Ece579s computer network security
1 / 196

ECE579S Computer & Network Security - PowerPoint PPT Presentation

  • Uploaded on

ECE579S Computer & Network Security. Professor Richard A. Stanley, P.E. Overview of Tonight’s Class. Administration Is computer security a problem, or just an interesting topic? What is different between computer security and network security? Computer security objectives and approaches.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' ECE579S Computer & Network Security' - laurie

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ece579s computer network security

ECE579S Computer & Network Security

Professor Richard A. Stanley, P.E.


Overview of tonight s class
Overview of Tonight’s Class

  • Administration

  • Is computer security a problem, or just an interesting topic?

  • What is different between computer security and network security?

  • Computer security objectives and approaches


Organizational details
Organizational Details

  • Prof. Stanley contact information

    • Office: Atwater-Kent 303, but rarely there

    • Hours: by appointment, preferably after class

    • Phone: (508) 269-6482

    • Email: [email protected]



  • Class will normally meet 8:00 AM – 1:00 PM every Friday here. Please be on time.

  • We will hold 8 classes; cancellations will be announced in advance (except weather)

  • Breaks as needed

  • If class is cancelled for bad weather, you should receive notice. Double-check with ECE Dept. (5231) or with me if in doubt.



  • We need to set up a way for notification of cancelled/late classes

  • Please put the following information on the sheet going around:

    • Name

    • Email

    • Telephone

  • Volunteer to be at the top of the list?


Course text
Course Text

  • Computer Security Handbook, 5th Edition, by Bosworth, et al.  ISBN is 978-0471716525. To be published 09 Feb 09 by Wiley. 

  • Additional material will be in the form of handouts


Course web page
Course Web Page


  • Slides will be posted to the page before class, barring any unfortunate problems



  • Homework is due at the class following the one in which it is assigned. It will be accepted--with a one grade penalty--up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly.

  • There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such.


Elements of the course
Elements of the Course

  • Assignments:There will be weekly assignments, which will be graded

  • Presentation:At the end of the course, student teams will present a report prepared on a cryptography-related subject. The presentation should be well-prepared and should give an overview of a special topic in cryptography (e.g. eCash, wireless security, SSL, biometric authentication systems etc.).

  • Examinations:There will be a two written examinations that will cover all topics discussed in class. The questions will range from mild to hard.


Research projects
Research Projects

  • Teams of 3-5 individuals per project

  • Research an information assurance-related topic

  • Prepare a report on the research

  • Present findings

    • Note: a presentation is not the report copied into PowerPoint



  • Grade components

    • Course exams (35%)

    • Homework (20%)

    • Class participation (10%)

    • Course project (35%)


My peculiarities
My Peculiarities

  • I am not a word-counter. When given, word counts are for general guidance only.

  • Bad news doesn’t improve with age. If there are problems, let’s deal with them as soon as they arise.

  • Expect to find ties to historical events in class – not a bad idea to use those for hints as to how some problems develop and expand.


Getting to know you
Getting to Know You

  • My interest and experience in this area

  • Your interests and expertise in this area

    • Cryptography?

    • Networking?

  • Where we might go with this course

  • What you would like from the course


Computer security versus network security

Computer SecurityversusNetwork Security


Computer security involves preventing, detecting, and responding to unauthorized actions on a computer system.

Network security means the same thing for a group of networked computers

Information Assurance covers all the things we do to protect information from unauthorized disclosure and exploitation


Chicken vs egg
Chicken vs. Egg?

To understand network security, you must first understand

computer security. There is no “easy” way around this.

To practice information assurance, you need to know both

computer and network security, as well as quite a lot of

other topics, which we will cover.

We are going to find that this subject crosses many boundaries

of skills and “jurisdiction.” This can be both an opportunity and

a curse.


One view
One View









Computer security what s the big deal
Computer Security: What’s the Big Deal?

  • Not a new problem

  • Not just a creation of the press

  • Not just for rocket scientists

  • As professionals, failure to understand and implement appropriate security can come back to haunt you in terms of liability and reputation


Points to ponder
Points to Ponder

  • Majority of businesses reported attacks against their networks in 2007

    • Almost 20% of these were targeted

  • Average financial losses over $350,000 per organization, highest in last five years

  • Financial fraud displaced viruses as the first place problem

Source: "Issues and Trends: 2007 CSI/FBI Computer Crime and Security Survey"


Recent events
Recent Events

  • WikiLeaks

    • Is this a computer security problem?

  • Denial of Service attacks

    • Both from WikiLeaks supporters and totally unrelated

  • …and?


Virtual warfare
Virtual Warfare

“Cyberspace is another domain in which the U.S. military may face rapidly growing risk. Information technology (IT) permeates every aspect of its operations, from logistics and command and control to targeting and guidance. As the dependence on IT has grown, so, too, has vulnerability to disruptions, especially dirsuptions of battle networks linking U.S. forces.”

Andrew J. Krepinevich, Jr, “The Pentagon’s Wasting Assets,” Foreign Affairs Vol 88, No. 4 (July/August 2009), pg. 25.


