Security and Cryptography

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

59 εμφανίσεις

1

Security and Cryptography


Security: all issues which
make secure
communication

(information transmission, two
(multiple) party interaction)
over insecure channels
.


Cryptography: the science and art of manipulating
messages to make them secure.


Classical cryptographic techniques.


Along with the development of communication
networks and their broad applications, network
security is becoming a more serious problem.


Thus, call for modern cryptography.

2

Network threats and attacks

Passive:

Active:

Eavesdropping

Traffic analysis

Masquerading

Replay


Modification

Denial of service

Client

Server

Attac
ker

Server

Client

Server

modify

Client

client

Server

Man
-
in
-
middle

Client

Server

3

Security requirements for transmitting information


Privacy or confidentiality: the information should be
readable only by the intended receiver. i.e., protect the
information from eavesdropping.


Integrity: the receiver can confirm that a message has not
been altered during transmission, i.e., protect the
information from tampering.


Authentication: any party (sender or receiver) can verify
that the other party is who he or she claims to be, i.e.,
validate the identity of the other party.


Nonrepudiation: the sender can not deny having sent a given
message. i.e., if a transaction (e.g., a purchase) has occurred
between two parties, the nonrepudiation service can prove
that for any party, he/she really performed the transaction
him/herself, not by any other person.

4

Approaches to implementing security

Confidentiality:

By
encryption (and decryption)

Sender: encrypts the message using a key and sends the encrypted message.

Receiver: decrypts the encrypted message using the same key as the


sender’s key or a key derivable from the sender’s key.

Integrity:

By checksum or
hash value/message digest.

Sender: computes checksum/hash value/message digest from the message


and sends the message along with the checksum/hash value/message digest.

Receiver: re
-
computes checksum/hash value/message digest from received message


and compares with the transmitted checksum/hash value/message digest.

In some sense, it likes error
-
detection.

Problem:
the attacker, after intercepting the message, modifies the message,


computes the checksum for modified message, and resends them.

Solution: keyed checksum/hash value/message digest.

message

checksum

Both are transmitted

message

checksum

key

Message + checksum

are transmitted

5

Approaches to implementing security (cont.)

Authentication:

Traditional user ID and password.


Modern cryptography based authentication.


--
Digital signature.

Nonrepudiation:

Undeniable signature, i.e.,

Digital signature + verification protocol + disavowal protocol

6

Security requirements and their implementation

Confidentiality:

encryption (and decryption)

Integrity:



checksum
or
hash value/message digest

or

MAC
.

Authentication:

user ID and password

or
Digital signature.

Nonrepudiation:

Undeniable signature

Availability:

Intrusion detection and defense

Authorization:

Access control

Accountability:

Log, record, trace, system administration

Q: how to defense Replay attack?

Timestamps and/or sequence numbers
.

7

Classification of cryptosystems


Secret key systems vs. public key systems


Classical vs. modern


Classical: secret key systems


Shift
, Affine, Vigenere, Hill, Permutation
(transposition) cipher, Stream cipher


Modern:


Secret key systems


DES
, AES, PGM


Public key systems


RSA
, ElGamal, Elliptic Curve

8

Shift cipher
--
example


Suppose a plaintext word: cryptography


Change each letter by shifting the letter three
position rightward



The cipherword is: FUBSWRJUDSKB

Question:
if given the above cipherword, how to get original word?

Change each letter by shifting the letter three position leftward.

This kind of cryptosystem is called “
Caesar Cipher


9

Secret cryptosystem
--
DES


Data Encryption Standard (DES)


First version in 1975, developed by IBM.


A type of iterated cipher.


Plaintext block: 64 bits, key: 56 bits, ciphertext block:64 bits.


Steps:


Initial permutation (IP)


16 rounds of transformations


Inverse permutation (IP
-
1
)

10

Key management and exchange


Key

is the essential part in any cryptosystem,
especially in secret key systems.


How to distribute/exchange key/keys between
two users/any pair of multiple users.


Therefore key management and key exchange
come into play.


Also public key systems appeared.

11

Why public
-
key cryptography

1.
The two communicants in secret key system require the


prior communication of key, using a secure channel.


it is very difficult to achieve in practice. Unless the two


communicants meet together, phone call, post mail, email


etc., are not secure.

2.
Suppose there are
n

users and every pair of users want to


communicate. In secret
-
key system, it is necessary that


the total number of keys is
n
(
n
-
1)/2. Very difficult to


management and quite insecure.


However, in public
-
key system, every user selects his/her


own private key and public key, and publicizes the public


key but keep the private key secret. Quite easy and very secure.


The main problem with public
-
key system is that it is very slow.

12

Public
-
key cryptosystem


Secret
-
key cryptosystem:


e
K

&
d
K
:
d
K

is the same as or derived from
e
K
.


Called
symmetric
-
key

cryptosystem.


Problem: how to distribute
e
K

&
d
K

to Alice & Bob
securely.


Public
-
key cryptosystem:


Computationally infeasible to compute
d
K

from
e
K
.


