1 / 65

CENG 410: Computer and Network Security

CENG 410: Computer and Network Security. Fall 2010-2011. Lecture X and X+1. SSL and Network Security. Cryptography… cont’d. Symmetric Key cryptography - Disadvantages. Sender and receiver have to select a key together in secret. They have to: Keep it secret

tatum
Download Presentation

CENG 410: Computer and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CENG 410: Computer and Network Security Fall 2010-2011 Lecture X and X+1 SSL and Network Security

  2. Cryptography… cont’d

  3. Symmetric Key cryptography - Disadvantages • Sender and receiver have to select a key together in secret. They have to: • Keep it secret • Keep it available for use when needed • Exchange it… as clear test • If key to be changed, they need to select a new key together. • Every pair of people communicating over a network needs their own secret key

  4. Public Key cryptography • In public key cryptography, we have two keys • one key encrypts • the other key decrypts • It is not feasible to calculate one key given only the other • we can publish the encryption key (public key) and keep the decryption key (private key) secret • Anyone can use the public key to send a message • Only the holder of the secret key can recover it Developed in 1975 by (Merkle, Diffie, Hellman, Rivest, Shamir, Adelman)* * http://www.livinginternet.com/i/is_crypt_pkc_inv.htm

  5. Public Key cryptography • Encryption keys are • Public key • Private key • Rules: • What is encrypted with the public key can only be decrypted with the private key. • What is encrypted with the private key can only be decrypted with the public key.

  6. Using public key Two terms to learn • Confidentiality • A, willing to communicate confidentially with B, can encrypt a message using B’s publicly available key. Such a communication would only be decrypted by B as only B have access to the corresponding private key. Comments • Only B can have access to the information. Only B holds the private key. • A man in the middle can capture the encrypted message, but cannot, in a reasonable amount of time, know its contents

  7. Confidentiality • B cannot guarantee that the sender is A. • A man in the middle can encrypt a message using • B public key • and send it to B

  8. Using public key • Authentication • A, willing to send an authenticated message to B, can encrypt the message with A’s own private key. Since this message would only be decrypted with A’s public key, that would establish the authenticity of the message —meaning that A was indeed the source of the message. Comments • Message encrypted with the Public Key, can only be decrypted with the private key. • A cannot guarantee that no one but B will see the message. A man in the middle can intercept the message and read its contents. However, he cannot send a message pretending he is A. • B can guarantee that A is the sender

  9. Authentication • A cannot protect its information • A man in the Middle can intercept the message and decrypt with A’s public key Digital signature

  10. Achieving both confidentiality and authentication • A man in the middle that captures a copy of the message cannot Decrypt (does not have PRB) • A man in the middle cannot fake such a message (does not have PRB) • A man in the middle can, however, replay the message C1 = E(PRA , M) C=E(PUB, E(PRA , M)) Retrieve C1 Retrieve M

  11. Key Generation Notions and revision • Two integers m and n are coprimes if and only if gcd(m, n) = 1 • 5 and 9 are co-primes also called relatively prime • 5 and 5 are not • 1 is coprime to every integer • For a given positive integer n, (n) (totient of n – Euler function) is the number of positive integers less than or equal to n that are coprime to n • (9) = 6 (1, 9) (2, 9) (4, 9) (5, 9) (7, 9) (8, 9) • (P) = P-1 if P is prime (obvious – we exclude P) • If (x) = y ab mod x = ab mod y mod x • This formula eases calculation in determining ab since ab >>> then ab mod y

  12. Key Generation • Multiplicative inverse • The multiplicative inverse of 9, modulo 31, is 7 Verification: 9 * 7 = 63 1 (mod 31) • How to find multiplicative inverse The multiplicative inverse of a modulo b is x solution to ax + by = 1 • Euclid extended algorithm to find xi and yi such that ai = axi + byi a0= a = 9 = a*1 + 31*0 a1= b = 31 = a*0 + 31*1 9/31 = 0 a0 a1 a2= a0 mod a1 = 9 = (a*1 + 31*0) – 0(a*0 + 31*1) = a*1 + 31*0 a1 a2 a3= a1 mod a2 = 4 = (a*0 + 31*1) – 3(a*1 + 31*0) = a*(-3) + 31*1 a2 a3 a4= a2 mod a3 = 1 = (a*1 + 31*0) – 2(a*(-3) + 31*1) = a*7 + 31*(-2)

