DOC PREVIEW
Berkeley ELENG 122 - Securing Communication - Cryptography

This preview shows page 1-2 out of 7 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 7 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

11Securing Communication:CryptographyEE 122: Intro to Communication NetworksFall 2007 (WF 4-5:30 in Cory 277)Vern PaxsonTAs: Lisa Fowler, Daniel Killebrew & Jorge Ortizhttp://inst.eecs.berkeley.edu/~ee122/Materials with thanks to Jennifer Rexford, Ion Stoica,and colleagues at Princeton and UC Berkeley2Announcements• I will have extra office hours Mon Dec 3,3-4PM• What particular review topics would youlike to have covered in the final lecture?3Goals of Today’s Lecture• How can we secure our use of networks?• Requirements for secure communication• Technology for secure communication:cryptography–Symmetric encryption (secret key)–Asymmetric encryption (public key)–Cryptographic hash functions (integrity,signatures)• Classes of attacks on cryptosystems4Requirements for Secure Communication• Authentication: who is this actor?– Attacker counterpart: spoofing• Authorization: is this actor allowed to do what theyrequest?– Attacker counterpart: compromise• Accountability/Attribution: who did this activity?– For messages, non-repudiationo Sender can’t later claim didn’t send ito Receiver can’t claim didn’t receive it– Attacker counterpart: framing• Integrity: do messages arrive in their original form?5Requirements for Secure Communication• Confidentiality: is communication free fromeavesdropping?– Attacker counterpart: sniffing, man-in-the-middle• Availability: can you use the network / a servicewhen you want to?– Attacker counterpart: Denial-of-Service (DoS), theft-of-service• Audit/forensics: what occurred in the past?– A broader notion of accountability/attribution• Appropriate use: policies regarding use ofresources– E.g., no spam; no games during business hours; etc.6Securing Communication: Cryptography• Cryptography: communication in the presence ofadversaries• Studied for thousands of years– See the Simon Singh’s The Code Book for an excellent,highly readable history• Central goal: how to encode information so that anadversary can’t extract it …– … but a friend can• General premise: there is a key, possession ofwhich allows decoding, but without which decodingis infeasible– Thus, key must be kept secret and not guessable27Symmetric Key Encryption• Same key for encryption and decryption• When used for communication, central problem iskey distribution– How do the parties agree on the key?• How big should the key be?• What can you do with a huge key?• One-time pad: huge key of random bits– To encrypt: just XOR with the key! (same to decrypt)– Provably secure! …. provided:o You never reuse the key …o … and it really is random/unpredictable– Spies actually use these8Shorter Symmetric Keys• One way to approximate a one-time pad: generatea (very good) pseudo-random number stream– And XOR the plaintext with it to get the ciphertext– Key is the “seed” used to initialize the generator• More general: algorithms that produce keyedpermutations of their input– Permutation = different inputs mapped to different outputs– Necessary so that decryption recovers a unique original– Key selects between zillions of possible permutations– Works with a block size (e.g., 64 bits)o To encrypt a stream, can encrypt blocks separately, or link them– Note: output is same size as input (other than padding)9Operation of Symmetric Key Cipher10Using Symmetric Keys• Both the sender and the receiver use the samesecret keysInternetEncrypt withsecret keyDecrypt withsecret keyPlaintext PlaintextCiphertext11Symmetric Crypto for Authentication• Client’s secret key: CHK• Server’s secret key: SHK• Does CHK = SHK?• Notation: E(m,k) – encryptmessage m with key k• x, y: nonces (random values)– Avoid replay attacks, e.g., attackerimpersonating client or server• K – session key used for datacommunication– minimize # of messages containingCHK / SHKE(x, CHK)E(x+1, SHK), E(y,SHK)E(y+1, CHK)E(K,SHK)clientserverE(message …, K)12Symmetric Key Ciphers - DES & AES• Data Encryption Standard (DES)– Developed by IBM in 1970s, standardized by NBS/NIST– 56-bit key (decreased from 64 bits at NSA’s request)– Still fairly strong other than brute-forcing the key spaceo But custom hardware can crack a key in < 24 hours– Today many financial institutions use Triple DES= DES applied 3 times, with 3 keys totaling 168 bits• Advanced Encryption Standard (AES)• Replacement for DES standardized in 2002• Key size: 128, 192 or 256 bits• How fundamentally strong are they?• No one knows (no proofs exist)313Integrity: Cryptographic Hashes• Basic building block for integrity: hashing– Associate hash with byte-stream, receiver verifies matcho Assures data hasn’t been modified, either accidentally - ormaliciously– TCP checksum a very simple (weak) such hash• Allows us to succinctly refer to large data items• Approach:- Sender computes a digest of message m, i.e., H(m)o H() is a publicly known hash function- Send digest (d = H(m)) to receiver in a secure way, e.g.,o Using another physical channelo Using encryption- Upon receiving m and d, receiver re-computes H(m) tosee whether result agrees with d14Operation of Hashing for IntegrityInternetDigest(MD5)PlaintextdigestDigest(MD5)=digest’NOcorrupted msgPlaintext15Cryptographically Strong Hashes• Desired properties when faced with an adversary:– Hard to inverto Given hash, adversary can’t find input that produces it– Hard to find collisionso Adversary can’t find two inputs that produce the same hash⇒ Someone cannot alter the message withoutmodifying the digest• Hashes let us– Succinctly refer to large objects– Obliquely refer to private objects (e.g., passwords)o Send hash of object rather than object itself (since hard to invert)o Can prepend a (secret) key so that hashes of known items isunpredictable16Effects of Cryptographic Hashing17Standard Cryptographic Hash Functions• MD5 (Message Digest version 5)– Developed in 1991 (Rivest)– Produces 128 bit hashes– Widely used (RFC 1321)– Broken:o Recent work quickly finds collisions• SHA-1 (Secure Hash Algorithm)– Developed by NSA in 1995 as successor to MD5– Produces 160 bit hashes– Widely used (SSL/TLS, SSH, PGP, IPSEC)– Broken:o Recent work finds collisions, though not really quickly … yet185 Minute BreakQuestions Before We Proceed?419Asymmetric Encryption (Public Key)• Idea: use two different keys, one to encrypt (e) andone to


View Full Document

Berkeley ELENG 122 - Securing Communication - Cryptography

Documents in this Course
Lecture 6

Lecture 6

22 pages

Wireless

Wireless

16 pages

Links

Links

21 pages

Ethernet

Ethernet

10 pages

routing

routing

11 pages

Links

Links

7 pages

Switches

Switches

30 pages

Multicast

Multicast

36 pages

Switches

Switches

18 pages

Security

Security

16 pages

Switches

Switches

18 pages

Lecture 1

Lecture 1

56 pages

OPNET

OPNET

5 pages

Lecture 4

Lecture 4

16 pages

Ethernet

Ethernet

65 pages

Models

Models

30 pages

TCP

TCP

16 pages

Wireless

Wireless

48 pages

Load more
Download Securing Communication - Cryptography
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Securing Communication - Cryptography and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Securing Communication - Cryptography 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?