1
Security and Cryptography
•
Security: all issues which
make secure
communication
(information transmission, two
(multiple) party interaction)
over insecure channels
.
•
Cryptography: the science and art of manipulating
messages to make them secure.
•
Classical cryptographic techniques.
•
Along with the development of communication
networks and their broad applications, network
security is becoming a more serious problem.
•
Thus, call for modern cryptography.
2
Network threats and attacks
Passive:
Active:
Eavesdropping
Traffic analysis
Masquerading
Replay
Modification
Denial of service
Client
Server
Attac
ker
Server
Client
Server
modify
Client
client
Server
Man

in

middle
Client
Server
3
Security requirements for transmitting information
•
Privacy or confidentiality: the information should be
readable only by the intended receiver. i.e., protect the
information from eavesdropping.
•
Integrity: the receiver can confirm that a message has not
been altered during transmission, i.e., protect the
information from tampering.
•
Authentication: any party (sender or receiver) can verify
that the other party is who he or she claims to be, i.e.,
validate the identity of the other party.
•
Nonrepudiation: the sender can not deny having sent a given
message. i.e., if a transaction (e.g., a purchase) has occurred
between two parties, the nonrepudiation service can prove
that for any party, he/she really performed the transaction
him/herself, not by any other person.
4
Approaches to implementing security
Confidentiality:
By
encryption (and decryption)
Sender: encrypts the message using a key and sends the encrypted message.
Receiver: decrypts the encrypted message using the same key as the
sender’s key or a key derivable from the sender’s key.
Integrity:
By checksum or
hash value/message digest.
Sender: computes checksum/hash value/message digest from the message
and sends the message along with the checksum/hash value/message digest.
Receiver: re

computes checksum/hash value/message digest from received message
and compares with the transmitted checksum/hash value/message digest.
In some sense, it likes error

detection.
Problem:
the attacker, after intercepting the message, modifies the message,
computes the checksum for modified message, and resends them.
Solution: keyed checksum/hash value/message digest.
message
checksum
Both are transmitted
message
checksum
key
Message + checksum
are transmitted
5
Approaches to implementing security (cont.)
Authentication:
Traditional user ID and password.
Modern cryptography based authentication.

Digital signature.
Nonrepudiation:
Undeniable signature, i.e.,
Digital signature + verification protocol + disavowal protocol
6
Security requirements and their implementation
Confidentiality:
encryption (and decryption)
Integrity:
checksum
or
hash value/message digest
or
MAC
.
Authentication:
user ID and password
or
Digital signature.
Nonrepudiation:
Undeniable signature
Availability:
Intrusion detection and defense
Authorization:
Access control
Accountability:
Log, record, trace, system administration
Q: how to defense Replay attack?
Timestamps and/or sequence numbers
.
7
Classification of cryptosystems
•
Secret key systems vs. public key systems
•
Classical vs. modern
–
Classical: secret key systems
•
Shift
, Affine, Vigenere, Hill, Permutation
(transposition) cipher, Stream cipher
–
Modern:
•
Secret key systems
–
DES
, AES, PGM
•
Public key systems
–
RSA
, ElGamal, Elliptic Curve
8
Shift cipher

example
•
Suppose a plaintext word: cryptography
•
Change each letter by shifting the letter three
position rightward
•
The cipherword is: FUBSWRJUDSKB
Question:
if given the above cipherword, how to get original word?
Change each letter by shifting the letter three position leftward.
This kind of cryptosystem is called “
Caesar Cipher
”
9
Secret cryptosystem

DES
•
Data Encryption Standard (DES)
•
First version in 1975, developed by IBM.
•
A type of iterated cipher.
•
Plaintext block: 64 bits, key: 56 bits, ciphertext block:64 bits.
•
Steps:
–
Initial permutation (IP)
–
16 rounds of transformations
–
Inverse permutation (IP

1
)
10
Key management and exchange
•
Key
is the essential part in any cryptosystem,
especially in secret key systems.
•
How to distribute/exchange key/keys between
two users/any pair of multiple users.
•
Therefore key management and key exchange
come into play.
•
Also public key systems appeared.
11
Why public

key cryptography
1.
The two communicants in secret key system require the
prior communication of key, using a secure channel.
it is very difficult to achieve in practice. Unless the two
communicants meet together, phone call, post mail, email
etc., are not secure.
2.
Suppose there are
n
users and every pair of users want to
communicate. In secret

key system, it is necessary that
the total number of keys is
n
(
n

1)/2. Very difficult to
management and quite insecure.
However, in public

key system, every user selects his/her
own private key and public key, and publicizes the public
key but keep the private key secret. Quite easy and very secure.
The main problem with public

key system is that it is very slow.
12
Public

key cryptosystem
•
Secret

key cryptosystem:
–
e
K
&
d
K
:
d
K
is the same as or derived from
e
K
.
–
Called
symmetric

key
cryptosystem.
–
Problem: how to distribute
e
K
&
d
K
to Alice & Bob
securely.
•
Public

key cryptosystem:
–
Computationally infeasible to compute
d
K
from
e
K
.
–
Called
asymmetric

key
cryptosystem.
–
e
K
is made public, called
public key
–
But
d
K
is kept secret, called
private key
.
13
Public

