SOEN 321, Information System Security, Tutorial 2 ================================================= September 23, 2002 Prepared by Serguei Mokhov, mokhov@cs.concordia.ca Update: September 26, 2002 Update: October 22, 2002, links to programs fetching webmail Update: Fall 2004 $Id: 02-emails-hashing-crypto.txt,v 1.6 2004/12/12 22:05:57 mokhov Exp $ $Revision: 1.6 $ Credits ------- [1] David K. Probst, probst@vax2.concordia.ca [2] Michael Spanner, spanner@cs.concordia.ca Topics: ------- o Safe Email Practices for Yourself and Others o Hashing, conventional crypto, symmetric crypto Why am I against HTML messages? ------------------------------- HTML Messages pose privacy and security risks, as well as make a message twice or larger in size, resulting in wasted network bandwidth, increased time to sign/encrypt/send/transport/receive/decrypt/etc. Harm: DoS, Integrity, Confidentiality, Privacy ===== *DoS EXAMPLE* o Lame "Killer" JavaScript *Privacy EXAMPLE* (Email privacy? - absurd.) o A transparent image pixel... --> email has been read --> precise day time --> your IP --> port scan --> hole? Mwuahahaha! (That's BTW how some "receipts" are being sent) http://www.cablemodemhelp.com/portscan.htm *CI EXAMPLE* o An embedded virus Vulnerable: =========== Almost any Web-based mailer (such as Hotmail, Yahoo), Outlook Express, Outlook, Exchange, MS Mail, Netscape Mail (with HTML on)... Instructions on how to set up plain text format in Yahoo! and Hotmail accounts to do not send HTML messages. html-email-off.shtml Possible Remedy =============== There are public domain programs and script allowing users to fetch your webmail from the sites offering the webmail service, such as Yahoo! and Hotmail. Thes program often sit as intermediary POP server programs and feed the mail to your faivorite mail client via POP protocol. As mail arrives, you can set up all sort of filters. Here are some of such programs: Yahoo!: YahooPOPs!: http://yahoopops.sourceforge.net/ FetchYahoo: http://web.mit.edu/ravir/fetchyahoo/index.html Hotmail: Gotmail: http://ssl.usu.edu/paul/gotmail/ Search others for yourself on the web. Also Recommended Readings: ------------------------- Chapters 3 and 13 of the textbook. Encryption vs. Hashing [2] ---------------------- Dr. Probst: encryption versus hashing _________________________ There is a description of encryption and decryption on p. 55 of our text. You can see one function mapping the plaintext into ciphertext, and another function mapping the ciphertext back into (the original) plaintext. Nothing mysterious here. One goal of a cryptosystem is to *encrypt* an intelligible message called a plaintext into an incomprehensible message called a ciphertext. The legitimate receiver of the ciphertext should be able to *decrypt* the ciphertext to recover the original plaintext. A bad guy might be able to *cryptoanalyze* the ciphertext and recover the plaintext. Cryptoanalysis is totally different from decryption, generally speaking. Of course, cryptoanalysis might consist of guessing the key and then using the guessed key for decryption. For all these reasons, we use special functions for encryption and decryption. A one-to-one (i.e., injective) function f : X --> Y is "one-way" if it is easy to compute f(x) for any x in X but hard to compute f^-1(y) for most randomly selected y in the range of f. The functions used for encryption are *trapdoor* one-way functions. These are functions that remain one-way _only if_ some information (called the "decryption key") is kept secret. A function h(x) from the set of strings of n symbols to the set of strings of k symbols, with k usually much smaller than n, is called a *hash function* if h(x) is easy to compute for any x, but - no one can feasibly find two different values of x that give the same h(x) ("collision resistance"), and - given y in the image of H, no one can feasibly find an x such that h(x) = y ("preimage resistance") Hash functions are non-trapdoor one-way functions; in fact, they are just plain one-way functions. These are two mathematically different kinds of functions: with encryption, we _want_ to invert; with hashing, we do not _want_ to invert. Data confidentiality is keeping information secret from all except those people authorized to see it. Data integrity is ensuring information has not been altered by unauthorized or unknown means. Encryption can be used to implement confidentiality. Hash functions can be used to implement integrity. Hashing, Conventional Cryptography, Symmetric Key Crytography [1] ------------------------------------------------------------- o hashing: "9 mod 2 -> 1" "7 mod 2 -> 1" "5 mod 2 -> 1" they all go to 1. Which was the original message? o conventional: put a paper message into a locked box, then send the box and the key separately, or have multitple copies of the key [SM]: Problem: how to deliver the key securely? o symmetric crypto: - put a paper message into a box, and lock it with your own padlock - send it to your friend - your friend puts his padlock onto it and sends it back to you - you take your lock off, and send the box (which still has friend's lock on it) back to your friend - the friend unlocks it, and finally sees the message - everyone gets their own key, with no copies [SM]: Of course, one may ask (and did ask :)), how do you know that the box you get back has really your friend's lock on it and not the one of a bad guy? ---> Digital Signature EOF