1 / 46

CS 458/658 [591 i1] Network Security

CS 458/658 [591 i1] Network Security. Gene Itkis. Network Security. Overview. Basic scenario. Alice. Eve. Bob. Simplified Scenario. Network: Internet intranet LAN WAN …. How to protect? Encrypt Key agreement Authenticate. Issues: Protocols Protection (crypto)

bettyv
Télécharger la présentation

CS 458/658 [591 i1] Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 458/658 [591 i1]Network Security Gene Itkis Gene Itkis: BU CAS 591(458) - Network Security

  2. Network Security Overview Gene Itkis: BU CAS 591(458) - Network Security

  3. Basic scenario Gene Itkis: BU CAS 591(458) - Network Security

  4. Alice Eve Bob Simplified Scenario • Network: • Internet • intranet • LAN • WAN • … • How to protect? • Encrypt • Key agreement • Authenticate • Issues: • Protocols • Protection (crypto) • A solution: SSL/TLS Gene Itkis: BU CAS 591(458) - Network Security

  5. How to protect? Gene Itkis: BU CAS 591(458) - Network Security

  6. CryptoLandscape overview Gene Itkis: BU CAS 591(458) - Network Security

  7. Definitions and Concepts Gene Itkis: BU CAS 591(458) - Network Security

  8. What is Cryptography? • It all started with • Encryption/Decryption -plaintext “attack at midnight” - ciphertext “buubdl bu njeojhiu” Gene Itkis: BU CAS 591(458) - Network Security

  9. bla-bla bla-bla Encryption / Decryption (cont.) Shared Key ciphertext msg decoder (ciphertext in - plaintext out) encoder (plaintext in - ciphertext out) cmb-cmb eavesdropper (should understand nothingabout the msg) Gene Itkis: BU CAS 591(458) - Network Security

  10. Crypto tools • Encryption/decryption – to hide info • Key exchange - to establish shared key • Authentication – to establish shared key with the party you really meant to • public • private • Signatures • Hashing • Certificates, PKI Gene Itkis: BU CAS 591(458) - Network Security

  11. Alice Bob Adversary types • Alice and Bob want to communicate in presence of adversaries • Adversaries: • Passive – just looking • Active – may change msgs Gene Itkis: BU CAS 591(458) - Network Security

  12. Alice Bob Key exchange: man-in-the-middle • Key exchange without Authentication • Subject to Man-in-the-Middle attack • Attacker translates between the keys, reading and/or modifying the messages • Authentication afterwards will not help! Shared w/Alice Shared w/Bob Gene Itkis: BU CAS 591(458) - Network Security

  13. Alice Bob Authentication M • Alice sends a msg M to Bob • Bob wants to be sure M is really from Alice Gene Itkis: BU CAS 591(458) - Network Security

  14. Alice Bob Verify(M, SigM, …) Signatures (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security

  15. Alice Bob Authentication:“public” • checks • contracts • … Gene Itkis: BU CAS 591(458) - Network Security

  16. Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Public Key Signatures PAlice • Public Key • Secret Key Verify(M, SigM, PAlice ) Problem: How to authenticatePAlice? Gene Itkis: BU CAS 591(458) - Network Security

  17. PAlice CA Certificates Alice Charlie, CA PAlice • “This public key PAlice really belongs to Alice. Signed byCharlie, Certification Authority” • Certificates can be public! • Who’s Charlie?!? SAlice • Public Key • Secret Key Gene Itkis: BU CAS 591(458) - Network Security

  18. Public Key Infrastructures (PKI) • Root CA public key • Obtained out-of-band • Certifies other Public Keys (of CAs, or users) • Certification Chains • Grain of salt: so, you have a certificate… • To be continued… Gene Itkis: BU CAS 591(458) - Network Security

  19. Alice Bob Verify(M, SigM, …) Back to Signatures = (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security

  20. Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Authentication: “private” Message Authentication Code (MAC) Sign(M, SAlice )=Hash(M, SAlice ) SAlice Verify(M, SigM, SAlice ) : Check SigM= Sign(M, SAlice ) MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify) Gene Itkis: BU CAS 591(458) - Network Security

  21. Hashing Hash y x1 Crypto Hash: collisions may exist, but arehard to find • Given y hard to find x, s.t. Hash(x)=y Used for: • Symmetric signatures • “Fingerprint” for Public Key signatures collision x2 Gene Itkis: BU CAS 591(458) - Network Security

  22. Alice Bob Another setting Gene Itkis: BU CAS 591(458) - Network Security

  23. Dynamics • Secrets get stolen/exposed • Limit (or even avoid) the damage • Recover • Revoke • etc. • Some approaches • Secret sharing & distributed computation • Forward-security, intrusion-resilience, … • Threshold, proactive crypto Gene Itkis: BU CAS 591(458) - Network Security

  24. Details and constructions Gene Itkis: BU CAS 591(458) - Network Security

  25. Outline • Block vs. Stream ciphers • Symmetrical vs. Asymmetrical (public key) • Tool: Pseudo-Random Number Generators • Complexity (what is hard?) • Public Key Crypto • Diffie-Hellman • Rabin’s encryption • RSA Gene Itkis: BU CAS 591(458) - Network Security

  26. Block vs. Stream Ciphers Cipher= Encoder; or Encryption/Decryption scheme Streamcipher encodes/decodes char by char Blockcipher encodes/decodes block by block Stream cipher ~ Block cipher with block size of 1 char (+state) Chaining (Modes of Operation) – • make block encryption depend on the past blocks • “make block ciphers more like stream ciphers” Gene Itkis: BU CAS 591(458) - Network Security

