Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Key Algorithms Key Exchange Protocols SSL

Published byLora Welch Modified over 6 years ago

Similar presentations

Presentation on theme: "Private Key Algorithms Key Exchange Protocols SSL"— Presentation transcript:

1 Private Key Algorithms Key Exchange Protocols SSL
CPS 290 Computer Security Private Key Algorithms Key Exchange Protocols SSL CPS 290

2 Symmetric/Private Key Algorithms
Encryption Decryption Key1 Cyphertext C C = EKey1(M) M = DKey1(C) Original Plaintext M Plaintext M What granularity of the message does Ek encrypt?

3 Private Key Algorithms
Block Ciphers: blocks of bits at a time DES (Data Encryption Standard) Banks, linux passwords (almost), SSL, kerberos, … Blowfish (SSL as option) IDEA (used in PGP, SSL as option) Rijndael (AES) – the new standard Stream Ciphers: one bit (or a few bits) at a time RC4 (SSL as option) PKZip Sober, Leviathan, Panama, … CPS 290

4 Private Key: Block Ciphers
Encrypt one block at a time (e.g., 64 bits) ci = E(k,mi) mi = D(k,ci) Keys and blocks are often about the same size. Equal message blocks will encrypt to equal codeblocks Why is this a problem? Various ways to avoid this: E.g. ci = E(k,ci-1  mi) “Cipher block chaining” (CBC) Why could this still be a problem? Solution: attach random block to the front of the message CPS 290

5 Iterated Block Ciphers
m key Consists of n rounds R = the “round” function si = state after round i ki = the ith round key k1 R s1 k2 R s2 . . kn R c CPS 290

6 Iterated Block Ciphers: Decryption
m key Run the rounds in reverse. Requires that R has an inverse. k1 R-1 s1 k2 R-1 s2 . . kn R-1 c CPS 290

7 Feistel Networks Even if function F is not invertible, rounds can still be made invertible. Requires 2 rounds to mix all bits. high-order bits low-order bits R R-1 ki ki F F XOR XOR Forwards Backwards Used by DES (the Data Encryption Standard) CPS 290

8 Product Ciphers Each round has two components:
Substitution on smaller blocks Decorrelate input and output: “confusion” Permutation across the smaller blocks Mix the bits: “diffusion” Substitution-Permutation Product Cipher Avalanche Effect: 1 bit of input should affect all output bits, ideally evenly, and for all settings of other bits CPS 290

9 AES Selected by NIST as the new private-key encryption standard.
Based on an open “competition”. Competition started Sept Narrowed to 5 Sept. 1999 MARS by IBM, RC6 by RSA, Twofish by Counterplane, Serpent, and Rijndael Rijndael selected Oct Official Oct. 2001? (AES page on Rijndael) Designed by Rijmen and Daemen (Dutch) The competition of 5 included an RSA entry. CPS 290

10 Private Key Exchange Private Key method Trent Eka(k) Ekb(k)
Generates k Alice Bob Trusted third party Trent has already exchanged private keys ka and kb with Alice and Bob, respectively. Used by Kerberos. Public Key method Ek1(k) Alice Bob Generates k k1 = Bob’s public key Used by HTTPS/TLS/SSL CPS 290

11 Diffie-Hellman Key Exchange
A group (G,*) and a primitive element (generator) g is made public. Alice picks a, and sends ga to Bob Bob picks b and sends gb to Alice The shared key is gab Note this is easy for Alice or Bob to compute, but assuming discrete logs are hard is hard for anyone else to compute. Can someone see a problem with this protocol? CPS 290

12 Person-in-the-middle attack
Alice Bob Mallory ga gb gd gc Key1 = gad Key1 = gcb Mallory gets to listen to everything. CPS 290

13 Example of SSL (3.0) SSL (Secure Socket Layer) is the standard for the web (https). Protocol (somewhat simplified): Bob -> amazon.com B->A: client hello: protocol version, acceptable CipherSuites A->B: server hello: CipherSuite, session ID, |amazon.com|verisign B->A: key exchange, {masterkey}amazon’s public key A->B: server finish: ([amazon,prev-messages,masterkey])key1 B->A: client finish: ([bob,prev-messages,masterkey])key2 A->B: server message: (message1,[message1])key1 B->A: client message: (message2,[message2])key2 |h|issuer = Certificate = Issuer, <h,h’s public key, time stamp>issuer’s private key <…>private key = Digital signature {…}public key = Public-key encryption [..] = Secure Hash (…)key = Private-key encryption key1 and key2 are derived from random masterkey and session ID hand- shake data CPS 290

14 Server Name Issue The client expects the server to send a certificate matching the domain of the requested Web site. But the client doesn’t tell the server which Web site it is requesting -- not a problem if server hosts only one site. For servers hosting multiple secure Web sites, the “solution” is to assign multiple IP addresses to the network interface, one for each certificate. Akamai uses approximately 13M IPv4 addresses for this purpose. Better solution: “server name” extension in successor to SSL, TLS CPS 290

15 TLS Client Hello – TLS Version 1.0 (SSL 3.1)
CPS 290

16 TLS Client Hello Message – Cipher Suite
CPS 290

17 TLS Client Hello – Server Name Extension
CPS 290

18 TLS Server Hello -- Cypher
CPS 290

19 TLS Server Hello – Certificate
CPS 290

Download ppt "Private Key Algorithms Key Exchange Protocols SSL"

Similar presentations

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
296.3:Algorithms in the Real World

296.3:Algorithms in the Real World
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)
Private Key Algorithms RSA SSL

Private Key Algorithms RSA SSL
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.

David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.

15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.

Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.
Cryptography Page Page 2 Cryptography Outline Introduction: terminology, cryptanalysis, security Primitives: one-way functions, trapdoors, …

Cryptography Page Page 2 Cryptography Outline Introduction: terminology, cryptanalysis, security Primitives: one-way functions, trapdoors, …
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Introduction to Cryptography

Introduction to Cryptography

Similar presentations

Ads by Google