  13. Finding Multiplicative Inverse a0 = e , x0 = 1, y0= 0, a1 = (n) , x1= 0, y1= 1, i=2; While (ai-2mod ai-1!=1) K=Floor(ai-2/ai-1) ai= ai-2mod ai-1 xi= xi-2 - K*xi-1 yi= yi-2 - K* yi-1 i=i+1 end K=Floor(ai-2/ai-1) xi = xi-2 - K* xi-1 d = xi • A: the number I want to find the multiplicative inverse of • M = The modulo set • i : iteration variable • MI: Multiplicative inverse • ai = axi + byi

  14. Example: Finding Multiplicative Inverse a0 = e , x0 = 1, y0= 0, a1 = (n) , x1= 0, y1= 1, i=2; While (ai-2mod ai-1!=1) K=Floor(ai-2/ai-1) ai= ai-2mod ai-1 xi= xi-2 - K*xi-1 yi= yi-2 - K* yi-1 i=i+1 end K=Floor(ai-2/ai-1) xi = xi-2 - K* xi-1 d = xi • Find again MI of 9 mod 31 • Initialization a0 = 9 , x0 = 1, y0 = 0, a1 = 31, x1 = 0, y1 = 1, i=2; • Test condition (9 mod 31 !=1 ), enter loop • K = floor(9/31) = 0 • a2 = 9 mod 31 = 9 • x2 = 1 – 0*0 = 1 • y2 = 0 – 0*1 = 0 • i= 3 • 31 mod 9 = 4!=0 • K = floor (31/9) = 3 • a3 = 31 mod 9 =4 • x3 = 0 – 3*1 = -3 • y3 = 1 – 3*0 = 1 • i=4 • 9 mod 4 =1  STOP • K = floor(9/4) = 2 • x4 = 1 – 2 *(-3) = 7 • MI = 7 // this is the Multiplicative inverse

  15. Key Generation The procedure for key generation is as follow: • Generate two different primes p and q • Calculate n = p*q • Calculate the totient (n) = (p-1)(q-1) • Select integer e 1 < e < (n), gcd ((n), e) = 1 • Calculate d the multiplicative inverse of e mod (n) Public Key = [e, n] Private key = [d, n] (n) is hard to compute since we need to count all numbers that are relatively prime to n that are less than n. To determine if a number is relatively prime or not is very hard and computationally intensive. Thus mod (n) is unknown and d is still unknown The challenge here is to determine p and q. Although we have n it is VERY hard to determine p and q and thus we cannot determine (n) easily

  16. Example • PU = 7, 187  e = 7, n =187 • PR = 23, 187  d = 23, n =187 • Given plain text = 88 •  Ciphertext •  Plaintext

  17. Key Generation utilities - LINUX Many utilities are available under Linux (Ubuntu) for ciphering • We will use: rsa: this is a key processing tool rsautl: rsa utility genrsa: generate and RSA private key • Reading the help is always helpful! • All these commands are used with openssl”a command line tool”. We will demo the encryption / decryption with RSA. Advanced testing will be given as homework.

  18. Real keys – GENRSA • First we will generate a private key opensslgenrsa –out rsa.private Destination file

  19. Real keys – RSA • Second we will find the public key corresponding to the private key opensslrsa –in rsa.private –pubout –out rsa.public Input file – Private key Output file – Public key

  20. RSA – RSAUTL – Encryption • Third: Now that we have the two keys. Let’s encrypt a message • Encrypt with private key • Decrypt with public key We have a file named message containing the phrase Hello this is RSA testing for LIU Students The output of the encrypted message will be sent to the file me Opensslrsautl –in message –out me –inkeyrsa.public –pubin -encrypt Output Input message The used key is public. By default it is private Encryption Used key

