Date post: | 03-Apr-2018 |
Category: |
Documents |
Upload: | anantphenany9684 |
View: | 213 times |
Download: | 0 times |
of 109
7/28/2019 Cryptography 120818113922 Phpapp02
1/109
SECURITY MANAGEMENT
1
7/28/2019 Cryptography 120818113922 Phpapp02
2/109
Basic terminology
Plaintext: original message to beencrypted
Ciphertext: the encrypted message
Enciphering or encryption: the process ofconverting plaintext into ciphertext
Encryption algorithm: performs encryption
Two inputs: a plaintext and a secret key
2
7/28/2019 Cryptography 120818113922 Phpapp02
3/109
Deciphering or decryption: recoveringplaintext from ciphertext
Decryption algorithm: performs decryption Two inputs: ciphertext and secret key
Secret key: same key used for encryption anddecryptionAlso referred to as a symmetric key
3
7/28/2019 Cryptography 120818113922 Phpapp02
4/109
Cipher or cryptographic system : a scheme forencryption and decryption
Cryptography: science of studying ciphers
Cryptanalysis:science of studying attacks
against cryptographic systems Cryptology: cryptography + cryptanalysis
4
7/28/2019 Cryptography 120818113922 Phpapp02
5/109
5
Cryptography issues
Confidentiality: only sender, intendedreceiver should understand messagecontents
sender encrypts messagereceiver decrypts message
End-Point Authentication: sender, receiverwant to confirm identity of each other
Message Integrity: sender, receiver want toensure message not altered (in transit, orafterwards) without detection
7/28/2019 Cryptography 120818113922 Phpapp02
6/109
Ciphers
Symmetric cipher: same key used forencryption and decryption
Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
Stream cipher: encrypts data one bit or one
byte at a time
Asymmetric cipher: different keys usedfor encryption and decryption
6
7/28/2019 Cryptography 120818113922 Phpapp02
7/109
Classical Ciphers
Plaintext is viewed as a sequence ofelements (e.g., bits or characters)
Substitution cipher: replacing eachelement of the plaintext with anotherelement.
Transposition (or permutation) cipher:
rearranging the order of the elementsof the plaintext.
7
7/28/2019 Cryptography 120818113922 Phpapp02
8/109
16.
8
Substitution ciphers
A substitution cipher replaces one symbol with another. Ifthe symbols in the plaintext are alphabetic characters, we
replace one character with another.
A substitution cipher replaces one symbol
with another.
i
The simplest substitution cipher is a shift cipher (additive
cipher).
7/28/2019 Cryptography 120818113922 Phpapp02
9/109
16.
9
Example 16.1
Use the additive cipher with key = 15 to encrypt the message
hello.
Solution
We apply the encryption algorithm to the plaintext, character by
character:
The ciphertext is therefore wtaad.
7/28/2019 Cryptography 120818113922 Phpapp02
10/109
Caesar Cipher
Earliest known substitution cipher Invented by Julius Caesar
Each letter is replaced by the letter three
positions further down the alphabet. Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A BC
Example: ohio state RKLR VWDWH
10
7/28/2019 Cryptography 120818113922 Phpapp02
11/109
Caesar Cipher
Mathematically, map letters to numbers:a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
Then the general Caesar cipher is:c= EK(p) = (p+ k) mod 26
p= DK(c) = (ck) mod 26
Can be generalized with any alphabet.
11
7/28/2019 Cryptography 120818113922 Phpapp02
12/109
16.
12
Transposition ciphers
A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols. A
symbol in the first position of the plaintext may appear in thetenth position of the ciphertext, while a symbol in the eighth
position in the plaintext may appear in the first position of
the ciphertext. In other words, a transposition cipher reorders
(transposes) the symbols.
A transposition cipher reorders symbols.
i
7/28/2019 Cryptography 120818113922 Phpapp02
13/109
Double Transposition
Plaintext: attackxatxdawn
Permute rows
and columns
Ciphertext: xtawxnattxadakcKey: matrix size and permutations
(3,5,1,4,2) and (1,3,2)
7/28/2019 Cryptography 120818113922 Phpapp02
14/109
16.
14
Modern symmetric-key ciphers
Since traditional ciphers are no longer secure, modern
symmetric-key ciphers have been developed during thelast few decades. Modern ciphers normally use a
combination of substitution, transposition and some other
complex transformations to create a ciphertext from a
plaintext. Modern ciphers are bit-oriented (instead ofcharacter-oriented). The plaintext, ciphertext and the key
are strings of bits. In this section we briefly discuss two
examples of modern symmetric-key ciphers: DES and
AES.
