CSCE 715: Network Systems Security - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

CSCE 715: Network Systems Security

Description:

Adversary can eavesdrop from a machine on the same LAN ... Adversary can eavesdrop by gaining physical ... 1024 bit RSA is secure barring dramatic breakthrough ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 32
Provided by: huan75
Category:

less

Transcript and Presenter's Notes

Title: CSCE 715: Network Systems Security


1
CSCE 715Network Systems Security
  • Chin-Tser Huang
  • huangct_at_cse.sc.edu
  • University of South Carolina

2
Points of Vulnerability
  • Adversary can eavesdrop from a machine on the
    same LAN
  • Adversary can eavesdrop by dialing into
    communication server
  • Adversary can eavesdrop by gaining physical
    control of part of external links
  • twisted pair, coaxial cable, or optical fiber
  • radio or satellite links

3
Placement of Symmetric Encryption
  • Two major placement alternatives
  • Link encryption
  • encryption occurs independently on every link
  • implies must decrypt traffic between links
  • requires many devices, but paired keys
  • End-to-end encryption
  • encryption occurs between original source and
    final destination
  • need devices at each end with shared keys

4
Characteristics ofLink and End-to-End Encryption
5
Placement of Encryption
  • Can place encryption function at various layers
    in OSI Reference Model
  • link encryption occurs at layers 1 or 2
  • end-to-end can occur at layers 3, 4, 6, 7
  • If move encryption toward higher layer
  • less information is encrypted but is more secure
  • application layer encryption is more complex,
    with more entities and need more keys

6
Scope of Encryption
7
Traffic Analysis
  • When using end-to-end encryption, must leave
    headers in clear so network can correctly route
    information
  • Hence although contents are protected, traffic
    patterns are not protected
  • Ideally both are desired
  • end-to-end protects data contents over entire
    path and provides authentication
  • link protects traffic flows from monitoring

8
Key Distribution
  • Symmetric schemes require both parties to share a
    common secret key
  • Need to securely distribute this key
  • If key is compromised during distribution, all
    communications between two parties are
    compromised

9
Key Distribution Schemes
  • Various key distribution schemes for two parties
  • A can select key and physically deliver to B
  • third party C can select and deliver key to A and
    B
  • if A and B have shared a key previously, can use
    previous key to encrypt a new key
  • if A and B have secure communications with third
    party C, C can relay key between A and B

10
Key Distribution Scenario
11
Key Distribution Issues
  • Hierarchies of KDCs are required for large
    networks, but must trust each other
  • Session key lifetimes should be limited for
    greater security
  • Use of automatic key distribution on behalf of
    users, but must trust system
  • Use of decentralized key distribution
  • Controlling purposes keys are used for

12
Summary of Symmetric Encryption
  • Traditional symmetric cryptography uses one key
    shared by both sender and receiver
  • If this key is disclosed, communications are
    compromised
  • Symmetric because parties are equal
  • Provide confidentiality, but does not provide
    non-repudiation

13
Insufficiencies with Symmetric Encryption
  • Symmetric encryption is not enough to address two
    key issues
  • key distribution how to have secure
    communications in general without having to trust
    a KDC with your key?
  • digital signatures how to verify that a
    received message really comes from the claimed
    sender?

14
Advent of Asymmetric Encryption
  • Probably most significant advance in the 3000
    year history of cryptography
  • Use two keys a public key and a private key
  • Asymmetric since parties are not equal
  • Clever application of number theory concepts
    instead of merely substitution and permutation

15
How Asymmetric Encryption Works
  • Asymmetric encryption uses two keys that are
    related to each other
  • a public key, which may be known to anybody, is
    used to encrypt messages, and verify signatures
  • a private key, known only to the owner, is used
    to decrypt messages encrypted by the matching
    public key, and create signatures
  • the key used to encrypt messages or verify
    signatures cannot decrypt messages or create
    signatures

16
Asymmetric Encryptionfor Confidentiality
17
Asymmetric Encryptionfor Authentication
18
Applications for Asymmetric Encryption
  • Three categories
  • Encryption/decryption sender encrypts a message
    with receivers public key
  • Digital signature sender signs a message with
    its private key
  • Key exchange two sides exchange a session key

19
Security of Asymmetric Encryption
  • Like symmetric schemes brute-force exhaustive
    search attack is always theoretically possible,
    but keys used are too large (gt512bits)
  • Not more secure than symmetric encryption,
    dependent on size of key
  • Security relies on a large enough difference in
    difficulty between easy (en/decrypt) and hard
    (cryptanalyse) problems
  • Generally the hard problem is known, just made
    too hard to do in practice
  • Require using very large numbers, so is slow
    compared to symmetric schemes

