TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
3.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Traditional Symmetric-Key Ciphers.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Rachana Y. Patil 1 1.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.
3.1 SERVICES AND MECHANISMS SERVICES AND MECHANISMS The International Telecommunication Union- Telecommunication Standardization Section (ITU-T) provides.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Chapter 10 Network Security.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
Entity Authentication
Public-Key Cryptography CS110 Fall Conventional Encryption.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
Midterm Review Cryptography & Network Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Security.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Symmetric-Key Cryptography
Traditional Symmetric-Key Ciphers
30.1 Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
5.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 5 Introduction to Modern Symmetric-key Ciphers.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CPIS 312 Chapter Four: PUBLIC KEY CRYPTO. Index 2 A.Introduction A.1 Asymmetric Key Cryptography- Introduction A.2 General ideas about the Public Key.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Asymmetric-Key Cryptography
Computer Communication & Networks
Chapter 30 Cryptography Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
PART VII Security.
Symmetric-Key Cryptography
Chapter 13 Digital Signature
Chapter 29 Cryptography and Network Security
Symmetric-Key Cryptography
Presentation transcript:

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network Security

TCP/IP Protocol Suite 2OBJECTIVES:  To introduce security goals and to discuss the types of attacks that threaten these goals.  To introduce traditional ciphers as symmetric-key ciphers to create the background for understanding modern symmetric-key ciphers.  To introduce the elements of modern block ciphers and show an example of a modern block cipher in which these elements are used.  To discuss the general idea behind asymmetric-key ciphers and introduce one common cipher in this category.  To discuss message integrity and show how to use a cryptographic hash function to create a message digest.

TCP/IP Protocol Suite 3 OBJECTIVES (continued):  To introduce the idea of message authentication and show how a message digest combined with a secret can authenticate the sender.  To show how the idea of digital signatures can be used to authenticate a message using a pair of private-public keys.  To introduce the idea of entity authentication and show some simple schemes using either a secret key or a pair of private- public keys.  To show how secret keys in symmetric-key cryptography and how public keys in asymmetric-key cryptography can be distributed and managed using KDCs or certificate authorities (CAs).

TCP/IP Protocol Suite 4 Chapter Outline 29.1 Introduction 29.2 Traditional Ciphers 29.3 Modern Ciphers 29.4 Asymmetric-Key Ciphers 29.5 Message Integrity 29.6 Message Authentication 29.7 Digital Signature 29.8 Entity Authentication 29.9 Key Management

TCP/IP Protocol Suite INTRODUCTION We are living in the information age. We need to keep information about every aspect of our lives. In other words, information is an asset that has a value like any other asset. As an asset, information needs to be secured from attacks. To be secured, information needs to be hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity), and available to an authorized entity when it is needed (availability).

TCP/IP Protocol Suite 6 Topics Discussed in the Section Security Goals Attacks Services Techniques

TCP/IP Protocol Suite 7 Figure 29.1 Taxonomy of attacks with relation to security goals

TCP/IP Protocol Suite TRADITIONAL CIPHERS We now look at the first goal of security, confidentiality. Confidentiality can be achieved using ciphers. Traditional ciphers are called symmetric-key ciphers (or secret-key ciphers) because the same key is used for encryption and decryption and the key can be used for bidirectional communication. Figure 29.2 shows the general idea behind a symmetric-key cipher.

TCP/IP Protocol Suite 9 Topics Discussed in the Section Key Substitution Ciphers Transposition Ciphers Stream and Block Ciphers

TCP/IP Protocol Suite 10 Figure 29.2 General idea of traditional cipher

TCP/IP Protocol Suite 11 A substitution cipher replaces one symbol with another. Note

TCP/IP Protocol Suite 12 Figure 29.3 Symmetric-key: locking and unlocking with the same key

TCP/IP Protocol Suite 13 A substitution cipher replaces one symbol with another. Note

TCP/IP Protocol Suite 14 Figure 29.4 Representation of characters in modulo 26

TCP/IP Protocol Suite 15 In additive cipher, the plaintext, ciphertext, and key are integers in modulo 26. Note

TCP/IP Protocol Suite 16 Use the additive cipher with key = 15 to encrypt the message “hello”. Solution We apply the encryption algorithm to the plaintext, character by character. The result is “WTAAD”. Note that the cipher is monoalphabetic because two instances of the same plaintext character (ls) are encrypted as the same character (A). Example Example 29.1

TCP/IP Protocol Suite 17 Use the additive cipher with key = 15 to decrypt the message “WTAAD”. Solution We apply the decryption algorithm to the plaintext character by character. The result is “hello”. Note that the operation is in modulo 26, which means that we need to add 26 to a negative result (for example  15 becomes 11). Example Example 29.2

