Wireless Security

Wireless LANs

• IEEE ratified 802.11 in 1997.
  
  • Also known as Wi-Fi.
• Wireless LAN at 1 Mbps & 2 Mbps.
• WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability.
  
  • Now Wi-Fi Alliance
• 802.11 focuses on Layer 1 & Layer 2 of OSI model.
  
  • Physical layer
  • Data link layer

802.11 Components
Two pieces of equipment defined:

• Wireless station
  
  • A desktop or laptop PC or PDA with a wireless NIC.
• Access point
  
  • A bridge between wireless and wired networks
  • Composed of
    
    • Radio
    • Wired network interface (usually 802.3)
    • Bridging software
  • Aggregates access for multiple wireless stations to wired network.

Wirelees 802.11 modes
Infrastructure mode:

• Basic Service Set (BSS)
  
  • One access point
• Extended Service Set
  
  • Two or more BSSs forming a single subnet.
• Most corporate LANs in this mode.

Ad-Hoc Mode:

• Also called peer-to-peer.
• Independent Basic Service Set
• Set of 802.11 wireless stations that communicate directly without an access point.
  
  • Useful for quick & easy wireless networks.

802.11 Physical Layer
Originally three alternative physical layers:

• Two incompatible spread-spectrum radio in 2.4Ghz ISM band
  
  • Frequency Hopping Spread Spectrum (FHSS)
  • 75 channels
• Direct Sequence Spread Spectrum (DSSS)
  
  • 14 channels (11 channels in US)
• One diffuse infrared layer
• 802.11 speed
  
  • 1 Mbps or 2 Mbps.

802.11 Data Link Layer

• Layer 2 split into:
  
  • Logical Link Control (LLC).
  • Media Access Control (MAC).
• LLC - same 48-bit addresses as 802.3
• MAC - CSMA/CD not possible.
  
  • Can’t listen for collision while transmitting.
• CSMA/CA – Collision Avoidance.
  
  • Sender waits for clear air, waits random time, then sends data.
  • Receiver sends explicit ACK when data arrives intact.
  • Also handles interference.
  • But adds overhead.

RTS / CTS

• To handle hidden nodes
• Sending station sends
  
  • “Request to Send”
• Access point responds with
  
  • “Clear to Send”
  • All other stations hear this and delay any transmissions.
• Only used for larger pieces of data.
  
  • When retransmission may waste significant time.

802.11b

• 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps.
• DSSS as physical layer.
  
  • 11 channels (3 non-overlapping)
• Dynamic rate shifting.
  
  • Transparent to higher layers
  • Ideally 11 Mbps.
  • Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps.
    
    • Higher ranges.
    • Interference.
  • Shifts back up when possible.

• Maximum specified range 100 meters
• Average throughput of 4Mbps

Joining a BSS

• When 802.11 client enters range of one or more APs
  
  • APs send beacons.
  • AP beacon can include SSID.
  • AP chosen on signal strength and observed error rates.
  • After AP accepts client.
    
    • Client tunes to AP channel.
• Periodically, all channels surveyed.
  
  • To check for stronger or more reliable APs.
  • If found, re-associates with new AP.

Roaming and Channels

• Re-association with APs
  
  • Moving out of range.
  • High error rates.
  • High network traffic.
    
    • Allows load balancing.
• Each AP has a channel.
  
  • 14 partially overlapping channels.
  • Only three channels that have no overlap.
    
    • Best for multi cell coverage.

802.11a

• 802.11a ratified in 2001
• Supports up to 54Mbps in 5 Ghz range.
  
  • Higher frequency limits the range
  • Regulated frequency reduces interference from other devices

• 2 non-overlapping channels
• Usable range of 30 metres
• Average throughput of 30 Mbps
• Not backwards compatible

802.11g

• 802.11g ratified in 2002
• Supports up to 54Mbps in 2.4Ghz range.
  
  • Backwards compatible with 802.11b

• 3 non-overlapping channels
• Range similar to 802.11b
• Average throughput of 30 Mbps
• 802.11n due for November 2006
  
  • Aiming for maximum 200Mbps with average 100Mbps

Open System Authentication

• Service Set Identifier (SSID)
• Station must specify SSID to Access Point when requesting association.
• Multiple APs with same SSID form Extended Service Set.
• APs can broadcast their SSID.
• Some clients allow * as SSID.
  
  • Associates with strongest AP regardless of SSID.

MAC ACLs and SSID hiding

• Access points have Access Control Lists (ACL)
• ACL is list of allowed MAC addresses.
  
  • E.g. Allow access to:
  • 00:01:42:0E:12:1F
  • 00:01:42:F1:72:AE
  • 00:01:42:4F:E2:0
• But MAC addresses are sniffable and spoofable.
• AP Beacons without SSID
  
  • Essid_jack
    
    • sends deauthenticate frames to client
    • SSID then displayed when client sends reauthenticate frames

802.11 Wireless LAN
Three basic security services defined by IEEE for the WLAN environment:

• Authentication
  
  • provide a security service to verify the identity of communicating client stations
• Integrity
  
  • to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack
• Confidentiality
  
  • to provide “privacy achieved by a wired network”

802.11 Authentication
802.11b Security Services
Two security services provided:

• Authentication
  
  • Shared Key Authentication
• Encryption
  
  • Wired Equivalence Privacy

Wired Equivalence Privacy

• Shared key between
  
  • Stations.
  • An Access Point.
• Extended Service Set
  
  • All Access Points will have same shared key.
• No key management
• Shared key entered manually into
  
  • Stations
  • Access points
  • Key management nightmare in large wireless LANs

RC4

• Ron’s Code number 4
  
  • Symmetric key encryption
  • RSA Security Inc.
  • Designed in 1987.
  • Trade secret until leak in 1994.
• RC4 can use key sizes from 1 bit to 2048 bits.
• RC4 generates a stream of pseudo random bits
  
  • XORed with plaintext to create ciphertext.

802.11 Confidentiality
WEP – Sending

• Compute Integrity Check Vector (ICV).
  
  • Provides integrity
  • 32 bit Cyclic Redundancy Check.
  • Appended to message to create plaintext.
  • Plaintext encrypted via RC4
• Plaintext encrypted via RC4
  
  • Provides confidentiality.
  • Plaintext XORed with long key stream of pseudo random bits.
  • Key stream is function of
    
    • 40-bit secret key
    • 24 bit initialisation vector
• Ciphertext is transmitted.

