Presentation is loading. Please wait.

Presentation is loading. Please wait.

CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.

Published byKelly Price Modified over 8 years ago

Similar presentations

Presentation on theme: "CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private."— Presentation transcript:

1 CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private Key mechanism - RSA Digital Certificate DH algorithm

2 Confidentiality, Integrity and Authentication CN8816: Network Security 2 1. Symmetric Key Algorithm Encryption Confidentiality - Keeping information out of the hands of unauthorized users Technique: Data Encryption

3 Confidentiality, Integrity and Authentication CN8816: Network Security 3 1. Symmetric Key Algorithm Symmetric Key encryption encryption and decryption use the same key Data Encryption Standard (DES) - 1977 Advanced Encryption Standard (AES) - 2001 EncryptionDecryption Plain Text P Cipertext C Plain Text P Ks Same key

4 1. Symmetric Key Algorithm Electronic Codebook (ECB) Mode The plain text is divided into a number blocks with fixed size DES – block size = 64 bits AES – block size = 128 bits Each block is encrypted and decrypted independently Confidentiality, Integrity and Authentication CN8816: Network Security 4 B 1 B n B N Plain text with padding En Ks En Ks En Ks C1C1 CnCn CNCN …… ……

5 Confidentiality, Integrity and Authentication CN8816: Network Security 5 1. Symmetric Key Algorithm DES Algorithm Data is divided into 64-bit blocks Basic operation: F( ) + K N+1

6 Confidentiality, Integrity and Authentication CN8816: Network Security 6 1. Symmetric Key Algorithm Both encryption and decryption processes consist of 16 rounds of basic operation Encryption and decryption have the same structure Permutation Basic Operation 1 Basic Operation 16 Inverse Permutation LeftRight … Key Key expansion … k1/k16 k16/k1 Input Output

7 Confidentiality, Integrity and Authentication CN8816: Network Security 7 1. Symmetric Key Algorithm DES3 Cascading three DES blocks to support a longer key length Supports key lengths of 56, 112, and 168 DES Encryp. DES Decryp. DES Encryp. key1key2key3 plaintext ciphertext

8 Confidentiality, Integrity and Authentication CN8816: Network Security 8 1. Symmetric Key Algorithm Cipher block chaining (CBC) mode Initial Vector (IV)

9 Confidentiality, Integrity and Authentication CN8816: Network Security 9 1. Symmetric Key Algorithm AES Use the concept of multiplicative inversion P(x)*P -1 (x) = 1 Basic 8-bit multiplication operation: ( P(x) * Q(x) ) mod ( x 8 +x 4 +x 3 +x+1) x 8 +x 4 +x 3 +x+1 is an irreducible polynomial With the defined multiplication operation, all the 8-bit numbers, except zero, have their own inverses Example: the inverse of x 7 +x 3 +x 2 +1 is x, for (x 7 +x 3 +x 2 +1)*x mod ( x 8 +x 4 +x 3 +x+1) = 1

10 Confidentiality, Integrity and Authentication CN8816: Network Security 10 1. Symmetric Key Algorithm AES consists of N rounds of basic operation N= 10, 12, or 14 for the key size of 128, 192, or 256, respectively Basic Operation 1 Basic Operation N-1 … Key Key expansion … k1k1 K (N-1) Input Output + k0k0 Sub-byte and shift row KNKN

11 Confidentiality, Integrity and Authentication CN8816: Network Security 11 1. Symmetric Key Algorithm AES Basic operation

12 1. Symmetric Key Algorithm SubByte Processing From P i,j, find Inv(P i,j ) P i,j Inv(P i,j ) Mod (x 8 +x 4 +x 3 +x+1) = 1 Inv(P i,j ) is then multiplied with a fixed 8x8 binary matrix and then added with a fixed binary vector Confidentiality, Integrity and Authentication CN8816: Network Security 12 c 0 1 0 0 0 1 1 1 1 b 0 1 c 1 1 1 0 0 0 1 1 1 b 1 1 c 2 1 1 1 0 0 0 1 1 b 2 0 c 3 1 1 1 1 0 0 0 1 b 3 0 c 4 1 1 1 1 1 0 0 0 b 4 0 c 5 0 1 1 1 1 1 0 0 b 5 1 c 6 0 0 1 1 1 1 1 0 b 6 1 c 7 0 0 0 1 1 1 1 1 b 7 0 = + S i,j = B 1 Inv(P i,j ) + B 2

