1 / 17

Communication Networks

Communication Networks. Recitation 11 Security. RSA: The problem. A wants to send B a message, but A and B cannot meet so cannot decide on a common key. RSA: The solution. B sends A a public key e B . The public key can be used to encrypt, but not to decrypt

cecile
Télécharger la présentation

Communication Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Communication Networks Recitation 11 Security Comnet 2010

  2. RSA: The problem • A wants to send B a message, but • A and B cannot meet so cannot decide on a common key Comnet 2010

  3. RSA: The solution • B sends A a public key eB. The public key can be used to encrypt, but not to decrypt • A encrypts the message m with the public key and sends eB(m) to B • B uses his own private key dB to decrypt: dB(eB(m))=m Comnet 2010

  4. RSA obtaining keys • Choose two large prime numbers p, q. • Compute n = pq  give to others. • Calculate z=(p-1)(q-1). Destroy p,q. • Choose 1<e<n that has no common factors with z give to others. • Compute d such that (de-1) is evenly divisible by z. Find an integer K which causes d = (Kz+ 1)/e to be integer, and use d  keep secret. Destroy z. Public key (n,e). Private key (n,d). Comnet 2010

  5. RSA example • p = 61, q = 53 • n = 3233 • z=3120 • 7, 11, 17 will do. We choose e=17. • d=2753: (3120K+1)/17 integer  K=15. Public key (3233,17).Private key (3233,2753). Comnet 2010

  6. RSA encryption/decryption • Encryption : c = memod n • Decryption : m = cdmod n Comnet 2010

  7. RSA encryption/decryption example • encrypt(m) = m17 mod 3233 • Encrpyt(123) = 12317 mod 3233 = 855 • decrypt(c) = c2753 mod 3233 • Decrpyt(855) = 8552753 mod 3233 = 123 Comnet 2010

  8. RSA with a pocket calculator • 2753 = 101011000001 base 2 • 2753 = 1 + 26 + 27 + 29 + 211 = 1 + 64 + 128 + 512 + 2048 8551 = 855 (mod 3233) 8552 = 367 (mod 3233) 8554 = 3672 (mod 3233) = 2136 (mod 3233) 8558 = 21362 (mod 3233) = 733 (mod 3233) 85516 = 7332 (mod 3233) = 611 (mod 3233) 85532 = 6112 (mod 3233) = 1526 (mod 3233) 85564 = 15262 (mod 3233) = 916 (mod 3233) 855128 = 9162 (mod 3233) = 1709 (mod 3233) 855256 = 17092 (mod 3233) = 1282 (mod 3233) 855512 = 12822 (mod 3233) = 1160 (mod 3233) 8551024 = 11602 (mod 3233) = 672 (mod 3233) 8552048 = 6722 (mod 3233) = 2197 (mod 3233) Comnet 2010

  9. 8552753 (mod 3233) = 855^(1 + 64 + 128 + 512 + 2048) (mod 3233) = 8551 * 85564 * 855128 * 855512 * 8552048 (mod 3233) = 855 * 916 * 1709 * 1160 * 2197 (mod 3233) = 794 * 1709 * 1160 * 2197 (mod 3233) = 2319 * 1160 * 2197 (mod 3233) = 184 * 2197 (mod 3233) = 123 (mod 3233) = 123 Comnet 2010

  10. RSA: Signatures • How can B know the message was from A? • A produces a hash H(m) • A encrypts with his private key dA(H(m)) and sends with m. • B produces H(m), decrypts dA(H(m)) with A’s public key eA :eA(dA(H(m)))=H(m)and compares them. Comnet 2010

  11. RSA Signature example • A wants to send “This is a very important message”. • p=5, q=7  n = 35, z = 24 • e = 5; d = 29 • Public key: (35, 5) Private key: (35, 29) • H(“This is a very important message”)=26 • 2629 mod 35 = 31 • A sends “This is a very important message”, 31 • B gets public key 5, 315 mod 35 = 26. • Compares to H(“This is a very important message”)=26 Comnet 2010

  12. RSA: Authorization • How can B know this is really the A he knows? • Certification Authority has public key eCA and private key dCA • A proves to CA that he is A using some identity proof, and gets dCA(eA) • B can now use eCA(dCA(eA))=eA Comnet 2010

  13. RSA Authorization example • A wants to send “This is a very important message”. • ... • CA has Public key (3337, 79), Private key (3337, 1019) • B gets A’s authorized public key 51019 mod 3337 = 199 • B uses 19979 mod 3337 = 5 • … Comnet 2010

  14. Firewall • Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others • Firewall is usually implemented as a router • Router filters packets, based on: • source IP address • destination IP address • TCP/UDP source and destination port numbers • ICMP message type • TCP SYN and ACK bits • “Smart filtering” Comnet 2010

  15. Example firewall rules • “Allow outgoing traffic only on ports HTTP, HTTPS, FTP and TELNET” • Used in a work place to make sure people aren’t using dangerous/illegal sharing • Too wide • “Do not allow incomingng traffic on port TCP/4661 (edonkey)” • Too narrow Comnet 2010

  16. More rules • “Allow incoming traffic only on port HTTP/HTTPS” • Is it blocking enough? • What other applications? • “Do not allow traffic from bezeqint.net” • Sad but true Comnet 2010

  17. Firewalls prevented SYN DDOS attack • An external host sends a syn packet. • Firewall responds with a syn+ack to the external host (at this point, the internal server doesn’t even know that there is something going on like this). • If the external hosts sends an ack packet, then the firewall creates a new session by syn to ack to the internal server. • Then it connects them together so that the communication works. Can this be circumvented? What else can the firewall do? Comnet 2010

More Related