key system: how it works
•
Everybody selects its own
public key
P
and
private key S
, and publicizes
P
.
•
Therefore Alice has (
P
a
,
S
a
), and Bob has (
P
b
,
S
b
).
•
Everybody knows
P
a
,
P
b
, …
•
Suppose Alice wants to send a message to Bob.
–
Alice encrypts the message with Bob’s
public key
P
b
and sends out.
–
(only) Bob can decrypt the message using his
private
key
S
b
. Nobody else can.
14
RSA cryptosystem
•
Suppose
n=p
q
, where
p
and
q
are big primes.
•
Select (find)
a
and
b
, such that
a
b=
1 mod
(
n
).
•
K
=(
n
,p,q,a,
b
), publicize
n
,
b
, but keep
p,q,a
secret.
•
For any
x,y
Z
n
,
define
–
e
K
(
x
)=
x
b
mod
n
–
d
K
(
y
)=
y
a
mod
n
•
Of course, from
n,b
, it is very difficult to get
a
(as
well as
p,q,
(
n
))
.
15
Two party key management
•
By public key cryptosystems:
–
Alice selects a random value
k
as a key
–
Alice encrypts the key
k
with Bob’s public key and
sends to Bob
–
Bob decrypts the key using his private key
–
Alice and Bob encrypt/decrypt messages using secret
key systems such as DES with the key
k
.
–
This is a typical combination of secret and public key
systems.
•
By Diffie

Hellman key agreement
–
Based on Discrete Logarithm Problem
16
DLP (Discrete Logarithm Problem)
–
Suppose
p
is an odd prime.
–
Z
p
={0,1,…,
p

1} is a finite field.
–
Z
p
*
: the set of integers which are
relatively prime to
p
.
•
{
a
Z
p
 gcd(
a
,
p
)=1}={1,…,
p

1}
•
it is a
cyclic
multiplicative group.
–
g
is a generator of
Z
p
*
,
•
i.e.
,
Z
p
*
={
g
0
mod
p
,
g
1
mod
p
, …,
g
p

2
mod
p
}.
–
DLP problem
•
Given any
a
, compute
b
=
g
a
(mod
p
) is
easy.
•
given any
b
,
find an
a
such that
b
=
g
a
(mod
p
) is
difficult.
–
Denoted as
a
= log
g
b
.
Omit:
mod
p
for simplicity
.
17
(Two

party) Diffie

Hellman (
DH
) key exchange
Suppose
p
and
g
are publicly known:
g
a
g
b
(
a
(
b
g
b
mod p
)
K=
(
g
b
)
a
=
g
ab
K=
(
g
a
)
b
=
g
ab
Alice
Bob
g
a
mod p
)
Anyone else can compute
g
a
g
b
=
g
a+b
but not
g
ab
18
cryptology
•
Cryptology = cryptography + cryptanalysis.
–
Cryptography: devise cryptosystems.
–
Cryptanalysis: break cryptosystems.
19
Kerckhoff
principle and attack levels
•
Kerckhoff
principle:
the cryptosystem is publicly known,
but only the
key
is secret. Breaking a cryptosystem (i.e.,
cryptanalysis) means figuring out the
key
currently used.
•
Attack levels:
–
Ciphertext

only: the attacker possesses a string of ciphertext,
y
.
–
Known plaintext: the attacker possesses a string of plaintext,
x,
and the corresponding ciphertext,
y
.
–
Chosen plaintext: the attacker has obtained temporary access to
the encryption machinery. Hence, he can choose a plaintext
string,
x
, and construct the corresponding ciphertext string,
y
.
–
Chosen
ciphertext: the attacker has obtained temporary access
to the decryption machinery. Hence, he can choose a ciphertext
string,
y
, and construct the corresponding plaintext string,
x
.
20
Internet security protocols
•
The Internet has implemented a suite of
security protocols combining secret

key,
public

key, digital signature, message
digest, etc.
–
IPSec (IP security): i.e.,
IP layer / network layer
–
SSL (Secure Socket Layer) & TLS (Transport
Layer Security):
transport layer
–
SSH (Secure Shell), SFTP, HTTPS, PGP
(Pretty Good Privacy):
application layer
21
IPSec key agreement
Entity A
Entity B
Crypto suites I support
Crypto suite I choose
g
a
mod p
g
b
mod p
g
ab
mod p{“Alice”, proof I am Alice}
g
ab
mod p{“Bob”, proof I am Bob}
22
SSL position
Copied from http://developer.netscape.com/docs/manuals/security/sslin/
23
SSL functionality
•
Server authentication (by public certificate)
•
Client authentication (Optional)
•
Data encryption (by secret key system)
•
Integrity protection by (MAC)
24
SSL handshake
Client
Server
I want to talk, ciphers I support, R
C
Certificate (
PS
), cipher I choose, R
S
{S}
PS
, {
keyed hash of handshake MSG
}
{keyed hash of handshake MSG}
Data protected by keys derived from
K
K
=
f
(S,R
C
,R
S
)
K
=
f
(S,R
C
,R
S
)
compute
compute
There are total six keys, three keys (encryption key, IV, integrity key) in each direction.
Comments 0
Log in to post a comment