13 1. Symmetric Key Algorithm ShiftRow Confidentiality, Integrity and Authentication CN8816: Network Security 13 S 0,0 S 0,1 S 0,2 S 0,3 S 1,0 S 1,1 S 1,2 S 1,3 S 2,0 S 2,1 S 2,2 S 2,3 S 3,0 S 3,1 S 3,2 S 3,3 S 0,0 S 0,1 S 0,2 S 0,3 S 1,1 S 1,2 S 1,3 S 1,0 S 2,2 S 2,3 S 2,0 S 2,1 S 3,3 S 3,0 S 3,1 S 3,2 R0R0 R1R1 R2R2 R3R3 R 0 (x) = S 3,3 x 3 + S 2,2 x 2 + S 1,1 x + S 0,0 R 1 (x) = S 3,0 x 3 + S 2,3 x 2 + S 1,2 x + S 0,1 R 2 (x) = S 3,1 x 3 + S 2,0 x 2 + S 1,3 x + S 0,2 R 3 (x) = S 3,2 x 3 + S 2,1 x 2 + S 1,0 x + S 0,3

14 1. Symmetric Key Algorithm MaxColumns transform Z i = a(x) × R i (x) (mod) x 4 + 1 a(x) = {03}x 3 + {01}x 2 + {01}x + {02} Z i = A R i A = The product of the multiplication of the two coefficients is still limited to the finite field of 8 bits Applying modular operation with the modulus of x 8 + x 4 + x 3 + x + 1 Confidentiality, Integrity and Authentication CN8816: Network Security 14 02 03 01 01 01 02 03 01 01 01 02 03 03 01 01 02

15 1. Symmetric Key Algorithm AddRoundKey Transformation Confidentiality, Integrity and Authentication CN8816: Network Security 15 Z 0,0 Z 0,1 Z 0,2 Z 0,3 Z 1,0 Z 1,1 Z 1,2 Z 1,3 Z 2,0 Z 2,1 Z 2,2 Z 2,3 Z 3,0 Z 3,1 Z 3,2 Z 3,3 Xor K 0,0 K 0,1 K 0,2 K 0,3 K 1,0 K 1,1 K 1,2 K 1,3 K 2,0 K 2,1 K 2,2 K 2,3 K 3,0 K 3,1 K 3,2 K 3,3 Round Key E 0,0 E 0,1 E 0,2 E 0,3 E 1,0 E 1,1 E 1,2 E 1,3 E 2,0 E 2,1 E 2,2 E 2,3 E 3,0 E 3,1 E 3,2 E 3,3 Encrypted output

16 Confidentiality, Integrity and Authentication CN8816: Network Security 16 2. Data Integrity Message Digest The digest is the hash function of a message A small change of the message will completely change the hash value Data: 1001011010… Hash 01101110 Data: 1001010010… Hash 11011001

17 Confidentiality, Integrity and Authentication CN8816: Network Security 17 2. Data Integrity Hash algorithms MD-5: 512-bit block, 128-bit hash Secure Hash Algorithm (SHA) SHA-1: 512-bit block, 160-bit hash SHA-224: 512-bit block, 224-bit hash SHA-256: 512-bit block, 256-bit hash SHA-384: 1024-bit block, 385-bit hash SHA-512: 1024-bit block, 512-bit hash

18 Confidentiality, Integrity and Authentication CN8816: Network Security 18 2. Data Integrity SHA-512 Message Padding The padding includes the padding and length fields The length field holds the value of the message length The padding field contains the bit pattern 100…00 Message100…00 Length 128 Integer multiple of 1024-bit blocks Padding

19 Processing overview M 1 M 2 … M i … M N Confidentiality, Integrity and Authentication CN8816: Network Security 19 2. Data Integrity Expansion Hashing W 0 …W 79 a=H 0 (0) … h=H 7 (0) a=H 0 (1) … h=H 7 (1) a=H 0 (i-1) … h=H 7 (i-1) a=H 0 (N-1) … h=H 7 (N-1) W 0 …W 79 HASH H 0 (N)|| … ||H 7 (N)

