Presentation is loading. Please wait.

Presentation is loading. Please wait.

CPS 512 Distributed Systems

Published byCory Merritt Modified over 6 years ago

Similar presentations

Presentation on theme: "CPS 512 Distributed Systems"— Presentation transcript:

1 CPS 512 Distributed Systems
Network Tools Cryptography Basics CPS 512

2 Discovering My Laptop’s IPv4 Address
On Windows, use program ipconfig. On Mac or Linux, use ifconfig or “ip addr”. Only my wired ethernet interface has an IP address ( ) CPS 290

3 Resolving the name www.cs.duke.edu to an IP address
On Windows, use nslookup. On Mac or Linux, use dig. The answer is provided by the authoritative name server duke.cs.duke.edu ( ) sibyl.cs.duke.edu is an alias for the canonical name (CNAME) The address for sibyl.cs.duke.edu is CPS 290

4 Capturing and Examining Packets
I begin to capture packets on my wired ethernet interface using the program called wireshark (for Windows, Mac, or Linux). I make a request to through my browser. I enter the filter (ip.src == && ip.dst == ) || (ip.dst == && ip.src == ) to examine only packets between my machine and CPS 290

5 TCP Three-Way Handshake
SYN SYN-ACK ACK First three packets show the TCP three-way handshake, SYN, SYN-ACK, ACK, which is used to establish a TCP connection. Note: The handshake makes it difficult to establish a TCP connection with a spoofed (forged) browser source address in the SYN packet: Server will send SYN-ACK to the spoofed address, which won’t reply with an ACK. Sender of spoofed SYN packet doesn’t receive the SYN-ACK, doesn’t know the correct sequence number to ACK. CPS 290

6 Browser Sends HTTP GET Request
CPS 290

7 Server Responds with HTTP 301 Code
The server didn’t like my request for It wanted me to enter Criminy! CPS 290

8 Basic Cryptography Definitions
Encryption Decryption Key1 Key2 Cyphertext Ekey1(M) = C Dkey2(C) = M Original Plaintext Plaintext Private Key or Symmetric: Key1 = Key2 Public Key or Asymmetric: Key1  Key2 Key1 or Key2 is public depending on the protocol CPS 290

9 What does it mean to be secure?
Unconditionally Secure: Encrypted message cannot be decoded without the key Shannon showed in 1943 that key must be as long as the message to be unconditionally secure – this is based on information theory A one time pad – xor a random key with a message (Used in 2nd world war) Security based on computational cost: it is computationally “infeasible” to decode a message without the key. No (probabilistic) polynomial time algorithm can decode the message. CPS 290

10 Primitives: One-Way Functions
(Informally): A function Y = f(x) is one-way if it is easy to compute y from x but “hard” to compute x from y Building block of most cryptographic protocols And, the security of most protocols rely on their existence. Unfortunately, not known to exist. This is true even if we assume P  NP. CPS 290

11 One-way functions: possible definition
F(x) is polynomial time F-1(x) is NP-hard What is wrong with this definition? CPS 290

12 One-way functions: better definition
For most y no single PPT (probabilistic polynomial time) algorithm can compute x Roughly: at most a fraction 1/|x|k instances x are easy for any k and as |x| ->  This definition can be used to make the probability of hitting an easy instance arbitrarily small. CPS 290

13 Some examples (conjectures)
Factoring: x = (u,v) y = f(u,v) = u*v If u and v are prime it is hard to generate them from y. Discrete Log: y = gx mod p where p is prime and g is a “generator” (i.e., g1, g2, g3, … generates all values < p). DES with fixed message: y = DESx(m) This would assume a family of DES functions of increasing key size (for asymptotics) CPS 290

14 One-way functions in private-key protocols
y = ciphertext m = plaintext k = key Is y = Ek(m) (i.e. f = Ek) a one-way function with respect to y and m? What do one-way functions have to do with private-key protocols? CPS 290

15 One-way functions in private-key protocols
y = ciphertext m = plaintext k = key How about y = Ek(m) = E(k,m) = Em(k) (i.e. f = Em) should this be a one-way function? In a known-plaintext attack we know a (y,m) pair. The m along with E defines f Em(k) needs to be easy Em-1(y) should be hard Otherwise we could extract the key k. CPS 290

16 One-way functions in public-key protocols
y = ciphertext m = plaintext k = public key Consider: y = Ek(m) (i.e., f = Ek) We know k and thus f Ek(m) needs to be easy Ek-1(y) should be hard Otherwise we could decrypt y. But what about the intended recipient, who should be able to decrypt y? CPS 290

17 One-Way Trapdoor Functions
A one-way function with a “trapdoor” The trapdoor is a key that makes it easy to invert the function y = f(x) Example: RSA (conjecture) y = xe mod n Where n = pq (p, q are prime) p or q or d (where ed = 1 mod (p-1)(q-1)) can be used as trapdoors In public-key algorithms f(x) = public key (e.g., e and n in RSA) Trapdoor = private key (e.g., d in RSA) CPS 290

18 One-way Hash Functions
Y = h(x) where y is a fixed length independent of the size of x. In general this means h is not invertible since it is many to one. Calculating y from x is easy Calculating any x such that y = h(x) give y is hard Used in digital signatures and other protocols. CPS 290

19 Protocols: Digital Signatures
Goals: Convince recipient that message was actually sent by a trusted source Do not allow repudiation, i.e., that’s not my signature. Do not allow tampering with the message without invalidating the signature Item 2 turns out to be really hard to do CPS 290

20 Using Public Keys Alice Bob Dk1(m) K1 = Alice’s private key
Bob decrypts it with her public key More Efficiently Dk1(h(m)) + m Alice Bob h(m) is a one-way hash of m CPS 290

21 One-way trapdoor functions
Both Public-Key and Digital signatures make use of one-way trapdoor functions. Public Key: Encode: c = f(m) Decode: m = f-1(c) using trapdoor Digital Signatures: Sign: c = f-1(m) using trapdoor Verify: m = f(c) CPS 290

Download ppt "CPS 512 Distributed Systems"

Similar presentations

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
296.3:Algorithms in the Real World

296.3:Algorithms in the Real World
Public-Key Cryptography CS110 Fall 2002. Conventional Encryption.

Public-Key Cryptography CS110 Fall Conventional Encryption.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.

1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography

Cryptography and Network Security Chapter 9 - Public-Key Cryptography
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.

Similar presentations

Ads by Google