Cryptography 120818113922 Phpapp02

7/28/2019 Cryptography 120818113922 Phpapp02

1/109

SECURITY MANAGEMENT

1


2/109

Basic terminology

Plaintext: original message to beencrypted

Ciphertext: the encrypted message

Enciphering or encryption: the process ofconverting plaintext into ciphertext

Encryption algorithm: performs encryption

Two inputs: a plaintext and a secret key

2


3/109

Deciphering or decryption: recoveringplaintext from ciphertext

Decryption algorithm: performs decryption Two inputs: ciphertext and secret key

Secret key: same key used for encryption anddecryptionAlso referred to as a symmetric key

3


4/109

Cipher or cryptographic system : a scheme forencryption and decryption

Cryptography: science of studying ciphers

Cryptanalysis:science of studying attacks

against cryptographic systems Cryptology: cryptography + cryptanalysis

4


5/109

5

Cryptography issues

Confidentiality: only sender, intendedreceiver should understand messagecontents

sender encrypts messagereceiver decrypts message

End-Point Authentication: sender, receiverwant to confirm identity of each other

Message Integrity: sender, receiver want toensure message not altered (in transit, orafterwards) without detection


6/109

Ciphers

Symmetric cipher: same key used forencryption and decryption

Block cipher: encrypts a block of plaintext at a

time (typically 64 or 128 bits)

Stream cipher: encrypts data one bit or one

byte at a time

Asymmetric cipher: different keys usedfor encryption and decryption

6


7/109

Classical Ciphers

Plaintext is viewed as a sequence ofelements (e.g., bits or characters)

Substitution cipher: replacing eachelement of the plaintext with anotherelement.

Transposition (or permutation) cipher:

rearranging the order of the elementsof the plaintext.

7


8/109

16.

8

Substitution ciphers

A substitution cipher replaces one symbol with another. Ifthe symbols in the plaintext are alphabetic characters, we

replace one character with another.

A substitution cipher replaces one symbol

with another.

i

The simplest substitution cipher is a shift cipher (additive

cipher).


9/109

16.

9

Example 16.1

Use the additive cipher with key = 15 to encrypt the message

hello.

Solution

We apply the encryption algorithm to the plaintext, character by

character:

The ciphertext is therefore wtaad.


10/109

Caesar Cipher

Earliest known substitution cipher Invented by Julius Caesar

Each letter is replaced by the letter three

positions further down the alphabet. Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A BC

Example: ohio state RKLR VWDWH

10


11/109

Caesar Cipher

Mathematically, map letters to numbers:a, b, c, ..., x, y, z

0, 1, 2, ..., 23, 24, 25

Then the general Caesar cipher is:c= EK(p) = (p+ k) mod 26

p= DK(c) = (ck) mod 26

Can be generalized with any alphabet.

11


12/109

16.

12

Transposition ciphers

A transposition cipher does not substitute one symbol for

another, instead it changes the location of the symbols. A

symbol in the first position of the plaintext may appear in thetenth position of the ciphertext, while a symbol in the eighth

position in the plaintext may appear in the first position of

the ciphertext. In other words, a transposition cipher reorders

(transposes) the symbols.

A transposition cipher reorders symbols.

i


13/109

Double Transposition

Plaintext: attackxatxdawn

Permute rows

and columns

Ciphertext: xtawxnattxadakcKey: matrix size and permutations

(3,5,1,4,2) and (1,3,2)


14/109

16.

14

Modern symmetric-key ciphers

Since traditional ciphers are no longer secure, modern

symmetric-key ciphers have been developed during thelast few decades. Modern ciphers normally use a

combination of substitution, transposition and some other

complex transformations to create a ciphertext from a

plaintext. Modern ciphers are bit-oriented (instead ofcharacter-oriented). The plaintext, ciphertext and the key

are strings of bits. In this section we briefly discuss two

examples of modern symmetric-key ciphers: DES and

AES.


15/109

Symmetric Encryption

Mathematically:Y= EK(X) or Y= E(K, X)X= DK(Y) or X= D(K, Y)

X= plaintext Y= ciphertext K= secret key E = encryption algorithm

D = decryption algorithm Both E and D are known to public

15


16/109

16.

