Presentation is loading. Please wait.

Presentation is loading. Please wait.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

Published byAsher Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1."— Presentation transcript:

1 CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1

2 Discovering My Laptop’s IPv4 Address On Windows, use program ipconfig. On Mac or Linux, use ifconfig or ip. Only my wired ethernet interface has an IP address (152.3.136.127.) CPS 290Page 2

3 Resolving the name www.cs.duke.edu to an IP address On Windows, use nslookup. On Mac or Linux, use dig. The answer is provided by the authoritative name server duke.cs.duke.edu (152.3.140.1) www.cs.duke.edu is an alias for the canonical name (CNAME) sibyl.cs.duke.edu.cs.duke.edu The address for sibyl.cs.duke.edu is 152.3.140.31. CPS 290Page 3

4 Capturing and Examining Packets I begin to capture packets on my wired ethernet interface using the program called wireshark (for Windows, Mac, or Linux). I make a request to http://www.cs.duke.edu/~bmm through my browser. I enter the filter (ip.src == 152.3.136.127 || ip.dst == 152.3.136.127) && (ip.dst == 152.3.140.31 || ip.src == 152.3.140.31) to examine only packets between my machine and www.cs.duke.edu. CPS 290Page 4

5 TCP Three-Way Handshake First three packets show the TCP three-way handshake, SYN, SYN- ACK, ACK, which is used to establish a TCP connection. Note: The handshake makes it difficult to establish a TCP connection with a spoofed (forged) browser source address in the SYN packet: Server will send SYN-ACK to the spoofed address, which won’t reply with an ACK. Sender of spoofed SYN packet doesn’t receive the SYN-ACK, doesn’t know the correct sequence number to ACK. CPS 290Page 5 SYN SYN-ACK ACK

6 Browser Sends HTTP GET Request CPS 290Page 6

7 Server Responds with HTTP 301 Code CPS 290Page 7 The server didn’t like my request for http://www.cs.duke.edu/~bmm It wanted me to enter http://www.cs.duke.edu/~bmm/http://www.cs.duke.edu/~bmmhttp://www.cs.duke.edu/~bmm/ Criminy!

8 CPS 290Page 8 Basic Cryptography Definitions Private Key or Symmetric: Key 1 = Key 2 Public Key or Asymmetric: Key 1  Key 2 Key 1 or Key 2 is public depending on the protocol Encryption Decryption Key 1 Key 2 Cyphertext E key1 (M) = C D key2 (C) = M Original Plaintext Plaintext

9 CPS 290Page 9 What does it mean to be secure? Unconditionally Secure: Encrypted message cannot be decoded without the key Shannon showed in 1943 that key must be as long as the message to be unconditionally secure – this is based on information theory A one time pad – xor a random key with a message (Used in 2 nd world war) Security based on computational cost: it is computationally “infeasible” to decode a message without the key. E.g., there is no (probabilistic) polynomial time algorithm can decode the message.

10 CPS 290Page 10 Primitives: One-Way Functions (Informally): A function Y = f(x) is one-way if it is easy to compute y from x but “hard” to compute x from y Building block of most cryptographic protocols And, the security of most protocols rely on their existence. Unfortunately, not proved to exist, even if we assume P  NP.

11 CPS 290Page 11 One-way functions: possible definition 1.F(x) is polynomial time 2.F -1 (y) is NP-hard What is wrong with this definition? “F -1 (y) is NP-hard” is a statement only about worst-case complexity F -1 (y) may be NP-hard, but still easy to solve for most y Efforts to base cryptosystems on NP-hard problems have all failed. We don’t know how to generate difficult to solve instances.

12 CPS 290Page 12 One-way functions: better definition For almost all y no single PPT (probabilistic polynomial time) algorithm can compute x Roughly: at most a fraction 1/|x| k instances x are easy for any k and as |x| ->  This definition can be used to make the probability of hitting an easy instance arbitrarily small.

13 CPS 290Page 13 Some examples (conjectures) Factoring: x = (u,v) y = f(u,v) = u*v If u and v are prime it is hard to generate them from y. Discrete Log: y = g x mod p where p is prime and g is a “generator” (i.e., g 1, g 2, g 3, … generates all values < p). DES with fixed message: y = DES x (m) This would assume a family of DES functions of increasing key size (for asymptotics)

14 CPS 290Page 14 One-way functions in private-key protocols y = ciphertext m = plaintext k = key y = E k (m) = E(k,m) = E m (k) (i.e. f = E m ) Given y and m, should E m be a one-way function? In a known-plaintext attack we know a (y,m) pair. The m along with E defines f E m (k) needs to be easy (plug in k and compute) E m -1 (y) should be hard Otherwise we could extract the key k.

15 CPS 290Page 15 One-way functions in public-key protocols y = ciphertext m = plaintext k = public key Consider: y = E k (m) (i.e., f = E k ) We know k and thus f E k (m) needs to be easy E k -1 (y) should be hard Otherwise we could decrypt y. But what about the intended recipient, who should be able to decrypt y?

16 CPS 290Page 16 One-Way Trapdoor Functions A one-way function with a “trapdoor” The trapdoor is a key that makes it easy to invert the function y = f(x) Example: RSA (conjectured to be hard to invert without trapdoor) y = x e mod n Where n = pq (p, q are prime) p or q or d (where ed = 1 mod (p-1)(q-1)) can be used as trapdoors In public-key algorithms f(x) = public key (e.g., e and n in RSA) Trapdoor = private key (e.g., d in RSA)

17 CPS 290Page 17 One-way Hash Functions Y = h(x) where –y is a fixed length independent of the size of x. In general this means h is not invertible since it is many to one. –Calculating y from x is easy –Calculating any x such that y = h(x) give y is hard Used in digital signatures and other protocols.

18 CPS 290Page 18 Protocols: Digital Signatures Goals: 1.Convince recipient that message was actually sent by a trusted source 2.Do not allow repudiation, i.e., that’s not my signature. 3.Do not allow tampering with the message without invalidating the signature Item 2 turns out to be hard to do

19 CPS 290Page 19 Using Public Keys More Efficiently AliceBob D k1 (m) AliceBob D k1 (h(m)) + m K1 = Alice’s private key Bob decrypts it with her public key h(m) is a one-way hash of m

Download ppt "CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1."

Similar presentations

Public Key Cryptosystem

Public Key Cryptosystem
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott

Similar presentations

Ads by Google