650 likes | 786 Views
CENG 410: Computer and Network Security. Fall 2010-2011. Lecture X and X+1. SSL and Network Security. Cryptography… cont’d. Symmetric Key cryptography - Disadvantages. Sender and receiver have to select a key together in secret. They have to: Keep it secret
E N D
CENG 410: Computer and Network Security Fall 2010-2011 Lecture X and X+1 SSL and Network Security
Symmetric Key cryptography - Disadvantages • Sender and receiver have to select a key together in secret. They have to: • Keep it secret • Keep it available for use when needed • Exchange it… as clear test • If key to be changed, they need to select a new key together. • Every pair of people communicating over a network needs their own secret key
Public Key cryptography • In public key cryptography, we have two keys • one key encrypts • the other key decrypts • It is not feasible to calculate one key given only the other • we can publish the encryption key (public key) and keep the decryption key (private key) secret • Anyone can use the public key to send a message • Only the holder of the secret key can recover it Developed in 1975 by (Merkle, Diffie, Hellman, Rivest, Shamir, Adelman)* * http://www.livinginternet.com/i/is_crypt_pkc_inv.htm
Public Key cryptography • Encryption keys are • Public key • Private key • Rules: • What is encrypted with the public key can only be decrypted with the private key. • What is encrypted with the private key can only be decrypted with the public key.
Using public key Two terms to learn • Confidentiality • A, willing to communicate confidentially with B, can encrypt a message using B’s publicly available key. Such a communication would only be decrypted by B as only B have access to the corresponding private key. Comments • Only B can have access to the information. Only B holds the private key. • A man in the middle can capture the encrypted message, but cannot, in a reasonable amount of time, know its contents
Confidentiality • B cannot guarantee that the sender is A. • A man in the middle can encrypt a message using • B public key • and send it to B
Using public key • Authentication • A, willing to send an authenticated message to B, can encrypt the message with A’s own private key. Since this message would only be decrypted with A’s public key, that would establish the authenticity of the message —meaning that A was indeed the source of the message. Comments • Message encrypted with the Public Key, can only be decrypted with the private key. • A cannot guarantee that no one but B will see the message. A man in the middle can intercept the message and read its contents. However, he cannot send a message pretending he is A. • B can guarantee that A is the sender
Authentication • A cannot protect its information • A man in the Middle can intercept the message and decrypt with A’s public key Digital signature
Achieving both confidentiality and authentication • A man in the middle that captures a copy of the message cannot Decrypt (does not have PRB) • A man in the middle cannot fake such a message (does not have PRB) • A man in the middle can, however, replay the message C1 = E(PRA , M) C=E(PUB, E(PRA , M)) Retrieve C1 Retrieve M
Key Generation Notions and revision • Two integers m and n are coprimes if and only if gcd(m, n) = 1 • 5 and 9 are co-primes also called relatively prime • 5 and 5 are not • 1 is coprime to every integer • For a given positive integer n, (n) (totient of n – Euler function) is the number of positive integers less than or equal to n that are coprime to n • (9) = 6 (1, 9) (2, 9) (4, 9) (5, 9) (7, 9) (8, 9) • (P) = P-1 if P is prime (obvious – we exclude P) • If (x) = y ab mod x = ab mod y mod x • This formula eases calculation in determining ab since ab >>> then ab mod y
Key Generation • Multiplicative inverse • The multiplicative inverse of 9, modulo 31, is 7 Verification: 9 * 7 = 63 1 (mod 31) • How to find multiplicative inverse The multiplicative inverse of a modulo b is x solution to ax + by = 1 • Euclid extended algorithm to find xi and yi such that ai = axi + byi a0= a = 9 = a*1 + 31*0 a1= b = 31 = a*0 + 31*1 9/31 = 0 a0 a1 a2= a0 mod a1 = 9 = (a*1 + 31*0) – 0(a*0 + 31*1) = a*1 + 31*0 a1 a2 a3= a1 mod a2 = 4 = (a*0 + 31*1) – 3(a*1 + 31*0) = a*(-3) + 31*1 a2 a3 a4= a2 mod a3 = 1 = (a*1 + 31*0) – 2(a*(-3) + 31*1) = a*7 + 31*(-2)
Finding Multiplicative Inverse a0 = e , x0 = 1, y0= 0, a1 = (n) , x1= 0, y1= 1, i=2; While (ai-2mod ai-1!=1) K=Floor(ai-2/ai-1) ai= ai-2mod ai-1 xi= xi-2 - K*xi-1 yi= yi-2 - K* yi-1 i=i+1 end K=Floor(ai-2/ai-1) xi = xi-2 - K* xi-1 d = xi • A: the number I want to find the multiplicative inverse of • M = The modulo set • i : iteration variable • MI: Multiplicative inverse • ai = axi + byi
Example: Finding Multiplicative Inverse a0 = e , x0 = 1, y0= 0, a1 = (n) , x1= 0, y1= 1, i=2; While (ai-2mod ai-1!=1) K=Floor(ai-2/ai-1) ai= ai-2mod ai-1 xi= xi-2 - K*xi-1 yi= yi-2 - K* yi-1 i=i+1 end K=Floor(ai-2/ai-1) xi = xi-2 - K* xi-1 d = xi • Find again MI of 9 mod 31 • Initialization a0 = 9 , x0 = 1, y0 = 0, a1 = 31, x1 = 0, y1 = 1, i=2; • Test condition (9 mod 31 !=1 ), enter loop • K = floor(9/31) = 0 • a2 = 9 mod 31 = 9 • x2 = 1 – 0*0 = 1 • y2 = 0 – 0*1 = 0 • i= 3 • 31 mod 9 = 4!=0 • K = floor (31/9) = 3 • a3 = 31 mod 9 =4 • x3 = 0 – 3*1 = -3 • y3 = 1 – 3*0 = 1 • i=4 • 9 mod 4 =1 STOP • K = floor(9/4) = 2 • x4 = 1 – 2 *(-3) = 7 • MI = 7 // this is the Multiplicative inverse
Key Generation The procedure for key generation is as follow: • Generate two different primes p and q • Calculate n = p*q • Calculate the totient (n) = (p-1)(q-1) • Select integer e 1 < e < (n), gcd ((n), e) = 1 • Calculate d the multiplicative inverse of e mod (n) Public Key = [e, n] Private key = [d, n] (n) is hard to compute since we need to count all numbers that are relatively prime to n that are less than n. To determine if a number is relatively prime or not is very hard and computationally intensive. Thus mod (n) is unknown and d is still unknown The challenge here is to determine p and q. Although we have n it is VERY hard to determine p and q and thus we cannot determine (n) easily
Example • PU = 7, 187 e = 7, n =187 • PR = 23, 187 d = 23, n =187 • Given plain text = 88 • Ciphertext • Plaintext
Key Generation utilities - LINUX Many utilities are available under Linux (Ubuntu) for ciphering • We will use: rsa: this is a key processing tool rsautl: rsa utility genrsa: generate and RSA private key • Reading the help is always helpful! • All these commands are used with openssl”a command line tool”. We will demo the encryption / decryption with RSA. Advanced testing will be given as homework.
