This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
The presentation covers the topic concerned with message authentication code, which is used to verify the message integrity (Message is modified or not?).
a message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. In this paper, we have explained the hashing algorithm of MD5 and also proposed how to use it for file transmission and for hashing any string.
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
The presentation covers the topic concerned with message authentication code, which is used to verify the message integrity (Message is modified or not?).
a message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula. Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. In this paper, we have explained the hashing algorithm of MD5 and also proposed how to use it for file transmission and for hashing any string.
This material covers Authentication requirement, Authentication function, MAC, Hash function, Security of hash function and MAC, SHA, Digital signature and authentication protocols, DSS, Authentication protocols like Kerberos and X.509, entity authentication
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Unit IV Knowledge and Hybrid Recommendation System.pdfArthyR3
This document details the knowledge based recommendation system and hybrid recommendation system. A knowledge and hybrid recommendation system combines the capabilities of knowledge-based and hybrid recommendation systems to provide personalized recommendations to users.
This tutorial provides an overview of content-based recommender systems, a type of recommendation system that suggests items based on the features of the items and a profile of the user's preferences. It covers the basic concepts, algorithms, and implementation steps involved in building a content-based recommender system.
This is a quick reference document that comprises the entire concepts of Java Programming. This document covers, the basic of OOPs, features of Java, basics of Java, Inheritance, Interface, Exception, Generic, Stream, Collection, Multithreading, Swings, etc.
This document helps to understand the basics of expressjs and codes related nodejs. The document covers the middleware concepts, routing in nodejs and session management in nodejs.
This document is to guide in the basic topics of cryptographic and network security. The detail insight of classical encryption algorithm is given here. The step by step process is clearly explained in this document.
JAVA - A Quick Reference
A quick guide to learn more about JAVA Programming. This covers the core concepts of JAVA with OOP concepts. This also covers swing programming.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
3. • Message authentication is concerned with:
Protecting the integrity of a message
Validating identity of originator
Non-repudiation of origin (dispute resolution)
• Will consider the security requirements
• Then three alternative functions used:
Message encryption
Message authentication code (MAC)
Hash function
Message Authentication
5. Message Encryption
• Message encryption by itself also provides a measure of
authentication.
• If symmetric encryption is used then:
Receiver know sender must have created it since only
sender and receiver know the key used
Content of the message cannot be altered if the message
has a suitable structure, redundancy or a checksum to
detect any changes
6. Message Encryption
• If public-key encryption is used:
Encryption provides no confidence of sender, since anyone
potentially knows public-key.
However, if sender signs message using their private-key,
then encrypts with recipients public key, provides both
secrecy and authentication.
Again need to recognize corrupted messages.
But at cost of two public-key uses on message.
11. Message Authentication Code (MAC)
• Generated by an algorithm that creates a small fixed-sized
block
Depending on both message and some key.
Like encryption though need not be reversible.
• Appended to message as a signature.
• Receiver performs same computation on message and checks
it matches the MAC.
• Provides assurance that message is unaltered and comes from
sender.
12. Message Authentication Code (MAC)
• A message authentication code (MAC), also known as a
cryptographic checksum, is an authentication technique
involves the use of a secret key to generate a small fixed-size
block of data.
15. Message Authentication Codes (MACs)
• As shown the MAC provides confidentiality.
• Can also use encryption for secrecy:
Generally use separate keys for each.
Can compute MAC either before or after encryption.
Is generally regarded as better done before.
• Why use a MAC?
Sometimes only authentication is needed.
Sometimes need authentication to persist longer than the
encryption (e.g., archival use).
• Note that a MAC is not a digital signature.
16. MAC Properties
• A MAC is a cryptographic checksum.
MAC = CK(M)
• Condenses a variable-length message M
• using a secret key K
• to a fixed-sized authenticator.
• It is a many-to-one function
Potentially many messages have same MAC.
Finding these needs to be very difficult.
