Chapters 8 Network Security

Slides:



Advertisements
Similar presentations
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Principles, Symmetric Key Cryptography, Public Key Cryptography Professor Rick Han University of Colorado at Boulder
CSE401n:Computer Networks
Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder
Network Security understand principles of network security:
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Chapters 9 and 8 Samba/SMB, Network Security Professor Rick Han University of Colorado at Boulder
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Chapter 12 Cryptography (slides edited by Erin Chambers)
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Chapter 20 Symmetric Encryption and Message Confidentiality.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Network Security Principles, Symmetric Key Cryptography, Public Key Cryptography Modified by Xiuzhen Cheng Originally provided by Professor Rick Han
Midterm Review Cryptography & Network Security
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Lecture 23 Symmetric Encryption
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Lecture 3: Symmetric Key Encryption
Network Security Basics
PART VII Security.
Security: Public Key Cryptography
Presentation transcript:

Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder rhan@cs.colorado.edu

Prof. Rick Han, University of Colorado at Boulder Announcements Programming Assignment #3 due May 2 HW #4 handed back today, solutions on Web tonight In Chapter 8, read all sections. Need a volunteer for FCQ’s. Next, Network Security Prof. Rick Han, University of Colorado at Boulder

Recap of Previous Lecture Samba/SMB Enables file-sharing between UNIX and Windows SMB is basis of Windows’ Network Neighborhood Originally built on top of NETBIOS, now directly above TCP/UDP Samba server on Linux emulates SMB protocol, enables Windows client to see Linux files Security Confidentiality Authentication Authorization Integrity Non-repudiation Availability Prof. Rick Han, University of Colorado at Boulder

Recap of Previous Lecture (2) Cryptography Plaintext -> encryption -> ciphertext -> decryption -> plaintext Modern encryption algorithms use secret keys Algorithm itself can be known Cryptanalysis attacks: Brute force Cipher-text only Plaintext-only Chosen-plaintext Adaptive Chosen-plaintext = differential cryptanalysis Prof. Rick Han, University of Colorado at Boulder

Prof. Rick Han, University of Colorado at Boulder Cryptography plaintext Encryption ciphertext Decryption plaintext Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published Encryption Decryption plaintext ciphertext Key KA Key KB Prof. Rick Han, University of Colorado at Boulder

Principles of Confusion and Diffusion Encryption Decryption plaintext ciphertext Key KA Key KB Terms courtesy of Claude Shannon, father of Information Theory “Confusion” = Substitution a -> b Caesar cipher “Diffusion” = Transposition or Permutation abcd -> dacb DES Prof. Rick Han, University of Colorado at Boulder

Principles of Confusion and Diffusion (2) “Confusion” : a classical Substitution Cipher Courtesy: Andreas Steffen Modern substitution ciphers take in N bits and substitute N bits using lookup table: called S-Boxes Prof. Rick Han, University of Colorado at Boulder