7/28/2019 Cryptography 120818113922 Phpapp02
15/109
Symmetric Encryption
Mathematically:Y= EK(X) or Y= E(K, X)X= DK(Y) or X= D(K, Y)
X= plaintext Y= ciphertext K= secret key E = encryption algorithm
D = decryption algorithm Both E and D are known to public
15
7/28/2019 Cryptography 120818113922 Phpapp02
16/109
16.
16
Figure 16.4 The general idea of symmetric-key cryptography
7/28/2019 Cryptography 120818113922 Phpapp02
17/109
Symmetric Encryption
Same key used at sender and receiver
Encryption process consists of algorithmand a secret key which is independent of
information Encryption algorithm must be such that the
encrypted information is impractical todecrypt without knowing key
Key used for encryption and decryptionmust be secret but the encryption anddecryption algorithm need not be
confidential 17
7/28/2019 Cryptography 120818113922 Phpapp02
18/109
DES - Swapping of Left and
Right Halves This can bedescribedfunctionally asL(i) = R(i-1)
R(i) = L(i-1)
P(S( E(R(i-1))
K(i) ))
This forms one roundin an S-P network
7/28/2019 Cryptography 120818113922 Phpapp02
19/109
19
Symmetric key crypto: DES
DES: Data Encryption Standard US encryption standard [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
Block cipher with cipher block chaining
How secure is DES? DES Challenge: 56-bit-key-encrypted phrase
decrypted (brute force) in less than a day
No known good analytic attack
making DES more secure: 3DES: encrypt 3 times with 3 different keys
(actually encrypt, decrypt, encrypt)
7/28/2019 Cryptography 120818113922 Phpapp02
20/109
20
Symmetric key
crypto: DES
initial permutation
16 identical rounds offunction application,each using different48 bits of key
final permutation
DES operation
7/28/2019 Cryptography 120818113922 Phpapp02
21/109
DES - Swapping of Left and
Right Halves This can bedescribedfunctionally asL(i) = R(i-1)
R(i) = L(i-1)
P(S( E(R(i-1))
K(i) ))
This forms one roundin an S-P network
7/28/2019 Cryptography 120818113922 Phpapp02
22/109
7/28/2019 Cryptography 120818113922 Phpapp02
23/109
Advanced Encryption Standard Replacement for DES
AES competition (late 90s)NSA openly involved
Transparent process
Many strong algorithms proposed Rijndael Algorithm ultimately selected
Pronounced like Rain Doll or Rhine Doll
Developed by Joan Daemen & Vincent Rijmen
Iterated block cipher (like DES)Not a Feistel cipher (unlike DES)
7/28/2019 Cryptography 120818113922 Phpapp02
24/109
AES Overview
Block size: 128, 192 or 256 bits
Key length: 128, 192 or 256 bits(independent of block size)
10 to 14 rounds (depends on key length) Each round uses 4 functions (in 3 layers)
ByteSub (nonlinear layer)
ShiftRow (linear mixing layer)
MixColumn (nonlinear layer)
AddRoundKey (key addition layer)
7/28/2019 Cryptography 120818113922 Phpapp02
25/109
16.
25
16-3 ASYMMETRIC-KEY CRYPTOGRAPHY
Figure 16.7 shows the general idea of asymmetric-key
cryptography as used for confidentiality. The figure
shows that, unlike symmetric-key cryptography, there
are distinctive keys in asymmetric-key cryptography: aprivate key and a public key. If encryption and
decryption are thought of as locking and unlocking
padlocks with keys, then the padlock that is locked with
a public key can be unlocked only with thecorresponding private key. Eve should not be able to
advertise her public key to the community pretending
that it is Bobs public key.
7/28/2019 Cryptography 120818113922 Phpapp02
26/109
Uses for Public Key Crypto
Confidentiality Transmitting data over insecure channel
Secure storage on insecure mediaAuthentication
Digital signature provides integrity andnon-repudiationNo non-repudiation with symmetric keys
7/28/2019 Cryptography 120818113922 Phpapp02
27/109
16.
