EE 122: (More) Network
Security
November 5, 2003
Katz, Stoica F04
EECS 122:
Introduction to Computer Networks
Network Security II
Computer Science Division
Department of Electrical Engineering and Computer Sciences
University of California, Berkeley
Berkeley, CA 94720-1776
Katz, Stoica F04
Today’s Lecture: 20
2
17,18
Application
19
,
6
2
0
10,11
14, 15,
16
7, 8, 9
21, 22, 23
25
Transport
Network (IP)
Link
Physical
Katz, Stoica F04
3
Security Requirements

Authentication
- Ensures that the sender and the receiver are who they are
claiming to be

Data integrity
- Ensure that data is not changed from source to destination

Confidentiality
- Ensures that data is red only by authorized users

Non-repudiation
- Ensures that the sender has strong evidence that the
receiver has received the message, and the receiver has
strong evidence of the sender identity, strong enough such
that the sender cannot deny that it has sent the message
and the receiver cannot deny that it has received the
message (not discussed in this lecture)
Katz, Stoica F04
4
Outline



Cryptographic Algorithms (Confidentiality and
Integrity)
Authentication
System examples
Katz, Stoica F04
5
Cryptographic Algorithms

Security foundation: cryptographic algorithms
- Secret key cryptography, Data Encryption Standard
(DES)
- Public key cryptography, RSA algorithm
- Message digest, MD5
Katz, Stoica F04
6
Symmetric Key

Both the sender and the receiver use the same
secret keys
Plaintext
Plaintext
Encrypt with
secret key
Internet
Decrypt with
secret key
Ciphertext
Katz, Stoica F04
7
Data Encryption Standard (DES)


DES encrypts a 64-bit
block of plain text using
a 64-bit key
Three phases
1. Permute the 64 bits in the
block
2. Apply a given operation
16 times on the 64 bits
3. Permute the 64 bits using
the inverse of the original
permutation
1st phase
IP(input)
Round 1
2nd
phase
..
.
key
Round 16
3rd phase
IP-1(input)
Katz, Stoica F04
8
Initial Permutation (IP)

IP: bit 58 of input becomes 1st bit, it 50 becomes
2nd bit, etc
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

IP-1: inverse of IP, e.g., IP(1) = 58, IP-1 (58) = 1
40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
Katz, Stoica F04
9
2nd Phase: Operation In Each Round



Key K is 64 bits
16 rounds
Each round i select a 48
bit key Ki from the original
64 bit key K. Perform (F is
a given function):
Li  Ri 1
0
63
63
32
Li-1
31
0
Ri-1
F
Ki
+
Li
Ri
Ri  Li 1  F ( Ri 1 , K i )
Katz, Stoica F04 10
Encrypting Larger Messages

Initialization Vector (IV) is a random number
generated by sender and sent together with the
ciphertext
Block1
IV
Block2
Block3
Block4
+
+
+
+
DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
Katz, Stoica F04
11
DES Properties

Provide confidentiality
- No mathematical proof, but practical evidence suggests
that decrypting a message without knowing the key
requires exhaustive search
- To increase security use triple-DES, i.e., encrypt the
message three times
Katz, Stoica F04 12
Public-Key Cryptography: RSA (Rivest,
Shamir, and Adleman)

Sender uses a public key
- Advertised to everyone

Receiver uses a private key
Plaintext
Plaintext
Encrypt with
public key
Internet
Decrypt with
private key
Ciphertext
Katz, Stoica F04 13
Generating Public and Private Keys





Choose two large prime numbers p and q (~ 256 bit
long) and multiply them: n = p*q
Chose encryption key e such that e and (p-1)*(q-1)
are relatively prime
Compute decryption key d, where
d = e-1 mod ((p-1)*(q-1))
(equivalent to d*e = 1 mod ((p-1)*(q-1)))
Public key consist of pair (n, e)
Private key consists of pair (d, n)
Katz, Stoica F04 14
RSA Encryption and Decryption

Encryption of message block m:
- c = me mod n

Decryption of ciphertext c:
- m = cd mod n
Katz, Stoica F04 15
Example (1/2)



