Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point

Published byEgbert Peters Modified over 6 years ago

Similar presentations

Presentation on theme: "CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point"— Presentation transcript:

1 CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point
31 July 2018 CS2911 Week 8, Class 1 Today Muddiest Point Questions on Videos Encryption Week 8, Lab period Quiz 4: Topics include TCP, SMTP, IMAP, POP 17q ,9-24 CS2911 Dr. Yoder Dr. Josiah Yoder

2 Packet Sniffer (e.g. Wireshark)
CS2911 31 July 2018 Packet Sniffer (e.g. Wireshark) Alice This is the problem we've been considering so far. This is a review of how we've solved it. Bob Trudy Dr. Josiah Yoder

3 How to achieve confidentiality? Approach 1: Symmetric keys
Alice wants to send confidential message, m, to Bob. KS KS( ) . KS(m ) KS( ) . m KS(m ) m Internet KS Bob Alice Problem: How to get Ks to Bob without Trudy intercepting? Trudy Alice: encrypts message with KS (for efficiency) sends KS(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. Bob: uses KS to decrypt KS(m) to recover m

4 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m KB(m) + KB( ) . - Bob Alice KB + m KB(m ) + KB - Trudy Bob: Send public key KB to Alice + Alice: encrypts message with Bob's public key KB sends KB(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. + +

5 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m KB(m) + KB( ) . - Bob Alice KB + m KB(m ) + KB - Trudy Bob (final step): Use private key KB to decrypt KB(m) (because KB(KB(m)) = m) - + - + Modified from the slides accompanying Kurose and Ross, 7th Ed. Problems: Inefficient for large messages and suffers from same problems as non-chained cipher-blocks

6 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Alice: generates random symmetric private key, KS encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key sends both KS(m) and KB(KS) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. +

7 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m Modified from the slides accompanying Kurose and Ross, 7th Ed. Since the symmetric key Ks is designed for cipher-block chaining, it works well on a large amount of data

8 Man-in-the-middle attack
CS2911 31 July 2018 Man-in-the-middle attack Alice Here comes Trudy again! Bob Trudy Dr. Josiah Yoder

9 Man-in-the-middle attack
Alice Bob Trudy

10 Trudy can edit ALL the packets
Not just application payload Even TCP headers Even IP headers Even DNS packets Even encrypted packets! Every packet Alice sends Every packet Bob sends CS2911 Dr. Yoder

11 Change what Alice sends
CS2911 31 July 2018 Trudy can… Alice and Bob want… See what Alice sends Change what Alice sends Repeat what Alice sends Reorder what Alice sends Pretend to be Alice Ask for Bob's password Try to get Bob's keys Take down Alice's server Confidentiality Data integrity Avoid replay attacks Session integrity (??) Authentication Avoid phishing attacks Avoid chosen-plaintext attack Avoid denial of service attacks Types of attacks / types of security Dr. Josiah Yoder

12 Example Man-in-the-middle attack
Bob Alice Trudy where is alice.com? at My credit card: Order complete!

13 OK, so Bob will probably be using encryption… that will slow Trudy down… … or will it?
CS2911 Dr. Yoder

14 Example Man-in-the-middle attack (1)
CS2911 31 July 2018 Example Man-in-the-middle attack (1) Bob Alice Trudy where is alice.com? What is Alice's public key? + KT Dr. Josiah Yoder

15 Example Man-in-the-middle attack (2)
CS2911 31 July 2018 Example Man-in-the-middle attack (2) Bob Alice Trudy Please share session key Please share session key - Looks good to me! KA(KS) - KT(KS) Thanks for the session key, Alice! Dr. Josiah Yoder

16 Example Man-in-the-middle attack (3)
CS2911 31 July 2018 Example Man-in-the-middle attack (3) Bob Alice Trudy KS(Are you Alice?) KS(Are you Alice?) KS(Yes I am!) Ks(Yes I am!) KS (GET /perfume.html HTTP/1.1) KS(GET /perfume.html HTTP/1.1) KS(Buy ) KS(Buy ) Dr. Josiah Yoder

17 Example Man-in-the-middle attack (4)
CS2911 31 July 2018 Example Man-in-the-middle attack (4) Bob Alice Trudy KS(Here's my credit card) KS(Here's my credit card) KS(order complete) KS(order complete) Thanks for the credit card info, Bob! Dr. Josiah Yoder

