©Brooks/Cole, 2003 Chapter 16 Security

©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation. Understand how these aspects can be achieved using encryption and decryption. Understand the difference between secret-key and public-key encryption. After reading this chapter, the reader should be able to: O BJECTIVES Realize how a digital signature can provide privacy, integrity, and nonrepudiation.

©Brooks/Cole, 2003 Figure 16-1 Aspects of security Privacy ( 隱私 ): only the sender and the receiver of the message are able to understand the contents of the messages. Authentication ( 証明 ): the receiver needs to be sure of the sender’s identity. Integrity ( 完整 ): the contents of the message should not be changed during transmission. Non-repudiation ( 不摒棄 ): a secure system needs to prove that the sender actually sent the message.

©Brooks/Cole, 2003 PRIVACYPRIVACY 16.1

Privacy The privacy can be achieved using encryption ( 加密 ) / decryption ( 解密 ) methods. Two categories of encryption/decryption: Secret key Public key

©Brooks/Cole, 2003 Figure 16-2 Secret key encryption ( 加密 ) Plaintext ( 顯文 ) : the data are not encrypted Ciphertext ( 密文 ) : data are encrypted Note that the secret key encryption algorithms are often referred to as symmetric encryption algorithms.

©Brooks/Cole, 2003 In secret key encryption, the same key is used in encryption and decryption. However, the encryption and decryption algorithms are the inverse of each other. Note:

©Brooks/Cole, 2003 An example DES: data encryption standard DES encrypts and decrypts at the bit level. The plaintext are broken into segments of 64 bits. Each section is encrypted using a 56-bit key. (Fig. 16.3) Every bit of ciphertext depends on every bit of plaintext and the key. It is very difficult to guess the bits of plaintext from the bits of ciphertext.

Figure 16-3 DES: data encryption standard Stage 1, 18, and 19 of the algorithm are just permutation operations. Stage 1, 18, and 19 of the algorithm are just permutation operations. Stages 2 to 17 are identical stages. Stages 2 to 17 are identical stages. The right 32 bits of a stage become the left 32 bits of the next stage. The right 32 bits of a stage become the left 32 bits of the next stage. The left 32 bits of a stage are scrambled with the key and become the right 32 bits of the next stage. The left 32 bits of a stage are scrambled with the key and become the right 32 bits of the next stage. The scrambling is complex The scrambling is complex and beyond the scope of this book.

©Brooks/Cole, 2003 Privacy with secret key Data encryption standard (DNS) Data encryption standard (DNS) Advantage Advantage Efficiency Efficiency They are very good candidates for long messages. They are very good candidates for long messages. Disadvantages Disadvantages Each pair of user must have a secret key. Each pair of user must have a secret key. N people  N(N-1)/2 secrete keys N people  N(N-1)/2 secrete keys The distribution of the keys between two parties can be difficult. The distribution of the keys between two parties can be difficult.

©Brooks/Cole, 2003 Figure 16-4 Public key encryption The whole idea of this method is that the encryption and decryption algorithms are of each other. The whole idea of this method is that the encryption and decryption algorithms are not the inverse of each other.

©Brooks/Cole, 2003 An example RSA: Rivest-Shamir-Adleman encryption RSA: Rivest-Shamir-Adleman encryption The private key is a pair of numbers (N, d) The public key is a pair of numbers (N, e) Encryption: C = P e mod N C: ciphertext P: plaintext Decryption: P = C d mod N Fig. 16.5

©Brooks/Cole, 2003 Figure 16-5 RSA An intruder ( 侵入者 ) could guess the value of d. A major concept of the RSA algorithm is the use of very large numbers for d and e.

©Brooks/Cole, 2003 Choosing public and private keys Procedure: Choose two large prime numbers, p and q. Computer N = p X q Choose e (less than N) such that e and [(p -1) X (q -1)] are relatively prime (having no common factor other than 1) Choose d such that (e X d) mod [(p -1)(q -1)] is equal to 1 Example: p = 5, q = 7, N = 35, e = 11, …

©Brooks/Cole, 2003 RSA Advantage Individuals can post their public key on their Web site. The number of the keys is only twice of the number of user. Disadvantage The complexity of the algorithm: calculating the ciphertext from plaintext using the long keys takes a lot of time.

©Brooks/Cole, 2003 Figure 16-6 Combination The public key is used to encrypt the secret key. The secret key is used to encrypt the message.

©Brooks/Cole, 2003 DIGITALSIGNATUREDIGITALSIGNATURE 16.2

Digital signature ( 數位簽章 ) Digital signature When an author signs a document, it cannot be changed. When you send a document electronically, you can also sign it. Digital signature can be done in two ways: You can sign the whole document You can sign a digest ( 摘要 ) of the document

©Brooks/Cole, 2003 Figure 16-7 Signing the whole document You can not provide these aspects of security using the secret key. The method does not provide secrecy.

©Brooks/Cole, 2003 Figure 16-8 Signing the digest The two most common hash functions are: Message digest 5 (MD5) Secure hash algorithm (SHA-1) The properties of hash function One-way: the digest can only be created from the message, but not vice versa One-to-one: be very difficult to find two messages that create the same digest.

©Brooks/Cole, 2003 Figure 16-9 Sender site

©Brooks/Cole, 2003 Figure Receiver site

©Brooks/Cole, 2003 Key terms Authentication Authentication Cipher-text Cipher-text DES DES Decryption Decryption Digital signature Digital signature Encryption Encryption Non-repudiation Non-repudiation Permutation Permutation Plaintext Plaintext Private key Private key Public key Public key Public key encryption Public key encryption RSA encryption RSA encryption Secret key Secret key Security Security