CSCE 715: Network Systems Security

1
CSCE 715Network Systems Security

• Chin-Tser Huang
• huangct_at_cse.sc.edu
• University of South Carolina

2
Points of Vulnerability

• Adversary can eavesdrop from a machine on the
  same LAN
• Adversary can eavesdrop by dialing into
  communication server
• Adversary can eavesdrop by gaining physical
  control of part of external links
• twisted pair, coaxial cable, or optical fiber
• radio or satellite links

3
Placement of Symmetric Encryption

• Two major placement alternatives
• Link encryption
• encryption occurs independently on every link
• implies must decrypt traffic between links
• requires many devices, but paired keys
• End-to-end encryption
• encryption occurs between original source and
  final destination
• need devices at each end with shared keys

4
Characteristics ofLink and End-to-End Encryption
5
Placement of Encryption

• Can place encryption function at various layers
  in OSI Reference Model
• link encryption occurs at layers 1 or 2
• end-to-end can occur at layers 3, 4, 6, 7
• If move encryption toward higher layer
• less information is encrypted but is more secure
• application layer encryption is more complex,
  with more entities and need more keys

6
Scope of Encryption
7
Traffic Analysis

• When using end-to-end encryption, must leave
  headers in clear so network can correctly route
  information
• Hence although contents are protected, traffic
  patterns are not protected
• Ideally both are desired
• end-to-end protects data contents over entire
  path and provides authentication
• link protects traffic flows from monitoring

8
Key Distribution

• Symmetric schemes require both parties to share a
  common secret key
• Need to securely distribute this key
• If key is compromised during distribution, all
  communications between two parties are
  compromised

9
Key Distribution Schemes

• Various key distribution schemes for two parties
• A can select key and physically deliver to B
• third party C can select and deliver key to A and
  B
• if A and B have shared a key previously, can use
  previous key to encrypt a new key
• if A and B have secure communications with third
  party C, C can relay key between A and B

10
Key Distribution Scenario
11
Key Distribution Issues

• Hierarchies of KDCs are required for large
  networks, but must trust each other
• Session key lifetimes should be limited for
  greater security
• Use of automatic key distribution on behalf of
  users, but must trust system
• Use of decentralized key distribution
• Controlling purposes keys are used for

12
Summary of Symmetric Encryption

• Traditional symmetric cryptography uses one key
  shared by both sender and receiver
• If this key is disclosed, communications are
  compromised
• Symmetric because parties are equal
• Provide confidentiality, but does not provide
  non-repudiation

13
Insufficiencies with Symmetric Encryption

• Symmetric encryption is not enough to address two
  key issues
• key distribution how to have secure
  communications in general without having to trust
  a KDC with your key?
• digital signatures how to verify that a
  received message really comes from the claimed
  sender?

14
Advent of Asymmetric Encryption

• Probably most significant advance in the 3000
  year history of cryptography
• Use two keys a public key and a private key
• Asymmetric since parties are not equal
• Clever application of number theory concepts
  instead of merely substitution and permutation

15
How Asymmetric Encryption Works

• Asymmetric encryption uses two keys that are
  related to each other
• a public key, which may be known to anybody, is
  used to encrypt messages, and verify signatures
• a private key, known only to the owner, is used
  to decrypt messages encrypted by the matching
  public key, and create signatures
• the key used to encrypt messages or verify
  signatures cannot decrypt messages or create
  signatures

16
Asymmetric Encryptionfor Confidentiality
17
Asymmetric Encryptionfor Authentication
18
Applications for Asymmetric Encryption

• Three categories
• Encryption/decryption sender encrypts a message
  with receivers public key
• Digital signature sender signs a message with
  its private key
• Key exchange two sides exchange a session key

19
Security of Asymmetric Encryption

• Like symmetric schemes brute-force exhaustive
  search attack is always theoretically possible,
  but keys used are too large (gt512bits)
• Not more secure than symmetric encryption,
  dependent on size of key
• Security relies on a large enough difference in
  difficulty between easy (en/decrypt) and hard
  (cryptanalyse) problems
• Generally the hard problem is known, just made
  too hard to do in practice
• Require using very large numbers, so is slow
  compared to symmetric schemes

