- 90 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'Security and Cryptography' - cordell

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Presentation Transcript

Security and Cryptography

- Security: all issues which make secure communication (information transmission, two (multiple) party interaction) over insecure channels.
- Cryptography: the science and art of manipulating messages to make them secure.
- Classical cryptographic techniques.
- Along with the development of communication networks and their broad applications, network security is becoming a more serious problem.
- Thus, call for modern cryptography.

Server

Client

client

Man-in-middle

Client

Server

replay

Server

Client

modify

Server

Client

Attacker

Server

Network threats and attacksEavesdropping

Passive:

Traffic analysis

Masquerading

Replay

Active:

Modification

Denial of service

Security requirements for transmitting information

- Privacy or confidentiality: the information should be readable only by the intended receiver. i.e., protect the information from eavesdropping.
- Integrity: the receiver can confirm that a message has not been altered during transmission, i.e., protect the information from tampering.
- Authentication: any party (sender or receiver) can verify that the other party is who he or she claims to be, i.e., validate the identity of the other party.
- Nonrepudiation: the sender can not deny having sent a given message. i.e., if a transaction (e.g., a purchase) has occurred between two parties, the nonrepudiation service can prove that for any party, he/she really performed the transaction him/herself, not by any other person.

Approaches to implementing security

By encryption (and decryption)

Confidentiality:

Sender: encrypts the message using a key and sends the encrypted message.

Receiver: decrypts the encrypted message using the same key as the

sender’s key or a key derivable from the sender’s key.

Integrity:

By checksum or hash value/message digest.

Sender: computes checksum/hash value/message digest from the message

and sends the message along with the checksum/hash value/message digest.

Receiver: re-computes checksum/hash value/message digest from received message

and compares with the transmitted checksum/hash value/message digest.

Both are transmitted

message

checksum

In some sense, it likes error-detection.

Problem: the attacker, after intercepting the message, modifies the message,

computes the checksum for modified message, and resends them.

Solution: keyed checksum/hash value/message digest.

Message + checksum

are transmitted

key

message

checksum

Approaches to implementing security (cont.)

Authentication:

Traditional user ID and password.

Modern cryptography based authentication.

--Digital signature.

Undeniable signature, i.e.,

Nonrepudiation:

Digital signature + verification protocol + disavowal protocol

Security requirements and their implementation

encryption (and decryption)

Confidentiality:

Integrity:

checksum or hash value/message digestorMAC.

Authentication:

user ID and password or Digital signature.

Nonrepudiation:

Undeniable signature

Availability:

Intrusion detection and defense

Authorization:

Access control

Accountability:

Log, record, trace, system administration

Q: how to defense Replay attack?

Timestamps and/or sequence numbers.

Classification of cryptosystems

- Secret key systems vs. public key systems
- Classical vs. modern
- Classical: secret key systems
- Shift, Affine, Vigenere, Hill, Permutation (transposition) cipher, Stream cipher
- Modern:
- Secret key systems
- DES, AES, PGM
- Public key systems
- RSA, ElGamal, Elliptic Curve

Shift cipher--example

- Suppose a plaintext word: cryptography
- Change each letter by shifting the letter three position rightward
- The cipherword is: FUBSWRJUDSKB

Question: if given the above cipherword, how to get original word?

Change each letter by shifting the letter three position leftward.

This kind of cryptosystem is called “Caesar Cipher”

Secret cryptosystem--DES

- Data Encryption Standard (DES)
- First version in 1975, developed by IBM.
- A type of iterated cipher.
- Plaintext block: 64 bits, key: 56 bits, ciphertext block:64 bits.
- Steps:
- Initial permutation (IP)
- 16 rounds of transformations
- Inverse permutation (IP-1)

Key management and exchange

- Key is the essential part in any cryptosystem, especially in secret key systems.
- How to distribute/exchange key/keys between two users/any pair of multiple users.
- Therefore key management and key exchange come into play.
- Also public key systems appeared.

Why public-key cryptography

- The two communicants in secret key system require the
- prior communication of key, using a secure channel.
- it is very difficult to achieve in practice. Unless the two
- communicants meet together, phone call, post mail, email
- etc., are not secure.

- Suppose there are n users and every pair of users want to
- communicate. In secret-key system, it is necessary that
- the total number of keys is n(n-1)/2. Very difficult to
- management and quite insecure.
- However, in public-key system, every user selects his/her
- own private key and public key, and publicizes the public
- key but keep the private key secret. Quite easy and very secure.

The main problem with public-key system is that it is very slow.

