[Course home page] [Lecture notes]
YALE UNIVERSITY
DEPARTMENT OF COMPUTER SCIENCE
CPSC 467a: Cryptography and Computer Security
Professor M. J. Fischer | September 1, 2005 |
Lecture Notes 1
1 Course Overview
This course is about cryptography and its application to computer and
network security. A better term might be information security,
which includes all forms of information protection, whether the
information resides in a computer, on the network, or on a storage
device such as a hard disk, DVD, or even paper. Security is a huge
field and includes important non-technical topics such as incentive,
opportunity, deterrence, threat, trust, anonymity, and coercion, all
of which play together into the overall security picture. Our focus
is on a particular set of useful tools-cryptographic
primitives-that that can be used to enhance information security.
Nevertheless, we need some awareness of general security issues in
order to understand the environment in which cryptographic tools are
used and to motivate the properties that we desire of these tools.
2 Organization
The course will be roughly organized around cryptographic
primitives, objects having properties that make them useful in
solving certain security problems. For each such primitive, one
can ask:
- What can be done with it?
- This leads to a study of
cryptographic algorithms and protocols.
- What are its properties?
- This leads to modeling and analysis,
which very quickly requires complexity theory, probability theory, and
statistics.
- How is it built?
- This requires a fair amount of mathematics,
particularly number theory and algebra. Don't worry if you haven't
studied these topics before. We will cover what is need for the
methods discussed in this course.
- How is it implemented?
- Implementing cryptographic primitives
requires a lot of attention to detail, especially to make sure that
the programs don't accidentally leak secret information. This course
will involve some implementation.
3 Example primitive: Symmetric cryptography
A symmetric cryptosystem (sometimes called a private-key
or one-key system) is a pair of functions E and D such that
D(k, E(k, m)) = m for all keys k and all messages m. Moreover,
given c = E(k, m), it is hard to find m without knowing the key k.
3.1 What can be done with a symmetric cryptosystem?
This is the classical tool for solving the secret message
transmission problem:
- Alice wants to send Bob a private message m over the internet.
- Alice and Bob both have a secret key k.
- Alice computes c = E(k,m) and sends c to Bob.
- Bob receives c′, computes m′ = D(k, c′), and assumes m′ to
be Alice's message.
We assume that the network is insecure and that an eavesdropper, Eve,
can listen in and learn c. We desire nonetheless that m remain
private.
3.2 What do we require of E, D, and the computing
environment in order for this protocol to accomplish Alice and
Bob's goals?
- Given c, it is hard to find m without also knowing k.
- k is not initially known to Eve.
- Eve can guess k with at most an extremely tiny probability of
success. This means k must be chosen randomly.
- Alice and Bob protect k from being released. Their computers have
not been compromised. Eve is not able to obtain k by looking on
Alice's or Bob's hard disk, swap file, or free memory pages, even
if she is a legitimate user of that computer or the services it provides.
- There are no unanticipated ways by which Eve succeeds in obtaining k,
e.g., social engineering, using binoculars to watch Alice or Bob's
keyboard, etc. etc.
4 Information Security
Last time we looked at the secret message transmission problem, which
concerned keeping a private message secret from Eve. Information
security is certainly partly about keeping data private, but it is
also about preventing hackers from breaking into a computer,
preventing denial of service attacks against web servers, preventing
unauthorized modification of databases, preventing illegal copying of
data, preventing fraud in e-commerce applications, and so forth.
Security certainly seems to mean preventing bad things from happening.
However, it is not always so easy to decide exactly what are the bad
things that one is trying to prevent. Without knowing exactly what
is to be prevented, one can never how how effective a security system
is at preventing them. Of course, one also wants to allow those activities
to proceed normally that are not proscribed by the security policy.
4.1 A security example from real life
A familiar example of a security problem is that of keeping intruders
out of my house.
What do I want to keep out?
Specifying exactly what is to be kept out and what allowed
is already not such an easy problem. At first sight, I might say that I don't
want anybody entering whom I have not specifically authorized. But even this
can be a bit problematical.
- Do I also want to prevent chimpanzees from entering?
- Do I want to prevent mice from entering?
- Do I want to prevent the twin brother of my friend Alex from entering
(who looks so much like Alex that even I can't always tell them apart)?
While these questions may sound silly, they have serious analogs in
information security. To (1), you'd likely say, "Of course, I don't
want to let chimpanzees in the house either, but I don't consider them
a threat because there are no chimpanzees in my neighborhood." Yet
the world of information security is replete with examples of security
holes that are of no consequence until someone develops an exploit, at
which time they suddenly become serious problems. To (2), you might
say, "No, I don't want mice in, either", but at the same time you'd
realize that the means of preventing mice from entering are quite
different from those of protecting against human intruders, and
conflating the two problems will only make finding workable solutions
that much harder. To (3), you're forced to think about the meaning of
identity. What is it about Alex that makes me want to let him in but
not his twin brother? What hope do I have of solving this problem if
I can't distinguish between the two? In fact, the simple solution of
giving Alex a key to the house works in practice, as long as I know
that it is Alex getting the key and not his brother. Distinguishing
among individuals becomes a serious problem on the internet, and
schemes purporting to identify individuals generally identify instead
possession of secret information (a cryptographic key) or a particular
object (such as a smart card) instead, with the assumption that this
is sufficient to identify the individual. It isn't always so in the
real world, for secrets can be stolen and smart cards forged. The
rapid growth of identity theft today is evidence of this fact. (See
http://www.consumer.gov/idtheft/
for further information on this topic.)
What are some possible means to keep out intruders,
and how effective are they?
We now look at some of the means that might be used to keep intruders
out and discuss their effectiveness.
- Post a "no trespassing - do not enter" sign.
- Lock the front door.
- Install a burglar alarm.
- Buy a gun.
- Call the police.
- Sue the intruder.
- Conceal the entrance.
Think carefully about each of these means and ask yourself
under what conditions it might be effective, and what else must
be in place for it to work. For example, suing the intruder
presupposes that he can be identified, that you have evidence
that he entered illegally, and that society has an effective
judicial system. Buying a gun will only deter breakins if
it is known that you are likely to possess a gun. Locking
the front door has little effect unless the back door and
windows are also locked.
4.2 Cryptography and security
Cryptography is to information security as locks are to personal
security.
- Both are clever mechanisms that can be analyzed in isolation.
- Both can be effective when used in suitable contexts.
- Both comprise only a small part of the security picture.
4.3 Information security in the real world
Here are just some of the many goals of information security.
- Protection against data damage.
- Protection against theft of intellectual property.
- Protection against surveillance.
- Protection against unauthorized actions.
- Protection of constitutional privacy rights.
- Protection of freedom of information.
How is security achieved in the real world?
- Prevention: Physical barriers, locks, encryption, firewalls, etc.
- Detection: Audits, checks and balances.
- Legal means: Laws, sanctions.
- Concealment: Camouflage, steganography.
Absolute security in the real world is infeasible. The goal is risk
management. The same is true with information security. Security
mechanisms have a cost. One needs to weight their cost against the
benefits.
File translated from
TEX
by
TTH,
version 3.66.
On 18 Sep 2005, 17:46.