Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping

Published byRudolph Kelley Modified over 5 years ago

Similar presentations

Presentation on theme: "CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping"— Presentation transcript:

1 CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping
14 January 2019 CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping Man-in-the-middle attacks Signing messages Certificates 17q ,9-24 19q1 8, 10-13,15-20,22,25-36 CS2911 Dr. Yoder Dr. Josiah Yoder

2 Packet Sniffer (e.g. Wireshark)
CS2911 14 January 2019 Packet Sniffer (e.g. Wireshark) Alice This is the problem we've been considering so far. This is a review of how we've solved it. Bob Trudy Dr. Josiah Yoder

3 How to achieve confidentiality? Approach 1: Symmetric keys
Alice wants to send confidential message, m, to Bob. KS KS( ) . KS(m ) KS( ) . m KS(m ) m Internet KS Bob Alice Problem: How to get Ks to Bob without Trudy intercepting? Trudy Alice: encrypts message with KS (for efficiency) sends KS(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. Bob: uses KS to decrypt KS(m) to recover m

4 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m C=KB(m) + KB( ) . - Bob Alice KB + C m KB - Trudy Bob: Send public key KB to Alice + Alice: encrypts message with Bob's public key KB sends C=KB(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. + +

5 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m C=KB(m) + KB( ) . - Bob Alice KB + C m KB - Trudy Inefficient because AES is faster. If message Bob (final step): Use private key KB to decrypt C=KB(m) (because KB(KB(m)) = m) - + - + Modified from the slides accompanying Kurose and Ross, 7th Ed. Problems: Inefficient for large messages and suffers from same problems as non-chained cipher-blocks

6 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Alice: generates random symmetric private key, KS encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key sends both KS(m) and KB(KS) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. +

7 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m Modified from the slides accompanying Kurose and Ross, 7th Ed. Since the symmetric key Ks is designed for cipher-block chaining, it works well on a large amount of data

8 CS2911 Week 9, Class 2 Today Man-in-the-middle attacks
14 January 2019 CS2911 Week 9, Class 2 Today Man-in-the-middle attacks Signing messages Certificates 17q ,9-24 CS2911 Dr. Yoder Dr. Josiah Yoder

9 Man-in-the-middle attack
CS2911 14 January 2019 Man-in-the-middle attack Alice Here comes Trudy again! Bob Trudy Dr. Josiah Yoder

10 Man-in-the-middle attack
Alice Bob Trudy

11 Trudy can edit ALL the packets
Not just application payload Even TCP headers Even IP headers Even DNS packets Even encrypted packets! Every packet Alice sends Every packet Bob sends CS2911 Dr. Yoder

12 Change what Alice sends
CS2911 14 January 2019 Trudy can… Alice and Bob want… See what Alice sends Change what Alice sends Repeat what Alice sends Reorder what Alice sends Pretend to be Alice Ask for Bob's password Confidentiality Data integrity Avoid replay attacks Session integrity (??) Authentication Avoid phishing attacks Types of attacks / types of security Try to get Bob's keys - Avoid chosen-plaintext attack Take down Alice's server - Avoid denial of service attacks Dr. Josiah Yoder

13 Example Man-in-the-middle attack
CS2911 14 January 2019 Example Man-in-the-middle attack Bob Alice Trudy where is alice.com? at My credit card: Order complete! Dr. Josiah Yoder

14 OK, so Bob will probably be using encryption… that will slow Trudy down… … or will it?
CS2911 Dr. Yoder

15 Example Man-in-the-middle attack (1)
CS2911 14 January 2019 Example Man-in-the-middle attack (1) Bob Alice Trudy Please share your public key Please share your public key + Looks good to me! KA + KT This time Trudy really does give Bob Alice’s IP address. Dr. Josiah Yoder

16 Example Man-in-the-middle attack (2)
CS2911 14 January 2019 Example Man-in-the-middle attack (2) Bob Alice Trudy Here is the session key, just for you, Alice! KT (KS) Here is the session key, just for you, Alice! KA (KS) + + This time Trudy really does give Bob Alice’s IP address. Dr. Josiah Yoder

17 Example Man-in-the-middle attack (3)
CS2911 14 January 2019 Example Man-in-the-middle attack (3) Bob Alice Trudy KS (Are you Alice?) KS (Are you Alice?) KS (Yes I am!) KS (Yes I am!) KS (GET /perfume.html HTTP/1.1) KS (GET /perfume.html HTTP/1.1) KS (Buy ) KS (Buy ) Dr. Josiah Yoder

