143.471 Digital Communications 23/05/2007 Network Security Cryptography, Hash Functions & Digital Signatures - 1 143.471 Digital Communication Networks 143.471 Digital Communication Networks Network Security Network Security – 1, 2 and 3 1, 2 and 3 Professor Richard Harris Institute of Information Sciences and Technology 1 – Physical 2 – Data Link 3 – Network 4 – Transport 5 – Session 6 – Presentation 7 – Application Network Security Network Security - 1/ 1/2 143.471 Digital Communication Networks 143.471 Digital Communication Networks Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication in secure transactions Cryptography introduction Cryptography Protocols Cryptography as a basis for Identification and Authentication The Digital Signature A Secure and Authenticated Communication over an Open Network Network Security Network Security - 1/ 1/3 143.471 Digital Communication Networks 143.471 Digital Communication Networks Additional References [1] Kaufman, Perlman and Speciner, “Network Security”, 2 nd Edition, Prentice Hall, 2002. [2] Stallings,“Networking Standards: A Guide to OSI, ISDN LAN, and MAN Standards”, (Addison-Wesley), 1993 [3] Stallings,“Networking and InterNetwork Security”, (Prentice Hall), 1995, ISBN 0-13-180050-7 [4] FIPS 186, Digital Signature Standard (DSS). [5] FIPS 180, Secure Hash Standard (SHS). [6] ANSI X9.17-1990, American National Standard for Financial Institution Key Management
34
Embed
7 – Application 6 – Presentation 4 – Transport Network ... · 143.471 Digital Communications 23/05/2007 Network Security Cryptography, Hash Functions & Digital Signatures -
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 1
143.471 Digital Communication Networks143.471 Digital Communication Networks
Network SecurityNetwork Security –– 1, 2 and 31, 2 and 3
Professor Richard Harris
Institute of Information Sciences andTechnology
1 – Physical
2 – Data Link
3 – Network
4 – Transport
5 – Session
6 – Presentation
7 – Application
Network SecurityNetwork Security -- 1/1/22
143.471 Digital Communication Networks143.471 Digital Communication Networks
Presentation Outline
Overview of Identification and Authentication
The importance of identification and Authentication insecure transactions
Cryptography introduction
Cryptography Protocols
Cryptography as a basis for Identification andAuthentication
The Digital Signature
A Secure and Authenticated Communication over anOpen Network
Network SecurityNetwork Security -- 1/1/33
143.471 Digital Communication Networks143.471 Digital Communication Networks
Additional References
[1] Kaufman, Perlman and Speciner, “Network Security”, 2nd
Edition, Prentice Hall, 2002.
[2] Stallings,“Networking Standards: A Guide to OSI, ISDNLAN, and MAN Standards”, (Addison-Wesley), 1993
[3] Stallings,“Networking and InterNetwork Security”,(Prentice Hall), 1995, ISBN 0-13-180050-7
[4] FIPS 186, Digital Signature Standard (DSS).
[5] FIPS 180, Secure Hash Standard (SHS).
[6] ANSI X9.17-1990, American National Standard forFinancial Institution Key Management
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 2
Network SecurityNetwork Security -- 1/1/44
143.471 Digital Communication Networks143.471 Digital Communication Networks
Need for Security
Network SecurityNetwork Security -- 1/1/55
143.471 Digital Communication Networks143.471 Digital Communication Networks
Problems for network security
Secrecy: keeping information out of the hands ofunauthorized users.
Authentication: determining whom you are talking tobefore revealing sensitive information or entering abusiness deal.
Non-repudiation: dealing with signature, how do youprove that your customer really placed an electronicorder.
Integrity control: how can you be sure that a messageyou received was really the one sent and not somethingthat a malicious adversary modified in transit orconcocted?
Network SecurityNetwork Security -- 1/1/66
143.471 Digital Communication Networks143.471 Digital Communication Networks
Where in the protocol network doessecurity belong?
Every layer has something to contributePhysical layer, wiretapping can be foiled by enclosingtransmission lines in sealed tubes containing gas at highpressure. Any attempt to drill into a tube will release some gas,reducing the pressure and triggering an alarm.
Data link layer, packets can be encrypted as they leave onemachine and decrypted as they enter another, vulnerable toattacks from within the router. However, link Encryption can beadded to any network easily and often is useful.
In the network layer, firewalls can be installed to keep goodpackets and bad packets out.
In the transport layer, entire connections can be encrypted, endto end, process to process.
Issues such as user authentication and non-repudiation can beonly handled in the application layer.
