Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Network Entities: Friends and Enemies Routers Routers – exchange tables Email applications Email applications – exchange secure emails.

Published byAileen Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security Network Entities: Friends and Enemies Routers Routers – exchange tables Email applications Email applications – exchange secure emails."— Presentation transcript:

1 Network Security Network Entities: Friends and Enemies Routers Routers – exchange tables Email applications Email applications – exchange secure emails Client-server Client-server – establish secure transport connection  well-known in network security world  Bob, Alice want to communicate 'securely'  Trudy, the intruder may intercept, delete, add messages Insecure medium

2 What is network security? Secrecy: Secrecy: only sender, intended receiver should understand message contents – sender encrypts messages – receiver decrypts messages Authentication: Authentication: sender, receiver want to confirm identity of each other Message Integrity: Message Integrity: sender, receiver want to be sure message did not get altered (in transit), or get altered without detection 1 2 3 DESIRABLE PROPERTIES OF SECURE CONNECTION

3 What is network security? Availability and Access Control: communication can occur in the first place Denial-of-Service attacks – Prevent Denial-of-Service attacks (DoS) ensures network entities can gain access to resources if they have access rights and perform accesses in a well-defined manner – Firewall – Firewall – controls access to and from the network by regulating which packet can pass into and out of the network 4 DESIRABLE PROPERTIES OF SECURE CONNECTION

4 Network Security Protect: network communication and network resources Detect: breaches of secure communication & attacks on infrastructure Respond: deployment of additional protection mechanisms 1 2 3 CYCLE IN ACHIEVING NETWORK SECURITY

5 Public Key Cryptography symmetric key crypto shared secret keyrequires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never met)? Typical problem in the Internet public key cryptography  radically different approach [Diffie-Hellman76, RSA78] do not share a secret key  sender, receiver do not share a secret key  encryption key is public (it is known to all)  decryption key private (known only to receiver) Is it possible to communicate with encryption without having a shared secret key known in advance?

6 Public key cryptography Figure 7.7 goes here

7 Public key encryption algorithms need d ( ) and e ( ) such that d (e (m)) = m B B B B.. need public and private keys d e for d ( ) and e ( ).. B B Two inter-related requirements: 1 2 RSA: RSA RSA: Rivest, Shamir, Adleman algorithm

8 RSA: Choosing keys pq 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) npqp q 2. Compute n = pq, z = (p -1)(q -1) een 3. Choose e (with e < n) that has no common factors with z. (e, z are 'relatively prime'). ded 4. Choose d such that ed -1 is exactly divisible by z. d (in other words: ed mod z = 1 ). n en d 5. Public key is (n, e). Private key is (n, d). In mathematics, a prime number (or a prime) is a natural number that has exactly two (distinct) natural number divisors, which are 1 and the prime number itself. The first 30 prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, and 113

9 Magic happens! RSA: Encryption, decryption n,en,d 0. Given (n,e) and (n,d) as computed above encrypt 1. To encrypt bit pattern, m, compute c = m mod n e n (i.e., remainder when m is divided by n) e decrypt 2. To decrypt received bit pattern, c, compute m = c mod n d n (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d

10 RSA example: pqnz Bob chooses p=5, q=7. Then n=35, z=24. e e=5 (so e, z relatively prime). d d=29 (so ed-1 exactly divisible by z) (equivalently, ed mod z = 1). letter m m e c = m mod n e l 12 248832 17 c m = c mod n d 17 - too big !! int 481968572106750915091411825223072000 - too big !! (int type) 12 c d letter l encrypt: decrypt: c d =

11 How to solve this problem: : break it into powers that are multiples of 2. C d =17 29 : break it into powers that are multiples of 2. 17 29 =17 16.17 8.17 4. 17 17 4 mod 35 = 11 ;hence, 17 4 mod 35 = 11 mod 35, So 11 can substitute 17 4, 17 8, and 17 16 in the expression: 17 29 mod 35 = 11 4. 11 2. 11. 17 mod 35 Also 11 2 mod 35 = 16 17 29 mod 35 = 16 2. 16. 11. 17 mod 35 This is equivalent to calculating x, y and z as follows: x = n 4 mod 35 y = x 2 mod 35 z = y 2 mod 35 m = z. y. x. c mod 35 (smaller !!) Alternatively: use a similar method to the one used in CRC. Remember that (c.c.c) mod n = (c.c) (c mod n) Remember that (c.c.c) mod n = (c.c) (c mod n) ….

