1. TTI6H3 Keamanan Siber Lanjut
Program Studi Magister Teknik Elektro Telekomunikasi
Fakultas Teknik Elektro
Telkom Univesity
2021
2. ▪What is security?
▪Why do we need security?
▪Who is vulnerable?
▪Common security attacks and
countermeasures
▪ Denial of Service Attacks
▪ Packet Sniffing
▪ Social Problems
▪ Number theory
2
5. Computer Security
The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources (includes
hardware, software, firmware, information/
data, and telecommunications)
http://csrc.nist.gov/publications/fips/fips199/F
IPS-PUB-199-final.pdf
6. • Confidentiality
– Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy
and proprietary information.
• Integrity
– Guarding against information modifications or destruction,
including ensuring information non-repudiation and
authenticity.
• Availability
– Ensuring timely and reliable access to and use of information
7. • Security Attack
– Any action that compromises the security of information
• Security Mechanism
– A process / device that is designed to detect, prevent or
recover from a security attack.
• Security Service
– A service intended to counter security attacks, typically by
implementing one or more mechanisms.
8. … but threat and attack used nearly interchangeably
9. ▪ well-known in network security world
▪ Bob, Alice (friends) want to communicate “securely”
▪ Trudy (intruder) may intercept, delete, add messages
9
secure
sender
secure
receiver
channel data, control
messages
data data
Alice Bob
Trudy
13. ▪ Unauthorized access to information
▪ Packet sniffers and wiretappers
▪ Illicit copying of files and programs
13
A B
Eavesdropper
14.
15. ▪ Stop the flow of the message
▪ Delay and optionally modify the message
▪ Release the message again
15
A B
Perpetrator
16. ▪ Unauthorized assumption of other’s identity
▪ Generate and distribute objects under this identity
16
A B
Masquerader: from A
17.
18. ▪ Destroy hardware (cutting fiber) or software
▪ Modify software in a subtle way (alias commands)
▪ Corrupt packets in transit
▪ Blatant denial of service (DoS):
▪ Crashing the server
▪ Overwhelm the server (use up its resource)
A B
26. ▪ bash … (baru beberapa
hari lalu)
▪ Heartbleed
27. Security Intro 27
“Lack of internal security awareness is
still one of our biggest threats.
Technology can reduce risks to a point
but it is people who are the weakest
link.”
Deloitte Global Security Survey 2004 Respondent
28. Security Intro 28
From: <USbank-Notification-Urgecq@UsBank.com>
To: …
Subject: USBank.com Account Update URGEgb
Date: Thu, 13 May 2004 17:56:45 -0500
USBank.com
Dear US Bank Customer,
During our regular update and verification of the Internet Banking Accounts, we
could not verify your current information. Either your information has been
changed or incomplete, as a result your access to use our services has been
limited. Please update your information.
To update your account information and start using our services please click on
the link below:
http://www.usbank.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage
Note: Requests for information will be initiated by US Bank Business Development;
this process cannot be externally requested through Customer Support.
31. ▪ Sangat sulit mencapai 100% aman
▪ Ada timbal balik antara keamanan vs. kenyamanan
(security vs convenience)
▪ Semakin tidak aman, semakin nyaman
▪ Juga “security vs performance”
▪ Definisi computer security:
(Garfinkel & Spafford)
A computer is secure if you can depend on it and its
software to behave as you expect
Security Intro 31
32. ▪ Prime and Relative Prime Numbers
▪ Modular Arithmetic
▪ Fermat’s and Euler’s Theorem
▪ Testing for Primality
▪ Euclid’s Algorithm
▪ Chinese Remainder Theorem
▪ Discrete Logarithms
33. ▪ b|a (“b divides a”,“b is a divisor of a”) if a = kb for some k,
where a, b, and k are integers, and b 0
▪ If a|1, then a = 1
▪ If a|b and b|a, then a = b
▪ Any b 0 divides 0
▪ If b|g and b|h, then b|(mg + nh) for arbitrary integers m
and n
34. ▪ An integer p > 1 is a prime number if its only divisors are 1 and p
▪ Prime Factorization
▪ Any integer a>1 can be factored in a unique way as
a = p1
1 p2
2 … pt
t where p1 < p2 < … < pt are prime
numbers and where each i > 0
▪ If P is the set of all prime numbers, then any positive integer can be written
