文档详细内容(约25页)
Cooper, J.A., Goldreich, O. Computer Security and Cryptography The Electrical Engineering Handbook Ed. Richard C. Dorf Boca raton crc Press llc. 2000
Cooper, J.A., Goldreich, O. “Computer Security and Cryptography” The Electrical Engineering Handbook Ed. Richard C. Dorf Boca Raton: CRC Press LLC, 2000
97 Computer Security and Cryptography 97.1 Computer and Communications Security Arlin Cooper hysical Security.Cryptology. Software Security. Hardware Sandia National laboratories Security. Network Security. Personnel Security Oded Goldreich 97.2 Fundamentals of Cryptography Central Paradigms. Pseudorandomness. Zero-knowledge Weizmann Institute of Science Encryption. Signatures.Cryptographic Protocols 97.1 Computer and Communications Security . Arlin Cooper Computer security is protection of computing assets and computer network communication assets against abuse, unauthorized use, unavailability through intentional or unintentional actions, and protection against undesired information disclosure, alteration, or misinformation In todays environment, the subject encom passes computers ranging from supercomputers to microprocessor-based controllers and microcomputers, software, peripheral equipment(including terminals, printers), communication media(e.g, cables, antennas, satellites), people who use computers or control computer operations, and networks(some of global extent) that interconnect computers, terminals, and other peripherals Widespread publicity about computer crimes(losses estimated at between $300 million and $500 billion per year), hacker(cracker)penetrations, and viruses has given computer security a high profile in the public eye Hafner and Markoff, 1991]. The same sorts of technologies that have made computers and computer network communications essential tools for information and control in almost all businesses and organizations have ovided new opportunities for adversaries and for accidents or natural occurrences to interfere with crucial functions. Some of the important aspects are industrial/national espionage, loss of functional integrity (e.g in air traffic control, monetary transfer, and national defense systems), and violation of society's desires(e.g compromise of privacy). The emergence of the World Wide Web access to the Internet has been accompanied by recent focus on financial transaction vulnerabilities, crypto system weaknesses, and privacy issues Fortunately, technological developments also make a variety of controls(proactive and follow-up)available or computer security. These include personal transaction devices(e.g, smart cards, and tokens), biometric verifiers, port protection devices, encryption, authentication, and digital signature techniques using symmet rical(single-key) or asymmetrical (public-keyapproaches, automated auditing, formal evaluation of security features and security products, and decision support through comprehensive system analysis techniques. Although the available technology is sophisticated and effective, no computer security protective measures perfect, so the goal of prevention(security assurance)is almost always accompanied by detection(early discovery security penetration)and penalty( denial of goal, e. g, information destruction; or response, e. g, prosecution he information in this section is intended to survey the major contemporary computer security threats, vulnerabilities, and controls. A general overview of the security environment is shown in Fig. 97. 1. The oval in the figure contains an indication of some of the crucial concentrations of resources that exist in many facilities, including digital representations of money, representations of information about operations, designs, software, and c 2000 by CRC Press LLC
© 2000 by CRC Press LLC 97 Computer Security and Cryptography 97.1 Computer and Communications Security Physical Security • Cryptology • Software Security • Hardware Security • Network Security • Personnel Security 97.2 Fundamentals of Cryptography Central Paradigms • Pseudorandomness • Zero-Knowledge • Encryption • Signatures • Cryptographic Protocols 97.1 Computer and Communications Security J. Arlin Cooper Computer security is protection of computing assets and computer network communication assets against abuse, unauthorized use, unavailability through intentional or unintentional actions, and protection against undesired information disclosure, alteration, or misinformation. In today’s environment, the subject encompasses computers ranging from supercomputers to microprocessor-based controllers and microcomputers, software, peripheral equipment (including terminals, printers), communication media (e.g., cables, antennas, satellites), people who use computers or control computer operations, and networks (some of global extent) that interconnect computers, terminals, and other peripherals. Widespread publicity about computer crimes (losses estimated at between $300 million and $500 billion per year), hacker (cracker) penetrations, and viruses has given computer security a high profile in the public eye [Hafner and Markoff, 1991]. The same sorts of technologies that have made computers and computer network communications essential tools for information and control in almost all businesses and organizations have provided new opportunities for adversaries and for accidents or natural occurrences to interfere with crucial functions. Some of the important aspects are industrial/national espionage, loss of functional integrity (e.g., in air traffic control, monetary transfer, and national defense systems), and violation of society’s desires (e.g., compromise of privacy). The emergence of the World Wide Web access to the Internet has been accompanied by recent focus on financial transaction vulnerabilities, crypto system weaknesses, and privacy issues. Fortunately, technological developments also make a variety of controls (proactive and follow-up) available for computer security. These include personal transaction devices (e.g., smart cards, and tokens), biometric verifiers, port protection devices, encryption, authentication, and digital signature techniques using symmetrical (single-key) or asymmetrical (public-key) approaches, automated auditing, formal evaluation of security features and security products, and decision support through comprehensive system analysis techniques. Although the available technology is sophisticated and effective, no computer security protective measures are perfect, so the goal of prevention (security assurance) is almost always accompanied by detection (early discovery of security penetration) and penalty (denial of goal, e.g., information destruction; or response, e.g., prosecution and punishment) approaches. The information in this section is intended to survey the major contemporary computer security threats, vulnerabilities, and controls. A general overview of the security environment is shown in Fig. 97.1. The oval in the figure contains an indication of some of the crucial concentrations of resources that exist in many facilities, including digital representations of money; representations of information about operations, designs, software, and J. Arlin Cooper Sandia National Laboratories Oded Goldreich Weizmann Institute of Science
RIGHT WRONG WAY ITITITIIIITT FIGURE 97. 1 An overview of the computer and communications security environmen people; hardware for carrying out(or peripheral to)computing and communications, people involved in operating the facility; utility connections (e.g, power ) and interconnection paths to outside terminals and users, including hard-wired connections, modems for computer(and FAX) communication over telephone lines, and electromag- etic links(e.g, to satellite links, to ground antenna links, and to aircraft, spacecraft, and missiles). Each of these points of termination is also likely to incorporate computer(or controller) processing. Other factors implied include the threats of fire, water damage, loss of climate control, electrical disturbances (e.g, due to lightning or power loss), line taps or TEMPEST emanations interception, probes through known or unknown dial-up connections, unauthorized physical entry, unauthorized actions by authorized personnel, and delivery through ordinary channels (e. g, mail)of information(possibly misinformation) and software (possibly containing embedded threat programs). Also indicated is guidance for personnel about acceptable and unacceptable actions through policy and regulations. The subject breadth can be surveyed by categorizing into physical security, cryptology techniques, software security, hardware security, network security, and per sonnel security (including legal and ethical issues). Because of the wide variety of threats, vulnerabilities, and assets, selections of controls and performance assessment typically are guided by security-specific decision- support analyses, including risk analysis and probabilistic risk assessment(PRA) Physical Security Physical access security ranges from facility access control (usually through personal identification or authen- tication)to access(or antitheft)control for individual items(e. g, diskettes and personal computers). Techniques used generally center around intrusion prevention(or invoking a significant time delay for an adversary) and intrusion detection, which allows a response through security guard, legal or administrative action, or automatic devaluation of the penetration goal(e.g, through information destruction)[ Cooper, 1989] Physical environmental security protects against natural threats, such as power anomalies or failures,water damage, fire, earthquake, and lightning damage, among others. An example suited to computer requirements c 2000 by CRC Press LLC
© 2000 by CRC Press LLC people; hardware for carrying out (or peripheral to) computing and communications; people involved in operating the facility; utility connections (e.g., power); and interconnection paths to outside terminals and users, including hard-wired connections, modems for computer (and FAX) communication over telephone lines, and electromagnetic links (e.g., to satellite links, to ground antenna links, and to aircraft, spacecraft, and missiles). Each of these points of termination is also likely to incorporate computer (or controller) processing. Other factors implied include the threats of fire, water damage, loss of climate control, electrical disturbances (e.g., due to lightning or power loss), line taps or TEMPEST emanations interception, probes through known or unknown dial-up connections, unauthorized physical entry, unauthorized actions by authorized personnel, and delivery through ordinary channels (e.g., mail) of information (possibly misinformation) and software (possibly containing embedded threat programs). Also indicated is guidance for personnel about acceptable and unacceptable actions through policy and regulations. The subject breadth can be surveyed by categorizing into physical security, cryptology techniques, software security, hardware security, network security, and personnel security (including legal and ethical issues). Because of the wide variety of threats, vulnerabilities, and assets, selections of controls and performance assessment typically are guided by security-specific decisionsupport