  27. Symmetric & Asymmetric schemes • Symmetric: • decryption as easy as encryption(and vice versa) i.e. if you can encrypt then you can decrypt (and vice versa) (DES, AES/Rijndael are symmetric block ciphers) • Asymmetric: • may not be able to decrypt even if can encrypt (and vice versa) e.g. RSA Gene Itkis: BU CAS 591(458) - Network Security

  28. Symmetric cipher - example Caesar's cipher • the letters of the alphabet are shifted (*) e.g. “a” is replaced with “b”, “b” with “c”, etc. so msg “attack at midnight” is encrypted as “buubdl bu njeojhiu” (*)the shift can be by one (as in our example) or more encryption and decryption are equally easy (too easy, in fact) Gene Itkis: BU CAS 591(458) - Network Security

  29. One-time pad For each character of the future msg indicate the shift: pad(key)  msg (plaintext) ciphertext (encrypted msg) Gene Itkis: BU CAS 591(458) - Network Security

  30. One-time random pad (cont.) • Symmetric • Pad is selected at random • Perfectly secure, but... • One time only so sending the pad is just as hard as sending the msg Gene Itkis: BU CAS 591(458) - Network Security

  31. PRBS (long) 1010010110.... 01101 seed (short) Pseudo-random pad Pseudo-random bit string (PRBS) generator: PRBS= Hard to guess a bit (after seeing many others) Gene Itkis: BU CAS 591(458) - Network Security

  32. Complexity: what is “hard”? measure hardness in terms of size of input easy = polynomial; hard = exponential • Easy problems: • Finding max of n numbers - O(n) • Sortingn elements - O(n lg n) • Hard problems: • Factoring N=pq (n bits long) current best (?) Gene Itkis: BU CAS 591(458) - Network Security

  33. Other hard problems Let N=pq, where p,q are large primes • Square root mod N • given x,N find y= modN, i.e. y2=xmodN (equivalent to factoring N) • Discrete log • given b,N and x, find y = How hard are these problems really? • One-way functions: easy to compute hard to invert • Trap-door: a secret making inverting a owf easy Gene Itkis: BU CAS 591(458) - Network Security

  34. Public-Key Crypto • Key exchange -Diffie-Hellman • PK Encryption -Rabin, RSA • e-Signatures -Rabin, RSA;ElGamal (a la DH); DSA; Fiat-Shamir Gene Itkis: BU CAS 591(458) - Network Security

  35. Diffie-Hellman: key exchange p, g Bob Alice a b mb gbmod p ma gamod p ma mb mabmod p mbamod p = gabmod p = shared secret key! Gene Itkis: BU CAS 591(458) - Network Security

  36. Rabin’s scheme • to encrypt msg m simply square it mod N=pq • if p,q (such that pq=N) are known, then decryption (finding m given x) is easy (using Chinese Reminder Theorem) mod N ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security

  37. RSA Let N=pq, and find e,d such that • Encryption: • Decryption: ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security

  38. Public Key Cryptography • Encryption and Decryption are different • i.e. use different keys (asymmetric): • RSA • Public: N,e(needed to encrypt) • Private: N,d(needed to decrypt, can be computed from p,q) • Rabin’s • Public: N • Private: p,q Gene Itkis: BU CAS 591(458) - Network Security

  39. Identification, Authentication, Signature schemes • Signatures=SI(m) of a msg m • only I can sign, i.e. computes, forIandm • given s,I, and m,everyone can verify that s=SI(m) • Message Authentication • like Signature, but only the receiver of the msg is required to be able to verify it • Identification • only I can prove that he is I Gene Itkis: BU CAS 591(458) - Network Security

  40. Identification, Authentication, Signature schemes (cont.) • Signaturecan be used for Authentication • Signature and Authentication can be used for Identification • useinteraction: • two players • Prover P - e.g. user, who wants to prove that he is I • Verifier V - e.g. wants to verify that Pis reallyI Gene Itkis: BU CAS 591(458) - Network Security

  41. Identification (cont.) • must consider all the scenarios: • both P and V are honest • both P and V are dishonest • V is honest but P is dishonest • Pis honest, but V is dishonest note: an eavesdropper (observer) should learn little from witnessing the P-V dialog • usual password scheme - bad! Gene Itkis: BU CAS 591(458) - Network Security

  42. Fiat-Shamir Identification scheme(simplified) LetN=pq, wherep,qare large primes; usingp,q,computes, suchthats2 I = 1 (mod N) public (P,V have): N(and I) private (only I has): s also, production center has p,q Gene Itkis: BU CAS 591(458) - Network Security

  43. Fiat-Shamir (cont.) P (user) V (e.g., system) N,I, s N pick random r; set x=r2 mod N I,x query= 0 1 check: r2=x mod N (rs)2I=x mod N r rs modN Gene Itkis: BU CAS 591(458) - Network Security

  44. Fiat-Shamir (cont.) • Proof (of P knowing s) • after k rounds the probability of mistake (i.e. P cheating without being caught) is (1/2)k • Zero-Knowledge • if query is known in advance: • for query=0, select r, and x=r2 mod N • for query=1, select z, and x=z2I mod N (z “pretends” to be rs mod N) Gene Itkis: BU CAS 591(458) - Network Security

  45. Security of Fiat-Shamir Relies on • hardness of factoring: • an algorithm “cracking” Fiat-Shamir yields an algorithm for factoring N • randomness: • of r for Zero-Knowledge • of query - to prevent P from cheating Gene Itkis: BU CAS 591(458) - Network Security

  46. Identification and Signatures • Identification scheme can be turned into Signature: • Replace Verifier with a hash function Gene Itkis: BU CAS 591(458) - Network Security

More Related