240 likes | 371 Views
Security and Cryptography. Security: all issues which make secure communication (information transmission, two (multiple) party interaction) over insecure channels . Cryptography: the science and art of manipulating messages to make them secure. Classical cryptographic techniques.
E N D
Security and Cryptography • Security: all issues which make secure communication (information transmission, two (multiple) party interaction) over insecure channels. • Cryptography: the science and art of manipulating messages to make them secure. • Classical cryptographic techniques. • Along with the development of communication networks and their broad applications, network security is becoming a more serious problem. • Thus, call for modern cryptography.
Server Client client Man-in-middle Client Server replay Server Client modify Server Client Attacker Server Network threats and attacks Eavesdropping Passive: Traffic analysis Masquerading Replay Active: Modification Denial of service
Security requirements for transmitting information • Privacy or confidentiality: the information should be readable only by the intended receiver. i.e., protect the information from eavesdropping. • Integrity: the receiver can confirm that a message has not been altered during transmission, i.e., protect the information from tampering. • Authentication: any party (sender or receiver) can verify that the other party is who he or she claims to be, i.e., validate the identity of the other party. • Nonrepudiation: the sender can not deny having sent a given message. i.e., if a transaction (e.g., a purchase) has occurred between two parties, the nonrepudiation service can prove that for any party, he/she really performed the transaction him/herself, not by any other person.
Approaches to implementing security By encryption (and decryption) Confidentiality: Sender: encrypts the message using a key and sends the encrypted message. Receiver: decrypts the encrypted message using the same key as the sender’s key or a key derivable from the sender’s key. Integrity: By checksum or hash value/message digest. Sender: computes checksum/hash value/message digest from the message and sends the message along with the checksum/hash value/message digest. Receiver: re-computes checksum/hash value/message digest from received message and compares with the transmitted checksum/hash value/message digest. Both are transmitted message checksum In some sense, it likes error-detection. Problem: the attacker, after intercepting the message, modifies the message, computes the checksum for modified message, and resends them. Solution: keyed checksum/hash value/message digest. Message + checksum are transmitted key message checksum
Approaches to implementing security (cont.) Authentication: Traditional user ID and password. Modern cryptography based authentication. --Digital signature. Undeniable signature, i.e., Nonrepudiation: Digital signature + verification protocol + disavowal protocol
Security requirements and their implementation encryption (and decryption) Confidentiality: Integrity: checksum or hash value/message digestorMAC. Authentication: user ID and password or Digital signature. Nonrepudiation: Undeniable signature Availability: Intrusion detection and defense Authorization: Access control Accountability: Log, record, trace, system administration Q: how to defense Replay attack? Timestamps and/or sequence numbers.
Classification of cryptosystems • Secret key systems vs. public key systems • Classical vs. modern • Classical: secret key systems • Shift, Affine, Vigenere, Hill, Permutation (transposition) cipher, Stream cipher • Modern: • Secret key systems • DES, AES, PGM • Public key systems • RSA, ElGamal, Elliptic Curve
Shift cipher--example • Suppose a plaintext word: cryptography • Change each letter by shifting the letter three position rightward • The cipherword is: FUBSWRJUDSKB Question: if given the above cipherword, how to get original word? Change each letter by shifting the letter three position leftward. This kind of cryptosystem is called “Caesar Cipher”
Secret cryptosystem--DES • Data Encryption Standard (DES) • First version in 1975, developed by IBM. • A type of iterated cipher. • Plaintext block: 64 bits, key: 56 bits, ciphertext block:64 bits. • Steps: • Initial permutation (IP) • 16 rounds of transformations • Inverse permutation (IP-1)
Key management and exchange • Key is the essential part in any cryptosystem, especially in secret key systems. • How to distribute/exchange key/keys between two users/any pair of multiple users. • Therefore key management and key exchange come into play. • Also public key systems appeared.
Why public-key cryptography • The two communicants in secret key system require the • prior communication of key, using a secure channel. • it is very difficult to achieve in practice. Unless the two • communicants meet together, phone call, post mail, email • etc., are not secure. • Suppose there are n users and every pair of users want to • communicate. In secret-key system, it is necessary that • the total number of keys is n(n-1)/2. Very difficult to • management and quite insecure. • However, in public-key system, every user selects his/her • own private key and public key, and publicizes the public • key but keep the private key secret. Quite easy and very secure. The main problem with public-key system is that it is very slow.
