- 57 Views
- Uploaded on
- Presentation posted in: General

Network Security

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Network Security

- Hash Function
- Block Cipher
- Public Key / Private Key

- We used SHA-1 in our project.
- SHA-1 takes no more than 2^64 bits as input and returns a 160-bit output.
- SHA stands for Secure Hash Function.
- Other hash functions include MD5 which returns 128 bits, and the SHA-2 functions.

- Collision resistance.
- Informally, you cannot find two strings with the same hash.

- One-way.
- Informally, given the hash, you cannot reconstruct the original string.

- Here, “cannot “ means computationally infeasible.
- There is no absolute security. If you have all the resources in the world, nothing is secure from you.

- If there are x people in the room, what is the probability that there are at least two people having the same birthday?

- The probability that no same birthday is (365/365)(364/365)(363/365)…((365-x+1)/365)
- From wiki:

- Consider one strategy to break the SHA-1: Try random strings until a collision is found.
- How many strings you think you need until a collision is found?
- Roughly, if you try of 280 times, the probability of getting a collision is >0.5.
- In 2005, Xiaoyun Wang found a flaw in SHA-1 such that it is possible to find a collision in 269 calculations.

- The basic need – given a message in plain text, encrypt it, such that no one can know the content of the message. But the receiver should be able to decrypt it to produce the original message.
- Like simple substitution.

- AES is a Block Cipher, means that it maps a fixed-length (128 bits) input to a fixed-length (128 bits) output.
- Given the same input bits, the Block Cipher always returns the same output bits. So, it is a mapping from the input to the output.
- The decryption algorithm is just the reverse mapping.

- The AES algorithm is known to the world. So if you can use AES to encrypt your data, anyone will be able to use the AES to decrypt your data and you achieved nothing.
- So, you must make your encryption unique, even if you are using a well-known algorithm.
- How?
- By having a key. The encryption result for one key is unique to other keys.

- AES takes 128-bit input and turn it into 128-bit output with the help of a 128 bit key (or 192, or 256). (Skype uses 256 bit key)
- The key is expanded into 11 sub-keys (K0, K1, …, K10.)
- s = M xor K0.
- Then the following is executed 10 rounds.
- s = SBOX(s).
- s = shift_row(s).
- s = mix_col(s) [if not the last round]
- s = s xor Ki.

- Return s.

- The S BOX simply maps the input to an output according to a predetermined mapping.
- The shift_row() does the following. Regard the 16-byte s as a 4 by 4 matrix.

s0 s4 s8 s12

s1 s5 s9 s13

s2 s6 s10 s14

s3 s7 s11 s15

s0 s1 s2 s3

s5 s9 s13 s1

S10 s14 s2 s6

s15 s3 s7 s11

- The mix_col() does the following. ai is 4 bytes.

a0

a1

a2

a3

02 02 01 01

01 02 03 01

01 02 02 03

03 01 01 02

a0

a1

a2

a3

=

- AES can also be used for other purposes.
- For example, you can pick a random key, then use AES to generate random numbers.

- ECB –Electronic Code Book Mode. Break the entire file into blocks, and encode every block individually.
- Problems. The example in the book. You can replace a block if it is good for you.
- If you know the message is <name> followed by <salary>, you can replace your salary with someone else’s salary if you know that he/she makes more than you do, without knowing exactly the content!

- Encryption:
- C0 = E(P0 xor IV).
- C1 = E(P1 xor C0), and so on.
- IV is transmitted in plain text.

- Decryption:
- P0 = IV xor D(C0)
- P1 = C0 xor D(C1), and so on.

- So, same message won’t result in the same code.

- T0 = E(IV).
- T1 = E(T0), and so on.
- C = P xor T.
- Don’t use the same stream twice.

- Ti = E(IV+i).
- Ci = Pi xor Ti.
- The advantage is that you can randomly access any block.
- Used by Skype. Often called ICM (Integer counter mode).
- ECB also supports random access. Does it have the same problem as ECB? No, because the IVs are different.

- Consider Skype, how do you think that two Skype users can share the same AES key?

- Everyone has a public key and private key.
- With B’s public key (pkB) A can encode data that only B can decode with his private key (skB) because other people does not have B’s private key.
- D_skB[E_pkB(W)] = W
- E_pkB[D_skB(W)] = W

- So, A can choose a 128-bit string W as the session key and send E_pkB(W) to B. B runs the decryption algorithm to get D_skB[E_pkB(W)] = W.
- Skype actually asks two ends to both contribute 128 bits to make the 256-bit session key.

- Most common, the RSA algorithm is used to get the public key/private key.
- Choose two large primes, p and q.
- Compute n=pq and z=(p-1)(q-1).
- Choose a large number relatively prime to z and call it d.
- Find e such that ed = 1 mod z. (such e must exist)

- (e,n) is the public key for encoding and (d,n) is the private key for decoding.

- To encrypt a message:
C=Me mod n.

- To decrypt:
M = Cd mod n.

- The rules are satisfied
- D_skB[E_pkB(M)] = M
- E_pkB[D_skB(M)] = M.

- Let p=3, q=11,
- n=33, z=20.
- Choose d=7, because 7 and 20 have no common factors
- For e, it must satisfy 7e = 1 mod 20, which gives us e=3.
- So the public key is (3,33) and the private key is (7,33).

- If M=19,
- C=193 mod 33 = 6859 mod 33 = 28
- 287 mod 33 = 13492928512 mod 33 = 19

- The problem is, given (d,n), can you figure out e?
- You can try to find p and q given n. If you indeed can, then you get z. Given z and d, you get e.
- But it is difficult to factor large numbers.

- Try type ``ssh-keygen –t rsa’’
- The secret key will be saved as ``.ssh\ id_rsa’’ and the public key will be saved as ``.ssh\ id_rsa.pub’’