1 / 21

CS 313 Introduction to Computer Networking & Telecommunication

CS 313 Introduction to Computer Networking & Telecommunication. Network Security (A Very Brief Introduction). Network Security. Secrecy Keeping information out of the hands of unauthorized users Nonrepudiation Signature (sender cannot deny and receiver cannot concoct) Authentication

lloftin
Download Presentation

CS 313 Introduction to Computer Networking & Telecommunication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction) Chi-Cheng Lin, Winona State University

  2. Network Security • Secrecy • Keeping information out of the hands of unauthorized users • Nonrepudiation • Signature (sender cannot deny and receiver cannot concoct) • Authentication • Determining whom you are talking to before further actions • Integrity control • How can it be sure that a message received was really the one sent (not modified by intruders)

  3. Cryptography • Cryptology = cryptography + cryptanalysis • Cryptography: devising ciphers • Crytoanalysis: breaking ciphers • Encryption and decryption • C = Ek(P) P = Dk(C) Dk(Ek(P)) = P where P: plain text C: cipher K: key E and D are two-parameter functions

  4. Encryption Model The encryption model (for a symmetric-key cipher).

  5. Cryptography • Kerckhoff’s Principle • All algorithms must be public; only the keys are secret • Key • Secret and easily changed • Length is an issue • The longer the key, the higher the cyrptanalysis work factor

  6. Cryptography • Secrecy = strong but public algorithm + long key • Analogy: combination lock • Two types of cryptography • Symmetric-key cryptography • Public-key cryptography

  7. Symmetric-Key Cryptography • Secret keys • Used for both encryption and decryption • Decryption key is the same as or can be easily derived from encryption key • Problem: Must be distributed • Examples • DES (Data Encryption Standard) • AES (Advanced Encryption Standard)

  8. Public-Key Cryptography • Use two different keys • Public key • Private key • Public key • Used by entire world to encrypt messages to be sent to that user • Private key • Needed by user to decrypt messages • Decryption key could not (or is hard to) be derived from encryption

  9. Public-Key Cryptography • Requirements • D(E(P)) = P • It's exceedingly difficult to deduce D from E • E cannot be broken by a chosen plaintext attack

  10. Public-Key Cryptography - Method • A wants to receive secret messages • 2 algorithms are devised meeting requirements • Encryption algorithm and key, EA, are made public • Decryption algorithm is published but decryption key, DA, is secret • B wants to send secret message, P, to A • EA(P) is computed by B and then sent to A • DA(EA(P)) = P is performed by A

  11. Public-Key Cryptography - RSA Algorithm • Named after Rivest, Shamir, and Adleman, 2002 Turing Award winners (http://www.acm.org/awards/turing_citations/rivest-shamir-adleman.html) • Based on number theory • Method • Choose two large primes, p and q • Compute n = p • q and z = (p - 1)(q - 1) • Choose a number, d, relatively prime to z • Find an e such that (e • d) mod z = 1

  12. Public-Key Cryptography - RSA Algorithm • Encryption • Divide plaintext (bit string) into blocks • Each P [0,n) (blocks of k bits, 2k < n) • C = P e mod n • Decryption • P = C d mod n • Public key: (e, n) • Private key: (d, n)

  13. RSA Algorithm - Example Let p = 3, q = 11 n = 33, z = 20 Choose d = 7  e = 3 Public key = (e, n) = (3,33) Private key = (d, n) = (7,33)

  14. RSA Algorithm • As n and e are known, we could compute z and by factoring n, and d can then be computed … • Why does RSA work? • A large number is very difficult to factor • E.g., factoring a 500-digit number: 1025 years • If p and q chosen ~ 2512 then n ~ 21024 Each block could be up to 1024 bits (128 8-bit characters)

  15. Digital Signatures • Secret-key signatures Big Brother A’s “signature” A’s ID BB’s “signature” Random number generated by A, guard against “instant replay” Timestamp, guard against “very old message replay” KA: A’s secret key KB: B’s secret key

  16. Digital Signatures • Public-key signatures + secrecy

  17. Public-Key Signatures Criticisms of DSS: • Too secret • Too slow • Too new • Too insecure

  18. Digital Signatures • Authentication without secrecy • Message digests (MD) • Based on one-way hash function • Given P, it’s easy to compute MD(P) • Given MD(P), it’s effectively impossible to find P • Given P no one can find P’ s.t. MD(P’) = MD(P) • A change to the input of even 1 bit produces a very different output

  19. Digital Signatures • Public-key and MD Ensure P’s integrity, but not secrecy

  20. Authentication • Secret-key authentication Random number generated by A, serve as a “challenge” Secret key shared by A and B Random number generated by B

  21. Authentication • Public-key authentication Proposed session key

More Related