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 3
Network SecurityNetwork Security -- 1/1/77
143.471 Digital Communication Networks143.471 Digital Communication Networks
OSI Security Mechanisms (Controls)
Encipherment
The use of algorithms to transform data into a form that is notreadily intelligible. The transformation and subsequent recoveryof the data depend on an algorithm and one or more encryptionkeys
Authentication exchange
A mechanism intended to ensure the identity of an entity bymeans of information exchange
Digital Signature
Data appended to, or a cryptographic transformation of a dataunit that allows the recipient to prove the source and integrity ofthe data unit and protects against forgery (e.g. by the recipient)
Access control
A variety of mechanisms that enforce access rights to resources
Network SecurityNetwork Security -- 1/1/88
143.471 Digital Communication Networks143.471 Digital Communication Networks
Identification and Authentication(Overview)
One of the first steps towards securing the resources of asystem is the development of the ability to verify the identity ofits users…. Since all users communicate via messages thiscomes down to verifying that messages come from the allegedsource and have not been altered
The process of verifying a user’s identity is typically referred toas user identification and authentication
Identification and Authentication are distinct steps
Network SecurityNetwork Security -- 1/1/99
143.471 Digital Communication Networks143.471 Digital Communication Networks
Identification and Authentication(Overview)
Identification concerns the manner in which a user provideshis/her unique identity to a system
The identity:
May be (for example), a name or a number (account number)
Must be unique so that the system can distinguish betweendifferent users, or between different classes ofusers…(remember the Control Selection Criteria of “need toknow”)
May describe one individual, more than one individual….someor all of the time
Example
“System Security Officer” is a class identity
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 4
Network SecurityNetwork Security -- 1/1/1010
143.471 Digital Communication Networks143.471 Digital Communication Networks
Identification and Authentication(Overview)
Authentication is the process of associating an individual withhis/her unique identity… or that of associating a message with asending entity
An important distinction between Identification andAuthentication:
Identities can be public (but aren’t always)
Authentication information (but not necessarily themethodology) is kept secret and becomes the means by whicha person proves that they are who they say they are
There are three basic means by which an individual mayauthenticate his/her identity
Network SecurityNetwork Security -- 1/1/1111
143.471 Digital Communication Networks143.471 Digital Communication Networks
Identification and Authentication(The Three Basic Approaches)
Something the person knows
– password
– combination
– history
– other….
Something the person possesses
– a token or a card
– a key to a lock
– other….
Something the person is(Biometrics)
– Fingerprints
– retinal pattern
– voice pattern
– other….
Network SecurityNetwork Security -- 1/1/1212
143.471 Digital Communication Networks143.471 Digital Communication Networks
An Introduction to Cryptography
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 5
Network SecurityNetwork Security -- 1/1/1313
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography (Introduction)
EncryptionIs a process designed to conceal meaning by changingintelligible messages to unintelligible messages…..
Covers both encypherment and encoding
Encypherment– The translation of individual letters (or tokens) to other letters of
tokens
Encoding– The translation of words or phrases (or groups of tokens) to other
words or phrases
Cryptography relies on two basic componentsAn algorithm (also called a cryptographic methodology)
A Key (one or more)
Network SecurityNetwork Security -- 1/1/1414
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography(Example)
Example
In a simple system where letters are substitutedfor other letters
The Key…?
– The chart of paired letters
The Algorithm…?
– Substitution
Network SecurityNetwork Security -- 1/1/1515
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography(The Two Basic Types)
There are two basic types of CryptographicSystems
Secret Key (also called symmetric systems)
The same key is used to encrypt and decrypt data
Two or more parties share the key
The key must remain secret
Public Key (also called asymmetric systems)
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 6
Network SecurityNetwork Security -- 1/1/1616
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography(Secret Key and Public Key)
Secret Key Encryption
EncryptionAlgorithm
DecryptionAlgorithm
PlainText PlainTextCypherText
KeyShared by theparties involved
- Produces output that is dependent on the key
- Powerful enough to defy decryption fromexamination of the cyphertext and/or knowledgeof the algorithm
- Security is dependent on the secrecy of the key
- How do you distribute the key..??
- Key must remain secret
- Reliance on allparties
- Data Encryption Standard (DES)Federal Information ProcessingStandards (FIPS) 46-1
- DES has been widely adoptedby the commercial sector in theU.S.
- Chips available, so low costencryption/decryption isavailable, but accessis restricted
Network SecurityNetwork Security -- 1/1/1717
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography(Secret Key and Public Key)
One of the major difficulties with Secret Key systems is thesecure distribution of the Key
Public Key Systems don’t require Key distribution…although you still need keys to encrypt and decrypt
The Public Key algorithms are asymmetric…. That is, youcannot decrypt the message with the same key that you usedto encrypt it.