Choose p = 7 and q = 11  n = p*q = 77
Compute encryption key e: (p-1)*(q-1) = 6*10 = 60 
chose e = 13 (13 and 60 are relatively prime numbers)
Compute decryption key d such that 13*d = 1 mod 60 
d = 37 (37*13 = 481)
Katz, Stoica F04 16
Example (2/2)




n = 77; e = 13; d = 37
Send message block m = 7
Encryption: c = me mod n = 713 mod 77 = 35
Decryption: m = cd mod n = 3537 mod 77 = 7
Katz, Stoica F04 17
RSA Proof Sketch (1/4)
mod properties. Suppose a = b mod k, and c = d mod k.
Then
1) a + c = (b + d) mod k
2) a*c = (b*d) mod k

Katz, Stoica F04 18
RSA Proof Sketch (2/4)

Theorem: Assume a and d are relatively primes,
(a, d) = 1. Then a*b = a*c mod d implies b = c mod d
Proof:
Since (a, d) = 1, there exists m and n such that
a*m + d*n = 1 
a*m = -d*n + 1 
a*m = 1 mod d (1)
Then, we have
a*b = (a*c) mod d 
(a*m*b) = (a*m*c) mod d  (using mod additive property)
a = c mod d (from (1))
Katz, Stoica F04 19
RSA Proof Sketch (3/4)
Euler Theorem: Let Φ(d) be the number of numbers less
than d relative prime to d, and suppose (a, d) = 1. Then
aΦ(d) = 1 mod d.
Proof:

Let a1, a2, .., aΦ(d) by the prime numbers to a. Then for all i
(ai, 1) = 1, (a, d) = 1, and (a*ai, d) = 1.
Note that (a*ai mod d) are Φ(d) relatively prime numbers (< d) to d.
Thus, lists a1, a2, …, aΦ(d) and (a*a1) mod n, (a*a2) mod n, …, (a*aΦ(d)) mod
d,
contain the same numbers!
Using mod properties we have:
(a*a1)*(a*a2)* .. *(a*aΦ(d)) = (a1*a2*… *aΦ(d)) mod d 
aΦ(d) (a1*a2*… *aΦ(d)) = (a1*a2*… *aΦ(d)) mod d  (from prev. Theorem)
Katz, Stoica F04 20
aΦ(d) = 1 mod d
RSA Proof Sketch (4/4)

Theorem: Suppose (1) p and q are primes, (2) n =
pq, (3) e*d = 1 mod (p-1)(q-1), and (4) c = me mod n.
Then m = cd mod n
Proof:
Assume m = 1 mod p and m = 1 mod q (Otherwise much longer proof)
Since p and q are primes
Φ(p) = p -1, Φ(q) = q -1, and Φ(p*q) = (p-1)*(q-1).
Since m = 1 mod (p*q) = 1 mod n, from Euler Theorem
mΦ(n) = 1 mod n  m(p-1)(q-1) = 1 mod pq
ce mod n = m(e*d) mod n = c(k*(p-1)(q-1) + 1) mod pq
= mk*(p-1)(q-1))* m mod pq 
= m mod pq = m (since m < p*q)
Katz, Stoica F04 21
Properties


Confidentiality
A receiver A computes n, e, d, and sends out (n, e)
- Everyone who wants to send a message to A uses (n, e) to
encrypt it



How difficult is to recover d ? (Someone that can do
this can decrypt any message sent to A!)
Recall that
d = e-1 mod ((p-1)*(q-1))
So to find d, you need to find primes factors p and q
- This is provable very difficult
Katz, Stoica F04 22
Message Digest (MD) 5

Can provide data integrity
- Used to verify the authentication of a message


Idea: compute a hash on the message and send
it along with the message
Receiver can apply the same hash function on
the message and see whether the result
coincides with the received hash
Katz, Stoica F04 23
MD 5 (cont’d)

Basic property: digest operation very hard to invert
- In practice someone cannot alter the message without
modifying the digest
corrupted msg Plaintext
Plaintext
NO
=
digest’
Digest
(MD5)
Internet
Digest
(MD5)
digest
Katz, Stoica F04 24
Message Digest Operation

Transformation contains complex operations (see
textbook)
Initial digest
(constant)
Message (padded)
512 bits 512 bits
512 bits
Transformation
Transformation
..
.
Transformation
Message digest
Katz, Stoica F04 25
Outline



Cryptographic Algorithms (Confidentiality and
Integrity)
Authentication
System examples
Katz, Stoica F04 26
Authentication


Goal: Make sure that the sender an receiver are
the ones they claim to be
Two solutions based on secret key cryptography
(e.g., DES)
- Three-way handshaking
- Trusted third party

One solution based on public key cryptography
(e.g., RSA)
- Public key authentication
Katz, Stoica F04 27
Simple Three-Way Handshaking




