Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003.

Published byCharles Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003."— Presentation transcript:

1 1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003

2 2 Purposes of network security Four main purposes (or services): –Secrecy (or confidentiality): Prevent others from reading information shared between two participants. –Authentication: Verifying someone’s or something’s identity. –Message integrity: Assure that the message received has not be altered since it was generated by a legitimate source. –Nonrepudiation: A sender should not be able to falsely deny later that he sent a message. Two approaches: –Secrecy of the cryptographic algorithm (restricted algorithm) –The cryptographic algorithm is not a secret, but the key is.

3 3 Types of attacks Passive attacks (eavesdropping), e.g., –ciphertext-only attacks –known-plaintext attacks –chosen-plaintext attacks Active attacks, e.g., –pretend to be someone else –introduce new messages in the protocol –delete existing messages –substituting one message for another –replay old messages

4 4 Scope of consideration Scope: –Concern mainly communication between two parties (group communication security will be discussed later). –Concern attacks against protocols, not those against cryptographic algorithms or cryptographic techniques used to implement the algorithms. Other network security issues –Infrastructure security, i.e. attacks on routers, DNS root servers, etc. –Worms and viruses –Distributed DDoS attacks (DoS attacks will be considered though) –System security

5 5 Three cryptographic functions Hash functions: require 0 key Secret key functions: require 1 key Public key functions: require 2 keys

6 6 Secret key (symmetric) cryptography Given: –Alice and Bob agree on a secret key cryptosystem. –Alice and Bob agree on a key (secret). Encryption and decryption using the key. –M --> E K (M) --> D K (E K (M)) --> M Problems: –Keys must be distributed in secret. –Compromising keys means compromising all aspects of security. –The number of keys is not scalable to the user population size.

7 7 Secret key cryptography algorithms Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), and Advanced Encryption Standard (AES) Example: an 64-bit DES –There is no mathematical proof that DES is secure. –Two techniques used: confusion and diffusion. –The only approach is to search the entire key space. When more than 64 bits are required, use a cipher block chaining (CBC). –The ciphertext for block i is XORed with the plaintext for block i+1 before running it through DES. –An initialization vector (IV) is used in lieu of the nonexisting block 0. –The IV is randomly generated by a sender and it is sent along with the encrypted message. Triple-DES, i.e., encrypt the data three times.

8 8 DES algorithm Initial permutation Round 1 Round 2 Round 16 56-bit key Final permutation …

9 9 Cipher block chaining Block 1 IV DES Cipher 1 Block 2 DES Block 3 DES Block 4 DES + Cipher 2 3 4 +++

10 10 Security uses of secret key cryptography Secrecy, authentication, and message integrity services Assumption: both client and server already share a secret key. Approach: –Each side generate a random number encrypted with the secret key. –See whether the other side can decrypt it. Successful if CHK = SHK (client and server handshaking keys) SK: Session key

11 11 Secret key based authentication This approach is based on a trusted third party (authenti- cation server), e.g., Kerberos protocol. Assumptions: A shares a secret key with S, and so is B with S. Notations in the messages: –T: Timestamp –L: Lifetime –K: Session key for A and B –K A, K B : A’s secret key shared with S and B’s secret key shared with S, respectively. –A, B: The participants’ identities ASB E (( T, L, K, B ), K A E (( A, T ), K E (( T, L, K, A ), K B ) A, B E ( T + 1, K ) E (( T, L, K, A ), K B )

12 12 Secret key based message integrity Produce a small, fixed-sized “checksum” based on the message under protection. –This cryptographic checksum is referred to as message integrity code (MIC) or message authentication code (MAC). E.g., apply the DES with CBC to the message, and then to use the CBC residue as the message integrity code (MIC). –The residue is the last block of the CBC output. –The plaintext message plus the MIC would be sent to the receiver. –The receiver needs to reproduce the “checksum” and compares it with the MIC.

13 13 Hash functions A hash, or message digest, is a one-way function that produces a short, fixed-sized output. Properties: –One-way functions are relatively easy to compute, i.e., given x and compute h(x). –However, given h(x), it is significantly harder to compute x. –It is computationally infeasible to find two inputs that hash to the same value. Provide mainly message integrity service, and help in generating digital signatures.

14 14 Hash algorithms Message Digest (MD-n, n = 1, …, 5), and Secure Hash Algorithm (SHA-1) Transform Initial“digest” (constant) Message (padded) Transform 128-bit Message digest 512 bits … …

15 15 Keyed message integrity protocols Just hash a message under protection is inadequate. Message integrity protocols can be based on secret key encryption. –Assume that Alice and Bob share a secret key k. –Alice sends M + MD5(M + k), where + refers to the concatenation of two messages. –Bob applies MD5 to M + k, and compares it with the MIC. Message integrity protocols can be based on public key encryption. –Alice sends M + MD5(M + k) + E Pri(A) (k), where k is a random number picked by Alice. –Bob recovers k by D Pub(A) (E Pri(A) (k)).

