Chapter 11 Security Protocols - PowerPoint PPT Presentation

1 / 87
About This Presentation
Title:

Chapter 11 Security Protocols

Description:

Secure borders. Firewalls. Virus checking. Intrusion detection. Authentication ... To communicate with B, a user contacts the CA to obtain the certificate for B ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 88
Provided by: LeonG61
Category:

less

Transcript and Presenter's Notes

Title: Chapter 11 Security Protocols


1
Chapter 11Security Protocols
  • Network Security Threats
  • Security and Cryptography
  • Network Security Protocols
  • Cryptographic Algorithms

2
Chapter 11Security Protocols
  • Network Security Threats

3
Network Security
  • The combination of low-cost powerful computing
    and high-performance networks is a two-edged
    sword
  • Many powerful new services and applications are
    enabled
  • But computer systems and networks become highly
    susceptible to a wide variety of security threats
  • Network security involves countermeasures to
    protect computer systems from intruders
  • Firewalls, security protocols, security practices
  • We will focus on security protocols

4
Threats, Security Requirements, and
Countermeasures
  • Network Security Threats
  • Eavesdropping, man-in-the-middle, client and
    server imposters
  • Denial of Service attacks
  • Viruses, worms, and other malicious code
  • Network Security Requirements
  • Privacy, Integrity, Authentication,
    Non-Repudiation, Availability
  • Countermeasures
  • Communication channel security
  • Border security

5
Security Requirements
  • Security threats motivate the following
    requirements
  • Privacy information should be readable only by
    intended recipient
  • Integrity recipient can confirm that a message
    has not been altered during transmission
  • Authentication it is possible to verify that
    sender or receiver is who he claims to be
  • Non-repudiation sender cannot deny having sent a
    given message.
  • Availability of information and services

6
Eavesdropping
  • Information transmitted over network can be
    observed and recorded by eavesdroppers (using a
    packet sniffer)
  • Information can be replayed in attempts to access
    server
  • Requirements privacy, authentication,
    non-repudiation

7
Client Imposter
  • Imposters attempt to gain unauthorized access to
    server
  • Ex. bank account or database of personal records
  • For example, in IP spoofing imposter sends
    packets with false source IP address
  • Requirements privacy, authentication

8
Denial of Service Attack
  • Attacker can flood a server with requests,
    overloading the server resources
  • Results in denial of service to legitimate
    clients
  • Distributed denial of service attack on a server
    involves coordinated attack from multiple
    (usually hijacked) computers
  • Requirement availability

9
Server Imposter
  • An imposter impersonates a legitimate server to
    gain sensitive information from a client
  • E.g. bank account number and associated user
    password
  • Requirements privacy, authentication,
    non-repudiation

10
Man-in-the-Middle Attack
  • An imposter manages to place itself as man in the
    middle
  • convincing the server that it is legitimate
    client
  • convincing legitimate client that it is
    legitimate server
  • gathering sensitive information and possibly
    hijacking session
  • Requirements integrity, authentication

11
Malicious Code
  • A client becomes infected with malicious code
  • Opening attachments in email messages
  • Executing code from bulletin boards or other
    sources
  • Virus code that, when executed, inserts itself
    in other programs
  • Worms code that installs copies of itself in
    other machines attached to a network
  • Many variations of malicious code
  • Requirements privacy, integrity, availability

12
Countermeasures
  • Secure communication channels
  • Encryption
  • Cryptographic checksums and hashes
  • Authentication
  • Digital Signatures

13
Countermeasures
  • Secure borders
  • Firewalls
  • Virus checking
  • Intrusion detection
  • Authentication
  • Access Control

14
Chapter 11Security Protocols
  • Security and Cryptography

15
Cryptography
  • Encryption transformation of plaintext message
    into encrypted (and unreadable) message called
    ciphertext
  • Decryption recovery of plaintext from
    ciphertext
  • Cipher algorithm for encryption decryption
  • A secret key is required to perform encryption
    decryption

16
Substitution Ciphers
  • Substitution Cipher Map each letter or numeral
    into another letter of numeral
  • a b c d e f g h i j k l m n o p q r s t u v w x y
    z
  • z y x w v u t s r q p o n m l k j i h g f e d c b
    a
  • Example
  • hvxfirgb? security
  • Substitution ciphers are easy to break
  • Take histogram of frequency of occurrence of
    letters in a ciphertext message
  • Match to known frequencies of letters