18 Our current focus: Authentication
How can Bob know it is really Alice that sent him a message? Alice needs to sign the message Public-key cryptography can be used for this CS2911 Dr. Yoder

19 RSA: an important property
CS2911 31 July 2018 RSA: an important property The following property will be very useful: K (K (m)) = m B - + K (K (m)) = use public key first, followed by private key use private key first, followed by public key result is the same! Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-19 Dr. Josiah Yoder

20 Why ? follows directly from modular arithmetic:
CS2911 31 July 2018 K (K (m)) = m B - + K (K (m)) = Why ? follows directly from modular arithmetic: (me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n = m (as shown in RSA video) Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-20 Dr. Josiah Yoder

21 Key point If I receive only Bob could have signed it, because only Bob has Bob's private key KB I can recover the message like this if m makes sense, it must be a message from Bob c = (K (m)) B - - m K (K (m)) B + - = ?

22 Caveat "Textbook" RSA as we discuss has several "easy" vulnerabilities, both for encryption and signing Real RSA does a variety of other things, such as adding special padding onto the message. As always, don't write your own algorithm for real data! CS2911 Dr. Yoder

23 Hashing A cryptographic hash is an irreversible hash function
If you know h = H(m), it's really hard to find another message m' so that h = H(m'), too (A simple sum does not work – see example in Lab 9 for an example of how easy this is to mess with) CS2911 Dr. Yoder

24 Authentication Alice wants to provide sender authentication & message integrity H( ) . KA( ) - + H(m ) KA(H(m)) m KA Internet compare Alice digitally signs message with her private key sends both message (in the clear) and digital signature Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-24

25 Confidentiality & Authentication
Alice wants to provide secrecy (confidentiality), sender authentication, & message integrity. H( ) . KA( ) - + KA(H(m)) m KA KS( ) KB( ) KB(KS ) KS KB Internet Alice uses three keys: her private key, Bob’s public key, newly created symmetric key Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-25

26 But how does Bob get Alice's public key?
KA + KA - KA + KA(H(m)) - H( ) . KA( ) . - KA(H(m)) - KA( ) . + H(m ) m - + compare Internet H( ) . m H(m ) m Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-26

27 How can Bob tell that KT really comes from Trudy?
+ How can Bob tell that KT really comes from Trudy? KA + KT + Alice Bob KA - KT - Trudy

28 Let's look at Bob's order again, this time using signing to protect the data
CS2911 Dr. Yoder

29 Example Man-in-the-middle attack (2)
CS2911 31 July 2018 Example Man-in-the-middle attack (2) Bob Alice Trudy where is alice.com? What is Alice's public key? + KT Dr. Josiah Yoder

30 Example Man-in-the-middle attack (3)
CS2911 31 July 2018 Example Man-in-the-middle attack (3) Bob Alice Trudy Are you Alice? Are you Alice? It must be from Alice! It's signed with her private key! - KT(Yes I am!) - KA(Yes I am!) GET /perfume.html HTTP/1.1 GET /perfume.html HTTP/1.1 - KA(Buy ) - KT(Buy ) Dr. Josiah Yoder

31 Example Man-in-the-middle attack (4)
CS2911 31 July 2018 Example Man-in-the-middle attack (4) Bob Alice Trudy + KT (Here's my credit card) + KA(Here's my credit card) - KA(order complete) - KT(order complete) Thanks for the credit card info, Bob! A real exchange would of course use a session key, too. I've left that out to simplify the discussion. Dr. Josiah Yoder

32 Let's look at Bob's order again, this time using signing to protect the data To make things more realistic, let's include a (shared symmetric) session key too. CS2911 Dr. Yoder

33 Example Man-in-the-middle attack (2)
CS2911 31 July 2018 Example Man-in-the-middle attack (2) Bob Alice Trudy where is alice.com? What is Alice's public key? + KT Dr. Josiah Yoder

34 Example Man-in-the-middle attack (2)
CS2911 31 July 2018 Example Man-in-the-middle attack (2) Bob Alice Trudy Please share session key Please share session key + Here's my public key: KB + Here's my public key: KT + Looks good to me! - KT(KA(KS)) + - KB(KT(KS) Thanks for the session key, Alice! Dr. Josiah Yoder