20 Confidentiality, Integrity and Authentication CN8816: Network Security 20 2. Data Integrity Keyed Hashing for Message Authentication (HMAC) Provides data integrity between two security entities sharing the secret key Keyed hash = Hash(K+opad, Hash(K+ipad, text)) K = Concatenation(Key, (M-Key_size) of zeros) ipad = 00110110 (Ox36) repeated M times opad = 01011100 (Ox5C) repeated M times M = Hash function message block size (in bytes) The hash function can be either MD5 or SHA

21 Confidentiality, Integrity and Authentication CN8816: Network Security 21 3. Private/Public Key Mechanism Public/Private Key – RSA and ECC (Elliptic Curve Cryptography) Consists of a private key and a public key pair Public key can be known by the public

22 Confidentiality, Integrity and Authentication CN8816: Network Security 22 3. Private/Public Key Mechanism RSA algorithm: Select two large prime numbers, P and Q Select an odd number E such that E and (P-1)(Q-1) are relative prime Find a number D, which is the multiplicative inverse of E, such that DE modulo (P-1)(Q-1) = 1 Public key = (E, PQ) Private key = (D, PQ) Encrytion/Decryption: Cipher Text (C) = M E mod PQ Origin Text (M) = C D mod PQ = M ED mod PQ

23 RSAES-OAEP algorithm Provides integrity check to counter the chosen cipher attack 3. Private/Public Key Mechanism Confidentiality, Integrity and Authentication CN8816: Network Security 23 LHash hash padding Ox01 secret seed O + O + MGF Ox00 masked seed Masked Data BlockEncryption Public_key cipher text

24 Confidentiality, Integrity and Authentication CN8816: Network Security 24 3. Private/Public Key Mechanism Session Key Encryption Application Second message authenticates Bob Third message authenticates Alice 1. Eb(A, Na) 2. Ea(Na, Nb, Ks) 3. Ks(Nb) Eb = encryption using Bob’s public key Ea = encryption using Alice’s public key Ks = session key Data encrypted with Ks

25 Confidentiality, Integrity and Authentication CN8816: Network Security 25 3. Private/Public Key Mechanism Digital Signature Application Private/public key pair and hash function

26 Confidentiality, Integrity and Authentication CN8816: Network Security 26 3. Private/Public Key Mechanism A public key is used to verify the digital signature

27 Confidentiality, Integrity and Authentication CN8816: Network Security 27 3. Private/Public Key Mechanism Example: PGP (Pretty Good Privacy) 1. signed with the sender’s private key 2. encrypted with the session key 3. encrypted with the recipient’s public key 4. decrypted with the recipient’s private key 5. decrypted with the session key 6. verify the signature using the sender’s public key

28 Confidentiality, Integrity and Authentication CN8816: Network Security 28 4. Digital Certificate Digital Certificate provides a more scalable authentication approach The certificate is issued and signed by the certificate authority (CA) 1. Certificate request 2. Certificate Certificate Verification of the certificate

29 Confidentiality, Integrity and Authentication CN8816: Network Security 29 4. Digital Certificate Signing of the certificate

30 Confidentiality, Integrity and Authentication CN8816: Network Security 30 4. Digital Certificate Verification of the certificate Equal?

31 Confidentiality, Integrity and Authentication CN8816: Network Security 31 4. Digital Certificate CA Hierarchical structure the root CA delegates the certification authority to the intermediate CA

32 Public Key Infrastructure (PKI) To enable secure, convenient, and efficient acquisition of public keys using digital certificate PKI architecture model: User 4. Digital Certificate Confidentiality, Integrity and Authentication CN8816: Network Security 32 End entity CA CRL issuer CA Regist. Auth. Cert/CRL Repository Management Cert/CRL retrieval registration revocation cross certification CRL pub. Cert pub. Cert/CRL pub.

33 Confidentiality, Integrity and Authentication CN8816: Network Security 33 Diffie-Hellman Key Exchange Used to generate a common secret (symmetric) key 5. DH Algorithm Alice generates a large random number x Bob generates a large random number y g x mod n g y mod n key = g xy mod n

34 Confidentiality, Integrity and Authentication CN8816: Network Security 34 5. DH Algorithm DH exchange is susceptible to the man-in-the-middle attack Peers must require authentication Alice Bob Trudy g a mod n g a’ mod n g b mod n g b’ mod n g ab’ mod n g a’b mod n Trudy can intercept the messages exchanged between Alice and Bob

Download ppt "CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private."

Similar presentations

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 13 Message Signing

Lecture 13 Message Signing
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.

Similar presentations

Ads by Google