27Figure 16.7 The general idea behind asymmetric-key cryptography
7/28/2019 Cryptography 120818113922 Phpapp02
28/109
Confidentiality using Public Key Encryption
This is the straightforward use of public keyencryption. Source A uses the public key KUb of thedestination to encrypt M
This scheme does not provide any authenticationbecause any opponent could also use Bs public key toencrypt a message claiming to be A
B can decrypt at the destination because he is theonly one who has the private key KRb
7/28/2019 Cryptography 120818113922 Phpapp02
29/109
Authentication using Public Key Encryption
To provide the authentication part A uses its private key to encrypt themessage, and B uses As public key to decrypt to authenticate.
The principle here is similar to the digital signature principle.
The reasoning is that A should be the only one who as As private key togenerate that ciphered text.
However this does not provide confidentiality since anyone with Aspublic key can decrypt and see the message.
h d f d l P bl
7/28/2019 Cryptography 120818113922 Phpapp02
30/109
Authentication and Confidentiality using PublicKey Encryption
To provide both confidentiality and authentication, Acan encrypt M first using its private key (the digital
signature), then use Bs public key which will provideconfidentiality. The only disadvantage is that the public key
algorithm, which is complex must be exercised fourtimes rather than two in each communication.
7/28/2019 Cryptography 120818113922 Phpapp02
31/109
31
Message Integrity
Allows communicating parties to verifythat received messages are authentic. Content of message has not been altered
Source of message is who/what you think it is
Message has not been artificially delayed(playback attack)
Sequence of messages is maintained
A h i i d I i
7/28/2019 Cryptography 120818113922 Phpapp02
32/109
Authentication and IntegrityUsing Public-Key Encryption
This will provide a digital signature as well asmessage authentication.
Advantage is that it does not require thedistribution of keys to communicating parties.
The entire message is not encrypted.
7/28/2019 Cryptography 120818113922 Phpapp02
33/109
RSA
Invented by Cocks (GCHQ), independently,by Rivest, Shamir and Adleman
Let p and q be two large prime numbers
Let N = pq be the modulus
Choose e relatively prime to (p1)(q1)
Find d s.t. ed = 1 mod (p1)(q1)
Public keyis (N,e)
Private keyis (N,d)
7/28/2019 Cryptography 120818113922 Phpapp02
34/109
RSA
To encrypt message M compute C = Me mod N
To decrypt C computeM = Cd mod N
Recall that e and N are public
If attacker can factor N, he can use e toeasily find d since ed = 1 mod (p1)(q1)
Factoring the modulus breaks RSA It is not known whether factoring is the
only way to break RSA
7/28/2019 Cryptography 120818113922 Phpapp02
35/109
Simple RSA Example
Example of RSA Select large primes p = 11, q = 3
Then N = pq = 33 and (p1)(q1) = 20
Choose e = 3 (relatively prime to 20)
Find d such that ed = 1 mod 20, we find that d =7 works
Public key:(N, e) = (33, 3)
Private key:d = 7
7/28/2019 Cryptography 120818113922 Phpapp02
36/109
Simple RSA Example
Public key:(N, e) = (33, 3)
Private key:d = 7
Suppose message M = 8
Ciphertext C is computed asC = Memod N = 83 = 512= 17 mod33
Decrypt C to recover the message M by
M = Cd
mod N = 177
= 410,338,673= 12,434,505 33 + 8 = 8 mod 33
7/28/2019 Cryptography 120818113922 Phpapp02
37/109
37
RSA example:
Bob choosesp=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29(so ed-1exactly divisible by z).
bit pattern m me c = m mod ne
0000l000 12 24832 17
c m = c mod nd17 481968572106750915091411825223071697 12
cd
encrypt:
decrypt:
Encrypting 8-bit messages.
7/28/2019 Cryptography 120818113922 Phpapp02
38/109
38
Why is RSA Secure?
Suppose you know Bobs public key (n,e).How hard is it to determine d?
Essentially need to find factors of nwithout knowing the two factors p and q.
Fact: factoring a big number is hard.
Generating RSA keys
Have to find big primes p and q
Approach: make good guess then applytesting rules
7/28/2019 Cryptography 120818113922 Phpapp02
39/109
16.
39
16-6 KEY MANAGEMENT
To use symmetric-key cryptography, a shared secret key
needs to be established between the two parties. To use
asymmetric-key cryptography, each entity needs to
create a pair of keys and distribute the public keysecurely to the community. Key management defines
some procedures to create and distribute keys securely.
7/28/2019 Cryptography 120818113922 Phpapp02
40/109
16.
