Network Security Review

Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared key Encrypt MAC Left out: non-repudiation, etc.

Shared Key Establishment “Trusted third party” Kerberos Tickets Public key methods SSL IPSEC “Out-of-band”

Public Key Crypto

Public Key techniques Diffie-Hellman RSA N=pq; ed  1 (mod  (N)) Public:e,N;Private:d,N Encrypt M: C  M e modN Decrypt C: M  C d modN Sign M: S  M d mod N Verify S: S e  M (modN) AliceBob ab p, g m a  g a mod pm b  g b mod p mama mbmb m b a mod pm a b mod p=g ab mod p= shared secret key! Discrete log: Given y,p,b Find x: b x mod p = y ? Factoring: Given N=pq Find p,q

Discrete log based schemes DH (key establishment) DSS/DSA (signatures) El-Gamal (signatures, encryption) Elliptic Curves Cryptography (ECC) Why modulus (p) is so large? Little-step/giant-step attack

Factoring based RSA Square Roots (=Factoring) Rabin (Encryption, Signature) Fiat-Shamir (ID scheme, Signature)

World mod N How many objects? |Z * N |=  (N); for all z  Z * N, z  (N) mod N=1 If N=pq, then  (N)= (p-1)(q-1) [ If N=p, then  (N)= p-1 ] Blum integers: N=pq, p  q  3 (mod 4) Then x (p+1)/4 mod p= y; y 2  x (p+1)/2  x (p-1)/2 x  ±x mod p

Chinese Remainder Theorem (CRT) Given y 2  x mod p; z 2  x mod q; N=pq; Find s: s 2  x mod N More generally: Given a,A, b,B; Find x: x  a mod A, x  b mod B Let u, v be s.t. uA  1 mod B, vB  1 modA Then x=uAb+vBa [indeed: x mod A = uAb+vBa = vBa = a; x mod B = uAb+vBa = uAb = b] How to find u,v?

Extended GCD Euclid’s GCD algorithm (greatest common divisor): gcd(a,b) = gcd( b, a mod b) =…= gcd(a’,b’)=c a’=ib’+c, …, ax+by=c If gcd(a,b)=1: ax  1 mod b

Summary (factoring-based) RSA Given p,q; Can compute  (N), for N=pq; With Extended gcd, can compute e, d  1/e mod  (N); gcd(e,  (N)) must be 1 Rabin Using Blum integers can compute SQRT mod p,q Using CRT can combine them to SQRT mod N

Prime number generation Why? How? Exhaustive search Too long Miller-Rabin Little Fermat’s Theorem (again) Prime Number Theorem #of primes between R and 2R is  R/lnR i.e. Prob[ random R is a prime ]  1/lnR

Efficiency for all Exponentiation: Repetitive Squaring b A mod N takes  1.5 lg A long multiplications Cost of multiplication  quadratic in length Optimization: mod N  (mod p) + (mod q) +CRT Watch out!

Attacks on factoring  (N), N => factoring (quadratic equation) Trick: obtain x, s.t. x  0 mod p, x mod q  0 gcd(x, N)=p SQRT modN => Factoring v  y 2 mod N; z  SQRT modN (v) If z  ±y, then x  y-z Computing (mod p) + (mod q) + CRT Random error mod p (or mod q) => factoring

Other Crypto Encryption Hashing MACs

Encryption One time pad Block cipher DES Feistel approach AES/Rijndael Modes of operation EBC, CFB, CBC, etc. Stream ciphers RC-4 Pseudo-random generators

Hashing Hashing algorithms MD-5 SHA Applications Digital signatures MAC

Systems Certificates SSL IPSEC Kerberos

Certificates X-509 CA’s Trust infrastructure Hierarchical X.509 Networks of Trust PGP

SSL TCP level secure channel Establish Shared Secret DH+Certificates [+signatures] RSA+Certificates [+signatures] Kerberos [TLS]  Do not confuse with Kerberos over SSL/TLS Encrypt & MAC Usually authenticates only server Client authentication possible Typical application: HTTPS

IPSEC IP level secure channel Similar tools to SSL Some traffic confidentiality Both ends authenticated Tunneling Typical application:VPN

Kerberos Key-Distribution Centers approach Trusted Third Party – another term Authentication Server Ticket Granting Servers Tickets Realms

Other topics Firewalls Non-repudiation SET

Final: Tuesday May am See you there! Best of Luck!!!