17. Requirements for MACs
• Taking into account the types of attacks.
• Need the MAC to satisfy the following:
1. Knowing a message and MAC, is infeasible to find
another message with same MAC.
2. MACs should be uniformly distributed.
3. MAC should depend equally on all bits of the message.
18. Message Authentication Code Based on DES
• Can use any block cipher chaining mode and use final block as
a MAC.
• Data Authentication Algorithm (DAA) is a widely used MAC
based on DES-CBC.
Using IV=0 and zero-pad of final block.
Encrypt message using DES in CBC mode.
Send just the final block as the MAC or the leftmost M bits
(16≤M≤64) of final block.
• But final MAC is now too small for security.
21. Hash Functions
• A hash function h is generated by a function H of the form:
h = H(M)
• Condenses arbitrary message to fixed size; usually assume that
the hash function is public and not keyed as compared to MAC
which is keyed.
• Hash used to detect changes to message.
• Can use in various ways with message.
• Most often to create a digital signature.
26. Hash Function Properties
• A Hash Function produces a fingerprint of some
file/message/data
h = H(M)
Condenses a variable-length message M to a fixed-sized
fingerprint.
• Assumed to be public.
27. Other Hash Function Uses
to create a one-way password file
store hash of password not actual password
for intrusion detection and virus detection
keep & check hash of files on system
pseudorandom function (PRF) or pseudorandom number
generator (PRNG)
28. Requirements for Hash Functions
1. Can be applied to any sized message M.
2. Produces fixed-length output h.
3. It is easy to compute h=H(M) for any message M.
4. Given h is infeasible to find x (H(x)=h)
• One-way property
5. Given x is infeasible to find y (H(y)=H(x))
• Weak collision resistance
6. It is infeasible to find any x, y (H(y)=H(x))
• Strong collision resistance
29. consider two simple insecure hash functions
bit-by-bit exclusive-OR (XOR) of every block
Ci = bi1 xor bi2 xor . . . xor bim
a longitudinal redundancy check
reasonably effective as data integrity check
one-bit circular shift on hash value
for each successive n-bit block
rotate current hash value to left by1bit and XOR block
good for data integrity but useless for security
Simple Hash Functions
30. Simple Hash Function Using Bitwise XOR
Bit 1 Bit 2 … Bit n
Block 1 b11 b21 … bn1
Block 2 b12 b22 … Bn2
… … … … …
Block m b1m b2m … bnm
Hash Code C1 C2 … Cn
34. have brute-force attacks and cryptanalysis
a preimage or second preimage attack
find y s.t. H(y) equals a given hash value
collision resistance
find two messages x & y with same hash so H(x)
= H(y)
hence value 2m/2 determines strength of hash code
against brute-force attacks
128-bits inadequate, 160-bits suspect
Attack on Hash Function
35. Birthday Attacks
• Might think a 64-bit hash is secure, but by Birthday Paradox is
not
• Birthday attack works thus:
given user prepared to sign a valid message x
opponent generates 2
m/2 variations x’ of x, all with
essentially the same meaning, and saves them
opponent generates 2
m/2 variations y’ of a desired
fraudulent message y
two sets of messages are compared to find pair with same
hash (probability > 0.5 by birthday paradox)
have user sign the valid message, then substitute the
forgery which will have a valid signature
conclusion is that need to use larger MAC/hash
36. General Structure of Secure Hash code
L
cryptanalytic attacks exploit some property of alg so faster
than exhaustive search
hash functions use iterative structure
process message in blocks (incl length)
attacks focus on collisions in function f
37. Block Ciphers as Hash Functions
• Can use block ciphers as hash functions
Using H0=0 and zero-pad of final block
compute: Hi = EMi
[Hi-1]
Use final block as the hash value
Similar to CBC but without a key
• Resulting hash is too small (64-bit)
Due to direct birthday attack
Due to “meet-in-the-middle” attack
• Other variants also susceptible to attack
38. Hash Functions and MAC Security
• Brute-force attacks exploiting:
Strong collision resistance hash have cost 2
m/2.