40
Symmetric-key distribution
In a community with n entities, n (n 1)/2 keys are neededfor symmetric-key communication. The number of keys is
not the only problem: the distribution of keys is another. If
Alice and Bob want to communicate, they need a way to
exchange a secret key. If Alice wants to communicate with amillion people, how can she exchange a million keys with
them? Using the Internet is definitely not a secure method. It
is obvious that we need an efficient way to maintain and
distribute secret keys.
7/28/2019 Cryptography 120818113922 Phpapp02
41/109
Physical Delivery of Key One of the communication party chooses key
Physically delivers to other party Third party can generate and deliver physically to both
the party
Implementation in large network is infeasible
Good for link level encryption or between pair ofadjacent nodes but not for end to end encryption
Remote Delivery of Keys via SecureChannel
Keys are different for different session Key for first session is delivered physically
Key for next session is encrypted using previous sessionkey and sent
41
Key distribution center: KDC
7/28/2019 Cryptography 120818113922 Phpapp02
42/109
16.
42
Key distribution center: KDC
A practical solution is the use of a trusted third party,
referred to as a key-distribution center (KDC). Each person
establishes a shared secret key with the KDC. A secret key isestablished between the KDC and each member. The process
is as follows:
1. Alice sends a request to the KDC stating that she needs a
session (temporary) secret key between herself and Bob.
2. The KDC informs Bob about Alices request.
3. If Bob agrees, a session key is created between the two.
A session symmetric key between two parties
is used only once.
i
7/28/2019 Cryptography 120818113922 Phpapp02
43/109
Diffie-Hellman
Invented by Williamson (GCHQ) and,independently, by D and H (Stanford)
A key exchange algorithm Used to establish a shared symmetric key
Not for encrypting or signing
Security rests on difficulty of discrete log
problem: given g, p, and gk mod p find k
7/28/2019 Cryptography 120818113922 Phpapp02
44/109
Diffie-Hellman
Let p be prime, let g be a generator which isprimitive root of p Set(n mod p,n2modp,np-1modp)=set(1,2.p-1)
Alice selects secret value a
Bob selects secret value b
Alice sends ga mod p to Bob
Bob sends gb mod p to Alice Both compute shared secret gab mod p
Shared secret can be used as symmetric key
7/28/2019 Cryptography 120818113922 Phpapp02
45/109
Diffie-Hellman
Suppose that Bob and Alice use gab mod pas a symmetric key
Trudy can see ga mod p and gb mod p
Note ga gb mod p = ga+b mod p gab mod p If Trudy can find a or b, system is broken
If Trudy can solve discrete logproblem,
then she can find a or b
7/28/2019 Cryptography 120818113922 Phpapp02
46/109
Diffie-Hellman
Public:g and pSecret:Alices exponent a, Bobs exponent b
Alice, a Bob, b
ga mod p
gb mod p
Alice computes (gb)a = gba= gab mod p Bob computes (ga)b = gab mod p Could use K = gab mod p as symmetric key
7/28/2019 Cryptography 120818113922 Phpapp02
47/109
Diffie-Hellman
Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
gb mod p
Trudy, t
gt mod p
gt mod p
Trudy shares secret gat mod p with Alice Trudy shares secret gbt mod p with Bob Alice and Bob dont know Trudy exists!
7/28/2019 Cryptography 120818113922 Phpapp02
48/109
48
Diffie-Hellman: Toy Example
p = 11 and g = 5 Private keys: SA = 3 and SB = 4Public keys: T
A= gSA mod p = 53 mod 11 = 125 mod 11 = 4
TB = gSB mod p = 54 mod 11 = 625 mod 11 = 9Exchange public keys & compute shared secret: (TB)SA mod p = 93 mod 11 = 729 mod 11 = 3
(TA)SB mod p = 44 mod 11 = 256 mod 11 = 3Shared secret: 3 = symmetric key
7/28/2019 Cryptography 120818113922 Phpapp02
49/109
HASH FUNCTIONS
49
7/28/2019 Cryptography 120818113922 Phpapp02
50/109
50
Message Digests
Function H( ) that takes asinput an arbitrary lengthmessage and outputs afixed-length string:message signature
Note that H( ) is a many-to-1 function
H( ) is often called a hashfunction
Desirable properties: Easy to calculate
Irreversibility: Cantdetermine m from H(m)
Collision resistance:
Computationally difficultto produce m and m suchthat H(m) = H(m)
Seemingly random output
large
messagem
H: Hash
Function
H(m)
7/28/2019 Cryptography 120818113922 Phpapp02
51/109
51
Hash Function Algorithms
MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step
process.
