Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security

Description:

The RSA algorithm Most common, the RSA algorithm is used to get the public key/private key. Choose two large primes, p and q. Compute n=pq and z=(p-1)(q-1). – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 27
Provided by: zhenghao
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
2
Three tools
  • Hash Function
  • Block Cipher
  • Public Key / Private Key

3
Hash Functions
  • We used SHA-1 in our project.
  • SHA-1 takes no more than 264 bits as input and
    returns a 160-bit output.
  • SHA stands for Secure Hash Function.
  • Other hash functions include MD5 which returns
    128 bits, and the SHA-2 functions.

4
What are needed from these functions?
  • Collision resistance.
  • Informally, you cannot find two strings with the
    same hash.
  • One-way.
  • Informally, given the hash, you cannot
    reconstruct the original string.

5
Security
  • Here, cannot means computationally infeasible.
  • There is no absolute security. If you have all
    the resources in the world, nothing is secure
    from you.

6
Birthday Attack
  • If there are x people in the room, what is the
    probability that there are at least two people
    having the same birthday?

7
Birthday Attack
  • The probability that no same birthday is
    (365/365)(364/365)(363/365)((365-x1)/365)
  • From wiki

8
Birthday Attack
  • Consider one strategy to break the SHA-1 Try
    random strings until a collision is found.
  • How many strings you think you need until a
    collision is found?
  • Roughly, if you try of 280 times, the probability
    of getting a collision is gt0.5.
  • In 2005, Xiaoyun Wang found a flaw in SHA-1 such
    that it is possible to find a collision in 269
    calculations.

9
Block Cipher
  • The basic need given a message in plain text,
    encrypt it, such that no one can know the content
    of the message. But the receiver should be able
    to decrypt it to produce the original message.
  • Like simple substitution.

10
Block Cipher
  • AES is a Block Cipher, means that it maps a
    fixed-length (128 bits) input to a fixed-length
    (128 bits) output.
  • Given the same input bits, the Block Cipher
    always returns the same output bits. So, it is a
    mapping from the input to the output.
  • The decryption algorithm is just the reverse
    mapping.

11
The Key
  • The AES algorithm is known to the world. So if
    you can use AES to encrypt your data, anyone will
    be able to use the AES to decrypt your data and
    you achieved nothing.
  • So, you must make your encryption unique, even if
    you are using a well-known algorithm.
  • How?
  • By having a key. The encryption result for one
    key is unique to other keys.

12
How AES works
  • AES takes 128-bit input and turn it into 128-bit
    output with the help of a 128 bit key (or 192, or
    256). (Skype uses 256 bit key)
  • The key is expanded into 11 sub-keys (K0, K1, ,
    K10.)
  • s M xor K0.
  • Then the following is executed 10 rounds.
  • s SBOX(s).
  • s shift_row(s).
  • s mix_col(s) if not the last round
  • s s xor Ki.
  • Return s.

13
How AES works
  • The S BOX simply maps the input to an output
    according to a predetermined mapping.
  • The shift_row() does the following. Regard the
    16-byte s as a 4 by 4 matrix.

s0 s4 s8 s12 s1 s5 s9 s13 s2 s6
s10 s14 s3 s7 s11 s15
s0 s1 s2 s3 s5 s9 s13 s1 S10 s14 s2
s6 s15 s3 s7 s11
  • The mix_col() does the following. ai is 4 bytes.

02 02 01 01 01 02 03 01 01 02 02 03
03 01 01 02
a0 a1 a2 a3
a0 a1 a2 a3

14
AES
  • AES can also be used for other purposes.
  • For example, you can pick a random key, then use
    AES to generate random numbers.

15
Cipher Modes
  • ECB Electronic Code Book Mode. Break the entire
    file into blocks, and encode every block
    individually.
  • Problems. The example in the book. You can
    replace a block if it is good for you.
  • If you know the message is ltnamegt followed by
    ltsalarygt, you can replace your salary with
    someone elses salary if you know that he/she
    makes more than you do, without knowing exactly
    the content!

16
CBC Cipher Block Chaining
  • Encryption
  • C0 E(P0 xor IV).
  • C1 E(P1 xor C0), and so on.
  • IV is transmitted in plain text.
  • Decryption
  • P0 IV xor D(C0)
  • P1 C0 xor D(C1), and so on.
  • So, same message wont result in the same code.

17
Stream Cipher Mode
  • T0 E(IV).
  • T1 E(T0), and so on.
  • C P xor T.
  • Dont use the same stream twice.

18
Counter mode
  • Ti E(IVi).
  • Ci Pi xor Ti.
  • The advantage is that you can randomly access any
    block.
  • Used by Skype. Often called ICM (Integer counter
    mode).
  • ECB also supports random access. Does it have the
    same problem as ECB? No, because the IVs are
    different.

19
Public Key / Private Key
  • Consider Skype, how do you think that two Skype
    users can share the same AES key?

20
Public Key / Private Key
  • Everyone has a public key and private key.
  • With Bs public key (pkB) A can encode data that
    only B can decode with his private key (skB)
    because other people does not have Bs private
    key.
  • D_skBE_pkB(W) W
  • E_pkBD_skB(W) W

21
Public Key /Private key
  • So, A can choose a 128-bit string W as the
    session key and send E_pkB(W) to B. B runs the
    decryption algorithm to get D_skBE_pkB(W) W.
  • Skype actually asks two ends to both contribute
    128 bits to make the 256-bit session key.

22
The RSA algorithm
  • Most common, the RSA algorithm is used to get the
    public key/private key.
  • Choose two large primes, p and q.
  • Compute npq and z(p-1)(q-1).
  • Choose a large number relatively prime to z and
    call it d.
  • Find e such that ed 1 mod z. (such e must
    exist)
  • (e,n) is the public key for encoding and (d,n) is
    the private key for decoding.

23
The RSA algorithm
  • To encrypt a message
  • CMe mod n.
  • To decrypt
  • M Cd mod n.
  • The rules are satisfied
  • D_skBE_pkB(M) M
  • E_pkBD_skB(M) M.

24
An example
  • Let p3, q11,
  • n33, z20.
  • Choose d7, because 7 and 20 have no common
    factors
  • For e, it must satisfy 7e 1 mod 20, which gives
    us e3.
  • So the public key is (3,33) and the private key
    is (7,33).
  • If M19,
  • C193 mod 33 6859 mod 33 28
  • 287 mod 33 13492928512 mod 33 19

25
Why is RSA secure?
  • The problem is, given (d,n), can you figure out
    e?
  • You can try to find p and q given n. If you
    indeed can, then you get z. Given z and d, you
    get e.
  • But it is difficult to factor large numbers.

26
ssh-keygen
  • Try type ssh-keygen t rsa
  • The secret key will be saved as .ssh\ id_rsa
    and the public key will be saved as .ssh\
    id_rsa.pub
Write a Comment
User Comments (0)
About PowerShow.com