Rabu, 22 Mei 2013

Generating Random Algorithm Number

In this section we consider the problem of generating a sequence of random numbers  on a computer. Specifically, we desire an infinite sequence of statistically independent random numbers uniformly distributed between zero and one. In practice, because the sequence is generated algorithmically using finite-precision arithmetic, it is neither infinite nor truly random. Instead, we say that an algorithm is ``good enough'' if the sequence it generates satisfies almost any statistical test of randomness. Such a sequence is said to be pseudorandom .
The most common algorithms for generating pseudorandom numbers are based on the linear congruential   random number generator invented by Lehmer. Given a positive integer m called the modulus  and an initial seed  value tex2html_wrap_inline69291 ( tex2html_wrap_inline69293), Lehmer's algorithm computes a sequence of integers between 0 and m-1. The elements of the sequence are given by
  equation33942
where a and c are carefully chosen integers such that tex2html_wrap_inline69301 and tex2html_wrap_inline69303.
For example, the parameters a=13, c=1, m=16 and tex2html_wrap_inline69311 produce the sequence
displaymath69279
The first m elements of this sequence are distinct and appear to have been drawn at random from the set tex2html_wrap_inline69315. However since tex2html_wrap_inline69317 the sequence is cyclic with period  m.
Notice that the elements of the sequence alternate between odd and even integers. This follows directly from Equation gif and the fact that m=16 is a multiple of 2. Similar patterns arise when we consider the elements as binary numbers:
displaymath69280
The least significant two bits are cyclic with period four and the least significant three bits are cycle with period eight! (These patterns arise because m=16 is also a multiple of 4 and 8). The existence of such patterns make the sequence less random. This suggests that the best choice for the modulus m is a prime number.
Not all parameter values result in a period of m. For example, changing the multiplier a to 11 produces the sequence
displaymath69281
the period of which is only m/2. In general because each subsequent element of the sequence is determined solely from its predecessor and because there are m possible values, the longest possible period is m. Such a generator is called a full period generator.
In practice the increment  c is often set to zero. In this case, Equation gif becomes
  equation33954
This is called a multiplicative linear congruential   random number generator. (For tex2html_wrap_inline69341 it is called a mixed linear congruential   generator).
In order to prevent the sequence generated by Equation gif from collapsing to zero, the modulus m must be prime and tex2html_wrap_inline69291 cannot be zero. For example, the parameters a=6, m=13 and tex2html_wrap_inline69351 produce the sequence
displaymath69282
Notice that the first 12 elements of the sequence are distinct. Since a multiplicative congruential generator can never produce a zero, the maximum possible period is m-1. Therefore, this is a full period generator.
As the final step of the process, the elements of the sequence are normalized  by division by the modulus:
displaymath69283
In so doing, we obtain a sequence of random numbers that fall between zero and one. Specifically, a mixed congruential generator ( tex2html_wrap_inline69341) produces numbers in the interval [0,1), whereas a multiplicative congruential generator (c=0) produces numbers in the interval (0,1).

Selasa, 07 Mei 2013

Encryption with DES

As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed 

Figu 2.1



To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa.

The DES algorithm


The main parts of the algorithm are as follows:
  • Fractioning of the text into 64-bit (8 octet) blocks;
  • Initial permutation of blocks;
  • Breakdown of the blocks into two parts: left and right, named L and R;
  • Permutation and substitution steps repeated 16 times (called rounds);
  • Re-joining of the left and right parts then inverse initial permutation.
DES algorithm

Permutation

In mathematical and computer science field of cryptography, a group of three numbers (x,y,z) is said to be a claw of two permutations f0 and f1 if f0(x) = f1(y) = z 
A pair of permutations f0 and f1 are said to be claw-free if there is no efficient algorithm for computing a claw.

The terminology claw free was introduced by Goldwasser, Micali, and Rivest in their 1984 paper, "A Paradoxical Solution to the Signature Problem", where they showed that the existence of claw-free pairs of trapdoor permutations implies the existence of digital signature schemes secure against adaptive chosen-message attack. This construction was later superseded by the construction of digital signatures from any one-way trapdoor permutation. The existence of trapdoor permutations does not by itself imply claw-free permutations exist; however, it has been shown that claw-free permutations do exist if factoring is hard.


