Title: CSCE 715: Network Systems Security
1CSCE 715Network Systems Security
- Chin-Tser Huang
- huangct_at_cse.sc.edu
- University of South Carolina
2Points of Vulnerability
- Adversary can eavesdrop from a machine on the
same LAN - Adversary can eavesdrop by dialing into
communication server - Adversary can eavesdrop by gaining physical
control of part of external links - twisted pair, coaxial cable, or optical fiber
- radio or satellite links
3Placement of Symmetric Encryption
- Two major placement alternatives
- Link encryption
- encryption occurs independently on every link
- implies must decrypt traffic between links
- requires many devices, but paired keys
- End-to-end encryption
- encryption occurs between original source and
final destination - need devices at each end with shared keys
4Characteristics ofLink and End-to-End Encryption
5Placement of Encryption
- Can place encryption function at various layers
in OSI Reference Model - link encryption occurs at layers 1 or 2
- end-to-end can occur at layers 3, 4, 6, 7
- If move encryption toward higher layer
- less information is encrypted but is more secure
- application layer encryption is more complex,
with more entities and need more keys
6Scope of Encryption
7Traffic Analysis
- When using end-to-end encryption, must leave
headers in clear so network can correctly route
information - Hence although contents are protected, traffic
patterns are not protected - Ideally both are desired
- end-to-end protects data contents over entire
path and provides authentication - link protects traffic flows from monitoring
8Key Distribution
- Symmetric schemes require both parties to share a
common secret key - Need to securely distribute this key
- If key is compromised during distribution, all
communications between two parties are
compromised
9Key Distribution Schemes
- Various key distribution schemes for two parties
- A can select key and physically deliver to B
- third party C can select and deliver key to A and
B - if A and B have shared a key previously, can use
previous key to encrypt a new key - if A and B have secure communications with third
party C, C can relay key between A and B
10Key Distribution Scenario
11Key Distribution Issues
- Hierarchies of KDCs are required for large
networks, but must trust each other - Session key lifetimes should be limited for
greater security - Use of automatic key distribution on behalf of
users, but must trust system - Use of decentralized key distribution
- Controlling purposes keys are used for
12Summary of Symmetric Encryption
- Traditional symmetric cryptography uses one key
shared by both sender and receiver - If this key is disclosed, communications are
compromised - Symmetric because parties are equal
- Provide confidentiality, but does not provide
non-repudiation
13Insufficiencies with Symmetric Encryption
- Symmetric encryption is not enough to address two
key issues - key distribution how to have secure
communications in general without having to trust
a KDC with your key? - digital signatures how to verify that a
received message really comes from the claimed
sender?
14Advent of Asymmetric Encryption
- Probably most significant advance in the 3000
year history of cryptography - Use two keys a public key and a private key
- Asymmetric since parties are not equal
- Clever application of number theory concepts
instead of merely substitution and permutation
15How Asymmetric Encryption Works
- Asymmetric encryption uses two keys that are
related to each other - a public key, which may be known to anybody, is
used to encrypt messages, and verify signatures - a private key, known only to the owner, is used
to decrypt messages encrypted by the matching
public key, and create signatures - the key used to encrypt messages or verify
signatures cannot decrypt messages or create
signatures
16Asymmetric Encryptionfor Confidentiality
17Asymmetric Encryptionfor Authentication
18Applications for Asymmetric Encryption
- Three categories
- Encryption/decryption sender encrypts a message
with receivers public key - Digital signature sender signs a message with
its private key - Key exchange two sides exchange a session key
19Security of Asymmetric Encryption
- Like symmetric schemes brute-force exhaustive
search attack is always theoretically possible,
but keys used are too large (gt512bits) - Not more secure than symmetric encryption,
dependent on size of key - Security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems - Generally the hard problem is known, just made
too hard to do in practice - Require using very large numbers, so is slow
compared to symmetric schemes
20RSA
- Invented by Rivest, Shamir Adleman of MIT in
1977 - Best known and widely used public-key scheme
- Based on exponentiation in a finite (Galois)
field over integers modulo a prime - exponentiation takes O((log n)3) operations
(easy) - Use large integers (e.g. 1024 bits)
- Security due to cost of factoring large numbers
- factorization takes O(e log n log log n)
operations (hard)
21RSA Key Setup
- Each user generates a public/private key pair by
- select two large primes at random p, q
- compute their system modulus npq
- note ø(n)(p-1)(q-1)
- select at random the encryption key e
- where 1lteltø(n), gcd(e,ø(n))1
- solve following equation to find decryption key d
- ed1 mod ø(n) and 0dn
- publish their public encryption key KU e,n
- keep secret private decryption key KR d,n
22RSA Usage
- To encrypt a message M
- sender obtains public key of receiver KUe,n
- computes CMe mod n, where 0Mltn
- To decrypt the ciphertext C
- receiver uses its private key KRd,n
- computes MCd mod n
- Message M must be smaller than the modulus n (cut
into blocks if needed)
23Why RSA Works
- Euler's Theorem
- aø(n) mod n 1 where gcd(a,n)1
- In RSA, we have
- npq
- ø(n)(p-1)(q-1)
- carefully chosen e and d to be inverses mod ø(n)
- hence ed1kø(n) for some k
- Hence Cd (Me)d M1kø(n) M1(Mø(n))k
M1(1)k M1 M mod n
24RSA Example Computing Keys
- Select primes p17, q11
- Compute npq1711187
- Compute ø(n)(p1)(q-1)1610160
- Select e gcd(e,160)1 and elt160
- choose e7
- Determine d de1 mod 160 and dlt160
- d23 since 237161101601
- Publish public key KU7,187
- Keep secret private key KR23,187
25RSA Example Encryption and Decryption
- Given message M 88 (88lt187)
- Encryption
- C 887 mod 187 11
- Decryption
- M 1123 mod 187 88
26Exponentiation
- Use a property of modular arithmetic
- (a mod n)?(b mod n)mod n (a?b)mod n
- Use the Square and Multiply Algorithm to multiply
the ones that are needed to compute the result - Look at binary representation of exponent
- Only take O(log2 n) multiples for number n
- e.g. 75 7471 37 10 (mod 11)
- e.g. 3129 312831 53 4 (mod 11)
27RSA Key Generation
- Users of RSA must
- determine two primes at random - p,q
- select either e or d and compute the other
- Primes p,q must not be easily derived from
modulus npq - means p,q must be sufficiently large
- typically guess and use probabilistic test
- Exponents e, d are multiplicative inverses, so
use Inverse algorithm to compute the other
28Security of RSA
- Three approaches to attacking RSA
- brute force key search (infeasible given size of
numbers) - mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n) - timing attacks (on running of decryption)
29Factoring Problem
- Mathematical approach takes 3 forms
- factor npq, hence find ø(n) and then d
- determine ø(n) directly and find d
- find d directly
- Currently believe all equivalent to factoring
- have seen slow improvements over the years
- as of Aug 99 best is 155 decimal digits (512
bits) with GNFS - biggest improvement comes from improved algorithm
- cf Quadratic Sieve to Generalized Number Field
Sieve to Special Number Field Sieve - 1024 bit RSA is secure barring dramatic
breakthrough - ensure p, q of similar size and matching other
constraints
30Timing Attacks
- Developed in mid-1990s
- Exploit timing variations in operations
- e.g. multiplying by small vs large number
- Infer operand size based on time taken
- RSA exploits time taken in exponentiation
- Countermeasures
- use constant exponentiation time
- add random delays
- blind values used in calculations
31Next Class
- Key management with asymmetric encryption
- Diffie-Hellman key exchange
- Read Chapter 10