It isn t getting better
It Isn’t Getting Better

  • Security surveys show a clear trend in security problems: UPWARDS

  • Nature of attacks constantly changing

  • Evidence of nation-state participation

  • Who among you has not seen or heard at least one computer security news story in the past month?


An object lesson
An Object Lesson

Willie Sutton, 1901-1980. Bank Robber.

Q: “Why do you rob banks, Willie?”

A: “Because that’s where the money is!”

This quote is probably the best-known criminal quote around.

One problem: Willie never said it.

BUT... He said “I probably would have said it if anyone had asked me.”


Where s the money
Where’s The Money?

  • Historically, money was something held to have intrinsic value (e.g., gold, silver)

  • Paper money, until recently, was merely a promise to pay in gold or silver

  • So, money really was in the banks

  • Money today is merely a unit of information

  • ... And it is kept in computers!


The willie factor
The “Willie Factor”

  • Computer crime exists because computers are the repositories of things of value

    • Money

      • This is a common target in industrial attacks

    • Information that is valuable or can be made so

      • This is especially true in government networks, most particularly in defense-related networks

  • Thieves look for low-hanging fruit


A dilemma
A Dilemma

  • Security is something most users want, but that most know little about

  • Security gets in the way of using the computer system

  • The tighter the security, the harder the system is to use, and the more likely it is that the users will bypass security measures


The totally secure system
The Totally Secure System

  • Is relatively simple to build

  • Is useless for any practical purposes

Our job is to learn how to design computer systems to provide the necessary level of security without going overboard.


Why isn t this topic more theoretical
Why Isn’t This Topic More Theoretical?

In theory, there is no difference

between theory and practice.

In practice, there is.

Yogi Berra


Why is a proof elusive
Why Is A Proof Elusive?

  • A secure system must be secure under all conditions of operation

  • This, in turn, demands proof that there is no condition under which it could operate that is insecure, i.e. the negative proposition.

  • But, formal logic teaches us it is impossible to prove a negative

  • Q.E.D.


That said
That Said...

  • We will define a secure computer

  • We will learn how to create a secure computer

  • If it is useless, why?

    • If it can’t exist, we will never know how close we are to achieving security

    • It is a goal towards which we must work


Consider the automobile
Consider the Automobile

  • A perfectly safe automobile does not exist, and cannot exist

  • However, we still strive to build safer autos

    • This is a legitimate engineering pursuit

    • It is socially irresponsible to do otherwise

    • Much of the efforts are based on approaching an unachievable goal



  • Customers expect “reasonably secure” handling of their sensitive data

  • The Devil is in the details

    • What is “reasonable?”

    • What is “secure?”

    • What data is “sensitive?”

    • When is it your responsibility?


What’s the Problem?

  • Financial liability

    • Due diligence

    • Simple negligence

    • Gross negligence

  • Goodwill

  • One bad press release cancels 1000 attaboys

This is a “you bet your business” issue


A curious property of information
A Curious Property of Information

  • Information is the only thing that can be stolen and still leave the owner in possession of it

  • This poses some serious problems, which the course will address


Security aspects
Security Aspects

  • Confidentiality

  • Integrity

  • Availability

  • Accountability

  • Nonrepudiation

  • Risk management

  • Reliability and safety

Security is a




Problem is multidisciplinary
Problem is Multidisciplinary

  • Engineering

  • Computer science

  • Sociology

  • Economics

  • Law and ethics

  • Management

  • and ...


Role of technology
Role of Technology

  • Technology is a useful tool, not a panacea.

  • A clear policy, evenly enforced, is the most critical element of success.

  • Don’t ignore the fundamentals.

    • Many computers have been compromised by not revoking a former employee’s password

    • Most of the threat comes from within

    • The problem is not just maliciousness


Security objectives
Security Objectives


A – I - C



Protect, detect and recover from insecurities


Data vs information
Data vs. Information

  • Data represents information

  • Information is the interpretation of data

This is not as obvious as it appears on the surface!


So what
So What?

  • Protecting the data may not protect the information

  • It is possible to create information from a wide variety of data sources

    • e.g. Wehrmacht order of battle pre-1939

  • The problem is more complex than just putting an armed guard at the door


One view security asset protection
One View:Security = Asset protection

Risk Analysis






Another view focus of control
Another View:Focus of Control









Should protection focus on data, operations, or users?


Man machine scale
Man-Machine Scale




OS kernel


In which layer(s) should security be implemented?



  • Centralized

    • Simple to conceive and implement

    • Bottleneck

  • Decentralized

    • May be more efficient

    • Difficult to implement and maintain

Where to put security tasks and enforcement?


The security perimeter
The Security Perimeter

  • How to keep attackers out of the “layer below” where security is implemented?

    • Recovery tools

    • Devices

    • Memory release

    • Backup

    • Memory dumps


One more time
One More Time

Computer security involves preventing, detecting, and responding to unauthorized actions on a computer system.

Network security means the same thing for a group of networked computers


Why networks matter
Why Networks Matter

  • If computers cannot be secured individually, the network cannot be secure

  • Networking makes the most individually secure computer on the network only as secure as the least individually secure computer on the network.

  • Networking offers new vulnerabilities

  • Speed of mischief increases exponentially


And most especially
And Most Especially...

