1 / 23

CPS 590.3 Computer Security

CPS 590.3 Computer Security. Network Tools Cryptography Basics. Discovering My Laptop’s IPv4 Address. On Windows, use program ipconfig. On Mac or Linux, use ifconfig or ip. Only my wired ethernet interface has an IP address (152.3.136.127.).

jeffreyy
Télécharger la présentation

CPS 590.3 Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPS 590.3 Computer Security Network Tools Cryptography Basics

  2. Discovering My Laptop’s IPv4 Address • On Windows, use program ipconfig. On Mac or Linux, use ifconfig or ip. • Only my wired ethernet interface has an IP address (152.3.136.127.)

  3. Resolving the name www.cs.duke.edu to an IP address • On Windows, use nslookup. On Mac or Linux, use dig. • The answer is provided by the authoritative name server duke.cs.duke.edu (152.3.140.1) • www.cs.duke.edu is an alias for the canonical name (CNAME) sibyl.cs.duke.edu • The address for sibyl.cs.duke.edu is 152.3.140.31.

  4. Capturing and Examining Packets • I begin to capture packets on my wired ethernet interface using the program called wireshark (for Windows, Mac, or Linux). • I make a request to http://www.cs.duke.edu/~bmm through my browser. • I enter the filter (ip.src == 152.3.136.127 || ip.dst == 152.3.136.31) && (ip.dst == 152.3.140.127 || ip.src == 152.3.140.31) to examine only packets between my machine and www.cs.duke.edu.

  5. TCP Three-Way Handshake • SYN • SYN-ACK • ACK • First three packets show the TCP three-way handshake, SYN, SYN-ACK, ACK, which is used to establish a TCP connection. • Note: The handshake makes it difficult to establish a TCP connection with a spoofed (forged) browser source address in the SYN packet: • Server will send SYN-ACK to the spoofed address, which won’t reply with an ACK. • Sender of spoofed SYN packet doesn’t receive the SYN-ACK, doesn’t know the correct sequence number to ACK. • Egress filtering: drop packets with non-local source addresses as they leave a network

  6. Browser Sends HTTP GET Request CPS 290

  7. Server Responds with HTTP 301 Code • The server didn’t like my request for http://www.cs.duke.edu/~bmm It wanted me to enter http://www.cs.duke.edu/~bmm/ • Criminy! CPS 290

  8. Plaintext M • C = Ekey1(M) • Encryption • Key1 • Cyphertext C • Decryption • M = Dkey2(C) • Key2 • Original Plaintext M Basic Cryptography Definitions • Symmetric: Key1 = Key2 • Asymmetric: Key1  Key2 • Key1 or Key2 may be public depending on the protocol

  9. Plaintext • C =Ek(M) • Encryption • Key1 • Cyphertext • Decryption • M = Dk(C) • Key1 • Original Plaintext Private Key Cryptosystems • Example: two parties share Key1 in advance, use it for both encryption and decryption.

  10. Public Key Cryptosystems • Introduced by Diffie and Hellman in 1976. • Plaintext • Public Key systems K1 = public key K2 = private key • C=Ek(M) • Encryption • K1 • Cyphertext • Digital signatures K1 = private key K2 = public key • Decryption • M=Dk(C) • K2 • Original Plaintext • Typically used as part of a more complicated protocol.

  11. What does it mean to be secure? • Unconditionally Secure: Encrypted message cannot be decoded without the key • Shannon showed in 1943 that key must be as long as the message to be unconditionally secure – this is based on information theory • A one time pad – xor a random key with a message (Used in 2nd world war) • Security based on computational cost: it is computationally “infeasible” to decode a message without the key. • E.g., there is no (probabilistic) polynomial time algorithm can decode the message.

  12. Primitives: One-Way Functions • (Informally): A function y = f(x) is one-way if it is easy, given x, to compute f(x),but hard, given y, to find any x such that f(x)=y • Note that f may not be strictly invertible, i.e., there may be more than one x such that f(x)=y • The security of most protocols rely on the existence of one-way functions. • Unfortunately, one-way functions have not been proved to exist, even if we assume P  NP.

  13. One-way functions: possible definition • f(x) is polynomial time • f-1(y) is NP-hard • What is wrong with this definition? • “f-1(y) is NP-hard” is a statement only about worst-case complexity • f-1(y) may be NP-hard, but still easy to solve for most y • Efforts to base cryptosystems on NP-hard problems have all failed. We don’t know how to generate difficult to solve instances.

  14. One-way functions:better definition • For almost all y no single PPT (probabilistic polynomial time) algorithm can compute x • Roughly: at most a fraction 1/|x|k instances x are easy for any k and as |x| ->  • This definition can be used to make the probability of hitting an easy instance arbitrarily small.

  15. Some examples (conjectures) • Factoring:x = (u,v)y = f(u,v) = u*v If u and v are prime it is hard to generate them from y. • Discrete Log:y = gx mod p where p is prime and g is a “generator” (i.e., g1, g2, g3, … generates all values < p).

  16. One-way functions in private-key protocols • y = ciphertext m = plaintext k= key • y = Ek(m) • Given y, it should be hard to find m (Ek should be one-way) • Rewrite the function: y = Ek(m) = E(k,m) = Em(k) • Given y and m, it should also be hard to find k, i.e., Em should also be a one-way function. • In a known-plaintext attack we know one or more (y,m) pairs, and try to extract the key k.

  17. Cryptanalytic Attacks C = ciphertext messages M = plaintext messages • Ciphertext Only:Attacker has multiple Cs but does not know the corresponding Ms • Known Plaintext: Attacker knows some number of (C,M) pairs. • Chosen Plaintext: Attacker chooses M and is given C. • Chosen Ciphertext: Attacker chooses C and is given M.

  18. The Cast • Alice – initiates a message or protocol • Bob - second participant • Trent – trusted middleman • Eve – eavesdropper • Mallory – malicious active attacker • Mallory • Trent • Alice • Bob • Eve

  19. One-way functions in public-key protocols • y = ciphertext m = plaintext k = public key • Consider: y = Ek(m) (i.e., f = Ek) • We know k and thus f • Ek(m) needs to be easy • Ek-1(y) should be hard • Otherwise we could decrypt y. • But what about the intended recipient, who should be able to decrypt y?

  20. One-Way Trapdoor Functions • A one-way function with a “trapdoor” • The trapdoor is a key that makes it easy to invert the function y = f(x) • Example: RSA (conjectured to be hard to invert without trapdoor) y = xe mod n Where n = pq (p, q are prime) p or q or d (where ed = 1 mod (p-1)(q-1)) can be used as trapdoors • In public-key algorithms f(x) = public key (e.g., e and n in RSA) Trapdoor = private key (e.g., d in RSA)

  21. One-way Hash Functions • Y = h(x) where • y is a fixed length independent of the size of x. In general this means h is not invertible since it is many to one. • Calculating y from x is easy • Calculating any x such that y = h(x) give y is hard • Calculating any pair x1 and x2 such that h(x1)=h(x2) is hard • Used in digital signatures and other protocols.

  22. Protocols: Digital Signatures • Goals: • Convince recipient that message was actually sent by a trusted source • Do not allow tampering with the message without invalidating the signature

  23. Dk1(m) • Alice • Bob Using Public Keys • K1 = Alice’s private key • Bob decrypts it with her public key • (in RSA, e.g., either key can be used to encrypt, and the other can then be used to descript) • More Efficiently • Dk1(h(m)) + m • Alice • Bob • h(m) is a one-way hash of m

More Related