TCP/IP Protocol Suite 18 Figure 29.5 An example key for mono-alphabetic substitution cipher

TCP/IP Protocol Suite 19 We can use the key in Figure 29.5 to encrypt the message Example Example 29.3 The ciphertext is

TCP/IP Protocol Suite 20 A transposition cipher reorders symbols. Note

TCP/IP Protocol Suite 21 Figure 29.6 Transposition cipher

TCP/IP Protocol Suite MODERN CIPHERS The traditional symmetric-key ciphers that we have studied so far are character-oriented ciphers. With the advent of the computer, we need bit-oriented ciphers. This is because the information to be encrypted is not just text; it can also consist of numbers, graphics, audio, and video data. It is convenient to convert these types of data into a stream of bits, to encrypt the stream, and then to send the encrypted stream. A modern block cipher can be either a block cipher or a stream cipher.

TCP/IP Protocol Suite 23 Topics Discussed in the Section Modern Block Ciphers Data Encryption Standard (DES) Modern Stream Ciphers

TCP/IP Protocol Suite 24 Figure 29.7 A modern block cipher

TCP/IP Protocol Suite 25 Figure 29.8 Components of a modern block cipher

TCP/IP Protocol Suite 26 Figure 29.9 General structure of DES

TCP/IP Protocol Suite 27 Figure DES function

TCP/IP Protocol Suite 28 Figure Key generation

TCP/IP Protocol Suite 29 We choose a random plaintext block, a random key, and a computer program to determine what the ciphertext block would be (all in hexadecimal): Example Example 29.4

TCP/IP Protocol Suite 30 To check the effectiveness of DES, when a single bit is changed in the input, let us use two different plaintexts with only one single bit difference. The two ciphertexts are completely different without even changing the key: Example Example 29.5 Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits.

TCP/IP Protocol Suite 31 Figure One-time pad

TCP/IP Protocol Suite ASYMMETRIC-KEY CIPHERS In previous sections we discussed symmetric-key ciphers. In this chapter, we start the discussion of asymmetric-key ciphers. Symmetric-key and asymmetric-key ciphers will exist in parallel and continue to serve the community. We actually believe that they are complements of each other; the advantages of one can compensate for the disadvantages of the other.

TCP/IP Protocol Suite 33 Topics Discussed in the Section Keys General Idea RSA Cryptosystem Applications

TCP/IP Protocol Suite 34 Symmetric-key cryptography is based on sharing secrecy; asymmetric-key cryptography is based on personal secrecy. Note

TCP/IP Protocol Suite 35 In symmetric-key cryptography, symbols are permuted or substituted; in asymmetric-key cryptography, numbers are manipulated. Note

TCP/IP Protocol Suite 36 Figure Locking and unlocking in asymmetric-key cryptosystem

TCP/IP Protocol Suite 37 Asymmetric-key ciphers are sometimes called public-key ciphers. Note

TCP/IP Protocol Suite 38 Figure General idea of asymmetric-key cryptosystem

TCP/IP Protocol Suite 39 Figure Encryption, decryption, and key Generation in RSA

TCP/IP Protocol Suite 40 For the sake of demonstration, let Bob choose 7 and 11 as p and q and calculate n = 7 × 11 = 77. The value of φ(n) = (7 − 1)(11 − 1), or 60. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1. Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. This system is not safe because p and q are small. Example Example 29.6

TCP/IP Protocol Suite 41 Here is a more realistic example calculated with a computer. We choose a 512-bit p and q, calculate n and φ(n), We then choose e and calculate d. Finally, we show the results of encryption and decryption. The integer p is a 159-digit number. Example Example 29.7 The integer q is a 160-digit number.

TCP/IP Protocol Suite 42 The modulus n = p × q. It has 309 digits. Example Example 29.7 Continued φ(n) = (p − 1)(q − 1) has 309 digits.

TCP/IP Protocol Suite 43 Bob chooses e = (the ideal is 65537). He then finds d. Example Example 29.7 Continued Alice wants to send the message “THIS IS A TEST”, which can be changed to a numeric value using the 00−26 encoding scheme (26 is the space character).

TCP/IP Protocol Suite 44 The ciphertext calculated by Alice is C = P e, which is Example Example 29.7 Continued Bob can recover the plaintext from the ciphertext using P = C d, which is The recovered plaintext is “THIS IS A TEST” after decoding.