12 How to solve this problem: : break it into powers that are multiples of 2. C d =17 29 : break it into powers that are multiples of 2. 17 29 =17 16.17 8.17 4. 17 17 4 mod 35 = 11 ;hence, 17 4 mod 35 = 11 mod 35, So 11 can substitute 17 4, 17 8, and 17 16 in the expression: 17 29 mod 35 = 11 4. 11 2. 11. 17 mod 35 Also 11 2 mod 35 = 17 17 29 mod 35 = 17 2. 17. 11. 17 mod 35 This is equivalent to calculating x, y and z as follows: x = n 4 mod 35 y = x 2 mod 35 z = y 2 mod 35 m = z. y. x. c mod 35 (smaller !!) Alternatively: use a similar method to the one used in CRC. Remember that (c.c.c) mod n = (c.c) (c mod n) Remember that (c.c.c) mod n = (c.c) (c mod n) ….

13 How to solve this problem: y = x e n Repeated Squaring: calculate y = x e mod n repeatSquare xen int repeatSquare ( int x, int e, int n) { y=1;//initialize y to 1, very important while (e > 0) { if (( e % 2 ) == 0) { x = (x*x) % n; e = e/2; } else { y = (x*y) % n; e = e-1; } return y; //the result is stored in y } Let’s see the program in action!

14 Real example of RSA keys n n = A9E167983F39D55FF2A093415EA6798985C8355D9A915BFB1D01DA197026170F BDA522D035856D7A986614415CCFB7B7083B09C991B81969376DF9651E7BD9A9 3324A37F3BBBAF460186363432CB07035952FC858B3104B8CC18081448E64F1C FB5D60C4E05C1F53D37F53D86901F105F87A70D1BE83C65F38CF1C2CAA6AA7EB e e =010001 d d = 67CD484C9A0D8F98C21B65FF22839C6DF0A6061DBCEDA7038894F21C6B0F8B35 DE0E827830CBE7BA6A56AD77C6EB517970790AA0F4FE45E0A9B2F419DA8798D6 308474E4FC596CC1C677DCA991D07C30A0A2C5085E217143FC0D073DF0FA6D14 9E4E63F01758791C4B981C3D3DB01BDFFA253BA3C02C9805F61009D887DB0319 This is the real thing! http://www.di-mgt.com.au/rsa_alg.html#realexample 1024-bitencryption key ( 1024-bit RSA encryption key (in hex format):

15 Sample Keys N=77 e = 7; d = 43; e = 13; d = 37; e = 17; d = 53; e = 19; d = 79;

16 Real example of RSA P P = 96130345313583504574191581280615427909309845594996215822583 150879647940 e e = 35535 d d = 58008302860037763936093661289677917594669062089650962180422 866111380593852 This is the real thing! Data Communications and Networking by B. Forouzan

17 RSA: Why: m = (m mod n) e mod n mod nd (m mod n) e mod n = m mod n d ed Number theory result Given: Number theory result: If p,q prime, n = pq, then x mod n = x mod n yy y mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) Recall: Z = (p-1)(q-1) d We choose a value for d so that: z ed-1 exactly divisible by z z (equivalently, ed mod z = 1).

18 RSA: how strong is it?? RSA Challenges: Prize offered to anyone who can break an RSA key of a certain size (See www.rsasecurity.com/rsalabs )www.rsasecurity.com/rsalabs US$200,000.00 for whoever solves a 2048 bits factorization problem. No one claimed the prize so far... ( no longer offered ) Last challenge solved: – RSA-576 $10,000 Factored in 2003 by J. Franke et al. – Using a powerful parallel machine and very clever algorithms Currently RSA-1024 is commonly used in practice RSA key's size matters, see next...

19 Common sense calculation: Brute force factorization P – Try all the prime number P that are smaller than the Key – When Key mod P = 0, then we have found the factors How long can it take depends on the RSA key size key of 200 bits Suppose we have a key of 200 bits and the factors are approximately of the same order of digits ~10 100 Each key will have ~10 100 trial divisions to do 1Gflops10 9 A 1Gflops machine could do 10 9 trials per second 10 9 machines Say we have 10 9 machines in a cluster (massively parallel mach.) ~10 8 seconds/year As we have only ~10 8 seconds/year, it would take – 10 74 years !!! Earth – Remember that the Earth is ~10 9 years old RSA: how strong is it??

20 RSA:how to implement it? A simplistic approach: Translate each byte to a decimal number Use the RSA algorithm for each character – Problem 1: – Problem 1: only a few possible numbers will be used e.g., 256 possible characters may be mapped into non-existing character if the key is large – Problem 2 – Problem 2: easy to break encryption due to language characteristics e.g., English uses double character such as 'll', 'rr' etc. A 'dictionary' attack could decrypt the message without ever finding the factorization In practice the string becomes a large binary number...

