Fundamentals Elements of Network and Cyber Security - PowerPoint PPT Presentation

1 / 44

About This Presentation

Title:

Fundamentals Elements of Network and Cyber Security

Description:

Substitute each letter with another letter. which is 3 letters away in the alphabet. ... message-digest, finger-print, one-way-function. The hash of a message m, ... – PowerPoint PPT presentation

Number of Views:181

Avg rating:3.0/5.0

Slides: 45

Provided by: cso7

Learn more at: https://www.cs.odu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Fundamentals Elements of Network and Cyber Security

1
Fundamentals Elements of Network and Cyber
Security

Hussein Abdel-Wahab, Ph.D.
Professor and Graduate Program Director
Departmet of Computer Science
Old Dominion University
wahab_at_cs.odu.edu
www.cs.odu.edu/wahab

2
General Concepts

Players Alice, Bob and Trudy.
How to communicate securely
over an insecure medium?
Alice should be able to send a message to Bob
That Trudy can't understand or modify
Bob is assured that Alice is the sender.

3
Types of Attaches

Passive Attacks
The attacker eavesdrops and read/record
messages in transit.
Active Attacks The attacker may
Transmit new messages,
Replay old messages,
Modify/Delete messages on transit.

4
Fundamental Tenet of Cryptography

If lots of smart people failed to solve a
problem, then it probably won't be solved (soon).
The time required to break a code should be
longer than the time the encrypted data must
remain secret.
The value of most data decreases overtime.

5
Cryptographic System Algorithm Key

It is perfectly OK to let everyone know the
algorithm. Knowledge of the algorithm without the
key does not help unmangle the information.
Publishing the algorithm provides an enormous
amount of free consulting to uncover weaknesses.

6
Layers and Cryptography

Application (e.g., PEM),
Transport (e.g., SSL),
Network (e.g., IPsec).

7
Traditional use of Cryptography

Plaintext gtgtgt Ciphertext gtgtgt Plaintext
(Encryption) (Decryption)
Cryptographer Invent clever secret codes.
Cryptanalyst Attempt to break these codes.

8
Computational Difficulty

Example combination lock
Typically require 3 numbers between 1 and 40.
If it takes 10 seconds for a good
guy, it would take 10(403) seconds
or about 1 week for the bad
guy.
By requiring 4 numbers
If it takes 13 seconds for
the good guy,
it would take 13(404)
seconds
or about 1 year for the bad
guy.

9
Example of Secret Codes

Caesar cipher
Substitute each letter with another
letter
which is 3 letters away in the alphabet.
E.g., dozen -gt grcho.
Mono-alphabetic cipher
Arbitrary map one letter to another.
There are 26!4(1026) possibilities. If
each possibility takes 1 microsecond
it would take 10 trillion years to try
all possibilities.
However statistical analysis of
language
makes it much easier to break.

10
Secret Key Cryptography (Symmetric Cryptography)

(encryption)
plaintext gtgtgt ciphertext

key
ciphertext gtgtgt plaintext
(decryption)

11
Uses of Symmetric Cryptography

Transmission Over an Insecure Channel
An eavesdropper will only see unintelligible
data.
Secure Storage on Insecure Media
Forgetting the key makes the data irrevocably
lost!
Authentication Alice authenticating Bob
Alice
Bob
challenge r gtgtgtgtgtgt
r
response r Kc ltltltltltltlt
cKr

12
Public Key Cryptography (Asymmetric
Cryptography)

Each individual has two keys
private key (not revealed to anyone)
public key (make it known to everyone)
(encryption) plaintext
gtgtgtgtgtgtgtgtgtgt ciphertext

public key
                private key
ciphertext
gtgtgtgtgtgtgtgtgt plaintext
(decryption)

13
Digital Signature

(signing) plaintext
gtgtgtgtgtgtgtgtgt ciphertext

private key
public key

ciphertext   gtgtgtgtgtgtgtgt plaintext
                 (verification)

14
Uses of Public KeySecret Key establishment

Public key cryptographic algorithms are much
slower than
Secret key cryptographic algorithms.
Thus they are normally used to establish
temporary
shared secret key for use during a given session.
Alice
Bob
K eB gtgtgtgtgtgtgtgtgt
K dB
KmB gtgtgtgtgtgtgtgtgt
KmB
KmA ltltltltltltltltlt
KmA

15
Uses of Public Key Authentication

Alice authenticating Bob
Alice
Bob
challenge c r eB gtgtgtgtgt c
response r ltltltltlt r
cdB

16
Hash Algorithmsmessage-digest, finger-print,
one-way-function

The hash of a message m,
h H(m)
has the following properties
Given m, it is easy to compute h.
Given h, it is hard to compute m.
Given m, it is hard to find another m'
such that H(m) H(m').
It is hard to find m1 and m2
such that H(m1) H(m2).

