Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapters 8 Network Security

Similar presentations


Presentation on theme: "Chapters 8 Network Security"— Presentation transcript:

1 Chapters 8 Network Security
Professor Rick Han University of Colorado at Boulder

2 Prof. Rick Han, University of Colorado at Boulder
Announcements Programming Assignment #3 due May 2 HW #4 handed back today, solutions on Web tonight In Chapter 8, read all sections. Need a volunteer for FCQ’s. Next, Network Security Prof. Rick Han, University of Colorado at Boulder

3 Recap of Previous Lecture
Samba/SMB Enables file-sharing between UNIX and Windows SMB is basis of Windows’ Network Neighborhood Originally built on top of NETBIOS, now directly above TCP/UDP Samba server on Linux emulates SMB protocol, enables Windows client to see Linux files Security Confidentiality Authentication Authorization Integrity Non-repudiation Availability Prof. Rick Han, University of Colorado at Boulder

4 Recap of Previous Lecture (2)
Cryptography Plaintext -> encryption -> ciphertext -> decryption -> plaintext Modern encryption algorithms use secret keys Algorithm itself can be known Cryptanalysis attacks: Brute force Cipher-text only Plaintext-only Chosen-plaintext Adaptive Chosen-plaintext = differential cryptanalysis Prof. Rick Han, University of Colorado at Boulder

5 Prof. Rick Han, University of Colorado at Boulder
Cryptography plaintext Encryption ciphertext Decryption plaintext Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published Encryption Decryption plaintext ciphertext Key KA Key KB Prof. Rick Han, University of Colorado at Boulder

6 Principles of Confusion and Diffusion
Encryption Decryption plaintext ciphertext Key KA Key KB Terms courtesy of Claude Shannon, father of Information Theory “Confusion” = Substitution a -> b Caesar cipher “Diffusion” = Transposition or Permutation abcd -> dacb DES Prof. Rick Han, University of Colorado at Boulder

7 Principles of Confusion and Diffusion (2)
“Confusion” : a classical Substitution Cipher Courtesy: Andreas Steffen Modern substitution ciphers take in N bits and substitute N bits using lookup table: called S-Boxes Prof. Rick Han, University of Colorado at Boulder

8 Principles of Confusion and Diffusion (3)
“Diffusion” : a classical Transposition cipher Courtesy: Andreas Steffen modern Transposition ciphers take in N bits and permute using lookup table : called P-Boxes Prof. Rick Han, University of Colorado at Boulder

9 Symmetric-Key Cryptography
Encryption Decryption plaintext ciphertext Key KA Key KB=KA Secure Key Distribution Both sender and receiver keys are the same: KA=KB The keys must be kept secret and securely distributed – we’ll study this later Thus, also called “Secret Key Cryptography” Data Encryption Standard (DES) Prof. Rick Han, University of Colorado at Boulder

10 Symmetric-Key Cryptography (2)
DES 64-bit input is permuted 16 stages of identical operation differ in the 48-bit key extracted from 56-bit key - complex R2= R1 is encrypted with K1 and XOR’d with L1 L2=R1, … Final inverse permutation stage Prof. Rick Han, University of Colorado at Boulder

11 Symmetric-Key Cryptography (3)
Data Encryption Standard (DES) Encodes plaintext in 64-bit chunks using a 64-bit key (56 bits + 8 bits parity) Uses a combination of diffusion and confusion to achieve security Was cracked in 1997 Parallel attack – exhaustively search key space Triple-DES: put the output of DES back as input into DES again with a different key, loop again: 3*56 = 168 bit key Decryption in DES – it’s symmetric! Use KA again as input and then the same keys except in reverse order Advanced Encryption Standard (AES) successor Prof. Rick Han, University of Colorado at Boulder

12 Symmetric-Key Cryptography (4)
DES is an example of a block cipher Divide input bit stream into n-bit sections, encrypt only that section, no dependency/history between sections Courtesy: Andreas Steffen In a good block cipher, each output bit is a function of all n input bits and all k key bits Prof. Rick Han, University of Colorado at Boulder

13 Symmetric-Key Cryptography (5)
Electronic Code Book (ECB) mode for block ciphers of a long digital sequence Vulnerable to replay attacks: if an attacker thinks block C2 corresponds to $ amount, then substitute another Ck Attacker can also build a codebook of <Ck, guessed Pk> pairs Prof. Rick Han, University of Colorado at Boulder

14 Symmetric-Key Cryptography (6)
Cipher Block Chaining (CBC) mode for block ciphers Inhibits replay attacks and codebook building: identical input plaintext Pi =Pk won’t result in same output code due to memory-based chaining IV = Initialization Vector – use only once Prof. Rick Han, University of Colorado at Boulder

15 Symmetric-Key Cryptography (7)
Stream ciphers Rather than divide bit stream into discrete blocks, as block ciphers do, XOR each bit of your plaintext continuous stream with a bit from a pseudo-random sequence At receiver, use same symmetric key, XOR again to extract plaintext Prof. Rick Han, University of Colorado at Boulder

