Upload
vivian-benson
View
212
Download
0
Embed Size (px)
Citation preview
11
Security and Cryptography: basic aspectsSecurity and Cryptography: basic aspects
Ortal AraziOrtal Arazi
College of EngineeringCollege of EngineeringDept. of Electrical & Computer EngineeringDept. of Electrical & Computer Engineering
The University of TennesseeThe University of Tennessee
22
OutlineOutline
What is network security?What is network security?
Principles of CryptographyPrinciples of Cryptography
AuthenticationAuthentication
IntegrityIntegrity
33
What is network security?What is network security?
Confidentiality:Confidentiality: only sender, intended receiver should only sender, intended receiver should “understand” message contents“understand” message contents sender encrypts messagesender encrypts message receiver decrypts messagereceiver decrypts message
Authentication:Authentication: sender, receiver want to confirm sender, receiver want to confirm identity of each other identity of each other
Message Integrity and non-repudiation:Message Integrity and non-repudiation: sender, sender, receiver want to ensure message not altered (in receiver want to ensure message not altered (in transit, or afterwards)transit, or afterwards)
Access Control and Availability:Access Control and Availability: services must be services must be accessible and available to legitimate users (no DoS accessible and available to legitimate users (no DoS attacks)attacks)
44
Friends and foes: Alice, Bob, TrudyFriends and foes: Alice, Bob, Trudy
Well-known fixtures in network security worldWell-known fixtures in network security world
Bob, Alice want to communicate “securely”Bob, Alice want to communicate “securely”
Trudy (intruder) may intercept, delete, add messagesTrudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, control messages
data data
Alice Bob
Trudy
55
What can the “enemy” do ?What can the “enemy” do ?
Q:Q: What can a “bad guy” do? What can a “bad guy” do?
A:A: a lot! a lot! Eavesdrop:Eavesdrop: intercept messages intercept messages actively actively insertinsert messages into connection messages into connection Impersonation:Impersonation: can fake (spoof) source address can fake (spoof) source address
in packet (or any field in packet)in packet (or any field in packet) Hijacking:Hijacking: “take over” ongoing connection by “take over” ongoing connection by
removing sender or receiver, inserting himself removing sender or receiver, inserting himself in placein place
Denial of serviceDenial of service:: prevent service from being prevent service from being used by others (e.g., by overloading used by others (e.g., by overloading resources)resources)more on this later ……
66
The language of cryptographyThe language of cryptography
Symmetric keySymmetric key crypto: sender, receiver keys crypto: sender, receiver keys identicalidentical
Public-keyPublic-key crypto: encryption key crypto: encryption key publicpublic, decryption , decryption key key secret (secret (private)private)
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
77
Symmetric key cryptographySymmetric key cryptography
Symmetric keySymmetric key crypto: Bob and Alice share know same crypto: Bob and Alice share know same (symmetric) key: (symmetric) key: KK
e.g., key is knowing substitution pattern in mono e.g., key is knowing substitution pattern in mono alphabetic substitution cipheralphabetic substitution cipher
Substitution cipher:Substitution cipher: substituting one thing for another substituting one thing for another monoalphabetic cipher: substitute one letter for monoalphabetic cipher: substitute one letter for
anotheranotherplaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Question: How hard is it to break this simple cipher?:- brute force (how hard?)- other?