17
Message Authentication/Integrity Code (MIC/MAC)

Using Secret Key
Alice
Bob
m,h, where h H(mK) gtgt m,h , OK if h H
(mK)
Bob is sure that Alice sent m, since she knows K.
Bob can NOT prove to any one else that
Alice sent him m, since he also knows K!

18
Password Hashing

UNIX stores the hash of passwords.
For each user U with password P, there is a
tuple
ltU, hgt, where h H(P)
When user U types a password P,
UNIX computes H(P)
and the use is allowed to login if H(P) h

19
The magic of XOR

0 0 0 , 0 1 1, 1 0 1 1 1
0
Note that
a a 0
a bb a (since b b 0)
A Simple XOR symmetric algorithm
(P plain, C cipher, K key)
Encrypt C P K
Decrypt P C K (since (P K) K
P)

20
Secret Key CryptographyPrinciple

Secret key cryptographic systems takes
a key K and a data block M and generate a
one-one mapping that looks completely random.
I.e., any single bit change of K or M result
in a totally independent random output.

21
Secret Key Cryptography Transformation

Substitution For small blocks of size k bits,
specify for each of the 2k possible values of the
input, the k-bit output.
Permutation Specify for each input bit, the
output position to which it goes.
Example DES (Data Encryption Standard)

22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
Hashes/Message-DigestsPrinciple

Major Algorithms
Ron Rivest Message Digest (MD2, MD4 and MD5)
128-bit.
NIST Secure Hash Algorithm SHA-1 160-bit.
Both takes an arbitrary-length string and map it
to a
fixed-length quantity that appears to be randomly
chosen.
They are easy to compute and are computed in
rounds.
It is computationally infeasible to find
A message that has a given message digest.
A different message with the same message
digest.
Two messages that have the same message digest.

27
Things to do with a Hash

Authentication
Alice
Bob
challenge r gtgt
r
response d ltlt
dMDKr
Alice computes MDKr and if equal d, then Bob
knows K.
Computing a MAC
Alice
Bob
m,d where d MD(Km) gtgt m,d, OK if d MD
(Km)

28
Encryption using Hash

Generating one-time pad
Both Alice and Bob knows he shared secret K
and generates
b1 MD(K) bi MD(Kbi-1), i2,3,
....
Alice Bob
ci mi bi gtgtgtgt mi ci
bi

29
(No Transcript)
30
Public Key CryptographyPrinciple

Secret key algorithms Hash algorithms similar.
Public key algorithms are different from each
other.
What is common among all public key algorithms
is
each participant has two keys, public and
private,
most of them are based on modular
arithmetic
x mod n is the remainder of x when divided by n.
Example 24 mod 10 4

31
Multiplication mod 10

Multiplication by 1, 3, 7 and 9 works as cipher
since it performs 1-1 mapping.
Each "1" is the intersection of k and k-1, e.g. k
7, then k-1 is 3.
Example if k 7, then 1987 is encrypted to
7369

32
Totient Function

What is so special about the set 1,3,7,9 ?
These numbers are relatively prime to 10,
i.e., they do not share with 10 any common
factors other than 1.
How many numbers lt n are relatively prime to n?
This quantity is referred to as Ø(n) and is
called the totient function
If n is prime
then 1,2, ..., n-1 are all relatively prime
and Ø(n) n-1.
If n p.q where p and q are two distinct primes,
then Ø(n) (p-1)(q-1).
Example for n 10 2.5, Ø(10)
(2-1).(5-1)1.44, which is the
set 1,3,7,9.

33
Exponentiation mod 10

Examples 4 2 6, 8 8 6, 76 9
An exponentiative inverse of e is the number d
such that
e.d 1 mod Ø(n)
Example For n 10, Ø(10)4
e3 and d7 are exponentiative inverses since
3.721 1 mod 4
In public cryptography lte, ngt is public key
ltd,ngt is private key

34
Encrypt / Decrypt Sign / Verify

Encrypt / Decrypt
To encrypt m compute c me mod n
To decrypt c compute m cd mod n
Example
encrypt m 8 c 83 2
decrypt c2 m 27 8
Sign / Verify
To sign m compute s md mod n
To verify s compute m se mod n
Example
sign m 8 s 87 2
verify s2 m 23 8

35
RSA Algorithm(Rivist, Shamir Adleman)

Choose two large primes p and q. (typically
256 bits each keep them secret).
Compute n p.q Ø(n) (p-1)(q-1). (it
is very hard to factor n into p q).
Choose a number e relatively prime to Ø(n).
Find d as multiplicative inverse of
e mod Ø(n), i.e., e.d 1 mod Ø(n)).
public key lte,ngt private key ltd,ngt.

