The OSI Reference Model

EECC694 - Shaaban
#1 lec #3 Spring2000 3-14-2000

Data Link Layer: Virtual Vs. Actual Communication

Virtual Communication

Actual Communication

EECC694 - Shaaban
#2 lec #3 Spring2000 3-14-2000

The Data Link Layer Functions

Concerned with reliable, error-free and efficient communication between adjacent machines in the network through the following functions: 1 Data Framing:
The term frame refers to a small block of data used in a specific network. The data link layer groups raw data bits to/from the physical layer into discrete frames with error detection/correction code bits added. Framing methods: Character count. Starting and ending characters, with character stuffing. Starting and ending flags with bit stuffing. Physical layer coding violations.

Error Detection/Correction:
Error Detection:
Include enough redundant information in each frame to allow the receiver to deduce that an error has occurred, but not which error and to request a retransmission. Uses error-detecting codes.

Error Correction:
Include redundant information in the transmitted frame to enable the receiver not only to deduce that an error has occurred but also correct the error. Uses error-correcting codes.

EECC694 - Shaaban
#3 lec #3 Spring2000 3-14-2000

The Data Link Layer Functions

3
Services to the network layer:
Unacknowledged connectionless service:
Independent frames sent without having the destination acknowledge them. Suitable for real-time data such as speech and video where transmission speed is more important than absolute reliability. Utilized in most LANS.

Acknowledged connectionless service:

Each frame sent is acknowledged by the receiver. Acknowledgment at the layer level is not essential but provides more efficiency than acknowledgment at higher layers (transport) which is done only for the whole message. A lost acknowledgment may cause a frame to be sent and received several times.

EECC694 - Shaaban
#4 lec #3 Spring2000 3-14-2000

The Data Link Layer Functions

Acknowledged connection-oriented service:
The sender and receiver establish a connection before any data transmission. The message is broken into numbered frames. The data link guarantees that each frame sent is received exactly once and in the right order.

Flow control:
Protocols to control the rate the sender transmits frames at a rate acceptable to the receiver, and the ability to retransmit lost or damaged frames. This insures that slow receivers are not swamped by fast senders and further aids error detection/correction. Several flow control protocols exist, but all essentially require a form of feedback to make the sender aware of whether the receiver can keep up.
Stop-and-wait Protocols: A positive acknowledgment frame is send by the receiver to indicate that the frame has been received and to indicate being ready for the next frame. Positive Acknowledgment with Retransmission (PAR); uses timeouts Sliding Window Protocols: Data frames and acknowledgement frames are mixed in both directions. Frames sent contain sequence numbers Timeouts used to initiate retransmission of lost frames.

EECC694 - Shaaban
#5 lec #3 Spring2000 3-14-2000

Placement of The Data Link Protocol

Data Channel

Adjacent routers/hosts shown

EECC694 - Shaaban
#6 lec #3 Spring2000 3-14-2000

Data Link Layer: Framing

The character count method:
The frame header includes the count of characters in the frame A transmission error can cause an incorrect count causing the source and destination to get out of synchronization Rarely used in actual data link protocols

A character stream with no errors

A character stream with one error

EECC694 - Shaaban
#7 lec #3 Spring2000 3-14-2000

Data Link Layer: Framing

Using Starting and ending characters, with character stuffing
Each frame starts with the ASCII character sequence DLE (Data Link Escape) and STX (Start of TeXt) and ends with DLE ETX (End of TeXt) When binary data is transmitted where (DLE STX or DLE ETX) can occur in data, character stuffing is used (additional DLE is inserted in the data). Limited to 8-bit characters and ASCII.

Network Layer Data at the sender

Data after character stuffing by the Data Link Layer at the sender

Network Layer Data at the Receiver

EECC694 - Shaaban
#8 lec #3 Spring2000 3-14-2000

Data Link Layer: Framing

Bit-Oriented Using Start/End Flags:
Each frame begins and ends with 01111110 Bit stuffing: After each five consecutive ones in a data a zero is stuffed Stuffed zero bits are removed by the data link layer at receiving end.

