210 likes | 226 Views
Dive into the world of network security with a focus on cryptography, encryption, digital signatures, and authentication methods. Understand the key principles and algorithms in securing modern communication networks.
E N D
CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction) Chi-Cheng Lin, Winona State University
Network Security • Secrecy • Keeping information out of the hands of unauthorized users • Nonrepudiation • Signature (sender cannot deny and receiver cannot concoct) • Authentication • Determining whom you are talking to before further actions • Integrity control • How can it be sure that a message received was really the one sent (not modified by intruders)
Cryptography • Cryptology = cryptography + cryptanalysis • Cryptography: devising ciphers • Crytoanalysis: breaking ciphers • Encryption and decryption • C = Ek(P) P = Dk(C) Dk(Ek(P)) = P where P: plain text C: cipher K: key E and D are two-parameter functions
Encryption Model The encryption model (for a symmetric-key cipher).
Cryptography • Kerckhoff’s Principle • All algorithms must be public; only the keys are secret • Key • Secret and easily changed • Length is an issue • The longer the key, the higher the cyrptanalysis work factor
Cryptography • Secrecy = strong but public algorithm + long key • Analogy: combination lock • Two types of cryptography • Symmetric-key cryptography • Public-key cryptography
Symmetric-Key Cryptography • Secret keys • Used for both encryption and decryption • Decryption key is the same as or can be easily derived from encryption key • Problem: Must be distributed • Examples • DES (Data Encryption Standard) • AES (Advanced Encryption Standard)
Public-Key Cryptography • Use two different keys • Public key • Private key • Public key • Used by entire world to encrypt messages to be sent to that user • Private key • Needed by user to decrypt messages • Decryption key could not (or is hard to) be derived from encryption
Public-Key Cryptography • Requirements • D(E(P)) = P • It's exceedingly difficult to deduce D from E • E cannot be broken by a chosen plaintext attack
Public-Key Cryptography - Method • A wants to receive secret messages • 2 algorithms are devised meeting requirements • Encryption algorithm and key, EA, are made public • Decryption algorithm is published but decryption key, DA, is secret • B wants to send secret message, P, to A • EA(P) is computed by B and then sent to A • DA(EA(P)) = P is performed by A
Public-Key Cryptography - RSA Algorithm • Named after Rivest, Shamir, and Adleman, 2002 Turing Award winners (http://www.acm.org/awards/turing_citations/rivest-shamir-adleman.html) • Based on number theory • Method • Choose two large primes, p and q • Compute n = p • q and z = (p - 1)(q - 1) • Choose a number, d, relatively prime to z • Find an e such that (e • d) mod z = 1
Public-Key Cryptography - RSA Algorithm • Encryption • Divide plaintext (bit string) into blocks • Each P [0,n) (blocks of k bits, 2k < n) • C = P e mod n • Decryption • P = C d mod n • Public key: (e, n) • Private key: (d, n)
RSA Algorithm - Example Let p = 3, q = 11 n = 33, z = 20 Choose d = 7 e = 3 Public key = (e, n) = (3,33) Private key = (d, n) = (7,33)
RSA Algorithm • As n and e are known, we could compute z and by factoring n, and d can then be computed … • Why does RSA work? • A large number is very difficult to factor • E.g., factoring a 500-digit number: 1025 years • If p and q chosen ~ 2512 then n ~ 21024 Each block could be up to 1024 bits (128 8-bit characters)
Digital Signatures • Secret-key signatures Big Brother A’s “signature” A’s ID BB’s “signature” Random number generated by A, guard against “instant replay” Timestamp, guard against “very old message replay” KA: A’s secret key KB: B’s secret key
Digital Signatures • Public-key signatures + secrecy
Public-Key Signatures Criticisms of DSS: • Too secret • Too slow • Too new • Too insecure
Digital Signatures • Authentication without secrecy • Message digests (MD) • Based on one-way hash function • Given P, it’s easy to compute MD(P) • Given MD(P), it’s effectively impossible to find P • Given P no one can find P’ s.t. MD(P’) = MD(P) • A change to the input of even 1 bit produces a very different output
Digital Signatures • Public-key and MD Ensure P’s integrity, but not secrecy
Authentication • Secret-key authentication Random number generated by A, serve as a “challenge” Secret key shared by A and B Random number generated by B
Authentication • Public-key authentication Proposed session key