Communication Networks - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Communication Networks

Description:

RSA obtaining keys. Choose two large prime numbers p, q. Compute n = pq give to others. ... Decryption : m = cd mod n. 7. Comnet 2006. RSA encryption/decryption ... – PowerPoint PPT presentation

Number of Views:19
Avg rating:3.0/5.0
Slides: 18
Provided by: daveh175
Category:

less

Transcript and Presenter's Notes

Title: Communication Networks


1
Communication Networks
  • Recitation 11
  • Security

2
RSA The problem
  • A wants to send B a message, but
  • A and B cannot meet so cannot decide on a common
    key

3
RSA The solution
  • B sends A a public key eB. The public key can be
    used to encrypt, but not to decrypt
  • A encrypts the message m with the public key and
    sends eB(m) to B
  • B uses his own private key dB to decrypt
    dB(eB(m))m

4
RSA obtaining keys
  • Choose two large prime numbers p, q.
  • Compute n pq ? give to others.
  • Calculate z(p-1)(q-1). Destroy p,q.
  • Choose 1lteltn that has no common factors with z ?
    give to others.
  • Compute d such that (de-1) is evenly divisible by
    z. Find an integer K which causes d (Kz 1)/e
    to be integer, and use d ? keep secret. Destroy
    z.
  • Public key (n,e). Private key (n,d).

5
RSA example
  • p 61, q 53
  • n 3233
  • z3120
  • 7, 11, 17 will do. We choose e17.
  • d2753 (3120K1)/17 integer ? K15.
  • Public key (3233,17).Private key (3233,2753).

6
RSA encryption/decryption
  • Encryption c me mod n
  • Decryption m cd mod n

7
RSA encryption/decryption example
  • encrypt(m) m17 mod 3233
  • Encrpyt(123) 12317 mod 3233 855
  • decrypt(c) c2753 mod 3233
  • Decrpyt(855) 8552753 mod 3233 123

8
RSA with a pocket calculator
  • 2753 101011000001 base 2
  • 2753 1 26 27 29 211 1 64 128
    512 2048
  • 8551 855 (mod 3233)
  • 8552 367 (mod 3233)
  • 8554 3672 (mod 3233) 2136 (mod 3233)
  • 8558 21362 (mod 3233) 733 (mod 3233)
  • 85516 7332 (mod 3233) 611 (mod 3233)
  • 85532 6112 (mod 3233) 1526 (mod 3233)
  • 85564 15262 (mod 3233) 916 (mod 3233)
  • 855128 9162 (mod 3233) 1709 (mod 3233)
  • 855256 17092 (mod 3233) 1282 (mod 3233)
  • 855512 12822 (mod 3233) 1160 (mod 3233)
  • 8551024 11602 (mod 3233) 672 (mod 3233)
  • 8552048 6722 (mod 3233) 2197 (mod 3233)

9
  • 8552753 (mod 3233) 855(1 64 128 512
    2048) (mod 3233)
  • 8551 85564 855128 855512 8552048 (mod
    3233)
  • 855 916 1709 1160 2197 (mod 3233)
  • 794 1709 1160 2197 (mod 3233)
  • 2319 1160 2197 (mod 3233)
  • 184 2197 (mod 3233)
  • 123 (mod 3233)
  • 123

10
RSA Signatures
  • How can B know the message was from A?
  • A produces a hash H(m)
  • A encrypts with his private key dA(H(m)) and
    sends with m.
  • B produces H(m), decrypts dA(H(m)) with As
    public key eA eA(dA(H(m)))H(m) and compares
    them.

11
RSA Signature example
  • A wants to send This is a very important
    message.
  • p5, q7 ? n 35, z 24
  • e 5 d 29
  • Public key (35, 5) Private key (35, 29)
  • H(This is a very important message)26
  • 2629 mod 35 31
  • A sends This is a very important message, 31
  • B gets private key 5, 315 mod 35 26.
  • Compares to H(This is a very important
    message)26

12
RSA Authorization
  • How can B know this is really the A he knows?
  • Certification Authority has public key eCA and
    private key dCA
  • A proves to CA that he is A using some identity
    proof, and gets dCA(eA)
  • B can now use eCA(dCA(eA))eA

13
RSA Authorization example
  • A wants to send This is a very important
    message.
  • ...
  • CA has Public key (3337, 79), Private key (3337,
    1019)
  • B gets As authorized public key 51019 mod 3337
    199
  • B uses 19979 mod 3337 5

14
Firewall
  • Isolates organizations internal net from larger
    Internet, allowing some packets to pass, blocking
    others
  • Firewall is usually implemented as a router
  • Router filters packets, based on
  • source IP address
  • destination IP address
  • TCP/UDP source and destination port numbers
  • ICMP message type
  • TCP SYN and ACK bits
  • Smart filtering

15
Example firewall rules
  • Allow outgoing traffic only on ports HTTP,
    HTTPS, FTP and TELNET
  • Used in a work place to make sure people arent
    using dangerous/illegal sharing
  • Too wide
  • Do not allow incomingng traffic on port TCP/4661
    (edonkey)
  • Too narrow

16
More rules
  • Allow incoming traffic only on port HTTP/HTTPS
  • Is it blocking enough?
  • What other applications?
  • Do not allow traffic from bezeqint.net
  • Sad but true

17
Firewalls prevented SYN DDOS attack
  • An external host sends a syn packet.
  • Firewall responds with a synack to the external
    host (at this point, the internal server doesnt
    even know that there is something going on like
    this).
  • If the external hosts sends an ack packet, then
    the firewall creates a new session by syn to ack
    to the internal server.
  • Then it connects them together so that the
    communication works.
  • Can this be circumvented? What else can the
    firewall do?
Write a Comment
User Comments (0)
About PowerShow.com