The Original Data

Data appearing on the line after bit stuffing

Data received after destuffing

EECC694 - Shaaban
#9 lec #3 Spring2000 3-14-2000

Data Link Layer: Error Detection/Correction

Simplest error detection : Parity bits and checksum (sum of 1s in data). Error-detecting and -correcting codes:
m data bits + r redundant bits added. n = m + r transmitted in frame. Only 2m code words out of possible 2m+r words are legal. The Hamming distance --minimum number of positions any two legal code words differ-- of a code defines its error detection/correction ability. To detect d errors code Hamming distance = d + 1 To correct d errors code Hamming distance = 2d + 1 Some codes are more suitable to correct burst errors rather than isolated errors. Polynomial codes: Cyclic Redundancy Check (CRC) Codes, are characterized by a generating polynomial G(X) EECC694 - Shaaban
#10 lec #3 Spring2000 3-14-2000

Cyclic Redundancy Check (CRC)

Based on polynomial arithmetic over finite field. View m-bit string a m-1a m-2 . . . a0 as a polynomial of degree m-1:

M(x) =

a m-1 x m-1 + a m-2 x m-2 + . + a0

Select a generating polynomial G(x) of degree r. Let R(x) be the remainder of xr M(x) / G(x) The code word T(x) of length m + r bit generated is then given by:

T(x) =

xr M(x) - R(x)

Assume code word T(x) is transmitted, but T(x) + E(x) arrives at the receiver: If E(x) = 0 then no transmission errors and T(x)/G(x) = 0 If E(x) {0 then transmission error(s) occurred and: [T(x) + E(x)] / G(x) { 0 EECC694 - Shaaban
#11 lec #3 Spring2000 3-14-2000

Calculation of Polynomial Code (CRC) Checksum

1. For degree of generating polynomial G(x) = r , append r zero bits to low-order of frame. The frame now has m+r bits. 2. Divide the bit string corresponding to G(X) into the bit string xrM(x) mod(2) 3. Subtract the remainder R(x) from the bit string xrM(x) mod(2) Frame: 1 1 0 1 0 1 1 0 1 1 Generator: 1 0 0 1 1 G(X) = X4 + X + 1 Message after appending four 0s: 1101011011 000 0 Remainder: 1110 Transmitted Frame: 11010110111110

EECC694 - Shaaban
#12 lec #3 Spring2000 3-14-2000

Hardware Computation of CRC

For G(x) = x16 + x12 + x5 + 1

+x5

+x12

+x16

An Example Frame Format with CRC bits

EECC694 - Shaaban
#13 lec #3 Spring2000 3-14-2000

Common CRC Generator Polynomials

CRC-32: x32 + x 26 + x 23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1
pUsed in FDDI, Ethernet.

CRC-CCITT: x16 + X12 + x5 + 1

pUsed in HDLC.

CRC-8: x8 + x2 + x + 1
pUsed in ATM.

EECC694 - Shaaban
#14 lec #3 Spring2000 3-14-2000

Use of A Hamming Code to Correct Burst Errors

EECC694 - Shaaban
#15 lec #3 Spring2000 3-14-2000

Comparison and Contrast between the OSI and TCP/IP Model

Introduction


This presentation would discuss some comparison and contrast between the 2 main reference models which uses the concept of protocol layering. Open System Interconnection Model (OSI) Transport Control Protocol /Internet Protocol (TCP/IP)

 

Introduction
 The
OSI
Application (Layer7) Presentation (Layer6) Session (Layer 5) Transport (Layer 4) Network (Layer 3) Data Link (Layer 2) Physical (Layer 1) Subnet Transport Internet Application

topics that we will be discussing would be based on the diagram below.

TCP / IP

Outline
 Compare

the protocol layers that correspond to each other.  General Comparison

Focus of Reliability Control  Roles of Host system  De-jure vs. De-facto DeDe

The Upper Layers

OSI
Application (Layer7) Presentation (Layer6) Session (Layer 5) Application

TCP / IP

Session Presentation Application

The Session Layer

The Session layer permits two parties to hold ongoing communications called a session across a network. network.  Not found in TCP/IP model  In TCP/IP,its characteristics are provided by the TCP protocol. (Transport Layer)

The Presentation Layer

The Presentation Layer handles data format information for networked communications. This is done by converting data into a generic format that could be understood by both sides. Not found in TCP/IP model In TCP/IP, this function is provided by the Application Layer. e.g. External Data Representation Standard (XDR)
Multipurpose Internet Mail Extensions (MIME)

 

The Application Layer

The Application Layer is the top layer of the reference model. It provides a set of interfaces for applications to obtain access to networked services as well as access to the kinds of network services that support applications directly.


