1CS 640CS 640 Introduction to Computer NetworksLecture28CS 640Today’s lecture• Network security– Encryption Algorithms– Authentication Protocols – Message Integrity Protocols– Key distribution – Example: SSHCS 640Why do we care about Security?• “Toto… I have a feeling we’re not in Kansas anymore.” Dorothy, The Wizard of Oz• “The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” The Art of War, Sun Tzu• There are bad guys out there who can easily take advantage of you.• Reference: Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall2CS 640Overview• Security services in networks– Privacy: preventing unauthorized release of information– Authentication: verifying identity of the remote participant – Integrity: making sure message has not been altered • Cryptography algorithms – building blocks for security – Privacy/Authentication• Secret key (e.g., Data Encryption Standard (DES))• Public key (e.g., Rivest, Shamir and Adleman (RSA))–Integrity• Message digest/hash (e.g., Message Digest version 5 (MD5))SecurityCryptographyalgorithmsPublickey(e.g., RSA)Secretkey(e.g., DES)Messagedigest(e.g., MD5)SecurityservicesAuthenticationPrivacy MessageintegrityCS 640Issues in Security• Threat models– How are bad guys trying to do bad things to you?• Key distribution– How do folks get their keys?• Implementation and verification– How can we be sure systems are secure?•Non- goal: details of crypto algorithms– We are not going to focus on proving anything about crypto algorithms• See CS642CS 640Crypto 101• Cryptographic algorithms determine how to generate encoded text (ciphertext) from plaintext using keys (string of bits) – Can only be decrypted by key holders• Algorithms– Published and stable– Keys must be kept secret– Keys cannot be deduced– Large keys make breaking code VERY hard– Computational efficiency3CS 640Secret Key (DES)PlaintextEncrypt withsecret keyCiphertextPlaintextDecrypt withsecret key• Approach: Make algorithm so complicated that none of the original structure of plaintext exists in ciphertextCS 640• Encrypt 64 bit blocks of plaintext with 64-bit key (56-bits + 8- bit parity)• 16 roundsInitial permutationRound 1Round 2Round 1656-bitkeyFinal permutation…+FLi–1Ri–1RiKiLi• Each Round• L,R = 32 bit halves of 64 bit block• K = 48 bits of 64 bit key• F = combiner function• + = XORCS 640• Encryption steps are the same as decryption• Repeat for larger messages (cipher block chaining)– IV = initialization vector = random number generated by senderBlock1IVDESCipher1Block2DESBlock3DESBlock4DES+Cipher2Cipher3Cipher4+++4CS 640Public Key (RSA)• One of the coolest algorithms ever!• Encryption– ciphertext = c = memod n (<e, n> = public key)• Decryption– Message = m = cdmod n (<d, n> = private key)•M < n– Larger messages treated as concatenation of multiple n sized blocksPlaintextEncrypt withpublic keyCiphertextPlaintextDecrypt withprivate keyCS 640RSA contd.• Choose two large prime numbers p and q (each 256 bits)• Multiply p and q together to get n• Choose the encryption key e, such that e and (p -1) x (q -1) are relatively prime.• Two numbers are relatively prime if they have no common factor greater than one• Compute decryption key d such thatd = e-1mod ((p -1) x (q -1))• Construct public key as (e, n)• Construct public key as (d, n)• Discard (do not disclose) original primes p and qCS 640RSA contd.• See example in book for applying RSA– Many others as well•Usage– for privacy encrypt with recipient’s public key and he decrypts with private key– for authentication encrypt with your private key and the recipient decrypts with your public key• Security based on premise that factoring is hard– The bigger the key the harder it is to factor– The bigger the key is more computationally expensive it is to encrypt/decrypt5CS 640Message Digest• Cryptographic checksum – a fixed length sequence of bits which is used to protect the receiver from accidental changes to the message; a cryptographic checksumprotects the receiver from malicious changes to the message.• One-way function– given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; itis not computationally feasible to find two messages that hash to the same cryptographic checksum.• Relevance– if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.CS 640Today’s lecture• Network security– Encryption Algorithms– Authentication Protocols – Message Integrity Protocols– Key distribution– Example: SSHCS 640Authentication Protocols • Three-way handshake (uses secret key - eg. password)– E(m,k) = encrypt message m with key k; C/SHK = client/server handshake key; x, y = random numbers; SK = session keyClient ServerClientId, E(x, CHK)E(y + 1, CHK)E(SK, SHK)E(x + 1, SHK), E(y, SHK)Client authenticates serverServer authenticates clientCHK = SHK6CS 640• Trusted third party (Kerberos)– A and B share secret keys (KA, KB) with trusted third party S– A,B =ID’s; T = timestamp; L = lifetime, K = session keyASBE((T, L, K, B), KA),E((A, T), K), E((T, L, K, A), KB)A, BE(T+ 1, K)E((T, L, K, A), KB)A authenticated to BB authenticated to ACS 640• Public key authentication (using eg. RSA) ABE(x, PublicB)x B authenticated to ACS 640Today’s lecture• Network security– Encryption Algorithms– Authentication Protocols – Message Integrity Protocols– Key distribution – Example: SSH7CS 640Message Integrity Protocols• Digital signature using RSA– special case of a message integrity where the code can only havebeen generated by one participant – compute signature with private key and verify with public key• Keyed MD5 (uses MD5 and RSA)–sender: m + MD5(m + k) + E(k, private) where k = random number– receiver• recovers random key using the sender’s public key• applies MD5 to the concatenation of this random key message• MD5 with RSA signature–sender: m + E(MD5(m), private) – receiver• decrypts signature with sender’s
View Full Document
Unlocking...