15-441 Computer Networking

1
15-441 Computer Networking

• Lecture 21 Security and Cryptography
• Thanks to various folks from 15-441, semesters
  past and others

2
Security Threats

• Impersonation
• Pretend to be someone else to gain access to
  information or services
• Insecrecy
• Eavesdrop on data over network
• Corruption
• Modify data over network
• Repudiation
• Deny sending a message
• Break-ins
• Take advantage of implementation bugs
• Denial of Service
• Flood resource to deny use from legitimate users

3
Three Levels of Defense

• Firewalls
• Filtering dangerous traffic at a middle point
  in the network
• Covered next lecture
• Network level security (e.g. IPsec)
• Host-to-host encryption and authentication
• Can provide security without application
  knowledge
• Cannot always protect applications from each
  other
• Application level security
• True end-to-end security
• Requires extra effort per application
• Libraries help, like SSL/TLS

4
Private Key Authentication

• Alice wants to talk to Bob
• Needs to convince him of her identity
• Both have private key k
• Naive scheme
• Alice
  Bob
• Vulnerability?

I am Alice, x, E(x, k)
5
Replay Attack

• Eve can listen in and impersonate Alice later
• Alice
  Bob
• Eve

I am Alice, x, E(x, k)
I am Alice, x, E(x)
6
Preventing Replay Attacks

• Bob can issue a challenge phrase to Alice
• Alice
  Bob

I am Alice
x
E(x, k)
7
Private Key Cryptosystems

• Finite message domain M, key domain K
• Key k ? K
• Known by all parties
• Must be secret
• Encrypt E M K ? M
• Plaintext mp to ciphertext mc as mc E(mp, k)
• Decrypt D M K ? K
• mp D(mc, k) D(E(mp, k), k)
• Cryptographic security
• Given mc, hard to determine mp or k
• Given mc and mp, hard to determine k

8
One Time Pad

• Messages
• n-bit strings b1,,bn
• Keys
• Random n-bit strings k1,,kn
• Encryption/Decryption
• c E(b, k) b ? k b1 ? k1, , bn ? kn
• ? denotes exclusive or
• b D(b, k) c ? k b ? k ? k b ? 1, , 1
  b
• Properties
• Provably unbreakable if used properly
• Keys must be truly random
• Must not be used more than once
• Key same size as message

9
Simple Permutation Cipher

• Messages
• n-bit strings b1,,bn
• Keys
• Permutation ? of n
• Let ? ?-1
• Encryption/Decryption
• E(b1,,bn, ?) b ? (1),,b ? (n)
• D(b1,,bn, ?) b ? (1),,b ? (n)
• Properties
• Cryptanalysis possible
• Only small part of plaintext and key used for
  each part of ciphertext

10
Data Encryption Standard (DES)
11
Overview
Plaintext
Key
Key
Key
Key
Cyphertext
16 rounds of permutations and substitution
DES is a 64-bit block cipher. Both the plaintext
and ciphertext are 64 bits wide. The key is
64-bits wide, but every eighth bit is a parity
bit yielding a 54-bit key.
12
Initialization
Key
Right Half
Plaintext
Round
Left Half
13
Termination
Key
Right Half
Round
Ciphertext
Left Half
14
A Round
Transformed Key (48-bit)
Right Half
Right Half
Left Half
Left Half
15
Permutations and Substitutions
Transformed Key (48-bit)
Right Half
8 S-Boxes are used by the P-Box
16
Key Transformation
28-bit left semikey
64-bit Key
Remove parity bit
56-bit Key
28-bit right semikey
28-bit shifted left semi-key
48-bit semi-key
28-bit shifted right semi-key
17
E-Box (Expansion Box)
1
1 2 3 4 5 6 7 8
.. .. .. .. 29 30 31 32

32
48
1 2 3 4 5 6 7 8 9 10 11
.. .. .. .. 44 45 46 47
48
1
18
S-Box (Substitution Box)
There are 8 different S-Boxes, each of which
provides a different 64 mapping. Whered they
come from? Some combination of IBM and NSA. The
mappings are based on cryptanalysis and are
ostensibly free of weaknesses, back-doors, c.
19
P-Box (Permutation Box)
48-bit input
S-Box 1
S-Box 2
S-Box 3
S-Box 4
S-Box 5
S-Box 6
S-Box 7
S-Box 8
32-bit output
20
Block Cipher Modes

• How do we break a message down into blocks for
  encryption by DES or another block cipher?

21
Electronic Code Book (ECB) Mode
Plaintext
Block Encryption
Ciphertext

• Pad last block, if necessary

22
Cipher Block Chaining (CBC) Mode
Plaintext
Block Encryption
Ciphertext

• Pad last block, if necessary
• Random Block called IV can be sent in plain
  text. Not a secret just prevents a codebook.
  Often times a timestamp.

23
Cipher Feedback Mode (CFB) Mode
1 unit is 1/N block
Shift Register (1 Block wide)
Block Encryption
Encrypted Register
After each unit, shift input register and insert
the most recently generated unit of ciphertext
Next unit of Ciphertext
Next unit of Plaintext
XOR
output
24
Output Feedback Mode (OFB) Mode
1 unit is 1/N block
Shift Register (1 Block wide)
Block Encryption
Encrypted Register
After each unit, shift input register and insert
the leftmost unit of the encrypted register.
Next unit of Ciphertext
Next unit of Plaintext
XOR
output
25
Other Ciphers

• Triple-DES
• DES three times
• mc E(D(E(mp, k1), k2, k3)
• Effectively 112 bits
• Three times as slow as DES
• Blowfish
• Developed by Bruce Schneier circa 1993
• Variable key size from 32 to 448 bits
• Very fast on large general purpose CPUs (modern
  PCs)
• Not very easy to implement in small hardware
• Advanced Encryption Standard (AES)
• Selected by NIST as replacement for DES in 2001
• Uses the Rijndael algorithm
• Keys of 128, 192 or 256 bits