1 / 60

NETWORK SECURITY

NETWORK SECURITY. Public-Key Cryptography and Message Authentication. OUTLINE Approaches to Message Authentication Secure Hash Functions and HMAC Public-Key Cryptography Principles Public-Key Cryptography Algorithms Digital Signatures Key Management. What Is Message Authentication.

misha
Télécharger la présentation

NETWORK SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETWORK SECURITY

  2. Public-Key Cryptography and Message Authentication OUTLINE • Approaches to Message Authentication • Secure Hash Functions and HMAC • Public-Key Cryptography Principles • Public-Key Cryptography Algorithms • Digital Signatures • Key Management

  3. What Is Message Authentication • It’s the “source,” of course! • Procedure that allows communicating parties to verify that received messages are authentic(可信的) • Characteristics: • source is authentic – masquerading • contents unaltered – messagemodification • timely sequencing – replay

  4. Approaches to Message Authentication • Authentication Using Conventional Encryption • Assume only sender and receiver share a key • Then a correctly encrypted message should be from the sender • Usually also contains error-detection code, sequence number and time stamp

  5. Message Authentication • Without Encryption • No confidentiality is preferred when: • Same message is broadcast to many destinations • Heavy load and cannot decrypt all messages – some chosen at random • No danger in sending plaintext Append authentication tag to each message

  6. Approaches to Message Authentication • Message Authentication without Message Encryption • An authentication tag is generated and appended to each message-Message Authentication Code (MAC) • MAC is generated by using a secret key • Assumes both parties A,B share common secret key KAB • Code is function of message and key MACM= F(KAB, M) • Message plus code are transmitted

  7. Using Symmetric Ciphers for MACs • can use cipher block chaining mode and use final block as a MAC密码分组链接模式中最后一组输出作为MAC码 • Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC • using IV=0 and zero-pad of final block • encrypt message using DES in CBC mode • and send just the final block as the MAC • or the leftmost M bits (16≤M≤64) of final block

  8. Data Authentication Algorithm (DAA)

  9. One-way HASH function • Alternative to Message Authentication Code • Accepts a variable size message M as input and produces a fixed-size message digest H (M) as output

  10. One-way HASH function

  11. One Way Hash Function Ideally We Would Like To Avoid Encryption • Encryption software is slow • Encryption hardware costs aren’t cheap • Hardware optimized toward large data sizes • Algorithms covered by patents(专利) • Algorithms subject to exportcontrol

  12. One-way HASH function • Secret value is added before the hash and removed before transmission.

  13. Secure HASH Functions • Purpose of the HASH function is to produce a “fingerprint”. • Properties of a HASH function H : • H can be applied to a block of data at any size • H produces a fixed length output • H(x) is easy to compute for any given x. • For any given block h, it is computationally infeasible to find x such that H(x) = h • For any given block x, it is computationally infeasible to find with H(y) = H(x). • It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)

  14. 每一位产生一个简单的奇偶校验 Simple Hash Function • General principle • Input is a sequence of n-bit blocks • Input is processed one block at a time to produce an n-bit hash function • A simple example is the bit-by-bit XOR of each block Ci = bi1 ⊕bi2⊕ … ⊕bim Ci is ith bit of hash code 1 <= i <= n m is number of n-bit block in input bij is ith bit in jth block ⊕ is the XOR operation

  15. SHA-1 Secure Hash Function • The Secure Hash Algorithm( SHA) was developed by the National Institute of Standards and Technology and published in 1993. SHA-1 is 1995 revised version (修订版). • It takes as input a message with maximum length < 264 bits and produces a 160-bit message digest. • It is processed in 512-bit blocks.

