Chapter 8: Network Security
Chapter goals:
 Understand principles of network security:
cryptography and its many uses beyond
“confidentiality”
 authentication
 message integrity
 key distribution

Network Security
7-1
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
 sender encrypts message
 receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
 Virus email really from your friends?
 The website really belongs to the bank?
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
 Digital signature
Network Security
7-2
What is network security?
Other Requirements:
Nonrepudiation: sender cannot deny later that
messages received were not sent by him/her
Access and Availability: services must be accessible
and available to users upon demand

Denial of service attacks
Anonymity: identity of sender is hidden from
receiver (within a group of possible senders)
Network Security
7-3
Friends and enemies: Alice, Bob, Trudy
 well-known in network security world
 Bob, Alice (lovers!) want to communicate “securely”
 Trudy (intruder) may intercept, delete, add messages
Alice
data
channel
secure
sender
Bob
data, control
messages
secure
receiver
data
Trudy
Network Security
7-4
The language of cryptography
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
Network Security
7-5
Breaking an encryption scheme
 cipher-text only
attack: Trudy has
ciphertext she can
analyze
 two approaches:
 brute force: search
through all keys
 statistical analysis
Network Security
 known-plaintext attack:
Trudy has plaintext
corresponding to
ciphertext
 e.g., in monoalphabetic
cipher, Trudy
determines pairings
for a,l,i,c,e,b,o,
 chosen-plaintext attack:
Trudy can get
ciphertext for chosen
plaintext
Two Classes of Cryptography
symmetric key crypto: sender, receiver
keys identical
public-key crypto: encryption key public,
decryption key secret (private)
Network Security
7-7
Classical Cryptography
 Transposition Cipher
 Substitution Cipher
 Simple substitution cipher (Caesar cipher)
 Vigenere cipher
 One-time pad
Network Security
7-8
Transposition Cipher: rail fence
 Write plaintext in two rows in column order
 Generate ciphertext in row order
 Example:
“HELLOWORLD”
HLOOL
ELWRD
ciphertext: HLOOLELWRD
Problem: does not affect the frequency of
individual symbols
Network Security
7-9
Simple substitution cipher
substituting one thing for another

Simplest one: monoalphabetic cipher:
• substitute one letter for another (Caesar Cipher)
ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFG HIJ KLMN OPQRSTUVWXYZABC
Example: encrypt “I attack”
Network Security 7-10
substitution cipher: substituting one thing for
another

monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
e.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Encryption key: mapping from set of 26 letters
to set of 26 letters
Network Security
Problem of simple substitution
cipher
 The key space for the English Alphabet is
very large: 26! 4 x 1026
 However:
 Previous example has a key with only 26
possible values
 English texts have statistical structure:
• the letter “e” is the most used letter. Hence, if one
performs a frequency count on the ciphers, then the
most frequent letter can be assumed to be “e”
Network Security 7-12
Distribution of Letters in
English
Frequency analysis
Network Security 7-13
Vigenere Cipher
 Idea: Uses Caesar's cipher with various different
shifts, in order to hide the distribution of the
letters.
 A key defines the shift used in each letter in the
text
 A key word is repeated as many times as required
to become the same length
Plain text: I a t t a c k
Key:
2342342
Cipher text: K d x v d g m
(key is “234”)
Network Security 7-14
Problem of Vigenere Cipher
 Vigenere is easy to break (Kasiski, 1863):
 Assume we know the length of the key. We can
organize the ciphertext in rows with the same
length of the key. Then, every column can be seen
as encrypted using Caesar's cipher.
 The length of the key can be found using several
methods:



1. If short, try 1, 2, 3, . . . .
2. Find repeated strings in the ciphertext. Their distance
is expected to be a multiple of the length. Compute the
gcd of (most) distances.
3. Use the index of coincidence.
Network Security 7-15
One-time Pad
 Extended from Vigenere cipher
 Key is as long as the plaintext
 Key string is random chosen
 Pro: Proven to be “perfect secure”
 Cons:
• How to generate Key?
• How to let bob/alice share the same key pad?

Code book
Network Security 7-16
Symmetric key cryptography
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know same
(symmetric) key: K
A-B
 e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
 Q: how do Bob and Alice agree on key value?
Network Security 7-17
Symmetric key crypto: DES
DES: Data Encryption Standard
 US encryption standard [NIST 1993]
 56-bit symmetric key, 64-bit plaintext input
 How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase
(“Strong cryptography makes the world a safer
place”) decrypted (brute force) in 4 months
 no known “backdoor” decryption approach
 making DES more secure (3DES):
 use three keys sequentially on each datum
 use cipher-block chaining