SHA-1 is also used.
US standard [NIST, FIPS PUB 180-1] 160-bit message digest
MD5
7/28/2019 Cryptography 120818113922 Phpapp02
52/109
MD5 designed by Ronald Rivest (the R in RSA)
latest in a series of MD2, MD4
produces a 128-bit hash value
until recently was the most widely used hashalgorithm in recent times have both brute-force &
cryptanalytic concerns
specified as Internet standard RFC1321
7/28/2019 Cryptography 120818113922 Phpapp02
53/109
MD5 Overview
MD5 Overview
7/28/2019 Cryptography 120818113922 Phpapp02
54/109
MD5 Overview1. pad message so its length is 448 mod 5122. append a 64-bit length value to message3. initialise 4-word (128-bit) MD buffer
(A,B,C,D)4. process message in 16-word (512-bit) blocks
5. Divide 512 bit block into 16 sub blocks(32bits)6. Each block is processed in 4 rounds
Input to each round are 16 sub blocks buffer
values and some constants t[k] where k= 1,2 ...64 There are 16 iterations in each round Output of intermediate and final iteration is
copied to buffer
7. output hash value is the final buffer value
7/28/2019 Cryptography 120818113922 Phpapp02
55/109
MD5 Compression Function
7/28/2019 Cryptography 120818113922 Phpapp02
56/109
MD5 Compression Function each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])
7/28/2019 Cryptography 120818113922 Phpapp02
57/109
Secure Hash Algorithm (SHA-1)
SHA was designed by NIST & NSA in 1993,revised 1995 as SHA-1US standard for use with DSA signature
scheme
standard is FIPS 180-1 1995, also InternetRFC3174 nb. the algorithm is SHA, the standard is SHS
produces 160-bit hash values
now the generally preferred hash algorithm based on design of MD4 with key
differences
SHA Overview
7/28/2019 Cryptography 120818113922 Phpapp02
58/109
SHA Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)
4. process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing &
shifting use 4 rounds of 20 bit operations on message
block & buffer add output to input to form new buffer value
5. output hash value is the final buffer value
SHA 1 C mp ssi n Functi n
7/28/2019 Cryptography 120818113922 Phpapp02
59/109
SHA-1 Compression Function each round has 20 steps which replaces the
5 buffer words thus:(A,B,C,D,E)
7/28/2019 Cryptography 120818113922 Phpapp02
60/109
Cryptography and Network Security
SHA-1 Compression Function
SHA 1 verses MD5
7/28/2019 Cryptography 120818113922 Phpapp02
61/109
SHA-1 verses MD5 brute force attack is harder (160 vs 128
bits for MD5) not vulnerable to any known attacks
(compared to MD4/5)
a little slower than MD5 (80 vs 64 steps) both designed as simple and compact
optimised for big endian CPU's (vs MD5which is optimised for little endian CPUs)
Message Authentication Code (MAC)
7/28/2019 Cryptography 120818113922 Phpapp02
62/109
Message Authentication Code (MAC)
messag
e
H( )
s
message
message
s
H( )
compare
s = shared secret
Authenticates sender Verifies message integrity No encryption ! Also called keyed hash Notation: MDm = H(s||m) ; send m||MDm
7/28/2019 Cryptography 120818113922 Phpapp02
63/109
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
sender (Bob) digitally signs document,
establishing he is document owner/creator. Goal is similar to that of a MAC, except now use
public-key cryptography
verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else(including Alice), must have signed document
Digital signature = signed message digest
7/28/2019 Cryptography 120818113922 Phpapp02
64/109
largemessage
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bobsprivate
key KB-
+
Bob sends digitally signedmessage:
Alice verifies signature and
integrity of digitally signedmessage:
KB(H(m))-
encryptedmsg digest
KB
(H(m))-
encryptedmsg digest
largemessage
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bobspublic
key KB+
equal?
Digital signature = signed message digest
7/28/2019 Cryptography 120818113922 Phpapp02
65/109
Digital Signatures (more)
Suppose Alice receives msg m, digital signature KB
(m)
Alice verifies m signed by Bob by applying Bobspublic key KB to KB(m) then checks KB(KB(m) ) = m.
If KB(KB(m) ) = m, whoever signed m must have used
Bobs private key.
+ +
-
-
- -
+
Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m.