OSI TCP/IP

- FTAM,VT,MHS,DS,CMIP - FTP,SMTP,TELNET,DNS,SNMP

Although the notion of an application process is common to both, their approaches to constructing application entities is different.

Approaches use in constructing application entities



The diagram below provides an overall view on the methods use by both the OSI and TCP/IP model.

ISO Approach
 

Sometime called Horizontal Approach OSI asserts that distributed applications operate over a strict hierarchy of layers and are constructed from a common tool kit of standardized application service elements. In OSI, each distributed application service selects functions from a large common toolbox of application service element (ASEs) and complements these with application service elements that perform functions specific to given end-user service . end-

TCP/IP Approach
 

Sometime called Vertical Approach In TCP/IP, each application entity is composed of whatever set of function it needs beyond end to end transport to support a distributed communications service. Most of these application processes builds on what it needs and assumes only that an underlying transport mechanism (datagram or connection) will be provided.

Transport Layer
OSI
Transport (Layer 4)

TCP / IP
Transport (TCP/UDP)

 The

functionality of the transport layer is to provide transparent transfer of data from a source end open system to a destination end open system (ISO / IEC 7498: 1984).

Transport Layer
 Transport

is responsible for creating and maintaining the basic end-to-end end-toconnection between communicating open systems, ensuring that the bits delivered to the receiver are the same as the bits transmitted by the sender; in the same order and without modification, loss or duplication

OSI Transport Layer



It takes the information to be sent and breaks it into individual packets that are sent and reassembled into a complete message by the Transport Layer at the receiving node Also provide a signaling service for the remote node so that the sending node is notified when its data is received successfully by the receiving node

OSI Transport Layer

 Transport

Layer protocols include the capability to acknowledge the receipt of a packet; if no acknowledgement is received, the Transport Layer protocol can retransmit the packet or time-out timethe connection and signal an error

OSI Transport Layer



Transport protocols can also mark packets with sequencing information so that the destination system can properly order the packets if they re received out-of-sequence out-ofIn addition, Transport protocols provide facilities for insuring the integrity of packets and requesting retransmission should the packet become garbled when routed.

OSI Transport Layer

 Transport

protocols provide the capability for multiple application processes to access the network by using individual local addresses to determine the destination process for each data stream

TCP/IP Transport Layer

 Defines

two standard transport protocols: TCP and UDP  TCP implements a reliable data-stream dataprotocol


connection oriented

 UDP


implements an unreliable datadatastream

connectionless

TCP/IP Transport Layer

 TCP


provides reliable data transmission  UDP is useful in many applications

eg. Where data needs to be broadcasted or multicasted

 Primary

difference is that UDP does not necessarily provide reliable data transmission

TCP/IP Transport Layer

 Many

programs will use a separate TCP connection as well as a UDP connection

TCP/IP Transport Layer

 TCP


is responsible for data recovery

by providing a sequence number with each packet that it sends

 TCP

requires ACK (ackowledgement) to ensure correct data is received  Packet can be retransmitted if error detected

TCP/IP Transport Layer

 Use

of ACK

TCP/IP Transport Layer

 Flow


control with Window

via specifying an acceptable range of sequence numbers

TCP/IP Transport Layer

 TCP

and UDP introduce the concept of ports  Common ports and the services that run on them:
    

FTP telnet SMTP http POP3

21 and 20 23 25 80 110

TCP/IP Transport Layer



 

By specifying ports and including port numbers with TCP/UDP data, multiplexing is achieved Multiplexing allows multiple network connections to take place simultaneously The port numbers, along with the source and destination addresses for the data, determine a socket

Comparing Transport for both Models



The features of UDP and TCP defined at TCP/IP Transport Layer correspond to many of the requirements of the OSI Transport Layer. There is a bit of bleed over for requirements in the session layer of OSI since sequence numbers, and port values can help to allow the Operating System to keep track of sessions, but most of the TCP and UDP functions and specifications map to the OSI Transport Layer.

Comparing Transport for both Models



The TCP/IP and OSI architecture models both employ all connection and connectionless models at transport layer. However, the internet architecture refers to the two models in TCP/IP as simply connections and datagrams. But the OSI reference model, with its penchant for precise terminology, uses the terms connection-mode and connectionconnectionconnection-oriented for the connection model and the term connectionless-mode for the connectionlessconnectionless model.