Real keys – GENRSA • First we will generate a private key opensslgenrsa –out rsa.private Destination file
Real keys – RSA • Second we will find the public key corresponding to the private key opensslrsa –in rsa.private –pubout –out rsa.public Input file – Private key Output file – Public key
RSA – RSAUTL – Encryption • Third: Now that we have the two keys. Let’s encrypt a message • Encrypt with private key • Decrypt with public key We have a file named message containing the phrase Hello this is RSA testing for LIU Students The output of the encrypted message will be sent to the file me Opensslrsautl –in message –out me –inkeyrsa.public –pubin -encrypt Output Input message The used key is public. By default it is private Encryption Used key
RSA – RSAUTL – Decryption • Fourth: Now we will decrypt the message to retrieve the original one We have a file named me containing the encrypted message The output of the decrypted message will be sent to the file md Opensslrsautl –in me –out md –inkeyrsa.private -decypt Input message Used key Decryption Output
1024-bit RSA Key File Base64 Encoded(Private) -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDHikastc8+I81zCg/qWW8dMr8mqvXQ3qbPAmu0RjxoZVI47tvs kYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vckNaW2R6U5QTdQ5Rq5u+uV3pMk 7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffBBy0IGO0zc128IshYcwIDAQAB AoGBALTNl2JxTvq4SDW/3VH0fZkQXWH1MM10oeMbB2qO5beWb11FGaOO77nGKfWc bYgfp5Ogrql4yhBvLAXnxH8bcqqwORtFhlyV68U1y4R+8WxDNh0aevxH8hRS/1X5 031DJm1JlU0E+vStiktN0tC3ebH5hE+1OxbIHSZ+WOWLYX7JAkEA5uigRgKp8ScG auUijvdOLZIhHWq7y5Wz+nOHUuDw8P7wOTKU34QJAoWEe771p9Pf/GTA/kr0BQnP QvWUDxGzJwJBAN05C6krwPeryFKrKtjOGJIniIoY72wRnoNcdEEs3HDRhf48YWFo riRbZylzzzNFy/gmzT6XJQTfktGqq+FZD9UCQGIJaGrxHJgfmpDuAhMzGsUsYtTr iRox0D1Iqa7dhE693t5aBG010OF6MLqdZA1CXrn5SRtuVVaCSLZEL/2J5UcCQQDA d3MXucNnN4NPuS/L9HMYJWD7lPoosaORcgyK77bSSNgk+u9WSjbH1uYIAIPSffUZ bti+jc1dUg5wb+aeZlgJAkEAurrpmpqj5vg087ZngKfFGR5rozDiTsK5DceTV97K a3Y+Nzl+XWTxDBWk4YPh2ZlKv402hZEfWBYxUDn5ZkH/bw== -----END RSA PRIVATE KEY-----
Component of the Key File (Private) • ASN.1 Header: Standard Header for encoding • Algorithm Version • Modulus (n) • Public Exponent (e) • Private Exponent (d) • Prime1 (p) • Prime2 (q) Chinese Remainder Theorem (CRT) Representation • exponent 1 • exponent 2 • coefficient
Details For alignment purposes no 00 at the beginning
1024-bit RSA Key(Public) -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHikastc8+I81zCg/qWW8dMr8m qvXQ3qbPAmu0RjxoZVI47tvskYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vck NaW2R6U5QTdQ5Rq5u+uV3pMk7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffB By0IGO0zc128IshYcwIDAQAB -----END PUBLIC KEY----- • Header • Modulus (n) • Public Exponent (e) We are interested in extracting these two values ( n and e)
Commands • Generate private key 1024-bit (n is 1024 bits) > opensslgenrsa -out private.key 1024 • This command gives the details of the key in Linux > opensslrsa -text -in private.key • Generate corresponding public key > opensslrsa -in key.private -pubout -out key.public
Usage of RSA in Networking • Now that we know about: • Key generation • Encryption and decryption • Authentication and confidentiality • Let’s see how they are used in Networking • First we will present the security in the TCP/IP layering system • We will understand the concept • We will practice
Internet Security Protocol • TCP/IP suite protocols introduces some protocols for security. • Those security protocols are at different layers • S/MIME (Secure/Multipurpose Internet Mail Extension) • PGP (Pretty Good Privacy) • Secure Sockets Layer (SSL)Transport Layer Security (TLS) IP Security
SSL – Secured Socket Layer • SSL was developed originally by Netscape in 1995 to provide secure and authenticated connections between browsers and servers. • SSL provides transport layer security. • SSL sits immediately above TCP in the protocol stack • Standardized in 1999 (RFC2246) and called TLS (Transport Layer Security)* * https://datatracker.ietf.org/doc/rfc2246/
SSL Protocols • SSL is composed of four protocols in two layers • SSL was designed to provide anencrypted end-to-end data pathbetween a client and a server • Objectives are security and authentication achieved by: • Data encryption: to protect datain transport • Server and client authentication • Message integrity: so data cannotbe tempered with
