Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Steenkiste & Eckhardt, SCS, CMU1Lecture 24Security - TechnologyPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 NetworkingMutilated by Dave Eckhardt, F'04, S'06Steenkiste & Eckhardt, SCS, CMU1OutlineTextbook coverage»Chapter 8»Do not get bogged down in mathematics of DES, RSA»Do understand how to use them to get jobs doneSecurity threats and techniques.Encryption»Private-key, public-keyHashingIP security (IPsec)Steenkiste & Eckhardt, SCS, CMU1Security ThreatsImpersonation.»Pretend to be another user with the intent of getting access to information or servicesSecrecy.»Get access to the contents of packetsMessage integrity.»Change a message unbeknownst to the sender or receiverRepudiation»Denying having sent a messageBreaking into systems.»To steal or destroy contentsDenial of service.»Flooding the system so users with legitimate needs cannot get serviceSteenkiste & Eckhardt, SCS, CMU1Active Versus Passive ThreatsActive ThreatsPassive ThreatsRelease ofMessage ContentsTraffic AnalysisReplayImpersonateModifying ofMessage contentsDenial ofServiceSteenkiste & Eckhardt, SCS, CMU1Three Levels of DefenseUsing firewalls to limit access to the network.»Packets that cannot enter the network cannot cause harm»Packets that do not leave the network cannot leak secretsSecuring the infrastructure at the network layer (IP).»Host to host or at a finer grain»Can be viewed as management tool: can be done without knowledge of applicationsApplication level security.»Communicating peers execute protocols to secure their communication channel»Essential for critical applications: end-to-end security»Requires effort from both application developers and usersSteenkiste & Eckhardt, SCS, CMU1Encryption Ciphertext = E(plaintext, KE) Plaintext = D(ciphertext, KD) Algorithm = E(), D()Algorithm should generally be public»Otherwise when (!!) it is cracked you won't hear about it»Easier to get known-good software implementations»Encourages fast hardware implementationsKeys are generally kept private»Easier to change a key than an algorithmGiven the ciphertext, it must be “very difficult” to calculate the plaintext without KD »Difficult = computationally very expensive»Resistant to known attacksSteenkiste & Eckhardt, SCS, CMU1Special Cases Ciphertext = E(plaintext, KE) Plaintext = D(ciphertext, KD) Algorithm = E(), D()Details»E() and D() may be the same function»KE and KD may be the same key»This is called symmetric encryptionSteenkiste & Eckhardt, SCS, CMU1Perfect Encryption: One-Time Pad“Pad” = large nonrepeating set of truly random key lettersAlgorithm often simple»KE == KD, E() == D() == XOR()Perfect if and only if »Key bits are truly random»Key bits are never re-usedTBFRGFARFM......................ONETIMEPADplaintextone-time padIPKLPSFHGQciphertextSteenkiste & Eckhardt, SCS, CMU1Simple ApplicationsMaintain secrecy of messageProve identity by knowing a key»two parties must have a shared secretA: m = “secret msg”m’ = E(m, KE)AB: m’B: m = D(m’, KD)A: m = “I am A”m’ = E(m, KE)AB: m, m’B: verify m = D(m’, KD)Steenkiste & Eckhardt, SCS, CMU1Public Key versus Private KeyCryptographyPrivate key (symmetric, e.g., DES)»Two parties share (keep private) a key k»Encrypt plaintext using k»Also decrypt ciphertext using k -- symmetricPublic key (asymmetric, e.g., RSA)»Keys come in pairs, Kprivate and Kpublic»Kprivate is kept private by its owner»Kpublic is published»Sender encrypts with recipient’s public key C=E(M, Kpublic)»Recipient uses private key to decrypt M=D(C, Kprivate)»Must be “impossible” to derive private key from publicSteenkiste & Eckhardt, SCS, CMU1Authentication RevisitedParties must share a secret before they can communicate.Need a separate channel to establish the shared key.Distribution of keys is easier: public directory of public keysStill need a way to reliably distribute public keys.A: m = “I am A”m’ = {m}ksharedAB: m, m’B: verify m’ = {m}ksharedA: m = “I am A”m’ = {m}kprivateAB: m, m’B: verify m = {m’}kpublicPrivate keyPublic keySteenkiste & Eckhardt, SCS, CMU1Data Encryption StandardDESExample of symmetric-key cryptography.Basically permutes the bits based on a 56-bit key.»Substitution: reduce the relationship between plaintext and ciphertext»Diffusion: move the bits aroundHow secure is DES?»It is becoming less secure as computers get faster»DES has recently been “cracked” by teams of volunteers using both lots of idle workstations, and special-purpose hardwareSecurity can be improved by running the algorithm several times, e.g. Triple-DES»Odd fact: 2DES is less safe than DES!Steenkiste & Eckhardt, SCS, CMU1DES AlgorithmUse a 64-bit key to encrypt data in 64-bit blocks»Actually 56-bit key: every 8th bit is parity16 “rounds”»The 56-bit key K is used to generate 16 48-bit keys K1…K16, one for each roundIn each round:»Substitution (S-boxes)»Permutation (P-boxes)MCK1K2K16KSteenkiste & Eckhardt, SCS, CMU1RSA AlgorithmExample of a public key system.»Name based on the names of its foundersKey pair based on a pair of large prime numbers.»Different key sizes can be used»Larger key sizes are harder to crack but also result in more expensive encryption and decryptionEncryption and decryption is based on exponentiation and remainder calculation.The security of RSA is based on the fact that there is no known algorithm for quickly factoring large numbersSteenkiste & Eckhardt, SCS, CMU1Public vs. Private Key SystemsScale of key management.»If N users want to communicate securely, private key systems require Nx(N-1)/2 keys while public key systems require only N key pairsComputational cost.»Public key cryptography is much more expensive than private key cryptographyCompromise: use public key system to agree on temporary private keysOr: use an authentication server to reduce the key management complexity of private key systems.»Authentication server versus public key serverSteenkiste & Eckhardt, SCS, CMU1Cryptanalysis: Types of AttackGoal:
View Full Document