1 / 48

EE 122: (More) Network Security

EE 122: (More) Network Security. November 5, 2003. EECS 122: Introduction to Computer Networks Network Security II. Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley, CA 94720-1776. Today’s Lecture: 20. 2.

harrison-barton
Télécharger la présentation

EE 122: (More) Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE 122: (More) Network Security November 5, 2003

  2. EECS 122: Introduction to Computer Networks Network Security II Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley, CA 94720-1776

  3. Today’s Lecture: 20 2 17,18 Application 19, 20 10,11 6 Transport 14, 15, 16 7, 8, 9 Network (IP) 21, 22, 23 Link Physical 25

  4. Security Requirements • Authentication • Ensures that the sender and the receiver are who they are claiming to be • Data integrity • Ensure that data is not changed from source to destination • Confidentiality • Ensures that data is red only by authorized users • Non-repudiation • Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture)

  5. Outline • Cryptographic Algorithms (Confidentiality and Integrity) • Authentication • System examples

  6. Cryptographic Algorithms • Security foundation: cryptographic algorithms • Secret key cryptography, Data Encryption Standard (DES) • Public key cryptography, RSA algorithm • Message digest, MD5

  7. Symmetric Key • Both the sender and the receiver use the same secret keys Plaintext Plaintext Internet Encrypt with secret key Decrypt with secret key Ciphertext

  8. Data Encryption Standard (DES) • DES encrypts a 64-bit block of plain text using a 64-bit key • Three phases • Permute the 64 bits in the block • Apply a given operation 16 times on the 64 bits • Permute the 64 bits using the inverse of the original permutation 1st phase IP(input) Round 1 . . . key 2nd phase Round 16 3rd phase IP-1(input)

  9. Initial Permutation (IP) • IP: bit 58 of input becomes 1st bit, it 50 becomes 2nd bit, etc 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 • IP-1: inverse of IP, e.g., IP(1) = 58, IP-1 (58) = 1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

  10. 2nd Phase: Operation In Each Round 0 63 • Key K is 64 bits • 16 rounds • Each round i select a 48 bit key Kifrom the original 64 bit key K. Perform (F is a given function): 63 32 31 0 Li-1 Ri-1 Ki F + Li Ri

  11. Encrypting Larger Messages • Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext Block1 Block2 Block3 Block4 IV + + + + DES DES DES DES Cipher1 Cipher2 Cipher3 Cipher4

  12. DES Properties • Provide confidentiality • No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search • To increase security use triple-DES, i.e., encrypt the message three times

  13. Public-Key Cryptography: RSA (Rivest, Shamir, and Adleman) • Sender uses a public key • Advertised to everyone • Receiver uses a private key Plaintext Plaintext Internet Encrypt with public key Decrypt with private key Ciphertext

  14. Generating Public and Private Keys • Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q • Chose encryption key e such that e and (p-1)*(q-1) are relatively prime • Compute decryption key d, where d = e-1mod ((p-1)*(q-1)) (equivalent to d*e = 1 mod ((p-1)*(q-1))) • Public key consist of pair (n, e) • Private key consists of pair (d, n)

  15. RSA Encryption and Decryption • Encryption of message block m: • c = memod n • Decryption of ciphertext c: • m = cd mod n

  16. Example (1/2) • Choose p = 7 and q = 11  n = p*q = 77 • Compute encryption key e: (p-1)*(q-1) = 6*10 = 60  chose e = 13 (13 and 60 are relatively prime numbers) • Compute decryption key d such that 13*d = 1 mod 60  d = 37 (37*13 = 481)

  17. Example (2/2) • n = 77; e = 13; d = 37 • Send message block m = 7 • Encryption: c = me mod n = 713 mod 77 = 35 • Decryption: m = cd mod n = 3537 mod 77 = 7

  18. RSA Proof Sketch (1/4) • mod properties. Suppose a = b mod k, and c = d mod k. Then 1) a + c = (b + d) mod k 2) a*c = (b*d) mod k

  19. RSA Proof Sketch (2/4) • Theorem: Assume a and d are relatively primes, (a, d) = 1. Then a*b = a*c mod d implies b = c mod d Proof: Since (a, d) = 1, there exists m and n such that a*m + d*n = 1  a*m = -d*n + 1  a*m = 1 mod d (1) Then, we have a*b = (a*c) mod d  (a*m*b) = (a*m*c) mod d  (using mod additive property) a = c mod d (from (1))

  20. RSA Proof Sketch (3/4) • Euler Theorem: Let Φ(d) be the number of numbers less than d relative prime to d, and suppose (a, d) = 1. Then aΦ(d) = 1 mod d. Proof: Let a1, a2, .., aΦ(d) by the prime numbers to a. Then for all i(ai, 1) = 1, (a, d) = 1, and (a*ai, d) = 1. Note that (a*ai mod d) are Φ(d) relatively prime numbers (< d) to d. Thus, lists a1, a2, …, aΦ(d)and (a*a1) mod n, (a*a2) mod n, …, (a*aΦ(d)) mod d, contain the same numbers! Using mod properties we have: (a*a1)*(a*a2)* .. *(a*aΦ(d)) = (a1*a2*… *aΦ(d)) mod d  aΦ(d) (a1*a2*… *aΦ(d)) = (a1*a2*… *aΦ(d)) mod d  (from prev. Theorem) aΦ(d) = 1 mod d