16

Figure 16.4 The general idea of symmetric-key cryptography


17/109

Symmetric Encryption

Same key used at sender and receiver

Encryption process consists of algorithmand a secret key which is independent of

information Encryption algorithm must be such that the

encrypted information is impractical todecrypt without knowing key

Key used for encryption and decryptionmust be secret but the encryption anddecryption algorithm need not be

confidential 17


18/109

DES - Swapping of Left and

Right Halves This can bedescribedfunctionally asL(i) = R(i-1)

R(i) = L(i-1)

P(S( E(R(i-1))

K(i) ))

This forms one roundin an S-P network


19/109

19

Symmetric key crypto: DES

DES: Data Encryption Standard US encryption standard [NIST 1993]

56-bit symmetric key, 64-bit plaintext input

Block cipher with cipher block chaining

How secure is DES? DES Challenge: 56-bit-key-encrypted phrase

decrypted (brute force) in less than a day

No known good analytic attack

making DES more secure: 3DES: encrypt 3 times with 3 different keys

(actually encrypt, decrypt, encrypt)


20/109

20

Symmetric key

crypto: DES

initial permutation

16 identical rounds offunction application,each using different48 bits of key

final permutation

DES operation


21/109

DES - Swapping of Left and

Right Halves This can bedescribedfunctionally asL(i) = R(i-1)

R(i) = L(i-1)

P(S( E(R(i-1))

K(i) ))

This forms one roundin an S-P network


22/109


23/109

Advanced Encryption Standard Replacement for DES

AES competition (late 90s)NSA openly involved

Transparent process

Many strong algorithms proposed Rijndael Algorithm ultimately selected

Pronounced like Rain Doll or Rhine Doll

Developed by Joan Daemen & Vincent Rijmen

Iterated block cipher (like DES)Not a Feistel cipher (unlike DES)


24/109

AES Overview

Block size: 128, 192 or 256 bits

Key length: 128, 192 or 256 bits(independent of block size)

10 to 14 rounds (depends on key length) Each round uses 4 functions (in 3 layers)

ByteSub (nonlinear layer)

ShiftRow (linear mixing layer)

MixColumn (nonlinear layer)

AddRoundKey (key addition layer)


25/109

16.

25

16-3 ASYMMETRIC-KEY CRYPTOGRAPHY

Figure 16.7 shows the general idea of asymmetric-key

cryptography as used for confidentiality. The figure

shows that, unlike symmetric-key cryptography, there

are distinctive keys in asymmetric-key cryptography: aprivate key and a public key. If encryption and

decryption are thought of as locking and unlocking

padlocks with keys, then the padlock that is locked with

a public key can be unlocked only with thecorresponding private key. Eve should not be able to

advertise her public key to the community pretending

that it is Bobs public key.


26/109

Uses for Public Key Crypto

Confidentiality Transmitting data over insecure channel

Secure storage on insecure mediaAuthentication

Digital signature provides integrity andnon-repudiationNo non-repudiation with symmetric keys


27/109

16.

27Figure 16.7 The general idea behind asymmetric-key cryptography


28/109

Confidentiality using Public Key Encryption

This is the straightforward use of public keyencryption. Source A uses the public key KUb of thedestination to encrypt M

This scheme does not provide any authenticationbecause any opponent could also use Bs public key toencrypt a message claiming to be A

B can decrypt at the destination because he is theonly one who has the private key KRb


29/109

Authentication using Public Key Encryption

To provide the authentication part A uses its private key to encrypt themessage, and B uses As public key to decrypt to authenticate.

The principle here is similar to the digital signature principle.

The reasoning is that A should be the only one who as As private key togenerate that ciphered text.

However this does not provide confidentiality since anyone with Aspublic key can decrypt and see the message.

h d f d l P bl


30/109

Authentication and Confidentiality using PublicKey Encryption

To provide both confidentiality and authentication, Acan encrypt M first using its private key (the digital

signature), then use Bs public key which will provideconfidentiality. The only disadvantage is that the public key

algorithm, which is complex must be exercised fourtimes rather than two in each communication.


