A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Slides:

Advertisements

Similar presentations

Web security: SSL and TLS

Advertisements

A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.

Lecture 6: Web security: SSL

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Transport Layer Security (TLS) Bill Burr November 2, 2001.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

A Survey of WAP Security Architecture Neil Daswani

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

Pseudorandom Bit Generation Artur Gadomski Piero Giammarino Henrik Goldman Massimo Giulio Caterino.

Quantum Cryptography Marshall Roth March 9, 2007.

IEEE Wireless Local Area Networks (WLAN’s).

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings.

Secure Socket Layer (SSL)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

April 12, 2006 Berk Akinci 1 Quantum Cryptography Berk Akinci.

Quantum Cryptography Beyond the buzz Grégoire Ribordy CERN, May 3rd 2006.

SECURITY Chapter 7.3 – 7.5 Presentation by Deepthi Reddy.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

C HAPTER 15 MACs and Signatures Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and.

Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.

A. Steffen, , 0-Overview.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

IIS 2004, CroatiaSeptember 22, 2004 Quantum Cryptography and Security of Information Systems 1 2

Chapter 7 Confidentiality Using Symmetric Encryption.

Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Key Wrap Algorithm.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Secure Sockets Layer (SSL)

CSCE 715: Network Systems Security

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

CSE 4095 Transport Layer Security TLS

Security at the Transport Layer: SSL and TLS

Security at the Transport Layer

Presentation transcript:

A. Steffen, , 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 2 Physical Layer Security

A. Steffen, , 02-PhysicalLayer.pptx 2 Security Protocols for the OSI Stack Application layerPlatform Security, Web Application Security, VoIP Security, SW Security Transport layerTLSNetwork layerIPsecData Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE i (WPA2) Physical layerQuantum CryptographyCommunication layersSecurity protocols

A. Steffen, , 02-PhysicalLayer.pptx 3 Layer 1 Security – Frequency Hopping f1f1 f2f2 f4f4 f5f5 f6f6 f7f7 f3f3 f8f8 f Counter measures: e.g. n parallel receivers t f8f8 f1f1 f2f2 tt f4f4 f1f1 f3f3 f2f2 f7f7 f5f5 f7f7 f6f6 f3f3 Standardized (public) or secret (military) hopping sequence Frequency band divided into n hopping channels

A. Steffen, , 02-PhysicalLayer.pptx 4 Information Security 2 (InfSi2) 2.1 Quantum Cryptography

A. Steffen, , 02-PhysicalLayer.pptx 5 Quantum Cryptography using Entangled Photons Nicolas Gisin et al. University of Geneva Compact source emitting entangled photon pairs Quantum correlation over more than 10 km Founding of ID Quantique

A. Steffen, , 02-PhysicalLayer.pptx 6 4. Quantum Key Distribution using Entangled Photons Photon Source 1. Alice Bob Eve (eavesdropping) - - E91 protocol: Arthur Ekert, 1991

A. Steffen, , 02-PhysicalLayer.pptx 7 Quantum Key Distribution using the BB84 Protocol Polarization Modulated Photon Source Alice Bob BB84 protocol: Charles Bennett & Gilles Brassard, Eve (eavesdropping)

A. Steffen, , 02-PhysicalLayer.pptx 8 Decoy States against Multi-Photon Splitting Attacks Single photon lasers are nearly impossible to build. The natural Poisson distribution of practical laser sources causes multi-photon pulses to occur which can be split by Eve. In order to compensate for the stolen photons, Eve might inject additional photons. As a counter measure Alice randomly inserts a certain percentage of decoy states transmitted at a different power level. Later Alice reveals to Bob which pulses contained decoy states. If Eve was eavesdropping, the yield and bit error rate statistics for the signal and decoy states are modified which can be detected by Alice and Bob. The use of decoy states extends the rate of secure key exchange to over 140 km.

A. Steffen, , 02-PhysicalLayer.pptx 9 Photon Yield versus Power Level Power Level 0.80 photons/pulse 0.12 photons/pulse 449 pulses 360 pulses 144 pulses 38 pulses 8 pulses 887 pulses 106 pulses 7 pulses 0 pulses 0 photons/pulse 1 photon /pulse 2 photons/pulse 3 photons/pulse 4 photons/pulse Signal statesDecoy states Poisson distribution of the number of photons in a pulse, measured over 1000 pulses: 1 pulse0 pulses5 photons/pulse 551 of 1000 pulses113 of 1000 pulsesYield

A. Steffen, , 02-PhysicalLayer.pptx 10 Photon Yield versus Transmission Distance Attenuation in a monomode fiber with =1550nm: 0.2 dB/km 50 km:10dB  1 out 10 photons survive 100 km: 20dB  1 out of 100 photons survive 150 km: 30dB  1 out of 1000 photons survive

A. Steffen, , 02-PhysicalLayer.pptx 11 Photon Yield in 50 km (10 dB Attenuation) Power Level 0.80 photons/pulse 0.12 photons/pulse 0 pulses 36 pulses 28 pulses 10 pulses 3 pulses 0 pulses 10 pulses 2 pulses 0 pulses 77 of 1000 pulses12 of 1000 pulses 0 photons/pulse 1 photon /pulse 2 photons/pulse 3 photons/pulse 4 photons/pulse Signal statesDecoy states Yield Received pulses containing at least one photon, measured over 1000 pulses: 0 pulses 5 photons/pulse