  21. RSA – RSAUTL – Decryption • Fourth: Now we will decrypt the message to retrieve the original one We have a file named me containing the encrypted message The output of the decrypted message will be sent to the file md Opensslrsautl –in me –out md –inkeyrsa.private -decypt Input message Used key Decryption Output

  22. 1024-bit RSA Key File Base64 Encoded(Private) -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDHikastc8+I81zCg/qWW8dMr8mqvXQ3qbPAmu0RjxoZVI47tvs kYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vckNaW2R6U5QTdQ5Rq5u+uV3pMk 7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffBBy0IGO0zc128IshYcwIDAQAB AoGBALTNl2JxTvq4SDW/3VH0fZkQXWH1MM10oeMbB2qO5beWb11FGaOO77nGKfWc bYgfp5Ogrql4yhBvLAXnxH8bcqqwORtFhlyV68U1y4R+8WxDNh0aevxH8hRS/1X5 031DJm1JlU0E+vStiktN0tC3ebH5hE+1OxbIHSZ+WOWLYX7JAkEA5uigRgKp8ScG auUijvdOLZIhHWq7y5Wz+nOHUuDw8P7wOTKU34QJAoWEe771p9Pf/GTA/kr0BQnP QvWUDxGzJwJBAN05C6krwPeryFKrKtjOGJIniIoY72wRnoNcdEEs3HDRhf48YWFo riRbZylzzzNFy/gmzT6XJQTfktGqq+FZD9UCQGIJaGrxHJgfmpDuAhMzGsUsYtTr iRox0D1Iqa7dhE693t5aBG010OF6MLqdZA1CXrn5SRtuVVaCSLZEL/2J5UcCQQDA d3MXucNnN4NPuS/L9HMYJWD7lPoosaORcgyK77bSSNgk+u9WSjbH1uYIAIPSffUZ bti+jc1dUg5wb+aeZlgJAkEAurrpmpqj5vg087ZngKfFGR5rozDiTsK5DceTV97K a3Y+Nzl+XWTxDBWk4YPh2ZlKv402hZEfWBYxUDn5ZkH/bw== -----END RSA PRIVATE KEY-----

  23. 1024-bit RSA Key File Hex (Private)

  24. Component of the Key File (Private) • ASN.1 Header: Standard Header for encoding • Algorithm Version • Modulus (n) • Public Exponent (e) • Private Exponent (d) • Prime1 (p) • Prime2 (q) Chinese Remainder Theorem (CRT) Representation • exponent 1 • exponent 2 • coefficient

  25. Details

  26. Details

  27. Details

  28. Details For alignment purposes no 00 at the beginning

  29. Details

  30. 1024-bit RSA Key(Public) -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHikastc8+I81zCg/qWW8dMr8m qvXQ3qbPAmu0RjxoZVI47tvskYlFAXOf0sPrhO2nUuooJngnHV0639iTTEYG1vck NaW2R6U5QTdQ5Rq5u+uV3pMk7w7Vs4n3urQ6jnqt2rTXbC1DNa/PFeAZatbf7ffB By0IGO0zc128IshYcwIDAQAB -----END PUBLIC KEY----- • Header • Modulus (n) • Public Exponent (e) We are interested in extracting these two values ( n and e)

  31. Details

  32. Commands • Generate private key 1024-bit (n is 1024 bits) > opensslgenrsa -out private.key 1024 • This command gives the details of the key in Linux > opensslrsa -text -in private.key • Generate corresponding public key > opensslrsa -in key.private -pubout -out key.public

  33. RSA in Networking

  34. Usage of RSA in Networking • Now that we know about: • Key generation • Encryption and decryption • Authentication and confidentiality • Let’s see how they are used in Networking • First we will present the security in the TCP/IP layering system • We will understand the concept • We will practice

  35. Internet Security Protocol • TCP/IP suite protocols introduces some protocols for security. • Those security protocols are at different layers • S/MIME (Secure/Multipurpose Internet Mail Extension) • PGP (Pretty Good Privacy) • Secure Sockets Layer (SSL)Transport Layer Security (TLS) IP Security