uniquely in the following form
▪ The value of any positive integer can be specified by listing all nonzero
exponents (ap)
▪ Multiplication of two numbers is equivalent to adding two corresponding
exponents:
▪ k = mn → kp = mp + np for all p
▪ a|b → ap bp for all p
0
each
where
= p
P
a
a
p
a p
36. ▪ Greatest common divisor
▪ c = gcd(a, b) if c|a and c|b and d that divides a and b: d|c
▪ Equivalently, gcd(a, b) = max{c: c|a and c|b}
▪ k = gcd(a, b) → kp = min(ap, bp) for all p
▪ a and b are relatively prime if gcd(a, b) = 1
37. ▪ For any integer a and positive integer n, if a is divided by n, the
following relationship holds:
▪ a = qn + r 0 r n; q = a/n (q: quotient, r: remainder or
residue)
▪ If a is an integer and n is a positive integer, a mod n is defined to be
the remainder when a is divided by n
▪ a = a/n n + (a mod n)
▪ Two integers a and b are said to be congruent modulo n if (a mod
n) = (b mod n), and this is written a b mod n
▪ Properties of modulo operator
▪ a b mod n if n|(a – b)
▪ (a mod n) = (b mod n) implies a b mod n
▪ a b mod n implies b a mod n
▪ a b mod n and b c mod n implies a c mod n
38. ▪ Modulo arithmetic operation over Zn = {0, 1, …, n-1}
▪ Properties
▪ [(a mod n) + (b mod n)] mod n = (a + b) mod n
▪ [(a mod n) − (b mod n)] mod n = (a − b) mod n
▪ [(a mod n) (b mod n)] mod n = (a b) mod n
39. ▪ Modulo arithmetic over Zn = {0, 1, …, n-1} (called a set of residues of
modulo n)
▪ Integers modulo n with addition and multiplication form a commutative
ring
▪ Commutative laws (a + b) mod n = (b + a) mod n
(a b) mod n = (b a) mod n
▪ Associative laws [(a + b) + c] mod n = [a + (b + c)] mod n
[(a b) c] mod n = [a (b c)] mod n
▪ Distributive laws [a (b + c)] mod n = [(a b) + (a c)] mod n
▪ Identities (a + 0) mod n = a mod n
(a 1) mod n = a mod n
▪ Additive inverse (-a) a Zn b s.t. a + b 0 mod n
▪ Multiplicative inverse (a-1) a (0) Zn, if a is relative prime to n,
b s.t. a b 1 mod n
▪ If n is not prime, Zn is a ring, but not a field
▪ Zp is a field
40.
41. ▪ Group
▪ A set of numbers with some addition operation whose result is also in
the set (closure)
▪ Obeys associative law, has an identity, has inverses
▪ If also is commutative its an abelian group
▪ Ring
▪ An abelian group with a multiplication operation also
▪ Multiplication is associative and distributive over addition
▪ If multiplication is commutative, its a commutative ring
▪ e.g., integers mod N for any N
▪ Field
▪ An abelian group for addition
▪ A ring
▪ An abelian group for multiplication (ignoring 0)
▪ e.g., integers mod P where P is prime
42. ▪ If p is prime and a is a positive integer not divisible by p, then
ap-1 1 mod p
▪ Proof
▪ Start by listing the first p – 1 positive multiples of a:
a, 2a, 3a, …, (p-1)a
Suppose that ra and sa are the same modulo p, then we have r s mod p, so
the p-1 multiples of a above are distinct and nonzero; that is, they must be
congruent to 1, 2, 3, …, p-1 in some order. Multiply all these congruences
together and we find
a 2a 3a … (p-1)a 1 2 3 … (p-1) mod p
or better, ap-1(p-1)! (p-1)! mod p. Divide both side by (p-1)! to complete
the proof
▪ Corollary
▪ If p is prime and a is any positive integer, then
ap a mod p
43. ▪ Euler’s totient function (n) is the number of positive integers less
than n (including 1) and relatively prime to n
▪ (p) = p-1
▪ (1) = 1 (Definition)
▪ Let p and q be distinct prime numbers, n = pq. Then
(pq) = (p)(q) = (p-1)(q-1)
▪ Proof
▪ Consider Zn = {0, 1, …, pq-1}
▪ The residues not relatively prime to n are 0, {p, 2p, …, (q-1)p}, and
{q, 2q, …, (p-1)q}
▪ So (pq) = pq - (1 + (q-1) + (p-1)) = pq - p - q + 1 = (p-1)(q-1)
45. ▪ Generalization of Fermat’s little theorem
▪ For every a and n that are relatively prime,
▪ a(n) 1 mod n
▪ Proof
▪ The proof is completely analogous to that of the Fermat's Theorem
except that instead of the set of residues {1,2,...,n-1} we now
consider the set of residues {x1,x2,...,x(n)} which are relatively prime
to n. In exactly the same manner as before, multiplication by a
modulo n results in a permutation of the set {x1, x2, ..., x(n)}.Therefore,
two products are congruent:
x1x2 ... x(n) (ax1)(ax2) ... (ax(n)) mod n
dividing by the left-hand side proves the theorem.
