k))
Fundamental Principle of Arithmetic
Framework
Ross Andersons PIMA
policy: what is allowed/disallowed. What you are supposed to do.
incentives: motives of the people guarding and maintaining the system, and the attackers
Information
warfare...
mechanism: ways of enforcing a policy. Ciphers,
controls...
assurance: how much reliance you place on
each
mechanism.
You
can
view the landscape as that of

Legal
requirements

Risk
management

"Informa
wide range of activities (and hence jobs): Inform
Defining the boundaries of Security:
Security involves elements such as computers, people,
locks, communication
and so Specialist,
on.
Security
Architect, IT links
Security
IT Se
The goals of security might involve authentication,Security
integrity, accountability
and
so
on.
Manager, Security Research (Technica
A security system may involve an arbitrary combination of these elements and goals.

Defining a system:
Product or component: such as a smartcard, a PC, or a communication protocol.
Collection: some products/components, and an OS, network, making up an organizations
infrastructure.
Application: the above and some set of applications.
Composite: the above and IT staff, and perhaps users, management, clients, customers...
Note: indeterminacy leads to confusion and errors
Card Skimmers:
Devices installed on ATMs to collect card details from the magnetic strips. PINs were obtained by
pinhole cameras, or an overlay over the keyboard.
Vulnerability/Threats: Vulnerability == Weakness > Threat == Harmful situation
Services/Goals:
Ensuring adequate service in a computer system. CIA
Attacks/Controls:
Attach = threat + vulnerability; A control is a way of reducing the effect of a
vulnerability. MOM
CIA(AA)
Confidentiality concealing information, resources may only be accessed by authorised parties
Integrity
trustworthiness of data, resources may only be modified by authorised parties
in authorised ways
Availability
preventing DOS/denial-of-service, resources are accessed in a timely manner
(Authenticity) logins, password checks
(Accountability) non-repudiation of a prior commitment

MOM
Method
Opportunity
Motive

tools, knowledge;
time, access;
what advantage is to be gained;

Types of Threats and Corresponding (Attacks)

disclosure
unauthorised access
(snooping/interception)
deception Administrivia
accept
false
data
(man-in-the-middle/modification)
Administrivia
Airports, banks, the military, hospitals, homes
Airports, banks, the military, hospitals, homes
the stage...
Setting the stage...
Term definitions
Term definitions
disruptionSettingCase

prevent
correct operation (denial-of-service/interruption)
studies
Case studies
usurpation

unauthorised
control
(spoofing/fabrication)
Types of attacks
Types of attacks
Snooping/Interception
Snooping/Interception
Alice

man-in-the-middle/modification
Man-in-the-middle/Modification
Bob

Administrivia
Setting the stage...
Case studies

Ted

Alice

Bob

Administrivia
Setting the stage...
Case studies

Airports, banks, the military, hospitals, homes

Term definitions

Ted

Types of attacks

Types of attacks

Airports, banks, the military, hospitals, homes

Term definitions

Spoofing/Fabrication

Denial of Service/Interruption

Denial-of-Service/interruption
Hugh Anderson
Introduction to Information and System Security First lecture

Alice

Spoofing/Fabrication
Hugh Anderson
Introduction to Information and System Security First lecture
Alice

Bob

Bob

Completely Automated Public Turing Test.

... to Tell Computers and Humans Apart (CAPTCHA)

Ted

Tedintelligence test posed by Alan Turing, where you put a c

A computer
in one room and a human in another, and invite a human to try to tel
apart.

