EE 122: Lecture 24 (Security) - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

EE 122: Lecture 24 (Security)

Description:

Ensures that the sender has strong evidence that the receiver has received the ... clientId, E(x, CHK) E(x 1, SHK), E(y,SHK) E(y 1, CHK) E(SK,SHK) client. server ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 23
Provided by: sto2
Category:

less

Transcript and Presenter's Notes

Title: EE 122: Lecture 24 (Security)


1
EE 122 Lecture 24(Security)
  • Ion Stoica
  • December 4, 2001

2
Security Requirements
  • Authentication
  • Ensures that the sender and the receiver are who
    they are claiming to be
  • Data integrity
  • Ensure that data is not changed from source to
    destination
  • Confidentiality
  • Ensures that data is red only by authorized users
  • Non-repudiation
  • Ensures that the sender has strong evidence that
    the receiver has received the message, and the
    receiver has strong evidence of the sender
    identity, strong enough such that the sender
    cannot deny that it has sent the message and the
    receiver cannot deny that it has received the
    message (not discussed in this lecture)

3
Cryptographic Algorithms
  • Security foundation cryptographic algorithms
  • Secret key cryptography, Data Encryption Standard
    (DES)
  • Public key cryptography, RSA algorithm
  • Message digest, MD5

4
Symmetric Key
  • Both the sender and the receiver use the same
    secret keys

Plaintext
Plaintext
Internet
Encrypt with secret key
Decrypt with secret key
Ciphertext
5
Data Encryption Standard (DES)
  • DES encrypts a 64-bit block of plain text using a
    64-bit key
  • Three phases
  • Permute the 64 bits in the block
  • Apply a given operation 16 times on the 64 bits
  • Permute the 64 bits using the inverse of the
    original permutation

1st phase
Round 1
.
.
.
key
2nd phase
Round 16
3rd phase
6
Operation in Each Round of 2nd Phase
0
63
  • Key is 56 bits
  • Each round the key is modified and 48 bits are
    selected from it. Given result Ki, the following
    operations are performed

63
32
31
0
Li-1
Ri-1
Ki
F

Li
Ri
7
Encrypting Larger Messages
  • Initialization Vector (IV) is a random number
    generated by sender and sent together with the
    ciphertext

Block1
Block2
Block3
Block4
IV




DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
8
Discussion
  • Can provide confidentiality
  • No mathematical proof, but practical evidence
    suggests that decrypting a message without
    knowing the key requires exhaustive search
  • To increase security use triple-DES, i.e.,
    encrypt the message three times

9
RSA (Rivest, Shamir, and Adleman)
  • Sender uses a public key
  • Receiver uses a private key

Plaintext
Plaintext
Internet
Encrypt with public key
Decrypt with private key
Ciphertext
10
Generating Public and Private Keys
  • Choose two large prime numbers p and q ( 256 bit
    long) and multiply them n pq
  • Chose encryption key e such that e and
    (p-1)(q-1) are relatively prime
  • Compute decryption key d, where
  • d e-1 mod ((p-1)(q-1))
  • Construct public key from pair (n, e)
  • Construct private key from pair (d, n)

11
RSA Encryption and Decryption
  • Encryption
  • c me mod n
  • Decryption
  • m cd mod n

12
Example
  • Choose p 7 and q 11 ? n pq 77
  • Compute encryption key e (p-1)(q-1) 610 60
    ? chose e 13 (13 and 60 are relatively prime
    numbers)
  • Compute decryption key d d 13-1 mod 60 ? 13d
    mod 60 1 mod 60 ? d 37 (3713 481)

13
Example (contd)
  • n 77 e 13 d 37
  • Send message m 7
  • Encryption c me mod n 713 mod 77 35
  • Decryption m cd mod n 3537 mod 77 7

14
Discussion
  • Can provide confidentiality
  • A receiver A computes n, e, d, and sends out (n,
    e)
  • Everyone who wants to send a message to A uses
    (n, e) to encrypt it
  • How difficult is to recover d ? (Someone that can
    do this can decrypt any message sent to A!)
  • Recall that
  • d e-1 mod ((p-1)(q-1))
  • So to find d, you need to find primes factors p
    and q
  • This is provable very difficult

15
Message Digest (MD) 5
  • Can provide data integrity
  • Used to verify the authentication of a message
  • Idea compute a hash on the message and send it
    along with the message
  • Receiver can apply the same hash function on the
    message and see whether the result coincides with
    the received hash

16
MD 5 (contd)
  • Basic property digest operation very hard to
    invert
  • in practice someone cannot alter the message
    without modifying the digest

Plaintext
corrupted msg
Plaintext
NO

digest
Internet
Digest (MD5)
Digest (MD5)
digest
17
Message Digest Operation
  • Transformation contains complex operations (see
    textbook, page 583)

Initial digest (constant)
Message (padded)
512 bits
512 bits
512 bits
Transformation
Transformation
.
.
.
Transformation
Message digest
18
Authentication
  • Goal Make sure that the sender an receiver are
    the ones they claim to be
  • Two solutions based on secret key cryptography
    (e.g., DES)
  • Three-way handshaking
  • Trusted third party
  • One solution based on public key cryptography
    (e.g., RSA)
  • Public key authentication

19
Simple Three-Way Handshaking
  • E(m,k) encrypt message m with key k
  • D(m,k) decrypt m with key k
  • CHK and SHK client and server shared secrete
    keys
  • SK session key used for data communication
  • This reduces the number of messages containing
    CHK and SHK
  • Question how are CHK and SHK communicated in the
    first place?

client
server
20
Trusted Third Party
  • Trust a third party entity, authentication server
  • E.g., Kerberos protocol
  • Scenario A wants to communicate with B
  • Assumption both A and B share secrete keys with
    S KA and KB
  • Notations
  • T timestamp (also serves the purpose of a random
    number)
  • L lifetime of the session
  • K sessions key

21
Trusted Third Party (contd)
S
A
B
22
Public Key Authentication
  • Based on public key cryptography
  • Each side need only to know the other sides
    public key
  • No secrete key need to be shared
  • A encrypts a random number x and B proves that it
    knows x
  • A can authenticate itself to be in the same way

A
B
Write a Comment
User Comments (0)
About PowerShow.com