2. Flashback
IS deals with CIA
Intro to Cryptography – Terminologies
Symmetric / Asymmetric Cryptography
Malicious Programs
We often say a term brute force attack. So what it
actually is?
2
3. Enigma
3
The Enigma machine was invented by the
German engineer Arthur Scherbius at the end of
World War I
Enigma has an electromechanical rotor
mechanism that scrambles the 26 letters of the
alphabet.
4. Enigma
4
In typical use, one person enters text on the Enigma's keyboard and
another person writes down which of 26 lights above the keyboard lights
up at each key press. If plain text is entered, the lit-up letters are the
encoded ciphertext. Entering ciphertext transforms it back into readable
plaintext.
The rotor mechanism changes the electrical connections between the
keys and the lights with each keypress.
The security of the system depends on a set of machine settings that
were generally changed daily during the war, based on secret key lists
distributed in advance, and on other settings that were changed for each
message.
5. Enigma
5
The receiving station has to know and use the exact settings
employed by the transmitting station to successfully decrypt
a message.
While Germany introduced a series of improvements to
Enigma over the years, and these hampered decryption
efforts to varying degrees, they did not ultimately prevent
Britain and its allies from exploiting Enigma-encoded
messages as a major source of intelligence during the war.
7. Signatures: A Malware Countermeasure
Scan compare the analyzed object with a database of
signatures
A signature is a virus fingerprint
– E.g.,a string with a sequence of instructions specific
for each virus
– Different from a digital signature
A file is infected if there is a signature inside its code
– Fast pattern matching techniques to search for
signatures
All the signatures together create the malware database
that usually is proprietary
7
8. White/Black Listing
Maintain database of cryptographic hashes for
– Operating system files
– Popular applications
– Known infected files
Compute hash of each file in hard drives
Look up into database to compare
Needs to protect the integrity of the database
Example: TripWire software
8
9. Heuristic Analysis
Useful to identify new and “zero day” malware
Code analysis
– Based on the instructions, the antivirus can determine
whether or not the program is malicious, i.e., program
contains instruction to delete system files,
Execution emulation
– Run code in isolated emulation environment
• Such as in Virtual Machine
– Monitor actions that target file takes
– If the actions are harmful, mark as virus
Heuristic methods can trigger false alarms
9
10. Shield vs. On-demand
Shield
– Background process
(service/daemon)
– Scans each time a file
is touched (open, copy,
execute, etc.)
On-demand
• Scan on explicit user
request or according to
regular schedule
• On a suspicious file,
directory, drive, etc.
10
11. Online vs Offline Anti Virus Software
Online
Free browser plug-in
Authentication through third
party certificate (i.e. VeriSign)
No shielding
Software and signatures
update at each scan
Poorly configurable
Scan needs internet
connection
Report collected by the
company that offers the
service
Offline
Paid annual subscription
Installed on the OS
Software distributed securely by
the vendor online or a retailer
System shielding
Scheduled software and signatures
updates
Easily configurable
Scan without internet connection
Report collected locally and may
be sent to vendor
11
12. Quarantine
A suspicious file can be isolated in a folder called
quarantine:
– E.g,. if the result of the heuristic analysis is positive and you are
waiting for db signatures update
The suspicious file is not deleted but made harmless: the
user can decide when to remove it or eventually restore for
a false positive
– Interacting with a file in quarantine it is possible only through the
antivirus program
The file in quarantine is harmless because it is encrypted
Usually the quarantine technique is proprietary and the
details are kept secret
12
13. Static vs. Dynamic Analysis
Static Analysis
Checks the code without
trying to execute it
Quick scan in white list
Filtering: scan with different
antivirus and check if they
return same result with
different name
Weeding: remove the correct
part of files as junk to better
identify the virus
Code analysis: check binary
code to understand if it is an
executable, e.g., PE
Disassembling: check if the
byte code shows something
unusual
Dynamic Analysis
Check the execution of
codes inside a virtual
sandbox
Monitor
– File changes
– Registry changes
– Processes and threads
– Networks ports
13
16. Symmetric Key Cryptography - Examples
16
Data Encryption Standard (DES)
The Data Encryption Standard was published in 1977 by the US National
Bureau of Standards.