And social engineering, human factors, persuasion

Hugh Anderson victim
Information
and System
Security
First lecture that
Pretexting: Using an invented scenario to engage a targeted
increase
the
chance
CAPTCHA
isIntroduction
kind to
oftothe
reverse
- the
computer
(server) attempts to
victim will divulge information.
difference using a known hard problem:
Phishing:
Attempting to acquire information such as usernames, passwords, and credit card
details by masquerading as a trustworthy entity
Hugh Anderson

Introduction to Information and System Security First lecture

Complicated Automated Public Turing Test(CAPTCHA):

To tell humans and machines apart when entering info
Attacks, social engineering
Prehistory of crypto - substitution ciphers
UNIX passwords
Historical encryption schemes...
Prehistory of crypto - transposition
Password is hashed and the resulting hash is compared to the hash stored in a password file
The Csar
cipher
Brute force cracking will get a password
if the hashed
password list is available. UNIX systems
enforce 10 secs timeouts after three consecutive login failures.
Csar (rotation) cipher over Roman letters: Key is "+3".
Crack softwares/Dictionary Cracking
Crack can use user-definable rules for word manipulationIor mutation
dictionary
C L A VtoDmaximise
I V S
effectiveness: substitute numbers for certain letters,
add
prefixes
or
suffixes,
or
switch
A B C D E F G H I K L M N O P Q R S T V X Y Zcase or
order of letters.
DEFGHIKLMNOPQRST VXYZABC
Crack merges dictionaries, turns the password files into aMsorted
list,
lists of
F O
D and
Z G generates
M Z X
possible passwords from the merged dictionary or from information gleaned about users from the
password file.
Can define the transformation mathematically:

Caesar cipher
1. 22 useful ciphers - useful keyspace of 22

c
p

=
=

E(k, p)
D(k, c)

=
=

(p + k) mod 23
(c k) mod 23

Cryptanalysis of rotation ciphers:

In the above example - we only have 22 possible useful ciphers! So an
attacker can try each in turn: a brute force search

2. rotates cipher over Roman letters; key is +3

3. simple mono-substitution cipher
Random substitution
1. monoalphabetic substitution
2. using a substitution rule
3. cryptanalysis of mono-alphabetic ciphers can be conducted by comparing frequencies of
english text; the ciphers do not change relative letter frequencies
1. polyalphabetic ciphers
Polyalphabetic ciphers
2. more alphabets to guess and hence a flatter frequency distribution
a key ciphers
to select
which
cipher is used Attacks,
for each
letter of message
3. use
Polyalphabetic
substitution
improve
security:
social engineering
Prehistory of crypto - substitution ciphers
There are 4.
more alphabets
to
guess
and
hence
a
flatter
frequency
distribution.
Historical encryption
schemes...
Prehistory
of crypto
- transposition
if we can discover the length of the repeated
key (in
this case
3), and
the
text is long enough,
We use a key to select which cipher is used for each letter of message.
we can just consider the
cipher
text
to
be
a
group
of
interleaved
monoalphabetic
substitution
Vigenre
Vigenre (1520)
uses a tableau,
and a key:
ciphers
and solve
accordingly.
A

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Keyword is BAD, so encoding HAD A FEED results in:

Key

Text

Cipher

tableau
shown
If we can discoverVigenre
the length of
the repeated
key (in this case 3), and the text
5. Kasiski Method: Repetitions
in
ciphertext
give
clues
to
period
so find
same
plaintext
an exact Attacks, social enginee
is long enough, we can just consider the cipher
text to
be a group
of
Historical encryption schem
interleaved
monoalphabetic
substitution
ciphers
and
solve
accordingly.
period apart which results in the same ciphertext
Playfair cipher
One time pad/Vernam
Other ciphers
Playfair
cipher
improvement
over
monoalphabetic
cipher
Cryptanalysis
of
Vigenre
cipher:
Improvement over mono-alphabetic: the Playfair cipher.
Multiple ciphertext letters for each plaintext letter,
so letter
frequencies cipher
Oneand
time
pad/Vernams
Invented by Charles Wheatstone in 1854, named after Baron Playfair.
are obscured (but not totally lost)
5X5 matrix of letters based on a keyword.
the key is a sequence of random
Start with letter frequencies, see if monoalphabetic or not. If not, then need to
Fill rest of matrix with other letters eg. using the keyword MONARCHY:
key letters, each letter
used once
determine number of alphabets.
An "unconditionally

M
C
E
L
U

O
H
F
P
V

N
Y
G
Q
W

A
B
I/J
S
X

R
D
K
T
Z

Hugh Anderson

only, and available at only the

Introduction
to Information
and System Security Second lecture
sender
and receiver