Have proposal for hardware MD5 cracker.
128-bit hash looks vulnerable, 160-bits better.
MACs with known message-MAC pairs
Can either attack keyspace (key search) or MAC.
At least 128-bit MAC is needed for security.
39. • Cryptanalytic attacks exploit structure
Like block ciphers want brute-force attacks to be the best
alternative.
• Have a number of analytic attacks on iterated hash functions.
CVi = f[CVi-1, Mi]; H(M)=CVN
Typically focus on collisions in function f.
Like block ciphers is often composed of rounds.
Attacks exploit properties of round functions.
Hash Functions and MAC Security
41. 41
MD5
designed by Ronald Rivest (the “R” in RSA)
latest in a series of MD2, MD4
produces a 128-bit hash value
until recently was the most widely used hash algorithm
in recent times have both brute-force & cryptanalytic
concerns
specified as Internet standard RFC1321
42. 42
MD5 OVERVIEW
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 4-word (128-bit) MD buffer
(A,B,C,D)
4. process message in 16-word (512-bit) blocks:
using 4 rounds of 16 bit operations on message
block & buffer
add output to buffer input to form new buffer value
5. output hash value is the final buffer value
44. IMPLEMENTATION STEPS
Step 1: Append padding bits
The message is Padded so that its bit length ≡ 448 mod 512
(i.e., the length of padded message is 64 bits less than an
integer multiple of 512 bits)
Padding is always added, even if the message is already of
the desired length (1 to 512 bits)
Padding bits: 1000….0 (a single 1-bit followed by the
necessary number of 0-bits)
45. IMPLEMENTATION STEPS
Step 2: Append length A 64-bit length
contains the length of the original message modulo 264
The expanded message is Y0, Y1, …, YL-1; the total length is
L × 512 bits
The expanded message can be thought of as a multiple of 16
32-bit words
Let M[0 … N-1] denote the word of the resulting message,
where N = L × 16
46. IMPLEMENTATION STEPS
Step 3: Initialize MD buffer
128-bit buffer (four 32-bit registers A,B,C,D) is used to hold
intermediate and final results of the hash function
A,B,C,D are initialized to the following values
A = 67452301
B = EFCDAB89
C = 98BADCFE
D = 10325476
Stored in little-endian format (least significant byte of a word
in the low-address byte position)
word A : 01 23 45 67 (low address … high address)
word B : 89 AB CD EF
word C : FE DC BA 98
word D : 76 54 32 10
47. IMPLEMENTATION STEPS
Step 4: Process message in 512-bit (16-word) blocks
Heart of the algorithm called a compression function Consists
of 4 rounds
The 4 rounds have a similar structure, but each uses a
different primitive logical functions, referred to as F, G, H,
and I
Each round takes as input the current 512-bit block (Yq), 128-
bit buffer value ABCD and updates the contents of the buffer
Each round also uses the table T[1 … 64], constructed from
the sine function; T[i] = 232 × abs(sin(i))
The output of 4th round is added to the CVq to produce
CVq+1
48.
