Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security – Special Topic on Skype Security.

Published byAmelia Perry Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security – Special Topic on Skype Security."— Presentation transcript:

1 Network Security – Special Topic on Skype Security

2 Is Skype Secure? Skype is used to call from one PC to another PC. Think about it, your conversation is carried by routers in the Internet. If someone owns a router logs everything, can he figure out what you just told your friend? The answer is, they cannot and Skype is secure. Actually governments are complaining about it because the police cannot eavesdrop the call.

3 All data is encrypted Everything the sender sends out will be encrypted by AES (Advanced Encryption Standard). So the encryption makes the data seen at the routers unreadable. In this sense, Skype is secure from one Skype end to the other Skype end.

4 Block Cipher AES is a Block Cipher, means that it maps a fixed-length (128 bits) input to a fixed-length (128 bits) output. Given the same input bits, the Block Cipher always returns the same output bits. So, it is a mapping from the input to the output. The decryption algorithm is just the reverse mapping.

5 The Key The AES algorithm is known to the world. So if you can use AES to encrypt your data, anyone will be able to use the AES to decrypt your data and you achieved nothing. So, you must make your encryption unique, even if you are using a well-known algorithm. How? By having a key. The key is unique to each session and the encryption result for one key is unique to other keys.

6 How AES works AES takes 128-bit input and turn it into 128-bit output with the help of a 128 bit key (or 192, or 256). (Skype uses 256 bit key) 1.The key is expanded into 11 sub-keys (K0, K1, …, K10.) 2.s = M xor K0. 3.Then the following is executed 10 rounds. 1.s = SBOX(s). 2.s = shift_row(s). 3.s = mix_col(s) [if not the last round] 4.s = s xor Ki. 4.Return s.

7 The S BOX simply maps the input to an output according to a predetermined mapping. The shift_row() does the following. Regard the 16-byte s as a 4 by 4 matrix. s0 s4 s8 s12 s1 s5 s9 s13 s2 s6 s10 s14 s3 s7 s11 s15 s0 s1 s2 s3 s5 s9 s13 s1 S10 s14 s2 s6 s15 s3 s7 s11 The mix_col does the following. ai is4 bytes. 02 02 01 01 01 02 03 01 01 02 02 03 03 01 01 02 a0 a1 a2 a3 = a0 a1 a2 a3

8 The Integer Counter Mode Skype does not encrypt the messages directly in this way. It xores the plaintext (message) with the output of AES when taking a counter as input. Just to run faster.

9 Problem solved? So, is the problem solved? No. How about the key? How can two Skype ends agree on the same key? Can one end send the key to the other end in plaintext?

10 The public/private key. Everyone has a public key and private key. With B’s public key (pkB) A can encode data that only B can decode with his private key (skB) because other people does not have B’s private key. D_skB[E_pkB(W)] = W E_pkB[D_skB(W)] = W

11 The public/private key So, A can choose a 128-bit string W as the session key and send E_pkB(W) to B. B runs the decryption algorithm to get D_skB[E_pkB(W)] = W. Skype actually asks two ends to both contribute 128 bits to make the 256-bit session key.

12 The RSA algorithm The RSA algorithm is used to get the public key/private key. 1.Choose two large primes, p and q. 2.Compute n=pq and z=(p-1)(q-1). 3.Choose a number relatively prime to z and call it d. 4.Find e such that ed = 1 mod z. (e,n) is the public key for encoding and (d,n) is the private key for decoding.

13 The RSA algorithm To encrypt a message M, C=M^e mod n. To decrypt from C, M = C^d mod n. You can verify (non-trivial!) that D_skB[E_pkB(M)] = M and E_pkB[D_skB(M)] = M.

14 Why is RSA secure? The problem is, given (d,n), can you figure out e? It is difficult. You can try to find p and q given n. If you indeed can, then you get z. Given z and d, you get e. But it is difficult to factor large numbers.

15 Problem solved? If someone calls you and claimed that he is Bob, how can you be sure he is indeed Bob before saying things confidential? Imagine that someone impersonates your spouse and ask you to tell her/him your bank password with Skype chat.

16 Authentication If someone claims he is A, how do you verify? He should present something to you which you can check and which he can have if and only if he is A. We can all think of certain things for our real friends, but does such thing exist in the electronic world?

17 The solution Recall that everyone has a public key and a private key. Suppose Alice and Bob knows each other’s public key. – If Alice wants to setup a session with Bob, she sends Bob a message E_pkB[Alice, R_a], meaning that I am Alice and I want to talk to you, where R_a is a number picked at random. – Bob replies E_pkA[R_a, R_b, K_s], where R_b is a number picked at random and K_s is the session key. – Alice replies AES_K_s[R_b]. (not exactly the same as Skype’s own protocol, but the idea is the same)

18 Explanations Message 2. When Alice gets E_pkA[R_a, R_b, K_s], she can decrypt it and can get R_a, R_b, K_s. When she sees R_a, she knows that this is the response she is waiting for and the sender must be Bob. Why? Because no one except Bob knows how to decode E_pkB[Alice, R_a] to get R_a and R_a is totally random and it is impossible for one to guess it right.

19 Explainations Message 3. When Bob gets AES_K_s[R_b], he can use K_s to decode it to get R_b. Then he knows that this must be the message he is waiting for and the one who sent the first message must be Alice. Why? Because no one except Alice knows how to decode E_pkA[R_a, R_b, K_s] to get R_b and K_s to get AES_K_s[R_b].

20 Is problem solved? How can Alice and Bob know each other’s public key? Can Alice send a message to Bob to ask him to send her pkB? No. Tom may intercept this message and return Alice a message with his key or some junk.

21 Solution? Ask someone with authority, say, C. – Alice asks C “can you tell me the public key of Bob?” – C replies “Here you are, pkB.” Will this work? No. Because how can Alice be sure that this message is from C and not from Tom?

22 Solution Because C is well-known, Alice remembers his public key. So when C sends Alice the reply, he “signs” it with his private key: D_skC(pkB, I am sending you the public key of Bob as you requested). When Alice gets this message, she knows that this must be from C and can be trusted.

23 Problems? If everyone must contact C before the session begins, can C still handle it? Note that the RSA algorithm involves multiplications of large numbers and is slow.

24 Solution In fact, C does not have to answer the reply in real time. He can send Bob a “certificate” like: D_skC[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his email is @@@@.] Later, when Bob wants to prove he is indeed Bob, he can just present this to Alice. Actually, it is D_skC{SHA_1[I hereby certificate that this key ############# belongs to Bob. Bob’s IP address is ****** and his email is @@@@.]} and C is called Certificate Authority (CA).

25 Optimizations Still, signing all these certificates is too much for a single machine. There is PKI (Public Key Infrastructure) as a tree. You have a root, Regional Authorities, and CAs. A node certifies the nodes under it by signing. Chain of trust.

Download ppt "Network Security – Special Topic on Skype Security."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Network Security understand principles of network security:

Network Security understand principles of network security:
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange

Similar presentations

Ads by Google