▪ Corollary
a(n)+1 a mod n
46. ▪ Corollaries
▪ Given two prime numbers, p and q, and integers n = pq and
m, with 0<m<n,
m(n)+1 = m(p-1)(q-1)+1 m mod n
(Demonstrate the validity of the RSA algorithm)
mk(n) 1 mod n
mk(n)+1 m mod n
47. ▪ Miller-Ravin primality test
▪ Can be used to determine if a large number is prime
▪ Based on the following theorem
▪ If p is an odd prime, then the equation
x2 ≡ 1 (mod p)
has only two solutions – namely, x ≡1 (mod p) and x ≡ −1 (mod p)
▪ Proof
▪ Omitted
▪ If there exist solutions to x2 ≡ 1 (mod n) other than 1,then n is not prime
48. ▪ An efficient way to compute ab mod n
▪ Repeated squaring
▪ Computes ac mod n as c is
increased from 0 to b
▪ Each exponent computed
in a sequence is either twice
the previous exponent or
one more than the previous
exponent
▪ Each iteration of the loop
uses one of the identities
a2c mod n = (ac)2 mod n,
a2c+1 mod n = a (ac)2 mod n
depending on whether bi = 0 or 1
▪ Just after bit bi is read and processed, the value of c is the same as the prefix
Modular-Exponentiation(a, b, n)
1. c 0
2. d 1
3. let bkbk-1…b0 be the binary
representation of b
4. for i k downto 0
5. do c 2c
6. d (d d) mod n
7. if bi = 1
8. then c c + 1
9. d (d a) mod n
10. return d
49. ▪ Example
▪ Result of Modular-Exponentiation algorithm for ab mod n, where a = 7, b =
560 = 1000110000, n = 561.The values are shown after each execution of the
for loop
Modular-Exponentiation(a, b, n)
1. c 0
2. d 1
3. let bkbk-1…b0 be the binary representation of b
4. for i k downto 0
5. do c 2c
6. d (d d) mod n
7. if bi = 1
8. then c c + 1
9. d (d a) mod n
10. return d
50. ▪ Core algorithm is WITNESS(a, n)
▪ n : inputs to WITNESS, to be
tested for primality,
▪ a : some randomly chosen
integer, 1 a < n
▪ WITNESS(a, n) is TRUE if and
only if a is a “witness” to the
compositeness of n – that is, if it
is possible using a to prove that
n is composite
▪ If WITENSS returns FALSE, then
n may be prime
WITNESS (a, n)
1. let bkbk-1…b0 be the binary rep. of (n-1)
2. d 1
3. for i k downto 0
4. do x d
5. d (d d) mod n
6. if d =1 and x 1 and x n –1
7. then return TRUE
8. if bi = 1
9. then d (d a) mod n
10. if d 1
11. then return TRUE
12. return FALSE
51. WITNESS (a, n)
1. let bkbk-1…b0 be the binary rep. of (n-1)
2. d 1
3. for i k downto 0
4. do x d
5. d (d d) mod n
6. if d =1 and x 1 and x n –1
7. then return TRUE
8. if bi = 1
9. then d (d a) mod n
10. if d 1
11. then return TRUE
12. return FALSE
• Lines 3-9 compute d as an-1 mod n (identical to that employed by
Modular-Exponentiation)
• Whenever squaring step is performed on line 5, lines 6,7 check to
see if nontrivial square root of 1 has just been discovered (x 1
(mod n) yet x2 1 (mod n)). If so, returns TRUE
• If WITENSS returns TRUE from line 11, then it has discovered that
d = an-1 mod n 1. If n is prime, however, by Fermat’s theorem
an-1 1 (mod n) for all a. Therefore, n cannot be prime
52. MILLER_RAVIN (n, s)
1. for j 1 to s
2. do a RANDOM(1, n-1)
3. if WITNESS(a, n)
4. then return COMPOSITE
5. return PRIME
• Miller-Ravin Primaility Test
• Probabilistic search
• Repeatedly invoke s times WITNESS(n,a) using
