Announcements I will have extra office hours Mon Dec 3 3 4PM Securing Communication Cryptography EE 122 Intro to Communication Networks What particular review topics would you like to have covered in the final lecture Fall 2007 WF 4 5 30 in Cory 277 Vern Paxson TAs Lisa Fowler Daniel Killebrew Jorge Ortiz http inst eecs berkeley edu ee122 Materials with thanks to Jennifer Rexford Ion Stoica and colleagues at Princeton and UC Berkeley 1 2 Goals of Today s Lecture Requirements for Secure Communication Authentication who is this actor How can we secure our use of networks Attacker counterpart spoofing Requirements for secure communication Authorization is this actor allowed to do what they request Technology for secure communication cryptography Attacker counterpart compromise Accountability Attribution who did this activity Symmetric encryption secret key Asymmetric encryption public key Cryptographic hash functions integrity signatures For messages non repudiation o Sender can t later claim didn t send it o Receiver can t claim didn t receive it Attacker counterpart framing Integrity do messages arrive in their original form Classes of attacks on cryptosystems 3 Securing Communication Cryptography Requirements for Secure Communication Confidentiality is communication free from eavesdropping Cryptography communication in the presence of adversaries Attacker counterpart sniffing man in the middle Studied for thousands of years Availability can you use the network a service when you want to See the Simon Singh s The Code Book for an excellent highly readable history Attacker counterpart Denial of Service DoS theft ofservice Central goal how to encode information so that an adversary can t extract it Audit forensics what occurred in the past but a friend can A broader notion of accountability attribution General premise there is a key possession of which allows decoding but without which decoding is infeasible Appropriate use policies regarding use of resources E g no spam no games during business hours etc 4 5 Thus key must be kept secret and not guessable 6 1 Symmetric Key Encryption Shorter Symmetric Keys Same key for encryption and decryption One way to approximate a one time pad generate a very good pseudo random number stream When used for communication central problem is key distribution And XOR the plaintext with it to get the ciphertext Key is the seed used to initialize the generator How do the parties agree on the key More general algorithms that produce keyed permutations of their input How big should the key be What can you do with a huge key Permutation different inputs mapped to different outputs Necessary so that decryption recovers a unique original Key selects between zillions of possible permutations Works with a block size e g 64 bits One time pad huge key of random bits To encrypt just XOR with the key same to decrypt Provably secure provided o You never reuse the key o and it really is random unpredictable o To encrypt a stream can encrypt blocks separately or link them Note output is same size as input other than padding Spies actually use these 7 Operation of Symmetric Key Cipher 8 Using Symmetric Keys Both the sender and the receiver use the same secret keys Plaintext Encrypt with secret key Plaintext Internet Decrypt with secret key Ciphertext 9 Symmetric Crypto for Authentication Client s secret key CHK Server s secret key SHK Does CHK SHK Notation E m k encrypt message m with key k x y nonces random values Avoid replay attacks e g attacker impersonating client or server K session key used for data communication client 10 Symmetric Key Ciphers DES AES Data Encryption Standard DES server Developed by IBM in 1970s standardized by NBS NIST 56 bit key decreased from 64 bits at NSA s request Still fairly strong other than brute forcing the key space E x C HK K y SH K E 1 SH E x E y 1 CHK o But custom hardware can crack a key in 24 hours Today many financial institutions use Triple DES DES applied 3 times with 3 keys totaling 168 bits HK E K S Advanced Encryption Standard AES Replacement for DES standardized in 2002 Key size 128 192 or 256 bits E me ssage K minimize of messages containing CHK SHK How fundamentally strong are they 11 No one knows no proofs exist 12 2 Integrity Cryptographic Hashes Operation of Hashing for Integrity Basic building block for integrity hashing Associate hash with byte stream receiver verifies match o Assures data hasn t been modified either accidentally or maliciously TCP checksum a very simple weak such hash corrupted msg Plaintext Plaintext NO Allows us to succinctly refer to large data items Approach Sender computes a digest of message m i e H m Digest MD5 o H is a publicly known hash function Send digest d H m to receiver in a secure way e g Internet digest Digest MD5 digest o Using another physical channel o Using encryption Upon receiving m and d receiver re computes H m to see whether result agrees with d 13 Cryptographically Strong Hashes 14 Effects of Cryptographic Hashing Desired properties when faced with an adversary Hard to invert o Given hash adversary can t find input that produces it Hard to find collisions o Adversary can t find two inputs that produce the same hash Someone cannot alter the message without modifying the digest Hashes let us Succinctly refer to large objects Obliquely refer to private objects e g passwords o Send hash of object rather than object itself since hard to invert o Can prepend a secret key so that hashes of known items is unpredictable 15 16 Standard Cryptographic Hash Functions MD5 Message Digest version 5 Developed in 1991 Rivest Produces 128 bit hashes Widely used RFC 1321 Broken 5 Minute Break o Recent work quickly finds collisions SHA 1 Secure Hash Algorithm Developed by NSA in 1995 as successor to MD5 Produces 160 bit hashes Widely used SSL TLS SSH PGP IPSEC Broken Questions Before We Proceed o Recent work finds collisions though not really quickly yet 17 18 3 Asymmetric Encryption Public Key Public Key Asymmetric Encryption Idea use two different keys one to encrypt e and one to decrypt d A key pair Sender uses receiver s public key Advertised to everyone Receiver uses complementary private key Crucial property knowing e does not give away d Must be kept secret Plaintext Plaintext Therefore e can be public everyone knows it If Alice wants to send to Bob she fetches Bob s public key say from Bob s home page and encrypts with it Encrypt with public key Alice can t decrypt what she s
View Full Document
Unlocking...