Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gene Itkis: BU CAS Network Security

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Gene Itkis: BU CAS Network Security"— Presentation transcript:

1 Gene Itkis: BU CAS 558 - Network Security
CS 558: Network Security Gene Itkis 4/16/2017 Gene Itkis: BU CAS Network Security

2 Gene Itkis: BU CAS 558 - Network Security
Overview 4/16/2017 Gene Itkis: BU CAS Network Security

3 Gene Itkis: BU CAS 558 - Network Security
Basic scenario 4/16/2017 Gene Itkis: BU CAS Network Security

4 Gene Itkis: BU CAS 558 - Network Security
Simplified Scenario Alice Network: Internet intranet LAN WAN Eve Bob How to protect? Encrypt Key agreement Authenticate Issues: Protocols Protection (crypto) A solution: SSL/TLS 4/16/2017 Gene Itkis: BU CAS Network Security

5 Gene Itkis: BU CAS 558 - Network Security
How to protect? 4/16/2017 Gene Itkis: BU CAS Network Security

6 Crypto Landscape overview
4/16/2017 Gene Itkis: BU CAS Network Security

7 Definitions and Concepts
4/16/2017 Gene Itkis: BU CAS Network Security

8 Gene Itkis: BU CAS 558 - Network Security
What is Cryptography? It all started with Encryption / Decryption - plaintext “attack at midnight” - ciphertext “buubdl bu njeojhiu” 4/16/2017 Gene Itkis: BU CAS Network Security

9 Encryption / Decryption (cont.)
bla-bla Shared Key ciphertext msg decoder (ciphertext in - plaintext out) encoder (plaintext in - ciphertext out) bla-bla cmb-cmb eavesdropper (should understand nothing about the msg) 4/16/2017 Gene Itkis: BU CAS Network Security

10 Gene Itkis: BU CAS 558 - Network Security
Crypto tools Encryption/decryption – to hide info Key exchange - to establish shared key Authentication – to establish shared key with the party you really meant to public private Signatures Hashing Certificates, PKI 4/16/2017 Gene Itkis: BU CAS Network Security

11 Gene Itkis: BU CAS 558 - Network Security
Adversary types Bob Alice Alice and Bob want to communicate in presence of adversaries Adversaries: Passive – just looking Active – may change msgs 4/16/2017 Gene Itkis: BU CAS Network Security

12 Key exchange: man-in-the-middle
Shared w/Alice Shared w/Bob Bob Alice Key exchange without Authentication Subject to Man-in-the-Middle attack Attacker translates between the keys, reading and/or modifying the messages Authentication afterwards will not help! 4/16/2017 Gene Itkis: BU CAS Network Security

13 Gene Itkis: BU CAS 558 - Network Security
Authentication Alice Bob M Alice sends a msg M to Bob Bob wants to be sure M is really from Alice 4/16/2017 Gene Itkis: BU CAS Network Security

14 Gene Itkis: BU CAS 558 - Network Security
Signatures Alice Bob (M, SigM) SAlice SigM= Sign(M, SAlice ) Verify(M, SigM, …) 4/16/2017 Gene Itkis: BU CAS Network Security

15 Authentication: “public”
Alice Bob checks contracts 4/16/2017 Gene Itkis: BU CAS Network Security

16 Gene Itkis: BU CAS 558 - Network Security
Public Key Signatures Alice Bob SAlice SigM= Sign(M, SAlice ) = (M, SigM) PAlice Public Key Secret Key Verify(M, SigM, PAlice ) Problem: How to authenticate PAlice ? 4/16/2017 Gene Itkis: BU CAS Network Security

17 Gene Itkis: BU CAS 558 - Network Security
Certificates Alice Charlie, CA PAlice SAlice PAlice CA Public Key Secret Key “This public key PAlice really belongs to Alice. Signed by Charlie, Certification Authority” Certificates can be public! Who’s Charlie?!? 4/16/2017 Gene Itkis: BU CAS Network Security

18 Public Key Infrastructures (PKI)
Root CA public key Obtained out-of-band Certifies other Public Keys (of CAs, or users) Certification Chains Grain of salt: so, you have a certificate… To be continued… 4/16/2017 Gene Itkis: BU CAS Network Security

19 Gene Itkis: BU CAS 558 - Network Security
Back to Signatures Alice = (M, SigM) Bob SAlice SigM= Sign(M, SAlice ) Verify(M, SigM, …) 4/16/2017 Gene Itkis: BU CAS Network Security

