EE 122: (More) Network Security - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

EE 122: (More) Network Security

Description:

Introduction to Computer Networks Network Security II. Computer Science Division ... clientId, E(x, CHK) E(x 1, SHK), E(y,SHK) E(y 1, CHK) E(SK,SHK) client. server. 29 ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 49
Provided by: sto2
Category:

less

Transcript and Presenter's Notes

Title: EE 122: (More) Network Security


1
EE 122 (More) Network Security
  • November 5, 2003

2
EECS 122 Introduction to Computer Networks
Network Security II
  • Computer Science Division
  • Department of Electrical Engineering and Computer
    Sciences
  • University of California, Berkeley
  • Berkeley, CA 94720-1776

3
Todays Lecture 20
2
17,18
Application
19, 20
10,11
6
Transport
14, 15, 16
7, 8, 9
Network (IP)
Link
21, 22, 23
Physical
25
4
Security Requirements
  • Authentication
  • Ensures that the sender and the receiver are who
    they are claiming to be
  • Data integrity
  • Ensure that data is not changed from source to
    destination
  • Confidentiality
  • Ensures that data is red only by authorized users
  • Non-repudiation
  • Ensures that the sender has strong evidence that
    the receiver has received the message, and the
    receiver has strong evidence of the sender
    identity, strong enough such that the sender
    cannot deny that it has sent the message and the
    receiver cannot deny that it has received the
    message (not discussed in this lecture)

5
Outline
  • Cryptographic Algorithms (Confidentiality and
    Integrity)
  • Authentication
  • System examples

6
Cryptographic Algorithms
  • Security foundation cryptographic algorithms
  • Secret key cryptography, Data Encryption Standard
    (DES)
  • Public key cryptography, RSA algorithm
  • Message digest, MD5

7
Symmetric Key
  • Both the sender and the receiver use the same
    secret keys

Plaintext
Plaintext
Internet
Encrypt with secret key
Decrypt with secret key
Ciphertext
8
Data Encryption Standard (DES)
  • DES encrypts a 64-bit block of plain text using a
    64-bit key
  • Three phases
  • Permute the 64 bits in the block
  • Apply a given operation 16 times on the 64 bits
  • Permute the 64 bits using the inverse of the
    original permutation

1st phase IP(input)
Round 1
.
.
.
key
2nd phase
Round 16
3rd phase IP-1(input)
9
Initial Permutation (IP)
  • IP bit 58 of input becomes 1st bit, it 50
    becomes 2nd bit, etc

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62
54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49
41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47 39 31 23 15 7
  • IP-1 inverse of IP, e.g., IP(1) 58, IP-1 (58)
    1

40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38
6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4
44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42
10 50 18 58 26 33 1 41 9 49 17 57 25
10
2nd Phase Operation In Each Round
0
63
  • Key K is 64 bits
  • 16 rounds
  • Each round i select a 48 bit key Ki from the
    original 64 bit key K. Perform (F is a given
    function)

63
32
31
0
Li-1
Ri-1
Ki
F

Li
Ri
11
Encrypting Larger Messages
  • Initialization Vector (IV) is a random number
    generated by sender and sent together with the
    ciphertext

Block1
Block2
Block3
Block4
IV




DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
12
DES Properties
  • Provide confidentiality
  • No mathematical proof, but practical evidence
    suggests that decrypting a message without
    knowing the key requires exhaustive search
  • To increase security use triple-DES, i.e.,
    encrypt the message three times

13
Public-Key Cryptography RSA (Rivest, Shamir,
and Adleman)
  • Sender uses a public key
  • Advertised to everyone
  • Receiver uses a private key

Plaintext
Plaintext
Internet
Encrypt with public key
Decrypt with private key
Ciphertext
14
Generating Public and Private Keys
  • Choose two large prime numbers p and q ( 256 bit
    long) and multiply them n pq
  • Chose encryption key e such that e and
    (p-1)(q-1) are relatively prime
  • Compute decryption key d, where
  • d e-1 mod ((p-1)(q-1))
  • (equivalent to de 1 mod ((p-1)(q-1)))
  • Public key consist of pair (n, e)
  • Private key consists of pair (d, n)

