Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Outline Encryption Algorithms Authentication Protocols

Published byAvis Thornton Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Outline Encryption Algorithms Authentication Protocols"— Presentation transcript:

1 Security Outline Encryption Algorithms Authentication Protocols
Message Integrity Protocols Key Distribution Firewalls

2 Overview Cryptography functions Security services
Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant Integrity: making sure message has not been altered

3 Secret Key DES (data encryption standard, last update 1999)
AES (advanced encryption standard, 2000) Both standardized by NIST (US national inst. of standards & technology), both considered secure, with AES permitting fast implementation and less memory and suitable for small mobile devices.

4 64-bit key (56-bits + 8-bit parity), 64-bit data block 16 rounds
Each Round L R i 1 i 1 F K i + L R i i Only known way to break the code is exhaustive search, 2^55*1.5 us = 1.5 kyr, 3K PC bring it down to 6 month 3DES: 3 64-bit keys; AES 128, 192, 256 bits keys

5 Repeat for larger messages (cipher block chaining, CBC)

6 Public Key (RSA) Encryption & Decryption encryption: c = me mod n
decryption: m = cd mod n e: encryption/public key d: decryption/private key m: plaintext message, c: cipher text

7 RSA (cont) Choose two large prime numbers p and q (each 256 bits)
Multiply p and q together to get n Choose the encryption key e, such that e and (p - 1) x (q - 1) are relatively prime. Two numbers are relatively prime if they have no common factor greater than one Compute decryption key d such that d x e= 1 mod ((p - 1) x (q - 1)) Construct public key as (e, n) Construct public key as (d, n) Discard (do not disclose) original primes p and q

8 RSA: Example Let p = 7 and q = 11 Choose e = 7
n = 7 x 11 = 77 Choose e = 7 relatively prime to (7 - 1) x (11 - 1) = 60 Select d = 43, which satisfies d x e= 1 mod ((p - 1) x (q - 1)) Let m = 9, then c = 9^7 mod 77 = 37 m = 37^43 mod 77 = 9 RSA is based on the premise that factoring large numbers is hard if n (public) can be factored to p and q, d is easy to compute 512-bit number factorable in the next few years, now 1024-bit or higher considered secure.

9 Message Digest Cryptographic checksum One-way function Relevance
just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message. One-way function given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum. Relevance if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

10 Message Digest MD4, MD5, SHA (secure hash algorithm)
Transform Initial digest (constant) Message (padded) Message digest 512 bits ■ ■ ■ MD5: 128-bit digest SHA-1: 160-bit digest

11 Implementaion and Performance
Software implementation numbers below represent those on state of art processors circa 2003 DES: 100 Mbps MD5: 600 Mbps RSA: 100 Kbps Hardware implementation DES, MD5 ~ Gbps RSA ~ Kbps RSA used for encrypt a key, DES for data encryption

12 Security Services A security system is composed of a collection of security services, which use cryptographic algorithms. Key Distribution Authentication Protocols Ascertain you (the corresponding partner) are who you claim to be Message Integrity Protocols Ascertain the message has not be altered by a third party

13 Key Distribution Issues: Types of keys
In secret key cipher, how does the two communicating parties obtain the shared key? In public key cipher, how does one know what public key belongs to a certain participant? Types of keys Session key: valid for one session only, using secret key cipher Pre-distribution key: used to generate session key, using public key cipher.

14 Public Key Distribution
Certificate (standardized in X.509) special type of digitally signed document: “I certify that the public key in this document belongs to the entity named in this document, signed X.” the name of the entity being certified can be: John Smith components: the public key of the entity the name of the certified authority a digital signature

15 Key Distribution (cont)
Certified Authority (CA) administrative entity that issues certificates useful only to someone that already holds the CA’s public key. Chain of Trust if X certifies that a certain public key belongs to Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z someone that wants to verify Z’s public key has to know X’s public key and follow the chain Certificate Revocation List (CRL) A user of a certificate will first check with CRL CRL do not keep certificates which have expired

16 Key Distribution (cont)

17 Authentication Protocols
Three-way handshake (secret key based, e.g., DES) A challenge and response model E(m, k): encryption of message m with key k D(m, k): decryption of message m with key k Assumption: client and server each know the other’s key x: random number CHK: client handshake key SHK: server handshake key SK: session key CHK, SHK used only for the authentification, can be generated from password (not suitable for key) SK used for data encryption after authentication, which is exposed more often, but useful for one secession only Client Server ClientId, E ( , CHK) E( y + E(SK, SHK) Y

18 Trusted third party (Kerberos)
uses an authentication server (S) to help two parties (A, B) to authenticate each other, also secret key based Assumption: S and A share a secret key KA, S, B, key KB T: time stamp, works as a R.N. L: life time, K: session key, validation period determined by T, L A can decrypt the 1st part of message from S, not the 2nd part, The 2nd part is passed to B, challenging B to respond T+1.