18 Example Man-in-the-middle attack (4)
CS2911 14 January 2019 Example Man-in-the-middle attack (4) Bob Alice Trudy KS (Credit card #: ) KS (Credit card #: ) KS (order complete) KS (order complete) Thanks for the credit card info, Bob! Dr. Josiah Yoder

19 CS2911 14 January 2019 When Bob lost authentication, he lost data integrity and confidentiality as well. (even though he was using encryption!) CS2911 Dr. Yoder Dr. Josiah Yoder

20 CS2911 14 January 2019 Authentication How can Bob know it is really Alice that sent him a message? Alice needs to sign the message Public-key cryptography can be used for this CS2911 Dr. Yoder Dr. Josiah Yoder

21 RSA: an important property
CS2911 14 January 2019 RSA: an important property The following property will be very useful: K (K (m)) = m B - + K (K (m)) = use public key first, followed by private key use private key first, followed by public key result is the same! Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-21 Dr. Josiah Yoder

22 Why ? follows directly from modular arithmetic:
CS2911 14 January 2019 K (K (m)) = m B - + K (K (m)) = Why ? follows directly from modular arithmetic: (me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n = m (as shown in RSA video) Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-22 Dr. Josiah Yoder

23 Key point Forging a certificate
CS2911 14 January 2019 Key point Forging a certificate is just as hard as decrypting a message Both require the private key! (Which only Bob has) cert = K (m) B - m = K (cipher) B - CS2911 Dr. Yoder Dr. Josiah Yoder

24 Anyone can check a certificate
CS2911 14 January 2019 Anyone can check a certificate Usually, the unencrypted message is included: I can check the certificate by checking that: Usually a cryptographic hash is signed instead of the entire message. (m, K (m)) B - Another way to think about it: Going from m -> cert is like going from ciphertext -> m. You have to apply the inverse of the public key to do it. m K (K (m)) B + - = ? Dr. Josiah Yoder

25 CS2911 14 January 2019 Suppose, for a moment, that Bob and Alice have each other’s public keys already… and they know they didn’t come from Trudy! Now we have a technique for signing messages. How can this be used to protect communications? We will again start with a weak assumption: That both parties already have each other’s public keys. CS2911 Dr. Yoder Dr. Josiah Yoder

26 Signing a message Bob Alice Trudy + - + - + + KA KB KB KA KA KB
CS2911 14 January 2019 Signing a message Bob Alice Trudy + - + - + + KA KB KB KA KA KB Here is the session key, It’s really from me, Alice! KB (KS) Here is the session key, It’s really from me, Alice! KB (KS) - - Can Trudy create the message KB-(KS)? However, Trudy can do something! What? Dr. Josiah Yoder

27 Signing and encrypting a message
CS2911 14 January 2019 Signing and encrypting a message Bob Alice Trudy + + - + - + KA KB KB KA KA KB Here is the session key, It’s really from me, Alice! KA( KB (KS)) Here is the session key, It’s really from me, Alice! KA( KB (KS)) + - + - Can Trudy create the message KA+(KB-(KS))? Can Trudy recover the primary key? Have we achieved authentication? Have we achieved data integrity? Have we achieved confidentiality? Dr. Josiah Yoder

28 How can Alice get her key to Bob without Trudy changing it?
KA + KT + Alice Bob KA - KT - Trudy

29 Public Key Certificate
CS2911 14 January 2019 Public Key Certificate Carol KC (KA) + - KC + KA + Bob Alice KC (KA) + - KT + Suppose Alice sends Bob a message signed by Carol with Alice's public key saying it really is hers. Suppose Bob trusts Carol Suppose Bob already has Carol's public key Then Bob can trust that Alice's public key is real! Trudy 29 Dr. Josiah Yoder

30 Public Key Certificate
CS2911 14 January 2019 Public Key Certificate Carol KC (KA) + - KC + KA + Bob Alice KC (KA) + - KC (KA) + - Suppose Alice sends Bob a message signed by Carol with Alice's public key saying it really is hers. Suppose Bob trusts Carol Suppose Bob already has Carol's public key Then Bob can trust that Alice's public key is real! Trudy 30 Dr. Josiah Yoder

31 A Note about the Certificate
KA + KC (KA) + - alice.com CS2911 Dr. Yoder

32 Public Key Certificate Chain
CS2911 14 January 2019 Public Key Certificate Chain Carol KC + KC (KD) + - KD + Dan Bob KD (KA) + - KC (KD) + - Suppose Alice sends Bob a message signed by Carol with Dan' public key saying it really is his Suppose Bob trusts Carol Suppose Alice sends Bob a message signed by Dan with Alice's public key saying it really is hers. Suppose Bob trusts Dan Suppose Bob has Carol’s public key already Then Bob can trust that Alice's public key is real! KD (KA) + - KA + Alice Dr. Josiah Yoder

