1 / 16

Security and Privacy over the Internet

Security and Privacy over the Internet. Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998. Presentation Overview. Introduction Public-key cryptography: RSA Secret-key cryptography: DES The SSL protocol Open discussion. Introduction. Privacy

braden
Télécharger la présentation

Security and Privacy over the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998

  2. Presentation Overview • Introduction • Public-key cryptography: RSA • Secret-key cryptography: DES • The SSL protocol • Open discussion

  3. Introduction • Privacy • Keeping communication contents secret, known to a predetermined set of people, unknown to others • Security • A means to achieve privacy • An attempt against attacks like: eavesdropping, tampering, message replay • Tools: cryptography, secure protocol

  4. Some security attack scenarios Eavesdropping: Mary Peter “Let’s meet at 5pm, old place” Tom “hee hee…” Tampering: “Let’s meet at 5pm, old place” Peter Mary Tom “Let’s meet at 3pm, old place” Replaying: Peter Mary “Let’s meet at 3pm today” One day later: “Let’s meet at 3pm today” Tom

  5. Cryptography • Transformation of data into a secret form that is infeasible to read without knowledge of a shared secret (a key) • Achieve privacy by making information hidden to people who don’t know the key • Encryption key and decryption key may be the same (secret-key cryptography) or different (public-key cryptography) encryption Data Secret-form data decryption

  6. Private Key Cryptography • The same key is used for both encryption and decryption • One technique: block ciphers • transform fixed-length blocks of plain-text data into fixed-length blocks of cipher-text (secret-form) data • An example: DES (Data Encryption Standard) ... ... Plain-text block 1 Plain-text block 2 Plain-text block 3 Encrypt using key K Encrypt using key K Encrypt using key K ... Cipher-text block 1 Cipher-text block 2 Cipher-text block 3

  7. DES • Data Encryption Standard, also known as Data Encryption Algorithm (DEA) • Developed by IBM, refined by NBS • Block size of 64 bits, key size of 56 bits • 16 rounds of Feistel Ciphers: • Most widely used block ciphers, but being replaced by AES, Advanced Encryption Standard Plain-text block Round 1 Round 2 Round 16 Cipher-text block

  8. Private Key cryptography • Stream ciphers (e.g., RC4) • transform plain-text data into cipher-text data bit by bit, and vice versa • can be much faster than block ciphers, but less secure • Message Authentication Codes (MAC) • a checksum obtained by applying an authentication scheme (DES, RC4, etc.) and a secret key to a message • the recipient verifies the integrity of the message by calculating the MAC with the secret key again

  9. Public Key Cryptography • Encryption and decryption use different keys • A popular method: RSA • RSA key generation: • Find 2 large prime numbers p, q • Choose d relatively prime to z=(p-1)(q-1) • Find e such that e X d = 1 mod z • Let n = pq • Public key: (n, e); Private key: (n, d) • Encrypting message M: E(M) = Me mod n • Decrypting cipher-text c: D(c) = cd mod n

  10. RSA: An Example • Pick p = 5, q = 7, z = 24, n = 35 • Choose d = 5, relatively prime to z • 1 mod z = 1, 25, 49, 73, 97, 121, 145... • Pick e = 145 / d = 29 • Public key (35, 29); Private key (35, 5) • Encrypting message M = 10: E(M) = 1029 mod 35 = 5 • VERIFY: Decrypting cipher-text c = 5: D(c) = 55 mod 35 = 3125 mod 35 = 10 = M • In practice, much larger primes p, q are used • The security provided by RSA relies on the fact that it is computationally infeasible to factor a large number n to find out p, q, and hence z, e

  11. Digital Signatures, Certificates • Digital signature • The recipient verifies the signature by decrypting the signature with sender’s public key, and compares decrypted message with M • Certificate • A digitally signed public key • Used to verify a claimed-to-be public key of an entity Message M M encrypted with sender’s private key

  12. SSL Protocol • Secure Socket Layer, developed by Netscape Corporation • Aims to provide privacy and reliability between two communicating applications • Overview: Application 2 Application 1 (e.g., telnet, ftp) Application data protocol Application data protocol SSL handshake protocol SSL handshake protocol SSL record protocol SSL record protocol Reliable transport protocol (e.g., TCP)

  13. SSL Protocol • Record protocol • encapsulate higher level protocols • divide messages into blocks • compresses message blocks • applies MAC to message blocks • encrypts and transmits message blocks • SSL handshake protocol • allow the client to authenticate the server, and the server to authenticate the client • negotiate an encryption algorithm and key for application data transmission • Application data protocol • transmits data from applications to the record layer, which then sends the data securely

  14. SSL Handshake Protocol “Hello! I want to connect with you. I understand encryption algorithms like DES, RC4, IDEA, etc.…” CLIENT SERVER “Hello, then let’s use DES. This is my certificate with my public key on it. Please check. (Client verify server’s public key...) “Alright, I’ve generated a DES master key. Here I encrypt it with your public key and send it to you I’m finished..” (Server decrypts the DES key received from client…) Ok, I received your key. I’m finished. Data encrypted with the DES master key . . .

  15. SSL Protocol • How does it achieve privacy? • All data are encrypted during transmission, therefore, eavesdropping is useless unless the eavesdropper knows how to decrypt the message • Moreover, an attacker will not be able to tamper a message because he does not know how to encrypt it • A session-id is assigned by the server to each connection, so that an attacker cannot pretend the client later by replaying the message

  16. Summary • We introduced basic cryptographic techniques, DES and RSA, and their application in MAC, digital signatures and certificates • We introduced the SSL protocol developed by Netscape Corp. as a secure protocol for data transmission

More Related