WEP – Receiving

• Ciphertext is received.
• Ciphertext decrypted via RC4
  
  • Ciphertext XORed with long key stream of pseudo random bits.
  • Key stream is function of
    
    • 40-bit secret key
    • 24 bit initialisation vector (IV)
• Check ICV
  
  • Separate ICV from message.
  • Compute ICV for message
  • Compare with received ICV

WEP Encryption

Shared Key Authentication

• When station requests association with Access Point
  
  • AP sends random number to station
  • Station encrypts random number
    
    • Uses RC4, 40 bit shared secret key & 24 bit IV
  • Encrypted random number sent to AP
  • AP decrypts received message
    
    • Uses RC4, 40 bit shared secret key & 24 bit IV
  • AP compares decrypted random number to transmitted random number
    
  
  

WEP Safeguards

• Shared secret key required for:
  
  • Associating with an access point.
  • Sending data.
  • Receiving data.
• Messages are encrypted.
  
  • Confidentiality.
• Messages have checksum.
  
  • Integrity.
• But management traffic still broadcast in clear containing SSID.
  

Initialization Vector

• V must be different for every message transmitted.
• 802.11 standard doesn’t specify how IV is calculated.
• Wireless cards use several methods
  
  • Some use a simple ascending counter for each message.
  • Some switch between alternate ascending and descending counters.
  • Some use a pseudo random IV generator.

Passive WEP attack

• If 24 bit IV is an ascending counter,
• If Access Point transmits at 11 Mbps,
• All IVs are exhausted in roughly 5 hours.
• Passive attack:
  
  • Attacker collects all traffic
  • Attacker could collect two messages:
    
    • Encrypted with same key and same IV
    • Statistical attacks to reveal plaintext
    • Plaintext XOR Ciphertext = Keystream

Active WEP attack

• If attacker knows plaintext and ciphertext pair
  
  • Keystream is known.
  • Attacker can create correctly encrypted messages.
  • Access Point is deceived into accepting messages.
• Bitflipping
  
  • Flip a bit in ciphertext
  • Bit difference in CRC-32 can be computed

Brute force key attack

• Capture ciphertext.
  
  • IV is included in message.
• Search all 240 possible secret keys.
  
  • 1,099,511,627,776 keys
  • ~170 days on a modern laptop
• Find which key decrypts ciphertext to plaintext.

Wepcrack

• First tool to demonstrate attack using IV weakness.
  
  • Open source, Anton Rager.
• Three components
  
  • Weaker IV generator.
  • Search sniffer output for weaker IVs & record 1st byte.
  • Cracker to combine weaker IVs and selected 1st bytes.
• Cumbersome.

Airsnort

• Automated tool
  
  • Cypher42, Minnesota, USA.
  • Does it all!
  • Sniffs
  • Searches for weaker IVs
  • Records encrypted data
  • Until key is derived.
• 100 Mb to 1 Gb of transmitted data.
  3 to 4 hours on a very busy WLAN.
  

Avoid the weak IVs

• FMS described a simple method to find weak IVs
  
  • Many manufacturers avoid those IVs after 2002
  • Therefore Airsnort and others may not work on recent hardware
• However David Hulton aka h1kari
  
  • Properly implemented FMS attack which shows many more weak IVs
  • Identified IVs that leak into second byte of key stream.
  • Second byte of SNAP header is also 0xAA
  • So attack still works on recent hardware
  • And is faster on older hardware
  • Dwepcrack, weplab, aircrack

802.11 safeguards

• Security Policy & Architecture Design
• Treat as untrusted LAN
• Discover unauthorised use
• Access point audits
• Station protection
• Access point location
• Antenna design

Security Policy & Architecture

• Define use of wireless network
  
  • What is allowed
  • What is not allowed
• Holistic architecture and implementation
  
  • Consider all threats.
  • Design entire architecture

Discover unauthorized use

• Search for unauthorised access points, ad-hoc networks or clients.
• Port scanning
  
  • For unknown SNMP agents.
  • For unknown web or telnet interfaces.
• Warwalking!
  
  • Sniff 802.11 packets
  • Identify IP addresses
  • Detect signal strength
  • But may sniff your neighbours
• Wireless Intrusion Detection
  
  • AirMagnet, AirDefense, Trapeze, Aruba,…

Access point audits

• Review security of access points.
• Are passwords and community strings secure?
• Use Firewalls & router ACLs
  
  • Limit use of access point administration interfaces.
• Standard access point config:
  
  • SSID
  • WEP keys
  • Community string & password policy

WPA

• Wi-Fi Protected Access
  
  • Works with 802.11b, a and g

• “Fixes” WEP’s problems
• Existing hardware can be used
• 802.1x user-level authentication
• TKIP
  
  • RC4 session-based dynamic encryption keys
  • Per-packet key derivation
  • Unicast and broadcast key management
  • New 48 bit IV with new sequencing method
  • Michael 8 byte message integrity code (MIC)
• Optional AES support to replace RC4

WPA and 802.1x

• 802.1x is a general purpose network access control mechanism
• WPA has two modes
  
  • Pre-shared mode, uses pre-shared keys
  • Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision
  • EAP is a transport for authentication, not authentication itself
  • EAP allows arbitrary authentication methods

SUMMARY

• WAP is used on small, handheld devices like cell phones for out-of-the-office connectivity
• Designers created WTLS (Wireless Transport Layer Security) as a method to ensure privacy of the data because it was being broadcast
• 802.11 does not allow physical control of the transport mechanism
• Transmission of all network data wirelessly transmits frames to all wireless machines, not just a single client
• Poor authentication. The SSID is broadcast to anyone listening
• Flawed implementation of the RC4 encryption algorithm makes even encrypted traffic subject to interception and decryption
• WEP is used to encrypt wireless communications in an 802.11 environment and S/MIME for email

Security in Applications

What is Email?

• What is an e-mail?
  
  • An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822
• Contain Two parts, separated by blank line:
  
  • The header: sender, recipient, date, subject, delivery path,…
  • The body: containing the actual message content.

Security provided in E-mail

• Confidentiality
• Data origin authentication
• Message integrity
• Non-repudiation of origin
• Key management

MIME(Multipurpose Internet Mail Extensions)

• Extends the capabilities of RFC 822 to allow e-mail to carry non-textual content, non-ASCII character sets, long messages.
• Uses extra header fields in RFC 822 e-mails to specify form and content of extensions.
• Supports a variety of content types, but e-mail still ASCII-coded for compatibility.
• Specified in RFCs 2045-2049.

E-mail Security Threats

• Two main group:
  
  • Threats to the security of e-mail itself
  • Threats to an organisation that are enabled by the use of e-mail.
• Loss of confidentiality.
  
  • E-mails are sent in clear over open networks.
  • E-mails stored on potentially insecure clients and mail servers.
  • Ensuring confidentiality may be important for e-mails sent within an organisation.
• Loss of integrity.
  