17
Transposition Cipher
  • Transposition Cipher Rearrange order of
    letters/numerals in a message using a particular
    rearrangement
  • interchange character k with character k1
  • Example
  • security? esuciryt
  • Transposition Ciphers are easy to break
  • Suppose plaintext and ciphertext are known
  • Matching of letters in plaintext and ciphertext
    will reveal transposition mapping

18
Secret Key Cryptography
  • Sender encrypts P by applying mapping EK which
    depends on secret key K C EK(P)
  • Receiver decrypts C by applying inverse mapping
    DK which also depends on K DK(EK(P)) P

19
What makes a good cipher?
  • Algorithm should be easy to implement and deploy
    on large scale
  • Algorithm should be difficult to break
  • Number of keys should be very large
  • Attacker cannot try all possible keys
  • The secret key should be very hard to derive from
    intercepted messages
  • Even if a large number of plaintext
    corresponding cyphertexts are known to the
    attacker
  • Examples of secret key methods discussed later
  • Data Encryption Standard (DES) and Triple DES
  • Advanced Encryption Standard (AES)

20
Security using Secret Key Cryptography
  • Privacy secret key renders messages
    confidential
  • Integrity alteration of the cyphertext will be
    detected, because the decrypted message will be
    gibberish
  • When privacy is not required, encryption of the
    entire message is overkill because much
    processing involved
  • We will see that cryptographic checksums provide
    integrity and require less processing

21
Authentication using Secret Key Cryptography
John to Jane, lets talk
r
Receiver (Jane)
Sender (John)
Ek(r)
r
Ek(r)
  • Reply with challenge that contains random number
    r, nonce number once
  • Apply secret key to decrypt message. If
    decrypted number is r then the transmitter is
    authenticated
  • Send message identifying self
  • Send response with encrypted r
  • Can now authenticate receiver by issuing a
    challenge

22
Cryptographic Checksums and Hashes
CrytoChk
Message
Message
P
P
Crypto Checksum Calculator
HK(P)
K
  • Transmitter calculates a fixed number of bits
    (crypto checksum/hash) that depends on secret key
    K HK(P)
  • Receiver recalculates hash from received message
    compares to received hash

23
What makes a Good Hash?
  • To be secure, it must be very difficult to find a
    message that generates a given hash
  • If not difficult, an attacker could produce a
    message and corresponding hash that would be
    accepted as valid
  • Suppose message is M bits long and hash is m bits
    long, and mltltM
  • For each given hash value there are 2M/m messages
    that give that hash
  • How long does it take to find a match?
  • Probability that a random message generates given
    hash is 2-m since there are 2m hashes
  • Mean tries to find given hash is 2m

24
Example
  • M 1000, m 128
  • Number of possible messages 21000
  • Number of possible hashes 2128
  • For each hash value there are 21000/2128 2872
    messages that generate the hash
  • A randomly selected message produces a desired
    hash value with probability 2-128
  • If each attempt requires 1 microsecond, time to
    find matching message to a hash is
  • 2128x1 microsecond 225 years

25
Some Hashing Algorithms
  • Message Digest 5 (MD5)
  • Pad message to be multiple of 512 bits
  • Initialize 128 buffer to given value
  • Modify buffer content according to next 512 bits
  • Repeat until all blocks done
  • Buffer holds 128 bit hash
  • Keyed MD5
  • Pad message to be multiple of 512 bits
  • Attach and append secret key to padded message
    prior to performing hash function
  • Could also append/attach other information such
    as sender ID
  • Secure Hash Algorithm 1 (SHA-1)
  • Produce a 160-bit hash more secure than MD5
  • Keyed version available

26
Hashed Message Authentication Code Method
  • HMAC improves strength of a hash code
  • Pad secret key with zeros to length of 512 bits
    and X-OR with 64 repetitions of 00110110
  • Pad message to multiple of 512 bits
  • Calculate hash of padded key followed by padded
    message, 128 bits for MD5, 160 bits for SHA-1
  • Pad hash to 512 bits
  • Pad secret key with zeros to 512 bits and X-OR
    with 64 repetitions of 01011010
  • Calculate hash of padded key and padded hash
  • Result is final hash

27
Public Key Cryptography
  • Public key cryptography provides privacy using
    two different keys
  • Public key K1 available to all for encrypting
    messages to a certain user C EK1(P)
  • Private key K2 for user to decrypt messages
    P DK2(EK1(P))

