In this section we consider the problem
of generating a sequence of random numbers
on a computer.
Specifically, we desire an infinite sequence
of statistically independent random numbers
uniformly distributed between zero and one.
In practice,
because the sequence is generated algorithmically
using finite-precision arithmetic,
it is neither infinite nor truly random.
Instead, we say that an algorithm is ``good enough''
if the sequence it generates satisfies almost any
statistical test of randomness.
Such a sequence is said to be pseudorandom .
The most common algorithms for generating pseudorandom numbers
are based on the linear congruential
random number generator invented by Lehmer.
Given a positive integer m called the modulus
and an initial seed value ( ),
Lehmer's algorithm computes a sequence
of integers between 0 and m-1.
The elements of the sequence are given by
where a and c are carefully chosen integers
such that and .
For example, the parameters a=13, c=1, m=16 and
produce the sequence
The first m elements of this sequence are distinct
and appear to have been drawn at random from the set
.
However since the sequence is cyclic
with period m.
Notice that the elements of the sequence alternate between
odd and even integers.
This follows directly from Equation and the fact
that m=16 is a multiple of 2.
Similar patterns arise when we consider the elements
as binary numbers:
The least significant two bits are cyclic with period four
and the least significant three bits are cycle with period eight!
(These patterns arise because m=16 is also a multiple of 4 and 8).
The existence of such patterns make the sequence less random.
This suggests that the best choice for the modulus m is a prime number.
Not all parameter values result in a period of m.
For example, changing the multiplier a to 11 produces the sequence
the period of which is only m/2.
In general because each subsequent element of the sequence
is determined solely from its predecessor
and because there are m possible values,
the longest possible period is m.
Such a generator is called a full period generator.
In practice the increment c is often set to zero.
In this case, Equation becomes
This is called a multiplicative linear congruential
random number generator.
(For it is called a mixed linear congruential generator).
In order to prevent the sequence generated by Equation
from collapsing to zero,
the modulus m must be prime and cannot be zero.
For example, the parameters a=6, m=13 and
produce the sequence
Notice that the first 12 elements of the sequence are distinct.
Since a multiplicative congruential generator can never produce a zero,
the maximum possible period is m-1.
Therefore, this is a full period generator.
As the final step of the process,
the elements of the sequence are normalized
by division by the modulus:
In so doing, we obtain a sequence of random numbers
that fall between zero and one.
Specifically, a mixed congruential generator ( )
produces numbers in the interval [0,1),
whereas a multiplicative congruential generator (c=0)
produces numbers in the interval (0,1).
Rabu, 22 Mei 2013
Selasa, 07 Mei 2013
Encryption with DES
As mentioned earlier there are two main
types of cryptography in use today - symmetric or secret key
cryptography and asymmetric or public key cryptography. Symmetric key
cryptography is the oldest type whereas asymmetric cryptography is only
being used publicly since the late 1970’s1. Asymmetric cryptography was a
major milestone in the search for a perfect encryption scheme. Secret
key cryptography goes back to at least Egyptian times and is of concern
here. It involves the use of only one key which is used for both
encryption and decryption (hence the use of the term symmetric). Figure
2.1 depicts this idea. It is necessary for security purposes that the
secret key never be revealed
Figu 2.1 |
To accomplish encryption, most secret
key algorithms use two main techniques known as substitution and
permutation. Substitution is simply a mapping of one value to another
whereas permutation is a reordering of the bit positions for each of the
inputs. These techniques are used a number of times in iterations
called rounds. Generally, the more rounds there are, the more secure the
algorithm. A non-linearity is also introduced into the encryption so
that decryption will be computationally infeasible2 without the secret
key. This is achieved with the use of S-boxes which are basically
non-linear substitution tables where either the output is smaller than
the input or vice versa.
The DES algorithm
The main parts of the algorithm are as follows:
- Fractioning of the text into 64-bit (8 octet) blocks;
- Initial permutation of blocks;
- Breakdown of the blocks into two parts: left and right, named L and R;
- Permutation and substitution steps repeated 16 times (called rounds);
- Re-joining of the left and right parts then inverse initial permutation.