  • No integrity protection on e-mails; body can be altered in transit or on mail server.
• Lack of data origin authentication.
  
  • Is this e-mail really from the person named in the From: field?
  • How many Kenny.Paterson’s are there?
  • Recall SMTP directly over telnet allows forgery of all e-mail fields!
  • E-mail could also be altered in transit.
  • Even if the From: field looks fine, who was logged in as Kenny.Paterson when the e-mail was composed?
  • Sharing of e-mail passwords common.

Threats Enabled by E-mail

• Disclosure of sensitive information.
  
  • It’s easier to distribute information by e-mail than it is by paper and snail mail.
  • Disclosure may be deliberate (and malicious) or unintentional.
  • Disclosure may be internal or external (e-mail crosses LANs as well as the Internet).
  • Disclosure may be of personal, inappropriate, commercially sensitive or proprietary information.
  Can lead to loss of reputation and ultimately dismissal of staff.
• Exposure of systems to denial of service attacks.
  
  • E-mail server attached to network, may be vulnerable to DoS attacks.
  • More relevant with increasing dependence on e-mail as a communications tool.
  • For example, a virulent worm using large percentage of network capacity to spread will prevent efficient use of e-mail as well as slowing down web browsing.
• Spamming.
  
  • Spam wastes bandwidth and decreases productivity.
  • Hotmail and other free e-mail systems are particularly victimised by spammers.
  • 50% and more of all e-mail is now spam.
  • Anti-spam legislation in development or on the statute books in many countries.

S/MIME

• Originated from RSA Data Security Inc. in 1995.
• Further development by IETF S/MIME working group at:
• www.ietf.org/html.charters/smime-charter.html.
• Version 3 specified in RFCs 2630-2634.
• Allows flexible client-client security through encryption and signatures.
• Widely supported, e.g. in Microsoft Outlook, Netscape Messenger, Lotus Notes.

PGP

• PGP=“Pretty Good Privacy”
  
  • First released in 1991, developed by Phil Zimmerman, provoked export control and patent infringement controversy.
  • Freeware: OpenPGP and variants:
  • www.openpgp.org, www.gnupg.org
  • Commercial: formerly Network Associates International, now PGP Corporation at www.pgp.com
  • OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.
  • www.ietf.org/html.charters/openpgp-charter.html
  • Available as plug-in for popular e-mail clients, can also be used as stand-alone software.

Web Security

• Web security includes:
  
  • Security of server
  • Security of client
  • Network traffic security between a browser and a server

• SSL/TLS
• SSH
• SET

SSL/TLS

• SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.
  Built into Microsoft IE, Netscape, Mozilla, Apache, IIS
  The (in)famous browser lock.
• SSL architecture provides two layers:
  
  • SSL Record Protocol
  • Provides secure, reliable channel to upper layer.
• Upper layer carrying:
  SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert Protocol, HTTP, any other application protocols.

SSL/TLS Applications

• Secure e-commerce using SSL/TLS.
• Client authentication not needed until client decides to buy something.
• SSL provides secure channel for sending credit card information, personal details, etc.
• Client authenticated using credit card information, merchant bears (most of) risk.
• Very successful (amazon.com, on-line supermarkets, airlines,…)
• Secure e-commerce: some issues.
  
  • No guarantees about what happens to client data (including credit card details) after session: may be stored on insecure server.
  • Does client understand meaning of certificate expiry and other security warnings?
  • Does client software actually check complete certificate chain?
  • Does the name in certificate match the URL of e-commerce site? Does the user check this?
  • Is the site the one the client thinks it is?
  • Is the client software proposing appropriate ciphersuites?
• Secure electronic banking.
  
  • Client authentication may be enabled using client certificates.
  • Issues of registration, secure storage of private keys, revocation and re-issue.
  • Otherwise, SSL provides secure channel for sending username, password, mother’s maiden name,…
  • What else does client use same password for?
  • Does client understand meaning of certificate expiry and other security warnings?
  • Is client software proposing appropriate ciphersuites?
  • Enforce from server.

SSH

• SSH = Secure Shell.
  
  • Initially designed to replace insecure rsh, telnet utilities.
  • Secure remote administration (mostly of Unix systems).
  • Extended to support secure file transfer and e-mail.
  • Latterly, provide a general secure channel for network applications.
  • SSH-1 flawed, SSH-2 better security (and different architecture).
• SSH provides security at Application layer.
  
  • Only covers traffic explicitly protected.
  • Applications need modification, but port-forwarding eases some of this (see later).
  • Built on top of TCP, reliable transport layer protocol.

SSH Applications

• Anonymous ftp for software updates, patches...
  
  • No client authentication needed, but clients want to be sure of origin and integrity of software.
• Secure ftp.
  
  • E.g.upload of webpages to webserver using sftp.
  • Server now needs to authenticate clients.
  • Username and password may be sufficient, transmitted over secure SSH transport layer protocol.
• Secure remote administration.
  
  • SysAdmin (client) sets up terminal on remote machine.
  • SysAdmin password protected by SSH transport layer protocol.
  • SysAdmin commands protected by SSH connection protocol.
• Guerilla Virtual Private Network.
  
  • E.g. use SSH + port forwarding to secure e-mail communications.

SET Flow
SET Security Issues

• Two pairs of PKs per entity
  
  • One pair for signing
  • One pair for exchanging keys
• Assumes full PKI is available
  
  • Including revocation
• Merchant does not see payment instrument used

Web Vulnerabilities

• Revealing private information on server
• Intercept of client information
• Execute unauthorized programs
• Denial of service

How to Secure the Web

• Access control via addresses
  
  • Basic (username, password)
    Can be used along with cookie
  • Digest
• Access control via addresses
• Multi-layered:
  
  • S-http (secure http), just for http
  • Proposed by CommerceNet, pretty much dead
• SSL (TLS), generic for TCP
  
  • https: http over SSL
• IPSec
  

HTTP Authentication

• Client doesn’t know which method
• Client attempts access (GET, PUT, …)
• Server returns
  
  • “401 unauthorized”
  • Realm: protection space
• Client tries again with (user:password)
  
  • Passwords in the clear
  • Repeated for each access

HTTP Access Control - Digest
Server sends www-authenticate parameters:

• Realm
• Domain
• Nonce, new for each 401 response
  
  • E.G. H(client-IP:timestamp:server-secret)
• Algorithm
  
  • E.G., MD5

Client sends authorization response:

• Same nonce
• H(A1), where a1=user:realm:password, and other information
• Steal H(A1)
  
  • Only good for realm

HTTPS

• HTTPS = Secure Hypertext Transfer Protocol
• HTTPS is a communications protocol designed to transfer encrypted information between computers over the World Wide Web (WWW)
• Essentially an implementation of HTTP
• Commonly used Internet protocol using an SSL
• Used to enable online purchasing or the exchange of private information and resources over insecure networks

Security in Network

What is Computer Network

• Definition:
  
  • A computing network is a computing environment with more than one independent processors

• May be multiple users per system
• Distance between computing systems is not considered (a communications media problem)
• Size of computing systems is not relevant

Network Resources

• Computers
• Operating system
• Programs
• Processes
• People

Network Architecture

What network can do?

