3/3/14

1
!
!"#$%&'( *+,&'# *'-%(.&+
13CSCl34P - SemesLer 2 - 2013/2014

LecLure 01
ur. Ahmad MosLafa
LecLurer, 8rlush unlverslLy LgypL (8uL)
ahmad.mosLafa[bue.edu.eg
/%&0.1'
! lnLroducuon
! AdmlnlsLrauve Work
! 1oplcs
! lnLro Lo SecurlLy

3/3/14
2
!"%(,' *&23
! lnsLrucLor:
! ur. Ahmad MosLafa
! Lmall: ahmad.mosLafa[bue.edu.eg
! 1A:
! Lng. Amlra Clayan
! Lmall: amlra.olayan[bue.edu.eg
! Lng. nada
! Cmce Pours:
! 18A
4''&.15 6.#'
! LecLures:
! Mondays:
! SloL 3: 11:00 - 12:00 pm
! SloL 4: 12:00 - 01:00 pm
! 8oom: C8 - C6
! Labs:
! Wednesdays:
! SloL 6 & 7: 02:00 pm - 04:00 pm
! 8oom: Lab - C4
3/3/14
3
78$'-&2&."1,
! ro[ecL:
! 40 of Lhe LoLal mark
! Coursework 8rlef avallable onllne
! llnal Lxam:
! 60 of Lhe LoLal mark
! Cne 2-hour wrluen unseen exam
! !"#$ #&'($ )'(*

9:2& ;.00 ;' <.,-%,,=
! CompuLer securlLy prlnclples
! CrypLography : SymmeLrlc-key encrypuon, ubllc-key
encrypuon, ulglLal SlgnaLures, Secure hash funcuons, key
cerucaLes, key managemenL
! Secure SockeLs Layer (SSL/1LS)
! Malware
! llrewalls
! Web SecurlLy
! Secure LlecLronlc 1ransacuon (SL1)
3/3/14
4
78$'-&2&."1,
Sooner or laLer, you wlll geL whaL you expecL"
- 1he law of human behavlor