Network vs. Internet

OSI
Network (Layer 3)

TCP / IP
Internet

Like all the other OSI Layers, the network layer provides both connectionless and connectionconnection-oriented services. As for the TCP/IP architecture, the internet layer is exclusively connectionless.

Network vs. Internet



X.25 Packet Level Protocol OSI s ConnectionConnection-oriented Network Protocol

The CCITT standard for X.25 defines the DTE/DCE interface standard to provide access to a packetpacketswitched network. It is the network level interface, which specifies a virtual circuit (VC) service. A source host must establish a connection (a VC) with the destination host before data transfer can take place. The network attempts to deliver packets flowing over a VC in sequence.

Network vs. Internet



Connectionless Network Service



Both OSI and TCP/IP support a connectionless network service: OSI as an alternative to network connections and TCP/IP as the only way in use. OSI s CLNP (ISO/IEC 8473: 1993) is functionally identical to the Internet s IP (RPC 791). Both CLNP and IP are best-effort-delivery network protocols. best-effortBit niggling aside, they are virtually identical. The major difference between the two is that CLNP accommodates variable-length addresses, variablewhereas IP supports fixed, 32-bit address. 32-

Internetworking Protocols


Network vs. Internet



Internet (IP) Addresses



The lnternet network address is more commonly called the IP address. It consists of 32 bits, some of which are allocated to a high-order highnetworknetwork-number part and the remainder of which are allocated to a low-order host-number part. lowhostThe distribution of bits - how many form the network number, and how many are therefore left for the host number - can be done in one of three different ways, giving three different classes of IP address

Network vs. Internet



OSI Network Layer Addressing



ISO/IEC and CCITT jointly administer the global network addressing domain. The initial hierarchical decomposition of the NSAP address is defined by (ISO/IEC 8348). The standard specifies the syntax and the allowable values for the highhighorder part of the address - the Initial Domain Part (IDP), which consists of the Authority and Format Identifier (AFI) and the Initial Domain Identifier (IDI) - but specifically eschews constraints on or recommendations concerning the syntax or semantics of the domain specific part (DSP).

Network vs. Internet



OSI Routing Architecture



End systems (ESs) and intermediate systems (ISs) use routing protocols to distribute ( advertise ) some or all of the information stored in their locally maintained routing information base. ESs and ISs send and receive these routing updates and use the information that they contain (and information that may be available from the local environment, such as information entered manually by an operator) to modify their routing information base.

Network vs. Internet



TCP/IP Routing Architecture



The TCP/IP routing architecture looks very much like the OSI routing architecture. Hosts use a discovery protocol to obtain the identification of gateways and other hosts attached to the same network (subnetwork). Gateways within autonomous systems (routing domains) operate an interior gateway protocol (intradomain IS-IS ISrouting protocol), and between autonomous systems, they operate exterior or border gateway protocols (interdomain routing protocols). The details are different but the principles are the same.

Data link / Physical vs. Subnet

OSI
Data Link (Layer 2) Subnet Physical (Layer 1)

TCP / IP

 Data link layer

 The function of the Data Link Layer is provides for the control of the physical layer, and detects and possibly corrects errors which may occur (IOS/IEC 7498:1984). In another words, the Data Link Layer transforms a stream of raw bits (0s and 1s) from the physical into a data frame and provides an error-free transfer from one node to another, allowing the layers above it to assume virtually error-free transmission

Data link / Physical vs. Subnet

 Physical layer  The function of the Physical Layer is to provide mechanical, electrical, functional, and procedural means to activate a physical connection for bit transmission (ISO/IEC 7498:1984). Basically, this means that the typical role of the physical layer is to transform bits in a computer system into electromagnetic (or equivalent) signals for a particular transmission medium (wire, fiber, ether, etc.)

Data link / Physical vs. Subnet



Comparing to TCP/IP


These 2 layers of the OSI correspond directly to the subnet layer of the TCP/IP model. Majority of the time, the lower layers below the Interface or Network layer of the TCP/IP model are seldom or rarely discussed. The TCP/IP model does nothing but to high light the fact the host has to connect to the network using some protocol so it can send IP packets over it. Because the protocol used is not defines, it will vary from host to host and network to network

Data link / Physical vs. Subnet

 Comparing


to TCP/IP

After much deliberation by organizations, it was decided that the Network Interface Layer in the TCP/IP model corresponds to a combination of the OSI Data Link Layer and network specific functions of the OSI network layer (eg IEEE 203.3). Since these two layers deal with functions that are so inherently specific to each individual networking technology, the layering principle of grouping them together related functions is largely irrelevant.