• Logical interface function
  
  • Sending messages
  • Receiving messages
  • Executing program
  • Obtaining status information
  • Obtaining status information on other network users and their status

Network Basic Terminology

• Node
  
  • Single computing system in a network.
• Host
  
  • A single computing system's processor.
• Link
  
  • A connection between two hosts.
• Topology
  
  • The pattern of links in a network.

Types of Network
Network Topologies

• Bus Topology
  
  • To provide a single communication network on which any node can place information and from which any code can retrieve information
  • Attachments to the bus do not impact the other nodes on the bus

• 

• Star Topology
  
  • Has a central switch
  • All nodes wishing to communicate do so through the central host
  • The central host receives all messages, identifies the addresses, selects the link appropriate for that addresses and forwards the messages

• Ring Topology
  
  • To connect a sequence of nodes in a loop or ring
  • Can be implemented with minimum cabling
  • Containing a token can control a “synchronous” loop

• Mesh Topology
  
  • Each node can conceptually be connected directly to each other node
  • Has integrity and routing advantages
  • Not easily subject to destructive failures
  • Routing logic can be used to select the most efficient route through multiple nodes

Open Systems Interconnection (OSI)

• Describes computer network communications.
• Developed by the International Standards Organization (ISO).
• Consists of Seven Layers.
• Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver.
• Each layer represents a different activity performed in the actual transmission of a message.
• Each layer serves a separate function.
• Equivalent layers perform similar functions for sender and receiver.

OSI Layer Characters
Network As System
Single System:

• Single set of security policies associated with each computing system.
• Each system concerned with:
  
  • integrity of data
  • secrecy of data
  • availability of service
• Operating system enforces its owns security policies.

Advantages of Computing Network

• Resource sharing
  
  • Reduces maintenance and storage costs
• Increased reliability (i.e. availability of service)
  
  • If one system fails users can shift to another.
• Distributing the workload
  
  • Workload can be shifted from a heavily loaded system to an underutilized one.
• Expandability
  
  • System is easily expanded by adding new nodes

People that causes Network Problem

• Hacker
• Spy
• Student
• Businessman
• Ex-employee
• Stockbroker
• Terrorist
• etc

Network Security Problem Area

• Authentication
  Deals with determining whom you are talking to before entering into a business deal or before revealing sensitive information
• Secrecy
  What usually comes to mind when people think about network security
• Non-repudiation
  Deals with signature
• Integrity control
  Keeping information is not modified, add or delete by unauthorized user

Network Security Issues

• Sharing
  
  • Access controls for a single system may be inadequate.
• Complexity
  
  • A network may combine two or more systems with dissimilar operating systems with different mechanisms for interhost connection. Complexity of this nature makes the certification process extremely difficult.
• Unknown perimeter
  
  • One host may be a node on two or more different networks
• Many points of attack
  
  • Access controls on one machine preserves the secrecy of data on that processor. However, files stored in a remote network host may pass through many host machines to get to the user.
• Unknown path
  
  • May be many paths from one host to another and users generally do not have control of how their messages are routed.
• Label formats differences
  
  • A problem which may occur in multilevel systems is that the access labels may have different formats since there is no standard.
• Anonymity
  
  • Attack can passed through many other hosts in an effort to disguise from where the attack originated
  • Attack remotely without contact the system administrator or user

Threats Exposures
Security Exposures:

• Privacy
  
  • With many unknown users on a network, concealing sensitive data becomes more difficult.
• Data Integrity
  
  • Because more nodes and more users have potential access to a computing system, the risk of data corruption is higher.
• Authenticity
  
  • It is difficult to assure the identity of a user on a remote system.
• Covert channels
  
  • Networks offer more possibilities for construction of covert channels for data flow.

Impersonating:

• Involved the use of physical keys and biometrics checks
• Cracker can configures a system to masquerade as another system, thus gaining unauthorized access to resources or information on system that ‘trust’ the system being mimicked

Eavesdropping:

• Allows a cracker to make a complete transcript of network activity
• Cracker can obtain sensitive information such as passwords, data and procedures for performing functions.
• Cracker can eavesdrops:
  
  • Using wiretapping
  • By radio
  • Via auxiliary ports on terminals
  • Using software that monitors packets sent over the network.

Packet Replay:

• Refers to recording and retransmission of message packets in the network
• Intruder could replay legitimate authentication sequence messages to gain access to a system
• Frequently undetectable

Packet modification:

• Significant with integrity threat
• Involves a system intercepting and modifying a packet destined for another system

NETWORKS SECURITY CONTROL

• Encryption
• Strong Authentication
• IPSec,VPN,SSH
• Kerberos
• Firewall
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Honeypot

Encryption

• Link to Link VS End to End
• Link to Link
  
  • Covers layer 1 and 2 of the OSI model
  • Decryption occurs just as the communication arrives at and enters the receiving computer.
  • If we have good physical security, we may not be too concerned about this exposure.
• End to End
  
  • Provides security from one end of a transmission to the other layer 6 or 7
  • The encryption can be done by:
    
    • A hardware device between the user and the host.
    • A software running on the host computer.
  • Protect data on every layer

IPSec,SSH,SSL(application level sec.)

• IPSec
  
  • Optional in IPv4
  • Defines a standard means for handling encrypted data.
  • Implemented at IP layer, so affects all layer above it, in particular TCP and UDP.
  • Provide authentication (AH) and encryption (ESP)
• SSH
  
  • Secure remote login (encrypt data send over the network)
• Secure socket layer, encrypt data over the transport layer.
  
  • SSL interfaces between applications (such as browsers) and the TCP/IP protocols to provide server authentication, optional client authentication, and an encrypted communications channel between client and server.

Kerberos

• Supports authentication in distributed systems.
• Kerberos is based on the idea that a central server provides authentication tokens, called tickets, to requesting applications.
  
  • A ticket is an unforgeable, nonreplayable, authenticated object.
  • It is an encrypted data structure naming a user and a service that is allowed to obtain.
  • Also contain a time value and some control information.