www.[eremlah-2911.com
78$'-&2&."1,
! Auendance
! ro[ecL
! Work
! Labs
! laglarlsm
3/3/14
3
*'-%(.&+
! 1hree can keep a secreL, lf Lwo of Lhem are dead
lranklln
! 1he onllne Lruly secure sysLem ls one LhaL ls
powered o, casL ln a block of concreLe and sealed
ln a lead-llned room wlLh armed guards.
Cene Spaord
!
*'-%(.&+ !"1-'$&,
3/3/14
6
!"#$%&'( *'-%(.&+ />'(>.';
! 1he nlS1 CompuLer SecurlLy Pandbook denes Lhe Lerm
!"#$%&'( *'+%(,&- as:
1he proLecuon aorded Lo an auLomaLed lnformauon sysLem ln
order Lo aualn Lhe appllcable ob[ecuves of preservlng Lhe
,.&'/(,&-, 010,203,2,&- and +".45'.602,&- of lnformauon sysLem
resources"
lncludes hardware, soware, rmware, lnformauon/daLa, and
Lelecommunlcauons.
6:' !?@ 6(.2<
C
o
n
f
i
d
e
n
t
i
a
l
i
t
y
Data
and
services
Figure 1.1 The Security Requirements Triad
I
n
t
e
g
r
i
t
y
Availability
3/3/14
7
A'+ *'-%(.&+ !"1-'$&,
!".45'.602,&-
- preservlng
auLhorlzed
resLrlcuons on
lnformauon access
and dlsclosure.
- lncludlng means
for proLecung
personal prlvacy
and proprleLary
lnformauon
- guardlng agalnsL
lmproper
lnformauon
modlcauon or
desLrucuon,
- lncludlng ensurlng
lnformauon
nonrepudlauon
and auLhenuclLy
710,203,2,&-
- ensurlng umely
and rellable access
Lo and use of
lnformauon
8.&'/(,&-
ls Lhls all?
!"#$%&'( *'-%(.&+ !:200'15',
! compuLer securlLy ls noL as slmple as lL mlghL rsL appear Lo
Lhe novlce
! poLenual auacks on Lhe securlLy feaLures musL be consldered
! procedures used Lo provlde parucular servlces are oen
counLerlnLuluve
! physlcal and loglcal placemenL needs Lo be deLermlned
! muluple algorlLhms or proLocols may be lnvolved
3/3/14
8
!"#$%&'( *'-%(.&+ !:200'15',
! auackers only need Lo nd a 9,./2' weakness, Lhe developer
needs Lo nd 022 weaknesses
! users and sysLem managers Lend Lo noL see Lhe beneLs of
securlLy unul a fallure occurs
! securlLy requlres regular and consLanL monlLorlng
! ls oen an aerLhoughL Lo be lncorporaLed lnLo a sysLem aer
Lhe deslgn ls compleLe
! LhoughL of as an lmpedlmenL Lo emclenL and user-frlendly
operauon
!"#$%&'( *'-%(.&+ 6'(#.1"0"5+
! 751'(90(- (LhreaL agenL)
! An enuLy LhaL auacks, or ls a LhreaL Lo, a sysLem.
! 7:0+;
! An assaulL on sysLem securlLy LhaL derlves from an lnLelllgenL
LhreaL, a dellberaLe auempL Lo evade securlLy servlces and
vlolaLe securlLy pollcy of a sysLem.
! !"%.&'(#'09%('
! An acuon, devlce, procedure, or Lechnlque LhaL reduces a
LhreaL, a vulnerablllLy, or an auack by ellmlnaung or
prevenung lL, by mlnlmlzlng Lhe harm lL can cause, or by
dlscoverlng and reporung lL so LhaL correcuve acuon can be
Laken.
3/3/14
9
!"#$%&'( *'-%(.&+ 6'(#.1"0"5+
! <,9;
! An expecLauon of loss expressed as Lhe probablllLy LhaL a
parucular LhreaL wlll explolL a parucular vulnerablllLy wlLh a
parucular harmful resulL.
! *'+%(,&- ="2,+-
! A seL of rules and pracuces LhaL speclfy how a sysLem or org
provldes securlLy servlces Lo proLecL sensluve and crlucal sysLem
resources.
! *-9&'# <'9"%(+' >799'&?
! uaLa, a servlce provlded by a sysLem, a sysLem capablllLy, an
lLem of sysLem equlpmenL, a faclllLy LhaL houses sysLem
operauons and equlpmenL.
!"#$%&'( *'-%(.&+ 6'(#.1"0"5+
! @A('0&
! A poLenual for vlolauon of securlLy, whlch exlsLs
when Lhere ls a clrcumsLance, capablllLy, acuon, or
evenL LhaL could breach securlLy and cause harm.
! B%2.'(03,2,&-
! llaw or weakness ln a sysLem's deslgn,
lmplemenLauon, or operauon and managemenL
LhaL could be explolLed Lo vlolaLe Lhe sysLem's
securlLy pollcy.
CD
3/3/14
10
*'-%(.&+ !"1-'$&, 21< B'02&."1,:.$,
C%01'(2D.0.&.',E 6:('2&, 21< @&&2-F,
! vulnerablllues
! leaky (loss of condenuallLy)
! corrupLed (loss of lnLegrlLy)
! unavallable or very slow (loss of avallablllLy)
! LhreaLs
! capable of explolung vulnerablllues
! represenL poLenual securlLy harm
! auacks (LhreaLs carrled ouL)
! passlve or acuve auempL Lo alLer/aecL sysLem
resources
! lnslder or ouLslder
EF
3/3/14
11
6:('2& !"1,'G%'1-',
G.0%&A"(,H'5 5,9+2"9%(' ls a LhreaL Lo !"#$%&#'()*+,
! +,-'.(/0: 1hls can be dellberaLe or be Lhe resulL of a human,
hardware, or soware error
! 12$0/30-4'2: unauLhorlzed access Lo daLa
! 1250/0230: e.g., Lramc analysls or use of llmlLed access Lo geL
deLalled lnformauon
! 12$/(.6'2: unauLhorlzed access Lo sensluve daLa
EC
!
!(+$&"5(2$:+
3/3/14
12
I3J'+61'9
! Learn how crypLography works
! Learn how encrypuon sysLems are broken
! undersLand baslc clphers:
! .(&.4$(4'2 and $/#2.-'.64'2 codes
Coal of CrypLography
! Lnsure .&!/0*+, of communlcauon over lnsecure
medlum
! rlvacy (secrecy, condenuallLy)
! lnLegrlLy
! CommunlcaLe even wlLh posslblllLy of adversarles
3/3/14
13
Maln ComponenLs ln Sendlng Messages
sender receiver Medium
Intruder
Interrupt
Intercept
Modify
Fabricate
Availability
Confidentiality
Integrity
Approaches Lo Secure Communlcauon
! SLeganography
! Plde message exlsLence
! CrypLography
- Plde message meanlng
3/3/14
14
CrypLography
! SecreL wrlung
! ulsgulsed daLa cannoL be read, modled, or fabrlcaLed
easlly
! K.+(-$6". : encodlng (enclpher)
plalnLexL " clpher LexL
= <p1, p2, p3, .., pn> " C = <c1, c2, c3, .., cm>
C = L(c) (L = encrypuon rule)
! L'+(-$6". : decodlng (declpher)
Clpher LexL " plalnLexL
C = <c1, c2, c3, .., cm> " = <p1, p2, p3, .., pn>
= u(c) (u = decrypuon rule)
CrypLosysLem
! Pow does Lhls help us accompllsh our goals?
! rlvacy
! lnLegrlLy
3/3/14
13
Lncrypuon
Lncrypuon uecrypuon
plaintext
Crlglnal
plalnLexL clpherLexL
Keyless
Lncrypuon uecrypuon
plaintext
Crlglnal
plalnLexL clpherLexL
Symmetric key
Lncrypuon uecrypuon
plaintext
Crlglnal
plalnLexL clpherLexL
Asymmetric key
CrypLanalysls
! Pow Lo break an encrypuon!
! CrypLanalysL
! ueduce Lhe orlglnal meanlng of Lhe clpherLexL
! ueLermlne Lhe decrypuon algorlLhm LhaL maLches
Lhe encrypuon one used
8reakable Lncrypuon!