49. IMPLEMENTATION STEPS
Step 5: Output
After all L 512-bit blocks have been processed, the output
from the Lth stage is the 128- bit message digest
CV0 = IV
CVq+1 = SUM32(CVq, RFI[Yq, RFH[Yq, RFG[Yq, RFF[Yq, CVq]]])
MD = CVL
Where
IV = initial value of the ABCD buffer, defined in step 3
Yq = the qth 512-bit block of the message
L = the number of blocks in the message (including padding and
length fields)
CVq = chaining variable processed with the qth block of the message
RFx = round function using primitive logical function x
MD = final message digest value
SUM32 = addition modulo 232 performed separately on each word
50. MD5 COMPRESSION FUNCTION
Each round consists of a sequence of 16 steps operating on the
buffer ABCD
Each step is of the form
a ← b + (( a + g(b, c, d) + X[k] + T[i] <<< s )
where a,b,c,d = the 4 words of the buffer, in a specified order that varies
across steps g = one of the primitive functions F, G, H, I
<<s = circular left shift (rotation) of the 32-bit arguments by s bits
X[k] = M[q × 16 + k] = the kth 32-bit word in the qth 512-bit block of the
message
T[i] = the ith 32-bit word in table T
+ = addition modulo 232 `
52. MD5 OPERATION
One of the 4 primitive logical functions is used in each 4
rounds of the algorithm
Each primitive function takes three 32-bit words as input
and produces a 32-bit word output
Each function performs a set of bitwise logical
operations
53. MD4
precursor to MD5
also produces a 128-bit hash of message
has 3 rounds of 16 steps versus 4 in MD5
design goals:
collision resistant (hard to find collisions)
direct security (no dependence on "hard" problems)
fast, simple, compact
favors little-endian systems (eg PCs)
54. STRENGTH OF MD5
MD5 hash is dependent on all message bits
Rivest claims security is good as can be
known attacks are:
Berson 92 attacked any 1 round using differential
cryptanalysis (but can’t extend)
Boer & Bosselaers 93 found a pseudo collision (again
unable to extend)
Dobbertin 96 created collisions on MD compression
function (but initial constants prevent exploit)
conclusion is that MD5 looks vulnerable soon
56. OVERVIEW
Developed by NIST (National Institute of Standards and
Technology)
Published as a FIPS 180 in 1993
A revised version is issued as FIPS 180-1 IN 1995
Generally referred to as SHA-1
SHA is based on the hash function MD4 and its design closely
models MD4.
SHA- 1 produces a hash value of 160 bits.
Revised version of the standard, FIPS 180-2, that defined three new
versions of SHA, with hash value lengths of 256, 384 and 512 bits,
known as SHA-256, SHA-384 and SHA-512.
57. SHA OVERVIEW
1. pad message so its length is 896 mod 1024
2. append a 128-bit length value to message
3. initialise 8-word (512-bit) buffer (A,B,C,D,E,F,G,H)
4. process message in 128-word (1024-bit) chunks:
5. output hash value is the final buffer value
59. IMPLEMENTATION STEPS
Step 1: Append padding bits
The message is Padd d so that its bit length is congruent to
896 modulo 1024 [length K ≡ 896 mod 1024]
Padding is always added, even if the message is already of
the desired length.
Thus, the number of padding bits is in the range of 1 to 1024.
The padding consists of a single 1-bit followed by the
necessary number of 0-bits.
60. IMPLEMENTATION STEPS
Step 2: Append length
A block of 128-bits is appended to the message.
This block is treated as an unsigned 128-bit integer (most
significant byte first) and contains the length of the original
message (before the padding).
The outcome of the first two steps yields a message that is an
integer multiple of 1024 bits in length.
In Figure, the expanded message is represented as the
sequence of 1024-bit blocks M1, M2,.., Mn, so that the total
length of the expanded message is N x 1024 bits.
61. IMPLEMENTATION STEPS
Step 3: Initialize hash buffer
A 512-bit buffer is used to hold intermediate and final results of the hash
function.
The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f, g and
h).
These registers are initialized to the following 64-bit integers (hexadecimal
values):
These values are stored in big-endian format, which is the most significant
byte of a word in the low-address (leftmost) byte position.
These words were obtained by taking the first sixty-four bits of the
fractional parts of the square roots of the first eight prime numbers.
62. IMPLEMENTATION STEPS
Step 4: Process message in 1024-bit (128-word) blocks
The heart of the algorithm is a module that consists of 80 rounds; this
module is labeled F in above figure.
Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
At input to the first round, the buffer has the value of the intermediate
hash value, Hi-1.