Firewall

• What is a firewall?
• A Firewall is a network security device designed to restrict access to resources (information or services) according to a security policy.
• Firewalls are not a “magic solution” to network security problems, nor are they a complete solution for remote attacks or unauthorised access to data
• A Firewall is a network security device
• It serves to connect two parts of a network and control the traffic (data) which is allowed to flow between them
• Often installed between an entire organisation's network and the Internet
• Can also protect smaller departments
• A Firewall is always the single path of communication between protected and unprotected networks
• A Firewall can only filter traffic which passes through it
• If traffic can get to a network by other means, the Firewall cannot block it

• Intrusion Prevention Systemnetwork security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities
• Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks
• When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass
• Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology
• In addition, most IPS solutions have the ability to look at (decode) layer 7 protocols like HTTP, FTP, and SMTP which provides greater awareness

Honeypot

• Decoy systems that are designed to lure a potential attacker away from critical systems
• Design to
  
  • Divert attacker from critical system
  • Collect information on attacker’s activity
  • Encourage attacker to stay long enough for admin. to notice
• Contain fabricated info. not for normal user to used
• Simulated traffic that emulate real network

Hacking and Prevention

• motivated by thrill of access and status
  
  • hacking community a strong meritocracy
  • status is determined by level of competence
• benign intruders might be tolerable
  
  • do consume resources and may slow performance
  • can’t know in advance whether benign or malign
• IDS / IPS / VPNs can help counter
• awareness led to establishment of CERTs
  
  • collect / disseminate vulnerability info / responses

Hacker Behaviour

• select target using IP lookup tools
• map network for accessible services
• identify potentially vulnerable services
• brute force (guess) passwords
• install remote administration tool
• wait for admin to log on and capture password
• use password to access remainder of network

Authentication and Access Control

What is Authentication?

• Verification of identity of someone who generated some data
• Relates to identity verification
• Classifications of identity verification:
  
  • by something known e.g. password
  • by something possessed e.g. smart card, passport
  • by physical characteristics (biometrics) e.g. finger prints, palm prints, retina, voice
  • by a result of involuntary action : signature

Authentication

• Requirements – must be able to verify that:
  
  • Message came from apparent source or author
  • Contents have not been altered
  • Sometimes, it was sent at a certain time or sequence
• Protection against active attack (falsification of data and transactions)

Password

• Protection of passwords
  
  • Don’t keep your password to anybody
  • Don’t write or login your password at everywhere
  • Etc.
• Choosing a good password
  
  • Hard to guess and easy to remember
  • Characteristics of a good password
  • Not shorter than six characters
  • Not patterns from the keyboard
• Calculations on password
  
  • Password population, N =rs
  • Probability of guessing a password = 1/N
  • Probability of success, P=nt/N

Time taken to crack password

Techniques for guessing passwords

• Try default passwords.
• Try all short words, 1 to 3 characters long.
• Try all the words in an electronic dictionary(60,000).
• Collect information about the user’s hobbies, family names, birthday, etc.
• Try user’s phone number, social security number, street address, etc.
• Try all license plate numbers
• Use a Trojan horse
• Tap the line between a remote user and the host system.

Password Selecting Strategies

• User education
• Computer-generated passwords
• Reactive password checking
• Proactive password checking

Biometric

• Biometric is derived from the Greek words bio (= life) and metric (= to measure)
• Biometrics is the measurement and statistical analysis of biological data
• In IT, biometrics refers to technologies for measuring and analysing human body characteristics for authentication purposes
• Definition by Biometrics Consortium – automatically recognising a person using distinguishing traits

Biometric Identifiers

• Universality
• Uniqueness
• Stability
• Collectability
• Performance
• Acceptability
• Forge resistance

Biometric Technologies

• Fingerprint biometrics – fingerprint recognition
• Eye biometrics – iris and retinal scanning
• Face biometrics – face recognition using visible or infrared light (called facial thermography)
• Hand geometry biometrics – also finger geometry
• Signature biometrics – signature recognition
• Voice biometrics – speaker recognition

Other Biometric That Can Be Use

• Vein recognition (hand)
• Palmprint
• Gait recognition
• Body odour measurements
• Ear shape
• DNA
• Keystroke dynamics

Static vs. dynamic biometric

• Static (also called physiological) biometric methods – authentication based on a feature that is always present
• Dynamic (also called behavioural) biometric methods – authentication based on a certain behaviour pattern

Classification of biometric methods

• Static
  
  • Fingerprint recognition
  • Retinal scan
  • Iris scan
  • Hand geometry
• Dynamic
  
  • Signature recognition
  • Speaker recognition
  • Keystroke dynamics

Biometric system architecture
Major components of a biometric system:

• Data collection
• Signal processing
• Matching
• Decision
• Storage
• Transmission

Biometric system model

Fingerprint Recognition

• Ridge patterns on fingers uniquely identify people
• Classification scheme devised in 1890s
• Major features: arch, loop, whorl
• Each fingerprint has at least one of the major features and many “small features”
• In an automated system, the sensor must minimise the image rotation
• Locate minutiae and compare with reference template
• Minor injuries are a problem
• Liveness detection is important (detached real fingers, gummy fingers, latent fingerprints)

Paterns of fingerprints

Fingerprint Authentication
Basic steps for fingerprint authentication:

• Image acquisition
• Noise reduction
• Image enhancement
• Feature extraction
• Matching

Fingerprints Authentication Advantage and Disadvantage

• Advantages
  
  • Mature technology
  • Easy to use/non-intrusive
  • High accuracy (comparable to PIN authentication)
  • Long-term stability
  • Ability to enrol multiple fingers
  • Comparatively low cost
• Disadvantages
  
  • Inability to enrol some users
  • Affected by skin condition
  • Sensor may get dirty
  • Association with forensic applications

Fingerprint Recongnition Sensors:
Biometric Threats:
Access Control
Define as “The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner“

• central element of computer security
• assume have users and groups
  
  • authenticate to system
  • assigned access rights to certain resources on system

Access Controls Principles
Access Control Requirements

• reliable input
• fine and coarse specifications
• least privilege
• separation of duty
• open and closed policies
• policy combinations, conflict resolution
• administrative policies

Access Control Elements

• subject - entity that can access objects
  
  • a process representing user/application
  • often have 3 classes: owner, group, world
• object - access controlled resource
  
  • e.g. files, directories, records, programs etc
  • number/type depend on environment
• access right - way in which subject accesses an object
  
  • e.g. read, write, execute, delete, create, search

Discretionary Access Control

• often provided using an access matrix
  
  • lists subjects in one dimension (rows)
  • lists objects in the other dimension (columns)
  • each entry specifies access rights of the specified
• subject to that object
  
  • access matrix is often sparse
  • can decompose by either row or column

ACCESS CONTROL MATRIX

• Access Control Matrix or Access Matrix is an abstract, formal security model of protection state in computer systems, that characterizes the rights of each subject with respect to every object in the system

• An Access Control Matrix is a table in which
  
  • each row represents a subject,
  • each column represents an object, and
  • each entry is the set of access rights for that subject to that object.
• ACM entry can also be a function that determines rights.
  