36
RSA works

Encrypt/Decrypt
To encrypt a message m (ltn) c me mod n
To decrypt c m cd mod n
This works since
cd mod n (me)d mod n me.d mod n
m mod n   // since e.d 1 mod Ø(n)
               m               //
since m lt n
Sign/Verify
To sign a message m (ltn) s md mod n
To verify s m se mod n
This also works since
se mod n me.d mod n m mod n m

37
Why is RSA Secure?

Every one knows the public key lte, ngt.
To find the private key ltd,ngt you need to know
Ø(n)
since e.d 1 mod Ø(n).
To know Ø(n) you need to know p and q
since Ø(n) (p-1).(q-1).
Thus to break RSA you should be able to factor n
to find p and q.
Factoring a big number is hard. (the best
technique to factor 512 bit number will take
30,000 MIPS-years!)
Popular RSA keys values
public key lt365537, ngt private key ltd ,
ngt.

38
Efficiency of RSA Operations

How to compute 12354 mod 678?
1232 123.123 15129 213 mod 678 1233
123.213 26199 435 mod 678 1234 123.435
53505 621 mod 678 ...... 12354
...... 87 mod 678
This requires 54 multiplications and 54
divisions.
How to compute 12332 mod 678?
1232   123.123 15129     213 mod 678
1234    213.213 45369     621 mod 678
1238    621.621 385641   537 mod 678
12316 537.537 288369   219 mod 678
12332 219.219 47961     501 mod 678
This requires 5 multiplications and 5 divisions
instead of 32.
To efficiently compute 12354 54 in binary as
1          1                   0
    1                 1
0
(((( (1232) 123 )2
)2 123 )2123 )2
This requires 8 multiplications and 8 divisions.

39
Diffie-Hellman Key agreement Protocol

Alice and Bob agree on p (large prime) g lt
p.
Alice
Bob
Pick SA (512-bit random number) Pick SB
(512-bit random number)
Compute TA ( gSA) mod p Compute TB
(gSB) mod p
send TA gtgtgtgtgtgtgtgt
ltltltltltltltltlt send TB
Compute X TB SA mod p Compute Y TA
SB mod p
X is the same as Y, why?
X TBSA gSBSA Y TASB gSASB
No one can compute g (SASB ) by knowing g (SA
) g (SB )

40
Email Security Protocols

PEM (Privacy Enhanced Mail)
Add encryption, authentication and integrity
to ordinary text messages.
MIME (Multipurpose Internet Mail Extensions)
Is a standard for encoding arbitrary data in
email
(images, video, etc.).
S/MIME Incorporated many principles of PEM
into MIME.

41
PEM MIC-CLEAR

From Alice To Bob Subject Colloquium
Date Tue Oct 26, 2005
-----BEGIN PRIVACY ENHANCED MESSAGE-----
Originator-ID-Asymmetric ltcertificategt
MIC-Info RSA-MD5, RSA, ltMICgt
Dear Bob I would like to invite you to give
a colloquium next Fall, If you accept, let us
talk about the details. Alice -----END PRIVACY
ENHANCED MESSAGE-----

42
PEM ENCRYPTED

From Alice To Bob Subject
Colloquium Date Tue Oct 26, 2005
-----BEGIN PRIVACY ENHANCED MESSAGE-----
DEK-Info DES-CBC, IV MIC-Info RSA-MD5, RSA,
ltMICgt Recipient-ID-Asymmetric ltRecipient
certificategt Key-Info RSA, ltkey encrypted with
recipient public keygt
ltencoded encrypted message using DES-CBCgt
-----END PRIVACY ENHANCED MESSAGE-----

43
SSL/TLSSecure Socket Layer, Netscape Transport
Layer Security, IETF

Run as a user-level processes on top of TCP/IP.
Alice

Bob
I want to talk, ciphers I support, Ra
--------------------- gt lt ----------------------
------ crtificate, cipher I choose, Rb choose
secret S, compute K f (S,Ra,Rb) SBob ,
keyed hash of handshake msgs -------------- gt

compute K f(S,Ra,Rb) lt------------------------
keyed hash of handshake msgs
lt-- data protected with keys derived
from K --gt
Ra and Rb are 32 octets long, the first 4 are the
time
This ensures that Rs are always different.

44
SSL Keys

Alice chooses a random number S,
called pre-master secret.
It is shuffled with Ra Rb to produce
a master secret K.
The master secret is shuffled with Ra Rb to
produce 6 keys Three for each side for
encryption, integrity, and IV.
Note that Alice has authenticated Bob,
but Bob has no idea to whom he's talking!
Normally the server authenticates the user
using
ltname, passwordgt sent securely over the ssl
connection.