randomly chosen values for a, if return false, then
the probability that n is prime is at least 1 – 2-s
53. ▪ Based on the following theorem
▪ gcd(a, b) = gcd(b, a mod b)
▪ Proof
▪ If d = gcd(a, b), then d|a and d|b
▪ For any positive integer b, a = kb + r ≡ r mod b, a mod b = r
▪ a mod b = a – kb (for some integer k)
▪ because d|b, d|kb
▪ because d|a, d|(a mod b)
∴ d is a common divisor of b and (a mod b)
▪ Conversely, if d is a common divisor of b and (a mod b), then d|kb and d|[ kb+(a
mod b)]
▪ d|[ kb+(a mod b)] = d|a
∴ Set of common divisors of a and b is equal to the set of common divisors of b and
(a mod b)
▪ ex) gcd(18,12) = gcd(12,6) = gcd(6,0) = 6
gcd(11,10) = gcd(10,1) = gcd(1,0) = 1
54. ▪ Recursive algorithm
Function Euclid (a, b) /* assume a b 0 */
if b = 0 then return a
else return Euclid(b, a mod b)
▪ Iterative algorithm
Euclid(d, f) /* assume d > f > 0 */
1. X d; Y f
2. if Y=0 return X = gcd(d, f)
3. R = X modY
4. X Y
5. Y R
6. goto 2
55. ▪ If gcd(d, f) =1, d has a multiplicative inverse modulo f
▪ Euclid’s algorithm can be extended to find the multiplicative inverse
▪ In addition to finding gcd(d, f), if the gcd is 1, the algorithm returns
multiplicative inverse of d (modulo f)
Extended Euclid(d, f)
1. (X1, X2, X3) (1, 0, f); (Y1, Y2, Y3) (0, 1, d)
2. If Y3 = 0 return X3 = gcd(d, f); no inverse
3. If Y3 = 1 return Y3 = gcd(d, f); Y2 = d-1 mod f
4. Q = X3/Y3
5. (T1, T2, T3) (X1 − QY1, X2 − QY2, X3 − QY3)
6. (X1, X2, X3) (Y1, Y2, Y3)
7. (Y1, Y2, Y3) (T1, T2, T3)
8. goto 2
57. ▪ Let M = m1 m2 m3 … mk, where mi’s are pairwise relatively prime,
i.e., gcd(mi, mj) = 1, 1 ≤ i≠j ≤ k
▪ Assertion
▪ A (a1, a2,…..,ak), where A ZM, ai Zmi
, and ai = A mod mi for 1 ≤ i ≤ k
▪ One to one correspondence(bijection) between ZM and the Cartesian product Zm1
Zm2 …. Zmk
▪ For every integer A such that 0 ≤ A < M, there is a unique k-tuple (a1, a2,…..,ak) with
0 ≤ ai < mi
▪ For every such k-tuple (a1, a2,…..,ak), there is a unique A in ZM
▪ Transformation from A to (a1, a2,…..,ak) is unique
▪ Computing A from (a1, a2,…..,ak) is done as follows
▪ Let Mi = M/mi for 1 ≤ i ≤ k, i.e., Mi = m1 m2 … mi-1 mi+1 … mk
▪ Note that Mi ≡ 0 (mod mj) for all j ≠ i
▪ Let ci = Mi x (Mi
-1 mod mi) for 1 ≤ i ≤ k
▪ Then A ≡ (a1c1+ a2c2 + … + akck) mod M
▪ ai = A mod mi, since cj ≡ Mj ≡ 0 (mod mi) if j≠ i and ci ≡ 1 (mod mi)
58. ▪ Operations performed on the elements of ZM can be equivalently performed
on the corresponding k-tuples by performing the operation independently
in each coordinate position
▪ ex) A ↔ (a1, a2, ... ,ak), B ↔ (b1, b2, … ,bk)
(A + B) mod M ↔ ((a1 + b1) mod m1, … ,(ak + bk) mod mk)
(A − B) mod M ↔ ((a1 − b1) mod m1, … ,(ak − bk) mod mk)
(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)
▪ CRT provides a way to manipulate (potentially large) numbers mod M
in term of tuples of smaller numbers
59. ▪ Example
▪ Let m1 = 37, m2 = 49, M = m1 m2 = 1813, A = 973
▪ M1 = 49, M2 = 37
▪ Using the extended Euclid’s alg. M1
-1 = 34 mod m1 and M2
-1 = 4 mod m2
▪ Taking residues modulo 37 and 49, 973 (11, 42)
▪ Suppose we want to add 678 to 973
▪ 678 (12, 41)
▪ Add the tuples element-wise → (11+12 mod 37, 42+41 mod 49) = (23, 34)