88
Symmetric key crypto: DESSymmetric key crypto: DES
DES: Data Encryption StandardDES: Data Encryption StandardUS encryption standard [NIST 1993- US encryption standard [NIST 1993- National Institute of National Institute of
Standard and TechnologyStandard and Technology]]
56-bit symmetric key, 64-bit plaintext input56-bit symmetric key, 64-bit plaintext input
How secure is DESHow secure is DES?? DES Challenge: 56-bit-key-encrypted phrase (“Strong DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted cryptography makes the world a safer place”) decrypted (brute force) in 4 months(brute force) in 4 months
no known “backdoor” decryption approachno known “backdoor” decryption approach
making DES more secure:making DES more secure: use three keys sequentially (3-DES) on each datumuse three keys sequentially (3-DES) on each datum AES (Advanced Encryption Standard) – Next generation AES (Advanced Encryption Standard) – Next generation
standard (NIST 2001)standard (NIST 2001)
99
Symmetric key crypto: DESSymmetric key crypto: DES
Initial permutation Initial permutation
16 identical “rounds” of 16 identical “rounds” of function application, function application, each using different each using different 48 bits of key48 bits of key
Final permutationFinal permutation
DES operation – Substitution and Permutation
1010
Public Key CryptographyPublic Key Cryptography
SymmetricSymmetric key crypto key crypto
requires sender, receiver know shared secret requires sender, receiver know shared secret keykey
Q: how to agree on key in first place (particularly Q: how to agree on key in first place (particularly if never “met”)?if never “met”)?
PublicPublic key cryptography key cryptography
radically different approach [Diffie-Hellman76, radically different approach [Diffie-Hellman76, RSA78]RSA78]
Sender, receiver do Sender, receiver do notnot share secret key share secret key
publicpublic encryption keyencryption key known toknown to allall
privateprivate decryption key known only to receiver decryption key known only to receiver
1111
Diffie-Hellman Key GenerationDiffie-Hellman Key Generation
Uncovered an entire new approach to cryptographyUncovered an entire new approach to cryptographyW. Diffie and M.E. Hellman's W. Diffie and M.E. Hellman's New Directions in New Directions in CryptographyCryptography from IEEE transactions on Information from IEEE transactions on Information Theory, IT 22:644-654, 1976.Theory, IT 22:644-654, 1976.
A B
(X - private key) (X - private key) (Y - private key) (Y - private key)
a,p: known numbersa,p: known numbers(p - prime number)(p - prime number)
aaX X mod pmod paay y mod pmod p
[a[ay y mod p]mod p]x x mod p = mod p = aaXY XY mod pmod p = [a = [ax x mod p]mod p]y y mod p mod p
• x,y,a,p x,y,a,p typically 1024 bits longtypically 1024 bits long• The The Discreet Log Discreet Log problem: by knowing problem: by knowing aax x mod p, a and p, one mod p, a and p, one can notcan not obtain x obtain x
1212
Diffie-Hellman Key Generation- using ECCDiffie-Hellman Key Generation- using ECC
Why use ECC?Why use ECC?We use 160 bits (instead of1024) and still get the same complexityWe use 160 bits (instead of1024) and still get the same complexityWe use multiplications instead of exponentiationWe use multiplications instead of exponentiationAll mathematical calculations are without carryAll mathematical calculations are without carry
Calculations take less time, less memory and Calculations take less time, less memory and less hardwareless hardware
A B
X- private keyX- private key(scalar) (scalar)
y- private key y- private key (scalar)(scalar)
P- a known point on P- a known point on the elliptic curvethe elliptic curve
X X xx P P
(Y (Y xx P) P) x x X= X= XY XY x x PP = (X = (X xx P) P) x x YY
Y Y xx P P
The discreet Log problem: by knowing X The discreet Log problem: by knowing X xx P and P P and P, one can not know x, one can not know x
1313
What is an Elliptic Curve?What is an Elliptic Curve?
