Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework scheduleHomework schedule Upcoming labUpcoming lab RecapRecap.

Published byBrian Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework scheduleHomework schedule Upcoming labUpcoming lab RecapRecap."— Presentation transcript:

1

2 March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework scheduleHomework schedule Upcoming labUpcoming lab RecapRecap Encapsulated Security PayloadEncapsulated Security Payload Key exchange - strategiesKey exchange - strategies Internet Key Exchange – the problemInternet Key Exchange – the problem Diffie Hellman and Public KeysDiffie Hellman and Public Keys

3 Recap Project Schedule – Proposal due todayProject Schedule – Proposal due today Homework – Due ThursdayHomework – Due Thursday Lab – Due ThursdayLab – Due Thursday Protecting packet integrityProtecting packet integrity –Encrypted checksum problems –Keyed Hash and HMAC IPSECIPSEC March 2005 2R. Smith - University of St Thomas - Minnesota

4 IP Security Protocol – IPSEC Security protection that’s IP routableSecurity protection that’s IP routable We authenticate the IP addressesWe authenticate the IP addresses We encrypt everything inside the IP headerWe encrypt everything inside the IP header March 2005 3R. Smith - University of St Thomas - Minnesota

5 Separate Headers AH – Authentication HeaderAH – Authentication Header –Keeps the packet intact ESP – Encapsulating Security PayloadESP – Encapsulating Security Payload –A ‘generic’ security format, originally just for encryption –Now does both encryption and authentication March 2005 4R. Smith - University of St Thomas - Minnesota

6 Authentication Header – ‘AH’ Protects unchanging bits of the IP headerProtects unchanging bits of the IP header “SPI” – Security Parameter Index“SPI” – Security Parameter Index –Identifies the keying and hash algorithm to use March 2005 5R. Smith - University of St Thomas - Minnesota

7 Encapsulating Security Payload- ESP (8 bit bytes)SPI Sequence Number Payload Data(variable) Padding (variable) Pad LengthNext Header Integrity Check(variable) March 2005 6R. Smith - University of St Thomas - Minnesota Modern style, including integrity protectionModern style, including integrity protection –Internal format still depends on the crypto used –SPI picks the crypto format; the format determines variables Main problem: how long is the integrity check?Main problem: how long is the integrity check? May be length = 0, especially if the crypto does it alreadyMay be length = 0, especially if the crypto does it already

8 A Specific Example: CBC Only IV and encrypted data live inside the ‘payload’IV and encrypted data live inside the ‘payload’ Only the enclosed data is protected.Only the enclosed data is protected. March 2005 7R. Smith - University of St Thomas - Minnesota

9 March 2005 8R. Smith - University of St Thomas - Minnesota Secret Key Management Two elementsTwo elements –How do you assign individual keys –How do you update keys Assignment – how many keys do we need?Assignment – how many keys do we need? –“One Big Cryptonet” –Pairwise user-user –Pairwise user-server (“key distribution center) Updating – given the assignment strategiesUpdating – given the assignment strategies –Manual –Automatic

10 March 2005 9R. Smith - University of St Thomas - Minnesota Automatic key updating How do we get the new key?How do we get the new key? –Internal update use a ‘pseudo random number generator’use a ‘pseudo random number generator’ “Forward secrecy” problem“Forward secrecy” problem –Random update Use a new, randomly generated keyUse a new, randomly generated key Share with the cryptonetShare with the cryptonet How do we transmit random keys?How do we transmit random keys? –Chained update Send it using the existing crypto keySend it using the existing crypto key “Forward secrecy” problem“Forward secrecy” problem –KEK-based update Use a separate “key encrypting key”Use a separate “key encrypting key” Data is only sent with “data keys” or “session keys”Data is only sent with “data keys” or “session keys” Only use KEK to send newly generated sessionOnly use KEK to send newly generated session

11 March 2005 10R. Smith - University of St Thomas - Minnesota Key Distribution Center (KDC) Each user has a unique personal keyEach user has a unique personal key –Contacts KDC to get a session key –KDC sends keys encrypted with users’ personal keys ExampleExample –Bob wants to talk to Alice –Bob contacts KDC, says “I want to talk to Alice” –KDC sends two copies of the session key One encrypted with Bob’s personal keyOne encrypted with Bob’s personal key One encrypted with Alice’s personal keyOne encrypted with Alice’s personal key This is the basis of KerberosThis is the basis of Kerberos –Encrypted keys are called “tickets”

