Presentation is loading. Please wait.

Presentation is loading. Please wait.

Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003."— Presentation transcript:

1 Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003

2 Katz, Stoica F04 EECS 122: Introduction to Computer Networks Network Security II Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley, CA 94720-1776

3 Katz, Stoica F04 3 Today’s Lecture: 20 Network (IP) Application Transport Link Physical 2 7, 8, 9 10,11 14, 15, 16 21, 22, 23 25 6 17,18 19, 2 0

4 Katz, Stoica F04 4 Security Requirements  Authentication -Ensures that the sender and the receiver are who they are claiming to be  Data integrity -Ensure that data is not changed from source to destination  Confidentiality -Ensures that data is red only by authorized users  Non-repudiation -Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture)

5 Katz, Stoica F04 5 Outline  Cryptographic Algorithms (Confidentiality and Integrity)  Authentication  System examples

6 Katz, Stoica F04 6 Cryptographic Algorithms  Security foundation: cryptographic algorithms -Secret key cryptography, Data Encryption Standard (DES) -Public key cryptography, RSA algorithm -Message digest, MD5

7 Katz, Stoica F04 7 Symmetric Key  Both the sender and the receiver use the same secret keys Internet Encrypt with secret key Decrypt with secret key Plaintext Ciphertext

8 Katz, Stoica F04 8 Data Encryption Standard (DES)  DES encrypts a 64-bit block of plain text using a 64-bit key  Three phases 1.Permute the 64 bits in the block 2.Apply a given operation 16 times on the 64 bits 3.Permute the 64 bits using the inverse of the original permutation Round 1 Round 16... key 1 st phase IP(input) 3 rd phase IP -1 (input) 2 nd phase

9 Katz, Stoica F04 9 Initial Permutation (IP)  IP: bit 58 of input becomes 1 st bit, it 50 becomes 2 nd bit, etc 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7  IP -1 : inverse of IP, e.g., IP(1) = 58, IP -1 (58) = 1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

10 Katz, Stoica F04 10 2 nd Phase: Operation In Each Round  Key K is 64 bits  16 rounds  Each round i select a 48 bit key K i from the original 64 bit key K. Perform (F is a given function): + F 63 0 3231 0 KiKi L i-1 R i-1 LiLi RiRi

11 Katz, Stoica F04 11 Encrypting Larger Messages  Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext + Block 1 Cipher 1 DES + Block 2 DES + Block 3 DES + Block 4 DES Cipher 2 Cipher 3 Cipher 4 IV

12 Katz, Stoica F04 12 DES Properties  Provide confidentiality -No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search -To increase security use triple-DES, i.e., encrypt the message three times

13 Katz, Stoica F04 13 Public-Key Cryptography: RSA (Rivest, Shamir, and Adleman)  Sender uses a public key -Advertised to everyone  Receiver uses a private key Internet Encrypt with public key Decrypt with private key Plaintext Ciphertext

14 Katz, Stoica F04 14 Generating Public and Private Keys  Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q  Chose encryption key e such that e and (p-1)*(q-1) are relatively prime  Compute decryption key d, where d = e -1 mod ((p-1)*(q-1)) (equivalent to d*e = 1 mod ((p-1)*(q-1)))  Public key consist of pair (n, e)  Private key consists of pair (d, n)

15 Katz, Stoica F04 15 RSA Encryption and Decryption  Encryption of message block m: -c = m e mod n  Decryption of ciphertext c: -m = c d mod n

16 Katz, Stoica F04 16 Example (1/2)  Choose p = 7 and q = 11  n = p*q = 77  Compute encryption key e: (p-1)*(q-1) = 6*10 = 60  chose e = 13 (13 and 60 are relatively prime numbers)  Compute decryption key d such that 13*d = 1 mod 60  d = 37 (37*13 = 481)

17 Katz, Stoica F04 17 Example (2/2)  n = 77; e = 13; d = 37  Send message block m = 7  Encryption: c = m e mod n = 7 13 mod 77 = 35  Decryption: m = c d mod n = 35 37 mod 77 = 7

18 Katz, Stoica F04 18 RSA Proof Sketch (1/4)  mod properties. Suppose a = b mod k, and c = d mod k. Then 1) a + c = (b + d) mod k 2) a*c = (b*d) mod k