The general notion of claw-free permutation (not necessarily trapdoor) was further studied by Ivan Damgard in his PhD thesis The Application of Claw Free Functions in Cryptography (Aarhus University, 1988), where he showed how to construct Collision Resistant Hash Functions from claw-free permutations. The notion of clawfreeness is closely related to that of collision resistance in hash functions. The distinction is that claw-free permutations are pairs of functions in which it is hard to create a collision between them, while a collision-resistant hash function is a single function in which it's hard to find a collision, i.e. a function H is collision resistant if it's hard to find a pair of distinct values x,y such that



H(x) = H(y).



In the hash function literature, this is commonly termed a hash collision. A hash function where collisions are difficult to find is said to have collision resistance.

Initial permutation


Firstly, each bit of a block is subject to initial permutation, which can be represented by the following initial permutation (IP) table:

IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

This permutation table shows, when reading the table from left to right then from top to bottom, that the 58th bit of the 64-bit block is in first position, the 50th in second position and so forth.

Minggu, 14 April 2013

Conventional Encryption


Cryptanalysis is the study of taking encrypted data, and trying to unencrypt it without use of the key. The other side of cryptography, it is used to break codes by finding weaknesses within them. In addition to being used by hackers with bad intentions, this discipline is also often used by the military. It is also appropriately used by designers of encryption systems to find, and subsequently correct, any weaknesses that may exist in the system under design.

Plaintext is an original text / data which will be converted into a random nonsense text called ciphertext in order to prevent the original message being read by the people out of the recipient. The encryption process consists of an algorithm that produce a different output depending on the specific key being used at the time and a key which value is independent of the plaintext and shared by sender and recipient. The ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption. The security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm. It is impractical to decrypt a message based on the ciphertext plus knowledge of the encryption/decryption algorithm. The principal security problem is maintaining the secrecy of the key.

If we look at picture above, with  the message X and the encryption key K as input, the encryption algorithm form the ciphertext.

Y= Ek(X)

The Intended receiver, in possession of  the key is able to invert transformation.
X= Dk(Y)
 

Security of conventional encryption depends on several factors:
-. The encryption algorithm must be impractical to decrypt a message on the basis of the ciphertext and knowledge of the encryption/decryption algorithm.
-. Secrecy of the key

Senin, 25 Maret 2013

ITU X-800

According to X.800, ‘A threat to a system security includes any of the following: destruction
of information and/or other resources; corruption or modification of information; theft,
removal or loss of information and/or other resources; disclosure of information and interruption
of services’. Another, clearer definition comes from RFC 2828, which defines a threat
as ‘A potential violation of security exists when there is a circumstance, capability, action, or
event that could breach security and cause harm’. In other words, a threat is a possible danger
that might exploit vulnerability.
Threats can be classified as accidental or intentional and may be active or passive:
• Accidental vs. intentional threats – as their names imply, accidental threats exist with no
premeditated intent; for example, system malfunctions or software bugs. On the other hand,
intentional threats are planned actions for specific purposes.
• Passive vs. active threats – passive threats do not modify the information in or operations
of the victim systems; for example, wire tapping. Active threats, on the other hand, involve
modification of information in or operation of the victim systems; for example, changing
the firewall rules of a system to allow unauthorized access.
While a threat is a potential security problem that may lead to a security breach, it is not yet
an action. An attack, on the other hand, is an action to exploit a security breach. Attacks can
also be classified as insider or outsider attacks, and active or passive attacks:
• Insider vs. outsider attacks – insider attacks occur when legitimate users of a system behave
in unintended ways. Outsider attacks are initiated from outside the security perimeter by
illegitimate system users.
• Active vs. passive attacks – active attacks attempt to change system resources or affect their
operation. Examples of active attacks are masquerade, replay, modification of message and
denial of service. Passive attacks attempt to make use of information from the system without
changing system resources. Examples of passive attacks are message content disclosure
and traffic analysis.



Which X.800 security services address which X.800 attack types:


EavesdroppingTraffic analysisDenial of ServiceMasqueradeModificationReplay
Peer entity authentication


Y

Data origin authentication


Y

Access control


Y

Data confidentialityY




Traffic flow confidentiality
Y



Data Integrity



YY
Security services are rows and attacks are columns in this table.
Which X.800 security services use which mechanisms:

EncodingDig. signatureAccess controlData integrityAuth. exch.Tr. paddingRouting controlNotarization
Peer entity auth.YY

Y


Data origin auth.YY





Access control

Y




Data confidentialityY




Y
Traffic flow confid.Y



YY
Data IntegrityYY
Y



Non-repudiation
Y
Y


Y
Security services are rows & mechanisms are columns in the table.