General Comparison
 Focus

of Reliability Control  Roles of Host System  De-jure vs. De-facto DeDe-

Focus of Reliability Control

Implementation of the OSI model places emphasis on providing a reliable data transfer service, while the TCP/IP model treats reliability as an end-to-end problem. end-to Each layer of the OSI model detects and handles errors, all data transmitted includes checksums. The transport layer of the OSI model checks source-to-destination source-toreliability.  In the TCP/IP model, reliability control is concentrated at the transport layer. The transport layer handles all error detection and recovery. The TCP/IP transport layer uses checksums, acknowledgments, and timeouts to control transmissions and provides end-to-end verification. end-to

Roles of Host System

 Hosts

on OSI implementations do not handle network operations (simple terminal), but TCP/IP hosts participate in most network protocols. TCP/IP hosts carry out such functions as end-to-end end-toverification, routing, and network control. The TCP/IP internet can be viewed as a data stream delivery system involving intelligent hosts.

DeDe-jure vs. De-facto (OSI) De

OSI
 

 

Standard legislated by official recognized body. (ISO) body. The OSI reference model was devised before the protocols were invented. invented. This ordering means that the model was not biased toward one particular set of protocols, which made it quite general. general. The down side of this ordering is that the designers did not have much experience with the subject and did not have a good idea of which functionality to put in which layer. layer. Being general,the protocols in the OSI model are better hidden than in the TCP/IP model and can be replaced relatively easily as the technology changes. changes. Not so widespread as compared with TCP/IP. (complex , costly) TCP/IP. More commonly used as teaching aids. aids.

DeDe-jure vs. De-facto (TCP/IP) De

TCP/IP
 

Standards adopted due to widespread use. (Internet) The protocols came first, and the model was really just a description of the existing protocols. There was no problem with the protocols fitting the model, but it is hardly possible to be use to describe other models. models. Get the job done" orientation. Over the years it has handled most challenges by growing to meet the needs. More popular standard for internetworking for several reasons :
 

relatively simple and robust compared to alternatives such as OSI available on virtually every hardware and operating system platform (often free) the protocol suite on which the Internet depends.

The End


Project team members

    

ANDREW TAN TENG HONG MAH CHEE MENG CHEE YEW WAI TAN YOKE CHUAN CHEONG KIM MING

Chapter 8 Network Security Principles, Symmetric Key Cryptography, Public Key Cryptography
Professor Rick Han University of Colorado at Boulder rhan@cs.colorado.edu

Network Security
Classic properties of secure systems: Confidentiality
Encrypt message so only sender and receiver can understand it. Both sender and receiver need to verify the identity of the other party in a communication: are you really who you claim to be? Does a party with a verified identity have permission to access (r/w/x/) information? Gets into access control policies.

Authentication

Authorization

Prof. Rick Han, University of Colorado at Boulder

Network Security (2)

Classic properties of secure systems: (cont.) Integrity
During a communication, can both sender and receiver detect whether a message has been altered? Originator of a communication cant deny later that the communication never took place Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.

Non-Repudiation

Availability

Prof. Rick Han, University of Colorado at Boulder

Cryptography
plaintext Encryption ciphertext Decryption plaintext

Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys
Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published ciphertext Encryption Decryption plaintext

plaintext

Key KA

Prof. Rick Han, University of Colorado at Boulder

Key KB

Cryptography (2)
Cryptography throughout history:
Julius Caesar cipher: replaced each character by a character cyclically shifted to the left. Weakness? Easy to attack by looking at frequency of characters Mary Queen of Scots: put to death for treason after Queen Elizabeths Is spymaster cracked her encryption code WWII: Allies break German Enigma code and Japanese naval code Enigma code machine (right)

Prof. Rick Han, University of Colorado at Boulder

Cryptography (3)
Cryptanalysis Type of attacks:
Brute force: try every key Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same key (but doesnt know plaintext). Possible to recover plaintext (also possible to deduce key) by looking at frequency of ciphertext letters Known-plaintext attack: Attacker observes pairs of plaintext/ciphertext encrypted with same key. Possible to deduce key and/or devise algorithm to decrypt ciphertext.

