Topic 7: Network Security
Post on 03-Jan-2016
14 Views
Preview:
DESCRIPTION
Transcript
Topic 7: Network Security
Lecture 15
Security Mechanisms
a.Encryption – addresses privacy issues
Symmetric key and public key
cryptography
b. Digital Signatures – addresses integrity/
authentication and non-repudiation issues
Lecture’s outline
Security Requirements
Encryption
What is Encryption
Secret Key EncryptionAlso known as symmetric encryption algorithms
Advantage: Relatively quick
Public algorithms (usually) that are each other’s
inverseDisadvantage: Communicating pairs have to share keys
Example of Secret Key EncryptionCaeser’s Cipher
Public Key Encryption
The key to encrypt is different from key that decrypts
9
need K ( ) and K ( ) such thatB. .
given public key K , it should be impossible to compute private key K
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
B+ -
K (K (m)) = m BB
- +
B+
Public Key Encryption Algorithm
B-
10
• x mod n = remainder of x when divide by n• Facts:
[(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n) - (b mod n)] mod n = (a-b) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n
• Thus (a mod n)d mod n = ad mod n• Example: x=14, n=10, d=2:
(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6
Prerequisite: Modular Arithmetic
11
• A message is a bit pattern.• A bit pattern can be uniquely represented by an integer
number. • Thus encrypting a message is equivalent to encrypting a
number.Example• m= 10010001 . This message is uniquely represented by the
decimal number 145. • To encrypt m, we encrypt the corresponding number, which
gives a new number (the cyphertext).
RSA: Getting Ready
12
1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
K B+ K B
-
RSA: Creating private/public key
13
0. Given (n,e) and (n,d) as computed above
1. To encrypt message m (<n), compute
c = m mod ne
2. To decrypt received bit pattern, c, compute
m = c mod nd
m = (m mod n)e mod ndMagichappens!
c
RSA: Encryption, Decryption
14
Bob chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z).
bit pattern m me c = m mod ne
0000l000 12 24832 17
c m = c mod nd
17 481968572106750915091411825223071697 12
cd
encrypt:
decrypt:
Encrypting 8-bit messages.
RSA Example
15
• Must show that cd mod n = m where c = me mod n
• Fact: for any x and y: xy mod n = x(y mod z) mod n– where n= pq and z = (p-1)(q-1)
• Thus, cd mod n = (me mod n)d mod n
= med mod n = m(ed mod z) mod n = m1 mod n = m
Why does RSA work?
16
The following property will be very useful later:
K (K (m)) = m BB
- +K (K (m))
BB+ -
=
use public key first, followed by
private key
use private key first, followed by
public key
Result is the same!
RSA: Another Important Property
17
Follows directly from modular arithmetic:
(me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n
K (K (m)) = m BB
- +K (K (m))
BB+ -
=Why ?
RSA: Another Important Property
18
• Suppose you know Bob’s public key (n, e). How hard is it to determine d?
• Essentially need to find factors of n without knowing the two factors p and q.
• Fact: factoring a big number is hard.
Generating RSA keys Have to find big primes p and q Approach: make good guess then apply testing
rules (see Kaufman)
Why RSA is secure?
Hybrid Asymmetric/Symmetric
Digital Signature
Can’t we simply use checksums/ CRC/ Parity
Checks?
Signing the whole document
Signing the digest
Most common hash functions are MD5 and
SHA-1
A hash function maps a message of an arbitrary length to a m-bit output output known as the fingerprint or the message digest
23
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s private
key K B-
+
Bob sends digitally signed message:Alice verifies signature and integrity
of digitally signed message:
KB(H(m))-
encrypted msg digest
KB(H(m))-
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
Signing the digest
24
• Suppose Alice receives msg m, digital signature KB(m)
• Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.
• If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key.
+
+
-
-
--
+
Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’.
Non-repudiation: Alice can take m, and signature KB(m) to court and prove
that Bob signed m.
-
Digital Signature (more)
Hash Functions 25
• Data X = (X0,X1,X2,…,Xn-1), each Xi is a byte• Suppose hash is – h(X) = X0+X1+X2+…+Xn-1
• Is this secure?• Example: X = (10101010,00001111)• Hash is 10111001• But so is hash of Y = (00001111,10101010)• Easy to find collisions, so not secure…
Non-Crypto Hash (1)
Hash Functions 26
• Data X = (X0,X1,X2,…,Xn-1)
• Suppose hash is– h(X) = nX0+(n-1)X1+(n-2)X2+…+1Xn-1
• Is this hash secure? At least
h(10101010,00001111)h(00001111,10101010)
• But hash of (00000001,00001111) is same as hash of (00000000,00010001)
• Not too secure, need security requirements
Non-Crypto Hash (2)
Fall 2011/Topic 5CS526 27
Given a function h:X Y, then we say that h is:• preimage resistant (one-way): if given y Y it is computationally infeasible to find a value x X such that h(x) = y• 2-nd preimage resistant (weak collision resistant): if given x X it is computationally infeasible to find a value x’ X, such that x’x and h(x’) = h(x)• collision resistant (strong collision resistant): if it is computationally infeasible to find two distinct values x’, x X, such that h(x’) = h(x)
Security requirements for Cryptographic hash function
Fall 2011/Topic 5CS526 28
• MD5 – output 128 bits– collision resistance completely broken by researchers in China in 2004
• SHA1– output 160 bits– no collision found yet, but method exist to find collisions in less than
2^80– considered insecure for collision resistance
• SHA2 (SHA-224, SHA-256, SHA-384, SHA-512)– outputs 224, 256, 384, and 512 bits, respectively– No real security concerns yet
Well known hash functions
Fall 2011/Topic 5CS526 29
• Message is divided into fixed-size blocks and padded• Uses a compression function f, which takes a chaining variable (of size of
hash output) and a message block, and outputs the next chaining variable• Final chaining variable is the hash value
Markle-Damgard construction for hash
functions
??? Questions/
Confusions?
top related