CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

Slides:



Advertisements
Similar presentations
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Advertisements

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter3 Public-Key Cryptography and Message Authentication.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 13 Message Signing
Lecture 23 Symmetric Encryption
Public Key Algorithms 4/17/2017 M. Chatterjee.
Katz, Stoica F04 EE 122: (More) Network Security November 5, 2003.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.
Lecture 6: Public Key Cryptography
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Introduction to Public Key Cryptography
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Electronic Mail Security
©Copyrights 2011 Eom, Hyeonsang All Rights Reserved Distributed Information Processing 20 th Lecture Eom, Hyeonsang ( 엄현상 ) Department of Computer Science.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Midterm Review Cryptography & Network Security
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Public Key Encryption CS432 – Security in Computing Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
CSCE 815 Network Security Lecture 8 SHA Operation and Kerberos.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Lecture 23 Symmetric Encryption
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
Advanced Computer Networks
Basic Network Encryption
PART VII Security.
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Chapter 3 - Public-Key Cryptography & Authentication
Basic Network Encryption
Presentation transcript:

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private Key mechanism - RSA Digital Certificate DH algorithm

Confidentiality, Integrity and Authentication CN8816: Network Security 2 1. Symmetric Key Algorithm Encryption Confidentiality - Keeping information out of the hands of unauthorized users Technique: Data Encryption

Confidentiality, Integrity and Authentication CN8816: Network Security 3 1. Symmetric Key Algorithm Symmetric Key encryption encryption and decryption use the same key Data Encryption Standard (DES) Advanced Encryption Standard (AES) EncryptionDecryption Plain Text P Cipertext C Plain Text P Ks Same key

1. Symmetric Key Algorithm Electronic Codebook (ECB) Mode The plain text is divided into a number blocks with fixed size DES – block size = 64 bits AES – block size = 128 bits Each block is encrypted and decrypted independently Confidentiality, Integrity and Authentication CN8816: Network Security 4 B 1 B n B N Plain text with padding En Ks En Ks En Ks C1C1 CnCn CNCN …… ……

Confidentiality, Integrity and Authentication CN8816: Network Security 5 1. Symmetric Key Algorithm DES Algorithm Data is divided into 64-bit blocks Basic operation: F( ) + K N+1

Confidentiality, Integrity and Authentication CN8816: Network Security 6 1. Symmetric Key Algorithm Both encryption and decryption processes consist of 16 rounds of basic operation Encryption and decryption have the same structure Permutation Basic Operation 1 Basic Operation 16 Inverse Permutation LeftRight … Key Key expansion … k1/k16 k16/k1 Input Output

Confidentiality, Integrity and Authentication CN8816: Network Security 7 1. Symmetric Key Algorithm DES3 Cascading three DES blocks to support a longer key length Supports key lengths of 56, 112, and 168 DES Encryp. DES Decryp. DES Encryp. key1key2key3 plaintext ciphertext

Confidentiality, Integrity and Authentication CN8816: Network Security 8 1. Symmetric Key Algorithm Cipher block chaining (CBC) mode Initial Vector (IV)

Confidentiality, Integrity and Authentication CN8816: Network Security 9 1. Symmetric Key Algorithm AES Use the concept of multiplicative inversion P(x)*P -1 (x) = 1 Basic 8-bit multiplication operation: ( P(x) * Q(x) ) mod ( x 8 +x 4 +x 3 +x+1) x 8 +x 4 +x 3 +x+1 is an irreducible polynomial With the defined multiplication operation, all the 8-bit numbers, except zero, have their own inverses Example: the inverse of x 7 +x 3 +x 2 +1 is x, for (x 7 +x 3 +x 2 +1)*x mod ( x 8 +x 4 +x 3 +x+1) = 1

Confidentiality, Integrity and Authentication CN8816: Network Security Symmetric Key Algorithm AES consists of N rounds of basic operation N= 10, 12, or 14 for the key size of 128, 192, or 256, respectively Basic Operation 1 Basic Operation N-1 … Key Key expansion … k1k1 K (N-1) Input Output + k0k0 Sub-byte and shift row KNKN

