lecture 3 - Philadelphia University Jordan

Download Report

Transcript lecture 3 - Philadelphia University Jordan 

Module 3
Encryption Protocols and Practices
MModified by :Ahmad Al Ghoul
PPhiladelphia University
FFaculty Of Administrative & Financial Sciences
BBusiness Networking & System Management Department
RRoom Number 32406
EE-mail Address: [email protected]
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
1
Objectives
 Definition of Prtocol.
 Types Of Protocols.
 Key Distribution.
 Digital Signature.
 Key Escrow.
 Voting By Computer.
 Oblivious Transfer.
 Certified Mail.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
2
Definition of Protocols
 Definition of Protocols
– A protocol is an orderly sequence of steps two or more parties take
to accomplish some task
 A good protocol has the following
 Characteristics
– Established in advance: the protocol is completely designed
before it is used.
– Mutually subscribed: all parties to the protocol agree to follow its
steps, in order.
– Unambiguous: no party can fail to follow a step properly because
the party has misunderstand the step.
– Complete: for every situation that can occur there is a prescribed
action to be taken.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
3
Protocols
 Protocols are also used in computer- to –
computer communication. A computer needs
to know when to “speak”, when to “listen”,
with whom it is communicating, whether it
has received all of a particular
communication, and so forth. In a twocomputer communication, both computers
must follow the same protocol in order for
either to participate.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
4
Kinds of Protocols
 Certain task, such as negotiating
contracts, voting, distributing
information, are simple human activities.
However, many of these tasks depend on
a witness to ensure fairness.
 We must develop protocols by which
two suspicious parties can interact with
each other and be convinced of fairness.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
5
Kinds of Protocols
 Process vs. Mechanism
– protocols separate the process of accomplishing a task from
the mechanism by which it is done
– a protocol specifies only the rules of behavior
• we verify the correctness of the process at a high level
– after becoming convinced of the correctness of the design,
we implement the protocol using some mechanism
• using some particular language or encryption system
• we need only verify that the mechanism correctly reflects
the design
• we can later change the implementation without affecting
the design
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
6
Kinds of Protocols
 Fairness
– in order to use computers more effectively, we must develop
protocols by which two suspicious parties can interact with
each other and be convinced of fairness
 Types of Protocols
– Arbitrated Protocols
– Adjudicated Protocols
– Self-Enforcing Protocols
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
7
Types of Protocols
 Arbitrated Protocols
 In a computer protocol arbiter is a trustworthy third party who
ensures fairness. The arbiter might be a person , a program, or a
machine. For example, in a network an arbiter might be a
program running on one machine of the network. The program
receives and forwards messages between users. The user trust
that when the arbiter forwards a message saying it comes from
A, the message really did come from user A.the notion of an
arbiter is the basis for type of secure protocol called an
arbitrated protocol.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
8
Arbitrated Protocols disadvantages
 1- The two sides may not be able to find a neutral third party that




