1 / 30

Topic 7: Network Security

Topic 7: Network Security. 15. Lecture. Lecture’s outline. Security Mechanisms Encryption – addresses privacy issues Symmetric key and public key cryptography Digital Signatures – addresses integrity / authentication and non-repudiation issues. Security Requirements. Encryption.

remedios-willis
Download Presentation

Topic 7: Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Topic 7: Network Security 15 Lecture

  2. Lecture’s outline • Security Mechanisms • Encryption –addresses privacy issues • Symmetric key and public key cryptography • Digital Signatures –addresses integrity/ • authentication and non-repudiation issues

  3. Security Requirements

  4. Encryption

  5. What is Encryption

  6. Secret Key Encryption • Also known as symmetric encryption algorithms • Public algorithms (usually) that are each other’s inverse • Disadvantage: Communicating pairs have to share keys • Advantage: Relatively quick

  7. Example of Secret Key Encryption • Caeser’s Cipher

  8. Public Key Encryption • The key to encrypt is different from key that decrypts

  9. Public Key Encryption Algorithm K (K (m)) = m B B - + 1 2 Requirements: need K ( ) and K ( ) such that . . + - B B + given public key K , it should be impossible to compute private key K B - B RSA:Rivest, Shamir, Adelson algorithm

  10. Prerequisite: Modular Arithmetic • x mod n = remainder of x when divide by n • Facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n • Thus (a mod n)d mod n = ad mod n • Example: x=14, n=10, d=2:(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6

  11. RSA: Getting Ready • A message is a bit pattern. • A bit pattern can be uniquely represented by an integer number. • Thus encrypting a message is equivalent to encrypting a number. Example • m= 10010001 . This message is uniquely represented by the decimal number 145. • To encrypt m, we encrypt the corresponding number, which gives a new number (the cyphertext).

  12. RSA: Creating private/public key + - K K B B 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (withe<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5.Public key is (n,e).Private key is (n,d).

  13. RSA: Encryption, Decryption 1. To encrypt message m (<n), compute d e c = m mod n m = c mod n d e m = (m mod n) mod n 0. Given (n,e) and (n,d) as computed above 2. To decrypt received bit pattern, c, compute Magic happens! c

  14. RSA Example d e m = c mod n c = m mod n d c Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). Encrypting 8-bit messages. e m m bit pattern encrypt: 0000l000 17 24832 12 c decrypt: 17 12 481968572106750915091411825223071697

  15. Why does RSA work? • Must show that cd mod n = m where c = me mod n • Fact: for any x and y: xy mod n = x(y mod z) mod n • where n= pq and z = (p-1)(q-1) • Thus, cd mod n = (me mod n)d mod n = med mod n = m(ed mod z) mod n = m1 mod n = m

  16. RSA: Another Important Property K (K (m)) = m - B B + K (K (m)) - + = B B The following property will be very useful later: use private key first, followed by public key use public key first, followed by private key Result is the same!

  17. RSA: Another Important Property K (K (m)) = m - B B + K (K (m)) - + = B B Why ? Follows directly from modular arithmetic: (me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n

  18. Why RSA is secure? • Suppose you know Bob’s public key (n, e). How hard is it to determine d? • Essentially need to find factors of n without knowing the two factors p and q. • Fact: factoring a big number is hard. Generating RSA keys • Have to find big primes p and q • Approach: make good guess then apply testing rules (see Kaufman)

  19. Hybrid Asymmetric/Symmetric

  20. Digital Signature • Can’t we simply use checksums/ CRC/ Parity Checks?

  21. Signing the whole document

  22. Signing the digest • A hash function maps a message of an arbitrary length to a m-bit output • output known as the fingerprint or the message digest • Most common hash functions are MD5 and SHA-1

  23. Signing the digest H: Hash function H: Hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ?

  24. Suppose Alice receives msg m, digital signature KB(m) Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m. If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. Digital Signature (more) - + - - + - + -

  25. Non-Crypto Hash (1) • Data X = (X0,X1,X2,…,Xn-1), each Xi is a byte • Suppose hash is • h(X) =X0+X1+X2+…+Xn-1 • Is this secure? • Example: X = (10101010,00001111) • Hash is 10111001 • But so is hash of Y = (00001111,10101010) • Easy to find collisions, so notsecure… Hash Functions 25

  26. Non-Crypto Hash (2) • Data X = (X0,X1,X2,…,Xn-1) • Suppose hash is • h(X) = nX0+(n-1)X1+(n-2)X2+…+1Xn-1 • Is this hash secure? At least h(10101010,00001111)h(00001111,10101010) • But hash of (00000001,00001111) is same as hash of (00000000,00010001) • Not too secure, need security requirements Hash Functions 26

  27. Security requirements for Cryptographic hash function Given a function h:X Y, then we say that h is: • preimage resistant (one-way): if given y Y it is computationally infeasible to find a value x X such thath(x) = y • 2-nd preimage resistant (weak collision resistant): if given x  X it is computationally infeasible to find a value x’  X, such thatx’x and h(x’) = h(x) • collision resistant (strong collision resistant): if it is computationally infeasible to find two distinct values x’, x  X, such thath(x’) = h(x) Fall 2011/Topic 5

  28. Well known hash functions • MD5 • output 128 bits • collision resistance completely broken by researchers in China in 2004 • SHA1 • output 160 bits • no collision found yet, but method exist to find collisions in less than 2^80 • considered insecure for collision resistance • SHA2 (SHA-224, SHA-256, SHA-384, SHA-512) • outputs 224, 256, 384, and 512 bits, respectively • No real security concerns yet Fall 2011/Topic 5

  29. Markle-Damgard construction for hash functions • Message is divided into fixed-size blocks and padded • Uses a compression function f, which takes a chaining variable (of size of hash output) and a message block, and outputs the next chaining variable • Final chaining variable is the hash value Fall 2011/Topic 5

  30. ? Questions/ Confusions? ? ?

More Related