Chapter 2 roadmap

1
Chapter 2 roadmap

• 2.1 What is network security?
• 2.2 Principles of cryptography
• 2.3 Authentication
• 2.4 Integrity
• 2.5 Key distribution and certification
• 2.6 Firewalls and IDS
• 2.7 Attacks and counter measures
• 2.8 Security in many layers

2
Cryptography Definitions

• Encryption is a process by which a message
  (called plaintext) is transformed into another
  message (called ciphertext) using a mathematical
  function and a special encryption password
  (called a key).
• Decryption is the reverse process transforming a
  ciphertext message back into its original
  plaintext form using a mathematical function and
  a key.
• The mathematical functions and keys used for
  encryption and decryption may be the same, or may
  be different.

3
Cryptography Definitions
Alices encryption key
Bobs decryption key
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext

• Symmetric key cryptography encryption and
  decryption keys are identical, so the key must be
  kept secret. (This approach is also called
  secret key cryptography.)
• Public key cryptography different keys for
  encryption and decryption (one public, the other
  private).

4
Symmetric Key Cryptography

• Same key decrypts and encrypts information.
• The encryption functions used need not be secret,
  but the keys used must be secret.
• The encryption and decryption functions used can
  be the same or different.
• Examples
• ROT13 Very simple rotation algorithm
• Caesar cipher Another (better) rotation
  algorithm
• crypt Original Unix encryption program
• DES Data Encryption Standard
• AES Advanced Encryption Standard
• Skipjack U.S. National Security Agency developed
  algorithm (classified)

5
Symmetric Key Cryptography

• Cryptographic algorithms involve substituting one
  thing for another, in many possible ways.
• Caesar cipher substitute each letter by the
  letter that appears k letters later in the
  alphabet while producing what looks like
  gibberish, there are only 25 possible keys
  available.
• monoalphabetic cipher substitute one letter for
  another now there are 26! possibilities.
• polyalphabetic cipher each letter could be
  substituted by multiple other possible letters
  for example, by using several monoalphabetic
  ciphers, depending on the position in the message.

plaintext abcdefghijklmnopqrstuvwxyz
E.g.
ciphertext mnbvcxzasdfghjklpoiuytrewq
Plaintext bob. i love you. alice
ciphertext nkn. s gktc wky. mgsbc
6
Symmetric Key Cryptography

• Q How hard is it to break these simple ciphers?
• Brute force attempt all possibilities
• Simple with the Caesar cipher, but gets quite
  difficult with monoalphabetic or polyalphabetic
  ciphers.
• Ciphertext-only attack use statistics and other
  information to decrypt intercepted ciphertext
• For example, simple statistics on letter
  placement and occurrence in English makes further
  decryption simpler.
• Known-plaintext attack if some of the plaintext
  is known, one could uncover some of the
  plaintext-ciphertext mappings, making decryption
  easier.
• For example, if we knew alice was in the
  message, we get some of the mappings right away
  without much difficulty.
• Chosen-plaintext attack the intruder can choose
  the plaintext message and receive the ciphertext
  form.
• It gets much easier to decrypt messages
  monoalphabetic ciphers are easily broken, and
  polyalphabetic ciphers get much easier too.

7
Symmetric Key Cryptography Key Issues
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext message, m
K (m)
A-B

• Symmetric key cryptography Bob and Alice share
  the same (symmetric) key K
• For example, the key is knowing substitution
  pattern in a monoalphabetic substitution cipher.
• Question How do Bob and Alice agree on key
  value? What if Bob and Alice have never met
  before?
• Even Better Question How is the agreed upon key
  distributed to both Bob and Alice in a secure
  fashion?

A-B
8
Symmetric Key Cryptography DES

• DES Data Encryption Standard
• US encryption standard NIST 1993
• 56-bit symmetric key, 64-bit plaintext input
• How secure is DES?
• DES Challenge 56-bit-key-encrypted phrase
  (Strong cryptography makes the world a safer
  place) decrypted (brute force) in 4 months.
• A more recent Challenge III (1999) took only a
  little over 22 hours.
• No known backdoor decryption approach.
• Making DES more secure
• Use three keys sequentially (3DES) on each datum.
• Use cipher-block chaining.

9
AES Advanced Encryption Standard

• New-ish (November 2001) symmetric key NIST
  (National Institute of Standards and Technology)
  standard, replacing DES.
• Processes data in 128 bit blocks.
• 128, 192, or 256 bit keys.
• Brute force decryption (trying each key) taking 1
  second on DES, would take 149 trillion years for
  AES.