analyses, including risk analysis and probabilistic risk assessment (PRA). Physical Security Physical access security ranges from facility access control (usually through personal identification or authentication) to access (or antitheft) control for individual items (e.g., diskettes and personal computers). Techniques used generally center around intrusion prevention (or invoking a significant time delay for an adversary) and intrusion detection, which allows a response through security guard, legal or administrative action, or automatic devaluation of the penetration goal (e.g., through information destruction) [Cooper, 1989]. Physical environmental security protects against natural threats, such as power anomalies or failures, water damage, fire, earthquake, and lightning damage, among others. An example suited to computer requirements FIGURE 97.1 An overview of the computer and communications security environment
tility Power Rectifier BAttery Charge Gate Battery Bank FIGURE 97.2 Uninterruptible power system. is Halon fire suppression(although Halon use is now being replaced because of environmental concern). Note that some of the natural threats can also be adversary-caused Since there is potential (in spite of protection) for a loss, contingency planning is essential. This includes provisions for software backup(usually off-site hardware backup(e.g, using reciprocal agreements, hot sites, or cold sites [Cooper, 1989]), and disaster ecovery, guided by a structured team that has prepared through tests(most typically simulated) An example of power protection technology is the widely used uninterruptible power system(UPS).An online UPS implementation is shown in Fig. 97. 2. Utility power is shown passed through a switch to a rectifier and gated to an inverter. The inverter is connected to the critical load to be protected. In parallel, continuous charge for a battery bank is provided. Upon loss of utility power, the battery bank continues to run the inverter, thereby furnishing power until graceful shutdown or switching to an auxiliary engine generator can be accom plished. The switch at the lower right protects the UPS by disconnecting it from the load in case of a potentially catastrophic(e.g, short)condition. Cryptology Cryptology includes techniques for securely hiding information (encrypting) from all but intended recipients, for authenticating messages, and for digital signatures, all through the use of ciphers(cryptosystems)[ Simmons, 1992]. It also includes techniques for deducing at least a subset of encrypted information( cryptanalysis)without the privileged knowledge possessed by the intended recipients. Cryptanalysis knowledge is an important asset evelopment of cryptosystems. An example of a contemporary measure of cryptanalysis resistance is putational complexity, which can be applied to measure the inherent difficulty of numeric cryptanalysis processing for some cryptosystems. Figure 97.3 shows the main components of cryptology. The information to be protected is called plaintextcleartext), and protected information is called ciphertext. Adversaries can assively obtain ciphertext, or they might actively interrupt the communication link and attempt to spoof the information recipient. Some of the objectives of encryption are secrecy, authentication(assurance to recipient of sender identity ) and digital signatures(authentication plus assurance to the sender and to any third parties that the recipient ould not have created the signature). As in physical security, assurance of integrity means preventing inter erence in the information-conveying process or, failing that, detecting interference. Here, interference may have the aims of eavesdropping, modifying, introducing misinformation, disavowing messages, and falsely laiming receipt of messages. Almost all cryptosystems involve transformations( frequently made public and almost always assumed to be known by adversaries) of information based on one or more keys(see Fig. 97.3), at least one of which must be kept secret to protect against adversaries. A single-key(symmetric) cryptosystem has only one secret key, c 2000 by CRC Press LLC
© 2000 by CRC Press LLC is Halon fire suppression (although Halon use is now being replaced because of environmental concern). Note that some of the natural threats can also be adversary-caused. Since there is potential (in spite of protection) for a loss, contingency planning is essential. This includes provisions for software backup (usually off-site), hardware backup (e.g., using reciprocal agreements, hot sites, or cold sites [Cooper, 1989]), and disaster recovery, guided by a structured team that has prepared through tests (most typically simulated). An example of power protection technology is the widely used uninterruptible power system (UPS). An online UPS implementation is shown in Fig. 97.2. Utility power is shown passed through a switch to a rectifier and gated to an inverter. The inverter is connected to the critical load to be protected. In parallel, continuous charge for a battery bank is provided. Upon loss of utility power, the battery bank continues to run the inverter, thereby furnishing power until graceful shutdown or switching to an auxiliary engine generator can be accomplished. The switch at the lower right protects the UPS by disconnecting it from the load in case of a potentially catastrophic (e.g., short) condition. Cryptology Cryptology includes techniques for securely hiding information (encrypting) from all but intended recipients, for authenticating messages, and for digital signatures, all through the use of ciphers (cryptosystems) [Simmons, 1992]. It also