310 likes | 331 Views
Points of Vulnerability Network Systems Security. Mort Anvari. Points of Vulnerability. Adversary can eavesdrop from a machine on the same LAN Adversary can eavesdrop by dialing into communication server Adversary can eavesdrop by gaining physical control of part of external links
E N D
Points of Vulnerability Network Systems Security Mort Anvari
Points of Vulnerability • Adversary can eavesdrop from a machine on the same LAN • Adversary can eavesdrop by dialing into communication server • Adversary can eavesdrop by gaining physical control of part of external links • twisted pair, coaxial cable, or optical fiber • radio or satellite links
Placement of Symmetric Encryption • Two major placement alternatives • Link encryption • encryption occurs independently on every link • implies must decrypt traffic between links • requires many devices, but paired keys • End-to-end encryption • encryption occurs between original source and final destination • need devices at each end with shared keys
Placement of Encryption • Can place encryption function at various layers in OSI Reference Model • link encryption occurs at layers 1 or 2 • end-to-end can occur at layers 3, 4, 6, 7 • If move encryption toward higher layer • less information is encrypted but is more secure • application layer encryption is more complex, with more entities and need more keys
Traffic Analysis • When using end-to-end encryption, must leave headers in clear so network can correctly route information • Hence although contents are protected, traffic patterns are not protected • Ideally both are desired • end-to-end protects data contents over entire path and provides authentication • link protects traffic flows from monitoring
Key Distribution • Symmetric schemes require both parties to share a common secret key • Need to securely distribute this key • If key is compromised during distribution, all communications between two parties are compromised
Key Distribution Schemes • Various key distribution schemes for two parties • A can select key and physically deliver to B • third party C can select and deliver key to A and B • if A and B have shared a key previously, can use previous key to encrypt a new key • if A and B have secure communications with third party C, C can relay key between A and B
Key Distribution Issues • Hierarchies of KDC’s are required for large networks, but must trust each other • Session key lifetimes should be limited for greater security • Use of automatic key distribution on behalf of users, but must trust system • Use of decentralized key distribution • Controlling purposes keys are used for
Summary of Symmetric Encryption • Traditional symmetric cryptography uses one key shared by both sender and receiver • If this key is disclosed, communications are compromised • Symmetric because parties are equal • Provide confidentiality, but does not provide non-repudiation
Insufficiencies with Symmetric Encryption • Symmetric encryption is not enough to address two key issues • key distribution – how to have secure communications in general without having to trust a KDC with your key? • digital signatures – how to verify that a received message really comes from the claimed sender?
Advent of Asymmetric Encryption • Probably most significant advance in the 3000 year history of cryptography • Use two keys: a public key and a private key • Asymmetric since parties are not equal • Clever application of number theory concepts instead of merely substitution and permutation
How Asymmetric Encryption Works • Asymmetric encryption uses two keys that are related to each other • a public key, which may be known to anybody, is used to encrypt messages, and verify signatures • a private key, known only to the owner, is used to decrypt messages encrypted by the matching public key, and create signatures • the key used to encrypt messages or verify signatures cannot decrypt messages or create signatures
Applications for Asymmetric Encryption • Three categories • Encryption/decryption: sender encrypts a message with receiver’s public key • Digital signature: sender “signs” a message with its private key • Key exchange: two sides exchange a session key
Security of Asymmetric Encryption • Like symmetric schemes brute-force exhaustive search attack is always theoretically possible, but keys used are too large (>512bits) • Not more secure than symmetric encryption, dependent on size of key • Security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problems • Generally the hard problem is known, just made too hard to do in practice • Require using very large numbers, so is slow compared to symmetric schemes
RSA • Invented by Rivest, Shamir & Adleman of MIT in 1977 • Best known and widely used public-key scheme • Based on exponentiation in a finite (Galois) field over integers modulo a prime • exponentiation takes O((log n)3) operations (easy) • Use large integers (e.g. 1024 bits) • Security due to cost of factoring large numbers • factorization takes O(e log n log log n) operations (hard)
RSA Key Setup • Each user generates a public/private key pair by • select two large primes at random: p, q • compute their system modulus n=p·q • note ø(n)=(p-1)(q-1) • select at random the encryption key e • where 1<e<ø(n), gcd(e,ø(n))=1 • solve following equation to find decryption key d • e·d=1 mod ø(n) and 0≤d≤n • publish their public encryption key: KU= {e,n} • keep secret private decryption key: KR= {d,n}
RSA Usage • To encrypt a message M: • sender obtains public key of receiver KU={e,n} • computes: C=Me mod n, where 0≤M<n • To decrypt the ciphertext C: • receiver uses its private key KR={d,n} • computes: M=Cd mod n • Message M must be smaller than the modulus n (cut into blocks if needed)
Why RSA Works • Euler's Theorem: aø(n) mod n = 1 where gcd(a,n)=1 • In RSA, we have • n=p·q • ø(n)=(p-1)(q-1) • carefully chosen e and d to be inverses mod ø(n) • hence e·d=1+k·ø(n) for some k • Hence :Cd = (Me)d = M1+k·ø(n) = M1·(Mø(n))k = M1·(1)k = M1 = M mod n
RSA Example: Computing Keys • Select primes: p=17, q=11 • Compute n=pq=17×11=187 • Compute ø(n)=(p–1)(q-1)=16×10=160 • Select e:gcd(e,160)=1 and e<160 • choose e=7 • Determine d:de=1 mod 160 and d<160 • d=23 since 23×7=161=10×160+1 • Publish public key KU={7,187} • Keep secret private key KR={23,187}
RSA Example: Encryption and Decryption • Given message M = 88 (88<187) • Encryption: C = 887 mod 187 = 11 • Decryption: M = 1123 mod 187 = 88
Exponentiation • Use a property of modular arithmetic [(a mod n)(b mod n)]mod n = (ab)mod n • Use the Square and Multiply Algorithm to multiply the ones that are needed to compute the result • Look at binary representation of exponent • Only take O(log2 n) multiples for number n • e.g. 75 = 74·71 = 3·7 = 10 (mod 11) • e.g. 3129 = 3128·31 = 5·3 = 4 (mod 11)
RSA Key Generation • Users of RSA must: • determine two primes at random - p,q • select either e or d and compute the other • Primes p,qmust not be easily derived from modulus n=p·q • means p,qmust be sufficiently large • typically guess and use probabilistic test • Exponents e, d are multiplicative inverses, so use Inverse algorithm to compute the other
Security of RSA • Three approaches to attacking RSA • brute force key search (infeasible given size of numbers) • mathematical attacks (based on difficulty of computing ø(n), by factoring modulus n) • timing attacks (on running of decryption)
Factoring Problem • Mathematical approach takes 3 forms: • factor n=p·q, hence find ø(n) and then d • determine ø(n) directly and find d • find d directly • Currently believe all equivalent to factoring • have seen slow improvements over the years • as of Aug 99 best is 155 decimal digits (512 bits) with GNFS • biggest improvement comes from improved algorithm • cf “Quadratic Sieve” to “Generalized Number Field Sieve” to “Special Number Field Sieve” • 1024+ bit RSA is secure barring dramatic breakthrough • ensure p, q of similar size and matching other constraints
Timing Attacks • Developed in mid-1990’s • Exploit timing variations in operations • e.g. multiplying by small vs large number • Infer operand size based on time taken • RSA exploits time taken in exponentiation • Countermeasures • use constant exponentiation time • add random delays • blind values used in calculations
Next Class • Key management with asymmetric encryption • Diffie-Hellman key exchange