1 / 22

EE 122: Lecture 24 (Security)

EE 122: Lecture 24 (Security). Ion Stoica December 4, 2001. Security Requirements. Authentication Ensures that the sender and the receiver are who they are claiming to be Data integrity Ensure that data is not changed from source to destination Confidentiality

mliss
Download Presentation

EE 122: Lecture 24 (Security)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE 122: Lecture 24(Security) Ion Stoica December 4, 2001

  2. Security Requirements • Authentication • Ensures that the sender and the receiver are who they are claiming to be • Data integrity • Ensure that data is not changed from source to destination • Confidentiality • Ensures that data is red only by authorized users • Non-repudiation • Ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture) istoica@cs.berkeley.edu

  3. Cryptographic Algorithms • Security foundation: cryptographic algorithms • Secret key cryptography, Data Encryption Standard (DES) • Public key cryptography, RSA algorithm • Message digest, MD5 istoica@cs.berkeley.edu

  4. Symmetric Key • Both the sender and the receiver use the same secret keys Plaintext Plaintext Internet Encrypt with secret key Decrypt with secret key Ciphertext istoica@cs.berkeley.edu

  5. Data Encryption Standard (DES) • DES encrypts a 64-bit block of plain text using a 64-bit key • Three phases • Permute the 64 bits in the block • Apply a given operation 16 times on the 64 bits • Permute the 64 bits using the inverse of the original permutation 1st phase Round 1 . . . key 2nd phase Round 16 3rd phase istoica@cs.berkeley.edu

  6. Operation in Each Round of 2nd Phase 0 63 • Key is 56 bits • Each round the key is modified and 48 bits are selected from it. Given result Ki, the following operations are performed 63 32 31 0 Li-1 Ri-1 Ki F + Li Ri istoica@cs.berkeley.edu

  7. Encrypting Larger Messages • Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext Block1 Block2 Block3 Block4 IV + + + + DES DES DES DES Cipher1 Cipher2 Cipher3 Cipher4 istoica@cs.berkeley.edu

  8. Discussion • Can provide confidentiality • No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search • To increase security use triple-DES, i.e., encrypt the message three times istoica@cs.berkeley.edu

  9. RSA (Rivest, Shamir, and Adleman) • Sender uses a public key • Receiver uses a private key Plaintext Plaintext Internet Encrypt with public key Decrypt with private key Ciphertext istoica@cs.berkeley.edu

  10. Generating Public and Private Keys • Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q • Chose encryption key e such that e and (p-1)*(q-1) are relatively prime • Compute decryption key d, where d = e-1mod ((p-1)*(q-1)) • Construct public key from pair (n, e) • Construct private key from pair (d, n) istoica@cs.berkeley.edu

  11. RSA Encryption and Decryption • Encryption: • c = memod n • Decryption: • m = cd mod n istoica@cs.berkeley.edu

  12. Example • Choose p = 7 and q = 11  n = p*q = 77 • Compute encryption key e: (p-1)*(q-1) = 6*10 = 60  chose e = 13 (13 and 60 are relatively prime numbers) • Compute decryption key d: d = 13-1 mod 60  13*d mod 60 = 1 mod 60  d = 37 (37*13 = 481) istoica@cs.berkeley.edu

  13. Example (cont’d) • n = 77; e = 13; d = 37 • Send message m = 7 • Encryption: c = me mod n = 713 mod 77 = 35 • Decryption: m = cd mod n = 3537 mod 77 = 7 istoica@cs.berkeley.edu

  14. Discussion • Can provide confidentiality • A receiver A computes n, e, d, and sends out (n, e) • Everyone who wants to send a message to A uses (n, e) to encrypt it • How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A!) • Recall that d = e-1mod ((p-1)*(q-1)) • So to find d, you need to find primes factors p and q • This is provable very difficult istoica@cs.berkeley.edu

  15. Message Digest (MD) 5 • Can provide data integrity • Used to verify the authentication of a message • Idea: compute a hash on the message and send it along with the message • Receiver can apply the same hash function on the message and see whether the result coincides with the received hash istoica@cs.berkeley.edu

  16. MD 5 (cont’d) • Basic property: digest operation very hard to invert • in practice someone cannot alter the message without modifying the digest Plaintext corrupted msg Plaintext NO = digest’ Internet Digest (MD5) Digest (MD5) digest istoica@cs.berkeley.edu

  17. Message Digest Operation • Transformation contains complex operations (see textbook, page 583) Initial digest (constant) Message (padded) 512 bits 512 bits 512 bits Transformation Transformation . . . Transformation Message digest istoica@cs.berkeley.edu

  18. Authentication • Goal: Make sure that the sender an receiver are the ones they claim to be • Two solutions based on secret key cryptography (e.g., DES) • Three-way handshaking • Trusted third party • One solution based on public key cryptography (e.g., RSA) • Public key authentication istoica@cs.berkeley.edu

  19. clientId, E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(SK,SHK) Simple Three-Way Handshaking client server • E(m,k) – encrypt message m with key k • D(m,k) – decrypt m with key k • CHK and SHK – client and server shared secrete keys • SK – session key used for data communication • This reduces the number of messages containing CHK and SHK • Question: how are CHK and SHK communicated in the first place? istoica@cs.berkeley.edu

  20. Trusted Third Party • Trust a third party entity, authentication server • E.g., Kerberos protocol • Scenario: A wants to communicate with B • Assumption: both A and B share secrete keys with S: KA and KB • Notations: • T: timestamp (also serves the purpose of a random number) • L: lifetime of the session • K: session’s key istoica@cs.berkeley.edu

  21. A,B E((T,L,K,B),KA) E((T,L,K,A),KB) E((A,T),KA) E((T,L,K,A),KB) E(T+1,K) Trusted Third Party (cont’d) S A B istoica@cs.berkeley.edu

  22. E(x, PublicB) x Public Key Authentication • Based on public key cryptography • Each side need only to know the other side’s public key • No secrete key need to be shared • A encrypts a random number x and B proves that it knows x • A can authenticate itself to be in the same way A B istoica@cs.berkeley.edu

More Related