3/3/14
16
CrypLanalyuc Auacks
! rely on:
! naLure of Lhe algorlLhm
! plus some knowledge of Lhe
general characLerlsucs of Lhe
plalnLexL
! even some sample plalnLexL-
clpherLexL palrs
! explolLs Lhe characLerlsucs of Lhe
algorlLhm Lo auempL Lo deduce a
speclc plalnLexL or Lhe key belng
used
! lf successful all fuLure and pasL
messages encrypLed wlLh LhaL key
are compromlsed
8ruLe-lorce Auack
! Lry all posslble keys on some
clpherLexL unul an
lnLelllglble Lranslauon lnLo
plalnLexL ls obLalned
! on average half of all
posslble keys musL be Lrled
Lo achleve success
@&&2-F.15 *+##'&(.- 71-(+$&."1
@>'(25' 6.#' H"( 78:2%,&.>' *'2(-:
Key Size (bits)
Number of
Alternative Keys
Time Required at 1
Decryption/s
Time Required at
10
6
Decryptions/s
32 2
32
= 4.3 ! 10
9
2
31
s = 35.8 minutes 2.15 milliseconds
56 2
56
= 7.2 ! 10
16
2
55
s = 1142 years 10.01 hours
128 2
128
= 3.4 ! 10
38
2
127
s = 5.4 ! 10
24
years 5.4 ! 10
18
years
168 2
168
= 3.7 ! 10
50
2
167
s = 5.9 ! 10
36
years 5.9 ! 10
30
years
26 characters
(permutation)
26! = 4 ! 10
26
2 ! 10
26
s = 6.4 ! 10
12
years 6.4 ! 10
6
years

3/3/14
17
Lxerclse



wklv phvvd[h lv qrw wrr kdug wr euhdn
Clphers
! *%396&%6". !,$A'(9
! SubsuLuLe a characLer or a symbol for each characLer of
Lhe orlglnal message
! @(0.9$"9,6". !,$A'(9
! 1he order of leuers ls rearranged
! noLauon
! uL8CASL LAln1Lx1
! lowercase clpherLexL


3/3/14
18
1he Caesar Clpher -- SubsuLuuon
# C
l
= p
l
+ 3

A " d
8 " e
C " f
.
x " a
? " b
Z " c
CrypLanalysls of Lhe Caesar Clpher
! 18LA1? lMCSSl8LL " wuhdwb lpsrvvleoh
! 8reak ls preserved
! uouble leuers are preserved
! 8epeaLed leuers

3/3/14
19
CLher SubsuLuuons: ermuLauon
! AlphabeL ls scrambled, each plalnLexL leuer maps Lo a
unlque clpherLexL leuer
! 1"0 &2(34)&
1, 2, 3, 4, 3, 6, 7, 8, 9
p1 = 1, 3, 3, 7, 9, 8, 6, 4, 2
p1(1) = 1, p1(2) = 3, p1(3) = 3, p1(4) = 7, eLc.
! key can be used Lo conLrol Lhe permuLauon used Lo
SubsuLuuon Clpher Lxample
! ABCDEFGHIJKLMNOPQRSTUVWXYZ
! wordabcefghijklmnpqstuvxyz
! ABCDEFGHIJKLMNOPQRSTUVWXYZ
! profesinalbcdghjkmqtuvwxyz
3/3/14
20
CrypLanalysls of subsuLuuon clphers
! 8ruLe force auack
! 26! posslblllues
! Clues
! ShorL words,
! Words wlLh repeaLed pauerns,
! Common lnlual and nal leuers, .
! knowledge of language may slmpllfy lL
! Lngllsh L, 1, C, A occur far more Lhan !, C, x, Z
! ConLexL
CrypLanalysls
! Lxample:
wklv phvvdjh lv qrw wrr kdug wr euhdn


wrr --> see, &"", add, odd, "M...
wr --> Lo, of


8esL guess: w = T, r = O
3/3/14
21
CrypLanalysls
wklv phvvdjh lv qrw wrr kdug wr euhdn

wrr --> see, &"", add, odd, "M...
wr --> Lo, of
8esL guess: w = T, r = O
lv --> so, ls, ln, ...

T_SO very unllkely...
T_IS llkely
8esL guess: l = I, v = S
CrypLanalysls
wklv phvvdjh lv qrw wrr kdug wr euhdn

wrr --> see, &"", add, odd, "M...
wr --> Lo, of
8esL guess: w = T, r = O

lv --> so, ls, ln, ...
8esL guess: l = I, v = S
wklv phvvdjh lv qrw wrr kdug wr euhdn
T-IS --SS--- IS -OT TOO ---- TO -----
3/3/14
22
!.$:'(,
! Ceaser
! layfalr
! vlgenere
! ermuLauon
! SubsuLuuon