It uses 56 bit key and maps a 64 bit input block of plaintext onto a 64 bit
block of ciphertext. 56 bits is a rather small key for today's computing power.
17. Problems with Conventional Cryptography
17
Key Management
Symmetric-key systems are simpler and faster; their main drawback is
that the two parties must somehow exchange the key in a secure way
and keep it secure after that.
Key Management caused nightmare for the parties using the symmetric key
cryptography. They were worried about how to get the keys safely and securely
across to all users. This gave the chance for third parties to intercept the keys
in transit to decode the top-secret messages. Thus, if the key was
compromised, the entire coding system was compromised and a “Secret”
would no longer remain a “Secret”.
This is why the “Public Key Cryptography” came into existence.
18. Asymmetric Key Cryptography
18
Asymmetric cryptography , also known as Public-key cryptography, refers
to a cryptographic algorithm which requires two separate keys, one of
which is private and one of which is public. The public key is used to
encrypt the message and the private one is used to decrypt the message.
19. Asymmetric Key Cryptography
19
Public Key Cryptography is a very advanced form of cryptography.
Officially, it was invented by Whitfield Diffie and Martin Hellman in 1975.
The basic technique of public key cryptography was first discovered in 1973
by the British Clifford Cocks of Communications-Electronics Security Group
(CESG) of (Government Communications Headquarters - GCHQ) but this
was a secret until 1997.
21. Hash Functions
21
A cryptographic hash function is a function that takes an arbitrary block of
data and returns a fixed-size bit string, the cryptographic hash value, such
that any (accidental or intentional) change to the data will (with very high
probability) change the hash value.
The data to be encoded are often called
the message, and the hash value is
sometimes called the message digest or
simply digest.
22. Hash Functions
22
An ideal cryptographic hash function has four main properties:
it is deterministic, same message always results in the same hash
it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash.
23. Hash Functions
23
Collusion Discovery
In March 2005 Xiaoyun Wang and Hongbo Yu of Shandong University in
China created a pair of files that share the same MD5 checksum hence
prove that there is a collusion when using MD5
$ md5sum file1.dat
MD5 Sum = a4c0d35c95a63a805915367dcfe6b751
$ md5sum file2.dat
MD5 Sum = a4c0d35c95a63a805915367dcfe6b751
Visit the following websites for more information
http://www.mscs.dal.ca/~selinger/md5collision/
http://www.x-ways.net/md5collision.html
24. Block vs Stream Ciphers
Block ciphers process messages in blocks, each
of which is then en/decrypted
Like a substitution on very big characters
– 64-bits or more
Stream ciphers process messages a bit or byte
at a time when en/decrypting
Many current ciphers are block ciphers
– better analyzed
– broader range of applications
26. Block Cipher Principles
Most symmetric block ciphers are based on a Feistel
Cipher Structure
Must be able to decrypt ciphertext to recover messages
efficiently
Block ciphers look like an extremely large substitution
264 entries for a 64-bit block
instead create from smaller building blocks
using idea of a product cipher
27. Claude Shannon and Substitution – Permutation Ciphers
Claude Shannon introduced idea of substitution-permutation (S-P)
networks in 1949 paper
form basis of modern block ciphers
S-P networks are based on the two primitive cryptographic
operations:
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message & key
28. Confusion and Diffusion
cipher needs to completely obscure statistical properties
of original message
a one-time pad does this
more practically Shannon suggested combining S & P
elements to obtain:
diffusion – dissipates statistical structure of plaintext over
bulk of ciphertext
confusion – makes relationship between ciphertext and
key as complex as possible
29. Feistel Cipher Structure
Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
partitions input block into two halves
– process through multiple rounds which
perform a substitution on left data half
based on round function of right half & subkey
then have permutation swapping halves
implements Shannon’s S-P net concept
32. Feistel Cipher Design Elements
block size
key size
number of rounds
subkey generation algorithm
round function
fast software en/decryption
ease of analysis
34. Data Encryption Standard (DES)