31/109

31

Message Integrity

Allows communicating parties to verifythat received messages are authentic. Content of message has not been altered

Source of message is who/what you think it is

Message has not been artificially delayed(playback attack)

Sequence of messages is maintained

A h i i d I i


32/109

Authentication and IntegrityUsing Public-Key Encryption

This will provide a digital signature as well asmessage authentication.

Advantage is that it does not require thedistribution of keys to communicating parties.

The entire message is not encrypted.


33/109

RSA

Invented by Cocks (GCHQ), independently,by Rivest, Shamir and Adleman

Let p and q be two large prime numbers

Let N = pq be the modulus

Choose e relatively prime to (p1)(q1)

Find d s.t. ed = 1 mod (p1)(q1)

Public keyis (N,e)

Private keyis (N,d)


34/109

RSA

To encrypt message M compute C = Me mod N

To decrypt C computeM = Cd mod N

Recall that e and N are public

If attacker can factor N, he can use e toeasily find d since ed = 1 mod (p1)(q1)

Factoring the modulus breaks RSA It is not known whether factoring is the

only way to break RSA


35/109

Simple RSA Example

Example of RSA Select large primes p = 11, q = 3

Then N = pq = 33 and (p1)(q1) = 20

Choose e = 3 (relatively prime to 20)

Find d such that ed = 1 mod 20, we find that d =7 works

Public key:(N, e) = (33, 3)

Private key:d = 7


36/109

Simple RSA Example

Public key:(N, e) = (33, 3)

Private key:d = 7

Suppose message M = 8

Ciphertext C is computed asC = Memod N = 83 = 512= 17 mod33

Decrypt C to recover the message M by

M = Cd

mod N = 177

= 410,338,673= 12,434,505 33 + 8 = 8 mod 33


37/109

37

RSA example:

Bob choosesp=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29(so ed-1exactly divisible by z).

bit pattern m me c = m mod ne

0000l000 12 24832 17

c m = c mod nd17 481968572106750915091411825223071697 12

cd

encrypt:

decrypt:

Encrypting 8-bit messages.


38/109

38

Why is RSA Secure?

Suppose you know Bobs public key (n,e).How hard is it to determine d?

Essentially need to find factors of nwithout knowing the two factors p and q.

Fact: factoring a big number is hard.

Generating RSA keys

Have to find big primes p and q

Approach: make good guess then applytesting rules


39/109

16.

39

16-6 KEY MANAGEMENT

To use symmetric-key cryptography, a shared secret key

needs to be established between the two parties. To use

asymmetric-key cryptography, each entity needs to

create a pair of keys and distribute the public keysecurely to the community. Key management defines

some procedures to create and distribute keys securely.


40/109

16.

40

Symmetric-key distribution

In a community with n entities, n (n 1)/2 keys are neededfor symmetric-key communication. The number of keys is

not the only problem: the distribution of keys is another. If

Alice and Bob want to communicate, they need a way to

exchange a secret key. If Alice wants to communicate with amillion people, how can she exchange a million keys with

them? Using the Internet is definitely not a secure method. It

is obvious that we need an efficient way to maintain and

distribute secret keys.


41/109

Physical Delivery of Key One of the communication party chooses key

Physically delivers to other party Third party can generate and deliver physically to both

the party

Implementation in large network is infeasible

Good for link level encryption or between pair ofadjacent nodes but not for end to end encryption

Remote Delivery of Keys via SecureChannel

Keys are different for different session Key for first session is delivered physically

Key for next session is encrypted using previous sessionkey and sent

41

Key distribution center: KDC


42/109

16.

42

Key distribution center: KDC

A practical solution is the use of a trusted third party,

referred to as a key-distribution center (KDC). Each person

establishes a shared secret key with the KDC. A secret key isestablished between the KDC and each member. The process

is as follows:

1. Alice sends a request to the KDC stating that she needs a

session (temporary) secret key between herself and Bob.