Non-repudiation: Alice can take m, and signature KB(m) to
court and prove that Bob signed m.
-
7/28/2019 Cryptography 120818113922 Phpapp02
66/109
Public-key certification
Motivation: Trudy plays pizza prank on Bob Trudy creates e-mail order:
Dear Pizza Store, Please deliver to me fourpepperoni pizzas. Thank you, Bob
Trudy signs order with her private key
Trudy sends order to Pizza Store
Trudy sends to Pizza Store her public key, butsays its Bobs public key.
Pizza Store verifies signature; then deliversfour pizzas to Bob.
Bob doesnt even like Pepperoni
7/28/2019 Cryptography 120818113922 Phpapp02
67/109
Certification Authorities
Certification authority (CA): binds public key toparticular entity, E.
E (person, router) registers its public key with CA. E provides proof of identity to CA.
CA creates certificate binding E to its public key.
certificate containing Es public key digitally signed by CACA says this is Es public key
Bobspublic
key KB+
Bobsidentifying
information
digitalsignature
(encrypt)CA
privatekey KCA
-
KB
+
certificate forBobs public key,
signed by CA
7/28/2019 Cryptography 120818113922 Phpapp02
68/109
Certification Authorities
When Alice wants Bobs public key: gets Bobs certificate (Bob or elsewhere).
apply CAs public key to Bobs certificate, getBobs public key
Bobspublic
keyKB+
digitalsignature(decrypt)
CA
publickey KCA+
KB+
7/28/2019 Cryptography 120818113922 Phpapp02
69/109
Certificates: summary
Primary standard X.509 (RFC 2459) Certificate contains:
Issuer name
Entity name, address, domain name, etc. Entitys public key
Digital signature (signed with issuers privatekey)
Public-Key Infrastructure (PKI) Certificates and certification authorities
Often considered heavy
7/28/2019 Cryptography 120818113922 Phpapp02
70/109
KERBEROS
b
7/28/2019 Cryptography 120818113922 Phpapp02
71/109
Kerberos
Part of project Athena (MIT). Trusted 3rd party authentication scheme. Assumes that hosts are not trustworthy.
Requires that each client (each request forservice) prove its identity. Does not require user to enter password
every time a service is requested!
K b D
7/28/2019 Cryptography 120818113922 Phpapp02
72/109
Kerberos Design
User must identify itself once at thebeginning of a workstation session (loginsession).
Passwords are never sent across thenetwork in cleartext (or stored in memory)
K b D i ( )
7/28/2019 Cryptography 120818113922 Phpapp02
73/109
Kerberos Design (cont.)
Every user has a password.
Every service has a password.
The only entity that knows all thepasswords is the Authentication Server.
7/28/2019 Cryptography 120818113922 Phpapp02
74/109
74
ServerServerServerServer
Kerberos
Database
Ticket Granting
Server
Authentication
Server
Workstation
Kerberos Key Distribution Service
S K C h
7/28/2019 Cryptography 120818113922 Phpapp02
75/109
Secret Key Cryptography
The encryption used by current Kerberosimplementations is DES, although KerberosV5 has hooks so that other algorithms can
be used.
encryptionplaintext ciphertext
keyciphertext plaintextdecryption
Ti k t
7/28/2019 Cryptography 120818113922 Phpapp02
76/109
Tickets
Each request for a service requires aticket.
A ticket provides a single client withaccess to a single server.
Ti k t ( t )
7/28/2019 Cryptography 120818113922 Phpapp02
77/109
Tickets (cont.)
Tickets are dispensed by the TicketGranting Server (TGS), which hasknowledge of all the encryption keys.
Tickets are meaningless to clients, theysimply use them to gain access to servers.
Ti k t ( t )
7/28/2019 Cryptography 120818113922 Phpapp02
78/109
Tickets (cont.)
The TGSseals (encrypts) each ticket withthe secret encryption key of the server.
Sealed tickets can be sent safely over anetwork - only the server can make senseout of it.
Each ticket has a limited lifetime (a fewhours).
Ti k t C t t
7/28/2019 Cryptography 120818113922 Phpapp02
79/109
Ticket Contents
Client name (user login name) Server name Client Host network address Session Key for Client/Server Ticket lifetime Creation timestamp
S i K
7/28/2019 Cryptography 120818113922 Phpapp02
80/109
Session Key
Random number that is specific to asession.
Session Key is used to sealclient requests
to server. Session Key can be used to seal responses(application specific usage).