28
What makes a good public key algorithm?
  • EK1 and DK2 should be readily implementable
  • Inverse relationship should hold
  • P DK2(EK1(P)) and sometimes P EK1(DK2(P))
  • K1 is a relatively small number of bits and K2 is
    usually a large number of bits
  • It is extremely difficult to decrypt EK1(P)
    without K2
  • It should not be possible to deduce K2 from K1
  • Example RSA public key cryptography (discussed
    later)

29
Integrity using Public Key Cryptography
  • Integrity
  • Any one can send messages using public key, so
    integrity not assured directly
  • For integrity, transmitter
  • encodes P with its private key K2? to obtain P?
    DK2? P)
  • encodes P? using receivers public key C
    EK1(P?)
  • Receiver
  • decrypts C, DK2(EK1(P?)) P?
  • decrypts P? using transmitters public key,
    EK1?(DK2?(P)) P
  • Only the transmitter could have sent this
    message.

30
Authentication using Public Key Cryptography
John to Jane, lets talk
EK1(r)
r
  • Transmitter identifies itself
  • Receiver sends a nonce encoded using the senders
    public key in a challenge message
  • Transmitter uses its private key to recover the
    nonce, and it returns the unencrypted nonce
  • Only the holder of the private key can find the
    nonce

31
Digital Signatures using Public Key Cryptography
  • Digital signatures provide nonrepudiation
  • User signs a message that cannot be repudiated
  • Digital signature obtained as follows
  • Transmitter obtains a hash of the message
  • Transmitter encrypts the hash using its private
    key result is the digital signature
  • Transmitter sends message and signature
  • To check the signature
  • Receiver obtains hash of message
  • Receiver decrypts signature using senders public
    key
  • Receiver compares hash computed from message and
    hash obtained from signature
  • Procedure also ensures message integrity

32
Secret Key vs. Public Key
  • Public key systems have more capabilities
  • Secret key privacy, integrity, authentication
  • Public key all of above digital signature
  • Public key algorithms are more complex
  • Require more processing and hence much slower
    than secret key
  • Practice
  • Use public key method during session setup to
    establish a session key
  • Use secret key cryptography during session using
    the session key

33
Example Pretty Good Privacy (PGP)
  • PGP developed by Phillip Zimmerman to provide
    secure email
  • http//www.philzimmermann.com/index.shtml
  • http//www.pgpi.org
  • Notorious for becoming publicly available for
    download over Internet in violation of US export
    restrictions
  • Uses public key cryptography to provide
  • Privacy, integrity, authentication, digital
    signature
  • De facto standard for email security
  • Also provides privacy and integrity for stored
    files

34
Key Distribution in Secret Key Systems
  • Every pair of users requires a separate shared
    secret key
  • N(N 1) keys for N users Grows quickly with N
  • Similar to full-mesh connections for N users
  • Solution Introduce Key Distribution Centers
  • Each users has shared key with the KDC
  • User A has shared key KKA with KDC
  • User B has shared key KKB with KDC
  • KDC provides shared key when A B need to
    communicate

35
Key Distribution Center
  • User A contacts the KDC to request a key for use
    with user B.
  • KDC
  • Authenticates user A
  • Selects a key KAB and encrypts it to produce
    EKA(KAB) and EKB(KAB).
  • KDC sends both versions of the encrypted key to
    A.
  • User A contacts user B and provides a ticket in
    the form of EKB(KAB)
  • Users A B both have KAB

36
Example Kerberos
  • Kerberos authentication service for users to
    access servers over network
  • KDC has secret key with every user
  • At login, user supplies ID and password
  • KDC authenticates user generates session key
  • Session key ticket-granting ticket (TGT) is
    sent to user encrypted using shared secret key
  • To access a particular server, user sends request
    to KDC with server name and TGT
  • KDC decrypts TGT to recover session key then
    returns ticket to client for desired server

37
Key Distribution in Public Key Systems
  • In public key only one pair of keys per user
  • Key distribution problem How to determine
    whether an advertised public key is not from an
    imposter?
  • Certification Authority (CA)
  • Issues digitally signed certificate that provides
  • Users name public key
  • Certificate serial , expiration date
  • Certificates can be stored in publicly accessible
    directories
  • To communicate with B, a user contacts the CA to
    obtain the certificate for B
  • Users are configured to have the CAs public key,
    which they use to verify the digital signature

