Download presentation
Presentation is loading. Please wait.
Published byJasmine Gardner Modified over 9 years ago
1
1 Comnet 2010 Communication Networks Recitation 11 Security
2
2 Comnet 2010 RSA: The problem A wants to send B a message, butA wants to send B a message, but –A and B cannot meet so cannot decide on a common key
3
3 Comnet 2010 RSA: The solution B sends A a public key e B. The public key can be used to encrypt, but not to decryptB sends A a public key e B. The public key can be used to encrypt, but not to decrypt A encrypts the message m with the public key and sends e B (m) to BA encrypts the message m with the public key and sends e B (m) to B B uses his own private key d B to decrypt: d B (e B (m))=mB uses his own private key d B to decrypt: d B (e B (m))=m
4
4 Comnet 2010 RSA obtaining keys 1. 1.Choose two large prime numbers p, q. 2. 2.Compute n = pq give to others. 3. 3.Calculate z=(p-1)(q-1). Destroy p,q. 4. 4.Choose 1<e<n that has no common factors with z give to others. 5.. F 5.Compute d such that (de-1) is evenly divisible by z. Find an integer K which causes d = (Kz+ 1)/e to be integer, and use d keep secret. Destroy z. Public key (n,e). Private key (n,d).
5
5 Comnet 2010 RSA example 1.p = 61, q = 53 2.n = 3233 3.z=3120 4.7, 11, 17 will do. We choose e=17. 5.d=2753: (3120K+1)/17 integer K=15. Public key (3233,17). Private key (3233,2753).
6
6 Comnet 2010 RSA encryption/decryption Encryption :Encryption : c = m e mod n Decryption :Decryption : m = c d mod n
7
7 Comnet 2010 RSA encryption/decryption example encrypt(m) = m 17 mod 3233 Encrpyt(123) = 123 17 mod 3233 = 855 decrypt(c) = c 2753 mod 3233 Decrpyt(855) = 855 2753 mod 3233 = 123
8
8 Comnet 2010 RSA with a pocket calculator 2753 = 101011000001 base 22753 = 101011000001 base 2 2753 = 1 + 2 6 + 2 7 + 2 9 + 2 11 = 1 + 64 + 128 + 512 + 20482753 = 1 + 2 6 + 2 7 + 2 9 + 2 11 = 1 + 64 + 128 + 512 + 2048 855 1 = 855 (mod 3233) 855 2 = 367 (mod 3233) 855 4 = 367 2 (mod 3233) = 2136 (mod 3233) 855 8 = 2136 2 (mod 3233) = 733 (mod 3233) 855 16 = 733 2 (mod 3233) = 611 (mod 3233) 855 32 = 611 2 (mod 3233) = 1526 (mod 3233) 855 64 = 1526 2 (mod 3233) = 916 (mod 3233) 855 128 = 916 2 (mod 3233) = 1709 (mod 3233) 855 256 = 1709 2 (mod 3233) = 1282 (mod 3233) 855 512 = 1282 2 (mod 3233) = 1160 (mod 3233) 855 1024 = 1160 2 (mod 3233) = 672 (mod 3233) 855 2048 = 672 2 (mod 3233) = 2197 (mod 3233)
9
9 Comnet 2010 855 2753 (mod 3233) = 855^(1 + 64 + 128 + 512 + 2048) (mod 3233) = 855 1 * 855 64 * 855 128 * 855 512 * 855 2048 (mod 3233) = 855 * 916 * 1709 * 1160 * 2197 (mod 3233) = 794 * 1709 * 1160 * 2197 (mod 3233) = 2319 * 1160 * 2197 (mod 3233) = 184 * 2197 (mod 3233) = 123 (mod 3233) = 123
10
10 Comnet 2010 RSA: Signatures How can B know the message was from A?How can B know the message was from A? –A produces a hash H(m) –A encrypts with his private key d A (H(m)) and sends with m. –B produces H(m), decrypts d A (H(m)) with A’s public key e A : e A (d A (H(m)))=H(m) and compares them.
11
11 Comnet 2010 RSA Signature example A wants to send “This is a very important message”.A wants to send “This is a very important message”. p=5, q=7 n = 35, z = 24p=5, q=7 n = 35, z = 24 e = 5; d = 29e = 5; d = 29 Public key: (35, 5) Private key: (35, 29)Public key: (35, 5) Private key: (35, 29) H( “This is a very important message” )=26H( “This is a very important message” )=26 26 29 mod 35 = 3126 29 mod 35 = 31 A sends “This is a very important message”, 31A sends “This is a very important message”, 31 B gets public key 5, 31 5 mod 35 = 26.B gets public key 5, 31 5 mod 35 = 26. Compares to H( “This is a very important message” )=26Compares to H( “This is a very important message” )=26
12
12 Comnet 2010 RSA: Authorization How can B know this is really the A he knows?How can B know this is really the A he knows? –Certification Authority has public key e CA and private key d CA –A proves to CA that he is A using some identity proof, and gets d CA (e A ) –B can now use e CA (d CA (e A ))=e A
13
13 Comnet 2010 RSA Authorization example A wants to send “This is a very important message”.A wants to send “This is a very important message”....... CA has Public key (3337, 79), Private key (3337, 1019)CA has Public key (3337, 79), Private key (3337, 1019) B gets A’s authorized public key 5 1019 mod 3337 = 199B gets A’s authorized public key 5 1019 mod 3337 = 199 B uses 199 79 mod 3337 = 5B uses 199 79 mod 3337 = 5 …
14
14 Comnet 2010 Firewall Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others Firewall is usually implemented as a router Router filters packets, based on: – –source IP address – –destination IP address – –TCP/UDP source and destination port numbers – –ICMP message type – –TCP SYN and ACK bits – –“Smart filtering”
15
15 Comnet 2010 Example firewall rules “Allow outgoing traffic only on ports HTTP, HTTPS, FTP and TELNET”“Allow outgoing traffic only on ports HTTP, HTTPS, FTP and TELNET” –Used in a work place to make sure people aren’t using dangerous/illegal sharing –Too wide “Do not allow incomingng traffic on port TCP/4661 (edonkey)”“Do not allow incomingng traffic on port TCP/4661 (edonkey)” –Too narrow
16
16 Comnet 2010 More rules “Allow incoming traffic only on port HTTP/HTTPS”“Allow incoming traffic only on port HTTP/HTTPS” –Is it blocking enough? –What other applications? “Do not allow traffic from bezeqint.net”“Do not allow traffic from bezeqint.net” –Sad but true
17
17 Comnet 2010 Firewalls prevented SYN DDOS attack 1.An external host sends a syn packet. 2.Firewall responds with a syn+ack to the external host (at this point, the internal server doesn’t even know that there is something going on like this). 3.If the external hosts sends an ack packet, then the firewall creates a new session by syn to ack to the internal server. 4.Then it connects them together so that the communication works. Can this be circumvented? What else can the firewall do?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.