2. The KDC informs Bob about Alices request.

3. If Bob agrees, a session key is created between the two.

A session symmetric key between two parties

is used only once.

i


43/109

Diffie-Hellman

Invented by Williamson (GCHQ) and,independently, by D and H (Stanford)

A key exchange algorithm Used to establish a shared symmetric key

Not for encrypting or signing

Security rests on difficulty of discrete log

problem: given g, p, and gk mod p find k


44/109

Diffie-Hellman

Let p be prime, let g be a generator which isprimitive root of p Set(n mod p,n2modp,np-1modp)=set(1,2.p-1)

Alice selects secret value a

Bob selects secret value b

Alice sends ga mod p to Bob

Bob sends gb mod p to Alice Both compute shared secret gab mod p

Shared secret can be used as symmetric key


45/109

Diffie-Hellman

Suppose that Bob and Alice use gab mod pas a symmetric key

Trudy can see ga mod p and gb mod p

Note ga gb mod p = ga+b mod p gab mod p If Trudy can find a or b, system is broken

If Trudy can solve discrete logproblem,

then she can find a or b


46/109

Diffie-Hellman

Public:g and pSecret:Alices exponent a, Bobs exponent b

Alice, a Bob, b

ga mod p

gb mod p

Alice computes (gb)a = gba= gab mod p Bob computes (ga)b = gab mod p Could use K = gab mod p as symmetric key


47/109

Diffie-Hellman

Subject to man-in-the-middle (MiM) attack

Alice, a Bob, b

ga mod p

gb mod p

Trudy, t

gt mod p

gt mod p

Trudy shares secret gat mod p with Alice Trudy shares secret gbt mod p with Bob Alice and Bob dont know Trudy exists!


48/109

48

Diffie-Hellman: Toy Example

p = 11 and g = 5 Private keys: SA = 3 and SB = 4Public keys: T

A= gSA mod p = 53 mod 11 = 125 mod 11 = 4

TB = gSB mod p = 54 mod 11 = 625 mod 11 = 9Exchange public keys & compute shared secret: (TB)SA mod p = 93 mod 11 = 729 mod 11 = 3

(TA)SB mod p = 44 mod 11 = 256 mod 11 = 3Shared secret: 3 = symmetric key


49/109

HASH FUNCTIONS

49


50/109

50

Message Digests

Function H( ) that takes asinput an arbitrary lengthmessage and outputs afixed-length string:message signature

Note that H( ) is a many-to-1 function

H( ) is often called a hashfunction

Desirable properties: Easy to calculate

Irreversibility: Cantdetermine m from H(m)

Collision resistance:

Computationally difficultto produce m and m suchthat H(m) = H(m)

Seemingly random output

large

messagem

H: Hash

Function

H(m)


51/109

51

Hash Function Algorithms

MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step

process.

SHA-1 is also used.

US standard [NIST, FIPS PUB 180-1] 160-bit message digest

MD5


52/109

MD5 designed by Ronald Rivest (the R in RSA)

latest in a series of MD2, MD4

produces a 128-bit hash value

until recently was the most widely used hashalgorithm in recent times have both brute-force &

cryptanalytic concerns

specified as Internet standard RFC1321


53/109

MD5 Overview

MD5 Overview


54/109

MD5 Overview1. pad message so its length is 448 mod 5122. append a 64-bit length value to message3. initialise 4-word (128-bit) MD buffer

(A,B,C,D)4. process message in 16-word (512-bit) blocks

5. Divide 512 bit block into 16 sub blocks(32bits)6. Each block is processed in 4 rounds

Input to each round are 16 sub blocks buffer

values and some constants t[k] where k= 1,2 ...64 There are 16 iterations in each round Output of intermediate and final iteration is

copied to buffer

7. output hash value is the final buffer value


55/109

MD5 Compression Function


56/109

MD5 Compression Function each round has 16 steps of the form:

a = b+((a+g(b,c,d)+X[k]+T[i])


57/109

Secure Hash Algorithm (SHA-1)

SHA was designed by NIST & NSA in 1993,revised 1995 as SHA-1US standard for use with DSA signature

scheme

standard is FIPS 180-1 1995, also InternetRFC3174 nb. the algorithm is SHA, the standard is SHS

produces 160-bit hash values

now the generally preferred hash algorithm based on design of MD4 with key

differences

SHA Overview


58/109

SHA Overview

1. pad message so its length is 448 mod 512

2. append a 64-bit length value to message3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to

(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)