A th ti t
7/28/2019 Cryptography 120818113922 Phpapp02
81/109
Authenticators
Authenticators prove a clients identity. Includes:
Client user name.
Client network address. Timestamp.
Authenticators are sealed with a sessionkey.
B t t
7/28/2019 Cryptography 120818113922 Phpapp02
82/109
Bootstrap
Each time a client wants to contact aserver, it must first ask the 3rd party(TGS) for a ticket and session key.
In order to request a ticket from the TGS,the client must already have a TG ticketand a session key for communicating withthe TGS!
A th ti ti S
7/28/2019 Cryptography 120818113922 Phpapp02
83/109
Authentication Server
The client sends aplaintextrequest to theASasking for a ticket it can use to talk tothe TGS.
REQUEST:
login nameTGSname
Since this request contains only well-knownnames, it does not need to be sealed.
A th ti ti S
7/28/2019 Cryptography 120818113922 Phpapp02
84/109
Authentication Server The ASfinds the keys corresponding to
the login name and the TGSname. The AScreates a ticket:
login name
TGSname client network addressTGSsession key
The ASseals the ticket with the TGSsecret key.
Authentication Server Response
7/28/2019 Cryptography 120818113922 Phpapp02
85/109
Authentication Server Response The ASalso creates a random session key
for the client and the TGSto use. The session key and the sealed ticket aresealed with the user (login name) secretkey.
TGS session key
Ticket:login nameTGS name
net addressTGS session key
Sealed with user key
Sealed with TGS key
Accessin the TGS
7/28/2019 Cryptography 120818113922 Phpapp02
86/109
Accessing the TGS
The client decrypts the message using theusers password as the secret key.
The client now has a session key and ticketthat can be used to contact the TGS.
The client cannot see inside the ticket,since the client does not know the TGSsecret key.
7/28/2019 Cryptography 120818113922 Phpapp02
87/109
When a client wants to start using a server(service), the client must first obtain aticket.
The client composes a request to send to
the TGS:
TGS Ticket
Authenticator
Server Name
sealed with
TGS key
sealed withsession key
TGS response
7/28/2019 Cryptography 120818113922 Phpapp02
88/109
TGSresponse The TGSdecrypts the ticket using its
secret key. Inside is the TGS session key. The TGSdecrypts the Authenticator using
the session key.
The TGScheck to make sure login names,client addresses and TGSserver name are allOK.
TGSmakes sure the Authenticator is recent.
TGS Response
7/28/2019 Cryptography 120818113922 Phpapp02
89/109
TGSResponse
Once everything checks out - the TGS: builds a ticket for the client and requested
server. The ticket is sealed with theserver key.
creates a session key seals the entire message with the TGS
session key and sends it to the client.
Client accesses Server
7/28/2019 Cryptography 120818113922 Phpapp02
90/109
Client accesses Server
The client now decrypts the TGSresponseusing the TGS session key. The client now has a session key for use
with the new server, and a ticket to use
with that server. The client can contact the new server using
the same format used to access the TGS.
Kerberos Summary
7/28/2019 Cryptography 120818113922 Phpapp02
91/109
Kerberos Summary
Every service request needs a ticket. Tickets come from the TGS (except the
ticket for the TGS!). Workstations cannot understand tickets,
they are encrypted using the server key. Every ticket has an associated session key. Tickets are reusable.
Kerberos Summary (cont )
7/28/2019 Cryptography 120818113922 Phpapp02
92/109
92
Kerberos Summary (cont.)
Tickets have a finite lifetime. Authenticators are only used once (new
connection to a server).
Authenticators expire fast ! Server maintains list of authenticators(prevent stolen authenticators).
There is a lot more to Kerberos!!!
7/28/2019 Cryptography 120818113922 Phpapp02
93/109
Elliptic Curve Cryptography
93
Elliptic curves in Cryptography
7/28/2019 Cryptography 120818113922 Phpapp02
94/109
Elliptic curves in Cryptography
Elliptic Curve (EC) systems as applied tocryptography were first proposed in 1985independently by Neal Koblitz and VictorMiller.
The discrete logarithm problem on ellipticcurve groups is believed to be moredifficult than the corresponding problem in
Diffie-Helman Key Exchange.
Using Elliptic Curves In
7/28/2019 Cryptography 120818113922 Phpapp02
95/109
Using Elliptic Curves InCryptography
The central part of any cryptosysteminvolving elliptic curves is the elliptic group.
