Presentation is loading. Please wait.

Presentation is loading. Please wait.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Published byTheodora Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography."— Presentation transcript:

1 23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography

2 23-2 This time □ Message integrity □ Authentication □ Key distribution and certification

3 23-3 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Message integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers

4 23-4 Digital Signatures Cryptographic technique analogous to hand- written signatures. □ Sender (Bob) digitally signs document, establishing he is document owner/creator. □ Verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

5 23-5 Digital Signatures Simple digital signature for message m: □ Bob signs m by encrypting with his private signature key S B, creating “signed” message, S B (m) □ Bob also has a public verification key V B such that V B (S B (m)) = m. Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m Public key signature algorithm Bob’s private signature key S B Bob’s message, m, signed with his private key S B (m)

6 23-6 Digital Signatures (more) □ Suppose Alice receives msg m, digital signature S B (m) □ Alice verifies m signed by Bob by applying Bob’s public verification key V B to S B (m) then checks V B (S B (m) ) = m. □ If V B (S B (m)) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature S B (m) to court and prove that Bob signed m.

7 23-7 Message Digests Computationally expensive to public-key sign long messages Goal: fixed-length, easy- to-compute digital “fingerprint” □ Apply hash function H to m, get fixed size message digest, H(m). Hash function properties: □ many-to-1 □ produces fixed-size msg digest (fingerprint) □ given message digest x, computationally infeasible to find m such that x = H(m), or two messages m1, m2 with H(m1)=H(m2) large message m H: Hash Function H(m)

8 23-8 Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: ► produces fixed length digest (16-bit sum) of message ► is many-to-one But given message with given hash value, it is easy to find another message with same hash value: I O U 1 0 0. 9 9 B O B 49 4F 55 31 30 30 2E 39 39 42 4F 42 message ASCII format B2 C1 D2 AC I O U 9 0 0. 1 9 B O B 49 4F 55 39 30 30 2E 31 39 42 4F 42 message ASCII format B2 C1 D2 AC different messages but identical checksums!

9 23-9 large message m H: Hash function H(m) digital signature (sign) Bob’s private key S B + Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: S B (H(m)) signed msg digest S B (H(m)) signed msg digest large message m H: Hash function H(m) digital signature (verify) H(m) Bob’s public key V B equal ? Digital signature = signed message digest

10 23-10 Hash Function Algorithms □ Traditionally: MD5 hash function (RFC 1321) ♦ computes 128-bit message digest in 4-step process. ♦ arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. ♦ it's been figured out how to make collisions! □ Newer: SHA-1 ♦ US standard [ NIST, FIPS PUB 180-1] ♦ 160-bit message digest ♦ many people think collisions are imminent! □ Starting to switch to SHA-256 ♦ Newer US standard [ NIST, FIPS PUB 180-2] ♦ 256-bit message digest

11 23-11 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers

12 23-12 Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

13 23-13 Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice “I am Alice”

14 23-14 Authentication: another try Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address Failure scenario?? “I am Alice” Alice’s IP address

15 23-15 Authentication: another try Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address “I am Alice” Alice’s IP address

16 23-16 Authentication: another try Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario?? “I’m Alice” Alice’s IP addr Alice’s password OK Alice’s IP addr

17 23-17 Authentication: another try Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. playback attack: Trudy records Alice’s packet and later plays it back to Bob “I’m Alice” Alice’s IP addr Alice’s password OK Alice’s IP addr “I’m Alice” Alice’s IP addr Alice’s password

18 23-18 Authentication: yet another try Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Failure scenario?? “I’m Alice” Alice’s IP addr encrypted password OK Alice’s IP addr

19 23-19 Authentication: another try Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. record and playback still works! “I’m Alice” Alice’s IP addr encrypted password OK Alice’s IP addr “I’m Alice” Alice’s IP addr encrypted password

20 23-20 Authentication: yet another try Goal: avoid playback attack Failures, drawbacks? Nonce: number (R) used only once-in-a-lifetime ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R E (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

21 23-21 Authentication: ap5.0 ap4.0 requires shared symmetric key □ can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” R Bob computes S A (R) “send me your public keys” V A, E A V A (S A (R)) = R and knows only Alice could have the private key that signed R Bob then sends encrypted messages to Alice E A (m)

22 23-22 ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice R Send me your public keys S A (R) Send me your public keys E T (m) Trudy gets m = D T (E T (m)) sends m to Alice encrypted with Alice’s public key m = D A (E A (m)) R V A,E A S T (R) V A,E A V T,E T E A (m)

23 23-23 ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: □ Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) □ The problem is that Trudy receives all messages as well!

24 23-24 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers

25 23-25 Trusted Intermediaries Symmetric key problem: □ How do two entities establish shared secret key over network? Solution: □ trusted key distribution center (KDC) acting as intermediary between entities Public key problem: □ When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: □ trusted certification authority (CA)

26 23-26 Key Distribution Center (KDC) □ Alice, Bob need shared symmetric key. □ KDC: server shares different secret key with each registered user (many users) □ Alice, Bob know own symmetric keys, K A-KDC K B-KDC, for communicating with KDC. K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC

27 23-27 Key Distribution Center (KDC) Alice knows R1 Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 E B-KDC (A,R1) E A-KDC (A,B) E A-KDC (R1, E B-KDC (A,R1) )

28 23-28 Certification Authorities □ Certification authority (CA): binds public key to particular entity, E. □ E (person, router) registers its public key with CA. ♦ E provides “proof of identity” to CA. ♦ CA creates certificate binding E to its public key. ♦ certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key V B Bob’s identifying information digital signature (signing) CA private key S CA V B certificate for Bob’s public key, signed by CA

29 23-29 Certification Authorities □ When Alice wants Bob’s public key: ♦ gets Bob’s certificate (Bob or elsewhere). ♦ apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key V B digital signature (verifying) CA public key V CA V B

30 23-30 A certificate contains: □ Serial number (unique to issuer) □ info about certificate owner, including algorithm and key value itself (not shown) □ info about certificate issuer □ valid dates □ digital signature by issuer

31 23-31 Recap □ Message Integrity □ Authentication □ Key distribution and certification

32 23-32 Next time □ Firewalls □ Attacks and countermeasures □ Security in many layers

Download ppt "23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography."

Similar presentations

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
8: Network Security8-1 22 – Integrity, Firewalls.

8: Network Security – Integrity, Firewalls.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.
Network Security7-1 Network Security 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification.

Network Security7-1 Network Security 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Outline User authentication

Outline User authentication
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Chapter 31 Network Security

Chapter 31 Network Security
Behzad Akbari Spring 2012 1 In the Name of the Most High.

Behzad Akbari Spring In the Name of the Most High.
Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York.

Similar presentations

Ads by Google