4. process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing &

shifting use 4 rounds of 20 bit operations on message

block & buffer add output to input to form new buffer value

5. output hash value is the final buffer value

SHA 1 C mp ssi n Functi n


59/109

SHA-1 Compression Function each round has 20 steps which replaces the

5 buffer words thus:(A,B,C,D,E)


60/109

Cryptography and Network Security

SHA-1 Compression Function

SHA 1 verses MD5


61/109

SHA-1 verses MD5 brute force attack is harder (160 vs 128

bits for MD5) not vulnerable to any known attacks

(compared to MD4/5)

a little slower than MD5 (80 vs 64 steps) both designed as simple and compact

optimised for big endian CPU's (vs MD5which is optimised for little endian CPUs)

Message Authentication Code (MAC)


62/109

Message Authentication Code (MAC)

messag

e

H( )

s

message

message

s

H( )

compare

s = shared secret

Authenticates sender Verifies message integrity No encryption ! Also called keyed hash Notation: MDm = H(s||m) ; send m||MDm


63/109

Digital Signatures

Cryptographic technique analogous to hand-written signatures.

sender (Bob) digitally signs document,

establishing he is document owner/creator. Goal is similar to that of a MAC, except now use

public-key cryptography

verifiable, nonforgeable: recipient (Alice) can

prove to someone that Bob, and no one else(including Alice), must have signed document

Digital signature = signed message digest


64/109

largemessage

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bobsprivate

key KB-

+

Bob sends digitally signedmessage:

Alice verifies signature and

integrity of digitally signedmessage:

KB(H(m))-

encryptedmsg digest

KB

(H(m))-

encryptedmsg digest

largemessage

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bobspublic

key KB+

equal?

Digital signature = signed message digest


65/109

Digital Signatures (more)

Suppose Alice receives msg m, digital signature KB

(m)

Alice verifies m signed by Bob by applying Bobspublic key KB to KB(m) then checks KB(KB(m) ) = m.

If KB(KB(m) ) = m, whoever signed m must have used

Bobs private key.

+ +

-

-

- -

+

Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m.

Non-repudiation: Alice can take m, and signature KB(m) to

court and prove that Bob signed m.

-


66/109

Public-key certification

Motivation: Trudy plays pizza prank on Bob Trudy creates e-mail order:

Dear Pizza Store, Please deliver to me fourpepperoni pizzas. Thank you, Bob

Trudy signs order with her private key

Trudy sends order to Pizza Store

Trudy sends to Pizza Store her public key, butsays its Bobs public key.

Pizza Store verifies signature; then deliversfour pizzas to Bob.

Bob doesnt even like Pepperoni


67/109

Certification Authorities

Certification authority (CA): binds public key toparticular entity, E.

E (person, router) registers its public key with CA. E provides proof of identity to CA.

CA creates certificate binding E to its public key.

certificate containing Es public key digitally signed by CACA says this is Es public key

Bobspublic

key KB+

Bobsidentifying

information

digitalsignature

(encrypt)CA

privatekey KCA

-

KB

+

certificate forBobs public key,

signed by CA


68/109

Certification Authorities

When Alice wants Bobs public key: gets Bobs certificate (Bob or elsewhere).

apply CAs public key to Bobs certificate, getBobs public key

Bobspublic

keyKB+

digitalsignature(decrypt)

CA

publickey KCA+

KB+


69/109

Certificates: summary

Primary standard X.509 (RFC 2459) Certificate contains:

Issuer name

Entity name, address, domain name, etc. Entitys public key

Digital signature (signed with issuers privatekey)

Public-Key Infrastructure (PKI) Certificates and certification authorities

Often considered heavy


70/109

KERBEROS

b


71/109

Kerberos

Part of project Athena (MIT). Trusted 3rd party authentication scheme. Assumes that hosts are not trustworthy.

Requires that each client (each request forservice) prove its identity. Does not require user to enter password

every time a service is requested!

K b D


72/109

Kerberos Design

User must identify itself once at thebeginning of a workstation session (loginsession).

Passwords are never sent across thenetwork in cleartext (or stored in memory)

K b D i ( )


73/109

Kerberos Design (cont.)

Every user has a password.

Every service has a password.

The only entity that knows all thepasswords is the Authentication Server.