RFC 2828

According to RFC 2828, a security service is a processing or communication service provided
by a system to protect system resources. Security services implement security policies and are
implemented by security mechanisms. Security services are divided into five categories:
• Authentication service: this security service verifies the identities claimed by or for an
entity (cf. p.16, RFC 2828). Authentication services are divided into two groups: data origin
authentication and peer entity authentication.
– Data origin authentication: this security service verifies the identity of a system entity
that is claimed to be the original source of received data (cf. p.53, RFC 2828). It does
not provide protection against duplication or modification of data units even though it is
sometimes thought to enable a recipient to verify that the data have not been tampered
with in transit.
– Peer entity authentication: this service provides corroboration between peer entities at
the connection establishment or during the transfer of information between them. This
service guarantees that an entity is not attempting to masquerade or to replay a previous
connection without authority (cf. p.8, Recommendation X.800).
• Access control: this service provides protection against unauthorized use of resources such
as computing resources, storage resources, communication links, etc. To use a resource, theuser should first be authenticated, after which they can be granted the right to use specific
system resources.
• Data confidentiality: this service protects data from unauthorized disclosure as the data
are transmitted from a source to a destination. Encryption and decryption are often used to
provide data confidentiality. Data confidentiality is divided into four groups:
– Connection confidentiality: this service provides confidentiality of user data on a
connection.
– Connectionless confidentiality: this service provides confidentiality of user data for
connectionless services, i.e. it protects individual data blocks.
– Selective field confidentiality: this service provides confidentiality of selected fields of
user data in a connection or in an individual data block.
– Traffic flow confidentiality: this service protects information which might be derived
from the observation of traffic flows. It serves to protect against traffic analysis.
• Data integrity: this service ensures that the data are received exactly as they were sent and
there has been no modification or replay of the data. Data integrity is classified into five
groups (cf. pp. 9–10, Recommendation X.800):
– Connection integrity with recovery: this service provides integrity for all user data on a
connection, detects any modifications, insertions, deletions or replays of any data within
an entire data sequence and attempts to recover the data if an attack is detected.
– Connection integrity without recovery: this service provides integrity for all user data on
a connection and detects any modifications, insertions, deletions or replays of any data
within an entire data sequence but does not attempt to recover the data when an attack is
detected.
– Selective field connection integrity: this service provides integrity for selected fields
within the user data transferred over a connection and takes the form of determination
of whether the selected fields have been modified, inserted, deleted or replayed.
– Connectionless integrity: this service provides integrity for individual data blocks and
may take the form of determination of whether a received data block has been modified.
Additionally, a limited form of detection of replay may be provided.
– Selective field connectionless integrity: this service provides integrity for selected fields
within individual data blocks and takes the form of determination of whether the selected
fields have been modified.
• Nonrepudiation: this service guarantees that an entity once involved in a communication
cannot later deny its involvement. This service may take one or both of two forms:
– Nonrepudiation with proof of origin: the recipient of the data is provided with proof
of the origin of the data. This will protect against any attempt by the sender to falsely
deny sending the data or their contents. A digital signature is an example of providing
nonrepudiation with proof of origin (cf. p.10, X.800).
– Nonrepudiation with proof of delivery: the sender of data is provided with proof of delivery
of the data. This will protect against any subsequent attempt by the recipient to
falsely deny receiving the data or their contents (cf. p.10, X.800).


So, RFC 2828 is bunch of internet glosarry
Example:
Threat
A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is,
an intelligent act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security
policy of a system.

ITU X800 & RFC 2828


ITU-T Recommendation X.800 (Security Architecture for OSI) and IETF RFC 2828 (Internet
Security Glossary) are used as references to systematically evaluate and define security
requirements. Though coming from different standardization bodies, the two standards
have many points in common. X.800 is used to define general security-related architectural
elements needed when protection of communication between open systems is
required. X.800 establishes guidelines and constraints to improve existing recommendations
and/or to develop new recommendations in the context of OSI. Similarly, RFC 2828
provides abbreviations, explanations and recommendations for information system security
terminology.

Both X.800 and RFC 2828 are designed to assist security managers in defining security
requirements and possible approaches to meeting those requirements. They also
help hardware and software manufacturers to develop security features for their products
and services that follow certain standards. X.800 and RFC 2828 both mention
several aspects of security systems, namely security threat and attack, security services
and mechanisms and security management. This section gives a brief introduction to
these standards. We urge readers to read the original standard documents for more
information.