Each round t makes use of a 64-bit value Wt, derived from the current
1024-bit block being processed (Mi).
Each round also makes use of an additive constant Kt, where 0 ≤ t ≤ 79
indicates one of the 80 rounds.
The output of the eightieth round is added to the input to the first round
(Hi-1) to produce Hi. The addition is done independently for each of the
eight words in the buffer with each of the corresponding words in Hi-1,
using addition modulo 264.
63.
64. IMPLEMENTATION STEPS
Step 5: Output
After all N 1024-bit blocks have been processed, the output
from the Nth stage is the 512-bit message digest.
H0 = IV,Hi = SUM64 (Hi-1, abcdefghi)
MD = HN
where,
IV = initial value of the abcdefgh buffer, defined in step 3.
abcdefghi = the output of the last round of processing of the ith
message block.
N = the number of blocks in the message (including padding and
length fields).
SUM64 = Addition modulo 264 performed separately on each word of
the pair of inputs.
MD = final message digest value.
69. HMAC DESIGN PRINCIPLES
To use, without modifications, in available hash functions. In
particular, to use hash functions that perform well in software
and for which code is freely and widely available.
To allow for easy replaceability of the embedded hash
function in case faster or more secure hash functions are
found or required.
To preserve the original performance of the hash function
without incurring a significant degradation.
To use and handle keys in a simple way.
To have a well understood cryptographic analysis of the
strength of the authentication mechanism based on reasonable
assumptions about the embedded hash function.
70. ALGORITHM
HMAC defines the following terms.
H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-
160) IV = initial value input to hash function
M = message input to HMAC (including the padding specified
in the embedded hash function)
Yi = i th block of M, 0 ≤ i ≤ (L - 1)
L = number of blocks in M
b = number of bits in a block
n = length of hash code produced by embedded hash fu ction
K = secret key; recommended length is ≥ n; if key length s
greater than b, the key is input to the hash function to produce
an n-bit key
K+ = K padded with zeros on the left so that the result is b bits
in length ipad = 00110110 (36 in hexadecimal) repeated b/8
times opad = 01011100 (5C in hexadecimal) repeated b/8
times
71.
72. ALGORITHM
The algorithm is as follows:
1. Append zeros to the left end of K to create a b-bit string K+
(e.g., if K is of length 160 bits and b = 512, then K will be
appended with 44 zeroes).
2. XOR (bitwise exclusive-OR) K+ with ipad to produce the b-
bit block Si.
3. Append M to Si.
4. Apply H to the stream generated in step 3.
5. XOR K+ with opad to produce the b-bit block So.
6. Append the hash result from step 4 to So.
7. Apply H to the stream generated in step 6 and output the
result.
85. INTRUDERS
significant issue for networked systems is hostile or
unwanted access
either via network or local
can identify classes of intruders:
masquerader
misfeasor
clandestine user
varying levels of competence
86. INTRUDERS
clearly a growing publicized problem
from “Wily Hacker” in 1986/87
to clearly escalating CERT stats
may seem benign, but still cost resources
may use compromised system to launch other
attacks
awareness of intruders has led to the development
of CERTs
87. INTRUSION TECHNIQUES
aim to gain access and/or increase privileges on a
system
basic attack methodology
target acquisition and information gathering
initial access
privilege escalation
covering tracks
key goal often is to acquire passwords
so then exercise access rights of owner
88. PASSWORD CAPTURE
another attack involves password capture
watching over shoulder as password is entered
using a trojan horse program to collect
monitoring an insecure network login
eg. telnet, FTP, web, email
extracting recorded info after successful login
(web history/cache, last number dialed etc)
using valid login/password can impersonate
user
users need to be educated to use suitable
precautions/countermeasures
89. INTRUSION DETECTION
inevitably will have security failures
so need also to detect intrusions so can
block if detected quickly
act as deterrent
collect info to improve security
assume intruder will behave differently to a
legitimate user
but will have imperfect distinction between
90. PASSWORD GUESSING
one of the most common attacks
attacker knows a login (from email/web page etc)
then attempts to guess password for it
defaults, short passwords, common word searches
user info (variations on names, birthday, phone,
common words/interests)
exhaustively searching all possible passwords
check by login or against stolen password file
success depends on password chosen by user
surveys show many users choose poorly
92. AUDIT RECORDS
fundamental tool for intrusion detection
native audit records
part of all common multi-user O/S
already present for use
may not have info wanted in desired form
detection-specific audit records
created specifically to collect wanted info
at cost of additional overhead on system
93. STATISTICAL ANOMALY DETECTION
