160 likes | 273 Views
Security: Cryptography. I206 Spring 2012 John Chuang. Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig. Eavesdropping passwords, credit card numbers, etc. Tampering of data Birthday attack Impersonation Replay attack
E N D
Security: Cryptography I206 Spring 2012 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig
Eavesdropping passwords, credit card numbers, etc. Tampering of data Birthday attack Impersonation Replay attack Man-in-the-middle attack (e.g., IP address spoofing) Phishing attack Unauthorized access System vulnerabilities Social engineering (e.g., bribe, black-mail) Password guessing (e.g., dictionary attack) Denial-of-Service attack Spam Trojan horses, viruses, worms … Attacks • Wide ranging scope • Some common attacks: John Chuang
Security Properties “CIA” and “AAA” • Confidentiality • Prevents eavesdropping • Integrity • Prevents modification of data • Authentication • Proves your identity to another party; prevents impersonation • Accountability (non-repudiation) • Enables failure analysis; serves as deterrent • Authorization • Prevents misuse • Availability • Safeguards against denial-of-service John Chuang
Cryptography • Cryptographic primitives: • Encryption • Symmetric-key (e.g., DES, AES) • Asymmetric-key (e.g., RSA) • Cryptographic hash (message digest) • e.g., MD5, SHA-1 • Digital signature • e.g., PKCS John Chuang
The Principals • Alice • Bob • Carol • …and… • Eve (eavesdropper -- passive attacker) • Mallory (active attacker -- can intercept, modify, and forward messages) • Trent/Trudy (trusted 3rd party) John Chuang
Eve’s Story http://xkcd.com/177/ John Chuang
Encryption encryption decryption ciphertext plaintext plaintext • Encryption/decryption algorithms are published • Encryption/decryption keys are kept secret • Symmetric cryptography • e-key = d-key • Principals need to share the symmetric key, and keep it secret • Asymmetric (public-key) cryptography • e-key != d-key • One key made public; the other kept private e-key d-key John Chuang
Symmetric Cryptography • Many schemes are available: DES, 3DES, AES, RC4, IDEA, … • In general, the strength of an encryption scheme is a function of the key length (because of exhaustive key search) • Moving target as hardware capabilities improve over time • DES (data encryption standard, 1975) uses 56 bit key length; became vulnerable to exhaustive key search • Replaced in 2002 by AES (advanced encryption standard, 1998) which uses key lengths of 128, 192, or 256 bits John Chuang
document D document D encryption decryption private key public key document D document D encryption decryption public key private key Asymmetric Cryptography • Each principal has public key K and private key K-1 • K-1 is kept secret, and cannot be deduced from K • K is made available to all • Encryption and decryption with K and K-1 are commutative: {{D}K-1}K = {{D}K}K-1 = D • Challenge: how to choose K and K-1? John Chuang
RSA • Algorithm by Rivest, Shamir, Adleman (1977) for generating K and K-1 based on the fact that factoring is hard • RSA key generation: • Choose n, e, d such that: • n=p*q where p and q are two large and distinct prime numbers • e*d = k(p-1)(q-1)+1 where k is a positive integer • Public key: {n,e}; Private key: {n,d} • RSA key lengths 1024 bits or 2048 bits (256 or 512 bits no longer secure) • n and e are published; p, q, and d are kept private • Given document D: • encryption: ciphertext = c = D e (mod n) • decryption: plaintext = D = c d (mod n) John Chuang
Performance • Asymmetric cryptography 3-5 orders of magnitude slower than symmetric cryptography • Use asymmetric cryptography to exchange symmetric key; data encrypted using symmetric cryptography: A B: {KAB}KB, {D}KAB • Asymmetric cryptography has other important uses as well … John Chuang
Authentication • Based on one or more of the following: • Something you are (e.g., fingerprint, pattern on iris, DNA sample) • Something you know (e.g., password, PIN, mother’s maiden name) • Something you have (e.g., ATM card, Driver’s License, private key K-1) John Chuang
Document D Document D encryption decryption private key public key Digital Signature (Version 0.1) • Alice signs document by encrypting it with her own private key A B: {D}KA-1 • Bob verifies the signature by decrypting it using A’s public key, i.e., compute D = {{D}KA-1 }KA • Two outcomes: • digital signature provides integrity and accountability (non-repudiation) • Alice is authenticated to Bob. (How?) • There is another problem -- performance John Chuang
Cryptographic Hash/ Message Digest • Hash function maps arbitrary length message D to fixed length digest H(D) • MD5 (128 bit digest) and SHA-1 (160 bit digest) are commonly used • One-way function: given H(D), can't find D • Collision-free: infeasible for attacker to generate D and D' such that H(D) = H(D’) John Chuang
Receiver: Bob Sender: Alice D D compute digest signature signature compute digest verify compute signature signature Alice's Public Key Alice's Private Key Digital Signature (Version 1.0) • A B: D, {H(D)}KA-1 • Bob: • Computes hash of message, H(D) • “Decrypts” signature: {{H(D)}KA-1 }KA • Verifies H(D) = {{H(D)}KA-1 }KA John Chuang
Summary • So, what have we achieved with digital signatures? • Authentication • Integrity • Non-repudiation (accountability) • Can combine with encryption to provide: • Confidentiality John Chuang