400 likes | 416 Views
An overview of network security and cryptography, including concepts like encryption, decryption, key exchange, authentication, signatures, hashing, and certificates. Learn about symmetric and asymmetric encryption schemes, block and stream ciphers, and the use of public and private keys.
E N D
CryptoLandscape overview Gene Itkis: BU CAS 591(458) - Network Security
Definitions and Concepts Gene Itkis: BU CAS 591(458) - Network Security
What is Cryptography? • It all started with • Encryption/Decryption -plaintext “attack at midnight” - ciphertext “buubdl bu njeojhiu” Gene Itkis: BU CAS 591(458) - Network Security
bla-bla bla-bla Encryption / Decryption (cont.) Shared Key ciphertext msg decoder (ciphertext in - plaintext out) encoder (plaintext in - ciphertext out) cmb-cmb eavesdropper (should understand nothingabout the msg) Gene Itkis: BU CAS 591(458) - Network Security
Crypto tools • Encryption/decryption – to hide info • Key exchange - to establish shared key • Authentication – to establish shared key with the party you really meant to • public • private • Signatures • Hashing • Certificates, PKI Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Key exchange • Alice and Bob want to establish a shared secret (key) when other people (eavesdroppers) are listening • Passive – just looking • Active – may change msgs Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Key exchange: man-in-the-middle • Key exchange without Authentication • Subject to Man-in-the-Middle attack • Attacker translates between the keys, reading and/or modifying the messages • Authentication afterwards will not help! Shared w/Alice Shared w/Bob Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Authentication M Alice sends a msg to Bob Bob wants to be sure the msg is really from Alice Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Verify(M, SigM, …) Signatures = (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Authentication:“public” • checks • contracts • love letters ??? Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Public Key Signatures PAlice • Public Key • Secret Key Verify(M, SigM, PAlice ) Gene Itkis: BU CAS 591(458) - Network Security
PAlice CA Certificates Alice Charlie, CA PAlice • “This public key PAlice really belongs to Alice. Signed by Charlie, Certification Authority” • Certificates can be public! • Who’s Charlie?!? SAlice • Public Key • Secret Key Gene Itkis: BU CAS 591(458) - Network Security
Public Key Infrastructures (PKI) • Root CA public key • Obtained out-of-band • Certifies other Public Keys (of CAs, or users) • Certification Chains • Grain of salt: so, you have a certificate… • To be continued… Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Verify(M, SigM, …) Signatures = (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Authentication: “private” Message Authentication Code (MAC) Sign(M, SAlice )=Hash(M, SAlice ) SAlice Verify(M, SigM, SAlice ) : Check SigM= Sign(M, SAlice ) MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify) Gene Itkis: BU CAS 591(458) - Network Security
Hashing Hash y x1 Crypto Hash: collisions may exist, but arehard to find • Given y hard to find x, s.t. Hash(x)=y Used for: • Symmetric signatures • “Fingerprint” for Public Key signatures collision x2 Gene Itkis: BU CAS 591(458) - Network Security
Alice Bob Another setting Gene Itkis: BU CAS 591(458) - Network Security
Details and constructions Gene Itkis: BU CAS 591(458) - Network Security
Outline • Block vs. Stream ciphers • Symmetrical vs. Asymmetrical (public key) • Tool: Pseudo-Random Number Generators • Complexity (what is hard?) • Public Key Crypto • Diffie-Hellman • Rabin’s encryption • RSA Gene Itkis: BU CAS 591(458) - Network Security
Block vs. Stream Ciphers Cipher= Encoder; or Encryption/Decryption scheme Streamcipher encodes/decodes char by char Blockcipher encodes/decodes block by block Stream cipher ~ Block cipher with block size of 1 char (+state) Chaining (Modes of Operation) – • make block encryption depend on the past blocks • “make block ciphers more like stream ciphers” Gene Itkis: BU CAS 591(458) - Network Security
Symmetric & Asymmetric schemes • Symmetric: • decryption as easy as encryption(and vice versa) i.e. if you can encrypt then you can decrypt (and vice versa) (DES, AES/Rijndael are symmetric block ciphers) • Asymmetric: • may not be able to decrypt even if can encrypt (and vice versa) e.g. RSA Gene Itkis: BU CAS 591(458) - Network Security
Symmetric cipher - example Caesar's cipher • the letters of the alphabet are shifted (*) e.g. “a” is replaced with “b”, “b” with “c”, etc. so msg “attack at midnight” is encrypted as “buubdl bu njeojhiu” (*)the shift can be by one (as in our example) or more encryption and decryption are equally easy (too easy, in fact) Gene Itkis: BU CAS 591(458) - Network Security