38
Key Generation Diffie-Hellman Exchange
  • Generate keys instead of distributing keys
  • Diffie-Hellman exchange to create a shared key
  • A B pick p a large prime , and generator g lt p
  • A picks x and sends T gx to B B picks y and
    sends R gy
  • Secret key is K (gx)y (gy)x which are
    calculated by A B
  • Eavesdropper that obtains p, g, T, R cannot
    obtain x and y because x logT and y logR are
    extremely difficult to solve

39
Man-in-the-Middle Attack
  • An intruder C can interpose itself between A B
  • C establishes a shared key K1 with A and a shared
    key K2 with B
  • C can then intercept, decipher, and re-encrypt
    all communications
  • Need mutual authentication between A B
  • Alternative Community agrees on g p users
    publish their T, R,

40
Diffie-Hellman Complexity
  • Diffie-Hellman exchange involves computation of
    powers of large numbers
  • Large number of multiplications implies heavy
    computational burden
  • Susceptible to denial-of-service attacks

41
Chapter 11Security Protocols
  • Network Security Protocols

42
Direct Connections to Internet
A
B
  • Computers A B communicate across the Internet
  • Exposure to eavesdropping, imposters, DoS
  • Can encrypt some transmitted information
  • But IP headers need to be visible to routers
    hence others
  • Eavesdropper can gather variety of usage
    information deduce nature of interaction
  • Choice of which layer to apply security IP,
    transport, or application layer

43
Gateway-to-Gateway
B
A
  • Computers A and B have gateways interposed
    between their internal network and Internet
  • Gateway can be a firewall
  • Controls external access to internal network
  • Packet filtering according to various header
    fields
  • IP addresses, port numbers, ICMP types, fields
    within payload
  • Secure tunnels can be established between
    gateways
  • All internal information including headers can be
    encrypted

44
Remote user to Gateway
  • Mobile host needs access to internal network
  • Gateway must provide user with access while
    barring intruders from accessing internal network
  • May also need to protect identity of mobile user
  • IP-address of mobile user changes

45
Firewall Options
  • Firewalls can operate at different layers
  • IP-layer filtering cannot operate on payload
    contents
  • Circuit-Level Gateways
  • Direct client-to-server TCP connections not
    allowed
  • Relays TCP segments between actual client
    actual server
  • Application-Level Gateways or Proxies
  • Interposed between actual client and actual
    server
  • Performs authentication and determines what
    features are available to client
  • Monitors, filters relays messages

46
Protocol Layer Options
  • Security Services can be provided at different
    layers of the protocol stack
  • Data Link Layer security
  • Point-to-point security between
    directly-connected devices, e.g. wireless LAN
    security
  • IP-Layer security
  • Security service between IP-layer Transport
    layer
  • End-to-end security across an internet, e.g.
    IPsec
  • Transport Layer security
  • Security service between Transport Application
    Layers
  • E.g. Secure Sockets Layer Transport Layer
    Security

47
Network Security Services
  • Integrity Service information received from
    network has not been altered during transmission
  • Authentication Service the receiver can
    authenticate that information came from purported
    sender
  • Privacy Service information is readable only by
    intended recipient
  • In applications that require network security,
    integrity authentication essential privacy
    not always justified

48
IP Security (IPsec)
.
  • IPsec defined in RFCs 2401, 2402, 2406
  • Provides authentication, integrity,
    confidentiality, and access control at the IP
    layer
  • Provides a key management protocol to provide
    automatic key distribution techniques.
  • Security service can be provided between a pair
    of communication nodes, where the node can be a
    host or a gateway (router or firewall).
  • Two protocols two modes to provide traffic
    security
  • Authentication Header and Encapsulating Security
    Payload
  • Transport mode or tunnel mode

49
Security Association
  • A Security Association (SA) is a logical simplex
    connection between two network-layer entities
  • Two SAs required for bidirectional secure
    communication
  • SA is specified by
  • A unique identifier
  • Security services to be used
  • Cryptographic algorithms to be used
  • How shared keys will be established
  • Other attributes such as lifetime
  • SA negotiated before security service begins