20 Authentication: “private”
Alice Bob SAlice SigM= Sign(M, SAlice ) = (M, SigM) Message Authentication Code (MAC) Sign(M, SAlice )=Hash(M, SAlice ) SAlice Verify(M, SigM, SAlice ) : Check SigM= Sign(M, SAlice ) MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify) 4/16/2017 Gene Itkis: BU CAS Network Security

21 collisions may exist, but
Hashing Hash x1 y x2 collision Crypto Hash: collisions may exist, but are hard to find Given y hard to find x, s.t. Hash(x)=y Used for: Symmetric signatures “Fingerprint” for Public Key signatures 4/16/2017 Gene Itkis: BU CAS Network Security

22 Gene Itkis: BU CAS 558 - Network Security
Another setting Alice Bob 4/16/2017 Gene Itkis: BU CAS Network Security

23 Gene Itkis: BU CAS 558 - Network Security
Dynamics Secrets get stolen/exposed Limit (or even avoid) the damage Recover Revoke etc. Some approaches Secret sharing & distributed computation Forward-security, intrusion-resilience, … Threshold, proactive crypto 4/16/2017 Gene Itkis: BU CAS Network Security

24 Gene Itkis: BU CAS 558 - Network Security
Real Life: e-thieves E-thieves (pirates/hackers) Recreational (do it “for fun” - e-hooligans) Professionals Defense Cost & time aspects Periodic renewals Multiple defense lines Obscurity vs. security (or security by obscurity) Recovery from security breaches 4/16/2017 Gene Itkis: BU CAS Network Security

25 Details and constructions
4/16/2017 Gene Itkis: BU CAS Network Security

26 Gene Itkis: BU CAS 558 - Network Security
Outline Block vs. Stream ciphers Symmetrical vs. Asymmetrical (public key) Tool: Pseudo-Random Number Generators Complexity (what is hard?) Public Key Crypto Diffie-Hellman Rabin’s encryption RSA 4/16/2017 Gene Itkis: BU CAS Network Security

27 Block vs. Stream Ciphers
Cipher = Encoder; or Encryption/Decryption scheme Stream cipher encodes/decodes char by char Block cipher encodes/decodes block by block Stream cipher ~ Block cipher with block size of 1 char (+state) Chaining (Modes of Operation) – make block encryption depend on the past blocks “make block ciphers more like stream ciphers” 4/16/2017 Gene Itkis: BU CAS Network Security

28 Symmetric & Asymmetric schemes
decryption as easy as encryption (and vice versa) i.e. if you can encrypt then you can decrypt (and vice versa) (DES, AES/Rijndael are symmetric block ciphers) Asymmetric: may not be able to decrypt even if can encrypt e.g. RSA 4/16/2017 Gene Itkis: BU CAS Network Security

29 Symmetric cipher - example
Caesar's cipher the letters of the alphabet are shifted (*) e.g. “a” is replaced with “b”, “b” with “c”, etc. so msg “attack at midnight” is encrypted as “buubdl bu njeojhiu” (*) the shift can be by one (as in our example) or more encryption and decryption are equally easy (too easy, in fact) 4/16/2017 Gene Itkis: BU CAS Network Security

30 Gene Itkis: BU CAS 558 - Network Security
One-time pad For each character of the future msg indicate the shift: pad (key) msg (plaintext) ciphertext (encrypted msg) 4/16/2017 Gene Itkis: BU CAS Network Security

31 One-time random pad (cont.)
Symmetric Pad is selected at random Perfectly secure, but... One time only so sending the pad is just as hard as sending the msg 4/16/2017 Gene Itkis: BU CAS Network Security

32 Gene Itkis: BU CAS 558 - Network Security
Pseudo-random pad Pseudo-random bit string (PRBS) generator: PRBS = Hard to guess a bit (after seeing many others) seed (short) PRBS (long) 01101 4/16/2017 Gene Itkis: BU CAS Network Security

33 Complexity: what is “hard”?
measure hardness in terms of size of input easy = polynomial; hard = exponential Easy problems: Finding max of n numbers - O(n) Sorting n elements - O(n lg n) Hard problems: Factoring N=pq (n bits long) current best (?) 4/16/2017 Gene Itkis: BU CAS Network Security