E(m,k) – encrypt message
m with key k
D(m,k) – decrypt m with
key k
CHK and SHK – client
and server shared secrete
keys
SK – session key used for
data communication
client
server
- This reduces the number
of messages containing
CHK and SHK

Question: how are CHK
and SHK communicated in
the first place?
Katz, Stoica F04 28
Trusted Third Party




Trust a third party entity, authentication server
Scenario: A wants to communicate with B
Assumption: both A and B share secrete keys with S:
KA and KB
Notations:
- T: timestamp (also serves the purpose of a random number)
- L: lifetime of the session
- K: session’s key
Katz, Stoica F04 29
Trusted Third Party (cont’d)
S
A
B
Katz, Stoica F04 30
Public Key Authentication


Based on public key cryptography
Each side need only to know the
other side’s public key
A
B
- No secrete key need to be shared


A encrypts a random number x
and B proves that it knows x
A can authenticate itself to be in
the same way
Katz, Stoica F04 31
Outline



Cryptographic Algorithms (Confidentiality and
Integrity)
Authentication
System examples
Katz, Stoica F04 32
Public Key Infrastructure (PKI)



System managing public key distribution on a
wide-scale
Trust distribution mechanism
Allow any arbitrary level of trust
Katz, Stoica F04 33
PKI Properties




Authentication  via Digital Certificates
Confidentiality  via Encryption
Integrity  via Digital Signatures
Non–Repudiation  via Digital Signatures
Katz, Stoica F04 34
Components of a PKI
Katz, Stoica F04 35
Digital Certificate

Signed data structure that binds an entity with its
corresponding public key
- Signed by a recognized and trusted authority, i.e.,
Certification Authority (CA)
- Provide assurance that a particular public key belongs to a
specific entity
Katz, Stoica F04 36
Certification Authority


People, processes responsible for creation, delivery
and management of digital certificates
Organized in an hierarchy
Root CA
CA-1
CA-2
Katz, Stoica F04 37
Registration Authority

People, processes and/or tools that are responsible
for
- Authenticating the identity of new entities (users or
computing devices)
- Requiring certificates from CA’s.
Katz, Stoica F04 38
Certificate Repository

A database which is accessible to all users of a PKI,
contains:
- Digital certificates,
- Certificate revocation information
- Policy information
Katz, Stoica F04 39
Example

Alice generates her own key pair.
private key
Alice
public key
Alice
 Bob generates his own key pair.
private key
Bob
public key
Bob
 Both sent their public key to a CA and receive a digital
certificate
Katz, Stoica F04 40
Example

Alice gets Bob’s public key from the CA
private key
Alice

Bob gets Alice’s public key from the CA
private key
Bob
Katz, Stoica F04 41
Example

Alice use private key to sign: use public key
cryptography to provide integrity
Alice
Message
Bob
Hash
Hash
Encryption
Decryption
Alice
Private
Message
?
=
Hash
Alice
Public
Katz, Stoica F04 42
Certificate Revocation


Process of publicly announcing that a certificate
has been revoked and should no longer be used.
Approaches:
- Use certificates that automatically time out
- Use certificate revocation list
- Use list that itemizes all revoked certificates in an online directory
Katz, Stoica F04 43
Pretty Good Privacy (PGP)

Provide
- Authentication
- Confidentiality


Application examples: file transfers, e-mail
Authentication weaker than PKI, but
- Freely available
- Not controlled by a government or standard
organization
Katz, Stoica F04 44
PGP Services



Authentication  Digital signature; uses
DSS/SHA or RSA/SHA
Confidentiality  Encryption, e.g., three-key triple
DES or RSA
Also provides
- Compression  Zip
- E-mail compatibility  Radix-64 conversion
- Segmentation
Katz, Stoica F04 45
PGP: Public Key Management


No rigid public key management scheme
Problem: how to get public key reliable
- Possible solution: physically or by phone. Secure but
unpractical

PGP solution: build a ”web of trust”
- Assume you know several variably trusted users
- Each of these indvidual can sign certificates for other
users
- Each signature has asociated a trust field indicating the
level of trust in the certificate
Katz, Stoica F04 46
Katz, Stoica F04 47
What do You Need To Know


Security requirements
Cryptographic algorithms
- How does DES and RSA work (no proof for RSA)


Authentication algorithms
Public key management, digital certificates (high
level)
Katz, Stoica F04 48