  • Mobile code is a basic staple of the Internet, and other networks as well

    • This a wholly new paradigm

  • Users are not usually aware of mobile code

  • Novelty and convenience trump security every time



  • One can easily define the security perimeter of a single computer. You can probably even literally “put your arms around it.”

  • One cannot easily define the perimeter of a group of networked computers, except under a set of trivial conditions that are meaningless in practice.

  • So, where to put the security? And HOW to make it happen?



  • A network is an interconnected group of communicating devices.

  • Two primary network types

    • Circuit-switched (connection oriented)

    • Packet-switched (connectionless)

  • Span

    • WAN, MAN, LAN

    • So what? Nothing magic about the name.


Data networks
Data Networks

  • Almost exclusively packet switched

    • Higher efficiency than circuit-switched

    • Computationally intensive to provide

    • Packet loss rate is often very high

      • Largely due to collisions rather than circuit faults

    • Require extensive protocols to operate

      • X.25

      • IP


Network topology
Network Topology

  • The topology of a network is a view of its interconnections, as they would be seen by an observer looking down from great height

  • Topology is important because it has implications for security

  • Three major topologies:

    • star

    • buss

    • ring


Star topology
Star Topology

The orange lines depict one

star -- this slide actually shows

a star-star architecture.


Buss topology
Buss Topology


In a buss topology, all signals pass by all terminals


Ring Topology

A ring is simply a buss with

the ends connected to one another.


How to get there
How To Get There?

  • Every destination on the network must have an address, just as every postal destination must have an address

    • Addresses must be unique

    • Network must know how to recognize address

    • Various addressing schema, e.g.

      • Ethernet

      • IP


Two Network Technologies

  • Token ring

    • Users remain silent until they receive token

    • Pioneered by IBM, not widely used

  • Ethernet

    • Carrier-sense, multiple access/collision detect

    • Binary exponential backoff on collision sense

    • This is a radio network!  Another vulnerability

    • Most widely used architecture today, largely because it is less expensive than token ring


Other network technologies
Other Network Technologies

  • Fiber-Distributed Data Interconnect (FDDI)

    • Self-healing, 100 Mbps dual ring

  • Frame relay

    • Packet data service, built on X.25

  • Synchronous Optical Network (SONET)

  • Asynchronous Transfer Mode (ATM)

    • Can operate at gigabit speeds

      • 53 byte packets; 5 of the bytes are overhead

These are of interest in networking, but not security per se;

they will not be discussed further in this course


Topology misconceptions
Topology Misconceptions

  • The physical interconnection of network elements does not necessarily reflect the logical network topology

    • Ethernet is logically a buss architecture

    • Ethernet, connected using hubs, uses a physical star interconnection

    • Ethernet, connected using coaxial cable, uses a physical buss interconnection


Some network security issues
Some Network Security Issues

  • Users not necessarily registered at the node they are accessing

    • How to authenticate users?

    • What is basis for access control decisions?

  • Some options:

    • User ID

    • User address

    • Service being invoked

    • Cryptographic-based solutions


Ethernet misconceptions
Ethernet Misconceptions

  • IEEE 802.3 = Ethernet

    • Nope! Pure Ethernet is 802.2

  • All Ethernets are created equal

    • Vendor implementation issues

  • The faster the network speed, the faster I can work

    • Signaling speed  data throughput

  • Ethernet maps to the internet


Csma cd throughput
CSMA/CD Throughput

Signaling speed





Ethernet addresses
Ethernet Addresses

  • 48 bits long

  • Address space managed by the IEEE

  • Formerly fixed in hardware at time of manufacture, but increasingly in EEPROM

  • Hardware must recognize at least it’s own physical address and the network multicast address, and possibly alternate addresses


Ethernet frame
Ethernet Frame

NOTE: The proper term in this context for groups of 8 bits is an octet, not a byte.


Network size
Network Size

  • Networks cannot grow to be arbitrarily large

    • Address space

    • Physical interconnection limitations

    • Increasing collisions as users increase

    • Protocol/OS/machine incompatibilities

  • So, how to extend the ability to interconnect an arbitrarily large number of computers?


The arpanet

  • Father of the Internet; first elements in 1969

  • Began as an attempt to conduct and share research to ensure continuity of communications after nuclear war, so

    • Connectionless

    • Assured delivery

    • Self-reconfiguring (sort of)

  • Demonstrated feasibility of internetworking disparate computer networks and machines



  • Internetworking is the interconnection of networks

  • The Internet is an internetwork; all internetworks are not the Internet

  • Very few modern networks exist in isolation; most are internetworked

  • This has important security and legal implications


Internetworking concepts
Internetworking Concepts

  • Networks are interconnected by routers or gateways

    • More about this later in the course

  • Routers route a packet using the destination network address, not the destination host address

    • Analogous to the world postal system and how letters are routed


Internetwork architecture
Internetwork Architecture

Net 1


Net 2


Extended internetworking
Extended Internetworking

Net 1


Net 2

Clearly, this can be

extended ad infinitum,

to form very large



Net 3


Some terms
Some Terms

  • TCP = transmission control protocol

  • IP = internet protocol

  • These protocols have become widely used outside the formally-defined Internet

  • They have some serious flaws, but they work

    • They were not planned to have/need security


Class discrimination
Class Discrimination

  • Address space is 32 bits long (IPv4)