▪ To verify, we compute
▪ (23, 34) (a1c1+ a2c2) mod M = (a1M1M1
-1 + a2M2M2
-1 ) mod M
= [(23)(49)(34) + (34)(37)(4)] mod 1813 = 1651
▪ which is equal to (678 + 973) mod 1813 = 1651
60. ▪ Consider the powers of an integer a, modulo n
▪ a mod n, a2 mod n, a3 mod n, …, am mod n, …
▪ The least positive exponent m for which am ≡ 1 mod n is referred to:
▪ The order of a (mod n)
▪ The exponent to which a belongs (mod n)
▪ The length of the period generated by a
▪ If a and m are relatively prime, there is at least one integer m that
satisfies am ≡ 1 mod n, namely m = (n)
▪ If a, a2, …, a(n) are distinct (mod n) and all are relatively prime to n, a is
called a primitive root (generator)
▪ In particular, for a prime number p, if a is a primitive root of p, then a, a2,
…, ap-1 are distinct
▪ Not all integers have primitive roots.The only integers with primitive
roots are those of the form 2, 4, p, and 2p, where p is any odd prime
62. ▪ For any integer b and primitive root a of prime number p, there is a
unique exponent i s.t.
b ≡ ai mod p where 0 ≤ i ≤ (p-1)
▪ This exponent i is referred to as the index of the number b for the base
a (mod p), and denoted as inda,p(b)
▪ inda,p(1) = 0, (a0 mod p = 1 mod p = 1)
▪ inda,p(a) = 1, (a1 mod p = a)
▪ Example
▪ Ind2,19(a)
63. ▪ By def. of indices, x = ainda,p(x) mod p, y = ainda,p(y) mod p,
xy = ainda,p(xy) mod p
▪ Using the rules of modular multiplication, ainda,p(xy) mod p = (ainda,p(x)
mod p)(ainda,p(y) mod p) = (ainda,p(x)+inda,p(y)) mod p
▪ Euler’s theorem state that for every a and n that are relatively prime,
a(n) ≡ 1 mod n
▪ Any positive integer z can be expressed in the form z = q + k(n).
Therefore, by Euler’s theorem az = aq mod n if z = q mod
(n)
∴ inda,p(xy) = [inda,p(x) + inda,p(y)] mod (p)
∴ inda,p(yr) = [r inda,p(y)] mod (p)
▪ Demonstrates the analogy between true logarithms and indices.
Indices often referred to as discrete logarithms
64.
65. ▪ Calculation of Discrete Logarithms
▪ y = gx mod p
▪ Given g, x, p, it is a straightforward matter to calculate y
▪ Given g, y, p, it is very difficult to calculate to x (discrete logarithm)
▪ The difficulty seems to be on the same order as that of factoring primes required
for RSA
▪ Time complexity: O(e((ln p)1/3 ln(ln p))2/3
)
66. ▪ Another perspective on network security;William Stallings;
University of Washington; 2011
▪ Network security; Justin Weisz, Srinivasan Seshan; Carnegie
Mellon University; 2002
▪ Introduction to security; Budi Rahardjo; Institut Teknologi
Bandung; 2016
67. Please classify each of the following as a violation of confidentiality,
integrity, availability, authenticity, or some combination of these
▪ John copies Mary’s homework.
▪ Paul crashes Linda’s system.
▪ Gina forges Roger’s signature on a deed.
68. ▪ Metoda state-of-the-art untuk peningkatan keamanan jaringan
▪ Security for IoT and sensor network →
▪ Security for 5G network →
▪ Security for SDN →
▪ Security for WiFi and Vanet →
▪ Security for IPv6 network
▪ Security for cloud →
▪ Application layer security: Image, video, and audio watermarking →
▪ Application layer security: video fingerprinting