Presentation is loading. Please wait.

Presentation is loading. Please wait.

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

Published byGiles Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001."— Presentation transcript:

1 EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001

2 istoica@cs.berkeley.edu2 Security Requirements  Authentication -Ensures that the sender and the receiver are who they are claiming to be  Data integrity -Ensure that data is not changed from source to destination  Confidentiality -Ensures that data is red only by authorized users  Non-repudiation -Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture)

3 istoica@cs.berkeley.edu3 Cryptographic Algorithms  Security foundation: cryptographic algorithms -Secret key cryptography, Data Encryption Standard (DES) -Public key cryptography, RSA algorithm -Message digest, MD5

4 istoica@cs.berkeley.edu4 Symmetric Key  Both the sender and the receiver use the same secret keys Internet Encrypt with secret key Decrypt with secret key Plaintext Ciphertext

5 istoica@cs.berkeley.edu5 Data Encryption Standard (DES)  DES encrypts a 64-bit block of plain text using a 64-bit key  Three phases 1.Permute the 64 bits in the block 2.Apply a given operation 16 times on the 64 bits 3.Permute the 64 bits using the inverse of the original permutation Round 1 Round 16... key 1 st phase 3 rd phase 2 nd phase

6 istoica@cs.berkeley.edu6 Operation in Each Round of 2 nd Phase  Key is 56 bits  Each round the key is modified and 48 bits are selected from it. Given result K i, the following operations are performed + F 63 0 3231 0 KiKi L i-1 R i-1 LiLi RiRi

7 istoica@cs.berkeley.edu7 Encrypting Larger Messages  Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext + Block 1 Cipher 1 DES + Block 2 DES + Block 3 DES + Block 4 DES Cipher 2 Cipher 3 Cipher 4 IV

8 istoica@cs.berkeley.edu8 Discussion  Can provide confidentiality  No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search  To increase security use triple-DES, i.e., encrypt the message three times

9 istoica@cs.berkeley.edu9 RSA (Rivest, Shamir, and Adleman)  Sender uses a public key  Receiver uses a private key Internet Encrypt with public key Decrypt with private key Plaintext Ciphertext

10 istoica@cs.berkeley.edu10 Generating Public and Private Keys  Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q  Chose encryption key e such that e and (p-1)*(q-1) are relatively prime  Compute decryption key d, where d = e -1 mod ((p-1)*(q-1))  Construct public key from pair (n, e)  Construct private key from pair (d, n)

11 istoica@cs.berkeley.edu11 RSA Encryption and Decryption  Encryption: -c = m e mod n  Decryption: -m = c d mod n

12 istoica@cs.berkeley.edu12 Example  Choose p = 7 and q = 11  n = p*q = 77  Compute encryption key e: (p-1)*(q-1) = 6*10 = 60  chose e = 13 (13 and 60 are relatively prime numbers)  Compute decryption key d: d = 13 -1 mod 60  13*d mod 60 = 1 mod 60  d = 37 (37*13 = 481)

13 istoica@cs.berkeley.edu13 Example (cont’d)  n = 77; e = 13; d = 37  Send message m = 7  Encryption: c = m e mod n = 7 13 mod 77 = 35  Decryption: m = c d mod n = 35 37 mod 77 = 7

14 istoica@cs.berkeley.edu14 Discussion  Can provide confidentiality  A receiver A computes n, e, d, and sends out (n, e) -Everyone who wants to send a message to A uses (n, e) to encrypt it  How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A !)  Recall that d = e -1 mod ((p-1)*(q-1))  So to find d, you need to find primes factors p and q -This is provable very difficult

15 istoica@cs.berkeley.edu15 Message Digest (MD) 5  Can provide data integrity -Used to verify the authentication of a message  Idea: compute a hash on the message and send it along with the message  Receiver can apply the same hash function on the message and see whether the result coincides with the received hash

16 istoica@cs.berkeley.edu16 MD 5 (cont’d)  Basic property: digest operation very hard to invert - in practice someone cannot alter the message without modifying the digest Internet Digest (MD5) Plaintext digest Digest (MD5) = digest’ NO corrupted msg Plaintext

17 istoica@cs.berkeley.edu17 Message Digest Operation  Transformation contains complex operations (see textbook, page 583) 512 bits Message (padded) Initial digest (constant) Transformation... Message digest

18 istoica@cs.berkeley.edu18 Authentication  Goal: Make sure that the sender an receiver are the ones they claim to be  Two solutions based on secret key cryptography (e.g., DES) -Three-way handshaking -Trusted third party  One solution based on public key cryptography (e.g., RSA) -Public key authentication

19 istoica@cs.berkeley.edu19 Simple Three-Way Handshaking  E(m,k) – encrypt message m with key k  D(m,k) – decrypt m with key k  CHK and SHK – client and server shared secrete keys  SK – session key used for data communication -This reduces the number of messages containing CHK and SHK  Question: how are CHK and SHK communicated in the first place? clientId, E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(SK,SHK) client server

20 istoica@cs.berkeley.edu20 Trusted Third Party  Trust a third party entity, authentication server -E.g., Kerberos protocol  Scenario: A wants to communicate with B  Assumption: both A and B share secrete keys with S: K A and K B  Notations: -T: timestamp (also serves the purpose of a random number) -L: lifetime of the session -K: session’s key

21 istoica@cs.berkeley.edu21 Trusted Third Party (cont’d) A,B E(T+1,K) E((T,L,K,B),K A ) E((T,L,K,A),K B ) E((A,T),K A ) E((T,L,K,A),K B ) S AB

22 istoica@cs.berkeley.edu22 Public Key Authentication  Based on public key cryptography  Each side need only to know the other side’s public key -No secrete key need to be shared  A encrypts a random number x and B proves that it knows x  A can authenticate itself to be in the same way E(x, Public B ) x A B

Download ppt "EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Distributed Systems CS 15-440 Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google