Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Slides:



Advertisements
Similar presentations
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Advertisements

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks
Network Security understand principles of network security:
Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Public Key Model 8. Cryptography part 2.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
Network Security7-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
Chapter 8, slide: 1 ECE/CS 372 – introduction to computer networks Lecture 18 Announcements: r Final exam will take place August 13 th,2012 r HW4 and Lab5.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Prof. Younghee Lee 1 1 Computer Networks u Lecture 13: Network Security Prof. Younghee Lee * Some part of this teaching materials are prepared referencing.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
1 Symmetric key cryptography: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64 bit plaintext input How secure.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Network Security7-1 Chapter 7: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network security Cryptographic Principles
Chapter 8: Network Security
Cryptography Reference: Network Security
Cryptography Reference: Network Security
What is network security?
Chapter 7 Network Security
ECE/CS 372 – introduction to computer networks Lecture 16
Basic Network Encryption
Chapter 8: Network Security
Chapter 8: Network Security
Network Security Basics
Protocol ap1.0: Alice says “I am Alice”
Protocol ap1.0: Alice says “I am Alice”
Cryptography Reference: Network Security
Basic Network Encryption
Chapter 8: Network Security
Chapter 8 roadmap 8.1 What is network security?
Chapter 8: Network Security
Presentation transcript:

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger

Cryptography  Encryption  Scramble data so that only someone with a secret can make sense of the data.  Decryption  Descrambling encrypted data. Cryptography 2

The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B Cryptography 3

Symmetric key cryptography substitution cipher: substituting one thing for another  monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Q: How hard to break this simple cipher?  brute force?  other? Cryptography 4

Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K  e.g., key is knowing substitution pattern in mono alphabetic substitution cipher  Q: how do Bob and Alice agree on key value? plaintext ciphertext K A-B encryption algorithm decryption algorithm A-B K plaintext message, m K (m) A-B K (m) A-B m = K ( ) A-B Cryptography 5

DES: Data Encryption Standard  US encryption standard [NIST 1993]  56-bit symmetric key, 64-bit plaintext input  How secure is DES?  DES Challenge: 56-bit-key-encrypted phrase “Strong cryptography makes the world a safer place” decrypted (brute force) in 4 months  no known “backdoor” decryption approach  making DES more secure:  use three keys sequentially (3-DES) on each datum  use cipher-block chaining Cryptography 6

DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation Cryptography 7

AES: Advanced Encryption Standard  symmetric-key NIST standard  replacing DES  Nov 2001  processes data in 128 bit blocks  128, 192, or 256 bit keys  brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES Cryptography 8

Block Cipher 64-bit input T1T1 8bits 64-bit scrambler 64-bit output loop for n rounds T2T2 T3T3 T4T4 T6T6 T5T5 T7T7 T8T8  one pass through: input bit affects eight output bits  multiple passes: each input bit afects all output bits  block ciphers: DES, 3DES, AES Cryptography 9

public key cryptography  radically different approach  Diffie-Hellman76, RSA78  sender, receiver do not share secret key  public encryption key known to all  private decryption key known only to receiver Public key cryptography symmetric key crypto  requires sender, receiver know shared secret key  Q: how to agree on key in first place  particularly if never “met”? Cryptography 10

Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B - Cryptography 11

Public key encryption algorithms need K ( ) and K ( ) such that B B.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adleman algorithm + - K (K (m)) = m B B Cryptography 12

RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”) 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ) 5. Public key is (n,e). Private key is (n,d). K B + K B - Cryptography 13

RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c Cryptography 14

RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. letter m m e c = m mod n e l c m = c mod n d c d letter l encrypt: decrypt: Cryptography 15

RSA: Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) Cryptography 16

RSA: another important property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same! Cryptography 17

Using Keys  Private keys are used for decrypting  Public keys are used for encrypting encryption plaintextciphertext public key decryption ciphertext plaintext private key Cryptography 18

Transmitting over an insecure channel Alice wants to send Bob a private message. A public is Alice’s public key. A private is Alice’s private key. B public is Bob’s public key. B private is Bob’s private key. Cryptography 19

Cryptography 20 Hello Bob, Wanna get together? AliceBob encrypt using B public decrypt using B private

Cryptography 21 AliceBob decrypt using A private encrypt using A public OK Alice, Your place or mine?

