1 / 18

CPS 512 Computer Security

CPS 512 Computer Security. Private Key Algorithms RSA SSL. Private Key Exchange. Private Key method. Trent. E ka (k). E kb (k). Generates k. Alice. Bob. Trusted third party Trent has already exchanged private keys ka and kb with Alice and Bob, respectively. Public Key method.

awu
Download Presentation

CPS 512 Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CPS 512 Computer Security Private Key Algorithms RSA SSL CPS 290

  2. Private Key Exchange • Private Key method • Trent • Eka(k) • Ekb(k) • Generates k • Alice • Bob • Trusted third party Trent has already exchanged private keys ka and kb with Alice and Bob, respectively. • Public Key method • Ek1(k) • Alice • Bob • Generates k • k1 = Bob’s public key • Or we can use a direct protocol, such as Diffie-Hellman (discussed later) CPS 290

  3. Plaintext • Ek(M) = C • Encryption • Key1 • Cyphertext • Decryption • Dk(C) = M • Key1 • Original Plaintext Private Key Algorithms • What granularity of the message does Ek encrypt? CPS 290

  4. Private Key Algorithms • Block Ciphers: blocks of bits at a time • DES (Data Encryption Standard)Banks, linux passwords (almost), SSL, kerberos, … • Blowfish (SSL as option) • IDEA (used in PGP, SSL as option) • Rijndael (AES) – the new standard • Stream Ciphers: one bit (or a few bits) at a time • RC4 (SSL as option) • PKZip • Sober, Leviathan, Panama, … CPS 290

  5. Private Key: Block Ciphers • Encrypt one block at a time (e.g. 64 bits) • ci = f(k,mi) mi = f’(k,ci) • Keys and blocks are often about the same size. • Equal message blocks will encrypt to equal codeblocks • Why is this a problem? • Various ways to avoid this: • E.g. ci = f(k,ci-1 mi) “Cipher block chaining” (CBC) • Why could this still be a problem? • Solution: attach random block to the front of the message CPS 290

  6. Iterated Block Ciphers • m • key • Consists of n rounds • R = the “round” function • si = state after round i • ki = the ith round key • k1 • R • s1 • k2 • R • s2 • . • . • . • . • . • . • kn • R • c CPS 290

  7. Iterated Block Ciphers: Decryption • m • key • Run the rounds in reverse. • Requires that R has an inverse. • k1 • R-1 • s1 • k2 • R-1 • s2 • . • . • . • . • . • . • kn • R-1 • c CPS 290

  8. Feistel Networks • If function is not invertible rounds can still be made invertible. Requires 2 rounds to mix all bits. • high bits • low bits • R • R-1 • ki • ki • F • F • XOR • XOR • Forwards • Backwards • Used by DES (the Data Encryption Standard) CPS 290

  9. Product Ciphers • Each round has two components: • Substitution on smaller blocksDecorrelate input and output: “confusion” • Permutation across the smaller blocksMix the bits: “diffusion” • Substitution-Permutation Product Cipher • Avalanche Effect: 1 bit of input should affect all output bits, ideally evenly, and for all settings of other in bits CPS 290

  10. Rijndael • Selected by AES (Advanced Encryption Standard, part of NIST) as the new private-key encryption standard. • Based on an open “competition”. • Competition started Sept. 1997. • Narrowed to 5 Sept. 1999 • MARS by IBM, RC6 by RSA, Twofish by Counterplane, Serpent, and Rijndael • Rijndael selected Oct. 2000. • Official Oct. 2001? (AES page on Rijndael) • Designed by Rijmen and Daemen (Dutch) CPS 290

  11. Public Key Cryptosystems • Introduced by Diffie and Hellman in 1976. • Plaintext • Public Key systems K1 = public key K2 = private key • Ek(M) = C • Encryption • K1 • Cyphertext • Digital signatures K1 = private key K2 = public key • Decryption • Dk(C) = M • K2 • Original Plaintext • Typically used as part of a more complicated protocol. CPS 290

  12. Example of SSL (3.0) • SSL (Secure Socket Layer) is the standard for the web (https). • Protocol (somewhat simplified): B (Bob) -> A (amazon.com) • B->A: clienthello: protocol version, acceptable ciphers • A->B: serverhello: cipher, session ID, |amazon.com|verisign • B->A: key exchange, {masterkey}amazon’s public key • A->B: server finish: ([amazon,prev-messages,masterkey])key1 • B->A: client finish: ([bob,prev-messages,masterkey])key2 • A->B: server message: (message1,[message1])key1 • B->A: client message: (message2,[message2])key2 • |h|issuer = Certificate • = Issuer, <h,h’s public key, time stamp>issuer’s private key • <…>private key= Digital signature {…}public key= Public-key encryption • [..] = Secure Hash (…)key = Private-key encryption • key1 and key2 are derived frommasterkeyand session ID • hand-shake • data CPS 290

  13. Server Name Issue • The client expects the server to send a certificate matching the domain of the requested Web site. • But the client doesn’t tell the server which Web site it is requesting -- not a problem if server hosts only one site. • For servers hosting multiple secure Web sites, the “solution” is to assign multiple IP addresses to the network interface, one for each certificate. • Akamai uses approximately 10M IP addresses for this purpose. • Better solution: “server name” extension in successor to SSL, TLS CPS 290

  14. TLS Client Hello – TLS Version 1.0 (SSL 3.1) CPS 290

  15. TLS Client Hello Message – Cipher Suite CPS 290

  16. TLS Client Hello – Server Name Extension CPS 290

  17. TLS Server Hello -- Cypher CPS 290

  18. TLS Server Hello – Certificate CPS 290

More Related