Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point

Published byAnnis Gilmore Modified over 5 years ago

Similar presentations

Presentation on theme: "CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point"— Presentation transcript:

1 CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point
15 June 2019 CS2911 Week 8, Class 1 Today Muddiest Point Questions on Videos Encryption Week 8, Lab period Quiz 4: Topics include TCP, SMTP, IMAP, POP 17q ,9-24 CS2911 Dr. Yoder Dr. Josiah Yoder

2 This slide deck is the version presented in Section 021 on Friday of Week 7.
For the latest version, see the presentation that does not end with -021.pptx CS2911 Dr. Yoder

3 Packet Sniffer (e.g. Wireshark)
CS2911 15 June 2019 Packet Sniffer (e.g. Wireshark) Alice This is the problem we've been considering so far. This is a review of how we've solved it. Bob Trudy Dr. Josiah Yoder

4 How to achieve confidentiality? Approach 1: Symmetric keys
Alice wants to send confidential message, m, to Bob. KS KS( ) . KS(m ) KS( ) . m KS(m ) m Internet KS Bob Alice Problem: How to get Ks to Bob without Trudy intercepting? Trudy Alice: encrypts message with KS (for efficiency) sends KS(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. Bob: uses KS to decrypt KS(m) to recover m

5 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m KB(m) + KB( ) . - Bob Alice KB + m KB(m ) + KB - Trudy Bob: Send public key KB to Alice + Alice: encrypts message with Bob's public key KB sends KB(m) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. + +

6 How to achieve confidentiality? Approach 2: Public/private keys
Alice wants to send confidential message, m, to Bob. KB + Internet KB( ) . + m KB(m) + KB( ) . - Bob Alice KB + m KB(m ) + KB - Trudy Bob (final step): Use private key KB to decrypt KB(m) (because KB(KB(m)) = m) - + - + Modified from the slides accompanying Kurose and Ross, 7th Ed. Problems: Inefficient for large messages and suffers from same problems as non-chained cipher-blocks

7 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Alice: generates random symmetric private key, KS encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key sends both KS(m) and KB(KS) to Bob Modified from the slides accompanying Kurose and Ross, 7th Ed. +

8 How to achieve confidentiality? Approach 3: Use both!
KS( ) . KB( ) + - KS(m ) KB(KS ) m KS KB Internet Bob Alice Trudy Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m Modified from the slides accompanying Kurose and Ross, 7th Ed. Since the symmetric key Ks is designed for cipher-block chaining, it works well on a large amount of data

9 Man-in-the-middle attack
CS2911 15 June 2019 Man-in-the-middle attack Alice Here comes Trudy again! Bob Trudy Dr. Josiah Yoder

10 Man-in-the-middle attack
Alice Bob Trudy

11 Trudy can edit ALL the packets
Not just application payload Even TCP headers Even IP headers Even DNS packets Even encrypted packets! Every packet Alice sends Every packet Bob sends CS2911 Dr. Yoder

12 Change what Alice sends
CS2911 15 June 2019 Trudy can… Alice and Bob want… See what Alice sends Change what Alice sends Repeat what Alice sends Reorder what Alice sends Pretend to be Alice Ask for Bob's password Confidentiality Data integrity Avoid replay attacks Session integrity (??) Authentication Avoid phishing attacks Types of attacks / types of security Try to get Bob's keys - Avoid chosen-plaintext attack Take down Alice's server - Avoid denial of service attacks Dr. Josiah Yoder

13 Example Man-in-the-middle attack
CS2911 15 June 2019 Example Man-in-the-middle attack Bob Alice Trudy where is alice.com? at My credit card: Order complete! Dr. Josiah Yoder

14 OK, so Bob will probably be using encryption… that will slow Trudy down… … or will it?
CS2911 Dr. Yoder

15 Example Man-in-the-middle attack (1)
CS2911 15 June 2019 Example Man-in-the-middle attack (1) Bob Alice Trudy + + Bob’s public key is KB Bob’s public key is KT This time Trudy really does give Bob Alice’s IP address. Dr. Josiah Yoder

16 Example Man-in-the-middle attack (2)
CS2911 15 June 2019 Example Man-in-the-middle attack (2) Bob Alice Trudy Please share session key Please share session key + Looks good to me! KT(KSA) + KB(KST) Thanks for the session key, Alice! Dr. Josiah Yoder

