Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared."— Presentation transcript:

1 Network Security Review

2 Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared key Encrypt MAC Left out: non-repudiation, etc.

3 Shared Key Establishment “Trusted third party” Kerberos Tickets Public key methods SSL IPSEC “Out-of-band”

4 Public Key Crypto

5 Public Key techniques Diffie-Hellman RSA N=pq; ed  1 (mod  (N)) Public:e,N;Private:d,N Encrypt M: C  M e modN Decrypt C: M  C d modN Sign M: S  M d mod N Verify S: S e  M (modN) AliceBob ab p, g m a  g a mod pm b  g b mod p mama mbmb m b a mod pm a b mod p=g ab mod p= shared secret key! Discrete log: Given y,p,b Find x: b x mod p = y ? Factoring: Given N=pq Find p,q

6 Discrete log based schemes DH (key establishment) DSS/DSA (signatures) El-Gamal (signatures, encryption) Elliptic Curves Cryptography (ECC) Why modulus (p) is so large? Little-step/giant-step attack

7 Factoring based RSA Square Roots (=Factoring) Rabin (Encryption, Signature) Fiat-Shamir (ID scheme, Signature)

8 World mod N How many objects? |Z * N |=  (N); for all z  Z * N, z  (N) mod N=1 If N=pq, then  (N)= (p-1)(q-1) [ If N=p, then  (N)= p-1 ] Blum integers: N=pq, p  q  3 (mod 4) Then x (p+1)/4 mod p= y; y 2  x (p+1)/2  x (p-1)/2 x  ±x mod p

9 Chinese Remainder Theorem (CRT) Given y 2  x mod p; z 2  x mod q; N=pq; Find s: s 2  x mod N More generally: Given a,A, b,B; Find x: x  a mod A, x  b mod B Let u, v be s.t. uA  1 mod B, vB  1 modA Then x=uAb+vBa [indeed: x mod A = uAb+vBa = vBa = a; x mod B = uAb+vBa = uAb = b] How to find u,v?

10 Extended GCD Euclid’s GCD algorithm (greatest common divisor): gcd(a,b) = gcd( b, a mod b) =…= gcd(a’,b’)=c a’=ib’+c, …, ax+by=c If gcd(a,b)=1: ax  1 mod b

11 Summary (factoring-based) RSA Given p,q; Can compute  (N), for N=pq; With Extended gcd, can compute e, d  1/e mod  (N); gcd(e,  (N)) must be 1 Rabin Using Blum integers can compute SQRT mod p,q Using CRT can combine them to SQRT mod N

12 Prime number generation Why? How? Exhaustive search Too long Miller-Rabin Little Fermat’s Theorem (again) Prime Number Theorem #of primes between R and 2R is  R/lnR i.e. Prob[ random R is a prime ]  1/lnR

13 Efficiency for all Exponentiation: Repetitive Squaring b A mod N takes  1.5 lg A long multiplications Cost of multiplication  quadratic in length Optimization: mod N  (mod p) + (mod q) +CRT Watch out!

14 Attacks on factoring  (N), N => factoring (quadratic equation) Trick: obtain x, s.t. x  0 mod p, x mod q  0 gcd(x, N)=p SQRT modN => Factoring v  y 2 mod N; z  SQRT modN (v) If z  ±y, then x  y-z Computing (mod p) + (mod q) + CRT Random error mod p (or mod q) => factoring

15 Other Crypto Encryption Hashing MACs

16 Encryption One time pad Block cipher DES Feistel approach AES/Rijndael Modes of operation EBC, CFB, CBC, etc. Stream ciphers RC-4 Pseudo-random generators

17 Hashing Hashing algorithms MD-5 SHA Applications Digital signatures MAC

18 Systems Certificates SSL IPSEC Kerberos

19 Certificates X-509 CA’s Trust infrastructure Hierarchical X.509 Networks of Trust PGP

20 SSL TCP level secure channel Establish Shared Secret DH+Certificates [+signatures] RSA+Certificates [+signatures] Kerberos [TLS]  Do not confuse with Kerberos over SSL/TLS Encrypt & MAC Usually authenticates only server Client authentication possible Typical application: HTTPS

21 IPSEC IP level secure channel Similar tools to SSL Some traffic confidentiality Both ends authenticated Tunneling Typical application:VPN

22 Kerberos Key-Distribution Centers approach Trusted Third Party – another term Authentication Server Ticket Granting Servers Tickets Realms

23 Other topics Firewalls Non-repudiation SET

24 Final: Tuesday May 10 9-11am See you there! Best of Luck!!!

Download ppt "Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
L8. Reviews Rocky K. C. Chang, May 2011. Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
7. Asymmetric encryption-

7. Asymmetric encryption-
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Gene Itkis: BU CAS Network Security

Gene Itkis: BU CAS Network Security
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.

Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.

Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)

Mid-term Review Network Security. Secure channel SSL (and many others:incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be covered)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
15-349 Introduction to Computer and Network Security Iliano Cervesato 2 September 2008 – Public-key Encryption.

Introduction to Computer and Network Security Iliano Cervesato 2 September 2008 – Public-key Encryption.

Similar presentations

Ads by Google