Principles of Confusion and Diffusion (3) “Diffusion” : a classical Transposition cipher Courtesy: Andreas Steffen modern Transposition ciphers take in N bits and permute using lookup table : called P-Boxes Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography Encryption Decryption plaintext ciphertext Key KA Key KB=KA Secure Key Distribution Both sender and receiver keys are the same: KA=KB The keys must be kept secret and securely distributed – we’ll study this later Thus, also called “Secret Key Cryptography” Data Encryption Standard (DES) Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (2) DES 64-bit input is permuted 16 stages of identical operation differ in the 48-bit key extracted from 56-bit key - complex R2= R1 is encrypted with K1 and XOR’d with L1 L2=R1, … Final inverse permutation stage Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (3) Data Encryption Standard (DES) Encodes plaintext in 64-bit chunks using a 64-bit key (56 bits + 8 bits parity) Uses a combination of diffusion and confusion to achieve security Was cracked in 1997 Parallel attack – exhaustively search key space Triple-DES: put the output of DES back as input into DES again with a different key, loop again: 3*56 = 168 bit key Decryption in DES – it’s symmetric! Use KA again as input and then the same keys except in reverse order Advanced Encryption Standard (AES) successor Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (4) DES is an example of a block cipher Divide input bit stream into n-bit sections, encrypt only that section, no dependency/history between sections Courtesy: Andreas Steffen In a good block cipher, each output bit is a function of all n input bits and all k key bits Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (5) Electronic Code Book (ECB) mode for block ciphers of a long digital sequence Vulnerable to replay attacks: if an attacker thinks block C2 corresponds to $ amount, then substitute another Ck Attacker can also build a codebook of <Ck, guessed Pk> pairs Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (6) Cipher Block Chaining (CBC) mode for block ciphers Inhibits replay attacks and codebook building: identical input plaintext Pi =Pk won’t result in same output code due to memory-based chaining IV = Initialization Vector – use only once Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (7) Stream ciphers Rather than divide bit stream into discrete blocks, as block ciphers do, XOR each bit of your plaintext continuous stream with a bit from a pseudo-random sequence At receiver, use same symmetric key, XOR again to extract plaintext Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (8) RC4 stream cipher by Ron Rivest of RSA Data Security Inc. – used in 802.11b’s security Block ciphers vs. stream ciphers Stream ciphers work at bit-level and were originally implemented in hardware => fast! Block ciphers work at word-level and were originally implemented in software => not as fast Error in a stream cipher only affects one bit Error in a block cipher in CBC mode affects two blocks Distinction is blurring: Stream ciphers can be efficiently implemented in software Block ciphers getting faster Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (9) Symmetric key is propagated to both endpoints A & B via Diffie-Hellman key exchange algorithm A & B agree on a large prime modulus n, a “primitive element” g, and a one-way function f(x)=gx mod n n and g are publicly known A chooses a large random int a and sends B AA=ga mod n B chooses a large random int b and sends A BB= gb mod n A & B compute secret key S = gba mod n Since x=f-1(y) is difficult to compute, then observer who knows AA, BB, n, g and f will not be able to deduce the product ab and hence S is secure Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography Encryption Decryption plaintext ciphertext Key KPUBLIC Key KPRIVATE For more than 2000 years, from the time of Caesar up to the 1970s, encrypted communication required that both sides shared a common secret key Diffie and Hellman in 1976 invented asymmetric public key cryptography – elegant, revolutionary! No longer need both sides to share a secret key Can be used for authentication and digital signatures in addition to encryption! Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (2) Encryption Decryption plaintext ciphertext Key KPUBLIC Key KPRIVATE Public Key Distribution Secure Key Host who wants data sent to it advertises a public encryption key Kpublic Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext, even though attacker knows the public key Kpublic and the encryption algorithm Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (3) Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext Based on the difficulty of factoring the product of two prime #’s Example: RSA algorithm (Rivest, Shamir, Adleman) Choose 2 large prime #’s p and q n=p*q should be about 1024 bits long z=(p-1)*(q-1) Choose e<n with no common factors with z Find d such that (e*d) mod z = 1 Public key is (n,e), private key is (n,d) Message m is encrypted to c = me mod n Ciphertext c is decrypted m = cd mod n Prof. Rick Han, University of Colorado at Boulder

RSA example: A host chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. e c = m mod n e letter m m encrypt: “L” 12 1524832 17 c d m = c mod n d c letter decrypt: 17 12 481968572106750915091411825223072000 “L” Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (4) Provides security because: There are no known algorithms for quickly factoring n=p*q, the product of two large prime #’s If we could factor n into p and q, then it would be easy to break the algorithm: have n, p, q, e, then just iterate to find decryption key d. Incredibly useful property of public-key cryptography: m = cd mod n = (me)d mod n = (md)e mod n Thus, can swap the order in which the keys are used. Example: can use private key for encryption and a public key for decryption – will see how it is useful in authentication! Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (5) Public-key cryptography is slow because of the exponentiation: m = cd mod n = (me)d mod n = (md)e mod n From 21-64 kbps (1024-bit value for n) So, don’t use it for time-sensitive applications and/or use only for small amounts of data – we’ll see how SSL makes use of this A 512 bit number (155 decimals) was factored into two primes in 1999 using one Cray and 300 workstations 1024 bit keys still safe Prof. Rick Han, University of Colorado at Boulder

Authentication (1) Both sender and receiver need to verify the identity of the other party in a communication: Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? Trudy says “I am Alice” Prof. Rick Han, University of Colorado at Boulder

Prof. Rick Han, University of Colorado at Boulder Authentication (2) Protocol ap2.0: Alice says “I am Alice” and sends her IP address along to “prove” it. Failure scenario?? Trudy says “I am Alice”, Alice’s IP address IP spoofing is easy. Some router’s don’t forward if IP src addr doesn’t match src LAN, but not all Prof. Rick Han, University of Colorado at Boulder

Prof. Rick Han, University of Colorado at Boulder Authentication (3) Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario? Trudy says “I am Alice”, Alice’s password Telnet sents passwords in the clear Prof. Rick Han, University of Colorado at Boulder

Prof. Rick Han, University of Colorado at Boulder Authentication (4) Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. I am Alice encrypt(password) Failure scenario? Trudy says “I am Alice”, Alice’s encrypted password Replay or playback attack: Trudy replays encrypted password without needing to know actual password Prof. Rick Han, University of Colorado at Boulder

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.