Title: EE 122: (More) Network Security
1EE 122 (More) Network Security
2EECS 122 Introduction to Computer Networks
Network Security II
- Computer Science Division
- Department of Electrical Engineering and Computer
Sciences - University of California, Berkeley
- Berkeley, CA 94720-1776
3Todays Lecture 20
2
17,18
Application
19, 20
10,11
6
Transport
14, 15, 16
7, 8, 9
Network (IP)
Link
21, 22, 23
Physical
25
4Security Requirements
- Authentication
- Ensures that the sender and the receiver are who
they are claiming to be - Data integrity
- Ensure that data is not changed from source to
destination - Confidentiality
- Ensures that data is red only by authorized users
- Non-repudiation
- Ensures that the sender has strong evidence that
the receiver has received the message, and the
receiver has strong evidence of the sender
identity, strong enough such that the sender
cannot deny that it has sent the message and the
receiver cannot deny that it has received the
message (not discussed in this lecture)
5Outline
- Cryptographic Algorithms (Confidentiality and
Integrity) - Authentication
- System examples
6Cryptographic Algorithms
- Security foundation cryptographic algorithms
- Secret key cryptography, Data Encryption Standard
(DES) - Public key cryptography, RSA algorithm
- Message digest, MD5
7Symmetric Key
- Both the sender and the receiver use the same
secret keys
Plaintext
Plaintext
Internet
Encrypt with secret key
Decrypt with secret key
Ciphertext
8Data Encryption Standard (DES)
- DES encrypts a 64-bit block of plain text using a
64-bit key - Three phases
- Permute the 64 bits in the block
- Apply a given operation 16 times on the 64 bits
- Permute the 64 bits using the inverse of the
original permutation
1st phase IP(input)
Round 1
.
.
.
key
2nd phase
Round 16
3rd phase IP-1(input)
9Initial Permutation (IP)
- IP bit 58 of input becomes 1st bit, it 50
becomes 2nd bit, etc
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62
54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49
41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47 39 31 23 15 7
- IP-1 inverse of IP, e.g., IP(1) 58, IP-1 (58)
1
40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38
6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4
44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42
10 50 18 58 26 33 1 41 9 49 17 57 25
102nd Phase Operation In Each Round
0
63
- Key K is 64 bits
- 16 rounds
- Each round i select a 48 bit key Ki from the
original 64 bit key K. Perform (F is a given
function)
63
32
31
0
Li-1
Ri-1
Ki
F
Li
Ri
11Encrypting Larger Messages
- Initialization Vector (IV) is a random number
generated by sender and sent together with the
ciphertext
Block1
Block2
Block3
Block4
IV
DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
12DES Properties
- Provide confidentiality
- No mathematical proof, but practical evidence
suggests that decrypting a message without
knowing the key requires exhaustive search - To increase security use triple-DES, i.e.,
encrypt the message three times
13Public-Key Cryptography RSA (Rivest, Shamir,
and Adleman)
- Sender uses a public key
- Advertised to everyone
- Receiver uses a private key
Plaintext
Plaintext
Internet
Encrypt with public key
Decrypt with private key
Ciphertext
14Generating Public and Private Keys
- Choose two large prime numbers p and q ( 256 bit
long) and multiply them n pq - Chose encryption key e such that e and
(p-1)(q-1) are relatively prime - Compute decryption key d, where
- d e-1 mod ((p-1)(q-1))
- (equivalent to de 1 mod ((p-1)(q-1)))
- Public key consist of pair (n, e)
- Private key consists of pair (d, n)
15RSA Encryption and Decryption
- Encryption of message block m
- c me mod n
- Decryption of ciphertext c
- m cd mod n
16Example (1/2)
- Choose p 7 and q 11 ? n pq 77
- Compute encryption key e (p-1)(q-1) 610 60
? chose e 13 (13 and 60 are relatively prime
numbers) - Compute decryption key d such that 13d 1 mod
60 ? d 37 (3713 481)
17Example (2/2)
- n 77 e 13 d 37
- Send message block m 7
- Encryption c me mod n 713 mod 77 35
- Decryption m cd mod n 3537 mod 77 7
18RSA Proof Sketch (1/4)
- mod properties. Suppose a b mod k, and c d
mod k. Then - 1) a c (b d) mod k
- 2) ac (bd) mod k
19RSA Proof Sketch (2/4)
- Theorem Assume a and d are relatively primes,
(a, d) 1. Then ab ac mod d implies b c
mod d
Proof Since (a, d) 1, there exists m and n
such that am dn 1 ? am -dn 1
? am 1 mod d (1) Then, we have ab
(ac) mod d ? (amb) (amc) mod d ? (using
mod additive property) a c mod d (from (1))
20RSA Proof Sketch (3/4)
- Euler Theorem Let F(d) be the number of numbers
less than d relative prime to d, and suppose (a,
d) 1. Then aF(d) 1 mod d.
