Network Security – Special Topic on Skype Security.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Network Security understand principles of network security:
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Diffie-Hellman Key Exchange
Computer Science Public Key Management Lecture 5.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
Introduction to Public Key Cryptography
Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Digital Signatures, Message Digest and Authentication Week-9.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Key Management Network Systems Security Mort Anvari.
Network Security. Three tools Hash Function Block Cipher Public Key / Private Key.
Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli Alger.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Network security Cryptographic Principles
Digital Signatures.
Network Security.
PART VII Security.
CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping
Chapter 4 Cryptography / Encryption
Network Security.
Security: Public Key Cryptography
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

Network Security – Special Topic on Skype Security

Is Skype Secure? Skype is used to call from one PC to another PC. Think about it, your conversation is carried by routers in the Internet. If someone owns a router logs everything, can he figure out what you just told your friend? The answer is, they cannot and Skype is secure. Actually governments are complaining about it because the police cannot eavesdrop the call.

All data is encrypted Everything the sender sends out will be encrypted by AES (Advanced Encryption Standard). So the encryption makes the data seen at the routers unreadable. In this sense, Skype is secure from one Skype end to the other Skype end.

Block Cipher AES is a Block Cipher, means that it maps a fixed-length (128 bits) input to a fixed-length (128 bits) output. Given the same input bits, the Block Cipher always returns the same output bits. So, it is a mapping from the input to the output. The decryption algorithm is just the reverse mapping.

The Key The AES algorithm is known to the world. So if you can use AES to encrypt your data, anyone will be able to use the AES to decrypt your data and you achieved nothing. So, you must make your encryption unique, even if you are using a well-known algorithm. How? By having a key. The key is unique to each session and the encryption result for one key is unique to other keys.

How AES works AES takes 128-bit input and turn it into 128-bit output with the help of a 128 bit key (or 192, or 256). (Skype uses 256 bit key) 1.The key is expanded into 11 sub-keys (K0, K1, …, K10.) 2.s = M xor K0. 3.Then the following is executed 10 rounds. 1.s = SBOX(s). 2.s = shift_row(s). 3.s = mix_col(s) [if not the last round] 4.s = s xor Ki. 4.Return s.

The S BOX simply maps the input to an output according to a predetermined mapping. The shift_row() does the following. Regard the 16-byte s as a 4 by 4 matrix. s0 s4 s8 s12 s1 s5 s9 s13 s2 s6 s10 s14 s3 s7 s11 s15 s0 s1 s2 s3 s5 s9 s13 s1 S10 s14 s2 s6 s15 s3 s7 s11 The mix_col does the following. ai is4 bytes a0 a1 a2 a3 = a0 a1 a2 a3

The Integer Counter Mode Skype does not encrypt the messages directly in this way. It xores the plaintext (message) with the output of AES when taking a counter as input. Just to run faster.

Problem solved? So, is the problem solved? No. How about the key? How can two Skype ends agree on the same key? Can one end send the key to the other end in plaintext?

The public/private key. Everyone has a public key and private key. With B’s public key (pkB) A can encode data that only B can decode with his private key (skB) because other people does not have B’s private key. D_skB[E_pkB(W)] = W E_pkB[D_skB(W)] = W

The public/private key So, A can choose a 128-bit string W as the session key and send E_pkB(W) to B. B runs the decryption algorithm to get D_skB[E_pkB(W)] = W. Skype actually asks two ends to both contribute 128 bits to make the 256-bit session key.

The RSA algorithm The RSA algorithm is used to get the public key/private key. 1.Choose two large primes, p and q. 2.Compute n=pq and z=(p-1)(q-1). 3.Choose a number relatively prime to z and call it d. 4.Find e such that ed = 1 mod z. (e,n) is the public key for encoding and (d,n) is the private key for decoding.

The RSA algorithm To encrypt a message M, C=M^e mod n. To decrypt from C, M = C^d mod n. You can verify (non-trivial!) that D_skB[E_pkB(M)] = M and E_pkB[D_skB(M)] = M.

Why is RSA secure? The problem is, given (d,n), can you figure out e? It is difficult. You can try to find p and q given n. If you indeed can, then you get z. Given z and d, you get e. But it is difficult to factor large numbers.

Problem solved? If someone calls you and claimed that he is Bob, how can you be sure he is indeed Bob before saying things confidential? Imagine that someone impersonates your spouse and ask you to tell her/him your bank password with Skype chat.

Authentication If someone claims he is A, how do you verify? He should present something to you which you can check and which he can have if and only if he is A. We can all think of certain things for our real friends, but does such thing exist in the electronic world?

The solution Recall that everyone has a public key and a private key. Suppose Alice and Bob knows each other’s public key. – If Alice wants to setup a session with Bob, she sends Bob a message E_pkB[Alice, R_a], meaning that I am Alice and I want to talk to you, where R_a is a number picked at random. – Bob replies E_pkA[R_a, R_b, K_s], where R_b is a number picked at random and K_s is the session key. – Alice replies AES_K_s[R_b]. (not exactly the same as Skype’s own protocol, but the idea is the same)

Explanations Message 2. When Alice gets E_pkA[R_a, R_b, K_s], she can decrypt it and can get R_a, R_b, K_s. When she sees R_a, she knows that this is the response she is waiting for and the sender must be Bob. Why? Because no one except Bob knows how to decode E_pkB[Alice, R_a] to get R_a and R_a is totally random and it is impossible for one to guess it right.

Explainations Message 3. When Bob gets AES_K_s[R_b], he can use K_s to decode it to get R_b. Then he knows that this must be the message he is waiting for and the one who sent the first message must be Alice. Why? Because no one except Alice knows how to decode E_pkA[R_a, R_b, K_s] to get R_b and K_s to get AES_K_s[R_b].

Is problem solved? How can Alice and Bob know each other’s public key? Can Alice send a message to Bob to ask him to send her pkB? No. Tom may intercept this message and return Alice a message with his key or some junk.

Solution? Ask someone with authority, say, C. – Alice asks C “can you tell me the public key of Bob?” – C replies “Here you are, pkB.” Will this work? No. Because how can Alice be sure that this message is from C and not from Tom?

Solution Because C is well-known, Alice remembers his public key. So when C sends Alice the reply, he “signs” it with his private key: D_skC(pkB, I am sending you the public key of Bob as you requested). When Alice gets this message, she knows that this must be from C and can be trusted.

Problems? If everyone must contact C before the session begins, can C still handle it? Note that the RSA algorithm involves multiplications of large numbers and is slow.

Solution In fact, C does not have to answer the reply in real time. He can send Bob a “certificate” like: D_skC[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is Later, when Bob wants to prove he is indeed Bob, he can just present this to Alice. Actually, it is D_skC{SHA_1[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his is and C is called Certificate Authority (CA).

Optimizations Still, signing all these certificates is too much for a single machine. There is PKI (Public Key Infrastructure) as a tree. You have a root, Regional Authorities, and CAs. A node certifies the nodes under it by signing. Chain of trust.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.