19 Public key authentication
( x , Public ) x: a R.N. No shared secret key required, only needs to know the other party’s public key

20 Message Integrity Protocols
Digital signature using RSA special case of a message integrity that also ascertains the message is generated by true sender compute signature with private key and verify with public key DSS standardized by NIST, using a variant of RSA

21 Message Integrity Protocols
Keyed MD5 MD only does not provide integrity, any one can produce a valid MD with an altered message; has to involve a secret privy to the sender. if the sender and receiver shares a secret key k, then sender: m + MD5(m + k), if not: sender: m + MD5(m + k) + E[E(k, rcv-pub), snd-prv] k: RN, the third part allows recovery of k by the receiver receiver recovers random key using the sender’s public key applies MD5 to the concatenation of this random key message

22 Message Integrity Protocols
MD5 with RSA signature sender: m + E(MD5(m), snd-prv) receiver decrypts signature with sender’s public key compares result with MD5 checksum sent with message

23 Example Security Systems
Can be grouped by the main protocol layer at which they operate L3: IP Security (IPSEC) L4: Transport Layer Security (TLS), Secure Socket Layer (SSL) Application: Pretty Good Privacy (PGP, ), Secure Shell (SSH, telnet)

24 Pretty Good Privacy (PGP)
Provide for encryption and authentication of s Authentication Mesh structured trust relationship Anyone can assign anyone else’s certificate, the more certificate signatures the more trust Encryption Sender selects a random secret key k, sends E[m, k] + E[k, receiver’s public key] Allow different cryptographic algorithms (specified in the header)

25 Secure Shell (SSH) Problem with telnet SSH v.2
password and messages are sent in the clear SSH v.2 Client connects to the server, the server provides its public key doubtful value for the key, alternative: out-of-band mechanism Client authenticates the server using public key algorithm, sets up a session key a encrypted channel is established Transmission of password and messages can start now The secure channel provided by SSH is often used by other applications, e.g. X-windows, IMAP mail readers, etc.

26 Transport Layer Security (TLS, SSL, HTTPS)
TLS (SSL, older version) provides A handshake protocol that authenticate and establishes a secure channel Through exchange of certificates, keys Hierarchical key distribution, root keys included in the browser. A “record” protocol for data transfer Handles encryption, message integrity, even compression Maintains persistent session state through session ID Avoid a security handshake for downloading each item (e.g. picture) HTTPS = TLS/(SSL, older) + HTTP assigned #port, 443.

27 Transport Layer Security

28 IP Security (IPSEC) A ambitious framework to provide all security services at the IP level Modular, allow users to select security algorithms, services, granularity (per connection btw. hosts, per trunk btw. routers) Two components Authentication header (AH) + Encapsulation Security Payload (ESP) implement authentication, encryption, etc Key management protocol (ISAKMP) A secure connection consists of two simplex security associations (SA), each identifiable by an IP address and a security parameters index (SPI)

29 Wireless Security (802.11i) Wi-Fi Protected Acess 2 (WPA2, i)

30 Firewalls A firewall is a router that enforces security policies
A centralized approach, in contrast to end-to-end approach such as IPSEC Filter-Based Solution Lists of 4-tuples to allow/disallow Example (prevent web traffic to ) ( , 1234, , 80 ) (*,*, , 80 ) Default: forward or not forward? Tradeoff between security and convenience Dynamic port selection: deals with the case that port number is determined by the application at run time

31 Proxy-Based Firewalls
Problem: complex policy Example: web server restrict certain web pages (URLs) to company users Solution: proxy determine whether to fetch the page depending on the user category Works at application layer (HTTP), can also cache web pages, balance load Limitations: attacks from within malicious users, visitors, WiFi access

32 Denial of Service Attacks on end hosts Attacks on routers SYN attack
more effective than data packets due to more processing/states incurred Attacks on routers Christmas tree packets Send packets with all IP options turned on, exhausting processing capability Pollute route cache Send serial sequence of IP packets, blowing away route cache and making router spend all its time build new forwarding table

33 Denial of Service Counter attack Distributed DoS attacks
Detect resource usage anomaly Account for resource usage Discover if some users/connections are consuming disproportionate amount of resource Restrict resource usage by misbehaving users/connecitons Distributed DoS attacks Makes distinguishing legitimate heavy load and DDOS hard

Download ppt "Security Outline Encryption Algorithms Authentication Protocols"

Similar presentations

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
CSE 30264 Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 23 – April 6, 2010.

CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 23 – April 6, 2010.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Similar presentations

Ads by Google