Proof Let a1, a2, .., aF(d) by the prime numbers
to a. Then for all i(ai, 1) 1, (a, d) 1, and
(aai, d) 1. Note that (aai mod d) are F(d)
relatively prime numbers (lt d) to d. Thus,
lists a1, a2, , aF(d) and (aa1) mod n, (aa2)
mod n, , (aaF(d)) mod d, contain the same
numbers! Using mod properties we have
(aa1)(aa2) .. (aaF(d)) (a1a2 aF(d))
mod d ? aF(d) (a1a2 aF(d)) (a1a2
aF(d)) mod d ? (from prev. Theorem) aF(d)
1 mod d
21RSA Proof Sketch (4/4)
- Theorem Suppose (1) p and q are primes, (2) n
pq, (3) ed 1 mod (p-1)(q-1), and (4) c me
mod n. Then m cd mod n
Proof Assume m 1 mod p and m 1 mod q
(Otherwise much longer proof) Since p and q are
primes F(p) p -1, F(q) q -1, and F(pq)
(p-1)(q-1). Since m 1 mod (pq) 1 mod n,
from Euler Theorem mF(n) 1 mod n ?
m(p-1)(q-1) 1 mod pq ce mod n m(ed) mod n
c(k(p-1)(q-1) 1) mod pq
mk(p-1)(q-1)) m mod pq ? m mod
pq m (since m lt pq)
22Properties
- Confidentiality
- A receiver A computes n, e, d, and sends out (n,
e) - Everyone who wants to send a message to A uses
(n, e) to encrypt it - How difficult is to recover d ? (Someone that can
do this can decrypt any message sent to A!) - Recall that
- d e-1 mod ((p-1)(q-1))
- So to find d, you need to find primes factors p
and q - This is provable very difficult
23Message Digest (MD) 5
- Can provide data integrity
- Used to verify the authentication of a message
- Idea compute a hash on the message and send it
along with the message - Receiver can apply the same hash function on the
message and see whether the result coincides with
the received hash
24MD 5 (contd)
- Basic property digest operation very hard to
invert - In practice someone cannot alter the message
without modifying the digest
Plaintext
corrupted msg
Plaintext
NO
digest
Internet
Digest (MD5)
Digest (MD5)
digest
25Message Digest Operation
- Transformation contains complex operations (see
textbook)
Initial digest (constant)
Message (padded)
512 bits
512 bits
512 bits
Transformation
Transformation
.
.
.
Transformation
Message digest
26Outline
- Cryptographic Algorithms (Confidentiality and
Integrity) - Authentication
- System examples
27Authentication
- Goal Make sure that the sender an receiver are
the ones they claim to be - Two solutions based on secret key cryptography
(e.g., DES) - Three-way handshaking
- Trusted third party
- One solution based on public key cryptography
(e.g., RSA) - Public key authentication
28Simple Three-Way Handshaking
- E(m,k) encrypt message m with key k
- D(m,k) decrypt m with key k
- CHK and SHK client and server shared secrete
keys - SK session key used for data communication
- This reduces the number of messages containing
CHK and SHK - Question how are CHK and SHK communicated in the
first place?
client
server
29Trusted Third Party
- Trust a third party entity, authentication server
- Scenario A wants to communicate with B
- Assumption both A and B share secrete keys with
S KA and KB - Notations
- T timestamp (also serves the purpose of a random
number) - L lifetime of the session
- K sessions key
30Trusted Third Party (contd)
S
A
B
31Public Key Authentication
- Based on public key cryptography
- Each side need only to know the other sides
public key - No secrete key need to be shared
- A encrypts a random number x and B proves that it
knows x - A can authenticate itself to be in the same way
-
A
B
32Outline
- Cryptographic Algorithms (Confidentiality and
Integrity) - Authentication
- System examples
33Public Key Infrastructure (PKI)
- System managing public key distribution on a
wide-scale - Trust distribution mechanism
- Allow any arbitrary level of trust
34PKI Properties
- Authentication ? via Digital Certificates
- Confidentiality ? via Encryption
- Integrity ? via Digital Signatures
- NonRepudiation ? via Digital Signatures
35Components of a PKI
36Digital Certificate
- Signed data structure that binds an entity with
its corresponding public key - Signed by a recognized and trusted authority,
i.e., Certification Authority (CA) - Provide assurance that a particular public key
belongs to a specific entity
37Certification Authority
- People, processes responsible for creation,
delivery and management of digital certificates - Organized in an hierarchy
Root CA
CA-1
CA-2
38Registration Authority
- People, processes and/or tools that are
responsible for - Authenticating the identity of new entities
(users or computing devices) - Requiring certificates from CAs.
39Certificate Repository
- A database which is accessible to all users of a
PKI, contains - Digital certificates,
- Certificate revocation information
- Policy information
40Example
- Alice generates her own key pair.
- Bob generates his own key pair.
- Both sent their public key to a CA and receive a
digital certificate
41Example
- Alice gets Bobs public key from the CA
- Bob gets Alices public key from the CA
42Example
- Alice use private key to sign use public key
cryptography to provide integrity
Alice
Bob
Message
Hash
Message
Hash
?
Encryption
Decryption
Hash
43Certificate Revocation
- Process of publicly announcing that a certificate
has been revoked and should no longer be used. - Approaches
- Use certificates that automatically time out
- Use certificate revocation list
- Use list that itemizes all revoked certificates
in an on-line directory
44Pretty Good Privacy (PGP)
- Provide
- Authentication
- Confidentiality
- Application examples file transfers, e-mail
- Authentication weaker than PKI, but
- Freely available
- Not controlled by a government or standard
organization
45PGP Services
- Authentication ? Digital signature uses DSS/SHA
or RSA/SHA - Confidentiality ? Encryption, e.g., three-key
triple DES or RSA - Also provides
- Compression ? Zip
- E-mail compatibility ? Radix-64 conversion
- Segmentation
46PGP Public Key Management
- No rigid public key management scheme
- Problem how to get public key reliable
- Possible solution physically or by phone. Secure
but unpractical - PGP solution build a web of trust
- Assume you know several variably trusted users
- Each of these indvidual can sign certificates for
other users - Each signature has asociated a trust field
indicating the level of trust in the certificate
47(No Transcript)
48What do You Need To Know
- Security requirements
- Cryptographic algorithms
- How does DES and RSA work (no proof for RSA)
- Authentication algorithms
- Public key management, digital certificates (high
level)