Cryptanalysis of Playfair cipher

secu

One time
The key

letter use

sender a

Encryption: two letters at a time:

d if a pair is a repeated letter, insert filler like X

if both letters fall in the same row, replace each with letter to right
(wrapping back to start from end)
if both letters fall in the same column, replace each with the letter
below it (wrapping to top from bottom)
otherwise each letter is replaced by the letter in the same row and
in the column of the other letter of the pair

Security improved over monoalphabetic:

Have 26 26 = 676 two-letter pairs (digrams), and would need

a 676 entry frequency table to analyse (verses 26 for a monoalphabetic).
and correspondingly more ciphertext.
Was widely used for many years eg. by US & British military in WW1 Hugh Ande
It can be broken, given a few hundred letters since it still has much of
plaintext structure

Transposition cipher
Transposition/permutation ciphers:
Hide message by rearranging letter order.Have the same frequency distribution as the original text
Detect a transposition cipher with the frequencies of the letters, and letter pairs.
If the frequency of single letters in ciphertext is correct, but the frequencies of letter pairs is wrong,
then the cipher may be a transposition.
This sort of analysis can also assist in unscrambling a transposition ciphertext, by arranging the
letters in their letter pairs.
Rail-fence cipher:
Write message letters out diagonally over a number of rows then read off cipher row by row eg.

Encryption goals:
Confidentiality and Integrity
Encryption terminology:
plaintext, ciphertext
cipher: algorithm for transforming plaintext to ciphertext
key: info used in cipher known only to send/receiver
encipher/encrypt <-> decipher/decrypt
cryptography, cryptanalysis/codebreaking, cryptology
Cryptographic systems are characterised by:
the type of encryption operations used, the number of keys used, the way plaintext is processed
Attackers goals
Total break: able to find the key, strongest, also able to achieve partial break and distinguishability
Partial break: can determine some specific information about the plaintext (e.g. the fist bit)
Distinguishability: able to distinguish between encryption of two given plaintext, or between an
encryption of a given plaintext and a random string
Attach models, based on information known to attackers:
Ciphertext only:
The adversary has a collection of ciphertext c.
Known plaintext:
The adversary has a collection of plaintext m and their corresponding
ciphertext c.
Chosen plaintext: The adversary has temporary access to a black box. He can choose a
plaintext m and obtain the corresponding ciphertext c from the black box. He
can access the black box for a reasonable large amount of time.
Chosen ciphertext: same as chosen plaintext attack, but here, the adversary chooses the
ciphertext
and the blackbox gives the plaintext.
Scams, phishing
Terms, definitions, goals
Encryption
Symmetric and Asymmetric
PKI
Chosen text:
select
plaintext or ciphertext to en/decrypt
Symmetric key systems
Key systems
Symmetric key systems
Alice uses a key to send to Bob, who uses the same key...

(Encrypted)

Alice
P
(Plaintext)

Scams, phishing
E(Ki ,P)
Encryption
PKI

Bob
Terms, definitions,
P goals
*
Symmetric
and Asymmetric
(Plaintext)

symmetric key
Ki systems

Ki

(Harrythehacker)

Kpub is public key for Bob,

Kpriv is his private key.

A model for public/private

keys
Asymmetric key systems
Alice
P
(Plaintext)

Hugh Anderson

CS2107 Introduction to Information and System Security (Slide set 3)

Bob

(Encrypted)

E(Kpub ,P)

Kpub
Alice uses K pubto encrypt

Kpriv
Harry
the
hacker

Only Bob can decrypt a message

sent to him
but anyone can encrypt it

(Plaintext)

Kpriv
Kpub

Bob creates a pair of K keys

Freely gives away K pub
Keeps Kpriv secret.

1. Generating encrypted passwords

with 1-way functions
2.Checking integrity by appending
digital signature
3.Checking the authenticity of a
message.
4. Encrypting timestamps with
messages to prevent replay attacks.
5 Exchanging a key.