Network Security 7-18
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical “rounds” of
function application,
each using different
48 bits of key
final permutation
Network Security 7-19
AES: Advanced Encryption Standard
 new (Nov. 2001) symmetric-key NIST
standard, replacing DES
 processes data in 128 bit blocks
 128, 192, or 256 bit keys
 brute force decryption (try each key)
taking 1 sec on DES, takes 149 trillion
years for AES
Network Security 7-20
Public Key Cryptography
symmetric key crypto
 requires sender,
receiver know shared
secret key
 Q: how to agree on key
in first place
(particularly if never
“met”)?
public key cryptography
 radically different
approach [DiffieHellman76, RSA78]
 sender, receiver do
not share secret key
 public encryption key
known to all
 private decryption
key known only to
receiver
Network Security 7-21
Public key cryptography
+ Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
Network Security 7-22
Public key encryption algorithms
Requirements:
1
2
+
need K ( ) and K - ( ) such that
B
B
- +
K (K (m)) = m
B B
.
.
+
given public key KB , it should be
impossible to compute
private key KB
RSA: Rivest, Shamir, Adelson algorithm
Network Security 7-23
RSA: another important property
The following property will be very useful later:
-
+
B
B
K (K (m))
+ = m = K (K (m))
B B
use public key
first, followed
by private key
use private key
first, followed
by public key
Result is the same!
Network Security 7-24
RSA in practice: session keys
 exponentiation in RSA is computationally intensive
 DES is at least 100 times faster than RSA
 use public key cryto to establish secure
connection, then establish second key – symmetric
session key – for encrypting data
session key, KS
 Bob and Alice use RSA to exchange a symmetric
key KS
 once both have KS, they use symmetric key
cryptography
Network Security
Digital Signatures
Cryptographic technique analogous to handwritten signatures.
 sender (Bob) digitally signs document,
establishing he is document owner/creator.
 verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else
(including Alice), must have signed document
Network Security 7-26
Digital Signatures
Simple digital signature for message m:
 Bob signs m by encrypting with his private key
-
KB, creating “signed” message, KB(m)
Bob’s message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
K B Bob’s private
key
Public key
encryption
algorithm
-
K B(m)
Bob’s message,
m, signed
(encrypted) with
his private key
Network Security 7-27
Digital Signatures (more)
-
 Suppose Alice receives msg m, digital signature KB(m)
 Alice verifies m signed by Bob by applying Bob’s
+
-
+
-
public key KB to KB(m) then checks KB(KB(m) ) = m.
+
-
 If KB(KB(m) ) = m, whoever signed m must have used
Bob’s private key.
Alice thus verifies that:
 Bob signed m.
 No one else signed m.
 Bob signed m and not m’.
Non-repudiation:
 Alice can take m, and signature KB(m) to
court and prove that Bob signed m.
Network Security 7-28
Message Digests
Computationally expensive
to public-key-encrypt
long messages
Goal: fixed-length, easyto-compute digital
“fingerprint”
 apply hash function H
to m, get fixed size
message digest, H(m).
large
message
m
H: Hash
Function
H(m)
Hash function properties:
 many-to-1
 produces fixed-size msg
digest (fingerprint)
 given message digest x,
computationally
infeasible to find m such
that x = H(m)
Network Security 7-29
Internet checksum: poor crypto hash
function
Internet checksum has some properties of hash function:
 produces fixed length digest (16-bit sum) of message
 is many-to-one
But given message with given hash value, it is easy to find
another message with same hash value:
message
I O U 1
0 0 . 9
9 B O B
ASCII format
49 4F 55 31
30 30 2E 39
39 42 D2 42
B2 C1 D2 AC
message
I O U 9
0 0 . 1
9 B O B
ASCII format
49 4F 55 39
30 30 2E 31
39 42 D2 42
B2 C1 D2 AC
different messages
but identical checksums!
Network Security 7-30
Hash Function Algorithms
 MD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step
process.
 arbitrary 128-bit string x, appears difficult to
construct msg m whose MD5 hash is equal to x.
 SHA-1 is also used.
 US standard [NIST, FIPS PUB 180-1]
 160-bit message digest

Network Security 7-31
Digital signature = signed message digest
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
No confidentiality !
KB(H(m))
Bob’s
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Network Security 7-32
Trusted Intermediaries
Symmetric key problem:
Public key problem:
 How do two entities
 When Alice obtains
establish shared secret
key over network?
Solution:
 trusted key distribution
center (KDC) acting as
intermediary between
entities
Bob’s public key (from
web site, e-mail,
diskette), how does she
know it is Bob’s public
key, not Trudy’s?
Solution:
 trusted certification
authority (CA)
Network Security 7-33
Certification Authorities
 Certification authority (CA): binds public key to
particular entity, E.
 E (person, router) registers its public key with CA.



E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
certificate containing E’s public key digitally signed by CA
– CA says “this is E’s public key”
- +
K CA(KB )
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
+
KB
certificate for
Bob’s public key,
signed by CA
Network Security 7-34
Certification Authorities
 When Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).
 apply CA’s public key to Bob’s certificate, get
Bob’s public key

+
KB
-
+
K CA(KB )
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
key
KB
+
K CA
Network Security 7-35
A certificate contains:
 Serial number (unique to issuer)
 info about certificate owner, including algorithm
and key value itself (not shown)
 info about
certificate
issuer
 valid dates
 digital
signature by
issuer
Network Security 7-36
Internet Web Security
Architecture
CA
Web Server B
K+B
K-CA(K+B)
Client A
Cert Request
K-CA(K+B)
K+B(KAB, R)
KAB(R)
KAB(m)
Network Security 7-37
Internet Web Security Conditions
 Clients’ web browsers have built-in CAs.
 CAs are trustable
 Web servers have certificates in CAs.
 Q: What if a server has no certificate?
 Example: SSH servers
Network Security 7-38
SSH Example
Web Server B
Client A
K+B(KAB, R)
KAB(R)
KAB(m)
 Initial setup:
Trust the first-time connection
 Save the server’s public key

 Under Linux, generate public key pair:
 ssh-keygen
Network Security 7-39
Secure e-mail
Assumption: Public keys are pre-distributed securely
E.g: through CA, or pre-established like SSH
Alice wants to send confidential e-mail, m, to Bob.
KS
m
.
KS( )
KS(m )
+
KS
Alice:




+
.
K B( )
+
Internet
+
KB(KS )
KB
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and K+B(KS) to Bob.
Network Security 7-40
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
.
KS( )
-
Internet
+
KB(KS )
KB
m
KS
-
.
K B( )
-
KB
Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m
Network Security 7-41
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
-
KA
m
H(.)
-
.
KA( )
+
-
-
KA(H(m))
KA(H(m))
+
Internet
m
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Network Security 7-42
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Network Security 7-43