threshold detection
count occurrences of specific event over time
if exceed reasonable value assume intrusion
alone is a crude & ineffective detector
profile based
characterize past behavior of users
detect significant deviations from this
profile usually multi-parameter
94. AUDIT RECORD ANALYSIS
foundation of statistical approaches
analyze records to get metrics over time
counter, gauge, interval timer, resource use
use various tests on these to determine if current
behavior is acceptable
mean & standard deviation, multivariate, markov
process, time series, operational
key advantage is no prior knowledge used
95. RULE-BASED INTRUSION DETECTION
observe events on system & apply rules to decide if
activity is suspicious or not
rule-based anomaly detection
analyze historical audit records to identify usage
patterns & auto-generate rules for them
then observe current behavior & match against rules to
see if conforms
like statistical anomaly detection does not require prior
knowledge of security flaws
96. RULE-BASED INTRUSION DETECTION
rule-based penetration identification
uses expert systems technology
with rules identifying known penetration, weakness patterns,
or suspicious behavior
compare audit records or states against rules
rules usually machine & O/S specific
rules are generated by experts who interview & codify
knowledge of security admins
quality depends on how well this is done
97. BASE-RATE FALLACY
practically an intrusion detection system needs to
detect a substantial percentage of intrusions with
few false alarms
if too few intrusions detected -> false security
if too many false alarms -> ignore / waste time
this is very hard to do
existing systems seem not to have a good record
98. DISTRIBUTED INTRUSION DETECTION
traditional focus is on single systems
but typically have networked systems
more effective defense has these working together
to detect intrusions
issues
dealing with varying audit record formats
integrity & confidentiality of networked data
centralized or decentralized architecture
101. HONEYPOTS
decoy systems to lure attackers
away from accessing critical systems
to collect information of their activities
to encourage attacker to stay on system so administrator can
respond
are filled with fabricated information
instrumented to collect detailed information on attackers
activities
single or multiple networked systems
cf IETF Intrusion Detection WG standards
102. PASSWORD MANAGEMENT
front-line defense against intruders
users supply both:
login – determines privileges of that user
password – to identify them
passwords often stored encrypted
Unix uses multiple DES (variant with salt)
more recent systems use crypto hash function
should protect password file on system
103. PASSWORD STUDIES
Purdue 1992 - many short passwords
Klein 1990 - many guessable passwords
conclusion is that users choose poor passwords too
often
need some approach to counter this
104. MANAGING PASSWORDS - EDUCATION
can use policies and good user education
educate on importance of good passwords
give guidelines for good passwords
minimum length (>6)
require a mix of upper & lower case letters, numbers,
punctuation
not dictionary words
but likely to be ignored by many users
105. MANAGING PASSWORDS - COMPUTER
GENERATED
let computer create passwords
if random likely not memorisable, so will be written
down (sticky label syndrome)
even pronounceable not remembered
have history of poor user acceptance
FIPS PUB 181 one of best generators
has both description & sample code
generates words from concatenating random
pronounceable syllables
106. MANAGING PASSWORDS - REACTIVE
CHECKING
reactively run password guessing tools
note that good dictionaries exist for almost any
language/interest group
cracked passwords are disabled
but is resource intensive
bad passwords are vulnerable till found
107. MANAGING PASSWORDS - PROACTIVE
CHECKING
most promising approach to improving password
security
allow users to select own password
but have system verify it is acceptable
simple rule enforcement (see earlier slide)
compare against dictionary of bad passwords
use algorithmic (markov model or bloom filter) to detect
poor choices
109. Establish a controlled link
Protect the premises network from Internet-based
attacks
Provide a single choke point
FIREWALL DESIGN PRINCIPLES:
110. Design Goals
All traffic from inside to outside must pass through
the firewall (physically blocking all access to the
local network except via the firewall)
Only authorized traffic (defined by the local security
police) will be allowed to pass
The firewall itself is immune to penetration (use of
trusted system with a secure operating system)
FIREWALL CHARACTERISTICS
112. Scope of Firewall
A firewall defines a single choke point that keeps unauthorized
users out of the protected network, prohibits potentially
vulnerable services from entering or leaving the network, and
provides protection from various kinds of IP spoofing and routing
attacks. The use of a single choke point simplifies security
management because security capabilities are consolidated on a
single system or set of systems.