SSL Record protocol MAC: • Message Authentication Code (secret Key) • Pass the key over the message to get a value and append it at the end of the message • Used to offer message integrity
SSL Alert protocol • specific alert • fatal: unexpected message, bad record MAC, decompression failure, handshake failure, illegal parameter • warning: no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
The SSL Handshake • A process similar to TCP three-way handshake • Allows server & client to: • Authenticate each other • To negotiate encryption & MAC algorithms • To negotiate cryptographic keys to be used • Comprises a series of messages in phases • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish
SSL Handshake Change_ciphrer_spec : is used to change the ciphering mode or algorithm
IPSec IPSec is a suite of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF) and designed to address the inherent lack of security for IP-based networks. IPSec provide the following services at the network layer: • Access control : to prevent an unauthorized access to the resource. • Connectionless integrity: to give an assurance that the traffic received has not been modified in any way. • Confidentiality: to ensure that Internet traffic is not examined by non authorized parties. All IP datagrams to have their data field encrypted. • Authentication – particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses. • Replay protection – to guarantee that each packet exchanged between two parties is different.
IPSec IPSec protocol achieves its objectives by dividing the protocol suite into two main protocols: • Authentication Header (AH) protocol • The Encapsulation Security Payload (ESP) protocol • Any datagram from a source must be secured with either AH or ESP.
Authentication Header AH AH protocol provides source authentication and data integrity but notconfidentiality. • The source datagram includes an AH inserted between the original IP datagram data and the IP header to shield the data field which is now encapsulated as a standard IP datagram. • When a message is routed through the network, the IP header is used ( i.e. IP address is checked on each router) • Thus the IP address can be encrypted otherwise we cannot route the message properly. Thus to achieve authentication, we encrypt the IP header and store it in the AH. • When the Receiver gets the message he decrypts the message and extracts the IP header and compare it with the one in the actual header • If it is the same, then we can assert that the message is Authentic • If not then we know that a Man in the middle have manipulated the header Actually not encrypted NOTE: parties must share a secret key
Encapsulating Security Payload (ESP) ESP protocol provides source authentication, data integrity, and confidentiality. This has made ESP the most commonly used IPSec header. • Datagrams are secured by ESP by surrounding their original IP datagrams with a new header and trailer fields all encapsulated into a new IP datagram. • Confidentiality is provided by DES_CBC encryption. Next to the ESP trailer field on the datagram is the ESP Authentication Data field. So what is DES-CBC see next slide
DES –CBC (Cipher block Chaining) • The input to the encryption algorithm is the previous ciphertext XORed with the current plaintext with the same key • In effect we chained together the processing of the sequence of plaintext blocks • The first block is XORed with IV (initialization Vector) known by sender and receiver • CBC is appropriate for mode of encryption greater than b bits • The Encryption and Decryption is done using DES (Data Encryption Standard)
IPSec in action AH sent Routing Is done based on header The router take out the AH, Decrypt it, and compare with IP Header. Router deliver the IP packet to Client without AH
HTTPS • HTTPS : Hypertext Transfer Protocol over Secure Socket Layer • HTTPS uses SSL • HTTPS is a used to encrypt and decrypt user page requests as well as the pages that are returned by the Web server. • HTTP listen on port 80 • HTTPS listen on port 443
HTTPS • Why don’t we use HTTPS for all web traffic? • Because HTTPS: • Slow down web servers • Cannot cache HTTPS traffic • Generating more traffic from / to the web servers • ISPs not happy • Cannot filter traffic at firewalls