20
RSA

• Invented by Rivest, Shamir Adleman of MIT in
  1977
• Best known and widely used public-key scheme
• Based on exponentiation in a finite (Galois)
  field over integers modulo a prime
• exponentiation takes O((log n)3) operations
  (easy)
• Use large integers (e.g. 1024 bits)
• Security due to cost of factoring large numbers
• factorization takes O(e log n log log n)
  operations (hard)

21
RSA Key Setup

• Each user generates a public/private key pair by
• select two large primes at random p, q
• compute their system modulus npq
• note ø(n)(p-1)(q-1)
• select at random the encryption key e
• where 1lteltø(n), gcd(e,ø(n))1
• solve following equation to find decryption key d
  
• ed1 mod ø(n) and 0dn
• publish their public encryption key KU e,n
• keep secret private decryption key KR d,n

22
RSA Usage

• To encrypt a message M
• sender obtains public key of receiver KUe,n
• computes CMe mod n, where 0Mltn
• To decrypt the ciphertext C
• receiver uses its private key KRd,n
• computes MCd mod n
• Message M must be smaller than the modulus n (cut
  into blocks if needed)

23
Why RSA Works

• Euler's Theorem
• aø(n) mod n 1 where gcd(a,n)1
• In RSA, we have
• npq
• ø(n)(p-1)(q-1)
• carefully chosen e and d to be inverses mod ø(n)
• hence ed1kø(n) for some k
• Hence Cd (Me)d M1kø(n) M1(Mø(n))k
  M1(1)k M1 M mod n

24
RSA Example Computing Keys

• Select primes p17, q11
• Compute npq1711187
• Compute ø(n)(p1)(q-1)1610160
• Select e gcd(e,160)1 and elt160
• choose e7
• Determine d de1 mod 160 and dlt160
• d23 since 237161101601
• Publish public key KU7,187
• Keep secret private key KR23,187

25
RSA Example Encryption and Decryption

• Given message M 88 (88lt187)
• Encryption
• C 887 mod 187 11
• Decryption
• M 1123 mod 187 88

26
Exponentiation

• Use a property of modular arithmetic
• (a mod n)?(b mod n)mod n (a?b)mod n
• Use the Square and Multiply Algorithm to multiply
  the ones that are needed to compute the result
• Look at binary representation of exponent
• Only take O(log2 n) multiples for number n
• e.g. 75 7471 37 10 (mod 11)
• e.g. 3129 312831 53 4 (mod 11)

27
RSA Key Generation

• Users of RSA must
• determine two primes at random - p,q
• select either e or d and compute the other
• Primes p,q must not be easily derived from
  modulus npq
• means p,q must be sufficiently large
• typically guess and use probabilistic test
• Exponents e, d are multiplicative inverses, so
  use Inverse algorithm to compute the other

28
Security of RSA

• Three approaches to attacking RSA
• brute force key search (infeasible given size of
  numbers)
• mathematical attacks (based on difficulty of
  computing ø(n), by factoring modulus n)
• timing attacks (on running of decryption)

29
Factoring Problem

• Mathematical approach takes 3 forms
• factor npq, hence find ø(n) and then d
• determine ø(n) directly and find d
• find d directly
• Currently believe all equivalent to factoring
• have seen slow improvements over the years
• as of Aug 99 best is 155 decimal digits (512
  bits) with GNFS
• biggest improvement comes from improved algorithm
• cf Quadratic Sieve to Generalized Number Field
  Sieve to Special Number Field Sieve
• 1024 bit RSA is secure barring dramatic
  breakthrough
• ensure p, q of similar size and matching other
  constraints

30
Timing Attacks

• Developed in mid-1990s
• Exploit timing variations in operations
• e.g. multiplying by small vs large number
• Infer operand size based on time taken
• RSA exploits time taken in exponentiation
• Countermeasures
• use constant exponentiation time
• add random delays
• blind values used in calculations

31
Next Class

• Key management with asymmetric encryption
• Diffie-Hellman key exchange
• Read Chapter 10