1 / 75

חישוב ציון תרגילי בית:

חישוב ציון תרגילי בית:. מי שלא יגיש את הפרויקט בזמן ( PA3 ): ממוצע של כל 7 תרגילי הבית מי שיגיש את הפרויקט בזמן ( PA3 ): ממוצע של 6 תרגילי בית: הפרויקט ( PA3 ) חמשת הטובים (מתוך ששת) התרגילים האחרים משקל כל תרגיל (מתוך השישה) יהיה זהה ( 1/6 ) הערה: חייבים להקפיד על הגשה בזמן!.

lacey
Download Presentation

חישוב ציון תרגילי בית:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. חישוב ציון תרגילי בית: מי שלא יגיש את הפרויקט בזמן (PA3): ממוצע של כל 7 תרגילי הבית מי שיגיש את הפרויקט בזמן (PA3): ממוצע של 6 תרגילי בית: הפרויקט (PA3) חמשת הטובים (מתוך ששת) התרגילים האחרים משקל כל תרגיל (מתוך השישה) יהיה זהה (1/6) הערה: חייבים להקפיד על הגשה בזמן!

  2. Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport layer: Internet commerce, SSL, SET network layer: IP security Firewalls Chapter 7: Network security Lecture 13: Network Security

  3. What is network security? Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users Lecture 13: Network Security

  4. src:B dest:A payload Internet security threats Packet sniffing: • broadcast media • promiscuous NIC reads all packets passing by • can read all unencrypted data (e.g. passwords) • e.g.: C sniffs B’s packets C A B Lecture 13: Network Security

  5. src:B dest:A payload Internet security threats IP Spoofing: • can generate “raw” IP packets directly from application, putting any value into IP source address field • receiver can’t tell if source is spoofed • e.g.: C pretends to be B C A B Lecture 13: Network Security

  6. SYN SYN SYN SYN SYN SYN SYN Internet security threats Denial of service (DOS): • flood of maliciously generated packets “swamp” receiver • Distributed DOS (DDOS): multiple coordinated sources swamp receiver • e.g., C and remote host SYN-attack A C A B Lecture 13: Network Security

  7. Cryptography Principles Lecture 13: Network Security

  8. Friends and enemies: Alice, Bob, Trudy • well-known in network security world • Bob, Alice (lovers!) want to communicate “securely” • Trudy (intruder) may intercept, delete, add messages Alice Bob data, control messages channel secure sender secure receiver data data Trudy Lecture 13: Network Security

  9. Who might Bob, Alice be? • … well, real-life Bobs and Alices! • Web browser/server for electronic transactions (e.g., on-line purchases) • on-line banking client/server • DNS servers • routers exchanging routing table updates • other examples? Lecture 13: Network Security

  10. K K A B The language of cryptography Alice’s encryption key Bob’s decryption key symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) encryption algorithm decryption algorithm ciphertext plaintext plaintext Lecture 13: Network Security

  11. Symmetric Key Cryptography Lecture 13: Network Security

  12. Symmetric key cryptography substitution cipher: substituting one thing for another • monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc • Q: How hard to break this simple cipher?: • brute force (how hard?) • other? Lecture 13: Network Security

  13. Perfect cipher [Shannon 1948] • Definition: • Let C = E[M] • Pr[C=c] = Pr[C=c | M] • Example: one time pad • Generate random bits b1 ... bn • E[M1 ... Mn] = (M1 b1 ... Mn  bn ) • Cons: size • Pseudo Random Generator • G(R) = b1 ... bn • Indistinguishable from random (efficiently) Lecture 13: Network Security

  14. Symmetric key crypto: DES DES: Data Encryption Standard • US encryption standard [NIST 1993] • 56-bit symmetric key, 64 bit plaintext input • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months • no known “backdoor” decryption approach • making DES more secure • use three keys sequentially (3-DES) on each datum • use cipher-block chaining Lecture 13: Network Security

  15. DES operation Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation Lecture 13: Network Security

  16. Block Cipher chaining • How do we encode a large message • Would like to guarantee integrity • Encoding: • Ci = E[Mi Ci-1] • Decoding: • Mi = D[Ci]  Ci-1 • Malfunctions: • Loss • Reorder/ integrity Lecture 13: Network Security

  17. Cipher Block Chaining Mode Cipher block chaining. (a) Encryption. (b) Decryption. 7: Network Security 17

  18. Diffie-Hellman key exchange protocol • Goal: Allow strangers establish a shared secret key for later communication • Assume two parties (Alice and Bob) want to establish a secret key. • Alice and Bob agree on two large numbers, n and g • usually, these are publicly known, and have some additional conditions applied (e.g., n must be prime) Lecture 13: Network Security

  19. Diffie-Hellman Key Exchange • Alice picks large x, Bob picks large y (e.g., 512 bits) Lecture 13: Network Security

  20. Man in the middle attack • Eavesdropper can’t determine secret key (gxy mod n) from (gx mod n) or (gy mod n) • However, how does Alice and Bob know if there is a third party adversary in between? Lecture 13: Network Security

  21. Exponentiation • Compute gx mod n Expg,n (x) • Assume x = 2y + b • Let z = Expg,n (y) • R=z2 • If (b=1) R = g R mod n • Return R • Complexity: logarithmic in x Lecture 13: Network Security

  22. Public Key Cryptography Lecture 13: Network Security

  23. Public Key Cryptography symmetric key crypto • requires sender, receiver know shared secret key • Q: how to agree on key in first place (particularly if never “met”)? public key cryptography • radically different approach [Diffie-Hellman76, RSA78] • sender, receiver do not share secret key • encryption key public (known to all) • decryption key private (known only to receiver) Lecture 13: Network Security