10
Public Key Cryptography

• Symmetric key cryptography
• Requires both the sender and receiver to know the
  shared secret key.
• Question how do they agree on the key in the
  first place (particularly if they have never
  met)?

• Public key cryptography
• Radically different approach Diffie-Hellman76,
  RSA78.
• Sender and receiver do not share secret key.
• Public encryption key known to all.
• Private decryption key known only by the owner.

11
Public Key Cryptography

• Keys are generated in pairs.
• Public key is publicly registered so everyone
  knows it, and private one is kept secret by the
  owner.
• Each key can decrypt what the other encrypts, but
  not what it encrypts itself. (Thats why this is
  sometimes called assymetric cryptography.)
• Important properties of key generation
• There is a one-to-one correspondence in the
  generated key pairs if one key can decrypt a
  message, it must have been encrypted by the
  other.
• It must be extremely difficult, if not
  impossible, to deduce the private key when given
  a public key.

12
Public Key Cryptography

Bobs public key
K
B
-
Bobs private key
K
B
encryption algorithm
decryption algorithm
plaintext message
plaintext message, m
ciphertext
13
Public Key Cryptography
-
Alices private key
K
A

Alices public key
K
A
encryption algorithm
decryption algorithm
plaintext message
plaintext message, m
ciphertext
14
Public Key Cryptography
This property will be very useful later
use public key first, followed by private key
use private key first, followed by public key
Result is the same!
15
Public Key Encryption Algorithms

• Diffie-Hellman the first public key approach
  proposed.
• RSA the best known public key system, developed
  by Rivest, Shamir, and Adleman (hence RSA).
  Patents on this approach expired recently,
  allowing others to take advantage of it without
  licensing from RSA Security Inc.
• DSA Digital Signature Algorithm, developed by
  the U.S. National Security Agency (NSA).

16
RSA Choosing Keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n pq, z (p-1)(q-1)
3. Choose e (with eltn) that has no common
factors with z. (e, z are relatively prime).
4. Choose d such that ed-1 is exactly divisible
by z. (in other words ed mod z 1 ).
5. Public key is (n,e). Private key is (n,d).
17
RSA Encryption and Decryption
0. Given (n,e) and (n,d) as computed above
2. To decrypt received bit pattern, c, compute
d
(i.e., remainder when c is divided by n)
Magic happens!
c
18
RSA Example
Bob chooses p5, q7. Then n35, z24.
e5 (so e, z relatively prime). d29 (so ed-1
exactly divisible by z).
e
m
m
letter
encrypt
l
12
1524832
17
c
letter
decrypt
17
12
l
481968572106750915091411825223071697
19
RSA Why is This True
Useful number theory result If p,q prime and n
pq, then
(using number theory result above)
(since we chose ed to be divisible by (p-1)(q-1)
with remainder 1 )
20
Symmetric vs. Public Key Cryptography

• Which method provides stronger security?
• With suitable keys and algorithms, both methods
  can be secure enough for most purposes.
• Which method is more convenient?
• To use symmetric cryptography, both parties must
  know the secret key, which can be quite
  inconvenient.
• To use public key cryptography, one only needs to
  find the public key to communicate with someone
  else, which can be a lot more convenient.
• Which method performs better?
• Encrypting and decrypting a lot of information
  with public key cryptography can be painfully
  slow in comparison to symmetric cryptography.

21
Hybrid Secret-Public Key Cryptography

• Ideally, we would like to combine the strengths
  of symmetric and public key cryptography, and
  avoid their weaknesses.
• We want the efficiency of symmetric cryptography
  combined with the ease of use and convenience of
  public key cryptography.
• When two parties want to communicate securely,
  public key cryptography is used to exchange a
  random symmetric session key.
• Since the session key is encrypted, we can ensure
  secrecy and mutual authentication.
• Thus, key distribution and setup is easy and
  risk-free.

22
Hybrid Secret-Public Key Cryptography

• To communicate, symmetric cryptography is used
  with the session key.
• Since only these two parties know the session
  key, the messages are secure.
• Since secret key cryptography is used, this can
  be done relatively efficiently.
• When done, both parties destroy the session key.
  If communication is required in the future, this
  process is repeated from the beginning to obtain
  a completely new session key.
• This general approach is used in Pretty Good
  Privacy (PGP) and elsewhere.