1 15-441 LectureNov. 21st2006Dan Wendlandt Worms & VirusesDenial-of-ServiceDNS PoisoningPhishingTrojan HorseTraffic Eavesdropping Route Hijacks Password Cracking IP Spoofing SpamSpywareTraffic modificationEnd-host impersonation Origin as a small and cooperative network (=> largely trusted infrastructure) Global Addressing (=> every sociopath is your next-door neighbor*) Connection-less datagram service (=> can’t verify source, hard to protect bandwidth)* Dan Geer Anyone can connect (=> ANYONE can connect) Millions of hosts run nearly identical software (=> single exploit can create epidemic) Most Internet users know about as much as Senator Stevens aka “the tubes guy” (=> God help us all…) Yes:1) Creating a “secure channel” for communication (today)2) Protecting network resources and limiting connectivity (next Tuesday)No:1) Preventing software vulnerabilities & malware, or “social engineering”. ! ISP AISP AISP DISP DISP CISP CISP BISP BAliceBob2 ! ISP AISP AISP DISP DISP CISP CISP BISP BAliceBobMallory ! ISP AISP AISP DISP DISP CISP CISP BISP BAliceHello, I’m“Bob” " Authentication (Who am I talking to?) Confidentiality (Is my data hidden?) Integrity (Has my data been modified?) Availability (Can I reach the destination?) ##"cryptography is about communication in the presence of adversaries." - Ron Rivest“cryptography is using math and other crazy tricks to approximate magic”- Unknown 441 TA ##Tools to help us build secure communication channels that provide:1) Authentication2) Integrity3) Confidentiality##$%" Using cryptography securely is not simple Designing cryptographic schemes correctly is near impossible. Today we want to give you an idea of what can be done with cryptography.Take a security course if you think you may use it in the future (e.g. 18-487)3%&'Symmetric Crypto: (Private key)Example: AESAsymmetric Crypto: (Public key)Example: RSARequires a pre-shared secret between communicating parties?YesOverall speed of cryptographic operationsSlowNoFast ("Motivating Example:You and a friend share a key K of L random bits, and a message M also L bits long.Scheme:You send her the xor(M,K) and then they “decrypt” using xor(M,K) again. 1) Do you get the right message to your friend? 2) Can an adversary recover the message M? ("One-time Pad (OTP) is secure but usually impacticalKey is as long at the messageKeys cannot be reused (why?)Stream Ciphers:Ex: RC4, A5Block Ciphers:Ex: DES, AES, BlowfishIn practice, two types of ciphers are used that require only constant key length: (" Stream Ciphers (ex: RC4)PRNGPseudo-Random stream of L bitsMessage of Length L bitsXOR=Encrypted CiphertextK A-BBob uses KA-Bas PRNG seed, and XORs encrypted text to get the message back (just like OTP). Alice: ("Block 4Block 3Block 2Block 1Round #1 Round #2 Round #nBlock 1 Block Ciphers (ex: AES)K A-BAlice:Bob breaks the ciphertext into blocks, feeds it through decryption engine using KA-Bto recover the message.Block 2 Block 3 Block 4(fixed block size, e.g. 128 bits) (Background: Hash Function PropertiesConsistent hash(X) always yields same resultOne-way given X, can’t find Y s.t. hash(Y) = X Collision resistant given hash(W) = Z, can’t find X such that hash(X) = Z Hash FnMessage of arbitrary lengthFixed Size Hash4 ( Hash Message Authentication Code (HMAC) Hash FnMessageMAC MessageAlice Transmits Message & MACWhy is this secure? How do properties of a hash function help us?MACStep #1:Alice creates MACStep #2 Step #3Bob computes MAC with message and KA-Bto verify.K A-B ($ You already know how to do this!(hint: think about how we showed integrity)Hash FnI am BobA43FF234Alice receives the hash, computes a hash with KA-B, and she knows the sender is BobWrong!K A-B ($ What is Mallory overhears the hash sent by Bob, and then “replays” it later? ISP AISP AISP DISP DISP CISP CISP BISP BHello, I’mBob. Here’s the hash to “prove” itA43FF234 ($ A “Nonce”A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result. Hash NonceB4FE64BobK A-BNonceB4FE64AlicePerforms same hash with KA-Band compares results ($ A “Nonce”A random bitstring used only once. Alice sends nonce
View Full Document