Week 9 – Important updates from unit coordinator
Deakin University CRICOS Provider Code: 00113B
SIT182 – Real World Practices For Cyber Security
Trimester 2 – 2021
Deakin College
Week 9 – Important
updates from unit
coordinator
Deakin University CRICOS Provider Code: 00113B
• Held during the day and time specified on examination timetable
• Online Exam through the Unit Site
• Open book
• Short answer + scenarios covering the Pass-level tasks, and Lecture content
• Advice on how to best prepare in Week 12’s lecture
Final Exam – Hurdle, 20%
2
Deakin University CRICOS Provider Code: 00113B
Final Exam – Hurdle, 20%
3
Deakin University CRICOS Provider Code: 00113B
Please do not leave tasks until late.
Important Reminder
4
Deakin University CRICOS Provider Code: 00113B
SIT182 – Real World Practices For Cyber Security
Trimester 2 – 2021
Deakin College
Week 9 – Part 1
Deakin University CRICOS Provider Code: 00113B
Cryptography –
Public Key, Hash, and Digital Certificates
6
Topics,
Deakin University CRICOS Provider Code: 00113B
7
• Secret (or Symmetric) key cryptography showed us the difficulties of distributing keys and
potentially having to maintain large numbers of them.
• Public (or asymmetric) key cryptography, on the other hand, is an encryption scheme where each
person creates a pair of keys, called the public key and the private key.
• Each person’s public key is published freely while the private key is kept secret. Messages are
encrypted using the intended recipient’s public key and can only be decrypted using the recipient’s
private key (or the other way round for different purpose as will discussed later).
• Reduced effort for key management, no shared secret!
From Symmetric to Asymmetric
Deakin University CRICOS Provider Code: 00113B
8
Overview of Public Key Encryption
Private key
Deakin University CRICOS Provider Code: 00113B
9
Public Key Encryption: The History
• In 1976, Whitfield Diffie and Martin Hellman proposed public key encryption (asymmetric
encryption) in theory in which different keys are used for encryption and decryption.
• In 1997, it was disclosed that asymmetric key algorithms had been developed in the early 1970’s by
the British Government’s Communication Headquarters (GCHQ). They referred to the technique as
non-secret encryption.
Deakin University CRICOS Provider Code: 00113B
10
Key Requirement of any Public Key Encryption
The basis of any public key system is the identification of a one-way function: easily computed, but
difficult to invert without additional information.
Example: It is easy to multiply two large primes p and q. However, it is very difficult to factor pq to
recover p and q. But, given pq and either of p or q, it is straightforward to recover the other, simply
by dividing.
Public key: Alice choose two large prime number, p and q and annouce their product (i.e., pq) as
her public key. Bob can use Alice’s public key to encrypt a messges for Alice. But only Alice
knows p and q, hence is the only one who can decrypt the message.
• Like secret key (symmetric) schemes, brute force exhaustive search attack is always theoretically
possible
o But keys used are too large (>512bits)
Deakin University CRICOS Provider Code: 00113B
RSA Algorithm
11
• The RSA algorithm: The first real-world implementation of public key encryption was developed
by Ron Rivest, Adi Shamir and Leonard Adleman in 1977 and published in 1978.
• RSA is the most widely used public key cryptosystem.
Deakin University CRICOS Provider Code: 00113B
RSA Algorithm
12
• The Rivest-Shamir-Adelman (RSA) algorithm relies on the difficulty of factoring large numbers.
Two keys, e and d, are used for encrypt ion and decrypt ion.
The algorithm is such that: {{P}d}e = P = {{P}e}d.
A plaintext block P is encrypted as (Pe mod n). n is another very large integer.
d is chosen so that: (Pe )d mod n = P.
• An interceptor would have to factor Pe to recover the plaintext.
• The legitimate receiver knows d and merely computes (Pe)d mod n = P, which is much easier.
Deakin University CRICOS Provider Code: 00113B
Public Keys: Confidentiality
13
Assume pkA is A’s public key. Suppose B sends the following message to A: {M}pkA .
