Lecture 2 crypto and basics of protocols

S-38.3153Mikko Särelä

keskiviikkona 28. maaliskuuta 2012

Today’s plan

• Learn about protocols

• Remote login

• How to solve security problems?

• How can cryptography help?


Remote login

• A simple protocol to remotely login to a computer as if you were physically present


Remote login

Alice HalHi Hal! I’m Alice

What’s your password?

It’s BobAteMyCat

Access granted

> run emacs mythesis.txt


What kind of security problems do you see?


Remote login



It’s BobAteMyCat

Access granted



Remote login



It’s BobAteMyCat

Access granted


Mallory


How would you fix the security problems?


Secure Shell

• Use public key cryptography to authenticate remote end

• Leap of faith for first time connections

• User is authenticated with password or public key crypto

• This communication is encrypted


Cryptography basicsMikko Särelä, Dr. Tech

20 March 2012


Security and cryptologyThe same thing?


Crypto overview

• Public key cryptography

• Key exchange

• Symmetric key cryptography

• Secure hash


Crypto basics

• Plaintext message m

• Crypto-algorithm

• Key k

• Encrypted text


Public key cryptography


Two keys - private and public


Some math

• RSA and Diffie-Hellman based on modulo arithmetics

• the difficulty of division operation, logarithm, and factoring


Modulo0

3

1

2

5

4

9

8 7 6

10

11

12


Addition and multiplication easy


Division is hardFactoring is hard


Example: RSA

• n = p*q, p and q large primes

• Choose public key e as relative prime for (p-1)(q-1)

• Private key d = e-1 mod ((p-1)(q-1))

• Encrypting c = me mod n

• Decrypting m = cd mod n


Problem

• p = 11, q = 3

• e = 3

• What is d?

• Encrypt message m = 7

• Decrypt the result


Solution

• c = me mod n = 73 mod 33 = 343 mod 33 = 13.

• c = 13

• To check decryption:

• m’ = cd = 137 mod 33 = 7


Cipher text for all m

m 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16c 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4

m 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32c 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32


Cipher text for all m

m 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16c 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4

m 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32c 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32


Depends onFactoring being hard!


Usage

• Use public key to encrypt data

• Private key is used to decrypt it

• Or use private key to sign data

• Public key can be used to verify the signature

• Only owner of private key can sign

• Basis for certificates


Diffie-Hellman


(AB)C = Ab*c = (AC)B


Diffie-Hellmanhttp://upload.wikimedia.org/wikipedia/commons/a/a3/Diffie-Hellman-Schlüsselaustausch.png


http://upload.wikimedia.org/wikipedia/commons/a/a3/Diffie-Hellman-Schl

http://upload.wikimedia.org/wikipedia/commons/a/a3/Diffie-Hellman-Schl

Symmetric key cryptography


Block cipherStream cipher


Block cipher

Block cipher encryption

Key

Plaintext

Ciphertext


Stream cipher

Plaintext

AIVK

Kstream

Ciphertext

Ciphertext

AIVK

Kstream

PlaintextXOR


Ciphers overview


• Symmetric ciphers• Fast• require separate key exchange• Public key ciphers• Slow• No key exchange required• usage: signatures, certificates, encrypt

symmetric cipher key inside a message• How to get random keys?


Cryptographic hashes


Ideal hash-function

• easy to compute the hash value for any given message• infeasible to generate a message that has a

given hash• infeasible to modify a message without

changing the hash• infeasible to find two different messages

with the same hash


http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability

http://en.wikipedia.org/wiki/Computational_complexity_theory#Intractability

Keyed hash


Applications

• Verifying integrity of a message using keyed hash function

• file or data identifier

• pseudorandom number generation and key generation

• hash chains


Cryptographic Hash functions

• SHA-256 as an example

• Birthday attack

• Keyed hash is usually marked as

• h(k, M)


Secure Shell


What is SSH?

• A set of protocols that is designed to provide a secure communication channel between host and a server

• Covers authentication, encryption, and data integrity

• Originally replacement for telnet/rlogin/rsh

• SFTP also


History

• Tatu Ylönen developed the first version in 1995

• SSH protocol version 2 in 1998 because of protocol vulnerabilities

• Many open and commercial versions available for all operating systems


Protocol details

• Client/server architecture

• Server listens to port 22

• Client wanting to connect executes an ssh command

• port forwarding


SSH Protocol Stack

IP

TCP

SSH Transportation protocol

SSH Connection ProtocolMultiplexes encrypted tunnel into several

logical channels

SSH User Authentication protocolAuthenticates client-side user to the

server


Transport layer

• Initial key exchange

• Server authentication

• Data confidentiality

• Data Integrity

• Compression (optional)

• key re-exchange


Transport layer

• Server authenticates itself to client

• No man-in-the-middle attacks


SSH ProtocolClient Server

TCP connection setup

SSH version string exchange

SSH Key exchange

SSH data exchange

Termination of the TCP connection


SSH key exchange• Client and server send kex_init packet, containing a list

of crypto algorithms they support

• First common key exchange algorithm supported by server is chosen

• Used to negotiate server authentication, encryption, MAC, and compression

• Opportunistic guess allowed

• Establish shared secret k and

• Authenticate server

• with public key signature or shared key authentication with MAC


User authentication

• Client authentication

• password

• public key cryptography

• host based authentication


Connection layer

• Defines logical channels

• Requests for TCP port forwarding, X11 forwarding etc.


Lecture 2 crypto and basics of protocols

Technology

public key e

symmetric cipher key

data private key

private key d

owner of private key

cryptoalgorithm key

sign data public key

usage use public key