1. ECE/CS 372 – introduction to computer networks Lecture 16
Announcements:
Lab 4 due now
Assign 5 is due this Thursday
Final exam in LPSC 125 (not here)
Credit for lecture slides to Professor Bechir Hamdaoui
Adapted from Jim Kurose & Keith Ross (original copyright)
Chapter 8, slide:

2. Chapter 8: Network Security
Goals:
understand principles of network security:
cryptography and its many uses beyond “confidentiality”
authentication
message integrity
Example: securing
Chapter 8, slide:

3. Bob, Alice want to communicate “securely”
Trudy is an enemy (intruder): “bad” guy
Q: what should Bob & Alice be concerned about?
eavesdrop: messages are intercepted
change: messages are modified
impersonation: entire communication is hijacked by replacing sender or receiver by himself
denial of service: prevent services (e.g., by overloading resources)
confidentiality
integrity
authentication
availability
sender
receiver
Messages
data
Alice
Bob
Trudy
Chapter 8, slide:

4. Who might Bob, Alice be? … well, real-life Bobs and Alices!
Web browser/server for electronic transactions (e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
Chapter 8, slide:

5. What is network security?
Goals of network security:
Confidentiality: only sender, intended receiver should “understand” message contents
sender encrypts message
receiver decrypts message
Authentication: sender, receiver want to confirm identity of each other
Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Availability: services must be accessible and available to users
Chapter 8, slide:

6. Chapter 8 roadmap Principles of cryptography Message integrity
Securing
Chapter 8, slide:

7. Cryptography
Cryptography allows a sender to disguise a message so that an intruder can’t gain information from it
“confidentiality”
plaintext
ciphertext K A
encryption
algorithm
decryption
Alice’s
key
Bob’s B
All terms marked in red are crypto terminology
Chapter 8, slide:

8. Types of cryptography symmetric key
- both sender and receiver use identical key
e.g., sender A encrypts with the key
receiver B decrypts with same key
public/private keys
- two keys (public and private) are to be used
e.g., sender A encrypts with B’s public key
receiver B decrypts with its Private key
Chapter 8, slide:

9. Symmetric key cryptography
A-B K
A-B
encryption
algorithm
plaintext
message, m
ciphertext
decryption
algorithm
plaintext
K (m)
K (m)
A-B
m = K ( )
A-B
symmetric key crypto: Bob and Alice share/know same (symmetric) key: K
Q: how do Bob and Alice agree on key value?
A-B
Chapter 8, slide:

10. Symmetric key cryptography
monoalphabetic cipher: substituting one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: what is the encryption & decryption key?:
A: the mapping
Q: How hard to break this simple cipher?:
A: brute force (how hard?) how many possibilities? 26!
Chapter 8, slide:

11. Symmetric key cryptography
polyalphabetic cipher: multiple monoalphabetic ciphers
Eg.: C1, C2, C2, C3 (with 3 monoalphabetic cipher keys)
First letter, apply C1
Second letter, apply C2
Third letter, apply C2
Fourth letter, apply C3
Then, repeat
Harder to break! By avoiding patterns, same letter may appear in different positions
Key is “C1, C2, C2, C3”
Chapter 8, slide:

12. Symmetric key cryptography
block cipher: msg is encrypted in blocks of k bits (independently)
Each k-bit block is encrypted/mapped
Possible mappings: 2k!
Hard to break
Problem
Hard to implement, with k=64, sender and receiver need to store a mapping table of 264 entries !! Huge!!
Solution
Use of functions: break blocks into smaller chunks
Chapter 8, slide:

13. Block Cipher one pass through: one input bit affects eight output bits
64-bit input
8bits
8bits
8bits
8bits
8bits
8bits
8bits
8bits
loop for n rounds T1 T2 T3 T4 T5 T6 T7 T8
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
one pass through: one input bit affects eight output bits
64-bit scrambler
64-bit output
multiple passes: each input bit affects all output bits
Chapter 8, slide:

14. Cipher Block Chaining + Problem w/ Cipher Block …
if input block is repeated, it produces
same cipher text:
m(1) = “HTTP/1.1”
c(1) = “k329aM02”
t=1
block
cipher …
m(17) = “HTTP/1.1”
c(17) = “k329aM02”
t=17
block
cipher
cipher block chaining: XOR ith input block, m(i), with previous block of cipher text, c(i-1)
c(0) transmitted to receiver in clear
what happens in “HTTP/1.1” scenario from above? +
m(i)
c(i)
block
cipher
c(i-1)
Chapter 8, slide:

15. Public key cryptography
symmetric key crypto
requires sender, receiver know shared secret key
Q: how to agree on key in first place (particularly if never “met”)?
public key cryptography
radically different approach
Two keys
Public key: encryp. key known to all
Private key: decryp. key known only to receiver
Sender uses public key only to encryp
Reciever uses both keys to decryp.
Chapter 8, slide:

16. Public key cryptography+
Bob’s public
key K B -
Bob’s private
key K B
plaintext
message, m
encryption
algorithm
ciphertext
decryption
algorithm
plaintext
message
K (m) B +
m = K (K (m)) B + -
Note: only Bob is able to understand (decrypt) message m. Because only Bob has Bob’s private key
This assures “confidentiality”
Chapter 8, slide:

17. Public key encryption algorithms
Requirements: . . + - 1
need K ( ) and K ( ) such that B B
K (K (m)) = m B - + + 2
given public key K , it should be impossible to compute private key K B - B
RSA: Rivest, Shamir, Adleman algorithm
Chapter 8, slide:

18. RSA: Choosing keys 1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d). K B + K B -
Chapter 8, slide:

19. RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
c = m mod n e
(i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
m = c mod n d d
(i.e., remainder when c is divided by n)
Magic
happens!
m = (m mod n) e
mod n d c
Chapter 8, slide:

20. Bob chooses p=5, q=7. Then n=35, z=24.
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z). e
c = m mod n e
letter m m
encrypt: l 12 17 c d
m = c mod n d c
letter
decrypt: 17 12 l
Chapter 8, slide:

21. Another RSA example: Bob chooses p=5, q=11.
Question: Find (n,e) and (n,d)
One answer: 1) n=55; z = 40; 2) e=27; 3) d=3 (ed – 1 = 80 is divisible by 40)
4) public key: (n,e) = (55,27) ; private key: (n,d) = (55,3)
Step 1: Compute n = pq, z = (p-1)(q-1)
Step 2: Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
Step 3: Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
Step 4: Public key is (n,e). Private key is (n,d). K B + K B -
Chapter 8, slide:

22. RSA: another important property
The following property will be very useful later:
K (K (m)) = m B - +
K (K (m)) =
use public key first, followed by private key
use private key first, followed by public key
Result is the same!
Chapter 8, slide:

23. Chapter 8 roadmap Principles of cryptography Message integrity
Securing
Chapter 8, slide:

24. Message Integrity/Authentication
Bob receives msg from Alice, wants to ensure:
Authentication: message originally came from Alice
Integrity: message not changed since sent by Alice
Cryptographic Hashing:
What:
take input m, produce fixed length value, H(m)
e.g., as in Internet checksum
Properties of H:
given m = H(x), (x unknown), it is computationally infeasible to determine x.
difficult to find x  y such that H(x) = H(y)
note: Internet checksum fails this requirement!
Examples
widely used hash functions: MD5, SHA
Chapter 8, slide:

25. MAC: Message Authentication Code
(shared secret) s m
H(m+s)
H(.)
compare
(message)
public
Internet
append m
H(m+s) m
H(.)
H(m+s) s
(shared secret)
Any problem ??
Secret key distribution ??
So we can’t really authenticate via MAC alone
Does MAC solve
Integrity ?? How ??
Authentication ?? How ??
via Hashing
via secret key
Chapter 8, slide:

26. Digital Signatures via Public Key Crypto
simple digital signature for message m:
Bob “signs” m by encrypting with his private key KB, creating “signed” message, KB(m) - -
Dear Alice
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Bob’s message, m
public key
encryption
algorithm
Bob’s private
key K B -
Bob’s message, m, signed (encrypted) with his private key
(m)
Chapter 8, slide:

27. MAC via private/public keys
Alice’s public key K A + m
K (m) A -
compare
(message)
K (m) A -
K (m) A - m
public
Internet m
append m m m
K (m) A - K A -
Alice’s private key
Note: only Alice would have had her private key
This assures “authentication”
Chapter 8, slide:

28. Digital Signatures via Public Key Crypto (more)
Problem
Signing data by encryption and decryption is computationally expensive
Imagine encrypting (signing) huge files of data !!!
Solution
Sign hashed output of original msg (sign H(m) only)
Recall hash algorithms turn large msgs into small, fixed length msg
… signed MAC is the solution -
Chapter 8, slide:

29. Digital signature = signed MAC = authentication + integrity
Alice verifies signature and integrity of digitally signed message:
Bob sends digitally signed message:
large
message m
H: hash
function
KB(H(m)) -
encrypted
msg digest
H(m)
digital
signature
(encrypt)
Bob’s
private
key
large
message m K B -
Bob’s
public
key
digital
signature
(decrypt) K B +
KB(H(m)) -
encrypted
msg digest
H: hash
function +
H(m)
H(m)
equal ?
Chapter 8, slide:

30. Public Key Certification
Problem with public key:
When Alice obtains Bob’s public key (from web site, , diskette), how does she know it is Bob’s public key, not Trudy’s?
solution:
trusted certification authority (CA)
Chapter 8, slide:

31. Certification Authorities
Certification Authority (CA): binds public key to particular entity, E.
E registers its public key with CA.
E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA: CA says “This is E’s public key.” - K CA
(K ) B +
digital
signature
(encrypt) K B +
Bob’s
public
key K B + CA
private
key
certificate for Bob’s public key, signed by CA -
Bob’s
identifying information K CA
Chapter 8, slide:

32. Certification Authorities
when Alice wants Bob’s public key:
gets Bob’s certificate
apply CA’s public key to Bob’s certificate, get Bob’s public key K B + - K CA
(K ) B +
digital
signature
(decrypt)
Bob’s
public
key K B + CA
public
key + K CA
Chapter 8, slide:

33. Get Bob’s public key from CA
CA’s public key K CA + K B + K B +
(Bob’s public key)
compare - K B + - K CA
(K ) B + K CA
(K ) B + K B +
append
public
Internet K B + K B + - K CA
(K ) B + K CA -
CA’s private key
Alice just got Bob’s public key (authenticated key)
Of course, here we assume that you have CA’s public key !!! Need to get it physically !!!
Chapter 8, slide:

34. Chapter 8: Recap So far: Cryptography & confidentiality
Note: Sender applies
receiver’s public key
its private key
So far:
Cryptography & confidentiality
Symmetric key
Public key: A wants to send msg m to B. What does A send?
A sends KB+(m); hence, ONLY B understands m by applying KB-(KB+(m))
=> confidentiality
Authentication & integrity
MAC (Msg Authen. Code):
requires symmetric key
Signed MAC: A -> B
A sends (m,KA-(m)) to B,
Hence, All get m by applying KA+(KA-(m));
Comparison => authen. + integrity, but NOT confidentiality
Chapter 8, slide:

35. Chapter 8 roadmap Principles of cryptography Message integrity
Securing
Chapter 8, slide:

36. Secure e-mail (confidentiality)
Alice wants to send confidential , m, to Bob.
KS( ) .
KB( ) + -
KS(m )
KB(KS ) m KS KB
Internet A B
Alice:
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
Bob:
uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
Note that to provide confidentiality, sender encrypts with
receiver’s public key (ONLY receiver should see msg)
Chapter 8, slide:

37. Secure e-mail (authen. + integrity)
Alice wants to provide sender authentication/integrity.
H( ) .
KA( ) - +
H(m )
KA(H(m)) m KA
Internet
compare A B
Alice digitally signs message.
sends both message (in the clear) and digital signature.
Again note that to provide authenticate/integrity,
sender encrypts with its private (all can understand msg)
Chapter 8, slide:

38. Secure e-mail (all: confid. + auth. + integrity)
Alice wants to provide secrecy, sender authentication, message integrity.
H( ) .
KA( ) - +
KA(H(m)) m KA
KS( )
KB( )
KB(KS ) KS KB
Internet A
Alice uses three keys: her private key, Bob’s public key, newly created symmetric key
Chapter 8, slide:

39. The end of new material! Final Review on Thursday!
Chapter 8, slide: