lecture 36 (ppt) ( Security )

slurpslapoutNetworking and Communications

Nov 20, 2013 (4 years and 1 month ago)

79 views

Network Security

Chapter 8

Cryptography

Cryptography functions


Secret key (e.g., DES)


Public key (e.g., RSA)


Message digest (e.g., MD5)

Security services


Privacy: preventing unauthorized release of information


Authentication: verifying identity of the remote
participant


Integrity: making sure message has not been altered

Encryption Algorithms

Private Key (DES)

64
-
bit key (56
-
bits + 8
-
bit
parity)

16 rounds

Round 1

Round 2

Round 16

. . .

plain text

Initial Permutation

Final Permutation

56bit

Key

Encrypt w/

Secret Key

Decrypt w/

Secret Key

plaintext

plaintext

ciphertext

Each round




Function F and generation of
K
i

for
each round not shown

Repeat for larger messages

L

i
-
1

R

i 1

L

i

R

i

F

+

i

K

cipher

1

block

1

DES

+

IV

cipher

block

DES

+

2

2

cipher

block

DES

+

3

3

cipher

block

DES

+

4

4

Multiplicative inverse
for public key

With n=7

4*2 mod 7 = 1

4

and
2

are multiplicative inverses mod 7

4
*3 mod 7 = 12 mod 7 = 5

2
*5 mod 7 = 10 mod 7 = 3

If you multiply any number by 4, take the
result and multiply it by 2, you will get the
original number back

Encryption & Decryption

c = m
e

mod n

m = c
d

mod n

Encrypt w/

Public Key

Decrypt w/

Private Key

plaintext

plaintext

ciphertext

Public Key (RSA)

Based on multiplicative group operations

Generate a public and private key


choose two large prime numbers
p

and
q

(each 256 bits)


multiply
p

and
q

together to get
n (at most 512 bits)


choose the encryption key
e
, such that
e

and
(p
-
1
)
x

(q
-
1
)

are relatively prime


two numbers are relatively prime if they have no common factor
greater than one.


compute decryption key
d
such that

d = e
-
1

mod((p
-
1)*(q
-
1))


construct public key as <
e, n
>


construct private key as <
d, n
>


discard (do not disclose) original primes
p

and
q

Example

p=5, q=11, n=p*q=55, m=message=9,

(p
-
1)(q
-
1)=40, e=23 and (p
-
1)*(q
-
1) are relatively
prime

We want d*e=1mod 40, d*23=1mod40


You can try all values less than 40


23*2=46=6mod40, 23*3=69=29mod40, 23*4=92=12mod40,
23*5=115=35mod40, 23*6=138=18mod40


23*7=161=1mod40, d=7

For a message m=9


c=m
e
modn=9
23
mod55 How big is this?


= 9
10
mod55*9
13
mod55= 1*14 mod 55


m=c
d
modn=14
7
mod55=105413504mod55=9



Breaking RSA

1977 challenge to break 430
-
bit message

Estimated 40 Quadrillion years to factor large
composites

April 1994 broken with 5000 MIP
-
years of
CPU

Breakage can be easier if something is
known about the key generation (time of day)

Message Digest

Cryptographic checksum:


just as a regular checksum protects the
receiver from accidental changes to the
message, a cryptographic checksum
protects the receiver from malicious
changes to the message.

One
-
way function:


given a cryptographic checksum for a
message, it is virtually impossible to figure
out what message produced that
checksum; it is not computationally feasible
to find two messages that hash to the
same cryptographic checksum.


Relevance:


if you are given a checksum for a message
and you are able to compute exactly the
same checksum for that message, then it
is highly likely this message produced the
checksum you were given.


Speed

175MHz DEC Alpha

Custom Hardware

Sonicwall claims 54Mbps DES3 in hardware

ssl.com advertises 75Mbps DES today

Md5 1.27Gbps

SHA 1.02Gbps

RSA 400 keys/second

Three
-
way handshake


Authentication
Protocols

CHK, SHK are
keys known by
both sides

When this message is
received by the
server, the identity of
the client is not
known

At this point the
client knows
the identity of
the server since
it decrypted x

At this point the
server knows the
client because it was
able to decrypt y

A new session key is
exchanged so CHK and SHK
aren’t as vulnerable to attacks

Client

Server

Three Way Handshake

Assumes both sides know CHK and
SHK

This could correspond to a password

We still need a way to distribute keys
assuming the client and server share no
keys

Kerberos

Trusted third party (Kerberos)



A

S

B

S shares K
A

with A, but B does
not know K
A
, A does not know
K
B

A Asks S for a key to
communicate with B

S responds encoding the session
key K and timestamp T and
length of time to expire L

A can’t decrypt the second
message

A proves it knows the
encryption key K

Forwarded from S

B Proves it was able to
decrypt message from S

Kerberos

K is used like a DES session Key

Key exchange depends on a trusted 3
rd

party

A

B

Public key
authentication

Message Integrity
Protocols

Digital signature using RSA


special case of a message integrity where
the code can only have been generated by
one participant


compute signature with private key and
verify with public key

Making Signatures

Compute checksum of signed document

Encrypt checksum, time and date, and
other information using private key

Attach digital signature to end of
document

Optionally, encrypt signed document
with receiver’s public key


Checking Signatures

Decrypt signed document, if necessary,
using private key

Decrypt digital signature using public
key

Verify checksum for document

Display the time and date of the
document


Keyed MD5 Old Version

sender

m

+ MD5(
m

+
k
) + E(
k
,
private
)

receiver


recovers random key using the sender's public key


applies MD5 to the concatenation of this random
key message


compares result with checksum sent with
message

Man
-
in
-
the middle can intercept, change
message, and the receiver wont know


What about this?

Sender

m

+ MD5(
m

+
k
) + E(
k
, r
-
public)

receiver


recovers random key using the receivers private
key


applies MD5 to the concatenation of this random
key message


compares result with checksum sent with
message

Man
-
in
-
the middle can make up a new key
and send it using the receivers public key


Keyed MD5

Sender

m

+ MD5(
m

+
k
) + E(E(
k
, r
-
public), s
-
private)

receiver


recovers random key using the sender's public key
and receivers private key


applies MD5 to the concatenation of this random
key message


compares result with checksum sent with
message

Man
-
in
-
the middle can not intercept k
because it is encrypted with the public key of
the receiver


MD5 with RSA signature

Sender

m

+ E(MD5(
m), s
-
private)

receiver


recovers MD5 using the sender's public key


applies MD5 to the message


compares result with checksum sent with message

Man
-
in
-
the middle can not generate an encrypted
MD5, but it does expose RSA to a known encrypted
value