This system uses key pairs, one to encrypt and one todecrypt…. If you want to receive secure messages then youcan make one key public (otherwise known as the PublicKey)…. and so long as the other key is known only to you,then you will be the only person that can read it
Needless to say, it is a requirement of this type of systemthat you cannot derive one key from the other
Network SecurityNetwork Security -- 1/1/1818
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography(Public Key example)
Public Key Encryption
EncryptionAlgorithm
DecryptionAlgorithm
A X
- X places his/her PublicKey (Xp) in an accessibleplace…. and keeps thePrivate Key (Xs) hidden
Directory of Public Keys
Xp
- A obtains X’s public Key,encrypts a message andsends it to X
Xp
PlainText CypherText
- X uses his/her Private Key todecrypt the message
Xs
PlainText
RSA, named after its three creators,Ronald Rivest, Adi Shamir and LenAdlemen
The Digital Signature Standard (DSS)
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 7
Network SecurityNetwork Security -- 1/1/1919
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography
Some uses
To ensure confidentiality and integrity of information
Public Key is particularly useful when key secrecy is a problem
Public Key can be used to distribute secret keys
To support controls such as authentication (how do I know youare who you say you are)
Other…..
Having set a foundation for cryptographic systems weshall take another look at the important (and related)issue of identification and authentication
Network SecurityNetwork Security -- 1/1/2020
143.471 Digital Communication Networks143.471 Digital Communication Networks
Internet Communications andCryptography
The rush towards Internet Related Electronic BusinessActivities
Funds transfer associated with sales
Authorisations
Would you send your Credit Card number over the Internet…??
The Problems of - Identification and Authentication
The Problems of - Security of Information once theSender / Receiver have been authenticated
Interruption
Interception
Modification
Fabrication
Network SecurityNetwork Security -- 1/1/2121
143.471 Digital Communication Networks143.471 Digital Communication Networks
Cryptography as a Basis forIdentification & Authentication
Drawbacks of Secret Key Systems
Relies on one or more parties sharing the Secret Key
In practice this means that communication can only occurbetween people with some prior relationship…. (because theymust be entrusted with the Secret Key)
The same key that allows for communication allows any of theparties to create forgeries in the name of others
Public Key Systems Provide a basis for AuthenticationIn RSA each key of a key pair can undo what the other does
If a user can unscramble a message using say, Jack’s PublicKey, then it must have been created in the first place with Jack’sPrivate Key…. This is the basis for Digital Signatures
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 8
Network SecurityNetwork Security -- 1/1/2222
143.471 Digital Communication Networks143.471 Digital Communication Networks
Transposition Ciphers
Transposition ciphers reorder the letters but don’t disguise them. The cipher iskeyed by a word or phrase not containing any repeated letters. In this example,MEGABUCK is the key. The purpose in the example is to number the columns,column 1 is under the key letter closest to the start of the alphabet.
To break a transposition cipher1. Be aware it is a transposition cipher by looking at the frequency of E, T, A, etc.2. Guess the number of columns by first guessing a word or phrase. Say: “Million dollars”3. The remaining step is to order the columns.
Network SecurityNetwork Security -- 1/1/2323
143.471 Digital Communication Networks143.471 Digital Communication Networks
P-Box
Transposition can be implemented with simpleelectrical circuits.
If the 8 bits are designated from top to bottom as
01234567, then
the output of this particular P-box is 36071245
By appropriate internal wiring, a P-box can bemade to perform any transposition and do it atpractically the speed of light, since no computationis involved; just signal propagation
This design follows Kerckhoff’s principle: theattacker knows that the general method ispermuting the bits. What he doesn’t know is whichbit goes where, which is the key.
Inp
utO
utp
ut
Network SecurityNetwork Security -- 1/1/2424
143.471 Digital Communication Networks143.471 Digital Communication Networks
Substitution ciphers
In substitution cipher each letter or group of letters is replaced byanother letter or group of letters to disguise it.
For instancea b c d e f g h i j k l m n o p q r s t u v w x y z
Q W E R T Y U I O P A S D F G H J K L Z X C V B N M
Substitution ciphers preserve the order of the plaintext symbols butdisguise them.
The substitution ciphers can be broken by starting out withcounting the relative frequencies of all letters in the ciphertext. Thenone might tentatively assign the most common one to letter e, etc.
The general system of symbol-to-symbol substitution is calledmono-alphabetic substitution
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 9
Network SecurityNetwork Security -- 1/1/2525
143.471 Digital Communication Networks143.471 Digital Communication Networks
S-Box
Substitutions are performed by S-boxIn the example, the 3-bit input selects oneof the eight lines existing from the firststage and sets it to 1; all the other linesare 0.
The second stage is a P-box.
The third stage encodes the selectedinput line in binary again. With the wiringshown, if the eight octal numbers01234567 were input one after another,the output sequence would be 24506713.In other words, 0 has been replaced by 2and 1 has been replaced by 4.
By appropriate wiring of the P-box insidethe S-box, any substitution can beaccomplished.
Network SecurityNetwork Security -- 1/1/2626
143.471 Digital Communication Networks143.471 Digital Communication Networks
One-time pads
1. Choose a random bit string as the key.
2. Then convert the plaintext into a bit string, for exampleby using its ASCII representation.
3. Finally compute the XOR of these two strings, bit by bit.The resulting ciphertext cannot be broken, because in asufficiently large sample of ciphertext, each letter will occurequally often.
