Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

ECE/CS 372 – introduction to computer networks Announcements: Lab 4 due now

advertisement 
ECE/CS 372 – introduction to computer networks
Lecture 16
Announcements:
 Lab 4 due now
 Assign 5 is due this Thursday
 Final exam in LPSC 125 (not here)
Credit for lecture slides to Professor Bechir Hamdaoui
Adapted from Jim Kurose & Keith Ross (original copyright)
Chapter 8, slide: 1
Chapter 8: Network Security
Goals:
 understand principles of network security:
cryptography and its many uses beyond
“confidentiality”
 authentication
 message integrity

 Example: securing email
Chapter 8, slide: 2
Bob, Alice want to communicate “securely”
 Trudy is an enemy (intruder): “bad” guy
Q: what should Bob & Alice be concerned about? confidentiality
 eavesdrop: messages are intercepted
integrity
 change: messages are modified
 impersonation: entire communication is hijacked by
replacing sender or receiver by himself
 denial of service: prevent services (e.g., by
overloading resources)
data
sender
receiver
Trudy
availability
Bob
Messages
Alice
authentication
data
Chapter 8, slide: 3
Who might Bob, Alice be?
… well, real-life Bobs and Alices!
 Web browser/server for electronic
transactions (e.g., on-line purchases)
 on-line banking client/server
 DNS servers
 routers exchanging routing table updates
Chapter 8, slide: 4
What is network security?
Goals of network security:
Confidentiality: only sender, intended receiver should
“understand” message contents


sender encrypts message
receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Integrity: sender, receiver want to ensure message not
altered (in transit, or afterwards) without detection
Availability: services must be accessible and available to
users
Chapter 8, slide: 5
Chapter 8 roadmap
 Principles of cryptography
 Message integrity
 Securing email
Chapter 8, slide: 6
Cryptography
 Cryptography allows a sender to disguise a message so
that an intruder can’t gain information from it
“confidentiality”
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
All terms marked in red
are crypto terminology
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
Chapter 8, slide: 7
Types of cryptography
symmetric key
- both sender and receiver use identical key
e.g., sender A encrypts with the key
receiver B decrypts with same key
public/private keys
- two keys (public and private) are to be used
e.g., sender A encrypts with B’s public key
receiver B decrypts with its Private key
Chapter 8, slide: 8
Symmetric key cryptography
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice
share/know same (symmetric) key: KA-B
 Q: how do Bob and Alice agree on key value?
Chapter 8, slide: 9
Symmetric key cryptography
monoalphabetic cipher: substituting one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: what is the encryption & decryption key?:
A: the mapping
Q: How hard to break this simple cipher?:
A: brute force (how hard?) how many possibilities? 26!
Chapter 8, slide: 10
Symmetric key cryptography
polyalphabetic cipher: multiple monoalphabetic ciphers
Eg.: C1, C2, C2, C3 (with 3 monoalphabetic cipher keys)
First letter, apply C1
Second letter, apply C2
Third letter, apply C2
Fourth letter, apply C3
Then, repeat
 Harder to break! By avoiding patterns, same letter may
appear in different positions
 Key is “C1, C2, C2, C3”
Chapter 8, slide: 11
Symmetric key cryptography
block cipher: msg is encrypted in blocks of k bits (independently)
 Each k-bit block is encrypted/mapped
 Possible mappings: 2k!
 Hard to break
Problem
 Hard to implement, with k=64, sender and receiver need to
store a mapping table of 264 entries !! Huge!!
Solution
 Use of functions: break blocks into smaller chunks
Chapter 8, slide: 12
Block Cipher
loop for
n rounds
64-bit input
8bits
8bits
8bits
8bits
8bits
8bits
8bits
8bits
T1
T2
T3
T4
T5
T6
T7
T8
8 bits
 one pass
through: one
input bit
affects eight
output bits
8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits
64-bit scrambler
64-bit output
 multiple passes: each input bit affects all output bits
Chapter 8, slide: 13
Cipher Block Chaining
Problem w/ Cipher Block
 if input block is
repeated, it produces
same cipher text:
 cipher block chaining:
XOR ith input block, m(i),
with previous block of
cipher text, c(i-1)
 c(0) transmitted to
receiver in clear
 what happens in
“HTTP/1.1” scenario
from above?
t=1
…
t=17
m(1) = “HTTP/1.1”
block
cipher
c(1)
m(17) = “HTTP/1.1”
block
cipher
c(17)
= “k329aM02”
= “k329aM02”
m(i)
c(i-1)
+
block
cipher
c(i)
Chapter 8, slide: 14
Public key cryptography
symmetric key crypto
 requires sender,
receiver know shared
secret key
 Q: how to agree on key
in first place
(particularly if never
“met”)?
public key cryptography
 radically different approach
 Two keys
Public key: encryp. key
known to all
 Private key: decryp. key
known only to receiver
 Sender uses public key only
to encryp
 Reciever uses both keys to
decryp.