    • Therefore, at most 232 possible addresses (or 4,294,967,296 in decimal notation)

  • Easy to extract netid from address

  • There is not a one-to-one correspondence between IP addresses and physical devices

    • Consider the router

  • Address with hostid=0 refers to network


Ip addressing weaknesses
IP Addressing Weaknesses

  • If a host moves to another network, its IP address must change

  • If a network grows beyond its class size (B or C), it must get a new address of the next larger size

  • Because routing is by IP address, the path taken by packets to a multiple-addressed host depends on the address used


Ip address presentation
IP Address Presentation

  • Usually done in dotted decimal, e.g.,

  • What class of network address is this?

  • As you see, each notation has its uses

10000000 00001010 00000010 00011110

is usually written as


Consider this address
Consider This Address

  • 256.75.301.116

  • What type of network is represented by this address?

  • Why?

    • In dotted decimal, no number can exceed 255, as that is the value of 28-1


Address limits
Address Limits

Class Lowest Address Highest Address







Classless routing
Classless Routing

  • Class-based routing has limitations, as you can readily see

  • This has led to the development of Classless Internet Domain Routing, or CIDR, e.g.

  • In today’s documents, addresses are usually stated in CIDR format


Ip address presentation1
IP Address Presentation

  • Usually done in dotted decimal, e.g.,

  • What class of network address is this?

  • As you see, each notation has its uses

10000000 00001010 00000010 00011110

is usually written as


Consider this address1
Consider This Address

  • 256.75.301.116

  • What type of network is represented by this address?

  • Why?

    • In dotted decimal, no number can exceed 255, as that is the value of 28-1


Reserved addresses
Reserved Addresses

  • First Quad=127 is used for loopback

    • Traffic doesn’t leave the computer

    • Routed to the IP input queue

    • Usually see

  • Unregistered addresses

    • Class A thru

    • Class B thru

    • Class C thru


The future of ip
The Future of IP

  • IPv4 has shortcomings that are becoming important for modern networking

  • The IETF’s solution is a new version of IP, Version 6, written as IPv6

    • Increased address space (128 vs. 32 bits)

    • Support for network autoconfiguration

    • Better support for routing

    • Better security support


Ipv6 issues
IPv6 Issues

  • It is not backwards compatible with IPv4

    • Given the change in address space alone, how could it be?

    • Requires translator to go v4v6, vice versa

  • Huge investment in installed IPv4 mitigates against rapid changeover

    • But the Defense Department is going there now

  • Network address translation (NAT) helps reduce need for new address space

  • Some services, like IPSec, now available for IPv4

  • Bottom line: changeover not likely to be quick except in defense applications


Ports and sockets
Ports and Sockets

  • Ports are associated with services, e.g.,

    • Port 53 is usually the domain name service (DNS)

    • Port 80 is usually the hypertext transfer protocol service

  • A socket is the combination of an IP address and a port, e.g.

  • Sockets enable multiple simultaneous services to run on a single address


Address registration
Address Registration

  • Internet Corporation for Assigned Names and Numbers (ICANN) handles:

    • IP address space allocation

    • protocol parameter assignment

    • domain name system management

    • root server system management functions

  • Only essential to register addresses that appear on the global network, but registration is preferred





  • A protocol is simply an agreed-upon exchange of information required to perform a given task

    • IP is a protocol

    • So is TCP

  • Networks utilize protocols to accomplish all the important tasks they perform

  • Layered protocols are common


Protocol layering
Protocol Layering

  • Refers to a protocol running on top of another protocol

  • Layered protocols are designed so that layer n at the destination receives exactly the same object sent by layer n at the source


Tcp ip layering model
TCP/IP Layering Model





TCP Packets


IP Datagrams

Network Interface

Ethernet/Token Ring



Some common protocols
Some Common Protocols

  • ARP maps IP addresses to physical addresses

  • RARP determines IP address at startup

  • IP provides for assured connectionless datagram delivery

  • ICMP handles error and control messages

  • UDP defines user datagrams (no assurance of delivery)

  • IKE handles crypto key management functions

  • TCP provides reliable stream transport



  • Assumes little about underlying network

  • Reliable delivery characteristics:

    • Stream orientation

    • Virtual circuit connection

    • Buffered transfer

    • Unstructured stream

    • Full duplex connection


Positive acknowledgement with lost packet
Positive Acknowledgement With Lost Packet



  • A communications protocol, NOT a piece of software

  • Provides

    • Data format

    • Data acknowledgement for reliable transfer

    • How to distinguish multiple destinations

    • How to set up and break down a session

  • Very complex


Internet round trip delays
Internet Round Trip Delays

This data is old, but

still meaningful if you

ignore the absolute values

of the delays.



  • Cannot be avoided or predicted (except statistically)

    • Packet delivery times will vary

    • Many packets will simply be lost

  • So, as a network designer...

    • How long do you wait to assume nondelivery?

    • How do you slide the window?

    • How do you back off on collision detect?

    • How do you respond to congestion?

    • …etc.