45
Authentication SystemsPassword-based

Its not who you are, Its what you know
On-line Password attack Easy to defend, e.g.,
limit and slow down the number of guesses.
Off-line Password attack Capture a quantity X
derived from the password and take your time to
guess the password that produces X.
(e.g., use a dictionary)

46
Authentication SystemsAddress-based

It's not what you know. It's where you are
In Unix /etc/hosts.equiv
Contains a list of computers that have
identical user accounts to allow users on these
hosts to rlogin without providing passwords.

47
Trusted Intermediaries

For N entities, if each keeps N -1 secrets,
then adding a new entity involves adding N new
secrets. Clearly not practical for large N.
KDC (Key Distribution Center)
Keeps N keys, and adding one key for each
new entity.
Alice
KDC               Bob Need to talk to
Bob --------------gt
generate random R, R KAX lt--------- X
KAR , Y KBR -------gt R KBY
C1 RM1 -----------------------------
---------gt M1 RC1 M2 RC2
lt------------------------------------ C2
RM2
Disadvantages of KDC
If compromised, all Keys are compromised.
Single point of failure
Performance bottleneck.

48
CA Certificate Authority

Each entity keeps its private key.
The CA certifies (sign) that the public key
belong to the entity.
All public key certificates may be kept in one
place or each entity keeps its own.
Certifies expire after a reasonable period (1
year). It can be revoked and the CA periodically
publish a CRL (certificate revocation list) .
Clients should check the latest CRL before
trusting a certificate.

49
Delegation

It's not who you are. It's who you're working for
Sometime it is necessary to have some entity act
on your behave.
This is achieved using delegation
Generate a special message, signed by you
(using public key cryptography, or through KDC),
specifying
To whom you are delegating the rights,
Which rights are being delegated
For how long.

50
Off-Line Password Guessing

Obtaining a hash of a password h, an attacker
can guess
the password w and checks to see if h MD (w).
If some one obtains a file F containing the
hashes of
many passwords, e.g., /etc/passwd
he can perform a dictionary attack
for each word w in dictionary D do
compute h MD (w)
for each e in F do
if e h then w as a password
done
done
The number of performed hashes is D

51
Off-Line Password Guessing Adding Salt

Storing a random number salt (s) with h MD
(ws)
makes it harder for a dictionary attack
for each entry lts, hgt in F do for each
word w in the dictionary D do
compute e MD (ws)
if e h then w as a password done
done
The number of performed hashes is D.F

52
Mutual Authentication

Shared Secret Alice
Bob
I'm Alice -------------------------------------
--gt lt -------------------------------------------
----- Rb f(K, Rb) -------------------------------
---------gt Ra ----------------------------------
------------gt lt----------------------------------
-------- f(K, Ra)

53
Reducing number of Messages

Packing more information into each message
Alice
Bob
I'm Alice, Ra ------------------------------
-------gt lt---------------------------------------
--- Rb, f(K, Ra) f(K, Rb) --------------------
------------------------gt

54
Reflection Attack!

Trudy can impersonate Alice to Bob by
opening a second connection to Bob
Session1
Trudy
Bob
I'm Alice, Ra ----------------------------------
--------------gt
lt-------------------------------------------------
----- Rb, f(K, Ra)
suspend session 1......
Session 2 Trudy
Bob
I'm Alice, Rb -------------------------------
---------------gt lt-------------------------------
----------------- Rb', f(K, Rb) abort session
2.......
continue session 1......
f(K, Rb) ----------------------------------------
-----------------gt

55
Password Guessing Attack!

Trudy
Bob
I'm Alice, Ra ----------------------------------
-----------gt
lt-------------------------------------------------
Rb, f(K, Ra)
.........
suspend session and use
Ra, and f(K,Ra) to guess K.

56
Using Time Stamps

We can use time stamps to reduce the number of
messages to two
Alice
Bob
I'm Alice, f(K, timestamp) -------------------
------gt lt--------------------------------------
f(K, timestamp)

57
Mediated AuthenticationNeedham-Shroeder Protocol

Alice
KDC Bob
N1, Alice wants Bob ----------gt
lt-------------- KA N1,"Bob", KAB, ticket to
Bob, where ticket to Bob KB KAB,
"Alice"
ticket to Bob, KABN2 -------------------------
----------------------gt
lt ------------------------------------------------
------------ KABN2--, N3
KAB N3-- --------------------------------------
--------------------------gt
N is a nonce, a number that is used only once
(e.g., random number).
N1 to prevent Trudy from impersonating KDC and
replaying old replies to Alice.
N2 and N3 are challenges for mutual
authentication.