74/109

74

ServerServerServerServer

Kerberos

Database

Ticket Granting

Server

Authentication

Server

Workstation

Kerberos Key Distribution Service

S K C h


75/109

Secret Key Cryptography

The encryption used by current Kerberosimplementations is DES, although KerberosV5 has hooks so that other algorithms can

be used.

encryptionplaintext ciphertext

keyciphertext plaintextdecryption

Ti k t


76/109

Tickets

Each request for a service requires aticket.

A ticket provides a single client withaccess to a single server.

Ti k t ( t )


77/109

Tickets (cont.)

Tickets are dispensed by the TicketGranting Server (TGS), which hasknowledge of all the encryption keys.

Tickets are meaningless to clients, theysimply use them to gain access to servers.

Ti k t ( t )


78/109

Tickets (cont.)

The TGSseals (encrypts) each ticket withthe secret encryption key of the server.

Sealed tickets can be sent safely over anetwork - only the server can make senseout of it.

Each ticket has a limited lifetime (a fewhours).

Ti k t C t t


79/109

Ticket Contents

Client name (user login name) Server name Client Host network address Session Key for Client/Server Ticket lifetime Creation timestamp

S i K


80/109

Session Key

Random number that is specific to asession.

Session Key is used to sealclient requests

to server. Session Key can be used to seal responses(application specific usage).

A th ti t


81/109

Authenticators

Authenticators prove a clients identity. Includes:

Client user name.

Client network address. Timestamp.

Authenticators are sealed with a sessionkey.

B t t


82/109

Bootstrap

Each time a client wants to contact aserver, it must first ask the 3rd party(TGS) for a ticket and session key.

In order to request a ticket from the TGS,the client must already have a TG ticketand a session key for communicating withthe TGS!

A th ti ti S


83/109

Authentication Server

The client sends aplaintextrequest to theASasking for a ticket it can use to talk tothe TGS.

REQUEST:

login nameTGSname

Since this request contains only well-knownnames, it does not need to be sealed.

A th ti ti S


84/109

Authentication Server The ASfinds the keys corresponding to

the login name and the TGSname. The AScreates a ticket:

login name

TGSname client network addressTGSsession key

The ASseals the ticket with the TGSsecret key.

Authentication Server Response


85/109

Authentication Server Response The ASalso creates a random session key

for the client and the TGSto use. The session key and the sealed ticket aresealed with the user (login name) secretkey.

TGS session key

Ticket:login nameTGS name

net addressTGS session key

Sealed with user key

Sealed with TGS key

Accessin the TGS


86/109

Accessing the TGS

The client decrypts the message using theusers password as the secret key.

The client now has a session key and ticketthat can be used to contact the TGS.

The client cannot see inside the ticket,since the client does not know the TGSsecret key.


87/109

When a client wants to start using a server(service), the client must first obtain aticket.

The client composes a request to send to

the TGS:

TGS Ticket

Authenticator

Server Name

sealed with

TGS key

sealed withsession key

TGS response


88/109

TGSresponse The TGSdecrypts the ticket using its

secret key. Inside is the TGS session key. The TGSdecrypts the Authenticator using

the session key.

The TGScheck to make sure login names,client addresses and TGSserver name are allOK.

TGSmakes sure the Authenticator is recent.

TGS Response


89/109

TGSResponse

Once everything checks out - the TGS: builds a ticket for the client and requested

server. The ticket is sealed with theserver key.

creates a session key seals the entire message with the TGS

session key and sends it to the client.

Client accesses Server


90/109

Client accesses Server

The client now decrypts the TGSresponseusing the TGS session key. The client now has a session key for use

with the new server, and a ticket to use

with that server. The client can contact the new server using

the same format used to access the TGS.

Kerberos Summary


91/109

Kerberos Summary

Every service request needs a ticket. Tickets come from the TGS (except the

ticket for the TGS!). Workstations cannot understand tickets,

they are encrypted using the server key. Every ticket has an associated session key. Tickets are reusable.

Kerberos Summary (cont )


92/109

92

Kerberos Summary (cont.)

Tickets have a finite lifetime. Authenticators are only used once (new

connection to a server).

Authenticators expire fast ! Server maintains list of authenticators(prevent stolen authenticators).