Called
asymmetric
-
key

cryptosystem.


e
K
is made public, called
public key



But
d
K
is kept secret, called
private key
.

13

Public
-
key system: how it works


Everybody selects its own
public key

P

and
private key S
, and publicizes
P
.


Therefore Alice has (
P
a

,
S
a
), and Bob has (
P
b

,
S
b
).


Everybody knows
P
a
,
P
b
, …


Suppose Alice wants to send a message to Bob.


Alice encrypts the message with Bob’s
public key

P
b

and sends out.


(only) Bob can decrypt the message using his
private
key

S
b
. Nobody else can.

14

RSA cryptosystem


Suppose
n=p

q
, where
p

and
q

are big primes.


Select (find)
a

and
b
, such that
a

b=
1 mod

(
n
).


K
=(
n
,p,q,a,
b
), publicize
n
,
b
, but keep
p,q,a

secret.


For any
x,y

Z
n
,
define


e
K
(
x
)=
x
b

mod
n


d
K
(
y
)=
y
a

mod
n


Of course, from
n,b
, it is very difficult to get
a
(as
well as

p,q,

(
n
))
.

15

Two party key management


By public key cryptosystems:


Alice selects a random value
k

as a key


Alice encrypts the key
k

with Bob’s public key and
sends to Bob


Bob decrypts the key using his private key


Alice and Bob encrypt/decrypt messages using secret
key systems such as DES with the key
k
.


This is a typical combination of secret and public key
systems.


By Diffie
-
Hellman key agreement


Based on Discrete Logarithm Problem

16

DLP (Discrete Logarithm Problem)


Suppose
p

is an odd prime.


Z
p
={0,1,…,
p
-
1} is a finite field.


Z
p
*
: the set of integers which are
relatively prime to
p
.


{
a



Z
p

| gcd(
a
,
p
)=1}={1,…,
p
-
1}



it is a
cyclic

multiplicative group.


g

is a generator of
Z
p
*

,


i.e.

,
Z
p
*
={
g

0

mod
p
,
g

1
mod
p
, …,
g

p
-
2

mod
p
}.


DLP problem


Given any
a
, compute
b
=
g
a

(mod
p
) is
easy.


given any
b
,
find an
a

such that

b
=
g
a

(mod
p
) is
difficult.


Denoted as
a
= log
g
b
.
Omit:
mod
p

for simplicity
.

17

(Two
-
party) Diffie
-
Hellman (
DH
) key exchange

Suppose
p

and
g

are publicly known:

g
a

g
b

(
a

(
b



g
b
mod p
)

K=
(
g
b
)
a
=
g
ab

K=
(
g
a
)
b
=
g
ab

Alice

Bob



g
a
mod p
)

Anyone else can compute

g
a
g
b
=

g
a+b

but not

g
ab


18

cryptology


Cryptology = cryptography + cryptanalysis.


Cryptography: devise cryptosystems.


Cryptanalysis: break cryptosystems.


19

Kerckhoff

principle and attack levels


Kerckhoff

principle:
the cryptosystem is publicly known,
but only the

key

is secret. Breaking a cryptosystem (i.e.,
cryptanalysis) means figuring out the
key

currently used.


Attack levels:


Ciphertext
-
only: the attacker possesses a string of ciphertext,
y
.


Known plaintext: the attacker possesses a string of plaintext,
x,
and the corresponding ciphertext,
y
.


Chosen plaintext: the attacker has obtained temporary access to
the encryption machinery. Hence, he can choose a plaintext
string,
x
, and construct the corresponding ciphertext string,
y
.


Chosen

ciphertext: the attacker has obtained temporary access
to the decryption machinery. Hence, he can choose a ciphertext
string,
y
, and construct the corresponding plaintext string,
x
.


20

Internet security protocols


The Internet has implemented a suite of
security protocols combining secret
-
key,
public
-
key, digital signature, message
digest, etc.


IPSec (IP security): i.e.,
IP layer / network layer


SSL (Secure Socket Layer) & TLS (Transport
Layer Security):
transport layer


SSH (Secure Shell), SFTP, HTTPS, PGP
(Pretty Good Privacy):
application layer

21

IPSec key agreement

Entity A

Entity B

Crypto suites I support

Crypto suite I choose

g
a

mod p

g
b

mod p

g
ab

mod p{“Alice”, proof I am Alice}

g
ab

mod p{“Bob”, proof I am Bob}

22

SSL position

Copied from http://developer.netscape.com/docs/manuals/security/sslin/

23

SSL functionality


Server authentication (by public certificate)


Client authentication (Optional)


Data encryption (by secret key system)


Integrity protection by (MAC)

24

SSL handshake

Client

Server

I want to talk, ciphers I support, R
C

Certificate (
PS
), cipher I choose, R
S

{S}
PS
, {
keyed hash of handshake MSG
}

{keyed hash of handshake MSG}

Data protected by keys derived from
K

K
=
f
(S,R
C
,R
S
)

K
=
f
(S,R
C
,R
S
)

compute

compute

There are total six keys, three keys (encryption key, IV, integrity key) in each direction.