  • E.g. one subject may not be able to access an object when another subject is already writing modifying it

Access control List


Access control List

• In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.

UNIX File Concepts

• UNIX files administered using inodes
  
  • control structure with key info on file
• attributes, permissions of a single file
  
  • may have several names for same inode
  • have inode table / list for all files on a disk
• copied to memory when disk mounted
• directories form a hierarchical tree
  
  • may contain files or other directories
  • are a file of names and inode numbers

UNIX File Access Control

• “set user ID”(SetUID) or “set group ID”(SetGID)
  
  • system temporarily uses rights of the file owner / group in
• addition to the real user’s rights when making access
• generally accessible
• control decisions
  
  • enables privileged programs to access files / resources not
• sticky bit
  
  • on directory limits rename/move/delete to owner
• superuser
  
  • is exempt from usual access control restrictions

UNIX Access Control Lists

• modern UNIX systems support ACLs
• can specify any number of additional users / groups and associated rwx permissions
• ACLs are optional extensions to std perms
• group perms also set max ACL perms
• when access is required
  
  • select most appropriate ACL
• owner, named users, owning / named groups, others
  
  • check if have sufficient permissions for access

File System Security

• in Linux everything as a file
  
  • e.g. memory, device-drivers, named pipes, and
• other system resources
  
  • hence why filesystem security is so important
• I/O to devices is via a “special” file
  
  • e.g. /dev/cdrom
• have other special files like named pipes
  
  • a conduit between processes / programs

Users and Groups

• a user-account (user)
  
  • represents someone capable of using files
  • associated both with humans and processes
• a group-account (group)
  
  • is a list of user-accounts
  • users have a main group
  • may also belong to other groups
• users & groups are not files

Numeric File Permissions

Modern Cryptograpy

Modern Cryptography Algorithm
Most modern ciphers use a sequence of binary digits (bits), that is, zeros and ones such as ASCII.This bit sequence representing the plaintext is then encrypted to give the ciphertext as a bit sequence.
The encryption algorithm may act on a bit-string in a number of ways:

• stream ciphers where the sequence is encrypted bit-by-bit.

• block ciphers, where the sequence is divided into blocks of a predetermined size.

• ASCII requires 8 bits to represent one character, and so for a block cipher that has 64-bit blocks, the encryption algorithm acts on eight characters at once.

Since most modern algorithms operate on binary strings we need to be familiar with a method of combining two bits called Exclusive OR and often written as XOR
Stream ciphers

• convert one symbol of plaintext immediately into a symbol of ciphertext

• depends on symbol, key and control information of encipherment algorithm

Block ciphers

• encrypt a group of plaintext symbols as one block

• examples are transposition ciphers

Stream Ciphers

The plaintext is enciphered bit by bit.

• The value of each bit is changed to the alternative value or leave unchanged.

• If a bit is changed twice, it returns to its original value.

If an attacker knows that a stream cipher has been used, then their task is to try to identify the position of those bits which have been changed and to change them back to their original values.

• If there is any easily detectable pattern that identifies the changed bits then the attacker task may be simple.

• The position of the changed bits must be unpredictable to the attacker but the genuine receiver needs to be able to identify them easily.

The encryption key is often called a keystream sequence.

• 0 to mean ‘leave unchanged’, 1 to mean ‘change’.

• Plaintext, ciphertext and keystream are all binary sequences.

Suppose that we have the plaintext 1100101 and the keystream is 1000110.

• By applying the rule gives 0100011 as the ciphertext.

Changing a bit twice has the effect of returning it to its original value.

• This means that decryption process is identical to the encryption process, so the keystream also determines decryption.

If the keystream generator produces the same bit stream every time it is turned on, the resulting cryptosystem will be trivial to break.

• Anyone who has two different ciphertexts encrypted with the same keystream, can XOR them together and get two plaintext messages XORed with each other.

• When the interceptor gets a single plaintext/ciphertext pair, they can read everything.

• That is why all stream ciphers have keys - the output of the keystream generator is a function of the key.

Block Ciphers

• For a block cipher, the bit-string is divided into blocks of a given size and the encryption algorithm acts on that block to produce a cryptogram block that, for most symmetric ciphers, has the same size.

• Block ciphers have many applications.

• Can be used to provide confidentiality, integrity, or user authentication and can even be used to provide the keystream generator for stream ciphers.

• A symmetric algorithm is said to be well designed if an exhaustive key search is the simplest form of attack.

• Usual number of blocks are 64,128,256 and 512 bits

There are a few obvious properties that a strong block cipher should possess:

• Diffusion properties - which a small change in the plaintext, may be one or two positions, should produce an unpredictable change in the ciphertext.

• Confusion properties - if an attacker is conducting an exhaustive key search then there should be no indication that they are near to the correct key.

• To prevent divide-and-conquer attacks we require completeness - each bit of a ciphertext must depend on every bit of the key.

• Statistical testing forms a fundamental component of the assessment of block ciphers for these three listed properties and others.

Data Encryption Standards (DES)

• Widely used encryption scheme

• Adopted by The national Bureau of standard in 1977

• The plaintext is divided into 64 bit blocks with a key of 56 bits(with 8 bit parity).

• DES structure is similar to Fiestel Network concept.

• Process through 16 round of Expansion, substitution, key mixing and permutation process.
• DES is brakeable by using brute force of 2^56 possible key
• 1998, Electronic Frontier Foundation (EFF) has created a USD220,000 machine to go through the entire 56 bit DES key space in average of 4.5 days.
• Triple DES has been introduced to improve the standard.

DES Process Diagram






































Advanced Encryption Standard (AES)

• created to be a better replacement for DES

• NIST called for proposals in 1997

• selected Rijndael in Nov 2001

• published as FIPS 197

• symmetric block cipher

• uses 128 bit data & 128/192/256 bit keys

Message Authentication
Message Authentication protects against active attacks
Verifies received message is authentic:

• contents unaltered
  

• from authentic source

• timely and in correct sequence

can use conventional encryption

• only sender & receiver have key needed

or separate authentication mechanisms

• append authentication tag to cleartext message

Message Authentication Codes (MAC)























Hash Function


































Hash Function Requirements

• Applied to any size data

• H produces a fixed-length output.