In (2) an ordinary elliptic curve suitable for elliptic curve cryptography is defined by the set of points () that satisfy the equation :
)GF(2 b a; m b; ax xy xy : E 232
Example:
)1000()1100( 232 xxxyy
1000
1100
4
)2(,,, 4
b
a
m
GFbayx
(1001)
(0101)
(1110)
(0111)
(1111)
(1011)
(0100)
(0010)
(0001)
(1100)
(0110)
(0011)
(1101)
(1010)
(0000)
(1000)(0
000)
(001
1)
(011
0)
(110
0)
(000
1)
(001
0)
(010
0)
(100
0)
(111
1)
(011
1)
(111
0)
(010
1)
(101
0)
(110
1)
(100
1)
(101
1)
1414
Public Key CryptographyPublic Key Cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessageK (m)
B+
K B+
Bob’s privatekey
K B-
m = K (K (m))B+
B-
Given a public key it should be impossible to Given a public key it should be impossible to compute the private keycompute the private key
Requirements:
1
2
K (K (m)) = m BB
- +
1515
Public Key Cryptography - RSAPublic Key Cryptography - RSA
plaintextmessage, m
ciphertextRSAf(x)
RSAf-1
(x)
Bob’s public key
plaintextmessage
K B+
Bob’s privatekey
K B-
f(m) m=f-1(f(m))
Algorithm using a public key
Algorithm using a private key
1616
RSA (Rivest-Shamir-Adelman): Choosing KeysRSA (Rivest-Shamir-Adelman): Choosing Keys
1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
K B+ K B
-
1717
RSA: Encryption, decryptionRSA: Encryption, decryption
Given (n,e) and (n,d) as computed above:
1. To encrypt bit pattern, m (m<n), compute
c = m mod n
e (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, compute
m = c mod n
d (i.e., remainder when c is divided by n)d
m = (m mod n)
e mod n
dMagichappens!
c
1818
RSA: Why is that ?RSA: Why is that ?m = (m mod n)
e mod nd
(m mod n)
e mod n = m mod n
d ed
Useful number theory result: If p,q prime and n = pq, then:
x mod n = x mod n(Fermat's Small Equation)
y y mod (p-1)(q-1)
= m mod n
ed mod (p-1)(q-1)
= m mod n1
C – the encrypted message
(using number theory result above)
(since we chose ed to be divisible by(p-1)(q-1) with remainder 1 )
= m (since m<n)
1919
OutlineOutline
What is network security?What is network security?
Principles of CryptographyPrinciples of Cryptography
AuthenticationAuthentication
IntegrityIntegrity
2020
AuthenticationAuthentication
There is a clear need to “prove” the identity of a There is a clear need to “prove” the identity of a sendersender
Insufficient options:Insufficient options: ID by IP # ?ID by IP # ? Send secret password along with message ?Send secret password along with message ? Choose a random number, R …Choose a random number, R …
“I am Alice”
RBob computes
K (R)A-
“send me your public key”
K A+
(K (R)) = RA
-K A
+
and knows only Alice could have the
private key, that encrypted R such that
(K (R)) = RA-
K A+
2121
Man-in-the-middle AttackMan-in-the-middle Attack
Man (woman) in the middle attack:Man (woman) in the middle attack: Trudy poses as Alice Trudy poses as Alice (to Bob) and as Bob (to Alice)(to Bob) and as Bob (to Alice)
I am Alice I am Alice
R
TK (R)
-
Send me your public key
TK
+A
K (R)-
Send me your public key
AK
+
TK (m)+
Tm = K (K (m))+
T-
Trudy gets
sends m to Alice encrypted
with Alice’s public key
AK (m)+
Am = K (K (m))+
A-
R
2222
Certification AuthoritiesCertification Authorities
Question:Question: How do you “prove” that a key is really your How do you “prove” that a key is really your key ?key ?
Solutions: Solutions: Certification authority (CA) -Certification authority (CA) - binds public binds public key to particular entity (for example: Bob).key to particular entity (for example: Bob).
Bob registers its public key with CA.Bob registers its public key with CA. Bob provides “proof of identity” to CA. Bob provides “proof of identity” to CA. CA creates certificate binding Bob to its public key.CA creates certificate binding Bob to its public key. certificate containing Bob’s public key digitally signed by certificate containing Bob’s public key digitally signed by
CA – CA says “this is Bob’s public key”CA – CA says “this is Bob’s public key”Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
2323
Certification Authorities (cont.)Certification Authorities (cont.)
When Alice wants Bob’s public key:When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere).gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get apply CA’s public key to Bob’s certificate, get
Bob’s public keyBob’s public key
Bob’s public
key K B+
digitalsignature(decrypt)
CA public
key K CA+
K B+
2424
Questions?Questions?