20
RSA
  • Invented by Rivest, Shamir Adleman of MIT in
    1977
  • Best known and widely used public-key scheme
  • Based on exponentiation in a finite (Galois)
    field over integers modulo a prime
  • exponentiation takes O((log n)3) operations
    (easy)
  • Use large integers (e.g. 1024 bits)
  • Security due to cost of factoring large numbers
  • factorization takes O(e log n log log n)
    operations (hard)

21
RSA Key Setup
  • Each user generates a public/private key pair by
  • select two large primes at random p, q
  • compute their system modulus npq
  • note ø(n)(p-1)(q-1)
  • select at random the encryption key e
  • where 1lteltø(n), gcd(e,ø(n))1
  • solve following equation to find decryption key d
  • ed1 mod ø(n) and 0dn
  • publish their public encryption key KU e,n
  • keep secret private decryption key KR d,n

22
RSA Usage
  • To encrypt a message M
  • sender obtains public key of receiver KUe,n
  • computes CMe mod n, where 0Mltn
  • To decrypt the ciphertext C
  • receiver uses its private key KRd,n
  • computes MCd mod n
  • Message M must be smaller than the modulus n (cut
    into blocks if needed)

23
Why RSA Works
  • Euler's Theorem
  • aø(n) mod n 1 where gcd(a,n)1
  • In RSA, we have
  • npq
  • ø(n)(p-1)(q-1)
  • carefully chosen e and d to be inverses mod ø(n)
  • hence ed1kø(n) for some k
  • Hence Cd (Me)d M1kø(n) M1(Mø(n))k
    M1(1)k M1 M mod n

24
RSA Example Computing Keys
  • Select primes p17, q11
  • Compute npq1711187
  • Compute ø(n)(p1)(q-1)1610160
  • Select e gcd(e,160)1 and elt160
  • choose e7
  • Determine d de1 mod 160 and dlt160
  • d23 since 237161101601
  • Publish public key KU7,187
  • Keep secret private key KR23,187

25
RSA Example Encryption and Decryption
  • Given message M 88 (88lt187)
  • Encryption
  • C 887 mod 187 11
  • Decryption
  • M 1123 mod 187 88

26
Exponentiation
  • Use a property of modular arithmetic
  • (a mod n)?(b mod n)mod n (a?b)mod n
  • Use the Square and Multiply Algorithm to multiply
    the ones that are needed to compute the result
  • Look at binary representation of exponent
  • Only take O(log2 n) multiples for number n
  • e.g. 75 7471 37 10 (mod 11)
  • e.g. 3129 312831 53 4 (mod 11)

27
RSA Key Generation
  • Users of RSA must
  • determine two primes at random - p,q
  • select either e or d and compute the other
  • Primes p,q must not be easily derived from
    modulus npq
  • means p,q must be sufficiently large
  • typically guess and use probabilistic test
  • Exponents e, d are multiplicative inverses, so
    use Inverse algorithm to compute the other

28
Security of RSA
  • Three approaches to attacking RSA
  • brute force key search (infeasible given size of
    numbers)
  • mathematical attacks (based on difficulty of
    computing ø(n), by factoring modulus n)
  • timing attacks (on running of decryption)

29
Factoring Problem
  • Mathematical approach takes 3 forms
  • factor npq, hence find ø(n) and then d
  • determine ø(n) directly and find d
  • find d directly
  • Currently believe all equivalent to factoring
  • have seen slow improvements over the years
  • as of Aug 99 best is 155 decimal digits (512
    bits) with GNFS
  • biggest improvement comes from improved algorithm
  • cf Quadratic Sieve to Generalized Number Field
    Sieve to Special Number Field Sieve
  • 1024 bit RSA is secure barring dramatic
    breakthrough
  • ensure p, q of similar size and matching other
    constraints

30
Timing Attacks
  • Developed in mid-1990s
  • Exploit timing variations in operations
  • e.g. multiplying by small vs large number
  • Infer operand size based on time taken
  • RSA exploits time taken in exponentiation
  • Countermeasures
  • use constant exponentiation time
  • add random delays
  • blind values used in calculations

31
Next Class
  • Key management with asymmetric encryption
  • Diffie-Hellman key exchange
  • Read Chapter 10
Write a Comment
User Comments (0)
About PowerShow.com