ECE/CS 372

1
ECE/CS 372 introduction to computer
networksLecture 18

• Announcements
• Final exam will take place August 13th,2012
• HW4 and Lab5 are posted and are due Wednesday

Acknowledgement slides drawn heavily from Kurose
Ross
2
Chapter 8 Network Security

• Goals
• understand principles of network security
• cryptography and its many uses beyond
  confidentiality
• authentication
• message integrity
• Example securing email

3
Bob, Alice want to communicate securely

• Trudy is an enemy (intruder) bad guy

• Q what should Bob Alice be concerned about?
• eavesdrop messages are intercepted
• change messages are modified
• impersonation entire communication is hijacked
  by replacing sender or receiver by himself
• denial of service prevent services (e.g., by
  overloading resources)

integrity
authentication
availability
4
Who might Bob, Alice be?

• well, real-life Bobs and Alices!
• Web browser/server for electronic transactions
  (e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates

5
What is network security?

• Goals of network security
• Confidentiality only sender, intended receiver
  should understand message contents
• sender encrypts message
• receiver decrypts message
• Authentication sender, receiver want to confirm
  identity of each other
• Integrity sender, receiver want to ensure
  message not altered (in transit, or afterwards)
  without detection
• Availability services must be accessible and
  available to users

6
Chapter 8 roadmap

• Principles of cryptography
• Message integrity
• Securing email

7
Cryptography

• Cryptography allows a sender to disguise a
  message so that an intruder cant gain
  information from it
• confidentiality

All terms marked in red are crypto terminology
8
Types of cryptography

• symmetric key
• - both sender and receiver use identical key
• e.g., sender A encrypts with the key
• receiver B decrypts with same key
• public/private keys
• - two keys (public and private) are to be used
• e.g., sender A encrypts with Bs public key
• receiver B decrypts with its Private key

9
Symmetric key cryptography
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext message, m
K (m)
A-B

• symmetric key crypto Bob and Alice share/know
  same (symmetric) key K
• Q how do Bob and Alice agree on key value?

A-B
10
Symmetric key cryptography

• monoalphabetic cipher substituting one letter
  for another

plaintext abcdefghijklmnopqrstuvwxyz
ciphertext mnbvcxzasdfghjklpoiuytrewq
E.g.
Plaintext bob. i love you. alice
ciphertext nkn. s gktc wky. mgsbc
Q what is the encryption decryption key? A
the mapping
Q How hard to break this simple cipher? A
brute force (how hard?) how many possibilities?
26!
11
Symmetric key cryptography

• polyalphabetic cipher multiple monoalphabetic
  ciphers

Eg. C1, C2, C2, C3 (with 3 monoalphabetic cipher
keys) First letter, apply C1 Second letter,
apply C2 Third letter, apply C2 Fourth letter,
apply C3 Then, repeat

• Harder to break! By avoiding patterns, same
  letter may appear in different positions
• Key is C1, C2, C2, C3

12
Symmetric key cryptography

• block cipher msg is encrypted in blocks of k
  bits (independently)

• Each k-bit block is encrypted/mapped
• Possible mappings 2k!
• Hard to break
• Problem
• Hard to implement, with k64, sender and receiver
  need to store a mapping table of 264 entries !!
  Huge!!
• Solution
• Use of functions break blocks into smaller chunks

13
Block Cipher
64-bit input
8bits
8bits
8bits
8bits
8bits
8bits
8bits
8bits
loop for n rounds
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits
8 bits

• one pass through one input bit affects eight
  output bits

64-bit scrambler
64-bit output

• multiple passes each input bit affects all
  output bits

14
Cipher Block Chaining

• Problem w/ Cipher Block
• if input block is repeated, it produces
• same cipher text

m(1) HTTP/1.1
c(1) k329aM02
t1
block cipher

m(17) HTTP/1.1
c(17) k329aM02
t17
block cipher

• cipher block chaining XOR ith input block, m(i),
  with previous block of cipher text, c(i-1)
• c(0) transmitted to receiver in clear
• what happens in HTTP/1.1 scenario from above?

