Network Security

1
Network Security
2
Three tools

• Hash Function
• Block Cipher
• Public Key / Private Key

3
Hash Functions

• We used SHA-1 in our project.
• SHA-1 takes no more than 264 bits as input and
  returns a 160-bit output.
• SHA stands for Secure Hash Function.
• Other hash functions include MD5 which returns
  128 bits, and the SHA-2 functions.

4
What are needed from these functions?

• Collision resistance. Informally, you cannot find
  two strings with the same hash.
• One-way. Informally, given the hash, you cannot
  reconstruct the original string.

5
Security

• Here, cannot means computationally infeasible.
• There is no absolute security. If you have all
  the resources in the world, nothing is secure
  from you.

6
Birthday Attack

• If there are x people in the room, what is the
  probability that there are at least two people
  having the same birthday?

7
Birthday Attack

• The probability that no same birthday is
  (365/365)(364/365)(363/365)((365-x1)/365)
• From wiki

8
Birthday Attack

• Consider one strategy to break the SHA-1 Try
  random strings until a collision is found.
• How many strings you think you need until a
  collision is found?
• Roughly, if you try of 280 times, the
  probability of getting a collision is gt0.5.
• In 2005, Xiaoyun Wang found a flaw in SHA-1 such
  that it is possible to find a collision in 269
  calculations.

9
Block Cipher

• The basic need given a message in plain text,
  encrypt it, such that no one can know the content
  of the message. But the receiver should be able
  to decrypt it to produce the original message.
• Like simple substitution.

10
Block Cipher

• AES is a Block Cipher, means that it maps a
  fixed-length (128 bits) input to a fixed-length
  (128 bits) output.
• Given the same input bits, the Block Cipher
  always returns the same output bits. So, it is a
  mapping from the input to the output.
• The decryption algorithm is just the reverse
  mapping.

11
The Key

• The AES algorithm is known to the world. So if
  you can use AES to encrypt your data, anyone will
  be able to use the AES to decrypt your data and
  you achieved nothing.
• So, you must make your encryption unique, even if
  you are using a well-known algorithm.
• How?
• By having a key. The encryption result for one
  key is unique to other keys.

12
How AES works

• AES takes 128-bit input and turn it into 128-bit
  output with the help of a 128 bit key (or 192, or
  256). (Skype uses 256 bit key)
• The key is expanded into 11 sub-keys (K0, K1, ,
  K10.)
• s M xor K0.
• Then the following is executed 10 rounds.
• s SBOX(s).
• s shift_row(s).
• s mix_col(s) if not the last round
• s s xor Ki.
• Return s.

13

• The S BOX simply maps the input to an output
  according to a predetermined mapping.
• The shift_row() does the following. Regard the
  16-byte s as a 4 by 4 matrix.

s0 s4 s8 s12 s1 s5 s9 s13 s2 s6
s10 s14 s3 s7 s11 s15
s0 s1 s2 s3 s5 s9 s13 s1 S10 s14 s2
s6 s15 s3 s7 s11

• The mix_col does the following. ai is4 bytes.

02 02 01 01 01 02 03 01 01 02 02 03
03 01 01 02
a0 a1 a2 a3
a0 a1 a2 a3

14
AES

• AES can also be used for other purposes.
• For example, you can pick a random key, then use
  AES to generate random numbers.
• The code we used in the class.