Prof. Rick Han, University of Colorado at Boulder

Cryptography (4)
Cryptanalysis Type of attacks:
Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext. Attacker has more control than known-plaintext attack and may be able to gain more info about key Adaptive Chosen-Plaintext attack: Attacker chooses a series of plaintexts, basing the next plaintext on the result of previous encryption Differential cryptanalysis very powerful attacking tool But DES is resistant to it

Cryptanalysis attacks often exploit the redundancy of natural language

Lossless compression before encryption removes redundancy Prof. Rick Han, University of
Colorado at Boulder

Principles of Confusion and Diffusion

plaintext Encryption ciphertext Decryption plaintext

Key KA

Key KB

Terms courtesy of Claude Shannon, father of Information Theory Confusion = Substitution

a -> b Caesar cipher abcd -> dacb DES
Prof. Rick Han, University of Colorado at Boulder

Diffusion = Transposition or Permutation

 Confusion : a classical Substitution Cipher

Principles of Confusion and Diffusion (2)

Courtesy: Andreas Steffen

Modern substitution ciphers take in N bits and substitute N bits using lookup table: called SProf. Rick Han, University of Boxes Colorado at Boulder

 Diffusion : a classical Transposition cipher

Principles of Confusion and Diffusion (3)

Courtesy: Andreas Steffen

modern Transposition ciphers take in N bits and permute using lookup table : called PProf. Rick Han, University of Boxes Colorado at Boulder

Symmetric-Key Cryptography
plaintext Encryption ciphertext Decryption plaintext

Key KA

Key KB=KA Secure Key Distribution

Both sender and receiver keys are the same: KA=KB The keys must be kept secret and securely distributed well study this later Thus, also called Secret Key Cryptography Data Encryption Standard (DES)
Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (2)

DES
64-bit input is permuted 16 stages of identical operation differ in the 48-bit key extracted from 56-bit key - complex R2= R1 is encrypted with K1 and XORd with L1 L2=R1, Final inverse permutation stage

Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (3)

Data Encryption Standard (DES)
Encodes plaintext in 64-bit chunks using a 64-bit key (56 bits + 8 bits parity) Uses a combination of diffusion and confusion to achieve security abcd dbac Was cracked in 1997 Parallel attack exhaustively search key space Triple-DES: put the output of DES back as input into DES again with a different key, loop again: 3*56 = 168 bit key Decryption in DES its symmetric! Use KA again as input and then the same keys except in reverse order Advanced Encryption Standard (AES) successor

Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (4)

DES is an example of a block cipher
Divide input bit stream into n-bit sections, encrypt only that section, no dependency/history between sections

Courtesy: Andreas Steffen

In a good block cipher, each output bit is a function of all n input bits and all k key bits
Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (5)

Electronic Code Book (ECB) mode for block ciphers of a long digital sequence

Vulnerable to replay attacks: if an attacker thinks block C2 corresponds to $ amount, then substitute another Ck Attacker can also build a codebook of <Ck, guessed Pk> pairs
Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (6)

Cipher Block Chaining (CBC) mode for block ciphers

Inhibits replay attacks and codebook building: identical input plaintext Pi =Pk wont result in same output code due to memorybased chaining IV = Initialization Vector use only once
Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (7)

Stream ciphers

Rather than divide bit stream into discrete blocks, as block ciphers do, XOR each bit of your plaintext continuous stream with a bit from a pseudo-random sequence At receiver, use same symmetric key, XOR again to extract plaintext
Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (8)

RC4 stream cipher by Ron Rivest of RSA Data Security Inc. used in 802.11bs security Block ciphers vs. stream ciphers
Stream ciphers work at bit-level and were originally implemented in hardware => fast! Block ciphers work at word-level and were originally implemented in software => not as fast Error in a stream cipher only affects one bit Error in a block cipher in CBC mode affects two blocks Distinction is blurring: Stream ciphers can be efficiently implemented in software Block ciphers getting faster

Prof. Rick Han, University of Colorado at Boulder

Symmetric-Key Cryptography (9)

Symmetric key is propagated to both endpoints A & B via Diffie-Hellman key exchange algorithm
A & B agree on a large prime modulus n, a primitive element g, and a one-way function f(x)=gx mod n n and g are publicly known A chooses a large random int a and sends B AA=ga mod n B chooses a large random int b and sends A BB= gb mod n A & B compute secret key S = gba mod n Since x=f-1(y) is difficult to compute, then observer who knows AA, BB, n, g and f will not be able to deduce the product ab and hence S is secure

