250 likes | 386 Views
Network Security. Chapter 8. Cryptography. Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Authentication: verifying identity of the remote participant
E N D
Network Security Chapter 8
Cryptography • Cryptography functions • Secret key (e.g., DES) • Public key (e.g., RSA) • Message digest (e.g., MD5) • Security services • Privacy: preventing unauthorized release of information • Authentication: verifying identity of the remote participant • Integrity: making sure message has not been altered
plain text Initial Permutation Round 1 Round 2 56bit Key . . . plaintext plaintext Encrypt w/ Decrypt w/ Secret Key Secret Key Round 16 ciphertext Final Permutation Encryption Algorithms Private Key (DES) • 64-bit key (56-bits + 8-bit parity) • 16 rounds
block block block block 1 2 3 4 + + + + IV DES DES DES DES cipher cipher cipher cipher 1 2 3 4 L R i -1 i 1 K F i + • Each round • Function F and generation of Ki for each round not shown • Repeat for larger messages L R i i
Multiplicative inverse for public key • With n=7 • 4*2 mod 7 = 1 • 4 and 2 are multiplicative inverses mod 7 • 4*3 mod 7 = 12 mod 7 = 5 • 2*5 mod 7 = 10 mod 7 = 3 • If you multiply any number by 4, take the result and multiply it by 2, you will get the original number back
Encryption & Decryption • c = me mod n • m = cd mod n plaintext plaintext Encrypt w/ Decrypt w/ Public Key Private Key ciphertext
Public Key (RSA) • Based on multiplicative group operations • Generate a public and private key • choose two large prime numbers p and q (each 256 bits) • multiply p and q together to get n (at most 512 bits) • choose the encryption key e, such that e and (p-1) x (q-1) are relatively prime • two numbers are relatively prime if they have no common factor greater than one. • compute decryption key d such that d = e-1 mod((p-1)*(q-1)) • construct public key as <e, n> • construct private key as <d, n> • discard (do not disclose) original primes p and q
Example • p=5, q=11, n=p*q=55, m=message=9, • (p-1)(q-1)=40, e=23 and (p-1)*(q-1) are relatively prime • We want d*e=1mod 40, d*23=1mod40 • You can try all values less than 40 • 23*2=46=6mod40, 23*3=69=29mod40, 23*4=92=12mod40, 23*5=115=35mod40, 23*6=138=18mod40 • 23*7=161=1mod40, d=7 • For a message m=9 • c=memodn=923mod55 How big is this? • = 910mod55*913mod55= 1*14 mod 55 • m=cdmodn=147mod55=105413504mod55=9
Breaking RSA • 1977 challenge to break 430-bit message • Estimated 40 Quadrillion years to factor large composites • April 1994 broken with 5000 MIP-years of CPU • Breakage can be easier if something is known about the key generation (time of day)
Message Digest • Cryptographic checksum: • just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.
One-way function: • given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.
Relevance: • if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.
Speed 175MHz DEC Alpha Custom Hardware Sonicwall claims 54Mbps DES3 in hardware ssl.com advertises 75Mbps DES today Md5 1.27Gbps SHA 1.02Gbps RSA 400 keys/second
Authentication Protocols CHK, SHK are keys known by both sides • Three-way handshake When this message is received by the server, the identity of the client is not known Client Server At this point the client knows the identity of the server since it decrypted x ClientID, E(x,CHK) E(x+1, SHK), E(y,SHK) E(y+1,CHK) At this point the server knows the client because it was able to decrypt y E(SK, SHK) A new session key is exchanged so CHK and SHK aren’t as vulnerable to attacks
Three Way Handshake • Assumes both sides know CHK and SHK • This could correspond to a password • We still need a way to distribute keys assuming the client and server share no keys
Kerberos B A Asks S for a key to communicate with B S shares KA with A, but B does not know KA, A does not know KB S A • Trusted third party (Kerberos) A, B A proves it knows the encryption key K E((T,L,K,B),KA), E((T,L,K,A),KB) Forwarded from S E((A,T),K), E((T,L,K,A),KB) S responds encoding the session key K and timestamp T and length of time to expire L A can’t decrypt the second message E(T+1,K) B Proves it was able to decrypt message from S
Kerberos • K is used like a DES session Key • Key exchange depends on a trusted 3rd party
Public key authentication A B E(x, Public ) B x
Message Integrity Protocols • Digital signature using RSA • special case of a message integrity where the code can only have been generated by one participant • compute signature with private key and verify with public key
Making Signatures • Compute checksum of signed document • Encrypt checksum, time and date, and other information using private key • Attach digital signature to end of document • Optionally, encrypt signed document with receiver’s public key
Checking Signatures • Decrypt signed document, if necessary, using private key • Decrypt digital signature using public key • Verify checksum for document • Display the time and date of the document
Keyed MD5 Old Version • sender m + MD5(m + k) + E(k, private) • receiver • recovers random key using the sender's public key • applies MD5 to the concatenation of this random key message • compares result with checksum sent with message • Man-in-the middle can intercept, change message, and the receiver wont know
What about this? • Sender • m + MD5(m + k) + E(k, r-public) • receiver • recovers random key using the receivers private key • applies MD5 to the concatenation of this random key message • compares result with checksum sent with message • Man-in-the middle can make up a new key and send it using the receivers public key
Keyed MD5 • Sender • m + MD5(m + k) + E(E(k, r-public), s-private) • receiver • recovers random key using the sender's public key and receivers private key • applies MD5 to the concatenation of this random key message • compares result with checksum sent with message • Man-in-the middle can not intercept k because it is encrypted with the public key of the receiver
MD5 with RSA signature • Sender m + E(MD5(m), s-private) • receiver • recovers MD5 using the sender's public key • applies MD5 to the message • compares result with checksum sent with message • Man-in-the middle can not generate an encrypted MD5, but it does expose RSA to a known encrypted value