The document discusses what it means for a system to be secure and how cryptography is used to build trust in systems. It defines security goals like confidentiality, integrity, authentication, and non-repudiation. It explains how cryptographic techniques like encryption, hashing, digital signatures, and certificates can provide these security properties. Finally, it stresses that the security of a system depends on the strength of the underlying cryptographic tools and protocols used.
3. It boils down to the trust you place on the system!
Guru
Trust on the
system
How secure is
the system
4. You decide to safeguard your valuable assets like
hardly used gold jewelries in a bank instead of
keeping them in your house.
Guru
You are placing more
trust on the bank’s
ability to safeguard
your valuable asset
than your own house.
You learn this fact
by experience – you
friends valuable
assets kept at home
got robbed.
None of your friends
have had any bad
experience with the
bank safeguarding
their assets.
5. Secure systems are built to satisfy the following
security goals.
Guru
Integrity
Availability
Confidentiality
Authentication
Non-
repudiation
6. We will not discuss availability in this presentation
as cryptography is not generally used to assure
availability (i.e. the service is available whenever
you need it)Guru
Denial of Service (DoS) attacks disrupts the
available it of a service.
7. Can I trust the system not to show my sensitive
data to any unauthorized parties?
Guru
Can I trust the system not to modify my data by
any unauthorized parties?
Can I trust the system not to allow to impersonate
me to the system?
Can I trust the system to hold each individual
accountable of their actions?
Confidentiality
Integrity
Authentication
Non-repudiation
11. Guru
The measure of trust (how secure your system)
depends on who you are trying to protect
against. We call it the attack model.
An Attack model captures the capabilities,
collisions and intentions of adversaries.
An adversary is a bad
user who want to break
the security of your
system.
12. Guru
In order to demonstrate trust in the system
under the given attack model
We need to prove the security of the
cryptographic protocols under that attack
model.
A cryptographic protocol secure under one
attack model (e.g. attacker can see one message)
may not be secure under more stronger attack
model (e.g. attacker can see many messages).
13. Guru
Usually, most of us will be using time tested and
proven cryptographic primitives such as ciphers,
message authentication codes, digital signatures.
We will be constructing new protocols using
these primitives. However, we need to make
sure that our protocols are secure under the
chosen attack model.
A cryptographic protocol built using secure
cryptographic primitives may not necessarily
be secure if not built right.
14. Adversary
Capabilities
Intentions
In cryptography, we
assume that attackers
have limited
computational power.
In other words, they
are computationally
bounded.
There could be passive
attackers or active
attackers. Passive
attackers simply
listens to your
messages whereas
much more powerful
active attacks modify
your messages.
Collisions
Multiple adversaries
may collude together to
break a cryptographic
protocol.
15. Let’s look at the security goals that are
directly tied to cryptography mentioned
earlier.
Guru
17. Ciphers
Symmetric ciphers
Asymmetric ciphers
Also called
“Symmetric Key
Cryptosystems”
Also called “Public
Key Cryptosystems”
Alice Bob
Alice and Bob share
the same key.
Alice Bob
Alice and Bob do not
share the same key.Public key & Private
key pair
18. Roughly speaking, a cipher is secure
if it is hard to obtain plaintext from
the ciphertext without knowing the
key used.Guru
In a cipher, only the key is secret;
everything else (encryption algorithm,
decryption algorithm) is public.
Alice Bob
Messages exchanged in a TLS protocol
are encrypted using a symmetric cipher.
19. Integrity
Can’t modify!
Cryptographic
Hashing Algorithm
Document
Key
Secure Hash
Alice Bob
Messages exchanged in a TLS protocol
are hashed using a keyed hash algorithm.
Send the hash along with the
document to the receiver.
Receiver can compute the hash
and compare to verify.
Message Hash
Use hashing.
20. Authentication
Can’t impersonate!
Use hashing, Public Key Ciphers (certificates).
Three ways to authenticate
Use what you have (e.g. key,
badge, certificates)
Use what you know (e.g.
passwords, PINs)
Use what you are (e.g.
fingerprints, iris)
21. Password authentication (Server: am I talking to Alice?)
Alice
Server (www.example.com)
Hash pwd Salt
Password
Certificate based authentication (Alice: Am I taking to example.com?)
Alice
Server (www.example.com)
Example.com
certificate
Example.com
certificate
Check if the certificate is
signed by a trusted root
authority.
Check if the new
hash matches the
stored one.
22. Transfer $1M to Bob
Non-repudiation
Can’t deny doing!
Use Public Key Ciphers (digital signatures).
Alice
Public key Private key
Transfer $1M to Bob
Digitally signed using Alice’s
private key
Alice cannot later deny that she
did not order bank to transfer as
it has her digital signature on it
(only she can produce that
signature)
Verify signature
using Alice’s public
key
23. The security of a system boils down to the trust.
Cryptography is a tool that we can use to build
trust in security services (confidentiality,
integrity, authentication and non-repudiation)
and in turn in systems build using these security
services.
If the foundation of your house
(cryptographic tools used) is not
strong, your house (software system)
will collapse!
Guru