21 RSA: Applications -Very slow if the message is long -Useful for short messages (e.g. Small message digest) -Useful for sending a symmetric key to be used for a symmetric-key cryptosystem -In practice, RSA is used in digital signatures and authentication purposes

22 RSA IMPLEMENTATION TIPS

23 Client - Server CLIENT Uses the public key for encryption Encrypted message SERVER Uses its private key to decrypt the message Decrypted message clientWindows.cppserverWindows.cpp socket TCP (Transport Control Protocol) –requires connection establishment listen() - server uses the listen() function accept() - server uses the accept() function

24 Client - Server 1234 Server 1234 1234 Client 127.0.0.1 1234 You should run the server first, before running the client. You can test your client and server using the same machine by using the example run above. Sample run: Server’s Port number for listening Port: 1234 listening at Port 1234 CLIENT Uses the public key for encryption Encrypted message SERVER Uses its private key to decrypt the message Decrypted message clientWindows.cppserverWindows.cpp socket

25

26 Reading characters from stdin get string from stdin gets char* gets(char* send_buffer) stops reading characters when it encounters: new line character a new line character (not copied into send_buffer) a NULL-termination character (‘\0’) is automatically appended if an error occurs, a NULL pointer is returned strlen() – counts the number of characters excluding the NULL-character CLIENT A B C ‘\n’ ‘\0’ User entry from keyboard strlen()=3 ‘\0’ send_buffer 0 1 2 3 4 0 1 2 3 4 A B C

27 Define your own encryption, decryption keys n Keep in mind that the result of the encryption and decryption operations is bounded by the computed variable n. c = m mod n e ENCRYPTION: m = c mod n DECRYPTION: d p, q ? What are the values for p, q ? e.g. Try this: e = 17, n = 253, d = 13

28 Define your own encryption, decryption keys n Keep in mind that the result of the encryption and decryption operations is bounded by the computed variable n. c = m mod n e ENCRYPTION: m = c mod n DECRYPTION: d p, q ? What are the values for p, q ? nsize of your valid character set n affects the size of your valid character set. character mapping Therefore, you might want to perform some character mapping to suit the range of values returned by the encryption and decryption operations.

29 3 Sets of encryption, decryption keys n Keep in mind that the result of the encryption and decryption operations is bounded by the computed variable n. c = m mod n e ENCRYPTION: m = c mod n DECRYPTION: d p, q ? What are the values for p, q ? Note: Note: The assignment requires at least 3 sets of encryption and decryption keys.

30 Encryption Operation n Keep in mind that the result of the encryption and decryption operations is bounded by the computed variable n. User-defined Character Set c = m mod n e ENCRYPTION: m = c mod n DECRYPTION: d... space 199 # 255 ^... 253... 0 210 2 25 1... 100 a b 9 c 7 62 We would prefer indexes to be jumbled RSA The encryption algorithm will assign a new index number to any given character

31 Character Mapping User-defined Character Set... space 199 # 255 ^... 253... 0 210 2 25 1... 100 a b 9 c 7 62 RSA The encryption algorithm will assign a new index number to any given character character user- defined index number You should be able to map a character to its equivalent user- defined index number and vice-versa. client server Character-to-index mapping and vice-versa is required in both client and server applications. range

32 RSA Encryption Encryption is performed on the index of the character, and not on the character itself. Note that we are doing this to simplify the problem. CLIENT ‘\0’ send_buffer 0 1 2 3 4 A B C c = m mod n e ENCRYPTION: 101 61 200 User-definedmapping 22 244 17 RSA-encryptednumber User entry

33 RSA Encryption Therefore, we need to perform character mapping on the result of the encryption operation (new index number of the character). This is done character by character. CLIENT ‘\0’ send_buffer 0 1 2 3 4 A B C c = m mod n e ENCRYPTION: 101 61 200 User-definedmapping 22 244 17 RSA-encryptednumber ‘\r’ ‘\n’ send_buffer 0 1 2 3 4 $ ¥ § User-definedmapping User entry

34

35 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets

36 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets Send public key: e, and n

37 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets Send public key: e, and n Receive public key: e, and n Get user input Use public key to encrypt message.

38 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets Send public key: e, and n Receive public key: e, and n Get user input Use public key to encrypt message. Send encrypted message

39 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets Send public key: e, and n Receive public key: e, and n Get user input Use public key to encrypt message. Send encrypted message Receive encrypted message Check validity of characters Decrypt message

40 RSACLIENTSERVER Port1024 time Passive open Active open TCP connection to Port 1024 established Port1120 Determine which key set to use from predefined 3 key sets Send public key: e, and n Receive public key: e, and n Get user input Use public key to encrypt message. Send encrypted message Receive encrypted message Check validity of characters Decrypt message display original message display decrypted message

41

Download ppt "Network Security Network Entities: Friends and Enemies Routers Routers – exchange tables Email applications Email applications – exchange secure emails."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Similar presentations

Ads by Google