both sides trust. Suspicious users are rightfully suspicious of
unknown arbiter in a network.
2- Maintaining the availability of an arbiter represents a cost to the
users or the network ; that cost may be high.
3- Arbitration causes a time delay in communication because a third
party must receive, act on, and then forward every transaction.
4- If the arbitration service is heavily used, it may become a
bottleneck in the network as many users try to access a single arbiter.
5- Secrecy becomes vulnerable, because the arbiter has access to
much sensitive information.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
9
Types of Protocols
 Adjudicated Protocols
Its disinterested third party to judge fairness based on
evidences.
Not only can a third party determine whether two parties
acted fairly, that is, within the rules of the protocol, but
third party can also determine who cheated.
Adjudicated protocols involve the services of a third party
only in case of a dispute. Therefore, they are usually less
costly, in terms of machine time or access to a trusted third
party software judge, than arbitrated protocols. However,
adjudicated protocols detect a failure to cooperate only
after the failure has occurred
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
10
Types of Protocols
 Self-Enforcing Protocols
Is one that guarantees fairness. If either party
tries to cheat, that fact becomes evident to
the other party. No outsider is needed to
ensure fairness.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
11
Kinds of Protocols
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
12
Protocols to Solve Problems
 When two humans interact directly, they do so differently
than if there is a computer between them. Although there
may be differences in the approach, we want to devise
protocols for the automated environment by which people
can carry out everyday tasks.
 The following problems will be considered
 Voting by Computer
 Oblivious Transfer
 Contract Signing
 Certified Mail
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
13
Digital Signature
 A digital signature is a protocol that produces the same
effect as a real signature
– two primary conditions
• Unforgeable: if a person P signs message M with
signature S(P,M), it is impossible for anyone else to
produce the pair [M,S(P,M)]
• Authentic: if a person R receives the pair [M,S(P,M)]
each one from P, R can check that the signature is
really from P. only P could have created this
signature, and the signature is firmly attached to M
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
14
Digital Signature
– two desirable conditions
• not alterable:after being transmitted, M cannot be
changed by S,R, or an interceptor.
• not reusable: a pervious message presented will
instantly detected by R
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
15
Cryptography
 Why?
– The word cryptography comes from the Greek:
• Kruptos which means hidden
• Graphien which means to write
– Cryptography is the art of encoding data by
means of the encryption process.
– To satisfy the following needs:
•
•
•
•
Authentication
Confidentiality
Integrity
Non-repudiation
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
16
Cryptography
 A few definitions (cont’d)!
– Encryption Algorithm:
• A series of operations used to encrypt and decrypt data
– Encryption Key:
• A sequence of symbols used by the encryption algorithm when
data encryption and decryption takes place. Without it, it is
impossible to return to plaintext.
– Cryptology:
• Cryptology is a mathematical science comprising two streams:
cryptography and cryptanalysis.
– Cryptanalysis:
• The opposite of cryptography, cryptanalysis seeks weaknesses in
order to decrypt ciphertext.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
17
Cryptography
– Regular text <=> algorithm <=> crypto-text
• Algorithm only
– Secret and vulnerable algorithm
• Algorithm + key = lock
– Public algorithm remains secure.
– The key is the key to the secret.
Plaintext
Algorithm
Ciphertext
Encryption
key
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
18
Cryptography
 Limitations of the public key
– Keys that are shorter than 512 bits (154 digits)
are not secure
– 1,024 is ideal (308 digits)
– Keys can be distributed or reset on a public key
server
– Key authentication is necessary
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
19
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
20
Cryptography
 Examples of encryption algorithms…
– Symmetrical:
(or secret key)
• DES and triple
DES (3DES)
• IDEA
• RC-4, RC-5, RC-6
• AES
Network Security
Philadelphia University
– Asymmetrical
(or public key)
:
• RSA
• ElGamal
• DSA
Ahmad Al- Ghoul 2010-2011
21
Cryptography
Digital signatures
Objective:
the
to ensure the integrity of the data and
authentication of the message
Characteristics: authentic, unalterable, cannot be re-
used or copied
– The signature is a cryptography.
– The signature is different every time.
– Operates in the same manner as encrypted public keys
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
22
Cryptography
 Key management
 … involves five major steps:
– Generates keys that are difficult to crack
– Distributes them in a secure manner
– Certifies that they are usable
– Protects them at the time of their use
– Revokes them when they are compromised
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
23
Cryptography
 Key management
– Generates keys that are difficult to crack
= 000000000000000000000...
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
24
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
25
Cryptography
 Key management
– Certifies that they are usable
– Protects them at the time of their use
– Revokes them when they are compromised
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
26
Cryptography  Secret key
management
shared
key
KDC
shared
key
shared
key
shared
key
Network Security
Philadelphia University
shared
key
computer pirate
Ahmad Al- Ghoul 2010-2011
27
Cryptography
 Digital certificates
– Digital certificates are electronic folders containing the public
key and information on the user as well as the CA’s signature.
– The following information is found on a X.509 certificate:
• The certificate’s version number
• The certificate’s serial number
• The algorithm used to sign the certificate
• The certificate’s issuer
• The certificate’s retention period
• The public key issuer
• Information on the public key
• Extensions introduced by versions 2 and 3
• The issuer’s digital signature
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
28
Symmetric Key Digital Signature (1)
 With a private key encryption system the secrecy
of the key guarantees the authenticity of the
massage, as well as its secrecy.
 Symmetric key encryption doesn't prevent forgery,
the receiving party can create an identical
message, because it has the same key, so there is
no protection against the repudiation ( denial of
sending a message ).
 To solve this problem, there must be trusted third
party A
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
29
Symmetric Key Digital Signature(2)
 Symmetric Key Digital Signature
– using arbiter, A
• S(sender) share a secret key
• R(receiver) share a secret key
– using symmetric encryption
– protocol : SKDS-1
with A
KS
with A
KR
2. E (( M , S , E ( M , K S )), K R )
1. E ( M , K S )
arbiter
R
S
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
30
Digital Signature without Encryption(1)
 If S and R are not concerned with secrecy, they can agree on a