All public-key cryptosystems have someunderlying mathematical operation. RSA has exponentiation (raising the message or
ciphertext to the public or private values)
ECC has point multiplication (repeated addition oftwo points).
Elliptic Curve Cryptography
7/28/2019 Cryptography 120818113922 Phpapp02
96/109
Elliptic Curve Cryptography
Exampley2+xy=x3+ax2+b where x&y are variables and
a & b are constants
96
Elliptic Curve Picture
7/28/2019 Cryptography 120818113922 Phpapp02
97/109
Elliptic Curve Picture
Consider elliptic curveE: y2 = x3 - x + 1
If P1 and P2 are on E, wecan defineP3 = P1 + P2
as shown in picture
Addition is all we need
P1P
2
P3
x
y
ECC
7/28/2019 Cryptography 120818113922 Phpapp02
98/109
Choose an elliptic curve, make it public
Choose a point F on the curve and make it public
Check if the selected curve satisfies addition rule
Each party (A&B) chooses secret values (Pvt(A) &Pvt(B)) on the elliptic curve as private key
Each party computes public key Pub(A)= Pvt(A)*F
Pub(B)= Pvt(B)*F
Public keys are exchanged between parties
Both party calculates session key Session key= Pvt(A)*Pub(B) at user A
Session key= Pvt(B)*Pub(A) at user B
Pvt(A)*Pub(B)= Pvt(B)*Pub(A) =Pvt(A)* Pvt(B)* F
98
7/28/2019 Cryptography 120818113922 Phpapp02
99/109
Firewalls
Firewalls
7/28/2019 Cryptography 120818113922 Phpapp02
100/109
Firewalls
Firewall must determine what to let in tointernal network and/or what to let out
Access control for the network
InternetInternalnetworkFirewall
Firewall Terminology
7/28/2019 Cryptography 120818113922 Phpapp02
101/109
Firewall Terminology
Types of firewalls Packet filterworks at network layer
Stateful packet filtertransport layer
Application proxyapplication layer Personal firewall for single user, home
network, etc.
Packet Filter
7/28/2019 Cryptography 120818113922 Phpapp02
102/109
Packet Filter
Operates at network layer
Can filters based on Source IP address
Destination IP address Source Port
Destination Port
Flag bits (SYN
,ACK
, etc.) Egress or ingress
application
transport
network
link
physical
Packet Filter
7/28/2019 Cryptography 120818113922 Phpapp02
103/109
Packet Filter
Advantage Speed
DisadvantagesNo state Cannot see TCP connections
Blind to application data
application
transport
network
link
physical
St t f l P k t Filt
7/28/2019 Cryptography 120818113922 Phpapp02
104/109
Stateful Packet Filter
Adds state to packet filter
Operates at transport layer
Remembers TCP connections andflag bits
Can even remember UDP packets(e.g., DNS requests)
application
transport
network
link
physical
Stateful Packet Filter
7/28/2019 Cryptography 120818113922 Phpapp02
105/109
Stateful Packet Filter
Advantages Can do everything a packet filter
can do plus...
Keep track of ongoing connectionsDisadvantages
Cannot see application data
Slower than packet filtering
application
transport
network
link
physical
Application Proxy
7/28/2019 Cryptography 120818113922 Phpapp02
106/109
Application Proxy
A proxy is something that actson your behalf
Application proxy looks at
incoming application data Verifies that data is safe
before letting it in
application
transport
network
link
physical
Application Proxy
7/28/2019 Cryptography 120818113922 Phpapp02
107/109
Application Proxy
Advantages Complete view of connections and
applications data
Filter bad data at application
layer (viruses, Word macros) Disadvantage
Speed
application
transport
network
link
physical
Application Proxy
7/28/2019 Cryptography 120818113922 Phpapp02
108/109
Application Proxy
Creates a new packet before sending itthru to internal network
Attacker must talk to proxy and convince
it to forward message Proxy has complete view of connection
Prevents some attacks stateful packetfilter cannot
Key Management in AsymmetricE i
7/28/2019 Cryptography 120818113922 Phpapp02
109/109
Encryption
Announcement of Public keys Email, distribute in multicast group, face book!!
Possible for attacker to impersonate as another
Directory of Public Keys
Like telephone directory Exchange of Public keys before Communication
Possible for attacker to impersonate as another
Use of Public key Certificates
Digital certificate A Hybrid Approach
Diffie-Hellman,ECC