33 Public Key Certificate Chain
CS2911 14 January 2019 Public Key Certificate Chain KC (KD) + - Carol KC + KD (KE) + - KD + Dan KE + KC (KD) + - KE (KA) + - Esther Bob KD (KE) + - Suppose Alice sends Bob a message signed by Carol with Dan' public key saying it really is his Suppose Bob trusts Carol Suppose Alice sends Bob a message signed by Dan with Esther's public key saying it really is hers. Suppose Bob trusts Dan Suppose Alice sends Bob a message signed by Esther with Alice’s public key saying it really is his Suppose Bob trusts Esther Suppose Bob has Carol’s public key already Then Bob can trust that Alice's public key is real! KE (KA) + - KA + Alice Dr. Josiah Yoder

34 Bob still needs to have SOMEONE's public key to start with!
CS2911 14 January 2019 Bob still needs to have SOMEONE's public key to start with! This "someone“ (Carol) is called a root certificate authority (CA) Everyone else in the chain is a certificate authority (CA) The root CA's key is stored on Bob's computer by the manufacturer (or by Bob's institution) Dr. Josiah Yoder

35 Confirming a certificate chain
CS2911 14 January 2019 Confirming a certificate chain Suppose Bob goes to alice.com, a perfume outlet alice.com sends Bob Her key, signed by CA1 CA1's key, signed by CA2 CA2's key, signed by the root CA Bob checks that all keys are properly signed. Bob checks that the root CA is one he trusts Now Bob knows Alice's key is real. He will use it to start a secure exchange with Alice (Example from our textbook) Dr. Josiah Yoder

36 What if someone is able to actually steal Alice's private key?
She would like to "revoke" her key – tell everyone that it is no longer valid Certificate Revocation Lists (CRLs) are the classic way to do this. Each CA offers lists of all keys it has signed, but also revoked New ways are OCSP and OCSP stapling User goes back to CA to ask if certificate is valid Neither one is used 100%... compromised keys are still really bad

37 Example Man-in-the-middle attack (1)
CS2911 14 January 2019 Example Man-in-the-middle attack (1) Bob Alice Trudy Please share your public key Please share your public key (KA,KC(KA)) + - (KA,KC(KA)) + - Bob checks it Against Carol’s public key This time Trudy really does give Bob Alice’s IP address. Looks good t me! Dr. Josiah Yoder

38 Example Man-in-the-middle attack (2)
CS2911 14 January 2019 Example Man-in-the-middle attack (2) Bob Alice Trudy Here is the session key, just for you, Alice! KA (KS) Here is the session key, just for you, Alice! KA (KS) + + This time Trudy really does give Bob Alice’s IP address. Dr. Josiah Yoder

39 Example Man-in-the-middle attack (3)
CS2911 14 January 2019 Example Man-in-the-middle attack (3) Bob Alice Trudy KS (Are you Alice?) KS (Are you Alice?) KS (Yes I am!) KS (Yes I am!) KS (GET /perfume.html HTTP/1.1) KS (GET /perfume.html HTTP/1.1) KS (Buy ) KS (Buy ) Dr. Josiah Yoder

40 Example Man-in-the-middle attack (4)
CS2911 14 January 2019 Example Man-in-the-middle attack (4) Bob Alice Trudy KS (Credit card #: ) KS (Credit card #: ) KS (order complete) KS (order complete) I wonder what he is saying…? Dr. Josiah Yoder

41 Big-picture review Public-private key and symmetric key together make for efficient way to confidentially exchange data Man-in-the middle attack makes key distribution difficult Public-key infrastructure and trusted root CA keys pre-installed make communication with new sites possible, even with man-in-middle attack Lots of trust on CA hierarchy!

42 CS2911 14 January 2019 Acknowledgement The content of this video is based in part on lecture slides from a very good textbook, and used with the author’s permission: Computer Networking: A Top-Down Approach, 7th edition, by Jim Kurose and Keith Ross Publisher: Pearson, 2017 Dr. Josiah Yoder

Download ppt "CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping"

Similar presentations

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Network Security – Special Topic on Skype Security.

Network Security – Special Topic on Skype Security.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Secure HTTP (HTTPS) Pat Morin COMP 2405.

Secure HTTP (HTTPS) Pat Morin COMP 2405.
Network security Cryptographic Principles

Network security Cryptographic Principles
Key management issues in PGP

Key management issues in PGP

Similar presentations

Ads by Google