Mid-term Review

1. Mid-term Review Network Security

2. Secure channel • SSL (and many others:incl. IPSEC) • Shared key establishing • Trusted party (Kerberos, etc. - to be covered) • Public key methods Gene Itkis: CS558 Network Security

3. Diffie-Hellman RSA N=pq; ed  1 (mod (N)) Public:e,N;Private:d,N Encrypt(m): cmemodN Decrypt(c): mcdmodN Sign(m): smdmodN Verify(s,m): sem (modN) Public Key techniques p, g Alice Bob a b magamod p mbgbmod p ma mb mbamod p =gabmod p= mabmod p ? shared secret key! • Discrete log: • Given y,p,b • Find x: bxmod p = y • Factoring: • Given N=pq • Find p,q Gene Itkis: CS558 Network Security

4. Discrete log based schemes • DH, DSS (El-Gamal); • Elliptic Curves Cryptography (ECC) • Why modulus (p) is so large? • Big-step/Little-step attack • Pohlig-Hellman attack: • Beware of primes p with only small factors φ(p) • Safe primes: p=2q+1 for some prime q Gene Itkis: CS558 Network Security

5. Factoring based • RSA • Square Roots (=factoring) • Rabin (Encryption,Signature) • Fiat-Shamir (ID scheme, Signature) Gene Itkis: CS558 Network Security

6. World mod N • How many objects?|Z*N|= (N); for all z Z*N, z (N) mod N=1 • If N=pq, then (N)= (p-1)(q-1)[If N=p, then (N)= p-1] • Blum integers: N=pq, pq3 (mod 4) • Thenx(p+1)/4mod p= y; y2x(p+1)/2x(p-1)/2 x±x mod p Gene Itkis: CS558 Network Security

7. Chinese Remainder Theorem (CRT) • Given y2=x mod p; z2=x mod q; N=pq;Find s: s2=x mod N • More generally:Given a,A, b,B;Find x: x=a mod A, x=b mod B • Let u, v be s.t. uA=1 mod B, vB=1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a; x mod B = uAb+vBa = uAb = b ] • How to find u,v? Gene Itkis: CS558 Network Security

8. Extended GCD & Inverses • Euclid’s GCD algorithm(greatest common divisor):gcd(a,b) = gcd(b, a mod b) =…= c • Extended GCD gives in addition x,y: ax+by=c • If gcd(a,b)=1: ax(mod b) =1 • i.e., x=a–1 in Z*b Gene Itkis: CS558 Network Security

9. Summary RSA & Rabin • RSA • Given p,q; Can compute (N), for N=pq; • With Extended GCD, can compute e, d = 1/e mod(N); [ gcd(e, (N)) must be 1 ] • Rabin • Using Blum integers can compute SQRT mod p,q • Using CRT can combine them to SQRT mod N Gene Itkis: CS558 Network Security

10. Efficiency for all • Exponentiation: Repetitive Squaring • bA mod N takes 1.5 lg A long multiplications • Cost of multiplication • quadratic in length • Optimization: mod N  mod p + mod q +CRT • Watch out! Gene Itkis: CS558 Network Security

11. Attacks on factoring • (N), N=> factoring (quadratic equation) • Trick: • obtain x, s.t. x=0 mod p, x0 mod q • gcd(x, N)=p • SQRTmodN => Factoring • vy2mod N; zSQRTmodN(v) • If z  ±y, then x  y-z • Computing mod p + mod q + CRT • Random error mod p (or mod q) => factoring Gene Itkis: CS558 Network Security

12. Key Establishing • Diffie-Hellman or RSA • Watch out for man-in-the-middle attack!!! • Authentication (signatures) • PKI • Remember AKE: authenticated key establishment • Beyond AKE • Ciphers • MACs Gene Itkis: CS558 Network Security

13. Ciphers • Block ciphers • DES, AES, 3DES, … • Modes of operation: EDE, OFB, CBC, … • Stream ciphers • Pseudo-random pad Gene Itkis: CS558 Network Security

14. Later in the course • Crypto • Hashing • MD5, SHA • MAC • Systems • PKI • Kerberos - key distribution (symmetric crypto) • IPSec - security on another level • Firewalls, IDS, etc. Gene Itkis: CS558 Network Security