240 likes | 374 Vues
Security and Cryptography: basic aspects. Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee. Outline. What is network security? Principles of Cryptography Authentication Integrity. What is network security?.
E N D
Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee
Outline • What is network security? • Principles of Cryptography • Authentication • Integrity
What is network security? • Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message • Authentication: sender, receiver want to confirm identity of each other • Message Integrity and non-repudiation: sender, receiver want to ensure message not altered (in transit, or afterwards) • Access Control and Availability: services must be accessible and available to legitimate users (no DoS attacks)
Friends and foes: Alice, Bob, Trudy • Well-known fixtures in network security world • Bob, Alice want to communicate “securely” • Trudy (intruder) may intercept, delete, add messages Alice Bob data, control messages channel secure sender secure receiver data data Trudy
What can the “enemy” do ? Q: What can a “bad guy” do? A: a lot! • Eavesdrop: intercept messages • actively insert messages into connection • Impersonation: can fake (spoof) source address in packet (or any field in packet) • Hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place • Denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later ……
K K A B The language of cryptography • Symmetric key crypto: sender, receiver keys identical • Public-key crypto: encryption key public, decryption key secret (private) Alice’s encryption key Bob’s decryption key encryption algorithm decryption algorithm ciphertext plaintext plaintext
Symmetric key cryptography Symmetric key crypto: Bob and Alice share know same (symmetric) key: K • e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Substitution cipher: substituting one thing for another • monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq • Question:How hard is it to break this simple cipher?: - brute force (how hard?) - other?
Symmetric key crypto: DES DES: Data Encryption Standard • US encryption standard [NIST 1993- National Institute of Standard and Technology] • 56-bit symmetric key, 64-bit plaintext input • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months • no known “backdoor” decryption approach • making DES more secure: • use three keys sequentially (3-DES) on each datum • AES (Advanced Encryption Standard) – Next generation standard (NIST 2001)
DES operation – Substitution and Permutation Symmetric key crypto: DES Initial permutation 16 identical “rounds” of function application, each using different 48 bits of key Final permutation
Public Key Cryptography Symmetric key crypto • requires sender, receiver know shared secret key • Q: how to agree on key in first place (particularly if never “met”)? Public key cryptography • radically different approach [Diffie-Hellman76, RSA78] • Sender, receiver do not share secret key • publicencryption keyknown toall • private decryption key known only to receiver
Diffie-Hellman Key Generation • Uncovered an entire new approach to cryptography W. Diffie and M.E. Hellman's New Directions in Cryptography from IEEE transactions on Information Theory, IT 22:644-654, 1976. a,p: known numbers (p - prime number) A B (Y - private key) (X - private key) ay mod p aX mod p [ay mod p]x mod p = aXY mod p = [ax mod p]y mod p • x,y,a,p typically 1024 bits long • The Discreet Log problem: by knowing ax mod p, a and p, one can not obtain x
Diffie-Hellman Key Generation- using ECC Why use ECC? • We use 160 bits (instead of1024) and still get the same complexity • We use multiplications instead of exponentiation • All mathematical calculations are without carry Calculations take less time, less memory and less hardware P- a known point on the elliptic curve A B X- private key (scalar) y- private key (scalar) X x P Y x P (Y x P) x X= XY x P = (X x P) x Y The discreet Log problem: by knowing X x P and P, one can not know x
What is an Elliptic Curve? In GF(2m) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation : Example:
K (K (m)) = m B B - + 2 1 + K (m) B - + m = K (K (m)) B B Public Key Cryptography + Bob’s public key K B - Bob’s private key K B encryption algorithm decryption algorithm plaintext message plaintext message, m ciphertext Requirements: Given a public key it should be impossible to compute the private key
Public Key Cryptography - RSA + Bob’s public key K B - Bob’s private key K B RSA f(x) RSA f-1(x) plaintext message plaintext message, m ciphertext f(m) m=f-1(f(m)) Algorithm using a public key Algorithm using a private key
+ - K K B B RSA (Rivest-Shamir-Adelman): Choosing Keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1). 5.Public key is (n,e).Private key is (n,d).
d m = c mod n e (i.e., remainder when m is divided by n) d e m = (m mod n) mod n RSA: Encryption, decryption Given (n,e) and (n,d) as computed above: 1. To encrypt bit pattern, m (m<n), compute e c = m mod n 2. To decrypt received bit pattern, c, compute d (i.e., remainder when c is divided by n) Magic happens! c
e d ed (m mod n) mod n = m mod n ed mod (p-1)(q-1) 1 = m mod n = m (since m<n) = m mod n C – the encrypted message y y mod (p-1)(q-1) d e x mod n = x mod n (Fermat's Small Equation) m = (m mod n) mod n RSA: Why is that ? Useful number theory result: If p,q prime and n = pq, then: (using number theory result above) (since we choseed to be divisible by (p-1)(q-1) with remainder 1 )
Outline • What is network security? • Principles of Cryptography • Authentication • Integrity
- K (R) A + + K K A A - - + (K (R)) = R K (K (R)) = R A A A Authentication • There is a clear need to “prove” the identity of a sender • Insufficient options: • ID by IP # ? • Send secret password along with message ? • Choose a random number, R … “I am Alice” Bob computes R and knows only Alice could have the private key, that encrypted R such that “send me your public key”
Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) - - K (R) K (R) A T + + K K A T - - + + m = K (K (m)) m = K (K (m)) + + A T A T K (m) K (m) A T Man-in-the-middle Attack I am Alice I am Alice R R Send me your public key Send me your public key Trudy gets sends m to Alice encrypted with Alice’s public key
+ + digital signature (encrypt) K K B B K CA Certification Authorities • Question: How do you “prove” that a key is really your key ? • Solutions: Certification authority (CA) -binds public key to particular entity (for example: Bob). • Bob registers its public key with CA. • Bob provides “proof of identity” to CA. • CA creates certificate binding Bob to its public key. • certificate containing Bob’s public key digitally signed by CA – CA says “this is Bob’s public key” Bob’s public key CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information
+ + digital signature (decrypt) K K B B K CA Certification Authorities (cont.) • When Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key CA public key +