Computer Science and Information Technology

Showing posts with label Software Security. Show all posts

Hundreds of thousands of computer programs fall into one of the seven broad application domains discussed in the preceding subsection. Some of these are state-of-the-art software—just released to individuals, industry, and government. But other programs are older, in some cases much older.

These older programs—often referred to as legacy software—have been the focus of continuous attention and concern since the 1960s. Dayani-Fard and his colleagues [Day99] describe legacy software in the following way:

Legacy software systems . . . were developed decades ago and have been continually modified to meet changes in business requirements and computing platforms. The proliferation of such systems is causing headaches for large organizations who find them costly to maintain and risky to evolve.

Liu and his colleagues [Liu98] extend this description by noting that “many legacy systems remain supportive of core business functions and are ‘indispensable’ to the business.” Hence, legacy software is characterized by longevity and business criticality.

Unfortunately, there is sometimes one additional characteristic that is present in legacy software—poor quality. Legacy systems sometimes have inextensible designs, convoluted code, poor or nonexistent documentation, test cases and results that were never archived, a poorly managed change history—the list can be quite long. And yet, these systems support “core business functions and are indispensable to the business.” What to do?

The only reasonable answer may be: Do nothing, at least until the legacy system must undergo some significant change. If the legacy software meets the needs of its users and runs reliably, it isn’t broken and does not need to be fixed. However, as time passes, legacy systems often evolve for one or more of the following reasons:

The software must be adapted to meet the needs of new computing environments or technology.
The software must be enhanced to implement new business requirements.
The software must be extended to make it interoperable with other more modern systems or databases.
The software must be re-architected to make it viable within a network environment.

When these modes of evolution occur, a legacy system must be re-engineered so that it remains viable into the future. The goal of modern software engineering is to “devise methodologies that are founded on the notion of evolution”; that is, the notion that software systems continually change, new software systems are built from the old ones, and . . . all must interoperate and cooperate with each other”

The purpose for this algorithm is to enable two users to exchange a key securely that can then be used for subsequent encryption of messages. It depends for its effectiveness on the difficulty of computing discrete logarithms.

The public-key authority could be a bottleneck in the system, for a

user must appeal to the authority for a public key for every other user that it wishes to contact. As before the directory of names and public keys maintained by the authority is vulnerable to tempering.

The authority maintains a directory with a entry for each participant.
Each participant registers a public key with the directory authority.
A participant may replace the existing key with a new one at any time.
Periodically, the authority publishes the entire directory or updates to the directory.
Participants could also access the directory electronically.

Public announcement

Publicly available directory

Public-key authority

Public-key certificates

There are two aspects to the use of public-key cryptography

In this regard:

The distribution of public keys
The use of public-key encryption to distribution secret keys

Linear cryptanalysis based on finding linear approximations to describe the transformations performed in DES

A desirable property of any encryption algorithm is that a small change in either the plaintext or the key should produce a significant change in the ciphertext.In particular, a change I one of the plaintext or one bit of the key should produce a change in many bits of the ciphertext.

The role of the S-boxes in the function F is that the substitution consists of a set of eight S-boxes ,each of which accepts 6 bits as input and produces 4 bits as follows: The first and last bits of the input to box Si form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for Si.The middle four bits select one of the sixteen columns.The decimal value in the cell selected by the row and column is then converted to its 4-bit representation to produce the output. For example, in S1,for input 011001,the row is 01 and the column is 1100.The value in row 1,column 12 is 9,so the output is 1001.

Block size: Larger block sizes mean greater security but reduced encryption/decryption speed. A block size of 64 bits is a reasonable tradeoff and has been nearly universal in block cipher design.However, the new AES uses a 128-bit block size.
Key size:Larger key size means greater security but may decrease encryption/decryption speed.Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has ecome a common size.
Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security.A typical size is 16 rounds.
Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis.
Round function: Again, greater complexity generally means greater resistance to cryptanalysis.

In Diffusion the statistical structure of the plaintext is dissipated into long range statistics of the cipher text. This is achieved by having each plaintext digit affect the value of many cipher text digits. Which is equivalent to saying that each cipher text digit is affected by many plaintext digits.

Confusion seeks to make a relationship between the statistics of the cipher text and the value of the encryption key as complex as possible. Thus even if the attacker can get some handle on the statistics of the cipher text, the way in which the key was used to produce that cipher text is so complex as to make it difficult to deduce the key.

A block cipher process the input one block of elements at a time producing an output block for each input block.

A stream cipher process the input elements continuously , producing output one element at a time, as it goes along.

Feistel cipher using the concept of a product cipher, which is the performing of two or more basic ciphers in sequence in such a way that the final result or product is cryptographically stronger then any of the component ciphers.

Feistel proposed the use of a cipher that alternates substitutions and permutations. So Feistel cipher is considered to be an important one.

In monoalphabetic cipher single cipher alphabet is used per message. But in polyalphabetic cipher there are multiple ciphertext letters for each plaintext letter, one for each unique letter of keyword.

A dramatic increase in the key space is achieved by allowing an arbitrary substitution. There are 26! Possible keys. It is referred to as monoalphabetic substitution cipher, because a single cipher alphabet is used per message.

The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places down the alphabet .The alphabet is wrapped around, so that the letter following Z is A.

C = E (p) = (p + 3) mod (26)

The general Caesar cipher algorithm is

C = E (p) = (p + k) mod (26)

where k takes the value in the range 1 to 25

The decryption algorithm is

p = D(C) = (C - k) mod (26)

An encryption scheme is unconditionally secure if the cipher text generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available.

An encryption scheme is said to be computationally secure if:

The cost of breaking the cipher exceeds the value of the encrypted information.

The time required to break the cipher exceeds the useful lifetime of the information.

The general two approaches for attacking a cipher

Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some samples plaintext-cipher text pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. If the attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with the key are compromised.
Brute-force attack: The attacker tries every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

If both sender and receiver use the same key, the system is referred as symmetric, single-key, secret-key or conventional encryption. If both sender and receiver uses a different key, the system is referred as asymmetric, two-key or public key encryption.

All the encryption algorithms are based on two general principles:

Substitution: In which each element in the plaintext(bit, letter, group of bits or letters) is mapped into another element.

Transposition: In which elements in the plaintext are rearranged.

The fundamental requirement is that no information be lost(that is ,that all operations are reversible). Most systems, referred to as product systems, involve multiple stages of substitutions and transpositions.

Subscribe to: Posts (Atom)