Permutation
In mathematical
and computer science field of cryptography,
a group of three numbers (x,y,z) is said to be a claw of two permutations f0
and f1 if
f0(x) = f1(y) = z
The terminology claw free was introduced by Goldwasser, Micali, and Rivest in their 1984 paper, "A Paradoxical Solution to the Signature Problem", where they showed that the existence of claw-free pairs of trapdoor permutations implies the existence of digital signature schemes secure against adaptive chosen-message attack. This construction was later superseded by the construction of digital signatures from any one-way trapdoor permutation. The existence of trapdoor permutations does not by itself imply claw-free permutations exist; however, it has been shown that claw-free permutations do exist if factoring is hard.
This permutation table shows, when reading the table from left to right then from top to bottom, that the 58th bit of the 64-bit block is in first position, the 50th in second position and so forth.
A pair
of permutations f0 and f1 are said to be claw-free if there is no efficient
algorithm for computing a claw.
The terminology claw free was introduced by Goldwasser, Micali, and Rivest in their 1984 paper, "A Paradoxical Solution to the Signature Problem", where they showed that the existence of claw-free pairs of trapdoor permutations implies the existence of digital signature schemes secure against adaptive chosen-message attack. This construction was later superseded by the construction of digital signatures from any one-way trapdoor permutation. The existence of trapdoor permutations does not by itself imply claw-free permutations exist; however, it has been shown that claw-free permutations do exist if factoring is hard.
The general notion of claw-free permutation (not necessarily
trapdoor) was further studied by Ivan Damgard
in his PhD thesis The Application of Claw Free Functions in Cryptography
(Aarhus University, 1988), where he showed how to construct Collision Resistant Hash Functions from
claw-free permutations.
The notion of clawfreeness is closely related to that of collision resistance
in hash functions. The distinction is that claw-free permutations are pairs
of functions in which it is hard to create a collision between them, while a
collision-resistant hash function is a single function in which it's hard to
find a collision, i.e. a function H is collision resistant if it's hard
to find a pair of distinct values x,y such that
H(x) = H(y).
In the hash function literature, this is commonly termed a hash collision.
A hash function where collisions are difficult to find is said to have collision resistance.
Initial permutation
Firstly, each bit of a block is subject to initial permutation, which can be represented by the following initial permutation (IP) table:
IP |
|
This permutation table shows, when reading the table from left to right then from top to bottom, that the 58th bit of the 64-bit block is in first position, the 50th in second position and so forth.
Minggu, 14 April 2013
Conventional Encryption
Cryptanalysis is the study of taking encrypted data, and trying to unencrypt it without use of the key. The other side of cryptography, it is used to break codes by finding weaknesses within them. In addition to being used by hackers with bad intentions, this discipline is also often used by the military. It is also appropriately used by designers of encryption systems to find, and subsequently correct, any weaknesses that may exist in the system under design.
Plaintext is an original text / data which will be converted into a random nonsense text called ciphertext in order to prevent the original message being read by the people out of the recipient. The encryption process consists of an algorithm that produce a different output depending on the specific key being used at the time and a key which value is independent of the plaintext and shared by sender and recipient. The ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption. The security of conventional encryption depends on the secrecy of the key, not the secrecy of the algorithm. It is impractical to decrypt a message based on the ciphertext plus knowledge of the encryption/decryption algorithm. The principal security problem is maintaining the secrecy of the key.
If we look at picture above, with the message X and the encryption key K as input, the encryption algorithm form the ciphertext.
Y=
Ek(X)
X=
Dk(Y)
Security of conventional encryption depends on several factors:
-. The encryption algorithm must be impractical to decrypt a message on the basis of the ciphertext and knowledge of the encryption/decryption algorithm.