15
ECE/CS 372 introduction to computer
networksLecture 19

• Announcements
• Final exam will take place August 13th,2012
• HW4 and Lab5 are posted and are due Wednesday

Acknowledgement slides drawn heavily from Kurose
Ross
16
Public key cryptography

• symmetric key crypto
• requires sender, receiver know shared secret key
• Q how to agree on key in first place
  (particularly if never met)?

• public key cryptography
• radically different approach
• Two keys
• Public key encryp. key known to all
• Private key decryp. key known only to receiver
• Sender uses public key only to encryp
• Reciever uses both keys to decryp.

17
Public key cryptography

Bobs public key
K
B
-
Bobs private key
K
B
encryption algorithm
decryption algorithm
plaintext message
plaintext message, m
ciphertext

• Note only Bob is able to understand (decrypt)
  message m. Because only Bob has Bobs private key
• This assures confidentiality

18
Public key encryption algorithms
Requirements
.
.

-

• need K ( ) and K ( ) such that

B
B

given public key K , it should be impossible to
compute private key K
B
-
B
RSA Rivest, Shamir, Adleman algorithm
19
RSA Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n pq, z (p-1)(q-1)
3. Choose e (with eltn) that has no common
factors with z. (e, z are relatively prime).
4. Choose d such that ed-1 is exactly divisible
by z. (in other words ed mod z 1 ).
5. Public key is (n,e). Private key is (n,d).
20
RSA Encryption, decryption
0. Given (n,e) and (n,d) as computed above
2. To decrypt received bit pattern, c, compute
d
(i.e., remainder when c is divided by n)
Magic happens!
c
21
RSA example
Bob chooses p5, q7. Then n35, z24.
e5 (so e, z relatively prime). d29 (so ed-1
exactly divisible by z).
e
m
m
letter
encrypt
l
12
1524832
17
c
letter
decrypt
17
12
l
481968572106750915091411825223071697
22
Another RSA example
Bob chooses p5, q11. Question Find (n,e) and
(n,d)
Step 1 Compute n pq, z (p-1)(q-1)
Step 2 Choose e (with eltn) that has no common
factors with z. (e, z are relatively prime).
Step 3 Choose d such that ed-1 is exactly
divisible by z. (in other words ed mod z
1 ).
Step 4 Public key is (n,e). Private key is
(n,d).
23
RSA another important property
The following property will be very useful later
use public key first, followed by private key
use private key first, followed by public key
Result is the same!
24
Chapter 8 roadmap

• Principles of cryptography
• Message integrity
• Securing email

25
Message Integrity/Authentication

• Bob receives msg from Alice, wants to ensure
• Authentication message originally came from
  Alice
• Integrity message not changed since sent by
  Alice
• Cryptographic Hashing
• What
• take input m, produce fixed length value, H(m)
• e.g., as in Internet checksum
• Properties of H
• given m H(x), (x unknown), it is
  computationally infeasible to determine x.
• difficult to find x ? y such that H(x) H(y)
• note Internet checksum fails this requirement!
• Examples
• widely used hash functions MD5, SHA

26
Internet checksum poor crypto hash function

• Internet checksum has some properties of hash
  function
• produces fixed length digest (16-bit sum) of
  message
• is many-to-one

• But given message with given hash value, it is
  easy to find another message with same hash
  value

27
MAC Message Authentication Code
(shared secret)
s
(message)
s
(shared secret)

• Any problem ??
• Secret key distribution ??
• So we cant really authenticate via MAC alone

• Does MAC solve
• Integrity ?? How ??
• Authentication ?? How ??