Chapter 8, slide: 15
Public key cryptography
+ Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
 Note: only Bob is able to understand (decrypt)
message m. Because only Bob has Bob’s private key
 This assures “confidentiality”
Chapter 8, slide: 16
Public key encryption algorithms
Requirements:
1
2
+
need K ( ) and K - ( ) such that
B
B
- +
K (K (m)) = m
B B
.
.
+
given public key KB , it should be
impossible to compute
private key KB
RSA: Rivest, Shamir, Adleman algorithm
Chapter 8, slide: 17
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
+
KB
-
KB
Chapter 8, slide: 18
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
e
e
c = m mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
d
m = c d mod n (i.e., remainder when c is divided by n)
Magic
d
m = (m e mod n) mod n
happens!
c
Chapter 8, slide: 19
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
encrypt:
decrypt:
letter
m
me
l
12
1524832
c
17
d
c
481968572106750915091411825223071697
c = me mod n
17
m = cd mod n letter
12
l
Chapter 8, slide: 20
Another RSA example:
Bob chooses p=5, q=11.
Question: Find (n,e) and (n,d)
One answer: 1) n=55; z = 40; 2) e=27; 3) d=3 (ed – 1 = 80 is divisible by 40)
4) public key: (n,e) = (55,27) ; private key: (n,d) = (55,3)
Step 1: Compute n = pq, z = (p-1)(q-1)
Step 2: Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
Step 3: Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
Step 4: Public key is (n,e). Private key is (n,d).
K
+
B
K
B
Chapter 8, slide: 21
RSA: another important property
The following property will be very useful later:
-
+
B
B
K (K (m))
+ = m = K (K (m))
B B
use public key
first, followed
by private key
use private key
first, followed
by public key
Result is the same!
Chapter 8, slide: 23
Chapter 8 roadmap
 Principles of cryptography
 Message integrity
 Securing email
Chapter 8, slide: 24
Message Integrity/Authentication
Bob receives msg from Alice, wants to ensure:


Authentication: message originally came from Alice
Integrity: message not changed since sent by Alice
Cryptographic Hashing:
 What:
 take input m, produce fixed length value, H(m)
 e.g., as in Internet checksum
 Properties of H:
 given m = H(x), (x unknown), it is computationally infeasible to
determine x.
 difficult to find x  y such that H(x) = H(y)
 note: Internet checksum fails this requirement!
 Examples
 widely used hash functions: MD5, SHA
Chapter 8, slide: 25
MAC: Message Authentication Code
(shared secret)
s
H(.)
(message)
m
append
H(.)
m
H(m+s)
public
Internet
H(m+s)
m
compare
H(m+s)
H(m+s)
s
(shared secret)
 Does MAC solve
 Integrity ?? How ??
via Hashing

Authentication ?? How ??
via secret key
 Any problem ??
 Secret key distribution ??
 So we can’t really
authenticate via MAC alone
Chapter 8, slide: 27
Digital Signatures via Public Key Crypto
simple digital signature for message m:
 Bob “signs” m by encrypting with his private key
K -, creating “signed” message, K -(m)
B
Bob’s message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
B
K B Bob’s private
key
public key
encryption
algorithm
-
K B(m)
Bob’s message,
m, signed
(encrypted) with
his private key
Chapter 8, slide: 28
MAC via private/public keys
Alice’s public key
+
KA
-
K (m)
m
A
(message)
m
m
append
m
-
-
K (m)
A
public
Internet
-
K (m)
A
compare
m
m
K (m)
A
-
KA
Alice’s private key
 Note: only Alice would have had her private key
 This assures “authentication”
Chapter 8, slide: 30
Digital Signatures via Public Key Crypto (more)
Problem
 Signing data by encryption and decryption is
computationally expensive
 Imagine encrypting (signing) huge files of data !!!
Solution
 Sign hashed output of original msg (sign H(m) only)
 Recall hash algorithms turn large msgs into small, fixed
length msg
 … signed MAC is the solution
-
Chapter 8, slide: 31
Digital signature = signed MAC
= authentication + integrity
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: hash
function
Bob’s
private
key
+
-
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: hash
function
KB(H(m))
Bob’s
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Chapter 8, slide: 32
Public Key Certification
Problem with public key:
 When Alice obtains Bob’s public key (from web site,
e-mail, diskette), how does she know it is Bob’s
public key, not Trudy’s?
solution:
 trusted certification authority (CA)
Chapter 8, slide: 33
Certification Authorities
 Certification Authority (CA): binds public key to
particular entity, E.
 E registers its public key with CA.