Bob’s Dilemma  Nobody can read the message from Alice, but anyone could produce it.  How does Bob know that the message was really sent from Alice?  Bob may be comforted to know that only Alice can read his reply. Cryptography 22

Alice can sign her message!  Alice can create a digital signature and prove she sent the message  or someone with knowledge of her private key  The signature can be a message digest encrypted with A private. Cryptography 23

Message Digest  Also known as “hash function” or “one-way transformation”.  Transforms a message of any length and computes a fixed length string.  We want it to be hard to guess what the message was given only the digest.  Guessing is always possible. Cryptography 24

Digital Signature  Public key cryptography is also used to provide digital signatures signing plaintextsigned message private key verification signed message plaintext public key Cryptography 25

Alice’s Signature  Alice feeds her original message through a hash function and encrypts the message digest with A private.  Bob can decrypt the message digest using A public.  Bob can compute the message digest himself.  If the 2 message digests are identical, Bob knows Alice sent the message. Cryptography 26

Revised Scheme Cryptography 27 AliceBob Sign with A private check signature using A public encrypt using B public decrypt using B private

Why the digest?  Alice could just encrypt her name, and then Bob could decrypt it with A public.  Why wouldn’t this be sufficient?  Suppose Alice denies she sent the message?  Bob can prove that only someone with Alice’s key could have produced the message. Cryptography 28

Solution?  Always start your messages with:  Dear Mehmet,  Create a digest from the encrypted message and sign that digest.  There are many other schemes as well. Cryptography 29

Speed  Secret key encryption/decryption algorithms are much faster than public key algorithms.  Many times a combination is used:  use public key cryptography to share a secret key.  use the secret key to encrypt the bulk of the communication. Cryptography 30

Goal: Bob wants Alice to “prove” her identity to him Authentication Protocol 1.0: Alice says “I am Alice” Failure scenario?? “I am Alice” Cryptography 32

Goal: Bob wants Alice to “prove” her identity to him Authentication Protocol 1.0: Alice says “I am Alice” in a network, Bob cannot “see” Alice, so Trudy simply declares herself to be Alice “I am Alice” Cryptography 33

Authentication: another try Protocol 2.0: Alice says “I am Alice” in an IP packet containing her source IP address Failure scenario?? “I am Alice” Alice’s IP address Cryptography 34

Authentication: another try Trudy can create a packet “spoofing” Alice’s address “I am Alice” Alice’s IP address Protocol 2.0: Alice says “I am Alice” in an IP packet containing her source IP address Cryptography 35

Authentication: another try Protocol 3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario?? “I’m Alice” Alice’s IP addr Alice’s password OK Alice’s IP addr Cryptography 36

Authentication: another try playback attack: Trudy records Alice’s packet and later plays it back to Bob “I’m Alice” Alice’s IP addr Alice’s password “I’m Alice” Alice’s IP addr Alice’s password Protocol 3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Cryptography 37 OK Alice’s IP addr

Authentication: yet another try Protocol 3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Failure scenario?? “I’m Alice” Alice’s IP addr encrypted password OK Alice’s IP addr Cryptography 38

Authentication: yet another try Record and playback still works! “I’m Alice” Alice’s IP addr encrypted password “I’m Alice” Alice’s IP addr encrypted password Protocol 3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Cryptography 39 OK Alice’s IP addr

Authentication: yet another try Goal: avoid playback attack Nonce: number (R) used only once–in-a-lifetime 4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Cryptography 40

Authentication: ap5.0 ap4.0 requires shared symmetric key  can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” R Bob computes K (R) A - “send me your public key” K A + (K (R)) = R A - K A + and knows only Alice could have the private key, that encrypted R such that (K (R)) = R A - K A + Cryptography 41

ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice R T K (R) - Send me your public key T K + A K (R) - Send me your public key A K + T K (m) + T m = K (K (m)) + T - Trudy gets sends m to Alice encrypted with Alice’s public key A K (m) + A m = K (K (m)) + A - R Cryptography 42

ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect:  Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation)  problem is that Trudy receives all messages as well! Cryptography 43

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.