50
Integrity Authentication Service
  • Integrity can be ascertained by sending a
    cryptographic checksum or hash of message
  • Authentication also provided if hash covers
  • Shared secret key, senders identity message
  • Fields that are changed while packet traverses
    Internet are set to zero in calculation of hash
  • To protect against replay attacks, message should
    carry a sequence number that is covered by the
    hash
  • Receiver accepts a packet only once
  • Receiver maintains a window of packets it accepts
  • Receiver recalculates hash and compares to hash
    in received packet

51
Authentication Header
  • Inserted between regular header payload
  • Packet header contains field indicating presence
    of authentication header
  • Authentication header includes
  • Security association ID
  • Sequence number
  • Cryptographic hash

52
Tunneling
  • A tunnel can be created by encapsulating a packet
    within another packet
  • Inner packet header carries original source
    address
  • Entire contents of inner packet covered by hash
  • Outer packet header carries gateways address

53
Privacy Service
  • Privacy requires encryption of message
  • Encryption header identifies security association
    sequence number
  • Encryption can cover payload padding
  • Authentication header can be used to detect
    alteration of any non-changeable fields protect
    against replay attacks

54
Privacy Service in Tunnel Mode
  • In tunnel mode, entire original packet is
    encrypted and unreadable to eavesdroppers
  • All original packet header fields are unreadable
  • Only gateway packet header is visible
  • It is also possible to use tunnel mode between
    trusted routers while traversing untrusted
    segments of the Internet
  • Trusted routers can decrypt inner packet
    perform routing

55
Setting up a Security Association
  • To setup security association, computers must
  • Agree on security services that will be provided
  • Agree on cryptographic algorithms
  • Authenticate each other
  • Establish a shared secret key
  • Last two steps are difficult possible
    approaches
  • Manual set up of shared key between pair of users
  • Use Key Distribution Center
  • Contact a Certificate Authority
  • Internet Key Exchange (RFC 2409) for IPsec
  • Assumes parties have a name/identity for other
    party as well as a pre-established shared secret
    (secret key or private key)

56
Internet Key Exchange (IKE)
Proposes Security Association options
Initiator Host
Contains Ci
Select random Ci initiators cookie
Check to see if Ci already in use If not,
generate Cr, responders cookie Associate Cr
with initiators address
Selects SA options
Contains Ci Cr
Check Ci address against list Associate (Ci,
Cr) with SA record SA as unauthenticated
57
Internet Key Exchange
Initiator Host
Nonce Ni
Initiate Diffie-Hellman exchange
Tgx mod p
Check responder cookie, discard if not valid If
valid identify SA with (Ci, Cr) record as
unauthenticated
Nonce Nr
Rgy mod p
Calculate K(gy)x mod p
Calculate K(gx)y mod p
Calculate secret string of bits SKEYID known only
to initiator responder
Calculate secret string of bits SKEYID known only
to initiator responder
58
Internet Key Exchange
Initiator Host
Prepare signature based on SKEYID, T, R, Ci, Cr,
the SA field, initiator ID
SKEYID, T, R, Ci, Cr, SA, IDi
Hash of info in HDR
Authenticates initiator comparing decrypted hash
to recalculated hash. If agree, SA declared
authenticated.
encrypted
Hash of info in HDR
Prepares signature based on SKEYID, T, R, Ci, Cr,
the SA field, responder IDr
SKEYID, T, R, Ci, Cr, SA, IDr
Authenticate initiator. If successful, SA
declared authenticated.
59
SKEYID Cookies
  • SKEYID for authentication, based on
  • Shared key that results from Diffie-Hellman
  • Pre-shared key
  • Pre-configured secret key
  • Private part of a public key pair
  • Nonces and/or cookies
  • Cookies
  • To counteract denial-of-service attacks
  • A user that wants to make a connection requests
    must first request a cookie
  • Connections requests are only accepted from users
    that have a valid cookie, and hence that must
    receive packets at the IP address from which they
    sent the request

60
IPsec Authentication Header
  • Authentication header (AH) placed after headers
    that are examined at every hop
  • Presence of AH indicated by protocol value 51
    in IPv4 header
  • Authentication performed over all fields
    including IP header, except fields that change at
    every hop

61
Authentication Header Format
  • Format used in IPv4 and IPv6
  • Next Header indicates next payload after AH
  • Length of Authentication data in multiples of 32
    bits
  • SPI unique ID for security association
  • Sequence number for anti-replay protection
  • Authentication data contains result of
    authentication computation

62
Encapsulating Security Payload
  • ESP provides
  • Integrity authentication service
  • Privacy service by encryption of payload
  • Authentication data at end is optional
  • Placement at ends makes implementation simpler