cryptographic sealing to use as a signature, the seal is a stamp, mark to
prove the authenticity. A sealing function is a mathematical function
affected by every bit of its input.
Suppose S and R have each registered a personal sealing function with
arbiter
Let fs and fR be these two functions.
S sends M and fs(m) to A.
A also computes fs(M) from the copy of M received from S.
If two values match the massage is authenticated.
A sends M, s, fs(m), and fR((M,S)) to R.
R cannot interrupt fs(M) but can use it as evidence that S sent M.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
31
Digital Signature without Encryption(2)
 Digital Signature without Encryption
– using arbiter, A
– using cryptographic sealing function:
• e.g. keying hash function like HMAC-SHA
– protocol : SKDS-2
1. M , f S ( M )
2. M , S , f S (M ), f R (M , S )
arbiter
R
S
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
32
Digital Signature without Encryption(3)
 Preventing Reuse or Alternation
– SKDS-1 and SKDS-2
• satisfy two primary conditions for digital signature:
unforgeable and authentic
– do not satisfy two desirable conditions for
digital signature: not alterable and not reusable
– solution
• not reusable : use time stamp
• not alterable : make each piece depend on time
stamp
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
33
 Preventing Reuse or Alternation
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
34
Digital signature
Pau
Plain text
Plaintext
Simon
Sign
Verify
Signature
Simon private key
Network Security
Philadelphia University
Plaintext
Ahmad Al- Ghoul 2010-2011
Verifies?
Yes, NO
Simon public key
35
 Public key solution is much less cumbersome than
the single key solution
 One disadvantage is that the message is authentic
but not private (as everyone can decrypt with the
public key)
 This can be overcome by using two encryption
– in the first you encrypt the message with the public key
of the recipient - the message can be read only by the
recipient - it is private - confidentiality is provided
– in the second (the envelope) you encrypt the encrypted
message with your secret key - the message was sent
only by you as only you know your private key - the
message is authentic
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
36
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
37
Cryptography
 Hashing functions
 Produces a 128-bit checksum
 Processes incoming data in blocks of 512
MD5
bits
(16 32-bit blocks)
 4 repetitions of 16 operations
 The result is 4 32-bit blocks
 Produces a 160-bit checksum
 Processes incoming data in blocks of 512
SHA
Network Security
Philadelphia University
bits
(16 32-bit blocks–> 80 32-bit
blocks)
 4 repetitions of 20 operations
 The result is 5 32-bit blocks
Ahmad Al- Ghoul 2010-2011
38
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
39
Hash Function Requirements
A hash function H must have the following properties:
 H can be applied to a block of data of any size
 H produces a fixed-length output
 H(x) is relatively easy to compute for any given x,
making both hardware and software implementations
practical
 For any given code h, it is computationally infeasible
to find x such that h(x)=h
 For any given block x, it is computationally infeasible
to find yx with h(y)=h(x)
 It is computationally infeasible to find any pair (x, y)
such that h(x)=h(y)
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
40
Message Authentication Using a Oneway Hash Function (1)
Message
B
Message
Message
A
H
K
H
Compare
K
D
E
Network Security
Philadelphia University
Using conventional
encryption
Ahmad Al- Ghoul 2010-2011
41
Message Authentication Using a Oneway Hash Function (2)
H
Message
B
Message
Message
A
H
Kpublic Compar
e
Kprivate
D
E
Using public-key encryption (Digital
Network Security
Signature)
Philadelphia University
Ahmad Al- Ghoul 2010-2011
42
Report
 Discus one of these topics
 1- man in middle attack.
 2- (RSA)Rivest, Shamir, and Adleman, A method
for obtaining digital signatures and public-key
cryptosystems .
 3-Brute force attack.
Network Security
Philadelphia University
Ahmad Al- Ghoul 2010-2011
43