  24. + K (m) B - + m = K (K (m)) B B Public key cryptography + Bob’s public key K B - Bob’s private key K B encryption algorithm decryption algorithm plaintext message plaintext message, m ciphertext Lecture 13: Network Security

  25. d (e (m)) = m B B 1 2 need public and private keys for d ( ) and e ( ) . . B B Public key encryption algorithms Two inter-related requirements: need d ( ) and e ( ) such that . . B B RSA: Rivest, Shamir, Adelson algorithm Lecture 13: Network Security

  26. + - K K B B RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5.Public key is (n,e).Private key is (n,d). Lecture 13: Network Security

  27. 1. To encrypt bit pattern, m, compute d e c = m mod n m = c mod n e (i.e., remainder when m is divided by n) Magic happens! d e m = (m mod n) mod n RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 2. To decrypt received bit pattern, c, compute d (i.e., remainder when c is divided by n) Lecture 13: Network Security

  28. d e m = c mod n c = m mod n d c RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223072000 Lecture 13: Network Security

  29. d e m = (m mod n) mod n RSA: Why • Number theory result: • IF pq = n, p and q primes then: • x y mod n = x (y mod (p-1)(q-1) ) mod n • (m e)d mod n = m (ed mod (p-1)(q-1)) mod n • But ed – 1 divisible by (p-1)(q-1) i.e., ed mod (p-1)(q-1) = 1 • = m 1 mod n = m Lecture 13: Network Security

  30. modified Diffie-Hellman Key Exchange • Encrypt 1 with Bob’s public key, 2 with Alice’s public key • Prevents man-in-the-middle attack • Actually, nonces and a third message are needed to fully complete this exchange (in a few slides) Lecture 13: Network Security

  31. Authentication Lecture 13: Network Security

  32. Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0:Alice says “I am Alice” “I am Alice” Failure scenario?? Lecture 13: Network Security

  33. Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0:Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice “I am Alice” Lecture 13: Network Security

  34. Alice’s IP address “I am Alice” Authentication: another try Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Failure scenario?? Lecture 13: Network Security

  35. Alice’s IP address “I am Alice” Authentication: another try Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address Lecture 13: Network Security

  36. Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario?? Lecture 13: Network Security

  37. Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s password Alice’s IP addr “I’m Alice” playback attack: Trudy records Alice’s packet and later plays it back to Bob Lecture 13: Network Security

  38. encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: yet another try Protocol ap3.1:Alice says “I am Alice” and sends her encryptedsecret password to “prove” it. Failure scenario?? Lecture 13: Network Security

  39. encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK Authentication: another try Protocol ap3.1:Alice says “I am Alice” and sends her encrypted secret password to “prove” it. encrypted password Alice’s IP addr “I’m Alice” record and playback still works! Lecture 13: Network Security

  40. K (R) A-B Authentication: yet another try Goal:avoid playback attack Nonce:number (R) used only once –in-a-lifetime ap4.0:to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Failures, drawbacks? Lecture 13: Network Security

  41. - K (R) A + + K K A A - - + (K (R)) = R K (K (R)) = R A A A Authentication: ap5.0 ap4.0 requires shared symmetric key • can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” Bob computes R and knows only Alice could have the private key, that encrypted R such that “send me your public key” Lecture 13: Network Security

  42. - - K (R) K (R) A T + + K K A T - - + + m = K (K (m)) m = K (K (m)) + + A T A T K (m) K (m) A T ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice I am Alice R R Send me your public key Send me your public key Trudy gets sends m to Alice encrypted with Alice’s public key Lecture 13: Network Security

  43. ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) • Difficult to detect: • Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) • problem is that Trudy receives all messages as well! Lecture 13: Network Security

  44. Message Integrity (Signatures etc) Lecture 13: Network Security

  45. Cryptographic technique analogous to hand-written signatures. Sender (Bob) digitally signs document, establishing he is document owner/creator. Verifiable, nonforgeable: recipient (Alice) can verify that Bob, and no one else, signed document. Assumption: eB(dB(m)) = dB(eB(m)) RSA Simple digital signature for message m: Bob decrypts m with his private key dB, creating signed message, dB(m). Bob sends m and dB(m) to Alice. Digital Signatures Lecture 13: Network Security

  46. Suppose Alice receives msg m, and digital signature dB(m) Alice verifies m signed by Bob by applying Bob’s public key eB to dB(m) then checks eB(dB(m) ) = m. If eB(dB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature dB(m) to court and prove that Bob signed m. Digital Signatures (more) Lecture 13: Network Security

  47. Computationally expensive to public-key-encrypt long messages Goal: fixed-length,easy to compute digital signature, “fingerprint” apply hash function H to m, get fixed size message digest, H(m). Hash function properties: Many-to-1 Produces fixed-size msg digest (fingerprint) Given message digest x, computationally infeasible to find m such that x = H(m) computationally infeasible to find any two messages m and m’ such that H(m) = H(m’). Message Digests Lecture 13: Network Security

  48. Internet checksum would make a poor message digest. Too easy to find two messages with same checksum. MD5 hash function widely used. Computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. SHA-1 is also used. US standard 160-bit message digest Hash Function Algorithms Lecture 13: Network Security

  49. Digital signature = signed message digest H: Hash function H: Hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ? Lecture 13: Network Security

  50. Key Distribution Centers Lecture 13: Network Security

More Related