• H(x) is relatively easy to compute for any given x

• one-way property

• weak collision resistance

• strong collision resistance
  

> computationally infeasible to find any pair (x, y) such thatH(x) = H(y)

Simple Hash Function

• a one-way or secure hash function used in message authentication, digital signatures

• all hash functions process input a block at a time in an iterative fashion

• one of simplest hash functions is the bit-by-bit exclusive-OR (XOR) of each block

> effective data integrity check on random data
>less effective on more predictable data
>virtually useless for data security

Hash Functions

• two attack approaches,cryptanalysis
  

• exploit logical weakness in algorithm,brute-force attack

• trial many inputs

• strength proportional to size of hash code (2n/2)

SHA most widely used hash algorithm:

• SHA-1 gives 160-bit hash

• more recent SHA-256, SHA-384, SHA-512 provide improved size and security

There are 2 prominent algorithms in Hashing functions:

• First, the most popularly used technique is MD5.

• Second, the well accepted standard is secure hashing algorithm SHA-1.

Nevertheless, SHA-256 is chosen in this class as it is considered to be the primary next-generation algorithm.

MD-5

• A hash function designed by Ron Rivest, one of the inventors of the RSA public-key encryption scheme.

• The MD-5 algorithm produces a 128-bit output. Note that MD-5 is now known to have some weaknesses and should be avoided if possible.

• SHA-1 is generally recommended.

SHA-1 (Secure Hash Algorithm-1)

• SHA-1 is an MD-5-like algorithm that was designed to be used with the Digital Signature Standard (DSS).

• NIST (National Institute of Standards and Technology) and NSA (National Security Agency) are responsible for SHA-1.

• The SHA-1 algorithm produces a 160-bit MAC.

• This longer output is considered to be more secure than MD-5.

SHA Secure Hash Function
SHA originally developed by NIST/NSA in 1993
was revised in 1995 as SHA-1

• US standard for use with DSA signature scheme

• standard is FIPS 180-1 1995, also Internet RFC3174

• produces 160-bit hash values

NIST issued revised FIPS 180-2 in 2002

• adds 3 additional versions of SHA

• SHA-256, SHA-384, SHA-512

• with 256/384/512-bit hash values

• same basic structure as SHA-1 but greater security

NIST intend to phase out SHA-1 use

• For SHA-1 and SHA-256, each message block has 512 bits, which are represented as a sequence of sixteen 32-bit words.

• SHA-256 uses six logical functions, where each function operates on 32-bit words, which are

SHA-1 and SHA-256

• Suppose that the length of the message, M, is l bits. Append the bit “1” to the end of the message.

• followed by k zero bits, where k is the smallest, non-negative solution to the equation

• l =1+k =448mod 512 . Then append the 64-bit block that is equal to the number l expressed

• using a binary representation. For example, the (8-bit ASCII) message “abc” has length 8x3 =24, so the message is padded with a one bit, then 448 (24 1) =423 zero bits, and then the message length, to become the 512-bit padded message

SHA-512 Structures
SHA-512 Round

Digital Signatures
t is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process.

• Such dispute can only be settled if there is asymmetric between sender and receiver.
• Asymmetric cryptographic processing requires much computational processing.
• Thus a condensed version or hash of the message is produced by applying a hash function to the message.
• The signature is produced from the hash (which represent the message) by using the asymmetric algorithm with the private key.
• Thus only the owner of the private key can generate the signature.

Public Key Infrastructure (PKI)
When a PKI is established, the following processes need to take place:

• The key pairs for CAs must be generated.
• The key pairs for users must be generated.
• Users must request certificates
• Users’ identities must be verified.
• Users’ key pairs must be verified.
• Certificates must be produced.
• Certificates must be checked.
• Certificates must be removed/updated (when necessary).
• Certificates must be revoked (when necessary).

Key Management
A typical requirement specification for a symmetric key system might include each of the following:

• Keys must be generated using a random or pseudorandom process.
• Any key used by a communicating pair must be unique to them.
• A key must be used for only for a purpose, e.g. the same key should not be used for both encryption and authentication.
• Each key must be replaced within the time deemed necessary to determine it by an exhaustive search.
• A key must not be used if its compromise is either known or suspected.
• Compromise of a key which is shared between two parties must not compromise any key used by a third party.
• Keys should only appear in clear form within a highly tamper resistant device. Elsewhere all keys must be encrypted or in component form.
• Keys must be protected against misuse.
• Unauthorized modification, substitution or replay of any key must be prevented or detected.

Asas Kriptografi

Konsep Kriptografi
> Idea sesebuah sistem kripto adalah bertujuan untuk menyamarkan data untuk menjadikan data tersebut tidak bermakana kepada pihak yang tidak sepatutnya melihat data tersebut
> Dua cara yang biasa digunakan adalah menyimpan data secara selamat didalam fail komputer atau menghantar data tersebut melintasi saluran yang kurang selamat seperti Internet
> Dokumen yang telah diecrypt tidak menghalang pihak yang tidak sepatutnya mendapat akses kepada data tersebut tetapi digunakan untuk memastikan pihak tersebut tidak memahaimi data yang diperolehi mereka

Seni Penulisan Tulisan Rahsia(Tekan gambar untuk zoom)


Steganografi
> Steganografi adalah sesuatu teknik yang digunakan untuk menyembunyikan sebuah mesej kepada satu medium yang lain seperti gambar
> Mesej tidak diubah dan teknik ini tidak melibatkan sebarang kunci(key)

(Gambar Pemimpin Al-Qaeda ini sebenarnya mempunyai mesej yang tersembunyi)

(Gambar lelaki kacak ini menunjukkan bahawa setiap kod berbeza yang disembunyikan mempunyai ton warna yang lain)

Kriptografi
> Kriptografi merupakan satu teknik yang digunakan untuk menyelerakkan mesej dan mesej yang diubah kelihatan berbeza berbanding mesej asal
> Boleh melibatkan kunci(key)

Mesin Mekanikal Kripto di zaman Perang Dunia ke-2

Gambar diatas menunjukkan sebuah mesin yang digunakan untuk proses kripto ketika zaman Perang Dunia ke-2
> Mesin ini bernama "Enigma Machine"
> Digunakan oleh pihak tentera German ketika Perang Dunia ke-2
> Menggunakan enjin rotaran untuk menghasilkan mesej yang teleh dikriptokan
> Menggunakan teknik penukaran cipher yang kompleks
> Mengunakan sebilangan sebilangan silinder dimana setiap satu satu penukaran, dimana ia berputar selepas setiap perkataan telah diencrypt
>Dikatakan kod yang dihasilkan tidak dapat dipecahkan, tetapi akhirnya dapat dipecahkan oleh seorang pakar matematik,Marian Rejeski dengan menggunakan konsep al-gebra di dalam Matematik pada tahun 1932