-. Secrecy of the key
Senin, 25 Maret 2013
ITU X-800
According to X.800, ‘A threat to a system security includes any of the following: destruction
of information and/or other resources; corruption or modification of information; theft,
removal or loss of information and/or other resources; disclosure of information and interruption
of services’. Another, clearer definition comes from RFC 2828, which defines a threat
as ‘A potential violation of security exists when there is a circumstance, capability, action, or
event that could breach security and cause harm’. In other words, a threat is a possible danger
that might exploit vulnerability.
Threats can be classified as accidental or intentional and may be active or passive:
• Accidental vs. intentional threats – as their names imply, accidental threats exist with no
premeditated intent; for example, system malfunctions or software bugs. On the other hand,
intentional threats are planned actions for specific purposes.
• Passive vs. active threats – passive threats do not modify the information in or operations
of the victim systems; for example, wire tapping. Active threats, on the other hand, involve
modification of information in or operation of the victim systems; for example, changing
the firewall rules of a system to allow unauthorized access.
While a threat is a potential security problem that may lead to a security breach, it is not yet
an action. An attack, on the other hand, is an action to exploit a security breach. Attacks can
also be classified as insider or outsider attacks, and active or passive attacks:
• Insider vs. outsider attacks – insider attacks occur when legitimate users of a system behave
in unintended ways. Outsider attacks are initiated from outside the security perimeter by
illegitimate system users.
• Active vs. passive attacks – active attacks attempt to change system resources or affect their
operation. Examples of active attacks are masquerade, replay, modification of message and
denial of service. Passive attacks attempt to make use of information from the system without
changing system resources. Examples of passive attacks are message content disclosure
and traffic analysis.
Which X.800 security services address which X.800 attack types:
Security services are rows and attacks are columns in this table.
Which X.800 security services use which mechanisms:
Security services are rows & mechanisms are columns in the table.
of information and/or other resources; corruption or modification of information; theft,
removal or loss of information and/or other resources; disclosure of information and interruption
of services’. Another, clearer definition comes from RFC 2828, which defines a threat
as ‘A potential violation of security exists when there is a circumstance, capability, action, or
event that could breach security and cause harm’. In other words, a threat is a possible danger
that might exploit vulnerability.
Threats can be classified as accidental or intentional and may be active or passive:
• Accidental vs. intentional threats – as their names imply, accidental threats exist with no
premeditated intent; for example, system malfunctions or software bugs. On the other hand,
intentional threats are planned actions for specific purposes.
• Passive vs. active threats – passive threats do not modify the information in or operations
of the victim systems; for example, wire tapping. Active threats, on the other hand, involve
modification of information in or operation of the victim systems; for example, changing
the firewall rules of a system to allow unauthorized access.
While a threat is a potential security problem that may lead to a security breach, it is not yet
an action. An attack, on the other hand, is an action to exploit a security breach. Attacks can
also be classified as insider or outsider attacks, and active or passive attacks:
• Insider vs. outsider attacks – insider attacks occur when legitimate users of a system behave
in unintended ways. Outsider attacks are initiated from outside the security perimeter by
illegitimate system users.
• Active vs. passive attacks – active attacks attempt to change system resources or affect their
operation. Examples of active attacks are masquerade, replay, modification of message and
denial of service. Passive attacks attempt to make use of information from the system without
changing system resources. Examples of passive attacks are message content disclosure
and traffic analysis.
Which X.800 security services address which X.800 attack types:
Eavesdropping | Traffic analysis | Denial of Service | Masquerade | Modification | Replay | |
Peer entity authentication | Y | |||||
Data origin authentication | Y | |||||
Access control | Y | |||||
Data confidentiality | Y | |||||
Traffic flow confidentiality | Y | |||||
Data Integrity | Y | Y |
Which X.800 security services use which mechanisms:
Encoding | Dig. signature | Access control | Data integrity | Auth. exch. | Tr. padding | Routing control | Notarization | |
Peer entity auth. | Y | Y | Y | |||||
Data origin auth. | Y | Y | ||||||
Access control | Y | |||||||
Data confidentiality | Y | Y | ||||||
Traffic flow confid. | Y | Y | Y | |||||
Data Integrity | Y | Y | Y | |||||
Non-repudiation | Y | Y | Y |
RFC 2828
According to RFC 2828, a security service is a processing or communication service provided
by a system to protect system resources. Security services implement security policies and are
implemented by security mechanisms. Security services are divided into five categories:
• Authentication service: this security service verifies the identities claimed by or for an
entity (cf. p.16, RFC 2828). Authentication services are divided into two groups: data origin
authentication and peer entity authentication.