What assurances does A have?
• No-one intercepting the message could read it. Why?
• He can’t be sure it actually came from B. Why not?
Thus, secrecy (confidentiality) is achieved with the public key, but authenticity is not.
Deakin University CRICOS Provider Code: 00113B
Public Keys: Authentication
14
• Alice encrypts the message using Bob’s public key, and then encrypts using her private key.
• Bob decrypts using Alice’s public key -> No one else can send such a message (encrypted with Alice’s
private key)
o B is assured that the message was sent by A → Authentication
• Bob decrypts it with his private key to read the message (encrypted with Bob’s public key)
o No one else can decrypt→ Secrecy (confidentiality)
Important
Deakin University CRICOS Provider Code: 00113B
15
Efficiency of Encryption
• A public key encryption may take 10,000 times as long to perform as a symmetric encryption; the
computation depends on more complex operations, not on simple bit-wise operations.
• Symmetric encryption remains the work horse of commercial cryptography, with asymmetric
encryption playing some important special functions.
• Devising an asymmetric encryption algorithm depends on identifying a
one-way function, easy to compute but hard to invert.
• Public key systems largely solve the key distribution problem.
• Asymmetric algorithms are generally much less efficient than symmetric
algorithms.
Deakin University CRICOS Provider Code: 00113B
16
Key Protocols
• Public key algorithms are not as efficient at sending large amounts of data as secret-key
algorithms
• Public-key algorithms are often used to exchange secret session keys. Thereafter, symmetric
algorithms can be used to encrypt data exchanges between the parties.
• This approach addresses the key distribution problem!
Deakin University CRICOS Provider Code: 00113B
17
Key Protocol: Digital Envelopes/Session Keys
When Bob receives the message with the two attachments:
• he uses his private key to decrypt the secret key (i.e. the symmetric key),
• then uses this secret key to decrypt the message.
Deakin University CRICOS Provider Code: 00113B
18
Uses of Public Key Encryption
• Encryption/decryption (confidentiality or secrecy): the sender encrypt the message with the
recipient’s public key and recipient decrypt it with recipient’s private key.
• Digital signature (authentication): the sender ‘signs” a message with his/her private key and the
recipient decrypt the signed message with the sender’s public key.
• Session key exchange: Two communicating parties exchange a session key, which is a secret key for
conducting a symmetric encryption to complete a particular transaction (or session). The session
key is intended to be valid for a short period of time.
Confidentiality VS Integrity
• Confidentiality: private and secret message
• Integrity: protection against message tampering
• Encryption alone may not guarantee integrity: Attacker can modify message under encryption
without learning what it is !
• Public Key Crypto Standards (PKCS): “RSA encryption is intended primarily to provide
confidentiality… It is not intended to provide integrity”
• Both Confidentiality and integrity are needed for security
Solution for Integrity?
• Intuitively, you want to “bind” the bytes of a file together in a way that makes any alterations to
the file apparent.
• In other words, tamper-proof (or, tamper-resistant).
But, How?
Where have you seen this?
E.g., Downloads “Ubuntu 20.04 LTS”
Software distribution protection:
Good File
Tampered File
Hash(Good File)
For a Good File and Hash(Good File), it is infeasible to find a Tampered File
(containing rootkit or Trojan) such that Hash(Good File) = Hash(Tampered File )
Hash Functions
A hash function H is a function that converts variable-sized text into a small datum, usually a
fixed size integer.
A cryptographic hash function has the additional qualities:
• it is difficult to construct a text that has a given hash (the one-way property),
• it is difficult to modify a given text without changing its hash (Integrity),
• it is unlikely that two different messages will have the same hash (the collision-free
property).
The values returned by H are called hash values, hash codes, digests, or simply hashes.