A firewall provides a location for monitoring security-related
events. Audits and alarms can be implemented on the firewall
system.
A firewall is a convenient platform for several Internet functions
that are not security related. These include a network address
translator, which maps local addresses to Internet addresses, and
a network management function that audits or logs Internet
usage.
A firewall can serve as the platform for IPsec. Using the tunnel
mode capability described in Chapter 19, the firewall can be used
to implement virtual private networks
CONTD….
113. Limitations
The firewall cannot protect against attacks that bypass the
firewall. Internal systems may have dial-out capability to
connect to an ISP. An internal LAN may support a modem
pool that provides dial-in capability for traveling employees
and telecommuters.
The firewall may not protect fully against internal threats,
such as a disgruntled employee or an employee who
unwittingly cooperates with an external attacker.
An improperly secured wireless LAN may be accessed from
outside the organization. An internal firewall that separates
portions of an enterprise network cannot guard against
wireless communications between local systems on different
sides of the internal firewall.
A laptop, PDA, or portable storage device may be used and
infected outside the corporate network, and then attached and
used internally.
CONTD…
114. Applies a set of rules to each incoming IP packet and then
forwards or discards the packet
Filter packets going in both directions
The packet filter is typically set up as a list of rules based on
matches to fields in the IP or TCP header
Source IP address: The IP address of the system that originated the IP
packet (e.g., 192.178.1.1)
Destination IP address: The IP address of the system the IP packet is
trying to reach (e.g., 192.168.1.2)
Source and destination transport-level address: The transport-level (e.g.,
TCP or UDP) port number, which defines applications such as SNMP or
TELNET
IP protocol field: Defines the transport protocol
Interface: For a firewall with three or more ports, which interface of the
firewall the packet came from or which interface of the firewall the packet
is destined for
Two default policies (discard or forward)
Default = discard: That which is not expressly permitted is prohibited.
Default = forward: That which is not expressly prohibited is permitted
PACKET FILTERING ROUTERS:
117. Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
CONTD…
118. IP address spoofing
fake source address to be trusted
add filters on router to block
source routing attacks
attacker sets a route other than default
block source routed packets
tiny fragment attacks
split header info over several tiny packets
either discard or reassemble before check
CONTD…
119. An application-level gateway (or proxy server), acts
as a relay of application-level traffic.
The user contacts the gateway using a TCP/IP
application, such as Telnet or FTP, and the gateway
asks the user for the name of the remote host to be
accessed.
When the user responds and provides a valid user
ID and authentication information, the gateway
contacts the application on the remote host and
relays TCP segments containing the application
data between the two endpoints
APPLICATION-LEVEL GATEWAY
121. Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection
(gateway as splice point)
CONTD…
122. A circuit-level gateway relays two TCP connections,
one between itself and an inside TCP user, and the
other between itself and a TCP user on an outside
host.