– Data origin authentication: this security service verifies the identity of a system entity
that is claimed to be the original source of received data (cf. p.53, RFC 2828). It does
not provide protection against duplication or modification of data units even though it is
sometimes thought to enable a recipient to verify that the data have not been tampered
with in transit.
– Peer entity authentication: this service provides corroboration between peer entities at
the connection establishment or during the transfer of information between them. This
service guarantees that an entity is not attempting to masquerade or to replay a previous
connection without authority (cf. p.8, Recommendation X.800).
• Access control: this service provides protection against unauthorized use of resources such
as computing resources, storage resources, communication links, etc. To use a resource, theuser should first be authenticated, after which they can be granted the right to use specific
system resources.
• Data confidentiality: this service protects data from unauthorized disclosure as the data
are transmitted from a source to a destination. Encryption and decryption are often used to
provide data confidentiality. Data confidentiality is divided into four groups:
– Connection confidentiality: this service provides confidentiality of user data on a
connection.
– Connectionless confidentiality: this service provides confidentiality of user data for
connectionless services, i.e. it protects individual data blocks.
– Selective field confidentiality: this service provides confidentiality of selected fields of
user data in a connection or in an individual data block.
– Traffic flow confidentiality: this service protects information which might be derived
from the observation of traffic flows. It serves to protect against traffic analysis.
• Data integrity: this service ensures that the data are received exactly as they were sent and
there has been no modification or replay of the data. Data integrity is classified into five
groups (cf. pp. 9–10, Recommendation X.800):
– Connection integrity with recovery: this service provides integrity for all user data on a
connection, detects any modifications, insertions, deletions or replays of any data within
an entire data sequence and attempts to recover the data if an attack is detected.
– Connection integrity without recovery: this service provides integrity for all user data on
a connection and detects any modifications, insertions, deletions or replays of any data
within an entire data sequence but does not attempt to recover the data when an attack is
detected.
– Selective field connection integrity: this service provides integrity for selected fields
within the user data transferred over a connection and takes the form of determination
of whether the selected fields have been modified, inserted, deleted or replayed.
– Connectionless integrity: this service provides integrity for individual data blocks and
may take the form of determination of whether a received data block has been modified.
Additionally, a limited form of detection of replay may be provided.
– Selective field connectionless integrity: this service provides integrity for selected fields
within individual data blocks and takes the form of determination of whether the selected
fields have been modified.
• Nonrepudiation: this service guarantees that an entity once involved in a communication
cannot later deny its involvement. This service may take one or both of two forms:
– Nonrepudiation with proof of origin: the recipient of the data is provided with proof
of the origin of the data. This will protect against any attempt by the sender to falsely
deny sending the data or their contents. A digital signature is an example of providing
nonrepudiation with proof of origin (cf. p.10, X.800).
– Nonrepudiation with proof of delivery: the sender of data is provided with proof of delivery
of the data. This will protect against any subsequent attempt by the recipient to
falsely deny receiving the data or their contents (cf. p.10, X.800).
by a system to protect system resources. Security services implement security policies and are
implemented by security mechanisms. Security services are divided into five categories:
• Authentication service: this security service verifies the identities claimed by or for an
entity (cf. p.16, RFC 2828). Authentication services are divided into two groups: data origin
authentication and peer entity authentication.
– Data origin authentication: this security service verifies the identity of a system entity
that is claimed to be the original source of received data (cf. p.53, RFC 2828). It does
not provide protection against duplication or modification of data units even though it is
sometimes thought to enable a recipient to verify that the data have not been tampered
with in transit.