19 Katz, Stoica F04 19 RSA Proof Sketch (2/4)  Theorem: Assume a and d are relatively primes, (a, d) = 1. Then a*b = a*c mod d implies b = c mod d Proof: Since (a, d) = 1, there exists m and n such that a*m + d*n = 1  a*m = -d*n + 1  a*m = 1 mod d (1) Then, we have a*b = (a*c) mod d  (a*m*b) = (a*m*c) mod d  (using mod additive property) a = c mod d (from (1))

20 Katz, Stoica F04 20 RSA Proof Sketch (3/4)  Euler Theorem: Let Φ(d) be the number of numbers less than d relative prime to d, and suppose (a, d) = 1. Then a Φ(d) = 1 mod d. Proof: Let a 1, a 2,.., a Φ(d) by the prime numbers to a. Then for all i (a i, 1) = 1, (a, d) = 1, and (a*a i, d) = 1. Note that (a*a i mod d) are Φ(d) relatively prime numbers (< d) to d. Thus, lists a 1, a 2, …, a Φ(d) and (a*a 1 ) mod n, (a*a 2 ) mod n, …, (a*a Φ(d) ) mod d, contain the same numbers! Using mod properties we have: (a*a 1 )*(a*a 2 )*.. *(a*a Φ(d) ) = (a 1 *a 2 *… *a Φ(d) ) mod d  a Φ(d) (a 1 *a 2 *… *a Φ(d) ) = (a 1 *a 2 *… *a Φ(d) ) mod d  (from prev. Theorem) a Φ(d) = 1 mod d

21 Katz, Stoica F04 21 RSA Proof Sketch (4/4)  Theorem: Suppose (1) p and q are primes, (2) n = pq, (3) e*d = 1 mod (p-1)(q-1), and (4) c = m e mod n. Then m = c d mod n Proof: Assume m = 1 mod p and m = 1 mod q (Otherwise much longer proof) Since p and q are primes Φ(p) = p -1, Φ(q) = q -1, and Φ(p*q) = (p-1)*(q-1). Since m = 1 mod (p*q) = 1 mod n, from Euler Theorem m Φ(n) = 1 mod n  m (p-1)(q-1) = 1 mod pq c e mod n = m (e*d) mod n = c (k*(p-1)(q-1) + 1) mod pq = m k*(p-1)(q-1)) * m mod pq  = m mod pq = m (since m < p*q)

22 Katz, Stoica F04 22 Properties  Confidentiality  A receiver A computes n, e, d, and sends out (n, e) -Everyone who wants to send a message to A uses (n, e) to encrypt it  How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A !)  Recall that d = e -1 mod ((p-1)*(q-1))  So to find d, you need to find primes factors p and q -This is provable very difficult

23 Katz, Stoica F04 23 Message Digest (MD) 5  Can provide data integrity -Used to verify the authentication of a message  Idea: compute a hash on the message and send it along with the message  Receiver can apply the same hash function on the message and see whether the result coincides with the received hash

24 Katz, Stoica F04 24 MD 5 (cont’d)  Basic property: digest operation very hard to invert - In practice someone cannot alter the message without modifying the digest Internet Digest (MD5) Plaintext digest Digest (MD5) = digest’ NO corrupted msg Plaintext

25 Katz, Stoica F04 25 Message Digest Operation  Transformation contains complex operations (see textbook) 512 bits Message (padded) Initial digest (constant) Transformation... Message digest

26 Katz, Stoica F04 26 Outline  Cryptographic Algorithms (Confidentiality and Integrity)  Authentication  System examples

27 Katz, Stoica F04 27 Authentication  Goal: Make sure that the sender an receiver are the ones they claim to be  Two solutions based on secret key cryptography (e.g., DES) -Three-way handshaking -Trusted third party  One solution based on public key cryptography (e.g., RSA) -Public key authentication

28 Katz, Stoica F04 28 Simple Three-Way Handshaking  E(m,k) – encrypt message m with key k  D(m,k) – decrypt m with key k  CHK and SHK – client and server shared secrete keys  SK – session key used for data communication -This reduces the number of messages containing CHK and SHK  Question: how are CHK and SHK communicated in the first place? clientId, E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(SK,SHK) client server