Cryptographic hash functions are used to protect integrity.
large
message
m
H: Hash
Function
H(m)
Desirable Prosperities of Hash functions
• Desirable properties of H:
– Easy to calculate
– Irreversibility (the one-way property): Can’t determine message m from H(m)
– Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)
– Seemingly random output
large
message
m
H: Hash
Function
H(m)
Message digest of a hashing should have a random pattern
• Randomness: any bit in the digest is “1” half the time (i.e., the probabilities of 0 and
1 are equal: 0.5)
• Change input only one bit, and the hash will change half of the digest bits
• Diffusion: if the hash function does not exhibit the avalanche effect to a slight change
of input, then it has poor randomization, and thus a cryptanalyst can make
predictions about the input, being given only the output.
More About Randomness
But given message with given hash value, it is easy to find
another message with same hash value:
Internet checksum produces fixed length digest (16-bit sum) of message
I O U 1
0 0 . 9
9 B O B
49 4F 55 31
30 30 2E 39
39 42 D2 42
message ASCII format
B2 C1 55 AC
I O U 9
0 0 . 1
9 B O B
49 4F 55 39
30 30 2E 31
39 42 D2 42
message ASCII format
B2 C1 55 ACdifferent messages
but identical checksums!
Poor Crypto Hash Example
Standard Hash Function History
MD5 (128), 1991
MD4 (128), 1990
MD2 (128), 1989
SHA-0 (160), 1993
SHA-1 (160), 1995
SHA-2 (224, 256, 384, 512), 2001
RIPEMD(160, 256, 320), 2003
SHA-3 (new standard 2015)
No need to memories this ☺
Heavily used
Heavily used
Example: SHA-256
Plaintext
SHA-256 HASH
25cb49ac9fe6c97762db9a206f5a256364dd9524e5c6727ea94ed25bc51b127f
Phishing Explained
Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate sources like your bank,
your Internet Service Provider, eBay, or PayPal, for example. These messages usually direct you to a fake web site
………. URLs Don’t Match – Place your mouse over the link in the e-mail message. If the URL displayed in the window
of your browser is not exactly the same as the text of the link provided in the message, run. It’s probably a fake.
Sometimes the URLs do match and the URL is still a fake
Example: Diffusion in SHA-256
Plaintext: only change the first letter from P to Q
Qhishing Explained
Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate sources like your bank,
your Internet Service Provider, eBay, or PayPal, for example. These messages usually direct you to a fake web site
………. URLs Don’t Match – Place your mouse over the link in the e-mail message. If the URL displayed in the window
of your browser is not exactly the same as the text of the link provided in the message, run. It’s probably a fake.
Sometimes the URLs do match and the URL is still a fake
SHA-256 HASH
1db7baab198a6675875995f28ffc21f0c916009b990e75571e432644ac837d90
Quick simplified read about Avalanche Effect: https://computersciencewiki.org/index.php/SHA256,
https://en.wikipedia.org/wiki/Avalanche_effect
https://computersciencewiki.org/index.php/SHA256
Basic Structure of SHA-1
Against padding attacks
Split message into 512-bit blocks
Hash function
Applied to each 512-bit block
and current 160-bit buffer.
160-bit buffer (5 registers)
initialized with magic values
Message 100…0
64
bits
K bits
L x 512 bits = n x 32 bits
Padding
(1 to 512 bits)
Message length
(K mod 264)
Y0
512 bits
HIV
160
Y1
512 bits
H
160
Yi
512 bits
H
160
YL-1
512 bits
H
160
H1 Hi HL-1
160
160-bit
digest
….. …..
….. …..
For illustration, not examinable, details in Wu/Irwin reference
SHA properties
Algorithm Name Max.
Message Size
(bits)
Block Size
(bits)
Word size
(bits)
Digest
size (bits)
SHA-1 264 512 32 160
SHA-256 264 512 32 256
SHA-384 2128 1024 64 384
SHA-512 2128 1024 64 512
• No need to memorise this ☺, appreciate and consult table as needed.
• Note: 160 bit digest is consider unsafe with fast computers.
• More details in your Cryptography unit.
Integrity VS Authentication
• Suppose Alice creates msg m, and calculates hash H(m) using a hash function (e.g. SHA-1)
• Alice send the extended message (m, H(m)) to Bob
• Bob upon receipt of the message independently calculates H(m) from the message
• If H(m) [sent by Alice] = H(m) [computed by Bob], message integrity verified.