E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA:
CA says “This is E’s public key.”
- +
K CA(KB )
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
+
KB
certificate for
Bob’s public key,
signed by CA
Chapter 8, slide: 34
Certification Authorities
 when Alice wants Bob’s public key:
gets Bob’s certificate
 apply CA’s public key to Bob’s certificate, get
Bob’s public key

+
KB
-
+
K CA(KB )
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
key
KB
+
K CA
Chapter 8, slide: 35
Get Bob’s public key from CA
CA’s public key
+
K CA
(Bob’s public key)
+
KB
append
+
KB
-
K
+
B
K - (K + )
CA
B
public
Internet
+
K CA(KB )
K
+
KB
+
KB
CA
(K + )
B
compare
+
KB
-
K CA
CA’s private key
 Alice just got Bob’s public key (authenticated key)
 Of course, here we assume that you have CA’s public
key !!! Need to get it physically !!!
Chapter 8, slide: 36
Chapter 8: Recap
So far:
Note: Sender applies
receiver’s public key
 Cryptography & confidentiality
 Symmetric key
 Public key: A wants to send msg m to B. What does A send?
A sends KB+(m); hence, ONLY B understands m by applying KB(KB+(m))
=> confidentiality
Note: Sender applies
 Authentication & integrity
its private key
 MAC (Msg Authen. Code):
requires symmetric key
 Signed MAC: A -> B
A sends (m,KA-(m)) to B,
Hence, All get m by applying KA+(KA-(m));
Comparison => authen. + integrity, but NOT confidentiality
Chapter 8, slide: 37
Chapter 8 roadmap
 Principles of cryptography
 Message integrity
 Securing e-mail
Chapter 8, slide: 38
Secure e-mail (confidentiality)

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
A
KS
+
.
K B( )
+
KS(m )
KS(m )
-
Internet
+
KB(KS )
KB
.
KS( )
+
KB(KS )
m
KS
-
.
B
K B( )
-
KB
Alice:
 generates random symmetric private key, KS.
Bob:
encrypts
message
with
KS (for efficiency)
 uses
his to
private
key
to
decrypt
and recover
KS encrypts with
Note
that
provide
confidentiality,
sender
also encrypts
KSkey
with
key.
 uses
KS public
to decrypt
K(ONLY
(m) topublic
recover
m should see msg)
SBob’s
receiver’s
receiver
 sends both KS(m) and KB(KS) to Bob.
Chapter 8, slide: 39
Secure e-mail (authen. + integrity)
• Alice wants to provide sender authentication/integrity.
+
-
KA
m
A
.
H( )
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Again note that to provide authenticate/integrity,
sender encrypts with its private (all can understand msg)
Chapter 8, slide: 40
B
Secure e-mail (all: confid. + auth. + integrity)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
A
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Chapter 8, slide: 41
The end of new material!
Final Review on Thursday!
Chapter 8, slide: 42
Related documents
Wednesday, February 17 Morgan 202 5:30 pm
Wednesday, February 17 Morgan 202 5:30 pm
Massachusetts Institute of Technology
Massachusetts Institute of Technology
Extra Credit 7 (10 pts): x
Extra Credit 7 (10 pts): x
CRYPTOGRAPHY AND THE DIFFIE–HELLMAN Presentation by CDT Ashcraft
CRYPTOGRAPHY AND THE DIFFIE–HELLMAN Presentation by CDT Ashcraft
Did you miss Bob Andres on FOX Business? Last Friday Bob Andres
Did you miss Bob Andres on FOX Business? Last Friday Bob Andres
Download
advertisement