Kpub is public key for Bob, Kpriv is his private key.

Only Bob can decrypt a message sent to him, but anyone can encrypt it.

DES - Data Encryption Standard

encryption made up of rounds of encryption
each with a subway
for one block, approximately half of the bits will change
The (shared) 56 bit key generates 16 subkeys, which each control a round of encryption. DES
works on 64 bit messages called blocks. If you intercept the key, you can decode the message,
however, there are about 1017 keys.
- takes approximately four stages before getting to half of the bits being changed (avalanchee
technique is used to test how good the encryption is with one bit different at first)

Modes of operation
ECB Electronic Codebook
CFB Cipher Feedback;
CBC Cipher Block Chaining
AES - Advanced Encryption Standard

Hashing: One-way function, m/p -> h(m)

a. its NOT encryption. (no idea of de-hashing);
b. its normally fixed-size output;
c. not 1-to-1, many-to-1;
size (in bits) of keys determines how long to brute-force
14 bits, too small; (keysize) 2^14 keys, (keyspace)
56 bits, marginal;
2^56 keys
128 bits, minimum;
2^128 keys
private key (easy)> public key
public key (hard)> private key
p*q easy (O(k))
factorise pq hard (O(2^k))
Fundamental Principle of Arithmetic

Checks the digital signature of the public key sent from the web server
Vspub key installed on the computer already, used to check the digital signature with the public key
Two parts: 1 part checking that you indeed have the real public key, 1 part signing the key
Block (data) key size
size
DES

64

3-DES

64

AES

Mechanicm
56 16 rounds
112 3 * 16 rounds

128 128/192/256 10/12/4 rounds

(depending on the key
sizes)

Round
Substitution/
permutation bits
same as above
same as above

part of a Feistel Network

in triple DES, have a one way function but still do encryption,
b = a exclusive or f(b, k)
a = b exclusive or f(b, k)
Access controls: for our gatekeepers to be good, construct models which are simplified versions of
what we are going to implement; we check these models, checking to the level of proof,
mathematically.
Layers in systems: programme -> operating system -> file system API -> drivers -> hardwares; put
gatekeepers between layers(Anderson); applications, middleware, operating systems, hardware
DAC: discretionary access control: owners decide the policy;
UNIX rwx
rwx
rwx
rex
rwx
r-x
r-x
self
group other
only need 9 actual bits; limited, older scheme (1970) cannot do finer subdivisions, can only divide
people into own/group/other
UNIX rwx scheme is limited. a more recent scheme uses ACL (access control lists)
MAC: Mandatory Access Control;
JVM - model is secure; implementation is error prone
data diode allows information to flow upwards not downwards
Redundancy: less information than data
entropy(relative 0-1, randomness): amount of information; high entropy, more bits of data needed
information <= data size;
relationship between entropy, redundancy, randomness and compressibility;
Timing side-channel attack; check runtime hahahaha
no secret in code: like keys, ways of doing things - programmes / configs
keys and configs should be uniquely stored on each client
Translation schemes:
hugh.comp.nus.edu.sg <(DNS, Domain Name Service)> 192.168.0.123:80 <(ARP /RARD)>
MAC address 00:00:34:12:fe:dc
ARP spoofing attack
Stored XSS Attacks
Stored attacks are those where the injected script is permanently stored on the target servers,
such as in a database, in a message forum, visitor log, comment field, etc. The victim then
retrieves the malicious script from the server when it requests the stored information. Stored XSS
is also sometimes referred to as Persistent or Type-I XSS.
Reflected XSS Attacks
Reflected attacks are those where the injected script is reflected off the web server, such as in an
error message, search result, or any other response that includes some or all of the input sent to
the server as part of the request. Reflected attacks are delivered to victims via another route, such
as in an e-mail message, or on some other web site. When a user is tricked into clicking on a
malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the
injected code travels to the vulnerable web site, which reflects the attack back to the users
browser. The browser then executes the code because it came from a "trusted" server. Reflected
XSS is also sometimes referred to as Non-Persistent or Type-II XSS.