The Application Layer

1
The Application Layer

• Network Security and Encryption

2
Four Basic Areas of Security

• Secrecy - keeping information from unauthorized
  users
• Authentication - ensuring that people are who
  they say they are.
• Nonrepudiation - signature validation
• Integrity Control - validating that a message
  sent was from the source expected.

3
Network Security at the Lower Layers

• Physical Layer
• enclose transmission lines in sealed tubes
  containing pressurized gas.
• Data Link Layer
• encryption/decryption at each side
• Network Layer
• firewalls monitor and limit packet traffic based
  on usage
• Transport Layer
• encryption/decryption at each side

4
Firewalls

• All traffic entering or leaving a network must
  pass through a single choke point.
• 2 packet filtering routers
• incoming packets
• outgoing packets
• Use service requests
• port numbers
• URLs

5
Cryptology

• Terminology
• plaintext - text that is not encrypted.
• ciphertext - the output of the encryption
  process.
• key - the information required to convert between
  plaintext and ciphertext.
• cryptanalysis - the art of breaking ciphers.
• cryptography - the art of designing ciphers.
• cryptology - the field of cryptanalysis and
  cryptography.

6
Substitution Ciphers

• Caesar cipher
• Each letter is alphabetically shifted by k
  letters
• Very easy to break (just 26 different codes)
• Monoalphabetic substitution
• Each plaintext letter is assigned a different
  ciphertext letter.
• 26! different codes are possible.
• Still easy to break

7
Defeating Monoalphabetic Ciphers

• Distribution of letters in English text
• ETAONRISHLGCMUFYPWBVKXJQZ
• Build a histogram
• Distribution of digrams
• two letter combinations
• th, in, er, re, an
• Distribution of trigrams
• the, ing, and, ion
• Detecting probable words or phrases

8
Transposition Ciphers

• Reorder the letters rather than change them
• Use a key to determine number and order of
  columns

9
Defeating Transposition Ciphers

• These ciphers are also easily defeated
• See if the letters have the expected distribution
• Guess words that are probably in the message and
  see what pairs of letters appear in the message.
• Use this information to guess the number of
  columns
• For a cipher with key length k, try all pairs of
  columns and see if the digram distribution
  matches the expected distribution.

10
One-time Pads

• An unbreakable cipher
• Each side has the same long text or random bit
  string. This is the pad.
• The pad is combined with the ciphertext to
  decode the message.
• Example 1 - The Beale Treasure - Bedford County
  
• Numbers identify the first letter of words in the
  declaration of independence.
• When in the course of human events it becomes
  necessary
• 10, 2, 4, 7 is nice

11
Another way to use a one-time pad

• Example 2
• Add the ith letter of this slide to the ith
  letter of your message, then divide by the size
  the of your alphabet and record the remainder.
• my message
• one-time pad
• (mo) mod 127 , (yn) mod 127, (
  e) mod 127

12
One-time Pad with Bit Strings(the xor trick)

• Temp a
• a b
• b Temp
• a b xor a // encrypt a using b (and b using
  a)
• b a xor b // decrypt a using b
• a a xor b // decrypt b using a

13
One-time Pad with Bit Strings

• Exclusive Or the ASCII plaintext with
  corresponding bits in the random bit string
• 01001010 (plaintext) 10000110
  (ciphertext)
• 11001100 (random) 11001100 (random)
• 10000110 (ciphertext) 01001010
  (plaintext)

14
Problems with One-Time Pads

• The pad must be long
• It will eventually run out
• The pad must be random
• Otherwise it might be guessed
• The pad must be distributed
• It can be captured
• It is sensitive to lost characters
• Losing a single character makes the ciphertext
  unreadable

15
Secret-Key Algorithms

• Transpositions and substitutions
• Product ciphers

16
DES Encryption Standard

• Based on IBM Lucifer encryption technique
• Plaintext is encrypted in blocks of 64 bits
• 56-bit key, 19 distinct stages
• Decryption/encryption use the same key

17
(No Transcript)
18
Problems with DES

• The original Lucifer code used 128 bit keys,
  rather than 56-bit keys.
• Exhaustive search of 256 (approx 7x1017) keys can
  be done with powerful computer systems
• Chinese Lottery idea (Quisquater and Girault)
• 1.2 billion chips in TVs and Radios
• Chinese government broadcasts the ciphertext and
  each appliance checks its part of the search
  space.
• Solution found in about 60 seconds
• Appliance with the matching key announces that
  the owner has won the Chinese lottery.

19
Public Key Algorithms

• 1976, Diffie and Hellman
• Make the encryption key and algorithm public
• Anyone can encrypt messages, but only you can
  decrypt them
• Trapdoor (one-way) functions
• Requirements
• D(E(P)) P
• It is exceedingly difficult to deduce D from E
• E cannot be broken by a chosen plaintext attack

20
RSA Algorithm

• Rivest, Shamir, Adleman (RSA)
• Based on the difficulty of factoring large
  numbers (200-digits and larger)
• Factoring a 200-digit number requires 4 billion
  years of computer time at 1 usec/instruction.

21
Problems with Public Key Encryption

• It is slow
• The keys are large
• Public keys are often used to exchange keys for
  other encoding schemes