• via Hashing
• via secret key

28
Digital Signatures via Public Key Crypto

• simple digital signature for message m
• Bob signs m by encrypting with his private key
  KB, creating signed message, KB(m)

-
-
29
Digital Signatures via Public Key Crypto (more)
-

• suppose Alice receives msg m, digital signature
  KB(m)
• Alice verifies m signed by Bob by applying Bobs
  public key KB to KB(m) then checks KB(KB(m) )
  m.
• if KB(KB(m) ) m, whoever signed m must have
  used Bobs private key.

-
-


-

• Alice thus verifies that
• Bob signed m.
• No one else signed m.
• Bob signed m and not m.

-
30
MAC via private/public keys
Alices public key
(message)
public Internet
append
Alices private key

• Note only Alice would have had her private key
• This assures authentication

31
Digital Signatures via Public Key Crypto (more)

• Problem
• Signing data by encryption and decryption is
  computationally expensive
• Imagine encrypting (signing) huge files of data
  !!!

• Solution
• Sign hashed output of original msg (sign H(m)
  only)
• Recall hash algorithms turn large msgs into
  small, fixed length msg
• signed MAC is the solution

-
32
Digital signature signed MAC
authentication integrity

• Alice verifies signature and integrity of
  digitally signed message

Bob sends digitally signed message
H(m)
Bobs private key
Bobs public key
equal ?
33
Public Key Certification

• Problem with public key
• When Alice obtains Bobs public key (from web
  site, e-mail, diskette), how does she know it is
  Bobs public key, not Trudys?
• solution
• trusted certification authority (CA)

34
Certification Authorities

• Certification Authority (CA) binds public key to
  particular entity, E.
• E registers its public key with CA.
• E provides proof of identity to CA.
• CA creates certificate binding E to its public
  key.
• certificate containing Es public key digitally
  signed by CA CA says This is Es public key.

Bobs public key
CA private key
certificate for Bobs public key, signed by CA
-
Bobs identifying information
35
Certification Authorities

• when Alice wants Bobs public key
• gets Bobs certificate
• apply CAs public key to Bobs certificate, get
  Bobs public key

Bobs public key
CA public key

36
Get Bobs public key from CA
CAs public key
(Bobs public key)
-
-
public Internet
append
CAs private key

• Alice just got Bobs public key (authenticated
  key)
• Of course, here we assume that you have CAs
  public key !!! Need to get it physically !!!

37
Chapter 8 Recap

• So far
• Cryptography confidentiality
• Symmetric key
• Public key A wants to send msg m to B. What does
  A send?
• A sends KB(m) hence, ONLY B understands m by
  applying KB-(KB(m))
• gt confidentiality
• Authentication integrity
• MAC (Msg Authen. Code)
• requires symmetric key
• Signed MAC A -gt B
• A sends (m,KA-(m)) to B,
• Hence, All get m by applying KA(KA-(m))
• Comparison gt authen. integrity, but NOT
  confidentiality

38
Chapter 8 roadmap

• Principles of cryptography
• Message integrity
• Securing e-mail

39
Secure e-mail (confidentiality)

• Alice wants to send confidential e-mail, m, to
  Bob.

A
B

• Alice
• generates random symmetric private key, KS.
• encrypts message with KS (for efficiency)
• also encrypts KS with Bobs public key.
• sends both KS(m) and KB(KS) to Bob.

• Bob
• uses his private key to decrypt and recover KS
• uses KS to decrypt KS(m) to recover m

Note that to provide confidentiality, sender
encrypts with receivers public key (ONLY
receiver should see msg)
40
Secure e-mail (authen. integrity)

• Alice wants to provide sender authentication/inte
  grity.

A
B

• Alice digitally signs message.
• sends both message (in the clear) and digital
  signature.

Again note that to provide authenticate/integrity,
sender encrypts with its private (all can
understand msg)
41
Secure e-mail (all confid. auth. integrity)

• Alice wants to provide secrecy, sender
  authentication, message integrity.

A
Alice uses three keys her private key, Bobs
public key, newly created symmetric key
42
The end of class!
Acknowledgement slides drawn heavily from Kurose
Ross