TCP/IP Protocol Suite MESSAGE INTEGRITY The cryptography systems that we have studied so far provide secrecy, or confidentiality, but not integrity. However, there are occasions where we may not even need secrecy but instead must have integrity. For example, Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted. After her death, anyone can examine the will. The integrity of the will, however, needs to be preserved. Alice does not want the contents of the will to be changed.

TCP/IP Protocol Suite 46 Topics Discussed in the Section Message and Message Digest Hash Functions

TCP/IP Protocol Suite 47 Figure Message and digest

TCP/IP Protocol Suite 48 The message digest needs to be safe from change. Note

TCP/IP Protocol Suite MESSAGE AUTHENTICATION A digest can be used to check the integrity of a message: that the message has not been changed. To ensure the integrity of the message and the data origin authentication— that Alice is the originator of the message, not somebody else—we need to include a secret held by Alice (that Eve does not possess) in the process; we need to create a message authentication code (MAC). Figure shows the idea.

TCP/IP Protocol Suite 50 Topics Discussed in the Section MAC HMAC

TCP/IP Protocol Suite 51 Figure Message authentication code

TCP/IP Protocol Suite 52 A MAC provides message integrity and message authentication using a combination of a hash function and a secret key. Note

TCP/IP Protocol Suite DIGITAL SIGNATURE Another way to provide message integrity and message authentication (and some more security services as we see shortly) is a digital signature. A MAC uses a secret key to protect the digest; a digital signature uses a pair of private-public keys.

TCP/IP Protocol Suite 54 Topics Discussed in the Section Comparison Process Signing the Digest Services RSA Digital Signature Scheme Digital Signature Standard (DSS)

TCP/IP Protocol Suite 55 A digital signature uses a pair of private- public keys. Note

TCP/IP Protocol Suite 56 Figure Digital signature process

TCP/IP Protocol Suite 57 A digital signature needs a public-key system. The signer signs with her private key; the verifier verifies with the signer’s public key. Note

TCP/IP Protocol Suite 58 A cryptosystem uses the private and public keys of the receiver: a digital signature uses the private and public keys of the sender. Note

TCP/IP Protocol Suite 59 Figure Signing the digest

TCP/IP Protocol Suite 60 Figure Using a trusted center for non-repudiation

TCP/IP Protocol Suite 61 Figure The RSA signature one the message digest

TCP/IP Protocol Suite ENTITY AUTHENTICATION Entity authentication is a technique designed to let one party prove the identity of another party. An entity can be a person, a process, a client, or a server. The entity whose identity needs to be proven is called the claimant; the party that tries to prove the identity of the claimant is called the verifier.

TCP/IP Protocol Suite 63 Topics Discussed in the Section Entity versus Message Authentication Verification Categories Passwords Challenge-Response

TCP/IP Protocol Suite 64 In challenge-response authentication, the claimant proves that she knows a secret without sending it to the verifier. Note

TCP/IP Protocol Suite 65 Figure Unidirectional symmetric-key authentication

TCP/IP Protocol Suite 66 Figure Unidirectional asymmetric-key authentication

TCP/IP Protocol Suite 67 Figure Digital signature, unidirectional authentication

TCP/IP Protocol Suite KEY MANAGEMENT We discussed symmetric-key and asymmetric-key cryptography in the previous sections. However, we have not yet discussed how secret keys in symmetric-key cryptography, and public keys in asymmetric-key cryptography, are distributed and maintained. This section touches on these two issues.

TCP/IP Protocol Suite 69 Topics Discussed in the Section Symmetric-Key Distribution Symmetric-Key Agreement Public-Key Distribution

TCP/IP Protocol Suite 70 Figure Multiple KDC’s

TCP/IP Protocol Suite 71 A session symmetric key between two parties is used only once. Note

TCP/IP Protocol Suite 72 Figure Creating a session key using KDC

TCP/IP Protocol Suite 73 Figure Diffie-Hellman method

TCP/IP Protocol Suite 74 The symmetric (shared) key in the Diffie-Hellman method is K = g xy mod p. Note

TCP/IP Protocol Suite 75 Let us give a trivial example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume that g = 7 and p = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R 1 = 7 3 mod 23 = Alice sends the number 21 to Bob. 3. Bob chooses y = 6 and calculates R 2 = 7 6 mod 23 = Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 4 3 mod 23 = 18. Bob calculates the symmetric key K = 21 6 mod 23 = 18. The value of K is the same for both Alice and Bob; g xy mod p = 7 18 mod 35 = 18. Example Example 29.8

TCP/IP Protocol Suite 76 In public-key cryptography, everyone has access to everyone’s public key; public keys are available to the public. Note

TCP/IP Protocol Suite 77 Figure Certification authority