63
ESP Header Format
  • Authenticated coverage from SPI until next header
    field
  • Encrypted coverage from payload data field until
    next header
  • Protocol type 50
  • Next header field is encrypted, so transport type
    not visible

64
Secure Sockets Layer (SSL)
  • SSL developed by Netscape Communications
  • Operates on top of TCP
  • Provides secure connections
  • HTTP, FTP, telnet,
  • Electronic ordering payment e-mail
  • SSL 3.0 submitted to IETF for standardization
  • TLS standardized by IETF (RFC 2246)
  • Slight differences with SSL 3.0

65
Transport Layer Security (TLS)
  • TLS protocols operate at two layers
  • TLS Record Protocol operates on top of TCP
  • Protocols on top of TLS Record Protocol
  • TLS Handshake Protocol
  • TLS Change Cipher Specification Protocol
  • TLS Alert Protocol

66
TLS Record Protocol
  • TLS Record protocol provides
  • Privacy service through secret key encryption
  • Encryption algorithm is negotiated at session
    setup
  • Secret keys generated per connection using
    another protocol such as Handshake protocol
  • Reliability service through keyed message
    authentication code
  • Hash algorithm negotiated at session setup
  • Operates without hash only during session
    negotiation

67
TLS Handshake Protocol
  • TLS Handshake protocol used by client server
  • Negotiate protocol version, encryption algorithm,
    key generation method
  • Can authenticate each other using public key
    algorithm
  • Client server establish a shared secret
  • Multiple secure connections can be set up after
    session setup
  • Session specified by following parameters
  • Session Identifier byte sequence selected by
    server
  • Peer Certificate certificate of peer
  • Compression method used prior to encryption
  • Cipher spec encryption message authentication
    code
  • Master Secret 48-byte secret shared by client
    server
  • Is resumable? flag indicating if new
    connections can be initiated

68
TLS Handshake Process
TLS Record protocol initially specifies no
compression or encryption
Request connection Includes Version Time
date Session ID (if resuming) Ciphersuite
(combinations of key exchange, encryption, MAC,
compression)
Send ServerHello if there is acceptable
Ciphersuite combination else, send failure
alert close connection.
Optional messages
ServerHello includes Version Random
number Session ID Ciphersuite compression
selections
New CipherSpec pending
Server Certificate
May contain public key
Server part of key exchange Diffie-Hellman, gx
RSA, public key
Compute shared key
Server part of handshake done
69
Handshake Protocol continued
Clients part of key agreement Diffie-Hellman
gy RSA, random s
Compute shared key
Change Cipher protocol message notifies server
that subsequent records protected under new
CipherSpec keys
Server changes CipherSpec
Verify CipherSpec
Hash using new CipherSpec allows server to
verify change in Cipherspec
70
Handshake Protocol completion
Notify client that subsequent records protected
under new CipherSpec keys
Client changes CipherSpec
Client verifies new CipherSpec
Hash using new CipherSpec
  • TLS Record protocol encapsulates
    application-layer messages
  • Privacy through secret key cryptography
  • Reliability through MAC
  • Fragmentation of application messages into
    blocks for compression/encryption
  • Decompression/Decryption/Verification/Reassembly

71
TLS Handshake with Client Authentication
Server requests certificate if client needs to be
authenticated
If server finds certificate unacceptable server
can send fatal failure alert message close
connection
Client sends suitable certificate
Client prepares digital signature based on
messages sent using its private key
Server verifies client has private key
72
TLS 1.0 SSL 3.0 Compatibility
  • TLS 1.0 allows backwards compatibility with SSL
    3.0
  • When TLS client sends ClientHello to SSL server
  • Client sends TLS message with 3, 1 in version
    field to indicate it also supports SSL 3.0
  • Server that supports SSL 3.0 will respond with
    SSL 3.0 ServerHello message
  • A TLS server that handles SSL 3.0 clients
  • Accepts SSL 3.0 ClientHello messages responds
    with SSL 3.0 Server Hello message if client
    message contains 3,0 in version field
    indicating that it only supports SSL 3.0

73
Client Hello Message
74
ServerHello
75
SSL Message Exchange
76
Chapter 11Security Protocols
  • Cryptographic Algorithms