35 Example Man-in-the-middle attack (3)
CS2911 31 July 2018 Example Man-in-the-middle attack (3) Bob Alice Trudy KS(Are you Alice?) KS(Are you Alice?) KS(Yes I am!) Ks(Yes I am!) KS (GET /perfume.html HTTP/1.1) KS(GET /perfume.html HTTP/1.1) KS(Buy ) KS(Buy ) Dr. Josiah Yoder

36 Example Man-in-the-middle attack (4)
CS2911 31 July 2018 Example Man-in-the-middle attack (4) Bob Alice Trudy KS(Here's my credit card) KS(Here's my credit card) KS(order complete) KS(order complete) Thanks for the credit card info, Bob! Dr. Josiah Yoder

37 How can Bob tell that KT really comes from Trudy?
+ How can Bob tell that KT really comes from Trudy? KA + KT + Alice Bob KA - KT - Trudy

38 We need to sign the key, too!
CS2911 31 July 2018 We need to sign the key, too! Can sign key exactly same way Alice signed the message Suppose Carol sends Bob a signed message with Alice's public key saying it really is hers. Suppose Bob trusts Carol Suppose Bob already has Carol's public key Then Bob can trust that Alice's public key is real! CS2911 Dr. Yoder Dr. Josiah Yoder

39 We need to sign the key, too!
CS2911 31 July 2018 We need to sign the key, too! Suppose Carol sends Bob a signed message with Alice's public key saying it really is hers. Suppose Bob trusts Carol Suppose Dan sends Bob a signed message with Carols' public key saying it really is hers Suppose Bob trusts Dan Suppose Bob has Dan's public key already Then Bob can trust that Alice's public key is real! CS2911 Dr. Yoder Dr. Josiah Yoder

40 We need to sign the key, too!
CS2911 31 July 2018 We need to sign the key, too! Suppose Carol sends Bob a signed message with Alice's public key saying it really is hers. Suppose Bob trusts Carol Suppose Dan sends Bob a signed message with Carols' public key saying it really is hers Suppose Bob trusts Dan Suppose Esther sends Bob a signed message with Dan's public key saying it really is his Suppose Bob trusts Esther Suppose Bob already has Esther's public key Then Bob can trust that Alice's public key is real! Dr. Josiah Yoder

41 Bob still needs to have SOMEONE's public key to start with!
CS2911 31 July 2018 Bob still needs to have SOMEONE's public key to start with! This "someone" is called a root certificate authority (CA) Everyone else in the chain is a certificate authority (CA) The root CA's key is stored on Bob's computer by the manufacturer (or by Bob's institution) Dr. Josiah Yoder

42 Confirming a certificate chain
CS2911 31 July 2018 Confirming a certificate chain Suppose Bob goes to alice.com, a perfume outlet alice.com sends Bob Her key, signed by CA1 CA1's key, signed by CA2 CA2's key, signed by the root CA Bob checks that all keys are properly signed. Bob checks that the root CA is one he trusts Now Bob knows Alice's key is real. He will use it to start a secure exchange with Alice (Example from our textbook) Dr. Josiah Yoder

43 What if someone is able to actually steal Alice's private key?
She would like to "revoke" her key – tell everyone that it is no longer valid Certificate Revocation Lists (CRLs) are the classic way to do this. Each CA offers lists of all keys it has signed, but also revoked New ways are OCSP and OCSP stapling User goes back to CA to ask if certificate is valid Neither one is used 100%... compromised keys are still really bad

44 Big-picture review Public-private key and symmetric key together make for efficient way to confidentially exchange data Man-in-the middle attack makes key distribution difficult Public-key infrastructure and trusted root CA keys pre-installed make communication with new sites possible, even with man-in-middle attack Lots of trust on CA hierarchy!

45 CS2911 31 July 2018 Acknowledgement The content of this video is based in part on lecture slides from a very good textbook, and used with the author’s permission: Computer Networking: A Top-Down Approach, 7th edition, by Jim Kurose and Keith Ross Publisher: Pearson, 2017 Dr. Josiah Yoder

Download ppt "CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Network Security – Special Topic on Skype Security.

Network Security – Special Topic on Skype Security.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.

1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,

Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Secure HTTP (HTTPS) Pat Morin COMP 2405.

Secure HTTP (HTTPS) Pat Morin COMP 2405.
Network security Cryptographic Principles

Network security Cryptographic Principles
Key management issues in PGP

Key management issues in PGP

Similar presentations

Ads by Google