There is a lot more to Kerberos!!!


93/109

Elliptic Curve Cryptography

93

Elliptic curves in Cryptography


94/109

Elliptic curves in Cryptography

Elliptic Curve (EC) systems as applied tocryptography were first proposed in 1985independently by Neal Koblitz and VictorMiller.

The discrete logarithm problem on ellipticcurve groups is believed to be moredifficult than the corresponding problem in

Diffie-Helman Key Exchange.

Using Elliptic Curves In


95/109

Using Elliptic Curves InCryptography

The central part of any cryptosysteminvolving elliptic curves is the elliptic group.

All public-key cryptosystems have someunderlying mathematical operation. RSA has exponentiation (raising the message or

ciphertext to the public or private values)

ECC has point multiplication (repeated addition oftwo points).



96/109


Exampley2+xy=x3+ax2+b where x&y are variables and

a & b are constants

96

Elliptic Curve Picture


97/109

Elliptic Curve Picture

Consider elliptic curveE: y2 = x3 - x + 1

If P1 and P2 are on E, wecan defineP3 = P1 + P2

as shown in picture

Addition is all we need

P1P

2

P3

x

y

ECC


98/109

Choose an elliptic curve, make it public

Choose a point F on the curve and make it public

Check if the selected curve satisfies addition rule

Each party (A&B) chooses secret values (Pvt(A) &Pvt(B)) on the elliptic curve as private key

Each party computes public key Pub(A)= Pvt(A)*F

Pub(B)= Pvt(B)*F

Public keys are exchanged between parties

Both party calculates session key Session key= Pvt(A)*Pub(B) at user A

Session key= Pvt(B)*Pub(A) at user B

Pvt(A)*Pub(B)= Pvt(B)*Pub(A) =Pvt(A)* Pvt(B)* F

98


99/109

Firewalls

Firewalls


100/109

Firewalls

Firewall must determine what to let in tointernal network and/or what to let out

Access control for the network

InternetInternalnetworkFirewall

Firewall Terminology


101/109

Firewall Terminology

Types of firewalls Packet filterworks at network layer

Stateful packet filtertransport layer

Application proxyapplication layer Personal firewall for single user, home

network, etc.

Packet Filter


102/109

Packet Filter

Operates at network layer

Can filters based on Source IP address

Destination IP address Source Port

Destination Port

Flag bits (SYN

,ACK

, etc.) Egress or ingress

application

transport

network

link

physical

Packet Filter


103/109

Packet Filter

Advantage Speed

DisadvantagesNo state Cannot see TCP connections

Blind to application data

application

transport

network

link

physical

St t f l P k t Filt


104/109

Stateful Packet Filter

Adds state to packet filter

Operates at transport layer

Remembers TCP connections andflag bits

Can even remember UDP packets(e.g., DNS requests)

application

transport

network

link

physical



105/109


Advantages Can do everything a packet filter

can do plus...

Keep track of ongoing connectionsDisadvantages

Cannot see application data

Slower than packet filtering

application

transport

network

link

physical

Application Proxy


106/109

Application Proxy

A proxy is something that actson your behalf

Application proxy looks at

incoming application data Verifies that data is safe

before letting it in

application

transport

network

link

physical

Application Proxy


107/109

Application Proxy

Advantages Complete view of connections and

applications data

Filter bad data at application

layer (viruses, Word macros) Disadvantage

Speed

application

transport

network

link

physical

Application Proxy


108/109

Application Proxy

Creates a new packet before sending itthru to internal network

Attacker must talk to proxy and convince

it to forward message Proxy has complete view of connection

Prevents some attacks stateful packetfilter cannot

Key Management in AsymmetricE i


109/109

Encryption

Announcement of Public keys Email, distribute in multicast group, face book!!

Possible for attacker to impersonate as another

Directory of Public Keys

Like telephone directory Exchange of Public keys before Communication

Possible for attacker to impersonate as another

Use of Public key Certificates

Digital certificate A Hybrid Approach

Diffie-Hellman,ECC

Date post:	03-Apr-2018
Category:	Documents
Upload:	anantphenany9684
View:	213 times
Download:	0 times

Cryptography 120818113922 Phpapp02

Documents