Ending a tcp session
Ending a TCP Session

This implies that a TCP session could be left “half open.” That is true.


Other network protocols
Other Network Protocols

  • NetBIOS

  • NetBUI

  • IPX

  • X.25

  • ATM

  • Message: TCP/IP is not the only show in town is the most popular show in town


Network facts
Network Facts

  • Most computers today are connected to a network (consider the Internet), at least for part of the time they are in operation

  • Most local networks are internetworked

  • How to provide authenticity, integrity, confidentiality, availability?

  • Cryptography can help provide all the security services except availability


Network summary 1
Network Summary--1

  • Security is a real need in real systems

  • Defense systems are particularly attractive targets

  • The issues involved cross the disciplines of computer science, engineering, and management

  • Several models can be visualized for the security mechanisms


Network summary 2
Network Summary--2

  • Networks and internetworking have become ubiquitous

  • Networking allows interconnection of computers without much concern for the local OS or machine architecture

  • Networking raises many serious security issues, which must be solved for networks to be useful in modern business settings

  • The pace of network security problem development far exceeds the pace of their solution


Types of cryptosystems
Types of Cryptosystems

  • Symmetric key

    • Since times B.C.E. to today

    • Also called private key, which has become confusing

  • Asymmetric key

    • Invented in 1976

    • Also called public key systems

  • Hybrid Systems


The players
The Players

  • Alice: commonly used to denote the sender of cryptographic traffic

  • Bob: commonly used to indicate the recipient of that traffic

  • Eve: an eavesdropper

  • Oscar: a generalized “bad guy”


Symmetric key cryptosystems
Symmetric Key Cryptosystems

  • Problem Statement: Alice and Bob want to communication over an un-secure channel (e.g., computer network, satellite link). They want to prevent Oscar (the bad guy) from listening.

  • Solution: Use of private-key cryptosystems (these have been around since ancient times) such that if Oscar reads the encrypted version y of the message x over the unsecured channel, he will not be able to understand its content because x is what really was sent.


Symmetric key cryptography
Symmetric Key Cryptography



Shared private key

Alice’s message

Shared private key



Perhaps the most famous

cipher machine in history.

This is an early model. Later test

versions had as many as five rotors.

Standard Kriegsmarine machines had

four rotors after about 1943.

Enigma was a tactical machine--

designed for battlefield use.

Even today, Enigma would provide

excellent security…IF no errors

occurred on the part of the operators.



Similar in theory

to Enigma.

Designed for strategic

(fixed station) use; note

direct punching of

teletypewriter paper

tape for transmission.


Kerckhoffs principle
Kerckhoffs’ Principle

  • Secrecy must reside solely in the key

    • It is assumed that the attacker knows the complete details of the cryptographic algorithm and implementation

  • A. Kerckhoffs was a 19th century Dutch cryptographer

  • Ergo, Security by obscurity doesn’t work!


Enigma and sigaba
Enigma and Sigaba

  • Illustrate the validity of Kerckhoff’s theorem

  • Even when cryptanalysts were armed with a nearly perfect replication of the Enigma logic, brute-force keyspace search was useless for providing practical results

  • The key needed to be discovered!


Other crypto systems
Other Crypto Systems

  • Substitution ciphers

    • Most famous is the Caesar cipher: monoalphabetic substitution with offset = 3

    • Transposition ciphers in this group

    • Children’s decoders usually in this category

  • Book ciphers

  • Codebooks


Problem areas
Problem Areas

  • Languages have well-known statistics

    • E.g., “e” is most common letter in English

    • This can be exploited for cryptanalysis

    • Thus, substitution ciphers are not very secure

    • Similar problems plague book ciphers, etc.

  • The only way to achieve true security is to make the ciphertext appear as random as possible


Modern cryptography uses electronic digital systems
Modern Cryptography Uses Electronic Digital Systems

  • Advantages:

    • Speed

    • Accuracy

    • Ability of using complex mathematics

  • Disadvantages

    • Complex equipment

    • Electronic vulnerabilities

    • Key management


Symmetric ciphers
Symmetric Ciphers

  • Same code at each end

  • Important that message length < cipher length

  • Billions of combinations possible

  • Codes changed frequently

  • Each circuit requires a code pair


Cipher example mauborgne vernam


Plain: 001 010 011 100

+key: 111 011 010 101

Cipher: 110 001 001 001


Cipher: 110 001 001 001

+key: 111 011 010 101

Plain: 001 010 011 100

Cipher Example (Mauborgne/Vernam)

The ciphertext is simply the plain text added to the key,

modulo 2. This is a reversible process, as seen above.


How to achieve good cryptography
How to Achieve Good Cryptography?

