From 28b770a84b9161df7114df691c6d2bafd68a0488 Mon Sep 17 00:00:00 2001 From: Leonard Kugis Date: Fri, 6 Mar 2020 01:04:54 +0100 Subject: IntroSec Added crypto analysis chapter. --- .../introduction_to_information_security.md | 56 +++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'en_GB/Introduction to Information Security/introduction_to_information_security.md') diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index 95e857c..434ace8 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -214,6 +214,11 @@ Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\tex ## Encryption +### Kerckhoffs' Principle + +Do not rely on the secrecy of the algorithm; only the keys have to be secret. +*Security by obscurity* is nonsense. + ### Cipher #### Block Cipher @@ -337,10 +342,59 @@ Infrastructure providing the service of public key distribution. - Extended Validation SSL Certificate (EV cert) Expensive. CA checks same as *OV* + official record matching. +## Crypto Analysis + +### Side Channel Analysis + +*Side Channel Analysis* focuses on analyzing unintended *side-channels*, which might not have respected enough in security design. +*Side-channels* are all communication channels not used for main communication. +In many embedded devices, IO pins are the main channel of communication. Any other channel is a *side-channel*. +The attack focus moves from the logical layer (algorithms) to the physical layer (time, power etc.). + +### Simple Power Analysis (SPA) + +Every instruction/data consumes a specific amount of power. This power is measurable in execution time. +So measuring current power consumption allows the attacker to conclude to the currently executed instruction / accessed data! + +#### Defences + +- Execute leaking instructions on full time anyways, even if they are not needed. +- Make executions input-independent + +### Differential Power Analysis (DPA) + +Similar to *SPA*, but *DPA* focuses on the change of values. Precisely, is analyzes the effects correlated to the change of values. +Data depends on inputs. Now the attacker tries different inputs and observes data changes by constantly measuring the power. + +### Timing Analysis + +Runtime of algorithms might depend on input data. If the data can be split into chunks, currect chunks might take a different time +than incorrect ones. Also, the time it takes might depend on the number of correct chunks, (e.g. n correct chunks and k incorrect chunks +may take a different time to process than n-1 correct and k+1 incorrect ones). + +#### Example + +The algorithm that checks a password checks the input char by char, from left to right. *It stops checking the rest of the characters, if one character is wrong.* +The password is `IntroSec`. + +1. The attacker guesses `testtest`. The algorithm takes 100 ns to process. +2. The attacker guesses `Iesttest`. The algorithm takes 110 ns to process. Now the attacker learned that the first character is likely to be correct. +3. The attacker guesses `Itsttest`. The alogrithm takes 110 ns to process. The attacker detects no significant change in processing time, + so it is likely that there is no new correct char. +4. The attacker continues, learning char by char for each processing time increase, until he got the full password. + ## Threat scenarios No security issues without threat models! E.g. a password is considered safe without any provided threat model. +### Passive Attack + +Attacker only reads data from a communication channel. + +### Active Attack + +Attacker inserts, alters or deletes data on a communication channel. + ### Smurf attack Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network. @@ -377,7 +431,7 @@ Victim enters his password and the attacker captures the data forwarded by the f 1. Session begins, server issues session ID (SID), which gets stored as a client cookie. 2. A client changes his own SID cookie according to a SID of another client, therefore hijacking the session and being able to do everything the other client can do. He can do this by -2.1 Brute-force. +2.1 Brute-force. 2.2 Having access to the cookie and simply reading it out (security failure). #### Countermeasures -- cgit v1.2.1