  16. SHA-1 Secure Hash Function K

  17. SHA-1 Processing of single 512-Bit Block

  18. SHA-1 - Kt

  19. SHA-1 -Creation of 80-word Wt=(Wt-16Wt-14 Wt-8 Wt-3) <<1

  20. Other Secure HASH functions

  21. Public-Key Cryptography Principles • The use of two keys has consequences in: key distribution, confidentiality and authentication. • The scheme has six ingredients (see Figure 3.7) • Plaintext • Encryption algorithm • Public and private key • Ciphertext • Decryption algorithm

  22. Encryption using Public-Key system Encryption

  23. Authentication usingPublic-Key System Authentication

  24. Applications for Public-Key Cryptosystems • Three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key echange: Two sides cooperate two exhange a session key.

  25. Public-Key Cryptographic Algorithms • RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA is a block cipher • The most widely implemented • based on exponentiation求幂in a finite field over integers modulo a prime • uses large integers (eg. 1024 bits) • security due to cost of factoring large numbers 安全性是基于对大数的分解是非常困难的

  26. Prime and Composite Numbers • An integer p is prime if its divisors are 1 and p only.P是素数当且仅当它只有因子1 和 p • Otherwise, it is a composite number. • E.g. 2,3,5,7 are prime; 4,6,8,9,10 are not • List of prime number less than 200: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

  27. Prime Factorization (因数分解) • To factor a number n is to write it as a product of other numbers: n = a × b × c • The prime factorization of a number n is when it is written as a product of primes • E.g. 91=7×13; 3600=24×32×52 • It is generally hard to do (prime) factorization when the number is large • E.g. factorize 93874093217498173983210748123487143249761

  28. Relatively Prime Numbers & GCD • two numbers a, b are relatively prime互素if have no common divisors公因子apart from 1 • eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor • conversely can determine the GCD(greatest common divisor) by comparing their prime factorizations and using least powers • eg. 300=21×31×52 18=21×32hence GCD(18,300)=21×31×50=6

  29. The Euler phi Function For n  1, let (n) denote the number of integers in the interval [1, n] which are relatively prime to n. The function  is called the Euler phi function (or the Euler totient function). Fact 1. The Euler phi function is multiplicative. I.e. if gcd(m, n) = 1, then (mn) = (m) x (n). E.g. 91=7×13 (7) =6 (13)=12 (91) = (7) × (13) =6×12=72

  30. Euler's Theorem • Euler’s Theorem • Let n be a composite. Then b(n) =1 (mod n) for any integer b which is relatively prime to n. • E.g. b=3; n=10; (10)=4  34 =81 =1 (mod 10) • E.g. b=2; n=11; (11)=10  210 =1024 =1 (mod 11)

  31. RSA Key Generation each user generates a public/private key pair by: • selecting two large primes at random p, q • computing their system modulus N=p.q • note φ(N)=(p-1)(q-1) • selecting at random the encryption key e • where 1<e<φ(N), gcd(e,φ(N))=1 • solve following equation to find decryption key d • e.d=1 mod φ(N) and 0≤d≤N • publish their public encryption key: KU={e,N} • keep secret private decryption key: KR={d,N}

  32. Example of RSA Algorithm

  33. RSA Example • Select primes: p=17 & q=11 Compute n = pq= 187 • Compute φ(n)=(p–1)(q-1)=16×10=160 • Select e : gcd(e,160)=1; choose e=7 • Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1 • public key KU=(7,187) private key KR=(23,187) • given message M = 88 ( 88<187) • encryption: C = 887 mod 187 = 11 • decryption: M = 1123 mod 187 = 88

  34. Why RSA Works P & Q PRIME N = PQ ED = 1 MOD (P-1)(Q-1) C = ME MOD N M = CD MOD N because of Euler's Theorem: • aφ(n)mod N = 1 • where gcd(a,N)=1 • in RSA have: • N=p×q • φ(N)=(p-1)(q-1) • carefully chosen e & d to be e×d=1 mod φ(N) • hence e×d=1+k×φ(N) for some k • hence :Cd = (Me)d = M1+k×φ(N) = M1×(Mφ(N))k = M1×(1)k = M1 = M mod N

  35. Why RSA Works • This is true if M is relatively prime to N • (according to Euler’s Generalization). • What if M is not relatively prime to N?

