Beruflich Dokumente
Kultur Dokumente
cryptography and its many uses beyond confidentiality message integrity digital signature authentication
Security basics
what is network security?
principles of cryptography
usage of cryptography for network security message integrity digital signature end point authentication key establishment
channel
Bob
data
secure receiver
Trudy
data
transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address
in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)
Security basics
what is network security?
principles of cryptography
security
key establishment
Cryptography
cryptography: a set of mathematical
functions with a set of nice properties. A common mechanism for enforcing policies. encrypt clear text into cipher text, and vice versa properties of good encryption techniques
encryption
extremely
encryption key)
Cryptography algorithms
symmetric key algorithm: one shared by a
symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private)
10
plaintext: ciphertext:
E.g.:
abcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
Q: how hard to break this simple cipher?: brute force (how hard?) other?
11
KA-B
decryption plaintext algorithm m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value?
12
DES challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining
13
14
standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
15
receiver know shared secret key Q: how to agree on key in first place (particularly if never met)?
approach [DiffieHellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver
16
plaintext message, m
17
KB
19
e e c = m mod n (i.e., remainder when m is divided by n) d m = c d mod n (i.e., remainder when c is divided by n)
Magic m = (m e mod n) d mod n happens! c
20
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. me 1524832 c = me mod n
encrypt:
letter l
m 12 d c
17 m = cd mod n letter 12 l
decrypt:
c 17
481968572106750915091411825223071697
21
m = (m e mod n) d mod n
Useful number theory result: If p,q prime and n = pq, then: y y mod (p-1)(q-1) x mod n = x mod n
mod n
= m mod n
(since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )
= m
22
+ = m = K (K (m)) B B
Security basics
what is network security?
principles of cryptography
security
key establishment
Message integrity
Bob receives msg from Alice, wants to ensure:
message originally came from Alice message not changed since sent by Alice
Cryptographic hash:
takes input m, produces fixed length value, H(m) computationally infeasible to find two different
25
(message)
m
append
H(.) m
H(m+s)
public Internet
m
compare
H(m+s)
H(m+s)
26
MACs in practice
MD5 hash function widely used (RFC 1321)
computes
128-bit MAC in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x
recent (2005) attacks on MD5
27
Security basics
what is network security?
principles of cryptography
security
key establishment
Digital signatures
Cryptographic technique analogous to handwritten signatures.
sender (Bob) digitally signs document,
establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
29
Message digests
Computationally expensive to publickey-encrypt long messages Goal: fixed-length, easyto-compute digital fingerprint apply hash function H to m, get fixed size message digest, H(m).
large message m
H: Hash Function
H(m)
Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m)
30
KB
large message m
H: Hash function
KB(H(m))
Bobs public key
KB
KB(H(m))
H(m)
H(m)
equal ?
31
Security basics
what is network security?
principles of cryptography
security
key establishment
OK
Failure scenario??
33
OK
34
Nonce: number (R) used only once in-a-lifetime Protocol: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key
I am Alice R
KA-B (R) Failures, drawbacks?
Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
35
I am Alice
R K A (R) KA Failures, drawbacks?
+ -
and knows only Alice could have the private key, that encrypted R such that + K (K (R)) = R A A
KA (KA (R)) = R
Bob computes + -
36
- + m = K (K (m)) A A
+ K (m) A
Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well!
38
Security basics
what is network security?
principles of cryptography
security
key establishment
Key Establishment
Symmetric key problem:
How do two entities
Solutions:
Deffie-Hellman trusted key distribution
public key (from web site, e-mail, diskette), how does he know it is Alices public key, not Trudys?
Solution:
trusted certification
authority (CA)
40
secret integer
42
registered user (many users) Alice shares a key with KDC: KA-KDC Bob shares a key with KDC: KB-KDC
each
KDC
KA-KDC KP-KDC
KP-KDC
KB-KDC
KX-KDC
KA-KDC
43
KA-KDC(A,B)
Alice knows R1
Alice and Bob communicate: using R1 as session key for shared symmetric encryption
44
need infrastructure support -: single bottleneck, single point of failure +: computation load centered at KDC
Q: are these two approaches suitable for
sensor networks?
45
Certification authorities
Certification authority (CA): binds public key to particular
E provides proof of identity to CA. CA creates certificate binding E to its public key. certificate containing Es public key digitally signed by CA CA says this is Es public key
digital signature (encrypt)
CA K -
KB
private key
CA
Certification authorities
When Alice wants Bobs public key:
gets Bobs certificate (Bob or elsewhere). apply CAs public key to Bobs certificate, get Bobs public key
+ KB
+ K CA
47
A certificate contains:
Serial number (unique to issuer) info about certificate owner, including algorithm and key
info about
48
Security basics
what is network security?
principles of cryptography
usage of cryptography for network
security
message
Securing e-mail
Alice wants to send an email to Bob
50
KS(m )
KS(m ) Internet
KS( )
+
KS
K B( ) KB
KB(KS )
KS
K B( ) KB
KB(KS )
Alice:
generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob.
51
KS(m )
KS(m ) Internet
KS( )
+
KS
K B( ) KB
KB(KS )
KS
K B( ) KB
KB(KS )
Bob:
uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m
52
message integrity.
53
message integrity.
KA
H(.)
K A( )
KA(H(m))
KA(H(m))
Internet
KA KA( )
H(m )
+
m
compare H( )
H(m )
message integrity.
KA
H( )
KA( )
KA(H(m))
KS
+
m KS
KS( )
+
K B( ) KB
Internet
KB(KS )
Alice uses three keys: her private key, Bobs public key, newly created symmetric key
55
scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman, was target of 3-year federal investigation.
56
57