Confidentiality, Integrity and Authentication CN8816: Network Security Symmetric Key Algorithm AES Basic operation

1. Symmetric Key Algorithm SubByte Processing From P i,j, find Inv(P i,j ) P i,j Inv(P i,j ) Mod (x 8 +x 4 +x 3 +x+1) = 1 Inv(P i,j ) is then multiplied with a fixed 8x8 binary matrix and then added with a fixed binary vector Confidentiality, Integrity and Authentication CN8816: Network Security 12 c b 0 1 c b 1 1 c b 2 0 c b 3 0 c b 4 0 c b 5 1 c b 6 1 c b 7 0 = + S i,j = B 1 Inv(P i,j ) + B 2

1. Symmetric Key Algorithm ShiftRow Confidentiality, Integrity and Authentication CN8816: Network Security 13 S 0,0 S 0,1 S 0,2 S 0,3 S 1,0 S 1,1 S 1,2 S 1,3 S 2,0 S 2,1 S 2,2 S 2,3 S 3,0 S 3,1 S 3,2 S 3,3 S 0,0 S 0,1 S 0,2 S 0,3 S 1,1 S 1,2 S 1,3 S 1,0 S 2,2 S 2,3 S 2,0 S 2,1 S 3,3 S 3,0 S 3,1 S 3,2 R0R0 R1R1 R2R2 R3R3 R 0 (x) = S 3,3 x 3 + S 2,2 x 2 + S 1,1 x + S 0,0 R 1 (x) = S 3,0 x 3 + S 2,3 x 2 + S 1,2 x + S 0,1 R 2 (x) = S 3,1 x 3 + S 2,0 x 2 + S 1,3 x + S 0,2 R 3 (x) = S 3,2 x 3 + S 2,1 x 2 + S 1,0 x + S 0,3

1. Symmetric Key Algorithm MaxColumns transform Z i = a(x) × R i (x) (mod) x a(x) = {03}x 3 + {01}x 2 + {01}x + {02} Z i = A R i A = The product of the multiplication of the two coefficients is still limited to the finite field of 8 bits Applying modular operation with the modulus of x 8 + x 4 + x 3 + x + 1 Confidentiality, Integrity and Authentication CN8816: Network Security

1. Symmetric Key Algorithm AddRoundKey Transformation Confidentiality, Integrity and Authentication CN8816: Network Security 15 Z 0,0 Z 0,1 Z 0,2 Z 0,3 Z 1,0 Z 1,1 Z 1,2 Z 1,3 Z 2,0 Z 2,1 Z 2,2 Z 2,3 Z 3,0 Z 3,1 Z 3,2 Z 3,3 Xor K 0,0 K 0,1 K 0,2 K 0,3 K 1,0 K 1,1 K 1,2 K 1,3 K 2,0 K 2,1 K 2,2 K 2,3 K 3,0 K 3,1 K 3,2 K 3,3 Round Key E 0,0 E 0,1 E 0,2 E 0,3 E 1,0 E 1,1 E 1,2 E 1,3 E 2,0 E 2,1 E 2,2 E 2,3 E 3,0 E 3,1 E 3,2 E 3,3 Encrypted output

Confidentiality, Integrity and Authentication CN8816: Network Security Data Integrity Message Digest The digest is the hash function of a message A small change of the message will completely change the hash value Data: … Hash Data: … Hash

Confidentiality, Integrity and Authentication CN8816: Network Security Data Integrity Hash algorithms MD-5: 512-bit block, 128-bit hash Secure Hash Algorithm (SHA) SHA-1: 512-bit block, 160-bit hash SHA-224: 512-bit block, 224-bit hash SHA-256: 512-bit block, 256-bit hash SHA-384: 1024-bit block, 385-bit hash SHA-512: 1024-bit block, 512-bit hash

Confidentiality, Integrity and Authentication CN8816: Network Security Data Integrity SHA-512 Message Padding The padding includes the padding and length fields The length field holds the value of the message length The padding field contains the bit pattern 100…00 Message100…00 Length 128 Integer multiple of 1024-bit blocks Padding