What if Trudy intercepts the original message by ALice, replaces it with a new message n and its hash
H(n) ?
HMAC
• Keyed-hash message authentication code: a message authentication code that uses a
cryptographic key in conjunction with a hash function
• Runs data and authentication key through hash function twice
• Hashing is faster than encryption in software
• Allow the use of any hash function, e.g., SHA-256, or SHA-512
• Used in Transport Layer Security (TLS) and IPsec.
(HTTPS: is HTTP protocol but with data encrypted using SSL/TLS protocol. Detail of TLS protocol and Ipsec in future units)
HMAC: Integrity and Authentication
m
s
(shared secret)
(message)
H(.) H(m,s)
public
Internet
append
m H(m,s)
s
compare
m
H(m,s)
H
(
.
)
H(m,s)
(shared secret)
• Authenticates sender
• Verifies message integrity
• No encryption! – Confidentiality not always needed
• Also called “keyed hash”.
HMAC
Digital signatures
• Suppose you write a(physical) check. What would you like to be true?
• A check is a tangible object authorizing the transaction. The signature on the
check confirmsauthenticity.
• In the case of an alleged forgery, a third party may be called to judge authenticity.
• The check is not alterable or alterations can be easily detected.
• The signature is part of the check, so cannot be easily removed and re-used.
Can we define a mechanism for signing a document digitally that has analogous
characteristics?
Digital signatures Properties
Cryptographic technique analogous to hand-written signatures:
• sender (Bob) digitally signs document, establishing he is document
owner/creator.
• verifiable, non-forgeable: recipient (Alice) can prove to someone that
Bob, and no one else (including Alice), must have signed document
Digital signatures Properties
Suppose A sends a message M to B with signature f (A , M): We’d like the signature to
have certain properties:
• unforgeable: it should be difficult for anyone but A to produce f (A , M);
• authentic: B can verify that A signed the document M;
• no repudiation: A cannot deny producing the signature;
• tamperproof: after being transmitted, M cannot be modified;
• not reusable: the signature cannot be detached and reused for another message.
simple digital signature for message m:
• Bob signs m by encrypting with his private key skB,
creating “signed” message, {m}skB
–
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
Bob’s message, m
Public key
encryption
algorithm
skB
Bob’s message,
m, signed
(encrypted) with
his private key
{m}skB
Digital signatures
Alternate presentation used in this slide for private and public key. This is to emphasize that in different resources you will refer
to different notations may be used.
Digital signatures
Alice thus verifies that:
• Bob signed m
• no one else signed m
• Bob signed m and not m‘
non-repudiation:
✓ Alice can take m, and signature {m}skB to court and prove that Bob signed m
❖ suppose Alice receives msg m, with signature: {m}skB
❖ Alice verifies m signed by Bob by applying Bob’s public key
pkB to {m}skB then checks {{m}skB}pkB = m.
❖ If {{m}skB}pkB = m, whoever signed m must have used Bob’s
private key.
–
Digital signature = signed message digest
Digital signature = signed message digest
• Alice uses a one-way hash function to generate a hash-code from the message data.
• She then encrypts the hash-code with her private key,
• Alice sends this encrypted hash-code and the message to Bob.
• Bob re-computes the hash-code from the message and decrypts the received hash with
Alice’s public key.
• If the two hash-codes are equal, Bob can be sure that data has not been corrupted and,
assuming her private key has not been compromised, that it came from Alice.
Process in the previous slide
Deakin University CRICOS Provider Code: 00113B
Acknowledgement
Acknowledging the kind support and contribution of:
Dr Arash Shaghaghi (Deakin University, Australia), Prof. Chang-Tsun Li (Deakin University, Australia), Prof. Sanjay
Jha (The University of New South Wales, Australia), Dr. Nicolas Courtois (University College London, UK), Dr. Young
(University of Texas at Austin, USA), and The Simpsons Family!
41