Once the two connections are established, it relays
TCP data from one connection to the other without
examining its contents.
The security function consists of determining which
connections will be allowed.
It is typically used when internal users are trusted
to decide what external services to access.
CIRCUIT-LEVEL GATEWAY
124. A bastion host is a critical strong point in the
network’s security, serving as a platform for an
application-level or circuit-level gateway, or for
external services.
BASTION HOST
125. executes a secure version of its O/S, making it a trusted
system
has only essential services installed on the bastion host
may require additional authentication before a user may
access to proxy services
configured to use only subset of standard commands, access
only specific hosts
maintains detailed audit information by logging all traffic
each proxy module a very small software package designed for
network security
has each proxy independent of other proxies on the bastion
host
have a proxy performs no disk access other than read its initial
configuration file
have each proxy run as a non-privileged user in a private and
secured directory
PROPERTIES
126. In addition to the use of simple configuration of a
single system (single packet filtering router or
single gateway), more complex configurations are
possible
Three common configurations
FIREWALL CONFIGURATIONS
127. Screened host firewall system (single-homed
bastion host)
Henric Johnson 1
FIREWALL CONFIGURATIONS
128. Screened host firewall, single-homed bastion
configuration
Firewall consists of two systems:
A packet-filtering router
A bastion host
Henric Johnson 1
FIREWALL CONFIGURATIONS
129. Configuration for the packet-filtering router:
Only packets from and to the bastion host are allowed to
pass through the router
The bastion host performs authentication and proxy
functions
FIREWALL CONFIGURATIONS
130. Greater security than single configurations because
of two reasons:
This configuration implements both packet-level and
application-level filtering (allowing for flexibility in
defining security policy)
An intruder must generally penetrate two separate
systems
FIREWALL CONFIGURATIONS
131. This configuration also affords flexibility in
providing direct Internet access (public information
server, e.g. Web server)
FIREWALL CONFIGURATIONS
133. Screened host firewall, dual-homed bastion
configuration
The packet-filtering router is not completely
compromised
Traffic between the Internet and other hosts on the
private network has to flow through the bastion host
FIREWALL CONFIGURATIONS
135. Screened subnet firewall configuration
Most secure configuration of the three
Two packet-filtering routers are used
Creation of an isolated sub-network
FIREWALL CONFIGURATIONS
136. Advantages:
Three levels of defense to thwart intruders
The outside router advertises only the existence of the
screened subnet to the Internet (internal network is
invisible to the Internet)
FIREWALL CONFIGURATIONS
137. Advantages:
The inside router advertises only the existence of the
screened subnet to the internal network (the systems on
the inside network cannot construct direct routes to the
Internet)
FIREWALL CONFIGURATIONS
139. Determine what resources they can access
General model is that of access matrix with
subject - active entity (user, process)
object - passive entity (file or resource)
access right – way object can be accessed
can decompose by
columns as access control lists
rows as capability tickets
ACCESS CONTROL
142. There are varying degrees of sensitivity of
information
Eg. military info classifications: confidential, secret
etc
subjects (people or programs) have varying
rights of access to objects (information)
Want to consider ways of increasing confidence
in systems to enforce these rights
known as multilevel security
subjects have maximum & current security level
objects have a fixed security level classification
TRUSTED COMPUTER SYSTEMS
143. one of the most famous security models
implemented as mandatory policies on
system
has two key policies:
no read up (simple security property)
a subject can only read/write an object if the
current security level of the subject dominates (>=)
the classification of the object
no write down (*-property)
a subject can only append/write to an object if the
current security level of the subject is dominated by
(<=) the classification of the object
BELL LAPADULA (BLP) MODEL
145. governments can evaluate IT systems
against a range of standards:
TCSEC, IPSEC and now Common Criteria
define a number of “levels” of evaluation with
increasingly stringent checking
have published lists of evaluated products
though aimed at government/defense use
can be useful in industry also
EVALUATED COMPUTER SYSTEMS