  • Well-reviewed algorithms

    • So weaknesses cannot “hide” until after implementation

  • Excellent key generation & management

    • To maintain secrecy of the key

  • Algorithms that are sufficiently complex so as to not permit feasible exhaustive attacks


Feistel ciphers characteristics
Feistel Ciphers: Characteristics

  • Special class of iterated block ciphers

  • Ciphertext calculated from plaintext by repeated application of the same transformation or round function

  • Encryption and decryption are structurally identical (subkey order reversed for decryption)

  • Fast, even in software implementation

  • Easily analyzed (i.e., deficiencies more readily found by analysis)


Feistel ciphers in operation
Feistel Ciphers in Operation

  • Plaintext split into two halves

  • Round function f is applied to one half using a subkey

  • Output of f is XOR’d with the other half of the plaintext

  • Two halves are swapped

  • Process repeated for n rounds

  • No swap after last round


Des feistel applied
DES: Feistel Applied

  • DES: Data Encryption Standard

  • Formal specification -- FIPS PUB 46-3, last affirmed 25 October 1999

  • Describes two cryptographic algorithms

    • DES

    • TDEA (commonly referred to as 3DES)

  • DES based on IBM Lucifer cipher of 1974


Des characteristics
DES Characteristics

  • 64-bit block cipher

  • 56-bit key, with additional 8 bits used for error checking (odd parity on each byte)

  • Four operating modes (not unique to DES)

    • Electronic Codebook (ECB)

    • Cipher Block Chaining (CBC)

    • Cipher Feedback (CFB)

    • Output Feedback (OFB)


Subkey generation
Subkey Generation

  • Creating the subkeys in a Feistel cipher has a major effect on the overall security of the algorithm

    • Possible to create weak keys

    • Changes in the subkey algorithm can result in effectively different realizations of the algorithm

  • DES is based on Feistel rounds, and uses a complex method of subkey generation


Des enciphering computation
DES Enciphering Computation

Feistel round


Cipher function f r n k n
Cipher Function, f(Rn,Kn)


How can this happen
How Can This Happen?

  • Turn 32-bit plaintext into 48-bit output

  • Add to 48-bit key

  • Get 32-bit output




  • E-function takes the input to the Feistel round and expands it to 48 bits

  • S boxes (for substitution) permute bits to produce the proper output

  • Inverse permutation (IP-1) restores bit order after the 16 Feistel rounds


S box example
S-box Example


Principal operating modes fips pub 81
Principal Operating Modes(FIPS PUB 81)

  • Electronic Code Book (ECB)

    • Encrypts one block at a time with selected key

    • Vulnerability: repeated plaintext can reveal key, and then all cipher blocks can be decrypted

  • Cipher Block Chaining (CBC)

    • Input to each block is the output of the previous block next plaintext block

    • Initial block XOR’d with an Initialization Vector (IV)






Additional modes 1
Additional Modes -1

  • Cipher Feedback Mode

    • previous ciphertext block encrypted and output XOR’d with plaintext block to produce current ciphertext block

    • can use feedback that is less than one full data block

    • initialization vector used as “seed” for the process.




Additional modes 2
Additional Modes -2

  • Output Feedback Mode (OFB)

    • similar to CFB mode except data XOR’d with each plaintext block is generated independently of both the plaintext and ciphertext

    • initialization vector s0 used as “seed” for a sequence of data blocks si

    • each data block si derived from encryption of the previous data block si-1




Importance of des
Importance of DES

  • Ubiquitous, U.S. federal standard

  • When standardized, 56-bit key made cipher computationally secure

    • This is no longer the case

    • DES has been broken using brute force attacks in hours, using desktop PCs

  • Immediate fix: Triple Data Encryption Algorithm (or Triple DES, 3DES)






Tdea realities
TDEA Realities

  • Two keying options

    • Three separate keys (as shown previous slide)

    • Two keys; EK1 = EK3

    • Resultant key lengths of 168 or 112 bits

  • For mathematical reasons we won’t go into here, 3-key TDEA is only about twice as secure as DES, not 3 times as secure

  • Implemented in hardware, 3-key TDEA can achieve throughputs approaching 1 Gbps


Tdea advantages
TDEA Advantages

  • Thoroughly analyzed, unlikely to have any hidden vulnerabilities

  • Much less vulnerable to brute force attack than DES

  • Can be implemented in silicon, with very fast throughput


Tdea disadvantages
TDEA Disadvantages

  • Algorithm produces slow software implementations

  • Limited to 64-bit block size

  • Trebles the key distribution problem of DES


Des decryption
DES Decryption

  • As DES is a Feistel cipher, decryption uses the same engine as does encryption

  • For decryption:

    • The DES engine is precisely the same as the encryption engine -- it is not run in reverse (e.g. with the input coming in the “bottom”)

    • Instead, the key scheduleis run in reverse; i.e. the first subkey used is K16, then K15, etc., finishing with K1


Des mathematics
DES Mathematics

  • Only two functions used

    • XOR

    • Data permutation or shifting

  • At the heart of the DES engine, inside the f-box, is a Vernam cipher machine!

  • Vernam, by itself, is insecure. What makes DES secure?


Symmetric crypto keys
Symmetric Crypto Keys

  • Ideally, are purely random numbers

  • This is possible because:

    • The keys are prepositioned at each end

    • Random numbers can be generated by capturing stellar noise, diode shot noise, etc.