  36. The Last Step of RSA Correctness Proof P & Q PRIME N = PQ ED = 1 MOD (P-1)(Q-1) C = ME MOD N M = CD MOD N • If gcd(M, N)  1, then M and N share either P or Q as a prime factor. • Not both because M < N and P and Q are the only prime factors of N. • To Show: Mk(N)+1 = M (mod N) • Case 1: Let’s look at p as a factor of M: M=cP. • M(Q) = 1 (mod Q) as gcd(M, Q) = 1. • Raise both sides to kφ(P), [M(Q)]k(P) = Mk(N) =1 (mod Q) • Mk(N) = 1 + iQ for some integer i. • Since M = cP, MMk(N) = M(1 + iQ) = M+cPiQ=M + ciN • Hence Mk(N)+1 = M (mod N) • Case 2: Without loss of generality, this holds for M=cQ.

  37. HMAC • Use a MAC derived from a cryptographic hash code, such as SHA-1. • Motivations: • Cryptographic hash functions executes faster in software than encryptoin algorithms such as DES • Library code for cryptographic hash functions is widely available • No export restrictions from the US

  38. HMAC Structure

  39. Diffie-Hellman Algorithm • First introduced by Diffie-Hellman in 1976 • Mathematical functions rather than simple operations on bit patterns • Allows two separate keys • Exchange keys securely • Compute discrete logarithms

  40. DH details • i.e. if a is a primitive root(本原根)of prime p, • a mod p, a2 mod p, … ,ap-1 mod p are distinct and contain 1 through (p-1) in some order. • Compute the primitive rootof prime 7 3 mod 7=3, 32 mod 7=2, 33 mod 7=6 , 34 mod 7=4, 35 mod 7=5, 36 mod 7=1

  41. DH details continued… • For b less than p and a, find unique exponent i such that b = ai mod p 0 ≤ i ≤ (p-1)i is the discrete logarithm (离散对数) • Denoted inda,p(b), it is hard to calculate given ai mod p (=b)

  42. Diffie-Hellman basics a, p Pick secret, random XB Pick secret, random XA YA= aXAmod p YB= aXBmod p Alice Bob Compute k =(YB)XAmod p =(aXB mod p)XAmod p = (aXB)XAmod p = aXBXA mod p= (aXA) XB mod p = (aXA mod p) XB mod p=(YA) XB mod p

  43. Diffie-Hellman Key Echange

  44. Diffie-Hellman Key Echange • The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very difficult to calculate discrete logarithms, the latter task is considered infeasible. • 公开a , p , YA, YB , 计算XA=inda,p(YA) , XB=inda,p(YB) 是不可行的。

  45. Diffie-Hellman Key Echange • ExampleP=71 a=7 XA=5 XB=12YA=75mod71=51 YB=712mod71=4A: K=(YB)XAmod71=45mod71=30B: K=(YA)XBmod71=5112mod71=30

  46. Other Public-Key Cryptographic Algorithms • Digital Signature Standard (DSS) • Makes use of the SHA-1 • Not for encryption or key echange • Elliptic-Curve Cryptography (ECC) • Good for smaller bit size • Low confidence level, compared with RSA • Very complex

  47. Digital signatures • A digital signature is an encryption of a document with the creator’s private key • It is attached to a document that validates the creator of the document • Any one can validate it by decrypting the signature with the claimed creator’s public key

  48. Digital signatures on hashes • A more efficient way for a digital signature is by creating an authenticator of the document first (a hash) • Then sign the hash (i.e. encrypt the hash using private key) • If M is the message (or document), Hash(M) = H • sigPV(A)(H) represents sigining H • i.e. encrypting H with A’s private key

  49. Digital Signatures: The basic idea public key ? public key private key Alice Bob

More Related