15
RSA Encryption and Decryption
  • Encryption of message block m
  • c me mod n
  • Decryption of ciphertext c
  • m cd mod n

16
Example (1/2)
  • Choose p 7 and q 11 ? n pq 77
  • Compute encryption key e (p-1)(q-1) 610 60
    ? chose e 13 (13 and 60 are relatively prime
    numbers)
  • Compute decryption key d such that 13d 1 mod
    60 ? d 37 (3713 481)

17
Example (2/2)
  • n 77 e 13 d 37
  • Send message block m 7
  • Encryption c me mod n 713 mod 77 35
  • Decryption m cd mod n 3537 mod 77 7

18
RSA Proof Sketch (1/4)
  • mod properties. Suppose a b mod k, and c d
    mod k. Then
  • 1) a c (b d) mod k
  • 2) ac (bd) mod k

19
RSA Proof Sketch (2/4)
  • Theorem Assume a and d are relatively primes,
    (a, d) 1. Then ab ac mod d implies b c
    mod d

Proof Since (a, d) 1, there exists m and n
such that am dn 1 ? am -dn 1
? am 1 mod d (1) Then, we have ab
(ac) mod d ? (amb) (amc) mod d ? (using
mod additive property) a c mod d (from (1))

20
RSA Proof Sketch (3/4)
  • Euler Theorem Let F(d) be the number of numbers
    less than d relative prime to d, and suppose (a,
    d) 1. Then aF(d) 1 mod d.

Proof Let a1, a2, .., aF(d) by the prime numbers
to a. Then for all i(ai, 1) 1, (a, d) 1, and
(aai, d) 1. Note that (aai mod d) are F(d)
relatively prime numbers (lt d) to d. Thus,
lists a1, a2, , aF(d) and (aa1) mod n, (aa2)
mod n, , (aaF(d)) mod d, contain the same
numbers! Using mod properties we have
(aa1)(aa2) .. (aaF(d)) (a1a2 aF(d))
mod d ? aF(d) (a1a2 aF(d)) (a1a2
aF(d)) mod d ? (from prev. Theorem) aF(d)
1 mod d
21
RSA Proof Sketch (4/4)
  • Theorem Suppose (1) p and q are primes, (2) n
    pq, (3) ed 1 mod (p-1)(q-1), and (4) c me
    mod n. Then m cd mod n

Proof Assume m 1 mod p and m 1 mod q
(Otherwise much longer proof) Since p and q are
primes F(p) p -1, F(q) q -1, and F(pq)
(p-1)(q-1). Since m 1 mod (pq) 1 mod n,
from Euler Theorem mF(n) 1 mod n ?
m(p-1)(q-1) 1 mod pq ce mod n m(ed) mod n
c(k(p-1)(q-1) 1) mod pq
mk(p-1)(q-1)) m mod pq ? m mod
pq m (since m lt pq)
22
Properties
  • Confidentiality
  • A receiver A computes n, e, d, and sends out (n,
    e)
  • Everyone who wants to send a message to A uses
    (n, e) to encrypt it
  • How difficult is to recover d ? (Someone that can
    do this can decrypt any message sent to A!)
  • Recall that
  • d e-1 mod ((p-1)(q-1))
  • So to find d, you need to find primes factors p
    and q
  • This is provable very difficult

23
Message Digest (MD) 5
  • Can provide data integrity
  • Used to verify the authentication of a message
  • Idea compute a hash on the message and send it
    along with the message
  • Receiver can apply the same hash function on the
    message and see whether the result coincides with
    the received hash

24
MD 5 (contd)
  • Basic property digest operation very hard to
    invert
  • In practice someone cannot alter the message
    without modifying the digest

Plaintext
corrupted msg
Plaintext
NO

digest
Internet
Digest (MD5)
Digest (MD5)
digest
25
Message Digest Operation
  • Transformation contains complex operations (see
    textbook)

Initial digest (constant)
Message (padded)
512 bits
512 bits
512 bits
Transformation
Transformation
.
.
.
Transformation
Message digest
26
Outline
  • Cryptographic Algorithms (Confidentiality and
    Integrity)
  • Authentication
  • System examples