    • The parties need only agree on where in the key stream to start

    • The key does not have to obey any mathematical function other than randomness

  • Many implementations use pseudo-random numbers, which are not truly random


Aes the next generation
AES: The Next Generation

  • Advanced Encryption Standard (FIPS PUB 197)

    • Established to counter weaknesses of DES

    • Adopted as U. S. standard November 26, 2001

    • Became effective May 26, 2002

    • Based on Rijndael algorithm

      • Joan Daemen and Vincent Rijmen, Belgians, authors

    • Key lengths of 128, 192, and 256 bits

    • Block size of 128 bits


Rijndael structure
Rijndael Structure

  • Rijndael is not a Feistel cipher; rather, it uses substitution boxes

  • “...typically part of the bits of the intermediate state are simply transposed unchanged to another position”

  • “...[each] round transformation is composed of three distinct invertible uniform transformations”


Aes future
AES’ Future

  • Clearly intended to replace DES & TDEA

  • Designed for efficient software implementation

  • Not yet as thoroughly analyzed as DES

  • Many implementations on the market Probably a long coexistence of TDEA & AES


Breaking symmetric ciphers
Breaking Symmetric Ciphers

  • Brute force

    • Inelegant, but sometimes effective if enough computing power can be brought to bear

    • If cipher is complex enough, this doesn’t work

  • Exploit errors

    • Same message enciphered in two codes

    • Plaintext attack

    • Exploit operator errors


Brute force attacks on symmetric cryptosystems
Brute Force Attacks on Symmetric Cryptosystems

Assume a number N, having L decimal digits ([email protected]).

Now posit a computer capable of 1010 divisions/second.

The computer can factor any N, using the trial division method,

in approximately N0.5/1010 seconds.

If N has 100 digits, this process will require approximately

1040 seconds.

However, the currently estimated age of the Universe is

only approximately 3.8 x 1017 seconds!


Key types
Key Types

  • Permanent

    • Used for a fixed, prearranged period of time

    • Typically used for applications such as key distribution, government communications, etc.

  • Session

    • Valid only for current communications session

    • Destroyed after session terminates


Key distribution problem
Key Distribution Problem

  • Secret keys must be prepositioned at all locations before secure communications can occur.

  • How to do this?

    • Secure physical transport

    • Secure electronic transport

      • The search for a way to accomplish this led to the development of public key cryptography, which we will look at next


Asymmetric ciphers
Asymmetric Ciphers

  • Also known as public key cryptography

  • Until Diffie-Hellman in 1976, this concept was heretical. It is still counterintuitive.

  • Key has two parts

    • Public: everybody knows or can know

    • Private: only holder knows

  • Based on large prime numbers


Asymmetric cryptography
Asymmetric Cryptography



Bob’s private key

Alice’s message

Bob’s public key


Curious public key properties
Curious Public Key Properties

  • The encryption function is one-way

  • The encryption process is fungible

    • Can encrypt with public key and decrypt with private key, and vice versa

  • So what?

    • How about using this approach to sign documents?

    • Can a signed document be used for authentication?


The original goal
The Original Goal

  • Diffie and Hellman did not set out to invent a new kind of cryptography

  • The goal was to find a way to establish symmetrical session keys without prior placement of the keys by some other means

    • i.e. to solve the key distribution problem

  • This is still the primary use of the D-H exchange


But then
But then...

  • Diffie-Hellman key exchanges proved immensely useful

  • Others found that there other uses for this general crypto principle and algorithms were developed for encrypting data

    • RSA

    • El Gamal

    • etc.


Something different
Something Different

  • Clearly, asymmetric crypto differs in a basic way from symmetric crypto

    • The keys are mathematically related, and cannot be purely random numbers

    • The algorithms are quite different from the universe of Feistel ciphers and S-boxes

  • Is this a replacement for symmetric crypto, or a complement to it?


Asymmetric crypto properties
Asymmetric Crypto Properties

  • The encryption function is one-way

  • The encryption process is fungible

    • Can encrypt with public key and decrypt with private key, and vice versa

  • So what?

    • Could this approach be used to sign documents?

    • Can a signed document be used for authentication?


How does it work
How Does It Work?

  • Asymmetric cryptography is based on modulus arithmetic

  • Modulus arithmetic makes it computation-ally infeasible to recover the number whose modulus is stated, provided certain conditions are met

  • You can cheat: the Windows calculator has a modulus arithmetic mode


Diffie hellman key exchange 1
Diffie-Hellman Key Exchange-1

  • Alice and Bob agree on a large prime, n and g, where g is primitive mod n. These need not be kept secret

  • Alice chooses a large random integer x and sends to Bob: X=gx mod n

  • Bob chooses a large random integer y and sends to Alice: Y=gy mod n

  • NB: x and y are never transmitted


Diffie hellman key exchange 2
Diffie-Hellman Key Exchange-2

  • Alice computes k=Yx mod n

  • Bob computes k’=Xy mod n

  • But k = k’ = gxy mod n

  • Therefore, Bob and Alice now have a secret key, k, that they can share for communications

  • Eavesdroppers know only n, g, X, and Y, not x or y, which are required to compute k


Diffie hellman security
Diffie-Hellman Security

  • D-H security depends on the difficulty of factoring large numbers (size of n)

  • It is computationally infeasible to recover x and y from the data known to an eavesdropper by any means other than exhaustive key search

  • Caveats

    • n must be large

    • ((n-1)/2) should also be prime

    • g can be small -- even one digit


Diffie hellman drawbacks
Diffie-Hellman Drawbacks

  • Slow!