Prof. Rick Han, University of Colorado at Boulder

Symmetric Key Distribution

Key distribution Public key via trusted Certificate Authorities Symmetric key?
Diffie-Helman Key Exchange Public key, then secret key (e.g. SSL) Symmetric Key distribution via a KDC (Key Distribution Center)

Prof. Rick Han, University of Colorado at Boulder

Symmetric Key Distribution (2)

Symmetric Key distribution via a KDC (Key Distribution Center)
KDC is a server (trusted 3rd party) sharing a different symmetric key with each registered user Alice wants to talk with Bob, and sends encrypted request to KDC, KA-KDC(Alice,Bob) KDC generates a one-time shared secret key R1 KDC encrypts Alices identity and R1 with Bobs secret key, let m= KB-KDC(Alice,R1) KDC sends to both Alice R1 and m, encrypted with Alices key: i.e. KA-KDC(R1, KB-KDC(Alice,R1)) Alice decrypts message, extracting R1 and m. Alice sends m to Bob. Bob decrypts m and now has the session key R1
Prof. Rick Han, University of Colorado at Boulder

Symmetric Key Distribution (3)

m=

Kerberos authentication basically follows this KDC trusted 3rd party approach In Kerberos, the message m is called a ticket and has an expiration time
Prof. Rick Han, University of Colorado at Boulder

Chapter 8 Public Key Cryptography, Authentication, Data Integrity

Professor Rick Han University of Colorado at Boulder rhan@cs.colorado.edu

Public-Key Cryptography
plaintext Encryption ciphertext Decryption plaintext

Key KPUBLIC

Key KPRIVATE

For over 2000 years, from Caesar to 1970s, encrypted communication required both sides to share a common secret key => key distribution problems! Diffie and Hellman in 1976 invented asymmetric public key cryptography elegant, revolutionary! Senders key differs from receivers key Simplifies key distribution just protect Kprivate Useful for authentication as well as encryption

Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (2)

plaintext Encryption ciphertext Decryption plaintext

Key KPUBLIC Public Key Distribution

Key KPRIVATE Secure Key

Host (receiver) who wants data sent to it in encrypted fashion advertises a public encryption key Kpublic Sender encrypts with public key Receiver decrypts with private key

Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (3)

plaintext Encryption ciphertext Decryption plaintext

Key KPUBLIC Public Key Distribution

Key KPRIVATE Secure Key

Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext, and it is computationally infeasible to deduce Kprivate even though attacker knows the public key Kpublic and the encryption algorithm
Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (4)

Decryption algorithm has the property that only a private key Kprivate can decrypt the ciphertext Based on the difficulty of factoring the product of two prime #s Example: RSA algorithm (Rivest, Shamir, Adleman) Choose 2 large prime #s p and q n=p*q should be about 1024 bits long z=(p-1)*(q-1) Choose e<n with no common factors with z Find d such that (e*d) mod z = 1 Public key is (n,e), private key is (n,d) Message m is encrypted to c = me mod n Ciphertext c is decrypted m = cd mod n

Prof. Rick Han, University of Colorado at Boulder

RSA example:
A host chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z.

encrypt:

letter L

m 12 d

c = me mod n 17 d m = c mod n 12

1524832

decrypt:

c 17

letter L

481968572106750915091411825223072000

Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (4)

Provides security because: There are no known algorithms for quickly factoring n=p*q, the product of two large prime #s If we could factor n into p and q, then it would be easy to break the algorithm: have n, p, q, e, then just iterate to find decryption key d. Public-key cryptography is slow because of the exponentiation: m = cd mod n = (me)d mod n = (md)e mod n From 21-64 kbps (1024-bit value for n) So, dont use it for time-sensitive applications and/or use only for small amounts of data well see how SSL makes use of this

Prof. Rick Han, University of Colorado at Boulder

Public-Key Cryptography (5)

A 512 bit number (155 decimals) was factored into two primes in 1999 using one Cray and 300 workstations 1024 bit keys still safe Incredibly useful property of public-key cryptography: m = cd mod n = (me)d mod n = (md)e mod n Thus, can swap the order in which the keys are used. Example: can use private key for encryption and a public key for decryption will see how it is useful in authentication!

Prof. Rick Han, University of Colorado at Boulder