17 Example Man-in-the-middle attack (3)
CS2911 15 June 2019 Example Man-in-the-middle attack (3) Bob Alice Trudy KST(Are you Alice?) KSA(Are you Alice?) KST(Yes I am!) KSA(Yes I am!) KST (GET /perfume.html HTTP/1.1) KSA(GET /perfume.html HTTP/1.1) KSA(Buy ) KST(Buy ) Dr. Josiah Yoder

18 Example Man-in-the-middle attack (4)
CS2911 15 June 2019 Example Man-in-the-middle attack (4) Bob Alice Trudy KST(Here's my credit card) KSA(Here's my credit card) KSA(order complete) KSA(order complete) Thanks for the credit card info, Bob! Dr. Josiah Yoder

19 CS2911 15 June 2019 When we lose authentication, we lose data integrity and confidentiality as well. CS2911 Dr. Yoder Dr. Josiah Yoder

20 CS2911 15 June 2019 Authentication How can Bob know it is really Alice that sent him a message? Alice needs to sign the message Public-key cryptography can be used for this CS2911 Dr. Yoder Dr. Josiah Yoder

21 RSA: an important property
CS2911 15 June 2019 RSA: an important property The following property will be very useful: K (K (m)) = m B - + K (K (m)) = use public key first, followed by private key use private key first, followed by public key result is the same! Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-21 Dr. Josiah Yoder

22 Why ? follows directly from modular arithmetic:
CS2911 15 June 2019 K (K (m)) = m B - + K (K (m)) = Why ? follows directly from modular arithmetic: (me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n = m (as shown in RSA video) Modified from the slides accompanying Kurose and Ross, 7th Ed. Security 8-22 Dr. Josiah Yoder

23 Key point If I receive only Bob could have signed it, because only Bob has Bob's private key KB I can recover the message like this if m makes sense, it must be a message from Bob c = (K (m)) B - - m K (K (m)) B + - = ?

24 Suppose, for a moment, that Bob has Alice’s public key already
CS2911 Dr. Yoder

25 [In class, we sketched on the board how Alice and Bob can use already-shared keys to sign and encrypt new messages] [To obtain both confidentiality and data integrity] CS2911 Dr. Yoder

26 CS2911 15 June 2019 Acknowledgement The content of this video is based in part on lecture slides from a very good textbook, and used with the author’s permission: Computer Networking: A Top-Down Approach, 7th edition, by Jim Kurose and Keith Ross Publisher: Pearson, 2017 Dr. Josiah Yoder

Download ppt "CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point"

Similar presentations

8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Network Security – Special Topic on Skype Security.

Network Security – Special Topic on Skype Security.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
CS2910 Week 1, Class 1 Today Introductions Class/Lab Layout Safety Review - Note about Lab Safety Review Announce Prof. Michael Vieau’s S-341 6p Thurs.

CS2910 Week 1, Class 1 Today Introductions Class/Lab Layout Safety Review - Note about Lab Safety Review Announce Prof. Michael Vieau’s S-341 6p Thurs.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)

Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.

+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
CS2910 Week 7, Lab Today SMTP lab Tuesday (Either today or yesterday) Extra office hour at 11 am (right after lab) Friday Office hour cancelled SE-2811.

CS2910 Week 7, Lab Today SMTP lab Tuesday (Either today or yesterday) Extra office hour at 11 am (right after lab) Friday Office hour cancelled SE-2811.
CS2910 Week 10, Class 1 Today Modular Arithmetic RSA Week 10, Monday Quiz: Potential topics TCP window size & header format Public/private key encryption.

CS2910 Week 10, Class 1 Today Modular Arithmetic RSA Week 10, Monday Quiz: Potential topics TCP window size & header format Public/private key encryption.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.

1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
CS2910 Week 4, Class 2 Today Sit by someone you have not yet worked with this quarter. Learn his/her name if unknown. Turn on your laptop and start Wireshark.

CS2910 Week 4, Class 2 Today Sit by someone you have not yet worked with this quarter. Learn his/her name if unknown. Turn on your laptop and start Wireshark.

Similar presentations

Ads by Google