The biggest disadvantage is that both sender and receiver mustcarry the pads which greatly reduces their practical utility.
Network SecurityNetwork Security -- 1/1/2727
143.471 Digital Communication Networks143.471 Digital Communication Networks
One-time pads
Message 1, “I love you.”
Message 2, “Elvis lives”
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 10
Network SecurityNetwork Security -- 1/1/2828
143.471 Digital Communication Networks143.471 Digital Communication Networks
Prime Numbers
Prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
List of prime number less than 200 is:2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 8997 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173179 181 191 193 197 199
Network SecurityNetwork Security -- 1/1/2929
143.471 Digital Communication Networks143.471 Digital Communication Networks
Prime Factorisation
To factor a number n involves writing it as a product ofother numbers: n = a × b × c
Note that factoring a number is relatively hard comparedto multiplying the factors together to generate thenumber!
The prime factorisation of a number n is when its writtenas a product of primes
eg. 91=7×13
Network SecurityNetwork Security -- 1/1/3030
143.471 Digital Communication Networks143.471 Digital Communication Networks
Relatively Prime Numbers & GCD
Two numbers a, b are relatively prime if they have nocommon divisors apart from 1
eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of15 are 1,3,5,15 and 1 is the only common factor
Conversely can determine the Greatest Common Divisorby comparing their prime factorizations and using leastpowers
eg. 300 = 22×31×52 18=21×32
hence GCD(18,300) = 21×31×50 = 6
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 11
Network SecurityNetwork Security -- 1/1/3131
143.471 Digital Communication Networks143.471 Digital Communication Networks
Fermat's Theorem
ap-1 mod p = 1
where p is prime and gcd(a,p) = 1
Also known as Fermat’s Little Theorem
Useful in public key
Network SecurityNetwork Security -- 1/1/3232
143.471 Digital Communication Networks143.471 Digital Communication Networks
Euler Totient Function ø(n) – (1)
When doing arithmetic modulo n, complete set ofresidues is: 0…n-1
Reduced set of residues is those numbers (residues)which are relatively prime to n
eg for n = 10,
complete set of residues is {0,1,2,3,4,5,6,7,8,9}
reduced set of residues is {1,3,7,9}
Number of elements in a reduced set of residues iscalled the Euler Totient Function ø(n)
Network SecurityNetwork Security -- 1/1/3333
143.471 Digital Communication Networks143.471 Digital Communication Networks
Euler Totient Function ø(n) – (2)
To compute ø(n) need to count number of elements to beexcluded
In general need prime factorization, but
for p (p is a prime) ø(p) = p -1
for p.q (p and q are primes) ø(p.q) = (p-1)(q-1)
eg.
ø(37) = 36
ø(21) = (3–1)×(7–1) = 2×6 = 12
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 12
Network SecurityNetwork Security -- 1/1/3434
143.471 Digital Communication Networks143.471 Digital Communication Networks
Generalization of Euler’s theorem
For numbers n = pq where p and q are primes,
akø(n) + 1 = a mod n, for all a < n, as long as k is anon-negative integer.
Network SecurityNetwork Security -- 1/1/3535
143.471 Digital Communication Networks143.471 Digital Communication Networks
Digital Signature Standard - DSS(A Brief Introduction)
To reduce costs and increase productivity, many businesses areattempting to transform paper-based systems into automatedelectronic systems.
Unfortunately they generally end up with a Hybrid system… One ofthe culprits is the use of signatures to identify and authenticate aperson
There is a need for a reliable, cost-effective way to replace ahandwritten signature with a digital signature. Like a handwrittensignature, a digital signature can be used to identify andauthenticate the originator of the information.
A digital signature can also be used to verify that information hasnot been altered after it is signed; this provides message integrity.The DSS specifies a Digital Signature Algorithm (DSA) for use incomputing and verifying digital signatures.
Network SecurityNetwork Security -- 1/1/3636
143.471 Digital Communication Networks143.471 Digital Communication Networks
Digital Signatures
The Digital Signature Standard is a special version ofPublic Key Cryptography
The Digital Signature Standard can be used to
Identify and Authenticate the originator
Verify that the message has not been altered after it has beensigned
Determine whether playback is occurring
Guard against; interception, Modification and Fabrication
Digital Signature Standard uses the Secure HashAlgorithm to aid in the detection of modification…..
We need to look at Hash functions before we cancontinue
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 13
Network SecurityNetwork Security -- 1/1/3737
143.471 Digital Communication Networks143.471 Digital Communication Networks
Building Towards StrongAuthentication
The Digital Signature Standard is a special version ofPublic Key Cryptography…… Designed toauthenticate both the sender and the message
The Generate a Digital Signature
The owner of the Private Key applies a one way function(such as the Secure Hash Algorithm [Ref 4]) to the message
This results in a condensed representation of the messageknown as a Message Digest
You can’t get the original message back from the digest
Choosing a different message that digests to the samemessage is difficult
It is this digest which is encrypted with the Private Key
Network SecurityNetwork Security -- 1/1/3838
143.471 Digital Communication Networks143.471 Digital Communication Networks
Message Digest
One criticism of signature methods is that they often couple twodistinct functions : authentication and secrecy.
