Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Tools Cryptography Basics

Published byAmberly Franklin Modified over 5 years ago

Similar presentations

Presentation on theme: "Network Tools Cryptography Basics"— Presentation transcript:

1 Network Tools Cryptography Basics
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290

2 Discovering My Laptop’s IPv4 Address
On Windows, use program ipconfig. On Mac or Linux, use ifconfig or ip. Only my wired ethernet interface has an IP address ( ) CPS 290

3 Resolving the name www.cs.duke.edu to an IP address
On Windows, use nslookup. On Mac or Linux, use dig. The answer is provided by the authoritative name server duke.cs.duke.edu ( ) is an alias for the canonical name (CNAME) sibyl.cs.duke.edu The address for sibyl.cs.duke.edu is CPS 290

4 Capturing and Examining Packets
I begin to capture packets on my wired ethernet interface using the program called wireshark (for Windows, Mac, or Linux). I make a request to through my browser. I enter the filter (ip.src == || ip.dst == ) && (ip.dst == || ip.src == ) to examine only packets between my machine and CPS 290

5 TCP Three-Way Handshake
SYN SYN-ACK ACK First three packets show the TCP three-way handshake, SYN, SYN-ACK, ACK, which is used to establish a TCP connection. Note: The handshake makes it difficult to establish a TCP connection with a spoofed (forged) browser source address in the SYN packet: Server will send SYN-ACK to the spoofed address, which won’t reply with an ACK. Sender of spoofed SYN packet doesn’t receive the SYN-ACK, doesn’t know the correct sequence number to ACK. Egress filtering: drop packets with non-local source addresses as they leave a network

6 Browser Sends HTTP GET Request
CPS 290

7 Server Responds with HTTP 301 Code
The server didn’t like my request for It wanted me to enter Criminy! CPS 290

8 Basic Cryptography Definitions
Encryption Decryption Key1 Key2 Cyphertext C C = Ekey1(M) M = Dkey2(C) Original Plaintext M Plaintext M Symmetric: Key1 = Key2 Asymmetric: Key1  Key2 Key1 or Key2 may be public depending on the protocol

9 Private Key Cryptosystems
Encryption Decryption Key1 Cyphertext C C =EKey1(M) M = DKey1(C) Original Plaintext M Plaintext M Example: two parties share Key1 in advance, use it for both encryption and decryption.

10 Public Key Cryptosystems
Introduced by Diffie and Hellman in 1976. Plaintext M Public Key systems K1 = public key K2 = private key K1 Encryption C=EK1(M) Cyphertext C Digital signatures K1 = private key K2 = public key K2 Decryption M=DK2(C) Original Plaintext M Typically used as part of a more complicated protocol.

11 What does it mean to be secure?
Unconditionally Secure: Encrypted message cannot be decoded without the key Shannon showed in 1943 that key must be as long as the message to be unconditionally secure – this is based on information theory A one time pad – xor a random key with a message (Used in 2nd world war) Security based on computational cost: it is computationally “infeasible” to decode a message without the key. E.g., there is no (probabilistic) polynomial time algorithm can decode the message. CPS 290

12 Primitives: One-Way Functions
(Informally): A function y = f(x) is one-way if it is easy, given x, to compute f(x), but hard, given y, to find any x such that f(x)=y Note that f may not be strictly invertible, i.e., there may be more than one x such that f(x)=y Example: SHA-256 hash function* The security of most protocols rely on the existence of one-way functions. *Unfortunately, one-way functions have not been proved to exist, even if we assume P  NP. CPS 290

13 One-way functions: possible definition
f(x) is polynomial time f-1(y) is NP-hard What is wrong with this definition? “f-1(y) is NP-hard” is a statement only about worst-case complexity f-1(y) may be NP-hard, but still easy to solve for most y Efforts to base cryptosystems on NP-hard problems have all failed. We don’t know how to generate difficult to solve instances. CPS 290

14 One-way functions: better definition
For almost all y no single PPT (probabilistic polynomial time) algorithm can compute x Roughly: at most a fraction 1/|x|k instances x are easy for any k and as |x| ->  This definition can be used to make the probability of hitting an easy instance arbitrarily small. CPS 290

15 Some examples (conjectures)
Factoring: x = (u,v) y = f(u,v) = u*v If u and v are prime it is hard to generate them from y. Discrete Log: y = gx mod p where p is prime and g is a “generator” (i.e., g1, g2, g3, … generates all values < p). Factoring can be reduced to discrete log and vice versa. CPS 290

16 One-way functions in private-key protocols
y = ciphertext m = plaintext k = key y = Ek(m) Given y, it should be hard to find m (Ek should be one-way) Rewrite the function: y = Ek(m) = E(k,m) = Em(k) Given y and m, it better also be hard to find k! I.e., Em should also be a one-way function. In a known-plaintext attack we know one or more (y,m) pairs, and try to extract the key k. CPS 290

17 Cryptanalytic Attacks
C = ciphertext messages M = plaintext messages Ciphertext Only:Attacker has multiple Cs but does not know the corresponding Ms Known Plaintext: Attacker knows some number of (C,M) pairs. Chosen Plaintext: Attacker chooses M and is given C. Chosen Ciphertext: Attacker chooses C and is given M. 296.3

18 The Cast Alice – initiates a message or protocol
Bob - second participant Trent – trusted middleman Eve – eavesdropper Mallory – malicious active attacker Mallory Trent Alice Bob Eve

19 One-way functions in public-key protocols
y = ciphertext m = plaintext k = public key Consider: y = Ek(m) (i.e., f = Ek) We know k and thus f Ek(m) needs to be easy Ek-1(y) should be hard Otherwise we could decrypt y. But what about the intended recipient, who should be able to decrypt y? CPS 290

20 One-Way Trapdoor Functions
A one-way function with a “trapdoor” The trapdoor is a key that makes it easy to invert the function y = f(x) Example: RSA (conjectured to be hard to invert without trapdoor) y = xe mod n Where n = pq (p, q are prime) p or q or d (where ed = 1 mod (p-1)(q-1)) can be used as trapdoors In public-key algorithms f(x) = public key (e.g., e and n in RSA) Trapdoor = private key (e.g., d in RSA) CPS 290

21 One-way Hash Functions
Y = h(x) where y is a fixed length independent of the size of x. In general this means h is not invertible since it is many to one. Calculating y from x is easy Calculating any x such that y = h(x) give y is hard Used in digital signatures and other protocols. CPS 290

22 Protocols: Digital Signatures
Goals: Convince recipient that message was actually sent by a trusted source Do not allow tampering with the message without invalidating the signature CPS 290

23 Using Public Keys Alice Bob Dk1(m)+m K1 = Alice’s private key
Bob decrypts it with her public key More Efficiently Dk1(h(m)) + m Alice Bob h(m) is a one-way hash of m CPS 290

Download ppt "Network Tools Cryptography Basics"

Similar presentations

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
296.3:Algorithms in the Real World

296.3:Algorithms in the Real World
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.

Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography

Cryptography and Network Security Chapter 9 - Public-Key Cryptography

Similar presentations

Ads by Google