12 March 2005 11R. Smith - University of St Thomas - Minnesota Uses a pair of keys: the Private Key and the Public KeyUses a pair of keys: the Private Key and the Public Key Usually, one key of the pair decrypts what the other key encrypts, and vice versaUsually, one key of the pair decrypts what the other key encrypts, and vice versa “Asymmetric Encryption”“Asymmetric Encryption” Encryption Procedure Clear Text Clear Text Public Key Encryption Cipher Text Public Key Decryption Procedure Private Key

13 March 2005 12R. Smith - University of St Thomas - Minnesota Public Key cryptography Diffie HellmanDiffie Hellman ‘Distributive property’ of exponents‘Distributive property’ of exponents –(B X ) Y = (B Y ) X Or, in Diffie-Hellman:Or, in Diffie-Hellman: –(B X mod M) Y mod M = (B Y mod M) X mod M –(B X mod M) * (B Y mod M) mod M ! = (B Y mod M) X mod M Modulus makes it impractical to reverseModulus makes it impractical to reverse

14 March 2005 13R. Smith - University of St Thomas - Minnesota RSA Weird variantWeird variant Multiply two primesMultiply two primes –Product is part of the key –2 other numbers form rest of the key “Public” number (often 3 or 65537)“Public” number (often 3 or 65537) “Private” number (the modular inverse)“Private” number (the modular inverse) Works in both directions – encrypt and decryptWorks in both directions – encrypt and decrypt

15 March 2005 14R. Smith - University of St Thomas - Minnesota Applications Sharing a keySharing a key –Diffie Hellman approach –RSA approach Digital signaturesDigital signatures –Creating one, RSA –Checking one, RSA

16 March 2005 15R. Smith - University of St Thomas - Minnesota Using Public Key Diffie HellmanDiffie Hellman –I can share one secret with another D-H user I use the other user’s PUBLIC key with my PRIVATE keyI use the other user’s PUBLIC key with my PRIVATE key RSARSA –If I have a user’s PUBLIC key, I can send them a secret I encrypt the secret with THEIR public keyI encrypt the secret with THEIR public key They decrypt with their own private keyThey decrypt with their own private key –I can use my PRIVATE key to “sign” things I encrypt a hash (checksum) with my PRIVATE keyI encrypt a hash (checksum) with my PRIVATE key Others can check the result with my PUBLIC keyOthers can check the result with my PUBLIC key

17 March 2005 16R. Smith - University of St Thomas - Minnesota Digital Signature Concept Honest Abe must possess the private key in order to produce the digital signatureHonest Abe must possess the private key in order to produce the digital signature Honest Abe’s Private Key Document Signed Document Signed: Honest Abe ‘I certify that this is really true and Signature Procedure Honest Abe ‘I certify that this is really true and

18 March 2005 17R. Smith - University of St Thomas - Minnesota Signature Procedure Digital Signature Validation Alice trusts Honest AbeAlice trusts Honest Abe Alice needs proof that Abe wrote the documentAlice needs proof that Abe wrote the document Abe’s public key shows that Abe signed the document with his private keyAbe’s public key shows that Abe signed the document with his private key Honest Abe’s Public Key Valid Signature Valid Document Alice Digital Signature ‘I certify that this is really true and

19 March 2005 18R. Smith - University of St Thomas - Minnesota Decryption Procedure Secret Key Secret Key (temporary) Random Number Generator Encryption Procedure Cipher Text RSA Encrypting Secret Keys First send the secret key, then send the dataFirst send the secret key, then send the data Encryption Procedure { } Public Key Clear Text 4327 4445219 John J. Jones Clear Text 4327 4445219 John J. Jones Decryption Procedure Private Key

20 March 2005 19R. Smith - University of St Thomas - Minnesota Hash Digital Signatures Signature is the hash value, encrypted with the private keySignature is the hash value, encrypted with the private key Associates the document’s contents with the signerAssociates the document’s contents with the signer Detects changes to documentDetects changes to document Encryption Procedure Private Key ‘I certify that this is really true and Signed Document Digital Signature ‘I certify that this is really true and

21 March 2005 20R. Smith - University of St Thomas - Minnesota Valid? = Digital Signature Validation Decrypt the hash with the public keyDecrypt the hash with the public key Compare with the document’s hashCompare with the document’s hash Hash Public Key Signed Document Digital Signature Hash Decryption Engine