includes techniques for deducing at least a subset of encrypted information (cryptanalysis) without the privileged knowledge possessed by the intended recipients. Cryptanalysis knowledge is an important asset in the development of cryptosystems. An example of a contemporary measure of cryptanalysis resistance is computational complexity, which can be applied to measure the inherent difficulty of numeric cryptanalysis processing for some cryptosystems. Figure 97.3 shows the main components of cryptology. The information to be protected is called plaintext (cleartext), and protected information is called ciphertext. Adversaries can passively obtain ciphertext, or they might actively interrupt the communication link and attempt to spoof the information recipient. Some of the objectives of encryption are secrecy, authentication (assurance to recipient of sender identity), and digital signatures (authentication plus assurance to the sender and to any third parties that the recipient could not have created the signature). As in physical security, assurance of integrity means preventing interference in the information-conveying process or, failing that, detecting interference. Here, interference may have the aims of eavesdropping, modifying, introducing misinformation, disavowing messages, and falsely claiming receipt of messages. Almost all cryptosystems involve transformations (frequently made public and almost always assumed to be known by adversaries) of information based on one or more keys (see Fig. 97.3), at least one of which must be kept secret to protect against adversaries. A single-key (symmetric) cryptosystem has only one secret key, FIGURE 97.2 Uninterruptible power system
Encryption Key Plaintext) Encryption Decryption Active Adversary FIGURE 97.3 Basic cryptosystem functions 64-bit plaintext bloc ck 56-bit key(8 parity checks discarded) split into two 32-bit groups split into two 28-bit groups 匚 expansion to48bts 48-bit key extract combine/extract/transpose □8 S-boxes:6m4ou permutation nterchange (total of 16 sequentially produ and similar key extractions total of 16 sequentially produced and similar rounds") 匚64 bit ciphertext block FIGURE 97.4 Basic function of the DES algorithm. which is used to encrypt information by the sender and to decrypt information by the recipient. a prior secure process is necessary so that both sender and recipient know(and no adversary knows)the key. The most well-known and most widely used single-key cryptosystem in history is the Data Encryption Standard(DES), published by the U.S. National Bureau of Standards [1977](now the National Institute of Standards and Technology, NIST), with National Security Agency(NSA) consultation. DES utilizes a 56-bit key(some weak and semi-weak keys are excluded) to encipher information in blocks of 64 bits. It involves substitution and permutation, linear and nonlinear transformations, and 16 successive rounds" of key-depen- dent processing(general indication of logic shown in Fig. 97. 4). The DES cryptosystem is identical for encryp- on and decryption, except that the order of application of the 16 key extractions is reversed. Like most cryptosystems of this type, DES is usually used with some form of chaining(mixing ciphertext or information that produces ciphertext from one block with plaintext or information that produces ciphertext in the quent block at the transmitter, and then inverting the process at the receiver). Three chaining technique specified for DES (and usable in most other cryptosystems)are indicated in Fig. 97.5, along with the basic electronic codebook block form. The k bits shown are typically eight bits, and these are shifted into the first k positions of a shift-register/buffer after each encryption. Coordinated time stamps or initial values(Ivs)ar used to prevent identical transformation for each system start. c 2000 by CRC Press LLC
© 2000 by CRC Press LLC which is used to encrypt information by the sender and to decrypt information by the recipient. A prior secure process is necessary so that both sender and recipient know (and no adversary knows) the key. The most well-known and most widely used single-key cryptosystem in history is the Data Encryption Standard (DES), published by the U.S. National Bureau of Standards [1977] (now the National Institute of Standards and Technology, NIST), with National Security Agency (NSA) consultation. DES utilizes a 56-bit key (some weak and semi-weak keys are excluded) to encipher information in blocks of 64 bits. It involves substitution and permutation, linear and nonlinear transformations, and 16 successive “rounds” of key-dependent processing (general indication of logic shown in Fig. 97.4). The DES cryptosystem is identical for encryption and decryption, except that the order of application of the 16 key extractions is reversed. Like most cryptosystems of this type, DES is usually used with some form of chaining (mixing ciphertext or information that produces ciphertext from one block with plaintext or information that produces ciphertext in the subsequent block at the transmitter, and then inverting the process at the receiver). Three chaining techniques specified for DES (and usable in most other cryptosystems) are indicated in Fig. 97.5, along with the basic electronic codebook block form. The k bits shown are typically eight bits, and these are shifted into the first k positions of a shift-register/buffer after each encryption. Coordinated time stamps or initial values (IVs) are used to prevent identical transformation for each system start. FIGURE 97.3 Basic cryptosystem functions. FIGURE 97.4 Basic function of the DES algorithm