34 Gene Itkis: BU CAS 558 - Network Security
Other hard problems Let N=pq, where p,q are large primes Square root mod N given x,N find y= mod N, i.e. y2=x mod N (equivalent to factoring N) Discrete log given b,N and x, find y = How hard are these problems really? One-way functions: easy to compute hard to invert Trap-door: a secret making inverting a owf easy 4/16/2017 Gene Itkis: BU CAS Network Security

35 Gene Itkis: BU CAS 558 - Network Security
Public-Key Crypto Key exchange - Diffie-Hellman PK Encryption - Rabin, RSA e-Signatures - Rabin, RSA; ElGamal (a la DH); DSA; Fiat-Shamir 4/16/2017 Gene Itkis: BU CAS Network Security

36 Diffie-Hellman: key exchange
p, g Alice Bob a b mb gbmod p ma gamod p ma mb mbamod p mabmod p = gabmod p = shared secret key! 4/16/2017 Gene Itkis: BU CAS Network Security

37 Gene Itkis: BU CAS 558 - Network Security
Rabin’s scheme to encrypt msg m simply square it mod N=pq if p,q (such that pq=N) are known, then decryption (finding m given x) is easy (using Chinese Reminder Theorem) mod N plaintext ciphertext 4/16/2017 Gene Itkis: BU CAS Network Security

38 Gene Itkis: BU CAS 558 - Network Security
RSA Let N=pq, and find e,d such that Encryption: Decryption: plaintext ciphertext 4/16/2017 Gene Itkis: BU CAS Network Security

39 Public Key Cryptography
Encryption and Decryption are different i.e. use different keys (asymmetric): RSA Public: N,e (needed to encrypt) Private: N,d (needed to decrypt, can be computed from p,q) Rabin’s Public: N Private: p,q 4/16/2017 Gene Itkis: BU CAS Network Security

40 Identification, Authentication, Signature schemes
Signature s=SI(m) of a msg m only I can sign, i.e. compute s, for I and m given s,I, and m, everyone can verify that s=SI(m) Message Authentication like Signature, but only the receiver of the msg is required to be able to verify it Identification only I can prove that he is I 4/16/2017 Gene Itkis: BU CAS Network Security

41 Identification, Authentication, Signature schemes (cont.)
Signature can be used for Authentication Signature and Authentication can be used for Identification use interaction: two players Prover P - e.g. user, who wants to prove that he is I Verifier V - e.g. wants to verify that P is really I 4/16/2017 Gene Itkis: BU CAS Network Security

42 Identification (cont.)
must consider all the scenarios: both P and V are honest both P and V are dishonest V is honest but P is dishonest P is honest, but V is dishonest note: an eavesdropper (observer) should learn little from witnessing the P-V dialog usual password scheme - bad! 4/16/2017 Gene Itkis: BU CAS Network Security

43 Fiat-Shamir Identification scheme (simplified)
Let N=pq, where p,q are large primes; using p,q, compute s, such that s2 I = 1 (mod N) public (P,V have): N (and I) private (only I has): s also, production center has p,q 4/16/2017 Gene Itkis: BU CAS Network Security

44 Gene Itkis: BU CAS 558 - Network Security
Fiat-Shamir (cont.) P (user) V (e.g., system) N, I, s N pick random r; set x=r2 mod N I,x query = 0 1 check: r2=x mod N (rs)2I=x mod N r rs modN 4/16/2017 Gene Itkis: BU CAS Network Security

45 Gene Itkis: BU CAS 558 - Network Security
Fiat-Shamir (cont.) Proof (of P knowing s) after k rounds the probability of mistake (i.e. P cheating without being caught) is (1/2)k Zero-Knowledge if query is known in advance: for query=0, select r, and x=r2 mod N for query=1, select z, and x=z2I mod N (z “pretends” to be rs mod N) 4/16/2017 Gene Itkis: BU CAS Network Security

46 Security of Fiat-Shamir
Relies on hardness of factoring: an algorithm “cracking” Fiat-Shamir yields an algorithm for factoring N randomness: of r for Zero-Knowledge of query - to prevent P from cheating 4/16/2017 Gene Itkis: BU CAS Network Security

47 Identification and Signatures
Identification scheme can be turned into Signature: Replace Verifier with a hash function 4/16/2017 Gene Itkis: BU CAS Network Security

Download ppt "Gene Itkis: BU CAS Network Security"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
7. Asymmetric encryption-

7. Asymmetric encryption-
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.

Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.

Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)

Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

Similar presentations

Ads by Google