most widely used block cipher in world till it
became obsolete
adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
encrypts 64-bit data using 56-bit key
has widespread use
has been considerable controversy over its
security
35. DES History
IBM developed Lucifer cipher
– by team led by Feistel in late 60’s
– used 64-bit data blocks with 128-bit key
then redeveloped as a commercial cipher with input from
NSA and others
in 1973 NBS issued request for proposals for a national
cipher standard
IBM submitted their revised Lucifer which was eventually
accepted as the DES
36. DES Design Controversy
although DES standard is public
was considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)
– and because design criteria were classified
subsequent events and public analysis show in fact
design was appropriate
use of DES had flourished
– especially in financial applications
– still standardised for legacy application use
37. DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 F(Ri–1, Ki)
F takes 32-bit R half and 48-bit subkey:
– expands R to 48-bits using permutation
– adds to subkey using XOR
– passes through 8 S-boxes to get 32-bit result
– finally permutes using 32-bit permutation
42. Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
feature known as autoclaving (autokeying)
43. DES Key Schedule
forms subkeys used in each round
initial permutation of the key (PC1) which selects 56-
bits in two 28-bit halves
16 stages consisting of:
• rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
• selecting 24-bits from each half & permuting them by to
use in round function F
44. DES Decryption
decrypt must unwind steps of data computation
with Feistel design, do encryption steps again
using subkeys in reverse order (SK16 … SK1)
– IP undoes final FP step of encryption
– 1st round with SK16 undoes 16th encrypt round
– ….
– 16th round with SK1 undoes 1st encrypt round
– then final FP undoes initial encryption IP
– thus recovering original data value
46. Avalanche Effect
46
• key desirable property of any encryption algorithm
• want a change of one input or key bit to result in changing
approx half output bits
• making attempts to “home-in” by guessing keys impossible
• DES exhibits strong avalanche
47. Strength of DES
47
•56-bit keys have 256 = 7.2 x 1016 values
•brute force search looks hard
•past advances have shown it is possible
–in 1997 on Internet in a few months
–in 1998 on dedicated h/w (EFF) in a few days
–in 1999 above combined in 22hrs!
–Nowadays … can do it on a desktop!
•still, it must be possible to recognize plaintext
•forced consideration of alternatives to DES
48. Attacks on DES – Timing Attack
48
•attacks actual implementation of cipher
•use knowledge of consequences of implementation to
derive information about some/all subkey bits
•specifically use fact that calculations can take varying
times depending on the value of the inputs to it
•particularly problematic on smartcards
49. Attacks on DES – Analytic Attacks
49
• now have several analytic attacks on DES
• these utilise some deep structure of the cipher
–by gathering information about encryptions
–can eventually recover some/all of the sub-key bits
–if necessary then exhaustively search for the rest
• generally these are statistical attacks
–differential cryptanalysis
–linear cryptanalysis
–related key attacks
50. Attacks on DES – Analytic Attacks
50
Differential Cryptanalysis
• one of the most significant (public) advances in
cryptanalysis
• known by NSA in 70's … influenced DES
• Murphy, Biham & Shamir published in 90’s
• powerful method to analyse block ciphers
• used to analyse most current block ciphers with varying
degrees of success
• DES reasonably resistant to it.
51. Attacks on DES – Analytic Attacks
51
Linear Cryptanalysis
• another recent development
• also a statistical method
• must be iterated over rounds, with decreasing probabilities
• developed by Matsui et al in early 90's
• based on finding linear approximations
• can attack DES with 243 known plaintexts
• easier but still in practise infeasible
52. DES Design Criteria
52
•as reported by Coppersmith in 1994
•7 criteria for S-boxes provide for
–non-linearity
–resistance to differential cryptanalysis
–good confusion
•3 criteria for permutation P provide for
–increased diffusion
53. Block Cipher Design
53
Many principles from Feistel in 70s still hold
• number of rounds
–more is better, make exhaustive search the best attack
option
• function f:
–provides “confusion”, is nonlinear, avalanche
–issues of how S-boxes are selected
• key schedule
–complex subkey creation, key avalanche