Outline for March 10, 2003
Reading: text, §15.3-15.4, 22.1-22.5, 22.7
The PGP secure mailing system uses both RSA and a classical cipher
called IDEA. When one installs PGP, the software generates two large
(512 bits or so) numbers, to produce a modulus of 1024 bits. Such a
number is too large to be factored easily. The private and public keys
are generated from these quantities. The private key is enciphered with
a classical cipher using a user-supplied pass phrase as the key. To send
a message, a 128-bit key is randomly generated, and the message
enciphered using IDEA with that key; the key is enciphered using the
recipient's public key, and the message and enciphered key are sent.
- If you needed to compromise a user's PGP private key, what
approaches would you take?
- It's often said that PGP gets you the security of a key with length
1024. Do you agree?
Outline for the Day
- Lock and Key
- Associate with each object a lock; associate with each process that has access to object a key (it's a cross between ACLs and C-Lists)
- Example: use cryptography.
X object enciphered with key K.
Associate an opener R with X. Then:
OR-Access: K can be recovered with any Di in a list of n deciphering transformations, so
R = (E1(K),
En(K)) and any process with access
to any of the Di's can access the file
AND-Access: need all n deciphering functions to get
K: R = E1(E2(...En(K)...))
- Types and locks
- MULTICS ring mechanism
- MULTICS rings: used for both data and procedures; rights are REWA
- (b1, b2) access bracket - can access freely;(b3, b4) call bracket - can call segment through gate; so if
a's access bracket is (32,35) and its call bracket is (36,39), then assuming permission mode (REWA) allows access, a procedure in:
rings 0-31: can access a, but ring-crossing fault occurs
rings 32-35: can access a, no ring-crossing fault
rings 36-39: can access a, provided a valid gate is used as an entry point
rings 40-63: cannot access a
- If the procedure is accessing a data segment
d, no call bracket allowed; given the above,
assuming permission mode (REWA) allows access, a procedure in:
rings 0-32: can access d
rings 33-35: can access d, but cannot write to it (W or A)
rings 36-63: cannot access d
- Malicious logic
- Quickly review Trojan horses, viruses, bacteria; include animal and
Thompson's compiler trick
- Logic Bombs, Worms (Schoch and Hupp)
- Ideal: program to detect malicious logic
- Can be shown: not possible to be precise in most general case
- Can detect all such programs if willing to accept false positives
- Can constrain case enough to locate specific malicious logic
- Can use: writing, structural detection (patterns in code), common
code analyzers, coding style analyzers, instruction analysis
(duplicating OS), dynamic analysis (run it in controlled environment and
- Best approach: data, instruction typing
- On creation, it's type "data"
- Trusted certifier must move it to type "executable"
- Duff's idea: executable bit is "certified as executable"
and must be set by trusted user
- Practise: Trust
- Untrusted software: what is it, example (USENET)
- Check source, programs (what to look for); C examples
- Limit who has access to what; least privilege
- Your environment (how do you know what you're executing); UNIX examples
- Practise: detecting writing
- Integrity check files a la binaudit, tripwire; go through signature block
- LOCUS approach: encipher program, decipher as you execute.
- Co-processors: checksum each sequence of instructions, compute
checksum as you go; on difference, complain
Here is a PDF version of this document.