One-time pad For each character of the future msg indicate the shift: pad(key) msg (plaintext) ciphertext (encrypted msg) Gene Itkis: BU CAS 591(458) - Network Security
One-time random pad (cont.) • Symmetric • Pad is selected at random • Perfectly secure, but... • One time only so sending the pad is just as hard as sending the msg Gene Itkis: BU CAS 591(458) - Network Security
PRBS (long) 1010010110.... 01101 seed (short) Pseudo-random pad Pseudo-random bit string (PRBS) generator: PRBS= Hard to guess a bit (after seeing many others) Gene Itkis: BU CAS 591(458) - Network Security
Complexity: what is “hard”? measure hardness in terms of size of input easy = polynomial; hard = exponential • Easy problems: • Finding max of n numbers - O(n) • Sortingn elements - O(n lg n) • Hard problems: • Factoring N=pq (n bits long) - current best (?) Gene Itkis: BU CAS 591(458) - Network Security
Other hard problems Let N=pq, where p,q are large primes • Square root mod N • given x,N find y= modN, i.e. y2=xmodN (equivalent to factoring N) • Discrete log • given b,N and x, find y = How hard are these problems really? • One-way functions: easy to compute hard to invert • Trap-door: a secret making inverting a owf easy Gene Itkis: BU CAS 591(458) - Network Security
Public-Key Crypto • Key exchange -Diffie-Hellman • PK Encryption -Rabin, RSA • e-Signatures -Rabin, RSA;ElGamal (a la DH); DSA; Fiat-Shamir Gene Itkis: BU CAS 591(458) - Network Security
Diffie-Hellman: key exchange p, g Bob Alice a b mb gbmod p ma gamod p ma mb mabmod p mbamod p = gabmod p = shared secret key! Gene Itkis: BU CAS 591(458) - Network Security
Rabin’s scheme • to encrypt msg m simply square it mod N • if p,q (such that pq=N) are known, then decryption (finding m given x) is easy (using Chinese Reminder Theorem) mod N ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security
RSA Let N=pq, and find e,d such that • Encryption: • Decryption: ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security
Public Key Cryptography • Encryption and Decryption are different • i.e. use different keys (asymmetric): • RSA • Public: N,e(needed to encrypt) • Private: d(needed to decrypt, can be computed from p,q) • Rabin’s • Public: N • Private: p,q Gene Itkis: BU CAS 591(458) - Network Security
Identification, Authentication, Signature schemes • Signatures=SI(m) of a msg m • only I can sign, i.e. computes, fromIandm • given s,I, and m,everyone can verify that s=SI(m) • Message Authentication • like Signature, but only the receiver of the msg is required to be able to verify it • Identification • only I can prove that he is I Gene Itkis: BU CAS 591(458) - Network Security
Identification, Authentication, Signature schemes (cont.) • Signaturecan be used for Authentication • Signature and Authentication can be used for Identification • useinteraction: • two players • Prover P - e.g. user, who wants to prove that he is I • Verifier V - e.g. wants to verify that Pis reallyI Gene Itkis: BU CAS 591(458) - Network Security
Identification (cont.) • must consider all the scenarios: • both P and V are honest • both P and V are dishonest • V is honest but P is dishonest • Pis honest, but V is dishonest note: an eavesdropper (observer) should learn little from witnessing the P-V dialog • usual password scheme - bad! Gene Itkis: BU CAS 591(458) - Network Security
Fiat-Shamir Identification scheme(simplified) LetN=pq, wherep,qare large primes; usingp,q,computes, suchthats2 I = 1 (mod N) public (P,V have): N(and I) private (only I has): s also, production center has p,q Gene Itkis: BU CAS 591(458) - Network Security
Fiat-Shamir (cont.) P (user) V (e.g., system) N,I, s N pick random r; set x=r2 mod N I,x query= 0 1 check: r2=x mod N (rs)2I=x mod N r rs modN Gene Itkis: BU CAS 591(458) - Network Security
Fiat-Shamir (cont.) • Proof (of P knowing s) • after k rounds the probability of mistake (i.e. P cheating without being caught) is (1/2)k • Zero-Knowledge • if query is known in advance: • for query=0, select r, and x=r2 mod N • for query=1, select z, and x=z2I mod N (z “pretends” to be rs mod N) Gene Itkis: BU CAS 591(458) - Network Security
Security of Fiat-Shamir Relies on • hardness of factoring: • an algorithm “cracking” Fiat-Shamir yields an algorithm for factoring N • randomness: • of r for Zero-Knowledge • of query - to prevent P from cheating Gene Itkis: BU CAS 591(458) - Network Security
Identification and Signatures • Identification scheme can be turned into Signature: • Replace Verifier with a hash function Gene Itkis: BU CAS 591(458) - Network Security