Network Security
Chapter 8
Cryptography
Cryptography functions
Secret key (e.g., DES)
Public key (e.g., RSA)
Message digest (e.g., MD5)
Security services
Privacy: preventing unauthorized release of information
Authentication: verifying identity of the remote
participant
Integrity: making sure message has not been altered
Encryption Algorithms
Private Key (DES)
64

bit key (56

bits + 8

bit
parity)
16 rounds
Round 1
Round 2
Round 16
. . .
plain text
Initial Permutation
Final Permutation
56bit
Key
Encrypt w/
Secret Key
Decrypt w/
Secret Key
plaintext
plaintext
ciphertext
Each round
Function F and generation of
K
i
for
each round not shown
Repeat for larger messages
L
i

1
R
i 1
L
i
R
i
F
+
i
K
cipher
1
block
1
DES
+
IV
cipher
block
DES
+
2
2
cipher
block
DES
+
3
3
cipher
block
DES
+
4
4
Multiplicative inverse
for public key
With n=7
4*2 mod 7 = 1
4
and
2
are multiplicative inverses mod 7
4
*3 mod 7 = 12 mod 7 = 5
2
*5 mod 7 = 10 mod 7 = 3
If you multiply any number by 4, take the
result and multiply it by 2, you will get the
original number back
Encryption & Decryption
c = m
e
mod n
m = c
d
mod n
Encrypt w/
Public Key
Decrypt w/
Private Key
plaintext
plaintext
ciphertext
Public Key (RSA)
Based on multiplicative group operations
Generate a public and private key
choose two large prime numbers
p
and
q
(each 256 bits)
multiply
p
and
q
together to get
n (at most 512 bits)
choose the encryption key
e
, such that
e
and
(p

1
)
x
(q

1
)
are relatively prime
two numbers are relatively prime if they have no common factor
greater than one.
compute decryption key
d
such that
d = e

1
mod((p

1)*(q

1))
construct public key as <
e, n
>
construct private key as <
d, n
>
discard (do not disclose) original primes
p
and
q
Example
p=5, q=11, n=p*q=55, m=message=9,
(p

1)(q

1)=40, e=23 and (p

1)*(q

1) are relatively
prime
We want d*e=1mod 40, d*23=1mod40
You can try all values less than 40
23*2=46=6mod40, 23*3=69=29mod40, 23*4=92=12mod40,
23*5=115=35mod40, 23*6=138=18mod40
23*7=161=1mod40, d=7
For a message m=9
c=m
e
modn=9
23
mod55 How big is this?
= 9
10
mod55*9
13
mod55= 1*14 mod 55
m=c
d
modn=14
7
mod55=105413504mod55=9
Breaking RSA
1977 challenge to break 430

bit message
Estimated 40 Quadrillion years to factor large
composites
April 1994 broken with 5000 MIP

years of
CPU
Breakage can be easier if something is
known about the key generation (time of day)
Message Digest
Cryptographic checksum:
just as a regular checksum protects the
receiver from accidental changes to the
message, a cryptographic checksum
protects the receiver from malicious
changes to the message.
One

way function:
given a cryptographic checksum for a
message, it is virtually impossible to figure
out what message produced that
checksum; it is not computationally feasible
to find two messages that hash to the
same cryptographic checksum.
Relevance:
if you are given a checksum for a message
and you are able to compute exactly the
same checksum for that message, then it
is highly likely this message produced the
checksum you were given.
Speed
175MHz DEC Alpha
Custom Hardware
Sonicwall claims 54Mbps DES3 in hardware
ssl.com advertises 75Mbps DES today
Md5 1.27Gbps
SHA 1.02Gbps
RSA 400 keys/second
Three

way handshake
Authentication
Protocols
CHK, SHK are
keys known by
both sides
When this message is
received by the
server, the identity of
the client is not
known
At this point the
client knows
the identity of
the server since
it decrypted x
At this point the
server knows the
client because it was
able to decrypt y
A new session key is
exchanged so CHK and SHK
aren’t as vulnerable to attacks
Client
Server
Three Way Handshake
Assumes both sides know CHK and
SHK
This could correspond to a password
We still need a way to distribute keys
assuming the client and server share no
keys
Kerberos
Trusted third party (Kerberos)
A
S
B
S shares K
A
with A, but B does
not know K
A
, A does not know
K
B
A Asks S for a key to
communicate with B
S responds encoding the session
key K and timestamp T and
length of time to expire L
A can’t decrypt the second
message
A proves it knows the
encryption key K
Forwarded from S
B Proves it was able to
decrypt message from S
Kerberos
K is used like a DES session Key
Key exchange depends on a trusted 3
rd
party
A
B
Public key
authentication
Message Integrity
Protocols
Digital signature using RSA
special case of a message integrity where
the code can only have been generated by
one participant
compute signature with private key and
verify with public key
Making Signatures
Compute checksum of signed document
Encrypt checksum, time and date, and
other information using private key
Attach digital signature to end of
document
Optionally, encrypt signed document
with receiver’s public key
Checking Signatures
Decrypt signed document, if necessary,
using private key
Decrypt digital signature using public
key
Verify checksum for document
Display the time and date of the
document
Keyed MD5 Old Version
sender
m
+ MD5(
m
+
k
) + E(
k
,
private
)
receiver
recovers random key using the sender's public key
applies MD5 to the concatenation of this random
key message
compares result with checksum sent with
message
Man

in

the middle can intercept, change
message, and the receiver wont know
What about this?
Sender
m
+ MD5(
m
+
k
) + E(
k
, r

public)
receiver
recovers random key using the receivers private
key
applies MD5 to the concatenation of this random
key message
compares result with checksum sent with
message
Man

in

the middle can make up a new key
and send it using the receivers public key
Keyed MD5
Sender
m
+ MD5(
m
+
k
) + E(E(
k
, r

public), s

private)
receiver
recovers random key using the sender's public key
and receivers private key
applies MD5 to the concatenation of this random
key message
compares result with checksum sent with
message
Man

in

the middle can not intercept k
because it is encrypted with the public key of
the receiver
MD5 with RSA signature
Sender
m
+ E(MD5(
m), s

private)
receiver
recovers MD5 using the sender's public key
applies MD5 to the message
compares result with checksum sent with message
Man

in

the middle can not generate an encrypted
MD5, but it does expose RSA to a known encrypted
value
Comments 0
Log in to post a comment