Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Similar presentations

Presentation on theme: "Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998."— Presentation transcript:

1 Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998

2 Presentation Overview n Introduction n Public-key cryptography: RSA n Secret-key cryptography: DES n The SSL protocol n Open discussion

3 Introduction n Privacy u Keeping communication contents secret, known to a predetermined set of people, unknown to others n Security u A means to achieve privacy u An attempt against attacks like: eavesdropping, tampering, message replay u Tools: cryptography, secure protocol

4 Some security attack scenarios Eavesdropping: Peter Mary Lets meet at 5pm, old place Tom hee hee… Tampering: PeterMary Lets meet at 5pm, old place Tom Lets meet at 3pm, old place Replaying: Peter Tom Lets meet at 3pm today Mary One day later: Lets meet at 3pm today

5 Cryptography n Transformation of data into a secret form that is infeasible to read without knowledge of a shared secret (a key) n Achieve privacy by making information hidden to people who dont know the key n Encryption key and decryption key may be the same (secret-key cryptography) or different (public-key cryptography) DataSecret-form data encryption decryption

6 Private Key Cryptography n The same key is used for both encryption and decryption n One technique: block ciphers u transform fixed-length blocks of plain-text data into fixed- length blocks of cipher-text (secret-form) data n An example: DES (Data Encryption Standard) Plain-text block 1Plain-text block 2Plain-text block 3... Cipher-text block 1Cipher-text block 2Cipher-text block 3... Encrypt using key K

7 DES n Data Encryption Standard, also known as Data Encryption Algorithm (DEA) n Developed by IBM, refined by NBS n Block size of 64 bits, key size of 56 bits n 16 rounds of Feistel Ciphers: n Most widely used block ciphers, but being replaced by AES, Advanced Encryption Standard Round 1 Round 2 Round 16 Plain-text block Cipher-text block

8 Private Key cryptography n Stream ciphers (e.g., RC4) u transform plain-text data into cipher-text data bit by bit, and vice versa u can be much faster than block ciphers, but less secure n Message Authentication Codes (MAC) u a checksum obtained by applying an authentication scheme (DES, RC4, etc.) and a secret key to a message u the recipient verifies the integrity of the message by calculating the MAC with the secret key again

9 Public Key Cryptography n Encryption and decryption use different keys n A popular method: RSA n RSA key generation: u Find 2 large prime numbers p, q Choose d relatively prime to z=(p-1)(q-1) u Find e such that e X d = 1 mod z u Let n = pq u Public key: (n, e); Private key: (n, d) u Encrypting message M: E(M) = M e mod n u Decrypting cipher-text c: D(c) = c d mod n

10 RSA: An Example n Pick p = 5, q = 7, z = 24, n = 35 n Choose d = 5, relatively prime to z n 1 mod z = 1, 25, 49, 73, 97, 121, n Pick e = 145 / d = 29 n Public key (35, 29); Private key (35, 5) n Encrypting message M = 10: E(M) = mod 35 = 5 n VERIFY: Decrypting cipher-text c = 5: D(c) = 5 5 mod 35 = 3125 mod 35 = 10 = M n In practice, much larger primes p, q are used n The security provided by RSA relies on the fact that it is computationally infeasible to factor a large number n to find out p, q, and hence z, e

11 Digital Signatures, Certificates n Digital signature u The recipient verifies the signature by decrypting the signature with senders public key, and compares decrypted message with M n Certificate u A digitally signed public key u Used to verify a claimed-to-be public key of an entity Message M M encrypted with senders private key

12 SSL Protocol n Secure Socket Layer, developed by Netscape Corporation n Aims to provide privacy and reliability between two communicating applications n Overview: Application data protocol SSL handshake protocol SSL record protocol Reliable transport protocol (e.g., TCP) SSL record protocol Application data protocol SSL handshake protocol Application 1 (e.g., telnet, ftp) Application 2

13 SSL Protocol n Record protocol u encapsulate higher level protocols u divide messages into blocks u compresses message blocks u applies MAC to message blocks u encrypts and transmits message blocks n SSL handshake protocol u allow the client to authenticate the server, and the server to authenticate the client u negotiate an encryption algorithm and key for application data transmission n Application data protocol u transmits data from applications to the record layer, which then sends the data securely

14 SSL Handshake Protocol CLIENTSERVER Hello! I want to connect with you. I understand encryption algorithms like DES, RC4, IDEA, etc.… Hello, then lets use DES. This is my certificate with my public key on it. Please check. (Client verify servers public key...) Alright, Ive generated a DES master key. Here I encrypt it with your public key and send it to you Im finished.. (Server decrypts the DES key received from client…) Ok, I received your key. Im finished Data encrypted with the DES master key

15 SSL Protocol n How does it achieve privacy? u All data are encrypted during transmission, therefore, eavesdropping is useless unless the eavesdropper knows how to decrypt the message u Moreover, an attacker will not be able to tamper a message because he does not know how to encrypt it u A session-id is assigned by the server to each connection, so that an attacker cannot pretend the client later by replaying the message

16 Summary n We introduced basic cryptographic techniques, DES and RSA, and their application in MAC, digital signatures and certificates n We introduced the SSL protocol developed by Netscape Corp. as a secure protocol for data transmission

Download ppt "Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998."

Similar presentations

Ads by Google