77
Data Encryption Standard
  • DES adopted by U.S. National Bureau of Standards
    in 1977
  • Most widely-used secret key system
  • Efficient hardware implementation
  • Encryption Electronic Codebook (ECB) Mode
  • Message broken into 64-bit blocks
  • Each 64-bit plaintext block encrypted separtely
    into 64-bit cyphertext
  • Original version of DES uses a 56-bit key
  • Decryption Encryption operations performed in
    reverse order

78
DES Algorithm
  • Initial permutation is independent of key
  • Final permutation is inverse of initial
    permutation
  • Penultimate step swaps 32-bits on left with
    32-bits on the right
  • Intermediate 16 iterations apply a different key
    that is derived from the original 56-bit key

79
DES Iteration
  • 64-bit block divided into Li 1 and Ri 1 halves
  • Left output Li Ri 1
  • Right output
  • Ri Li 1 XOR f(Ri 1, Ki)
  • bitwise XOR
  • f(.,.) as follows
  • Ri 1 expanded to 48 bits using fixed re-ordering
    duplication pattern
  • XORed with Ki
  • Each resulting group of 6-bits is mapped into
    4-bit output according to substitution mapping

80
Cipher Block Chaining
  • ECB mode encrypts 64-bit blocks independently
  • Attacker can use knowledge about pattern in
    message to attack encrypted sequence of blocks
  • Cipher Block Chaining (CBC) introduces dependency
    between consecutive blocks
  • Current plaintext block is XORed with preceding
    ciphertext block
  • First plaintext block XORed with an
    initialization vector that is transmitted to
    receiver in ciphertext

81
Cipher Block Chaining
82
DES Security
  • DES vulnerable to brute-force attack
  • 56-bit key is too short
  • Has been broken in less than one day using a
    specially-designed computer
  • Triple-DES (3DES)
  • Provides better security
  • Uses two 56-bit keys
  • C EK1(DK2(EK1(P)))
  • P DK1(EK2(DK1(P)))
  • Instead of triple encryption, use
    encryption-decryption-encryption
  • If K1 K2, reduces to original DES

83
Advanced Encryption Standard
  • AES selected in 2001 by U.S. NIST (National
    Institute of Standards Technology)
  • Developed by Rijmen and Daemen
  • Secret key system
  • Encryption of 128-bit blocks with keys of size
    128, 192, or 256 bits
  • Software efficient hardware implementation
  • 3.4x1038 keys vs. 7.2x1016 keys for 56-bit DES
  • AES is gradually replacing DES/3DES
  • See
  • http//csrc.nist.gov/CryptoToolkit/aes/

84
RSA Public Key Algorithm
  • Named after Rivest, Shamir, and Adleman
  • Modular arithmetic factorization of large
    numbers
  • Let n pq, where p q are two large numbers
  • n typically several hundred bits long, i.e. 512
    bits
  • Plaintext must be shorter than n
  • Find e relatively prime to (p 1)(q 1)
  • i.e. e has no common factors with (p 1)(q 1)
  • Public key is e,n
  • Let d be multiplicative inverse of e
  • de 1 modulo (p 1)(q 1)
  • Private key is d,n

85
Encryption Decryption
  • Fact For Pltn and n, p, q, d as above
  • Pde mod n P mod n
  • Encryption
  • C Pe mod n
  • Result is number less than n and is represented
    by same number of bits as key
  • Decryption
  • Cd mod n Ped mod n P mod n P
  • Security stems from fact that it is very
    difficult to factor large numbers n, and with e
    to then determine d

86
RSA Example
  • Let p 5, q 11
  • n pq 55 and (p 1)(q 1) 40
  • Let e 7, which is relatively prime to 40
  • 7d mod 40 1, gives d 23
  • Public key is 7, 55
  • Private key is 23, 55

87
RSA Example continued
  • Encrypt RSA R18, S19, A1
  • C1 187 mod 55 18421 mod 55
  • (18 mod 55) (182 mod 55) (184 mod 55) mod
    55
  • (18) (324 mod 55) (184 mod 55) mod 55
  • (18) (49) (492 mod 55) mod 55
    (18)(49)(36) mod 55
  • 31752 mod 55 17
  • C2 197 mod 55 24
  • C3 17 mod 55 1
  • Decrypt
  • 1723 mod 55 1716421 mod 55 18
  • 2423 mod 55 19
  • 123 mod 55 1
Write a Comment
User Comments (0)
About PowerShow.com