Public-key cryptosystem • Secret-key cryptosystem: • eK & dK: dK is the same as or derived from eK. • Called symmetric-key cryptosystem. • Problem: how to distribute eK & dK to Alice & Bob securely. • Public-key cryptosystem: • Computationally infeasible to compute dK from eK. • Called asymmetric-key cryptosystem. • eK is made public, called public key • But dK is kept secret, called private key.
Public-key system: how it works • Everybody selects its own public keyP and private key S, and publicizes P. • Therefore Alice has (Pa , Sa), and Bob has (Pb , Sb). • Everybody knows Pa, Pb, … • Suppose Alice wants to send a message to Bob. • Alice encrypts the message with Bob’s public keyPb and sends out. • (only) Bob can decrypt the message using his private keySb. Nobody else can.
RSA cryptosystem • Suppose n=pq, where p and q are big primes. • Select (find) a and b, such that ab=1 mod (n). • K=(n,p,q,a,b), publicize n,b, but keep p,q,a secret. • For any x,yZn , define • eK(x)= xb mod n • dK(y)= ya mod n • Of course, from n,b, it is very difficult to get a (as well as p,q,(n)).
Two party key management • By public key cryptosystems: • Alice selects a random value k as a key • Alice encrypts the key k with Bob’s public key and sends to Bob • Bob decrypts the key using his private key • Alice and Bob encrypt/decrypt messages using secret key systems such as DES with the key k. • This is a typical combination of secret and public key systems. • By Diffie-Hellman key agreement • Based on Discrete Logarithm Problem
DLP (Discrete Logarithm Problem) • Suppose p is an odd prime. • Zp={0,1,…,p-1} is a finite field. • Zp* : the set of integers which are relatively prime to p. • {a Zp| gcd(a, p)=1}={1,…,p-1} • it is a cyclic multiplicative group. • g is a generator of Zp* , • i.e. , Zp* ={g0 mod p, g1mod p, …, gp-2mod p}. • DLP problem • Given any a, compute b=g a(mod p) is easy. • given any b, find an asuch that b = g a (mod p) is difficult. • Denoted as a = log g b. Omit: mod p for simplicity.
(Two-party) Diffie-Hellman (DH) key exchange Suppose p and g are publicly known: g a mod p) (bg b mod p) (a g a Bob Alice g b K=(ga) b=g ab K=(gb) a=g ab Anyone else can compute g a g b = g a+b but notg ab
cryptology • Cryptology = cryptography + cryptanalysis. • Cryptography: devise cryptosystems. • Cryptanalysis: break cryptosystems.
Kerckhoff principle and attack levels • Kerckhoff principle: the cryptosystem is publicly known, but only the key is secret. Breaking a cryptosystem (i.e., cryptanalysis) means figuring out the key currently used. • Attack levels: • Ciphertext-only: the attacker possesses a string of ciphertext, y. • Known plaintext: the attacker possesses a string of plaintext, x, and the corresponding ciphertext, y. • Chosen plaintext: the attacker has obtained temporary access to the encryption machinery. Hence, he can choose a plaintext string, x, and construct the corresponding ciphertext string, y. • Chosenciphertext: the attacker has obtained temporary access to the decryption machinery. Hence, he can choose a ciphertext string, y, and construct the corresponding plaintext string, x.
Internet security protocols • The Internet has implemented a suite of security protocols combining secret-key, public-key, digital signature, message digest, etc. • IPSec (IP security): i.e., IP layer / network layer • SSL (Secure Socket Layer) & TLS (Transport Layer Security): transport layer • SSH (Secure Shell), SFTP, HTTPS, PGP (Pretty Good Privacy): application layer
IPSec key agreement Crypto suites I support Crypto suite I choose ga mod p Entity A Entity B gb mod p gab mod p{“Alice”, proof I am Alice} gab mod p{“Bob”, proof I am Bob}
SSL position Copied from http://developer.netscape.com/docs/manuals/security/sslin/
SSL functionality • Server authentication (by public certificate) • Client authentication (Optional) • Data encryption (by secret key system) • Integrity protection by (MAC)
SSL handshake I want to talk, ciphers I support, RC Certificate (PS), cipher I choose, RS Client Server {S}PS, {keyed hash of handshake MSG} compute compute K=f(S,RC,RS) {keyed hash of handshake MSG} K=f(S,RC,RS) Data protected by keys derived from K There are total six keys, three keys (encryption key, IV, integrity key) in each direction.