29 Katz, Stoica F04 29 Trusted Third Party  Trust a third party entity, authentication server  Scenario: A wants to communicate with B  Assumption: both A and B share secrete keys with S: K A and K B  Notations: -T: timestamp (also serves the purpose of a random number) -L: lifetime of the session -K: session’s key

30 Katz, Stoica F04 30 Trusted Third Party (cont’d) A,B E(T+1,K) E((T,L,K,B),K A ) E((T,L,K,A),K B ) E((A,T),K A ) E((T,L,K,A),K B ) S AB

31 Katz, Stoica F04 31 Public Key Authentication  Based on public key cryptography  Each side need only to know the other side’s public key -No secrete key need to be shared  A encrypts a random number x and B proves that it knows x  A can authenticate itself to be in the same way E(x, Public B ) x A B

32 Katz, Stoica F04 32 Outline  Cryptographic Algorithms (Confidentiality and Integrity)  Authentication  System examples

33 Katz, Stoica F04 33 Public Key Infrastructure (PKI)  System managing public key distribution on a wide-scale  Trust distribution mechanism  Allow any arbitrary level of trust

34 Katz, Stoica F04 34 PKI Properties  Authentication  via Digital Certificates  Confidentiality  via Encryption  Integrity  via Digital Signatures  Non–Repudiation  via Digital Signatures

35 Katz, Stoica F04 35 Components of a PKI

36 Katz, Stoica F04 36 Digital Certificate  Signed data structure that binds an entity with its corresponding public key -Signed by a recognized and trusted authority, i.e., Certification Authority (CA) -Provide assurance that a particular public key belongs to a specific entity

37 Katz, Stoica F04 37 Certification Authority  People, processes responsible for creation, delivery and management of digital certificates  Organized in an hierarchy CA-1CA-2 Root CA

38 Katz, Stoica F04 38 Registration Authority  People, processes and/or tools that are responsible for -Authenticating the identity of new entities (users or computing devices) -Requiring certificates from CA’s.

39 Katz, Stoica F04 39 Certificate Repository  A database which is accessible to all users of a PKI, contains: -Digital certificates, -Certificate revocation information -Policy information

40 Katz, Stoica F04 40 Example  Alice generates her own key pair. public key Alice private key Alice  Bob generates his own key pair.  Both sent their public key to a CA and receive a digital certificate public key Bob private key Bob

41 Katz, Stoica F04 41 Example  Alice gets Bob’s public key from the CA private key Alice public key Bob private key Bob public key Alice  Bob gets Alice’s public key from the CA

42 Katz, Stoica F04 42 Example Message Alice Bob HashMessageHash EncryptionDecryption Alice Private Alice Public Hash = ?  Alice use private key to sign: use public key cryptography to provide integrity

43 Katz, Stoica F04 43 Certificate Revocation  Process of publicly announcing that a certificate has been revoked and should no longer be used.  Approaches: -Use certificates that automatically time out -Use certificate revocation list -Use list that itemizes all revoked certificates in an on- line directory

44 Katz, Stoica F04 44 Pretty Good Privacy (PGP)  Provide -Authentication -Confidentiality  Application examples: file transfers, e-mail  Authentication weaker than PKI, but -Freely available -Not controlled by a government or standard organization

45 Katz, Stoica F04 45 PGP Services  Authentication  Digital signature; uses DSS/SHA or RSA/SHA  Confidentiality  Encryption, e.g., three-key triple DES or RSA  Also provides -Compression  Zip -E-mail compatibility  Radix-64 conversion -Segmentation

46 Katz, Stoica F04 46 PGP: Public Key Management  No rigid public key management scheme  Problem: how to get public key reliable -Possible solution: physically or by phone. Secure but unpractical  PGP solution: build a ”web of trust” -Assume you know several variably trusted users -Each of these indvidual can sign certificates for other users -Each signature has asociated a trust field indicating the level of trust in the certificate

47 Katz, Stoica F04 47

48 Katz, Stoica F04 48 What do You Need To Know  Security requirements  Cryptographic algorithms -How does DES and RSA work (no proof for RSA)  Authentication algorithms  Public key management, digital certificates (high level)

Download ppt "Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003."

Similar presentations

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google