ECE/CS 372 – introduction to computer networks Lecture 16

Slides:



Advertisements
Similar presentations
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Advertisements

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
Network Security understand principles of network security:
Public Key Cryptography
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
22-1 Last time □ SMTP ( ) □ DNS This time □ P2P □ Security.
Network Security7-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality”
Chapter 8, slide: 1 ECE/CS 372 – introduction to computer networks Lecture 18 Announcements: r Final exam will take place August 13 th,2012 r HW4 and Lab5.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 11 Network Security (1)
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security Cryptographic Principles
Chapter 8: Network Security
Public-Key Cryptography and Message Authentication
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
What is network security?
Chapter 7 Network Security
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2013 Network Security 1.
Basic Network Encryption
Chapter 8: Network Security
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2014 Network Security 1.
Chapter 8: Network Security
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2010 Network Security 1.
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2015 Network Security 1.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2009 Network Security 1.
Network Security Basics
1DT057 Distributed Information System Chapter 8 Network Security
CAP6135: Malware and Software Vulnerability Analysis Basic Knowledge on Computer Network Security Cliff Zou Spring 2016 Network Security 1.
Intro to Cryptography Some slides have been taken from:
Protocol ap1.0: Alice says “I am Alice”
Encryption INST 346, Section 0201 April 3, 2018.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Security: Principles & Symmetric Key Cryptography
Security: Integrity, Authentication, Non-repudiation
Chapter 8: Network Security
Security: Public Key Cryptography
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Chapter 8 roadmap 8.1 What is network security?
Chapter 8: Network Security
Presentation transcript:

ECE/CS 372 – introduction to computer networks Lecture 16 Announcements: Lab 4 due now Assign 5 is due this Thursday Final exam in LPSC 125 (not here) Credit for lecture slides to Professor Bechir Hamdaoui Adapted from Jim Kurose & Keith Ross (original copyright) Chapter 8, slide:

Chapter 8: Network Security Goals: understand principles of network security: cryptography and its many uses beyond “confidentiality” authentication message integrity Example: securing email Chapter 8, slide:

Bob, Alice want to communicate “securely” Trudy is an enemy (intruder): “bad” guy Q: what should Bob & Alice be concerned about? eavesdrop: messages are intercepted change: messages are modified impersonation: entire communication is hijacked by replacing sender or receiver by himself denial of service: prevent services (e.g., by overloading resources) confidentiality integrity authentication availability sender receiver Messages data Alice Bob Trudy Chapter 8, slide:

Who might Bob, Alice be? … well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates Chapter 8, slide:

What is network security? Goals of network security: Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Availability: services must be accessible and available to users Chapter 8, slide:

Chapter 8 roadmap Principles of cryptography Message integrity Securing email Chapter 8, slide:

Cryptography Cryptography allows a sender to disguise a message so that an intruder can’t gain information from it “confidentiality” plaintext ciphertext K A encryption algorithm decryption Alice’s key Bob’s B All terms marked in red are crypto terminology Chapter 8, slide:

Types of cryptography symmetric key - both sender and receiver use identical key e.g., sender A encrypts with the key receiver B decrypts with same key public/private keys - two keys (public and private) are to be used e.g., sender A encrypts with B’s public key receiver B decrypts with its Private key Chapter 8, slide:

Symmetric key cryptography A-B K A-B encryption algorithm plaintext message, m ciphertext decryption algorithm plaintext K (m) K (m) A-B m = K ( ) A-B symmetric key crypto: Bob and Alice share/know same (symmetric) key: K Q: how do Bob and Alice agree on key value? A-B Chapter 8, slide:

Symmetric key cryptography monoalphabetic cipher: substituting one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc Q: what is the encryption & decryption key?: A: the mapping Q: How hard to break this simple cipher?: A: brute force (how hard?) how many possibilities? 26! Chapter 8, slide:

Symmetric key cryptography polyalphabetic cipher: multiple monoalphabetic ciphers Eg.: C1, C2, C2, C3 (with 3 monoalphabetic cipher keys) First letter, apply C1 Second letter, apply C2 Third letter, apply C2 Fourth letter, apply C3 Then, repeat Harder to break! By avoiding patterns, same letter may appear in different positions Key is “C1, C2, C2, C3” Chapter 8, slide:

Symmetric key cryptography block cipher: msg is encrypted in blocks of k bits (independently) Each k-bit block is encrypted/mapped Possible mappings: 2k! Hard to break Problem Hard to implement, with k=64, sender and receiver need to store a mapping table of 264 entries !! Huge!! Solution Use of functions: break blocks into smaller chunks Chapter 8, slide:

Block Cipher one pass through: one input bit affects eight output bits 64-bit input 8bits 8bits 8bits 8bits 8bits 8bits 8bits 8bits loop for n rounds T1 T2 T3 T4 T5 T6 T7 T8 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits one pass through: one input bit affects eight output bits 64-bit scrambler 64-bit output multiple passes: each input bit affects all output bits Chapter 8, slide:

Cipher Block Chaining + Problem w/ Cipher Block … if input block is repeated, it produces same cipher text: m(1) = “HTTP/1.1” c(1) = “k329aM02” t=1 block cipher … m(17) = “HTTP/1.1” c(17) = “k329aM02” t=17 block cipher cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1) c(0) transmitted to receiver in clear what happens in “HTTP/1.1” scenario from above? + m(i) c(i) block cipher c(i-1) Chapter 8, slide:

Public key cryptography symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never “met”)? public key cryptography radically different approach Two keys Public key: encryp. key known to all Private key: decryp. key known only to receiver Sender uses public key only to encryp Reciever uses both keys to decryp. Chapter 8, slide:

Public key cryptography + Bob’s public key K B - Bob’s private key K B plaintext message, m encryption algorithm ciphertext decryption algorithm plaintext message K (m) B + m = K (K (m)) B + - Note: only Bob is able to understand (decrypt) message m. Because only Bob has Bob’s private key This assures “confidentiality” Chapter 8, slide:

Public key encryption algorithms Requirements: . . + - 1 need K ( ) and K ( ) such that B B K (K (m)) = m B - + + 2 given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adleman algorithm Chapter 8, slide:

RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B - Chapter 8, slide:

RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) 2. To decrypt received bit pattern, c, compute m = c mod n d d (i.e., remainder when c is divided by n) Magic happens! m = (m mod n) e mod n d c Chapter 8, slide:

Bob chooses p=5, q=7. Then n=35, z=24. RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). e c = m mod n e letter m m encrypt: l 12 1524832 17 c d m = c mod n d c letter decrypt: 17 12 481968572106750915091411825223071697 l Chapter 8, slide:

Another RSA example: Bob chooses p=5, q=11. Question: Find (n,e) and (n,d) One answer: 1) n=55; z = 40; 2) e=27; 3) d=3 (ed – 1 = 80 is divisible by 40) 4) public key: (n,e) = (55,27) ; private key: (n,d) = (55,3) Step 1: Compute n = pq, z = (p-1)(q-1) Step 2: Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). Step 3: Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). Step 4: Public key is (n,e). Private key is (n,d). K B + K B - Chapter 8, slide:

RSA: another important property The following property will be very useful later: K (K (m)) = m B - + K (K (m)) = use public key first, followed by private key use private key first, followed by public key Result is the same! Chapter 8, slide:

Chapter 8 roadmap Principles of cryptography Message integrity Securing email Chapter 8, slide:

Message Integrity/Authentication Bob receives msg from Alice, wants to ensure: Authentication: message originally came from Alice Integrity: message not changed since sent by Alice Cryptographic Hashing: What: take input m, produce fixed length value, H(m) e.g., as in Internet checksum Properties of H: given m = H(x), (x unknown), it is computationally infeasible to determine x. difficult to find x  y such that H(x) = H(y) note: Internet checksum fails this requirement! Examples widely used hash functions: MD5, SHA Chapter 8, slide:

MAC: Message Authentication Code (shared secret) s m H(m+s) H(.) compare (message) public Internet append m H(m+s) m H(.) H(m+s) s (shared secret) Any problem ?? Secret key distribution ?? So we can’t really authenticate via MAC alone Does MAC solve Integrity ?? How ?? Authentication ?? How ?? via Hashing via secret key Chapter 8, slide:

Digital Signatures via Public Key Crypto simple digital signature for message m: Bob “signs” m by encrypting with his private key KB, creating “signed” message, KB(m) - - Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m public key encryption algorithm Bob’s private key K B - Bob’s message, m, signed (encrypted) with his private key (m) Chapter 8, slide:

MAC via private/public keys Alice’s public key K A + m K (m) A - compare (message) K (m) A - K (m) A - m public Internet m append m m m K (m) A - K A - Alice’s private key Note: only Alice would have had her private key This assures “authentication” Chapter 8, slide:

Digital Signatures via Public Key Crypto (more) Problem Signing data by encryption and decryption is computationally expensive Imagine encrypting (signing) huge files of data !!! Solution Sign hashed output of original msg (sign H(m) only) Recall hash algorithms turn large msgs into small, fixed length msg … signed MAC is the solution - Chapter 8, slide:

Digital signature = signed MAC = authentication + integrity Alice verifies signature and integrity of digitally signed message: Bob sends digitally signed message: large message m H: hash function KB(H(m)) - encrypted msg digest H(m) digital signature (encrypt) Bob’s private key large message m K B - Bob’s public key digital signature (decrypt) K B + KB(H(m)) - encrypted msg digest H: hash function + H(m) H(m) equal ? Chapter 8, slide:

Public Key Certification Problem with public key: When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? solution: trusted certification authority (CA) Chapter 8, slide:

Certification Authorities Certification Authority (CA): binds public key to particular entity, E. E registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by CA: CA says “This is E’s public key.” - K CA (K ) B + digital signature (encrypt) K B + Bob’s public key K B + CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information K CA Chapter 8, slide:

Certification Authorities when Alice wants Bob’s public key: gets Bob’s certificate apply CA’s public key to Bob’s certificate, get Bob’s public key K B + - K CA (K ) B + digital signature (decrypt) Bob’s public key K B + CA public key + K CA Chapter 8, slide:

Get Bob’s public key from CA CA’s public key K CA + K B + K B + (Bob’s public key) compare - K B + - K CA (K ) B + K CA (K ) B + K B + append public Internet K B + K B + - K CA (K ) B + K CA - CA’s private key Alice just got Bob’s public key (authenticated key) Of course, here we assume that you have CA’s public key !!! Need to get it physically !!! Chapter 8, slide:

Chapter 8: Recap So far: Cryptography & confidentiality Note: Sender applies receiver’s public key its private key So far: Cryptography & confidentiality Symmetric key Public key: A wants to send msg m to B. What does A send? A sends KB+(m); hence, ONLY B understands m by applying KB-(KB+(m)) => confidentiality Authentication & integrity MAC (Msg Authen. Code): requires symmetric key Signed MAC: A -> B A sends (m,KA-(m)) to B, Hence, All get m by applying KA+(KA-(m)); Comparison => authen. + integrity, but NOT confidentiality Chapter 8, slide:

Chapter 8 roadmap Principles of cryptography Message integrity Securing e-mail Chapter 8, slide:

Secure e-mail (confidentiality) Alice wants to send confidential e-mail, m, to Bob. KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet A B Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob. Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m Note that to provide confidentiality, sender encrypts with receiver’s public key (ONLY receiver should see msg) Chapter 8, slide:

Secure e-mail (authen. + integrity) Alice wants to provide sender authentication/integrity. H( ) . KA( ) - + H(m ) KA(H(m)) m KA Internet compare A B Alice digitally signs message. sends both message (in the clear) and digital signature. Again note that to provide authenticate/integrity, sender encrypts with its private (all can understand msg) Chapter 8, slide:

Secure e-mail (all: confid. + auth. + integrity) Alice wants to provide secrecy, sender authentication, message integrity. H( ) . KA( ) - + KA(H(m)) m KA KS( ) KB( ) KB(KS ) KS KB Internet A Alice uses three keys: her private key, Bob’s public key, newly created symmetric key Chapter 8, slide:

The end of new material! Final Review on Thursday! Chapter 8, slide:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.