Often authentication is needed but secrecy is not.
Encryption
Protects against passive attack (eavesdropping).
A different requirement is to protect against active attack(falsification of data and transactions).
Protection against such attacks is known as message authentication.
A message digest or MD, is based on a hash function, and it is anauthentication scheme that does not require encrypting the entiremessage, but provides a message authentication function.
Network SecurityNetwork Security -- 1/1/3939
143.471 Digital Communication Networks143.471 Digital Communication Networks
Generating a Message Digest
Digest/Hash
Function
N possibleinputs
K possibleoutputs
Message
Apparently random mappingbetween input and output
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 14
Network SecurityNetwork Security -- 1/1/4040
143.471 Digital Communication Networks143.471 Digital Communication Networks
RSA
Developed soon after the Merkle knapsack algorithm
The three inventors were Ron Rivest, Adi Shamir andLeonard Adleman, 1978
RSA gets its security from the difficulty of factoring apair of large numbers (100 or more digits)
Network SecurityNetwork Security -- 1/1/4141
143.471 Digital Communication Networks143.471 Digital Communication Networks
RSA(Generating the keys)
Then randomly choose theencryption key, e, such thate and (p-1)x(q-1) are relativelyprime
Now find the decryption key d(using Euclid’s algorithm) suchthat d is the inverse of e
))1()1((mod
))1()1mod((1
1
qped
wayanotheritputtingor
qpdee and n make up the Public Key.
d is the Private Key
qpn Choose two large primenumbers p and q and find theproduct n
Network SecurityNetwork Security -- 1/1/4242
143.471 Digital Communication Networks143.471 Digital Communication Networks
RSA(To Encrypt a Message)
Public Key
n n = pxq where p and q are two primes (p and q must remain secret)e randomly chosen and relatively prime to (p-1)x(q-1)
Private Key
d the inverse of e. That is, e-1 mod ((p-1)x(q-1))
Encrypting
c = me mod n
Decrypting
m = cd mod n
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 15
Network SecurityNetwork Security -- 1/1/4343
143.471 Digital Communication Networks143.471 Digital Communication Networks
RSA(Example - 1)
The encryption key e must have no factors incommon with..
(p-1) X (q-1) = 46 X 70 = 3220
Choose e (at random) to be 79. In that case:
d = 79-1 mod((p-1)x(q-1)) = 1019
This number was calculated using the extendedEuclidean algorithm
Publish e and n, and keep d secret. Discard p and q.To encrypt the message, m = 6882326879666683.
First break it into small blocks. Three-digit blockswork nicely in this case. The message will beencrypted in six blocks, mi, in which
m1 = 688
m2 = 232
m3 = 687
m4 = 966
m5 = 668
m6 = 3
Choose p = 47 and q = 71.Therefore n = p x q = 3337
Network SecurityNetwork Security -- 1/1/4444
143.471 Digital Communication Networks143.471 Digital Communication Networks
RSA(Example - 2)
The first block is encrypted as:..
68879 (mod 3337) = 1570 = c1
Performing the same operation on the subsequentblocks generates an encrypted message::
c = 1570 2756 2714 2276 2423 158
Decrypting the message requires performing thesame exponentiation using the decryption key of1019. So:
15701019 (mod 3337) = 688 = m1.
The rest of the message can be recovered in thismanner
Network SecurityNetwork Security -- 1/1/4545
143.471 Digital Communication Networks143.471 Digital Communication Networks
Digital Signatures(The Protocol) - 1
Two people, Jack and Tanya wish to establish a securecommunication across the Internet… They also needtheir communication to be so structured so that both willhave a record that neither can repudiate
The Authentication works like thisJ -> T Hi, are you Tanya?
T -> J Jack, this is Tanya….Ts[ h(Jack, this is Tanya)]
J Use Tanya’s Public Key to obtain the DigestTp[Ts[ h(Jack, this is Tanya)]]
= h(Jack, this is Tanya)
Run the SHA on the Message and compare the result with thereceived Digest. If its the same you know its not been tamperedwith
This process must of course be two ways!
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 16
Network SecurityNetwork Security -- 1/1/4646
143.471 Digital Communication Networks143.471 Digital Communication Networks
Digital Signatures(The Protocol) - 2
Tanya has sent a messageand signed it…
If Tanya’s Public Key willdecrypt a digest and thatdigest matches the plain textmessage, then Tanya sent thatPlain Text Message
When the digest of a message isencrypted using the sender’s privatekey and is appended to the originalmessage, the result is known as thedigital signature of the message.