    • Computationally intensive

    • Requires several communications exchanges

  • Example:

    • Using D-H to set up a session key in a cellular telephone could take nearly one minute!

  • So, other key exchange protocols have been established that are more efficient


Asymmetric crypto uses
Asymmetric Crypto Uses?

  • Only good for key exchange?

  • As it turns out, NO

    • Other algorithms useful for providing data secrecy, like symmetric cryptography

    • Can be used to provide

      • confidentiality

      • integrity

      • authenticity


Rsa encryption algorithm
RSA Encryption Algorithm

  • Ron Rivest, Adi Shamir, Len Adelman

    • First published 1978, from MIT

    • Block cipher, asymmetric key

    • Plain and cipher texts are integers between 0 and n-1, for some n that is part of the keys

  • Like all asymmetric key systems, RSA depends for security on the difficulty of factoring large numbers

    • There is a problem here


Rsa mechanics
RSA Mechanics

  • C = ciphertext

    • C = Me mod n

  • M = plaintext

    • M = Cd mod n = (Me)d mod n = Med mod n

  • Both parties know n, e

  • Only the receiving party knows d



  • Public key: KU = {e,n}

  • Private key: KR = {d,n}

  • Requirements for this to work:

    • e, d, n exist such that Med = M mod n for all M<n

    • Easy to calculate Meand C for M<n

    • Infeasible to calculate d given e, n

      • Computationally secure if e, n sufficiently large


Important definitions
Important Definitions

  • Euler’s totient function, (n)

    • Defined as the number of positive integers < n and relatively prime to n

    • Can show that if n=pq, (n) = (p-1)(q-1)

  • Relatively prime numbers

    • a and b (integers) are relatively prime if they have no prime factors in common

      • i.e. only common prime factor is unity


Rsa example
RSA Example

  • Select two primes: p = 7, q = 17

  • Calculate n = pq = 7 x 17 = 119

  • Calculate (n) = (p-1)(q-1) = 6 x 16 = 96

  • Select e relatively prime to & less than (n)

    • In this example e = 5

  • Calculate d = e-1 mod (n) = 77

  • KU = {5, 119} KR = {77, 119}

This bit is

perhaps unclear

Public key Private key


Another view
Another View

  • d = e-1 mod (n) looks difficult, as e-1< 1

  • Multiply both sides by e, which gives

    de = 1 mod (n), where (n) = 96 in this case

  • e has been selected as being 5, therefore we must now find the value for d that satisfies the above equation

  • 77 is that value, as 5 x 77 = 1 mod 96

    77 x 5 = 385 = 4 x 96 + 1


Rsa encrypt decrypt
RSA Encrypt/Decrypt

  • Using KU, KR we have calculated, let M=19 (plaintext)

    • KU = {5, 119} KR = {77, 119}

  • Encryption:

    • Me mod n = 195 mod 119 = 66 = C (ciphertext)

  • Decryption

    • Cd mod n = 6677 mod 119 = 19 = M (plaintext)

  • Q.E.D.

Public key e , n Private key d, n


Rsa importance
RSA Importance

  • Together with Diffie-Hellman, RSA is the most widely used asymmetric key algorithm

  • RSA was patented by its inventors, but the patents expired in 2000

  • RSA is now freely usable by anyone, and is widely incorporated into common products, such as web browsers, VPN devices, etc.


Breaking rsa
Breaking RSA

  • Discover the private key, d

    • Easy to do if p and q, factors of n, are known

    • Hard part is factoring n

    • Factoring 200-digit n has been done

  • Find eth roots mod n

    • Not known to be equivalent to factoring

    • No general methods known

  • Brute force key search


Practical rsa security
Practical RSA Security

  • Choose a sufficiently large n

    • 200 digits  663 bits, which has been factored

      • 9 May 2005, Jens Franke, et al., Univ. of Bonn

    • So, choose n > 1000 bits (1024, 2048, 4096)

    • Evaluate how long security is required, as longer keys require more computation, and are therefore slower to encrypt/decrypt

  • Guard the private key carefully!


Why do we want to do this
Why Do We Want to Do This?

  • Symmetric cryptography is fast

  • Asymmetric cryptography is slow

    • As much as 1000X slower than symmetric

  • Therefore, we want to use the slow asymmetric crypto -- which does not require prepositioning of keys -- to create and/or exchange symmetric session keys so that data can be exchanged quickly


Crypto summary
Crypto Summary

  • Both symmetric and asymmetric crypto have their uses in communications

  • Symmetric keys can be purely random, but asymmetric keys are mathematically related

  • Symmetric crypto is much faster than asymmetric, which leads to combining the types in practical applications



  • Read Bishop, Chapters 9 & 11

  • Prove that decryption in a Feistel cipher can be done by applying the encryption algorithm to the ciphertext, with the key schedule reversed.

  • Suppose a sequence of plaintext blocks, x1…xn, yields the ciphertext sequence y1…yn. Suppose that one ciphertext block, say yi, is transmitted incorrectly. Show that the number of plaintext blocks that will be decrypted incorrectly is equal to one in ECB or EFB modes, and equal to two if CBC or CFB modes are used.