DOC PREVIEW
Berkeley ELENG 122 - Security

This preview shows page 1-2-3-4-5 out of 16 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

SecurityOutlineThreatsCryptographyCryptography(continued)Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Security SystemsSecurity Systems (continued)Slide 14Slide 15Slide 16UCBSecurityJean WalrandEECSUCBOutlineThreatsCryptographyBasic MechanismsSecret KeyPublic KeyHashingSecurity SystemsIntegrityKey ManagementIdentificationUCBThreatsAgainst Type ProtectionComputers PhysicalInfectionIntrusion Physical security (lock)Virus detectionFirewall, passport control Users IdentityPrivacy Signature, password, watermarkEncryption, relay Documents IntegrityConfidentiality Message authentication codeEncryptionUCBCryptographyBasic Mechanism:P -> [ E(.) ] -> C -> [D(.)] -> P PlaintextEncryptionfunctionCyphertext: Sent(Encrypted Text)DecryptionfunctionUCBCryptography(continued)Basic Mechanism (continued):P -> [ E(.) ] -> C -> [D(.)] -> P D(.) is the inverse of E(.)E(.) should be a “one-way function”• Easy to compute• Hard to invert:- Looking at E(P) it should be hard to get P - Looking at many E(P), it should be hard to figure out the function D(.), or- Knowing many pairs (P, E(P)), it should be hard to figure out the function D(.)UCBCryptography(continued)Secret Key:E(.) = E(.; K), D(.) = D(.; K) where K is a shared secret: Key distributionAlice BobCP PE(. , K) D(. , K)KUCBCryptography(continued)Secret Key - EXAMPLE 1: One-Time PAD: C = P + K (addition bit-by-bit modulo 2, no carry)K = random string of bits (50% = 0, 50% = 1)If used only once, this is a perfect code! (C is perfectly random and no information about P.) Application: Top Secret transmissions. K is stored in a CD-ROM that is delivered securely ahead of time.UCBCryptography(continued)Secret Key: EXAMPLE 2: Data Encryption Standard - DESKey K DES AlgorithmPCAlgorithm is known, but the key is secretK = 40 bits => Weak 56 bits => Marginal 128 bits => SafeUCBCryptography(continued)Note: Modes of Encryption+6 4 b i t sEPn+6 4 b i t sEPnRn - 1CnRn - 1+6 4 b i t sPn+6 4 b i t sPnCn - 1CnCn - 1E DZn - 1Zn - 1+6 4 b i t sEPn+6 4 b i t sEPnRnCnRnUCBCryptography(continued)Public Key:• Bob: use E(.; Bob) to talk to me. • Only Bob knows D(.; Bob). • Trapdoor one-way function.Example: Rivest-Shamir-Adleman: p, q prime; n = pq; z = (p-1)(q-1) and e coprime; d s.t. ed = 1 mod z.If P in {0, 1, ..., n-1} and C = P^e mod n, then C^d mod n = P.(e, n) public. (d, n) private. Finding d from (e, n) is believed to be hard.UCBCryptography(continued)Hashing:• H(P) short (e.g., 160 bits). • Hard to find P and P' s.t. H(P) = H(P').UCBSecurity SystemsIntegrity: Alice sends P*H(P) where H(P) is protected bya. Authentic channel.b. Message Authentication Code: Note that E(H(P); K) with K secret may not be secure. For instance, Z = H(P)+Ris not secure since then Eve can compute H(P) from P and R from Z + H(P) and thenEve can send P' and H(P')+R.Secure: H(K2*H(K1*P)) where K1 and K2 are secret to Alice and Bob, since Eve cannotcompute H(K1*P').UCBSecurity Systems (continued)Integrity (continued): Alice sends P*H(P) where H(P) is protected byc. Digital Signature. Alice sends C = D(P; Alice) and Bob recovers P = E(C; Alice).However, if Eve constructs C' and computes P' = E(C'; Alice), Bob will think that Alice sent D(P'; Alice). Instead, Alice should send D(P*H(P); Alice) because it is unlikely that Eve can find some C' so that E(C'; Alice) has the form P'*H(P') for some P'.UCBSecurity Systems (continued)Key Management: To share a secret K:a. Hand-deliveryb. Encrypt and distribute K using some other secret key (e.g., Kerberos)Shared Key with Kerberos.; Get Loggin Key; Get Session Key.c. Use a public key to distribute secret key K (e.g., PGP)UCBSecurity Systems (continued)d. Public key agreement: Diffie-Hellman: Alice and Bob agree on public (z, p).Alice chooses a and Bob chooses b.Alice computes A = z^a mod p and sends it to Bob.Bob computes A^b mod p.Bob computes B = z^b mod p and sends it to Alice.Alice computes B^a mod p.One can show that A^b mod p = B^a mod p = z^(ab) mod p =: K.Indeed: A = z^a + mp so that A^b = (z^a + mp)^b = ... = z^(ab) mod p.However, D-H is not robust to a "person-in-the-middle" attack: Imagine Eve gets inthe middle and plays the role of Alice. Solution: Signing the exchange:Alice sends A to Bob and Bob sends B to Alice. Alice signs (A, B) and sends it to Bob;Bob signs (A, B) and sends it to Alice. Eve cannot fake these signatures.UCBSecurity Systems (continued)Identification: Bob wants to ascertain the identity of Alice.a. Passwords: Alice has a secret password K and sends (Alice, K). Bob maintains H(K) to verify Alice.However: can be intercepted.b. Challenge/Response: Bob sends string X to Alice who computes f(X, K) where K is a secretthat Alice and Bob share.However, Bob must know K.c. Public Key: Bob chooses X and sends E(X; Alice) to Alice who computes X and sends it back to Bob.d. Digital signature: Bob sends X to Alice who signs it and returns it to


View Full Document

Berkeley ELENG 122 - Security

Documents in this Course
Lecture 6

Lecture 6

22 pages

Wireless

Wireless

16 pages

Links

Links

21 pages

Ethernet

Ethernet

10 pages

routing

routing

11 pages

Links

Links

7 pages

Switches

Switches

30 pages

Multicast

Multicast

36 pages

Switches

Switches

18 pages

Switches

Switches

18 pages

Lecture 1

Lecture 1

56 pages

OPNET

OPNET

5 pages

Lecture 4

Lecture 4

16 pages

Ethernet

Ethernet

65 pages

Models

Models

30 pages

TCP

TCP

16 pages

Wireless

Wireless

48 pages

Load more
Download Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?