Public-key cryptosystem

- Secret-key cryptosystem:
- eK & dK: dK is the same as or derived from eK.
- Called symmetric-key cryptosystem.
- Problem: how to distribute eK & dK to Alice & Bob securely.
- Public-key cryptosystem:
- Computationally infeasible to compute dK from eK.
- Called asymmetric-key cryptosystem.
- eK is made public, called public key
- But dK is kept secret, called private key.

Public-key system: how it works

- Everybody selects its own public keyP and private key S, and publicizes P.
- Therefore Alice has (Pa , Sa), and Bob has (Pb , Sb).
- Everybody knows Pa, Pb, …
- Suppose Alice wants to send a message to Bob.
- Alice encrypts the message with Bob’s public keyPb and sends out.
- (only) Bob can decrypt the message using his private keySb. Nobody else can.

RSA cryptosystem

- Suppose n=pq, where p and q are big primes.
- Select (find) a and b, such that ab=1 mod (n).
- K=(n,p,q,a,b), publicize n,b, but keep p,q,a secret.
- For any x,yZn , define
- eK(x)= xb mod n
- dK(y)= ya mod n
- Of course, from n,b, it is very difficult to get a (as well as p,q,(n)).

Two party key management

- By public key cryptosystems:
- Alice selects a random value k as a key
- Alice encrypts the key k with Bob’s public key and sends to Bob
- Bob decrypts the key using his private key
- Alice and Bob encrypt/decrypt messages using secret key systems such as DES with the key k.
- This is a typical combination of secret and public key systems.
- By Diffie-Hellman key agreement
- Based on Discrete Logarithm Problem

DLP (Discrete Logarithm Problem)

- Suppose p is an odd prime.
- Zp={0,1,…,p-1} is a finite field.
- Zp* : the set of integers which are relatively prime to p.
- {a Zp| gcd(a, p)=1}={1,…,p-1}
- it is a cyclic multiplicative group.
- g is a generator of Zp* ,
- i.e. , Zp* ={g0 mod p, g1mod p, …, gp-2mod p}.
- DLP problem
- Given any a, compute b=g a(mod p) is easy.
- given any b, find an asuch that b = g a (mod p) is difficult.
- Denoted as a = log g b. Omit: mod p for simplicity.

(Two-party) Diffie-Hellman (DH) key exchange

Suppose p and g are publicly known:

g a mod p)

(bg b mod p)

(a

g a

Bob

Alice

g b

K=(ga) b=g ab

K=(gb) a=g ab

Anyone else can compute g a g b = g a+b but notg ab

cryptology

- Cryptology = cryptography + cryptanalysis.
- Cryptography: devise cryptosystems.
- Cryptanalysis: break cryptosystems.

Kerckhoff principle and attack levels

- Kerckhoff principle: the cryptosystem is publicly known, but only the key is secret. Breaking a cryptosystem (i.e., cryptanalysis) means figuring out the key currently used.
- Attack levels:
- Ciphertext-only: the attacker possesses a string of ciphertext, y.
- Known plaintext: the attacker possesses a string of plaintext, x, and the corresponding ciphertext, y.
- Chosen plaintext: the attacker has obtained temporary access to the encryption machinery. Hence, he can choose a plaintext string, x, and construct the corresponding ciphertext string, y.
- Chosenciphertext: the attacker has obtained temporary access to the decryption machinery. Hence, he can choose a ciphertext string, y, and construct the corresponding plaintext string, x.

Internet security protocols

- The Internet has implemented a suite of security protocols combining secret-key, public-key, digital signature, message digest, etc.
- IPSec (IP security): i.e., IP layer / network layer
- SSL (Secure Socket Layer) & TLS (Transport Layer Security): transport layer
- SSH (Secure Shell), SFTP, HTTPS, PGP (Pretty Good Privacy): application layer

IPSec key agreement

Crypto suites I support

Crypto suite I choose

ga mod p

Entity A

Entity B

gb mod p

gab mod p{“Alice”, proof I am Alice}

gab mod p{“Bob”, proof I am Bob}

SSL position

Copied from http://developer.netscape.com/docs/manuals/security/sslin/

SSL functionality

- Server authentication (by public certificate)
- Client authentication (Optional)
- Data encryption (by secret key system)
- Integrity protection by (MAC)

SSL handshake

I want to talk, ciphers I support, RC

Certificate (PS), cipher I choose, RS

Client

Server

{S}PS, {keyed hash of handshake MSG}

compute

compute

K=f(S,RC,RS)

{keyed hash of handshake MSG}

K=f(S,RC,RS)

Data protected by keys derived from K

There are total six keys, three keys (encryption key, IV, integrity key) in each direction.

Download Presentation

Connecting to Server..