What are the odds of being able tochange the Plain Message tosomething “malicious” but which willstill digest to the same value.?
That is, so that the receiver thinksthat the modified plaintext messagecame from Tanya
Network SecurityNetwork Security -- 1/1/4747
143.471 Digital Communication Networks143.471 Digital Communication Networks
Certificates(Key Management)
Before two parties use public-keycryptography to conduct business, eachwants to be sure that the other party isauthenticated.
Before Jack accepts a message withTanya’s digital signature, he wants to besure that the public key belongs toTanya and not to someonemasquerading as Tanya on an opennetwork.
One way to be sure that the public keybelongs to Tanya is to receive it over asecure channel directly from Tanya.However, in most circumstances thissolution is not practical.
After all, I could have placed myPublic Key on the Network,whilst pretending to be Tanya
Where?
How can you besure that it was
Tanya who put itthere?
Network SecurityNetwork Security -- 1/1/4848
143.471 Digital Communication Networks143.471 Digital Communication Networks
Certificates - 1
Whilst it can be proved whetherTanya sent the message or not… Youcan still be fooled by a masqueraderunless you know that the Public Keythat you think is Tanya’s does reallybelong to Tanya
How do you distribute Public Keys ina way that you know that a particularPublic Key belongs to a particularperson..??
An object called a certificate is beingdeveloped to solve this problem. Ithas in it at least the followinginformation:
The Certificate Issuer’s ID
Who this Certificate is for
The person’s Public Key
Expiry Date
The Certificate Issuer’sDigital Signature
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 17
Network SecurityNetwork Security -- 1/1/4949
143.471 Digital Communication Networks143.471 Digital Communication Networks
A More Complete and PreciseCertificate Definition(X.509)
Certificate ::= SIGNED { SEQUENCE {version Version DEFAULT v1,serialNumber CertificateSerialNumber,signature AlgorithmIdentifier,issuer Name,validity Validity,subject Name,subjectPublicKeyInfo SubjectPublicKeyInfo,issuerUniqueIdentifier IMPLICIT UniqueIdentifier OPTIONAL,
-- if present, version must be v2subjectUniqueIdentifier IMPLICIT UniqueIdentifier OPTIONAL
-- if present, version must be v2 -- }}
This (incomplete) definition is in ASN.1 (Abstract Syntax Notation 1).See ITU-T Recommendation X.208
143.471 Digital Communication Networks143.471 Digital Communication Networks
Certificates(A Summary) - 1
A digital signature cryptographically binds the signed data with aunique private key, which is assumed to be under the exclusivecontrol of the person, cardholder, merchant, financial institution, orCA as appropriate.
The private key is mathematically linked to the public key of the keypair. Assuming that the private key has not been compromised, thedigital signature has the effect of binding the public key to the dataas well.
However, anyone can generate a public/private key pair, and so it isessential that some mechanism be established that binds the publickey to the entity in a trustworthy manner. This is the fundamentalpurpose of a certificate – to bind a public key to a uniquelyidentified entity.
Network SecurityNetwork Security -- 1/1/5151
143.471 Digital Communication Networks143.471 Digital Communication Networks
Certificates(A Summary) - 2
Since a bogus Certificate Authority could be set up to createcertificates that would contain information nearly identical to thatcontained in a valid certificate, the signature of the CertificateAuthority itself shall be certified as authentic by a higher levelCertificate Authority.
The only exception to this requirement is the industry rootCertificate Authority.
This is the only directly trusted Certificate Authority.
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 18
Network SecurityNetwork Security -- 1/1/5252
143.471 Digital Communication Networks143.471 Digital Communication Networks
Using Digital Signatures andCertificates
The Authentication works like this:
J -> T Hi, are you Tanya?
T -> J Jack, this is Tanya, Here is my certificate issued byCertification Authority 1, (Tanya<<CA1)
J Examine Certificate...Determine it’s validity by examining theIssuer’s signature...Get the Public Key that has been bound toTanya…..Now ask Tanya to prove her identity
J -> T Prove it
T -> J Jack, this is Tanya….Ts[Digest(Jack, this is Tanya)]
J Use Tanya’s Public Key to obtain the DigestRun the Hash on the Message and compare the result with thereceived Digest.If its the same you know its not been tampered with…
Network SecurityNetwork Security -- 1/1/5353
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 1,2,3,4 and 5 Encryption)
1. Tanya runs the Message througha one-way algorithm to producethe message digest..
2. She then encrypts the messagedigest with her private key toproduce the digital signature.
3. Next, she generates a randomsymmetric key and uses it toencrypt the Message, hersignature and a copy of hercertificate, which contains herpublic signature key.
To decrypt the propertydescription, Bob will require asecure copy of this randomsymmetric key.
RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)]
MessageDigest = H(Msg)
Digital Signature = Ts[ H(Msg)]
Random Symmetric Key = RS
Network SecurityNetwork Security -- 1/1/5454
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 1,2,3,4 and 5 Encryption)
4. Bob’s certificate, which Tanyamust have obtained prior toinitiating securecommunication with him,contains a copy of his publickey-exchange key.
To ensure secure transmissionof the symmetric key, Tanyaencrypts it using Bob’s publickey-exchange key. Theencrypted key, referred to asthe digital envelope, will besent to Bob along with theencrypted message itself.
Digital Envelope = Bp[RS]
Bp = The KeySection of (Bob<<CA2)]
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 19
Network SecurityNetwork Security -- 1/1/5555
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 1,2,3,4 and 5 Encryption)
5. Tanya sends a message to Bobconsisting of the following: thesymmetrically encryptedMessage, signature andcertificate, as well as theasymmetrically encryptedsymmetric key (the digitalenvelope).
RS[(Msg), Ts[H(Msg)], (Tanya<<CA1)]+Bp[RS]
Digital Envelope
Network SecurityNetwork Security -- 1/1/5656
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 6,7,8,9 and 10 - Decryption)
6 Bob receives the messagefrom Tanya and decrypts thedigital envelope with hisprivate key-exchange key toretrieve the symmetric key.
7 He uses the symmetric keyto decrypt the propertydescription, Tanya’ssignature, and hercertificate.
8 He decrypts Tanya’s digitalsignature with her publicsignature key, which heacquires from her certificate.This recovers the originalmessage digest of theproperty description.
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 6,7,8,9 and 10 - Decryption)
9 He runs the Messagethrough the same one-way algorithm used byTanya and produces anew message digest ofthe decrypted propertydescription.
[(Msg), Ts[H(Msg)], (Tanya<<CA1)]
H(Msg) generated by Bob from the Message
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 20
Network SecurityNetwork Security -- 1/1/5858
143.471 Digital Communication Networks143.471 Digital Communication Networks
Summarising a Secure &Authenticated Transaction(Steps 6,7,8,9 and 10 - Decryption)
10 Finally, he compares hismessage digest to theone obtained fromTanya’s digital signature.
H(Msg) generated by Bob from the Message
H(Msg) = Tp [Ts[H(Msg)]],
Compare
Yes
If they are exactly the same, he confirmsthat the message content has not beenaltered during transmission and that it wassigned using Tanya’s private signature key.
If they are not the same,then the message eitheroriginated somewhereelse or was altered afterit was signed. In thatcase, Bob takes someappropriate action suchas notifying Tanya ordiscarding the message.
SameNo
Network SecurityNetwork Security -- 1/1/5959
143.471 Digital Communication Networks143.471 Digital Communication Networks
Digital Signatures - The Future
Extensive activity to set up systems that will allow worldwide business transactions over the Internet…. See“SET” standard
Governments (in particular the US Government) areproviding legislative frameworks for CertificationHierarchies
Digital Signature technology and its uses will explode…..
Network SecurityNetwork Security -- 1/1/6060
143.471 Digital Communication Networks143.471 Digital Communication Networks
Definition of Terms - 1(Source: X.509)
Authentication Token(Token): Information conveyedduring a strong authenticationexchange, which can be used toauthenticate its sender.
User Certificate; Certificate: Thepublic keys of a user, together withsome other information, renderedunforgeable by encipherment withthe private key of the certificationauthority which issued it.
Certification Authority: An authoritytrusted by one or more users tocreate and assign certificates.Optionally the certification authoritymay create the users’ keys.
Certification Path: An orderedsequence of certificates of objects inthe DIT which, together with thepublic key of the initial object in thepath, can be processed to obtain thatof the final object in the path.
Cryptographic System,Cryptosystem: A collection oftransformations from plain text intociphertext and vice versa, theparticular transformation(s) to beused being selected by keys. Thetransformations are normally definedby a mathematical algorithm.
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 21
Network SecurityNetwork Security -- 1/1/6161
143.471 Digital Communication Networks143.471 Digital Communication Networks
Definition of Terms - 2(Source: X.509)
Hash Function: A (mathematical)function which maps values from alarge (possibly very large) domaininto a smaller range. A “good” hashfunction is such that the results ofapplying the function to a (large) setof values in the domain will be evenlydistributed (and apparently atrandom) over the range.
One-way Function: A (mathematical)function f which is easy to compute,but which for a general value y in therange, it is computationally difficult tofind a value x in the domain such thatf(x) = y. There may be a few values yfor which finding x is notcomputationally difficult.
Public Key: (In a public keycryptosystem) that key of a user’skey pair which is publicly known.
Private Key; Secret Key(In a public key cryptosystem)that key of a user’s key pairwhich is known only by that user.
Simple Authentication:Authentication by means ofsimple password arrangements.
Security Policy:The set of rules laid down by thesecurity authority governing theuse and provision of securityservices and facilities.