16 16 Public key (asymmetric) cryptography Given: –Alice and Bob agree on a public key cryptosystem. –Alice owns a pair of public key and private key, and Bob knows Alice’s public key, which is not a secret. Encryption using the public key and decryption using the private key. –Bob sends a message intended only for Alice to see. –M --> E Pub(A) (M) --> D Pri(A) (E Pub(A) (M)) --> M. Problems: –Public-key algorithms are slow. Symmetric algorithms are at least 1000 times faster. –Vulnerable to chosen-plaintext attacks.

17 17 Public key cryptography algorithms RSA (Rivest, Shamir, And Aldeman), Elliptic Curve Cryptography (ECC), ElGamal (ElG), Digital Signature Standard (DSS), Diffie-Hellman (DH) –RSA and ECC do encryption and digital signatures –ElG and DSS do digital signatures –DH allows an establishment of a shared secret. It is computationally hard to deduce the private key from the public key. –For example, the choice of the public and private keys in RSA is based on a multiplication of two large prime numbers.

18 18 Public key based authentication A picks a random number and encrypts it with B’s public key. Unlike the secret key approach, Bob only needs to remember its own private key for authentication. Moreover, Alice does not need to keep any secret in order to verify Bob. AB E ( x, Public B ) x

19 19 Digital signatures Digital signatures, similar to handwritten signatures, are used as a proof of authorship. A digital signature is a special case of an MIC, where the code can only be generated by the authorized participant. The digital signatures must be –verifiable, –nonforgeable, –unalterable, –not reusable, and –nonrepudiable.

20 20 Public key based digital signatures Private key algorithms cannot achieve the nonrepudiable objective. To digitally sign a document using RSA, a sender uses its private key to produce the signature, and the receiver uses the public key to verify it. –In RSA, both the private key and public key can be used for encryption (not with DSS). –Alice encrypts M using its private key: E Pri(A) (M). –Alice sends M and E Pri(A) (M) to Bob. –Bob decrypts M using Alice’s public key, D Pub(A) (E Pri(A) (M)), and compares the result with M.

21 21 RSA digital signatures Verifiable (use Alice’s public key) Nonforgeable (only Alice has the private key) Unalterable (do not produce the same document) Not reusable (pertain to that document), and Nonrepudiable

22 22 RSA digital signatures with MD5 In practice, public key algorithms are too slow to sign long documents, and the signature is also too long. Instead of signing the whole document, a sender signs the checksum produced by a hash function, such as MD5. –Alice signs the hash value of the document and send M + E Pri(A) (MD5(M)). –Bob computes the hash by running MD5(M). –Bob decrypts E Pri(A) (MD5(M)). –Bob compares MD5(M) and D Pub(A) (E Pri(A) (MD5(M))).

23 23 Digital signatures with encryption The security of encryption can be combined with the authenticity of digital signatures. –Alice signs a message M and sends S A (M), where the signing can be based on any method discussed before. –Alice encrypts the signed message with Bob’s public key: E Pub(B) (S A (M)). –Bob decrypts the received message: D Pri(B) (E Pub(B) (S A (M))). –Bob verifies the signed message S A (M). Signing before encrypting is a prudent practice. –You know what you are signing. –Signatures cannot be removed from an encrypted message.

24 24 Remaining issues For the private key approach, how does a pair of participants generates and manages their shared secret key? –Use RSA key exchange with digital signatures. –Diffie-Hellman key exchange For the public key approach, how can one obtain another’s true public key or how can one reliably advertise one’s public key to others? –Digital certificates –Certification authority (a trusted third party approach)

25 25 Internet security IP layer: IP security (IPSec)---Encapsulating Security Payload (ESP) and Authentication Header (AH) –AH mainly provides access control, connectionless message integrity, and anti-replay protection. –ESP, in addition to the services provided by AH, provides also secrecy. Transport layer: Secure Socket Layer (SSL) and Transport Layer Security (TLS) –Provide secrecy and message integrity between two communicating applications. –This is a generic security protocol supporting any applications, for example, HTTP/TLS/TCP.

26 26 Internet security Application-specific: –SET for payment-card transactions –Privacy Enhanced Mail (PEM) and Pretty Good Privacy (PGP) for email security –Secure HTTP (S-HTTP) for WWW (RFC 2660) –DNSSEC for DNS Others: –Multicast group security –Multimedia security –Mobile and wireless network security –Enterprise security (virtual private network) –Remote access security

27 27 Acknowledgments This set of notes is based on –C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in Public World, Second Edition, Prentice Hall PTR, 2002. –L. Peterson and B. Davie, Computer Networks: A Systems Approach, Morgan Kaufmann, 2000. –B. Schneier. Applied Cryptography, Second Edition, Wiley, 1996.

Download ppt "1 Some Backgrounds on Network Security Rocky K. C. Chang 12 February 2003."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google