27
Authentication
  • Goal Make sure that the sender an receiver are
    the ones they claim to be
  • Two solutions based on secret key cryptography
    (e.g., DES)
  • Three-way handshaking
  • Trusted third party
  • One solution based on public key cryptography
    (e.g., RSA)
  • Public key authentication

28
Simple Three-Way Handshaking
  • E(m,k) encrypt message m with key k
  • D(m,k) decrypt m with key k
  • CHK and SHK client and server shared secrete
    keys
  • SK session key used for data communication
  • This reduces the number of messages containing
    CHK and SHK
  • Question how are CHK and SHK communicated in the
    first place?

client
server
29
Trusted Third Party
  • Trust a third party entity, authentication server
  • Scenario A wants to communicate with B
  • Assumption both A and B share secrete keys with
    S KA and KB
  • Notations
  • T timestamp (also serves the purpose of a random
    number)
  • L lifetime of the session
  • K sessions key

30
Trusted Third Party (contd)
S
A
B
31
Public Key Authentication
  • Based on public key cryptography
  • Each side need only to know the other sides
    public key
  • No secrete key need to be shared
  • A encrypts a random number x and B proves that it
    knows x
  • A can authenticate itself to be in the same way

A
B
32
Outline
  • Cryptographic Algorithms (Confidentiality and
    Integrity)
  • Authentication
  • System examples

33
Public Key Infrastructure (PKI)
  • System managing public key distribution on a
    wide-scale
  • Trust distribution mechanism
  • Allow any arbitrary level of trust

34
PKI Properties
  • Authentication ? via Digital Certificates
  • Confidentiality ? via Encryption
  • Integrity ? via Digital Signatures
  • NonRepudiation ? via Digital Signatures

35
Components of a PKI
36
Digital Certificate
  • Signed data structure that binds an entity with
    its corresponding public key
  • Signed by a recognized and trusted authority,
    i.e., Certification Authority (CA)
  • Provide assurance that a particular public key
    belongs to a specific entity

37
Certification Authority
  • People, processes responsible for creation,
    delivery and management of digital certificates
  • Organized in an hierarchy

Root CA
CA-1
CA-2
38
Registration Authority
  • People, processes and/or tools that are
    responsible for
  • Authenticating the identity of new entities
    (users or computing devices)
  • Requiring certificates from CAs.

39
Certificate Repository
  • A database which is accessible to all users of a
    PKI, contains
  • Digital certificates,
  • Certificate revocation information
  • Policy information

40
Example
  • Alice generates her own key pair.
  • Bob generates his own key pair.
  • Both sent their public key to a CA and receive a
    digital certificate

41
Example
  • Alice gets Bobs public key from the CA
  • Bob gets Alices public key from the CA

42
Example
  • Alice use private key to sign use public key
    cryptography to provide integrity

Alice
Bob
Message
Hash
Message
Hash
?
Encryption
Decryption

Hash
43
Certificate Revocation
  • Process of publicly announcing that a certificate
    has been revoked and should no longer be used.
  • Approaches
  • Use certificates that automatically time out
  • Use certificate revocation list
  • Use list that itemizes all revoked certificates
    in an on-line directory

44
Pretty Good Privacy (PGP)
  • Provide
  • Authentication
  • Confidentiality
  • Application examples file transfers, e-mail
  • Authentication weaker than PKI, but
  • Freely available
  • Not controlled by a government or standard
    organization

45
PGP Services
  • Authentication ? Digital signature uses DSS/SHA
    or RSA/SHA
  • Confidentiality ? Encryption, e.g., three-key
    triple DES or RSA
  • Also provides
  • Compression ? Zip
  • E-mail compatibility ? Radix-64 conversion
  • Segmentation

46
PGP Public Key Management
  • No rigid public key management scheme
  • Problem how to get public key reliable
  • Possible solution physically or by phone. Secure
    but unpractical
  • PGP solution build a web of trust
  • Assume you know several variably trusted users
  • Each of these indvidual can sign certificates for
    other users
  • Each signature has asociated a trust field
    indicating the level of trust in the certificate

47
(No Transcript)
48
What do You Need To Know
  • Security requirements
  • Cryptographic algorithms
  • How does DES and RSA work (no proof for RSA)
  • Authentication algorithms
  • Public key management, digital certificates (high
    level)
Write a Comment
User Comments (0)
About PowerShow.com