Network SecurityNetwork Security -- 1/1/6262
143.471 Digital Communication Networks143.471 Digital Communication Networks
Definition of Terms - 3(Source: X.509)
Strong Authentication:Authentication by means ofcryptographically derivedcredentials.
Trust:Generally, an entity can be saidto “trust” a second entity when it(the first entity) makes theassumption that the secondentity will behave exactly as thefirst entity expects. This trustmay apply only for some specificfunction.
The key role of trust in theauthentication framework is todescribe the relationshipbetween an authenticating entityand a certification authority; anauthenticating entity shall becertain that it can trust thecertification authority to createonly valid and reliablecertificates.
Certificate Serial Number:An integer value, unique withinthe issuing CA, which isunambiguously associated with acertificate issued by that CA.
Network SecurityNetwork Security -- 1/1/6363
143.471 Digital Communication Networks143.471 Digital Communication Networks
Notation - 1(Source: X.509)
Notation Meaning
Xp Public key of a user X.
Xs Private key of X.
Xp[I] Encipherment of some information, I, using the public key of X.
Xs[I] Encipherment of I using the private key of X.
X{I} The signing of I by user X. It consists of I with an enciphered summary appended.
CA(X) A certification authority of user X.
CAn(X) (Where n>1): CA(CA(...n times...(X)))
X1«X2» The certificate of user X2 issued by certification authority X1.
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 22
Network SecurityNetwork Security -- 1/1/6464
143.471 Digital Communication Networks143.471 Digital Communication Networks
Notation - 2(Source: X.509)
X1«X2» X2«X3» A chain of certificates (can be of arbitrary length), where each item is the certificate for thecertification authority which produced the next. It is functionally equivalent to the followingcertificate X1«Xn+1». For example, possession of A«B»B«C» provides the same capability asA«C», namely the ability to find out Cp given Ap.
X1p • X1«X2» The operation of unwrapping a certificate (or certificate chain) to extract a public key. It is an infixoperator, whose left operand is the public key of a certification authority, and whose right operandis a certificate issued by that certification authority. The outcome is the public key of the userwhose certificate is the right operand. For example:
Ap • A«B» B«C»
denotes the operation of using the public key of A to obtain B’s public key, Bp, from its certificate,followed by using Bp to unwrap C’s certificate. The outcome of the operation is the public key ofC, Cp.
AB A certification path from A to B, formed of a chain of certificates, starting with CA(A)«CA2(A)»and ending with CA(B)«B».
NOTE – In the table, the symbols X, X1, X2, etc., occur in place of the names of users, while the symbol I occurs in placeof arbitrary information.
Network SecurityNetwork Security -- 1/1/6565
143.471 Digital Communication Networks143.471 Digital Communication Networks
Likelihood and Costs of Network SecurityThreats
Network SecurityNetwork Security -- 1/1/6666
143.471 Digital Communication Networks143.471 Digital Communication Networks
Common Security Threats
Virus infection – most likely event
Unauthorized accessBy internal and external hackers
High cost to recover (both in $ and publicity)
Device failure (not necessarily by a malicious act)
Device theft, Natural Disaster
Denial of Service attacks
External attacks blocking access to the network
Big picture messages:Viruses: most common threat with a fairly high cost
Unauthorized access by employees: greater threat
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 23
Network SecurityNetwork Security -- 1/1/6767
143.471 Digital Communication Networks143.471 Digital Communication Networks
Identify and Document Controls
Identify current in-place controls and list them in the cellfor each asset and threat
For each asset and the specific threat
Describe each control that
– Prevents,
– Detects and/or
– Corrects that threat
Place each control and its role in a numeric list (without anyranking)
Place the number in the cell (in the control spreadsheet)
– Each cell may have one or more controls
Network SecurityNetwork Security -- 1/1/6868
143.471 Digital Communication Networks143.471 Digital Communication Networks
Business Continuity Planning
Make sure that organization’s data and applications willcontinue to operate even in the face of disruption,destruction, or disaster
Continuity Plan includesDevelopment of controls
To prevent these events from having a major impact
Disaster recovery plan
To enable the organization to recover if a disaster occurs
Network SecurityNetwork Security -- 1/1/6969
143.471 Digital Communication Networks143.471 Digital Communication Networks
Specifics of Continuity Plan
Preventing Disruption, Destruction, and Disaster
Using Redundant Hardware
Preventing Natural Disaster
Preventing Theft
Preventing Viruses
Preventing Denial of Service
Detecting Disruption, Destruction, and Disaster
Correcting Disruption, Destruction, and DisasterDisaster Recovery Plan
Disaster Recovery Outsourcing
143.471 Digital Communications 23/05/2007
Network Security Cryptography, Hash Functions & Digital Signatures - 24
Network SecurityNetwork Security -- 1/1/7070
143.471 Digital Communication Networks143.471 Digital Communication Networks
Using Redundant Hardware
A key principal in preventing disruption, destruction anddisaster