Processing overview M 1 M 2 … M i … M N Confidentiality, Integrity and Authentication CN8816: Network Security Data Integrity Expansion Hashing W 0 …W 79 a=H 0 (0) … h=H 7 (0) a=H 0 (1) … h=H 7 (1) a=H 0 (i-1) … h=H 7 (i-1) a=H 0 (N-1) … h=H 7 (N-1) W 0 …W 79 HASH H 0 (N)|| … ||H 7 (N)

Confidentiality, Integrity and Authentication CN8816: Network Security Data Integrity Keyed Hashing for Message Authentication (HMAC) Provides data integrity between two security entities sharing the secret key Keyed hash = Hash(K+opad, Hash(K+ipad, text)) K = Concatenation(Key, (M-Key_size) of zeros) ipad = (Ox36) repeated M times opad = (Ox5C) repeated M times M = Hash function message block size (in bytes) The hash function can be either MD5 or SHA

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism Public/Private Key – RSA and ECC (Elliptic Curve Cryptography) Consists of a private key and a public key pair Public key can be known by the public

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism RSA algorithm: Select two large prime numbers, P and Q Select an odd number E such that E and (P-1)(Q-1) are relative prime Find a number D, which is the multiplicative inverse of E, such that DE modulo (P-1)(Q-1) = 1 Public key = (E, PQ) Private key = (D, PQ) Encrytion/Decryption: Cipher Text (C) = M E mod PQ Origin Text (M) = C D mod PQ = M ED mod PQ

RSAES-OAEP algorithm Provides integrity check to counter the chosen cipher attack 3. Private/Public Key Mechanism Confidentiality, Integrity and Authentication CN8816: Network Security 23 LHash hash padding Ox01 secret seed O + O + MGF Ox00 masked seed Masked Data BlockEncryption Public_key cipher text

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism Session Key Encryption Application Second message authenticates Bob Third message authenticates Alice 1. Eb(A, Na) 2. Ea(Na, Nb, Ks) 3. Ks(Nb) Eb = encryption using Bob’s public key Ea = encryption using Alice’s public key Ks = session key Data encrypted with Ks

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism Digital Signature Application Private/public key pair and hash function

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism A public key is used to verify the digital signature

Confidentiality, Integrity and Authentication CN8816: Network Security Private/Public Key Mechanism Example: PGP (Pretty Good Privacy) 1. signed with the sender’s private key 2. encrypted with the session key 3. encrypted with the recipient’s public key 4. decrypted with the recipient’s private key 5. decrypted with the session key 6. verify the signature using the sender’s public key

Confidentiality, Integrity and Authentication CN8816: Network Security Digital Certificate Digital Certificate provides a more scalable authentication approach The certificate is issued and signed by the certificate authority (CA) 1. Certificate request 2. Certificate Certificate Verification of the certificate

Confidentiality, Integrity and Authentication CN8816: Network Security Digital Certificate Signing of the certificate

Confidentiality, Integrity and Authentication CN8816: Network Security Digital Certificate Verification of the certificate Equal?

Confidentiality, Integrity and Authentication CN8816: Network Security Digital Certificate CA Hierarchical structure the root CA delegates the certification authority to the intermediate CA

Public Key Infrastructure (PKI) To enable secure, convenient, and efficient acquisition of public keys using digital certificate PKI architecture model: User 4. Digital Certificate Confidentiality, Integrity and Authentication CN8816: Network Security 32 End entity CA CRL issuer CA Regist. Auth. Cert/CRL Repository Management Cert/CRL retrieval registration revocation cross certification CRL pub. Cert pub. Cert/CRL pub.

Confidentiality, Integrity and Authentication CN8816: Network Security 33 Diffie-Hellman Key Exchange Used to generate a common secret (symmetric) key 5. DH Algorithm Alice generates a large random number x Bob generates a large random number y g x mod n g y mod n key = g xy mod n

Confidentiality, Integrity and Authentication CN8816: Network Security DH Algorithm DH exchange is susceptible to the man-in-the-middle attack Peers must require authentication Alice Bob Trudy g a mod n g a’ mod n g b mod n g b’ mod n g ab’ mod n g a’b mod n Trudy can intercept the messages exchanged between Alice and Bob

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.