A. Steffen, , 02-PhysicalLayer.pptx 12 Layer 2 Encryption with Quantum Key Distribution 10 Gbit/s Ethernet Encryption with AES-256 in Counter Mode QKD: RR84 and SARG protocols, up to 50 km (100 km on request) Key Management: 1 key/minute up to 12 encryptors

A. Steffen, , 02-PhysicalLayer.pptx 13 Cerberis QKD Server and Centauris Encryptors

A. Steffen, , 02-PhysicalLayer.pptx 14 Information Security 2 (InfSi2) 2.2 Key Material and Random Numbers

A. Steffen, , 02-PhysicalLayer.pptx 15 Cryptographical Building Blocks Block Ciphers Stream Ciphers Symmetric Key Cryptography AuthenticationPrivacy Encryption Hash Functions Challenge Response IVs MACs MICs Message Digests Nonces Pseudo Random Random Sources Secret Keys Smart Cards DH RSA Public Key Cryptography Elliptic Curves Digital Signatures Data Integrity Secure Network Protocols Non- Repudiation

A. Steffen, , 02-PhysicalLayer.pptx 16 HMAC Function (RFC 2104) Document Key Inner Key 64 bytes MD5 / SHA-1 Hash Function Hash MD5 / SHA-1 Hash Function 0x36..0x36 XOR Outer Key 64 bytes 0x5C..0x5C XOR Pad 64 bytes MAC 16/20 bytes

A. Steffen, , 02-PhysicalLayer.pptx 17 TLS Handshake Protocol Server Server Hello RSRS RSRS ServerHelloDone Client Client Hello RCRC RCRC Application Data° Certificate* ClientKeyExchange CertificateVerify* *optional ServerKeyExchange* Certificate* CertificateRequest* *optional Finished° ChangeCipherSpec Finished° ChangeCipherSpec °encrypted

A. Steffen, , 02-PhysicalLayer.pptx 18 Secret Key Stream Seed key stream = PRF_MD5(secret, seed) Pseudo Random Function (PRF) A(3) S HMAC-MD S Seed S Seed S Seed HMAC-MD5 A(2) S HMAC-MD5 A(2) 16 bytes A(1) 16 bytes HMAC-MD5 Seed

A. Steffen, , 02-PhysicalLayer.pptx 19 Computing the TLS 1.1 Master Secret Master Secret "master secret" 48 bytesPRF_MD5 60 bytesPRF_SHA-1 S1 S2 Pre-Master Secret RCRC RSRS labelseed labelseed key stream = TLS_PRF(secret, label, seed) TLS_PRF 48 bytes

A. Steffen, , 02-PhysicalLayer.pptx 20 Generating TLS 1.1 Key Material Key Material "key expansion"  n bytes PRF_MD5  n bytes PRF_SHA-1 S1 S2 Master Secret RSRS RCRC labelseed labelseed key stream = TLS_PRF(secret, label, seed) TLS_PRF n bytes

A. Steffen, , 02-PhysicalLayer.pptx 21 Generating True Random Numbers (RFC 1750) The security of modern cryptographic protocols relies heavily on the availability of true random key material and nonces. On standard computer platforms it is not a trivial task to collect true random material in sufficient quantities: Key Stroke Timing Mouse Movements Sampled Sound Card Input Noise Air Turbulence in Disk Drives RAID Disk Array Controllers Network Packet Arrival Times Computer Clocks Best Strategy: Combining various random sources with a strong mixing function (e.g. MD5 or SHA-1 hash) into an entropy pool (e.g. Unix /dev/random) protects against single device failures.

A. Steffen, , 02-PhysicalLayer.pptx 22 Hardware-based True Random Generators Quantum Sources or Radioactive Decay Sources Reliable, high entropy sources, but often bulky and expensive. Thermal Noise Sources Noisy diodes or resistors are cheap and compact but level detection usually introduces considerable skew that must be corrected. Free Running or Metastable Oscillators The frequency variation of a free running oscillator is a good entropy source if designed and measured properly. Used e.g in smart card crypto co-processors. The Intel Ivy Bridge processor family implements an on-chip metastable digital oscillator. Lava Lamps Periodic digital snapshots of a lava lamp exhibit a lot of randomness.

A. Steffen, , 02-PhysicalLayer.pptx 23 The Intel RDRAND Instruction Available with Intel Ivy Bridge Processors (XEON & Core i7) The RDRAND instruction reads a 16, 32 or 64 bit random value Throughput 500+ MB/s random data with 8 concurrent threads The random number generator is compliant with NIST SP800-90, FIPS 140-2, and ANSI X9.82

A. Steffen, , 02-PhysicalLayer.pptx 24 Quantum Random Number Generator Detection of single photons via a semi-transparent mirror High throughput: 4 – 16 Mbit/s Low cost (990…2230 EUR)

A. Steffen, , 02-PhysicalLayer.pptx 25 Skew Corrections and Tests for Randomness Simple Skew Correction (John von Neumann) p(1) = 0.5+e, p(0) = 0.5-e, -0.5 < e < 0.5 Example with e = 0.20, i.e. p(1) = 0.7, p(0) = 0.3 Strong Mixing using Hash functions Hashing improves statistical properties but does not increase entropy. Statistical Tests for Randomness A number of statistical tests are defined in FIPS PUB "Security Requirements for Cryptographic Modules" : Monobit Test, Poker Test, Runs Test, etc. Entropy Measurements The entropy of a random or pseudo-random binary sequence can be measured using Ueli Maurer's "Universal Statistical Test for Random Bit Generators"