Istilah Kriptografi
>Plainteks(Plaintext) - Mesej asal
>Cipherteks(Ciphertext) - Mesej yang telah dikodkan
>Cipher - Alogoritma yang digunakan untuk menukarkan plainteks kepada cipherteks
>Kunci(Key) - Informasi yang diketahui oleh penghantar/penerima untuk menukar plainteks dan menterjermahkan cipherteks
> encipher - Proses penukaran plainteks kepada cipherteks
> decipher - Proses penukaran cipherteks kepada plainteks
> kriptografi(Cryptography) - bidang pembelajaran prinsip/cara encryption
> cryptanalysis - Cara digunakan untuk mengetahui isi didalam cipherteks tanpa mengetahui kunci
> kriptonologi - bidang untuk kedua-dua kriptonolgi dan crytanalysis

Algoritma Kriptografi
Berkait rapat dengan tiga keperluan dibawah:
>Penggunaan jumlah kunci
>simetri(sysmetric) - Hanya melibatkan penggunaan satu key sahaja
>tak simetri(asymmetric) - Melibatkan dua jenis kunci
>Operasi yang digunakan untuk menukarkan plainteks kepada cipherteks
>Penukaran
>Transposisi
>Produk
>Cara plainteks diproses
>Blok(block)
>Aliran(stream)

Cryptanalysis
Bertujuan untuk mendapatkan kunci untuk menterjemahkan mesej.
Menggunakan jalan:
> serangan cryptanalytic
> serangan brute-force

Serangan Cryptanalytic
>cipherteks
>mengetahui plainteks
>memilih plainteks
>memilih cipherteks
>memilih teks

Serangan Brute-Force
Serangan ini menggunakan kaedah cuba-jaya dengan mencuba segala jenis kunci yang tidak mustahil digunakan.
Kaedah ini digunakan jika mengetahui plainteks



Algoritma Kriptografi
> Algoritma Simetri
P=D(K,E(K,P))


> Algoritma Bukan Simetri
P=D(Kdecrypt,E(Kencrypt,P))


Simetri vs Bukan Simetri
>Jika sebuah sistem itu simetri,maka kunci rahsia perlu diberitahu sebelum mesej yang dirahsiakan itu dihantar,tetapi kunci ini juga boleh digunakan untuk menterjermah mesej menyebabkan mesej tidak selamat kepada pengguna lain
> Masalah kunci yang sama untuk menghantar dan menterjermah dapat diatasi dengan menggunakan kunci tidak simetri

Prinsip Kriptografi Simetri


Keperluan Kriptografi Simetri
> Keperluan untuk memastikan encryption simetri selamat
>Algorithma yang digunakan perlu kuat
>Kunci rahsia hanya boleh diketahui oleh penerima dan penghantar sahaja
>Menggunakan formula matematik:
&nbspC=Ekey(P)
&nbspP=Dkey(C)
>Mengadailan bahawa algoritma encryption diketahui
>Menggunakan saluran selamat untuk menghantar kunci

Prinsip penggunaan kriptografi tidak simetri


Kriptogafi Tidak simetri yang memerlukan dua jenis kunci memerlukan proses menyebarkan kunci,memastikan sistem diyakini dan melibatkan proses pengenalan pengguna.
Schema kriptografi tidak simetri melibatkan enam entiti iatu:
>Plainteks
>Algoritma Encryption
>Kunci Umum
>Kunci Persendirian
>CipherTeks
>Algoritma Decryption

Kaedah diggunakan di dalam Algorithma Kriptografi
>Teknik Penukaran
>Penukuran monoalphabetic
>Penukaran polyalphabetic
>Teknik Transoposisi
>Transposisi unkeyed
>Transposisi keyed

Ceaser Ciphers
> Ceaser Ciphers merupakan teknik cipher antara terawal menggunakan teknik paenukaran yang dicanangkan oleh Julius Ceaser ketika Perang Gallic(Gallic Wars)
> Ceaser Ciphers menggunakan setiap huruf daripada A ke W diencrypt dengan huruf yang diselang sebanyak tiga kali selapas huruf yang hendak diubah tersebut
> Walaupun Caeser hanya menggunakan kaedah selang tiga(shift-3), tetapi kaedah tersebut boleh digunakan dengan menggunakan selangan yang lain dan dengan menggunkan kaedah selanggan ini boleh dipanggil sebagai kaedah Ceaser Ciphers
> Kunci untuk kaedah Ceaser CIphers ini dengan beberapa banyak kali huruf diselang dan diganti dengan huruf lain. Walaubagaimana selangan ini hanya wujud sebanyak 0 hingga 25 kali kerana selangan ke 26 ini adalah sama dengan selangan 0 iaitu tidak melibatkan langsung kepada perubahan didalam plainteks tersebut.



Menjadikan Kaedah Ceaser Ciphers lebih selamat
>Kaedah Caeser Ciphers ini adalah terdedah dengan kaedah mencuba seluruh 26 kunci yang diggunakan iaitu selangan 0 - 25.
>Oleh itu kaedah Ceaser Ciphers adalah kurang selamat kerana plainteks boleh didapati dengan menggunakan kaedah brute-force dengan mecuba selangan kepada cipherteks sebanyak 26 kali.
>Kaedah ini dibaik semula dengan menggunakan kaedah menukarkan keduduakan setiap huruf, sebagai contoh plainteks yang mempunyai 26 perkataan memerlukan 403,291,461,126,605,635,584,000,000 kunci yang perlu dicuba dengan menggunakan kaedah Ceaser Ciphers
>Bilangan percubaan=26! x (bilangan huruf)
>Walaupun boleh dikatakan mustahil dipecahkan jika plainteks itu mempunyai perkataan yang banyak,tetapi sebenarnya tidak kebanyakkan huruf didalam mesej selalunya berulang dan terdapat juga perkataan yang jarang digunakan.
>Sebagai contoh didalam penulisan bahasa Inggeris,Huruf 'E' paling kerap diggunakan dan diikuti dengan T,R,N,I,O,A,S yang turut kerap diggunakan manakala huruf Z,J,K,Q,X jarang digunakan.
> Kaedah serangan kepada Ceaser Ciphers ini dipanggil sebagai serangan kekerapan(frequency attack) yang dicanangkan oleh Al-Kindi(tahun 801-873 masihi)
> Kaedah serangan kekerapan ini berpandukan analisis teks kepada Kitab Al-Quran yang melahirkan kaedah a