  36. SSL – Secured Socket Layer • SSL was developed originally by Netscape in 1995 to provide secure and authenticated connections between browsers and servers. • SSL provides transport layer security. • SSL sits immediately above TCP in the protocol stack • Standardized in 1999 (RFC2246) and called TLS (Transport Layer Security)* * https://datatracker.ietf.org/doc/rfc2246/

  37. SSL Protocols • SSL is composed of four protocols in two layers • SSL was designed to provide anencrypted end-to-end data pathbetween a client and a server • Objectives are security and authentication achieved by: • Data encryption: to protect datain transport • Server and client authentication • Message integrity: so data cannotbe tempered with

  38. SSL Record protocol MAC: • Message Authentication Code (secret Key) • Pass the key over the message to get a value and append it at the end of the message • Used to offer message integrity

  39. SSL Alert protocol • specific alert • fatal: unexpected message, bad record MAC, decompression failure, handshake failure, illegal parameter • warning: no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown

  40. The SSL Handshake • A process similar to TCP three-way handshake • Allows server & client to: • Authenticate each other • To negotiate encryption & MAC algorithms • To negotiate cryptographic keys to be used • Comprises a series of messages in phases • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish

  41. SSL Handshake Change_ciphrer_spec : is used to change the ciphering mode or algorithm

  42. IPSec IPSec is a suite of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF) and designed to address the inherent lack of security for IP-based networks. IPSec provide the following services at the network layer: • Access control : to prevent an unauthorized access to the resource. • Connectionless integrity: to give an assurance that the traffic received has not been modified in any way. • Confidentiality: to ensure that Internet traffic is not examined by non authorized parties. All IP datagrams to have their data field encrypted. • Authentication – particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses. • Replay protection – to guarantee that each packet exchanged between two parties is different.

  43. IPSec IPSec protocol achieves its objectives by dividing the protocol suite into two main protocols: • Authentication Header (AH) protocol • The Encapsulation Security Payload (ESP) protocol • Any datagram from a source must be secured with either AH or ESP.

  44. Authentication Header AH AH protocol provides source authentication and data integrity but notconfidentiality. • The source datagram includes an AH inserted between the original IP datagram data and the IP header to shield the data field which is now encapsulated as a standard IP datagram. • When a message is routed through the network, the IP header is used ( i.e. IP address is checked on each router) • Thus the IP address can be encrypted otherwise we cannot route the message properly. Thus to achieve authentication, we encrypt the IP header and store it in the AH. • When the Receiver gets the message he decrypts the message and extracts the IP header and compare it with the one in the actual header • If it is the same, then we can assert that the message is Authentic • If not then we know that a Man in the middle have manipulated the header Actually not encrypted NOTE: parties must share a secret key

  45. Encapsulating Security Payload (ESP) ESP protocol provides source authentication, data integrity, and confidentiality. This has made ESP the most commonly used IPSec header. • Datagrams are secured by ESP by surrounding their original IP datagrams with a new header and trailer fields all encapsulated into a new IP datagram. • Confidentiality is provided by DES_CBC encryption. Next to the ESP trailer field on the datagram is the ESP Authentication Data field. So what is DES-CBC  see next slide

  46. DES-CBC

  47. DES –CBC (Cipher block Chaining) • The input to the encryption algorithm is the previous ciphertext XORed with the current plaintext with the same key • In effect we chained together the processing of the sequence of plaintext blocks • The first block is XORed with IV (initialization Vector) known by sender and receiver • CBC is appropriate for mode of encryption greater than b bits • The Encryption and Decryption is done using DES (Data Encryption Standard)

  48. IPSec in action AH sent Routing Is done based on header The router take out the AH, Decrypt it, and compare with IP Header. Router deliver the IP packet to Client without AH

  49. HTTPS • HTTPS : Hypertext Transfer Protocol over Secure Socket Layer • HTTPS uses SSL • HTTPS is a used to encrypt and decrypt user page requests as well as the pages that are returned by the Web server. • HTTP listen on port 80 • HTTPS listen on port 443

  50. HTTPS • Why don’t we use HTTPS for all web traffic? • Because HTTPS: • Slow down web servers • Cannot cache HTTPS traffic • Generating more traffic from / to the web servers • ISPs not happy • Cannot filter traffic at firewalls

More Related