22 March 2005 21R. Smith - University of St Thomas - Minnesota Real Public Key Applications I.e. places where it really does something valuableI.e. places where it really does something valuable Secrecy (sharing keys)Secrecy (sharing keys) –Secret file sharing (PGP) –SSL: browsers, Secure Shell Integrity (digital signatures)Integrity (digital signatures) –Verifying downloaded software –Verifying e-mail messages –Verifying public key “owners”

23 March 2005 22R. Smith - University of St Thomas - Minnesota Creating a Certificate People generally trust Honest AbePeople generally trust Honest Abe Abe attests that www.bank.com has the public key 3,5555Abe attests that www.bank.com has the public key 3,5555www.bank.com Abe digitally signs a certificate to say thisAbe digitally signs a certificate to say this Abe is a certificate authority (CA) since he certifies the owners of public keysAbe is a certificate authority (CA) since he certifies the owners of public keys www.bank.com Key: 3,5555 Honest Abe’s Private Key Signature Procedure www.bank.com Key: 3,5555

24 March 2005 23R. Smith - University of St Thomas - Minnesota Validating a Certificate The initial strategy in SSL-enabled BrowsersThe initial strategy in SSL-enabled Browsers Every Web server with SSL has a certificateEvery Web server with SSL has a certificate Only one Certificate Authority’s public keyOnly one Certificate Authority’s public key –RSA Security, later Verisign, serves as “Honest Abe” Problems with scalability, delegationProblems with scalability, delegation From Authentication © 2002. Used by permission

25 March 2005 24R. Smith - University of St Thomas - Minnesota Multiple CAs in the Browser Browsers maintain a list of “Honest Abes”Browsers maintain a list of “Honest Abes” Users can add a new CA when encounteredUsers can add a new CA when encountered –Security issue – is a new CA really honest, or not? From Authentication © 2002. Used by permission

26 March 2005 25R. Smith - University of St Thomas - Minnesota Public Key Infrastructure A catch-all term for the services required to support the widespread use of public keys Server and client software to support public keysServer and client software to support public keys Software to create and distribute certificatesSoftware to create and distribute certificates Trustworthy organizations to issue reliable certificatesTrustworthy organizations to issue reliable certificates Mechanisms so that organizations can recognize each other’s certificatesMechanisms so that organizations can recognize each other’s certificates

27 March 2005 26R. Smith - University of St Thomas - Minnesota Commercial PKI Commercial PKIs use a hierarchical strategy Certificates are created and signed by special certificate authority softwareCertificates are created and signed by special certificate authority software Each certificate authority belongs to an enterprise and carries a unique keyEach certificate authority belongs to an enterprise and carries a unique key The enterprise is responsible for ensuring the accuracy of certificatesThe enterprise is responsible for ensuring the accuracy of certificates –Commercial certifiers like Verisign, Inc., rely on stringent, published rules and procedures defined in their Certification Practices Statement and Certificate Policy –Private corporations may rely on internal controls and limits on certificate usage

28 March 2005 27R. Smith - University of St Thomas - Minnesota Alternative to the CA/PKI “Pretty Good Privacy” (PGP) uses web of trust strategy Traditional ‘Web of Trust’Traditional ‘Web of Trust’ –Anyone may sign a certificate –Certificates may carry multiple signatures –Individuals must personally decide on authenticity, based on the signatures –Pairwise trust relationships, extended based upon interpersonal transitive trust Current on-line key directoryCurrent on-line key directory –Directory itself “signs” its certificates –Authenticity based on an e-mail exchange (!?!)

29 March 2005 28R. Smith - University of St Thomas - Minnesota Issues with PKI StandardizationStandardization InteroperabilityInteroperability Poorly defined trust relationshipsPoorly defined trust relationships Confidentiality of Private/Secret signing keysConfidentiality of Private/Secret signing keys DeploymentDeployment –Infrastructure cost –Infrastructure complexity –Enrollment costs –Client deployment costs

30 March 2005 29R. Smith - University of St Thomas - Minnesota “Group quiz” How can I send an encrypted message to 2 other people without sharing a secret with all 3?How can I send an encrypted message to 2 other people without sharing a secret with all 3? Assume we’ve shared public keysAssume we’ve shared public keys Pull out a piece of paperPull out a piece of paper Draw the answer, put the group names on itDraw the answer, put the group names on it

31 March 2005 30R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Homework scheduleHomework schedule Upcoming labUpcoming lab RecapRecap."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Introduction to Cryptography

Introduction to Cryptography
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Exam clarifications needed?Exam clarifications needed? A ‘minor’ homework.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework backHomework back Take-home exam will be on Blackboard after.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework backHomework back Take-home exam will be on Blackboard after.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google