  21. RSA Proof Sketch (4/4) • Theorem: Suppose (1) p and q are primes, (2) n = pq, (3) e*d = 1 mod (p-1)(q-1), and (4) c = me mod n. Then m = cd mod n Proof: Assume m = 1 mod p and m = 1 mod q (Otherwise much longer proof) Since p and q are primes Φ(p) = p -1, Φ(q) = q -1, and Φ(p*q) = (p-1)*(q-1). Since m = 1 mod (p*q) = 1 mod n, from Euler Theorem mΦ(n) = 1 mod n  m(p-1)(q-1) = 1 mod pq ce mod n = m(e*d) mod n = c(k*(p-1)(q-1) + 1) mod pq = mk*(p-1)(q-1))* m mod pq  = m mod pq = m (since m < p*q)

  22. Properties • Confidentiality • A receiver A computes n, e, d, and sends out (n, e) • Everyone who wants to send a message to A uses (n, e) to encrypt it • How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A!) • Recall that d = e-1mod ((p-1)*(q-1)) • So to find d, you need to find primes factors p and q • This is provable very difficult

  23. Message Digest (MD) 5 • Can provide data integrity • Used to verify the authentication of a message • Idea: compute a hash on the message and send it along with the message • Receiver can apply the same hash function on the message and see whether the result coincides with the received hash

  24. MD 5 (cont’d) • Basic property: digest operation very hard to invert • In practice someone cannot alter the message without modifying the digest Plaintext corrupted msg Plaintext NO = digest’ Internet Digest (MD5) Digest (MD5) digest

  25. Message Digest Operation • Transformation contains complex operations (see textbook) Initial digest (constant) Message (padded) 512 bits 512 bits 512 bits Transformation Transformation . . . Transformation Message digest

  26. Outline • Cryptographic Algorithms (Confidentiality and Integrity) • Authentication • System examples

  27. Authentication • Goal: Make sure that the sender an receiver are the ones they claim to be • Two solutions based on secret key cryptography (e.g., DES) • Three-way handshaking • Trusted third party • One solution based on public key cryptography (e.g., RSA) • Public key authentication

  28. clientId, E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(SK,SHK) Simple Three-Way Handshaking client server • E(m,k) – encrypt message m with key k • D(m,k) – decrypt m with key k • CHK and SHK – client and server shared secrete keys • SK – session key used for data communication • This reduces the number of messages containing CHK and SHK • Question: how are CHK and SHK communicated in the first place?

  29. Trusted Third Party • Trust a third party entity, authentication server • Scenario: A wants to communicate with B • Assumption: both A and B share secrete keys with S: KA and KB • Notations: • T: timestamp (also serves the purpose of a random number) • L: lifetime of the session • K: session’s key

  30. A,B E((T,L,K,B),KA) E((T,L,K,A),KB) E((A,T),KA) E((T,L,K,A),KB) E(T+1,K) Trusted Third Party (cont’d) S A B

  31. E(x, PublicB) x Public Key Authentication • Based on public key cryptography • Each side need only to know the other side’s public key • No secrete key need to be shared • A encrypts a random number x and B proves that it knows x • A can authenticate itself to be in the same way A B

  32. Outline • Cryptographic Algorithms (Confidentiality and Integrity) • Authentication • System examples

  33. Public Key Infrastructure (PKI) • System managing public key distribution on a wide-scale • Trust distribution mechanism • Allow any arbitrary level of trust

  34. PKI Properties • Authentication  via Digital Certificates • Confidentiality  via Encryption • Integrity  via Digital Signatures • Non–Repudiation  via Digital Signatures

  35. Components of a PKI

  36. Digital Certificate • Signed data structure that binds an entity with its corresponding public key • Signed by a recognized and trusted authority, i.e., Certification Authority (CA) • Provide assurance that a particular public key belongs to a specific entity

  37. Certification Authority • People, processes responsible for creation, delivery and management of digital certificates • Organized in an hierarchy Root CA CA-1 CA-2

  38. Registration Authority • People, processes and/or tools that are responsible for • Authenticating the identity of new entities (users or computing devices) • Requiring certificates from CA’s.

  39. Certificate Repository • A database which is accessible to all users of a PKI, contains: • Digital certificates, • Certificate revocation information • Policy information

  40. private key public key Alice Alice private key public key Bob Bob Example • Alice generates her own key pair. • Bob generates his own key pair. • Both sent their public key to a CA and receive a digital certificate

  41. public key Bob private key Alice public key Alice private key Bob Example • Alice gets Bob’s public key from the CA • Bob gets Alice’s public key from the CA

  42. Alice use private key to sign: use public key cryptography to provide integrity Alice Private Alice Public Example Alice Bob Message Hash Hash Message ? Encryption Decryption = Hash

  43. Certificate Revocation • Process of publicly announcing that a certificate has been revoked and should no longer be used. • Approaches: • Use certificates that automatically time out • Use certificate revocation list • Use list that itemizes all revoked certificates in an on-line directory

  44. Pretty Good Privacy (PGP) • Provide • Authentication • Confidentiality • Application examples: file transfers, e-mail • Authentication weaker than PKI, but • Freely available • Not controlled by a government or standard organization

  45. PGP Services • Authentication  Digital signature; uses DSS/SHA or RSA/SHA • Confidentiality  Encryption, e.g., three-key triple DES or RSA • Also provides • Compression  Zip • E-mail compatibility  Radix-64 conversion • Segmentation

  46. PGP: Public Key Management • No rigid public key management scheme • Problem: how to get public key reliable • Possible solution: physically or by phone. Secure but unpractical • PGP solution: build a ”web of trust” • Assume you know several variably trusted users • Each of these indvidual can sign certificates for other users • Each signature has asociated a trust field indicating the level of trust in the certificate

  47. What do You Need To Know • Security requirements • Cryptographic algorithms • How does DES and RSA work (no proof for RSA) • Authentication algorithms • Public key management, digital certificates (high level)

More Related