16 Symmetric-Key Cryptography (8)
RC4 stream cipher by Ron Rivest of RSA Data Security Inc. – used in b’s security Block ciphers vs. stream ciphers Stream ciphers work at bit-level and were originally implemented in hardware => fast! Block ciphers work at word-level and were originally implemented in software => not as fast Error in a stream cipher only affects one bit Error in a block cipher in CBC mode affects two blocks Distinction is blurring: Stream ciphers can be efficiently implemented in software Block ciphers getting faster Prof. Rick Han, University of Colorado at Boulder

17 Symmetric-Key Cryptography (9)
Symmetric key is propagated to both endpoints A & B via Diffie-Hellman key exchange algorithm A & B agree on a large prime modulus n, a “primitive element” g, and a one-way function f(x)=gx mod n n and g are publicly known A chooses a large random int a and sends B AA=ga mod n B chooses a large random int b and sends A BB= gb mod n A & B compute secret key S = gba mod n Since x=f-1(y) is difficult to compute, then observer who knows AA, BB, n, g and f will not be able to deduce the product ab and hence S is secure Prof. Rick Han, University of Colorado at Boulder

18 Public-Key Cryptography
Encryption Decryption plaintext ciphertext Key KPUBLIC Key KPRIVATE For more than 2000 years, from the time of Caesar up to the 1970s, encrypted communication required that both sides shared a common secret key Diffie and Hellman in 1976 invented asymmetric public key cryptography – elegant, revolutionary! No longer need both sides to share a secret key Can be used for authentication and digital signatures in addition to encryption! Prof. Rick Han, University of Colorado at Boulder

19 Public-Key Cryptography (2)
Encryption Decryption plaintext ciphertext Key KPUBLIC Key KPRIVATE Public Key Distribution Secure Key Host who wants data sent to it advertises a public encryption key Kpublic Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext, even though attacker knows the public key Kpublic and the encryption algorithm Prof. Rick Han, University of Colorado at Boulder

20 Public-Key Cryptography (3)
Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext Based on the difficulty of factoring the product of two prime #’s Example: RSA algorithm (Rivest, Shamir, Adleman) Choose 2 large prime #’s p and q n=p*q should be about 1024 bits long z=(p-1)*(q-1) Choose e<n with no common factors with z Find d such that (e*d) mod z = 1 Public key is (n,e), private key is (n,d) Message m is encrypted to c = me mod n Ciphertext c is decrypted m = cd mod n Prof. Rick Han, University of Colorado at Boulder

21 RSA example: A host chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. e c = m mod n e letter m m encrypt: “L” 12 17 c d m = c mod n d c letter decrypt: 17 12 “L” Prof. Rick Han, University of Colorado at Boulder

22 Public-Key Cryptography (4)
Provides security because: There are no known algorithms for quickly factoring n=p*q, the product of two large prime #’s If we could factor n into p and q, then it would be easy to break the algorithm: have n, p, q, e, then just iterate to find decryption key d. Incredibly useful property of public-key cryptography: m = cd mod n = (me)d mod n = (md)e mod n Thus, can swap the order in which the keys are used. Example: can use private key for encryption and a public key for decryption – will see how it is useful in authentication! Prof. Rick Han, University of Colorado at Boulder

23 Public-Key Cryptography (5)
Public-key cryptography is slow because of the exponentiation: m = cd mod n = (me)d mod n = (md)e mod n From kbps (1024-bit value for n) So, don’t use it for time-sensitive applications and/or use only for small amounts of data – we’ll see how SSL makes use of this A 512 bit number (155 decimals) was factored into two primes in 1999 using one Cray and 300 workstations 1024 bit keys still safe Prof. Rick Han, University of Colorado at Boulder

24 Authentication (1) Both sender and receiver need to verify the identity of the other party in a communication: Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? Trudy says “I am Alice” Prof. Rick Han, University of Colorado at Boulder

25 Prof. Rick Han, University of Colorado at Boulder
Authentication (2) Protocol ap2.0: Alice says “I am Alice” and sends her IP address along to “prove” it. Failure scenario?? Trudy says “I am Alice”, Alice’s IP address IP spoofing is easy. Some router’s don’t forward if IP src addr doesn’t match src LAN, but not all Prof. Rick Han, University of Colorado at Boulder

26 Prof. Rick Han, University of Colorado at Boulder
Authentication (3) Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario? Trudy says “I am Alice”, Alice’s password Telnet sents passwords in the clear Prof. Rick Han, University of Colorado at Boulder

27 Prof. Rick Han, University of Colorado at Boulder
Authentication (4) Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. I am Alice encrypt(password) Failure scenario? Trudy says “I am Alice”, Alice’s encrypted password Replay or playback attack: Trudy replays encrypted password without needing to know actual password Prof. Rick Han, University of Colorado at Boulder


Download ppt "Chapters 8 Network Security"

Similar presentations


Ads by Google