– Peer entity authentication: this service provides corroboration between peer entities at
the connection establishment or during the transfer of information between them. This
service guarantees that an entity is not attempting to masquerade or to replay a previous
connection without authority (cf. p.8, Recommendation X.800).
• Access control: this service provides protection against unauthorized use of resources such
as computing resources, storage resources, communication links, etc. To use a resource, theuser should first be authenticated, after which they can be granted the right to use specific
system resources.
• Data confidentiality: this service protects data from unauthorized disclosure as the data
are transmitted from a source to a destination. Encryption and decryption are often used to
provide data confidentiality. Data confidentiality is divided into four groups:
– Connection confidentiality: this service provides confidentiality of user data on a
connection.
– Connectionless confidentiality: this service provides confidentiality of user data for
connectionless services, i.e. it protects individual data blocks.
– Selective field confidentiality: this service provides confidentiality of selected fields of
user data in a connection or in an individual data block.
– Traffic flow confidentiality: this service protects information which might be derived
from the observation of traffic flows. It serves to protect against traffic analysis.
• Data integrity: this service ensures that the data are received exactly as they were sent and
there has been no modification or replay of the data. Data integrity is classified into five
groups (cf. pp. 9–10, Recommendation X.800):
– Connection integrity with recovery: this service provides integrity for all user data on a
connection, detects any modifications, insertions, deletions or replays of any data within
an entire data sequence and attempts to recover the data if an attack is detected.
– Connection integrity without recovery: this service provides integrity for all user data on
a connection and detects any modifications, insertions, deletions or replays of any data
within an entire data sequence but does not attempt to recover the data when an attack is
detected.
– Selective field connection integrity: this service provides integrity for selected fields
within the user data transferred over a connection and takes the form of determination
of whether the selected fields have been modified, inserted, deleted or replayed.
– Connectionless integrity: this service provides integrity for individual data blocks and
may take the form of determination of whether a received data block has been modified.
Additionally, a limited form of detection of replay may be provided.
– Selective field connectionless integrity: this service provides integrity for selected fields
within individual data blocks and takes the form of determination of whether the selected
fields have been modified.
• Nonrepudiation: this service guarantees that an entity once involved in a communication
cannot later deny its involvement. This service may take one or both of two forms:
– Nonrepudiation with proof of origin: the recipient of the data is provided with proof
of the origin of the data. This will protect against any attempt by the sender to falsely
deny sending the data or their contents. A digital signature is an example of providing
nonrepudiation with proof of origin (cf. p.10, X.800).
– Nonrepudiation with proof of delivery: the sender of data is provided with proof of delivery
of the data. This will protect against any subsequent attempt by the recipient to
falsely deny receiving the data or their contents (cf. p.10, X.800).
So, RFC 2828 is bunch of internet glosarry
Example:
Threat
A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is,
an intelligent act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security
policy of a system.
A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is,
an intelligent act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security
policy of a system.
ITU X800 & RFC 2828
ITU-T Recommendation X.800 (Security Architecture for OSI) and IETF RFC 2828 (Internet
Security Glossary) are used as references to systematically evaluate and define security
requirements. Though coming from different standardization bodies, the two standards
have many points in common. X.800 is used to define general security-related architectural
elements needed when protection of communication between open systems is
required. X.800 establishes guidelines and constraints to improve existing recommendations
and/or to develop new recommendations in the context of OSI. Similarly, RFC 2828
provides abbreviations, explanations and recommendations for information system security
terminology.
Both X.800 and RFC 2828 are designed to assist security managers in defining security
requirements and possible approaches to meeting those requirements. They also
help hardware and software manufacturers to develop security features for their products
and services that follow certain standards. X.800 and RFC 2828 both mention
several aspects of security systems, namely security threat and attack, security services
and mechanisms and security management. This section gives a brief introduction to
these standards. We urge readers to read the original standard documents for more
information.
Langganan:
Postingan (Atom)