Transcript slides
L8. Reviews
Rocky K. C. Chang, May 2011
Foci of this course
Understand the 3 fundamental cryptographic functions
and how they are used in network security.
Understand the main elements in securing today’s
Internet infrastructure.
Exposed to some current Internet security problems.
2
Rocky K. C. Chang
Types of attacks
Passive attacks (eavesdropping), e.g.,
ciphertext-only attacks (recognizable plaintext attacks)
known-plaintext attacks
Fred has obtained some <plaintext, ciphertext> pairs.
chosen-plaintext attacks
Fred has seen some ciphertext.
Fred can choose any plaintext he wants.
Active attacks, e.g.,
pretend to be someone else (impersonation)
introduce new messages in the protocol
delete existing messages
substituting one message for another
replay old messages
3
Rocky K. C. Chang
Three cryptographic functions
Hash functions: require 0 key
Secret key functions: require 1 key
Public key functions: require 2 keys
Secret key
functions
Secrecy
service
4
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
Secret key
functions
Secrecy
service
5
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
Symmetric cryptography
Secret key functions
Stream cipher vs block cipher
Symmetric cryptography based on substitution (confusion) and diffusion
64-bit DES and 128/192/256-bit AES
Secrecy service
Encrypting data of any size: cipher block chaining (CBC)
Security problems with CBC, e.g., identical and nonidentical ciphertext
blocks.
6
Rocky K. C. Chang
Secret key
functions
Secrecy
service
7
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
Cryptographic hash functions and
MAC
Hash functions
3 properties: pre-image resistance, collision resistance, and mixing
transformation
The birthday problem and attack
k 1.774q, where q is the number of distinct hash outputs
The length of a secure hash output ≥ 256 bits
Hash function standards (MDx, SHA-x)
2 problems: length extension and partial message collision
Message authentication codes
A successful attack on MAC
CBC-MAC and HMAC
8
Rocky K. C. Chang
Secret key
functions
Secrecy
service
9
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
The public-key cryptography
Prime numbers, modulo a prime
A group for the set of numbers modulo a prime p without 0
under multiplication
Compute the multiplicative inverse using the extended Euclid
algorithm.
Generate a large prime number.
The Rabin-Miller test determines whether an odd integer is prime.
Each party involved in a public-key cryptographic system is one
secret and one public “key”.
10
Rocky K. C. Chang
The Diffie-Hellman (DH) protocol
The DH protocol uses the multiplicative group modulo p,
where p is a very large prime.
The basic Diffie-Hellman (DH) protocol
A generator g generates a set of numbers 1, g, g2, …, gt-1 (gt = 1 again).
Subgroups (t < p-1) and group (t = p-1)
(g, p) and a random number in (1, 2, …, p-1)
The discrete logarithm problem
Security problems
Using a smaller subgroup ({1}, {1, p-1}) and a safe prime
Squares and nonsquares
Man in the middle attack
11
Rocky K. C. Chang
Alice
Bob
Check (p, q, g)
Check (p, q, g)
Randomly pick x
from {1, …, q-1}
X = gx
Check 1 < X < p
and Xq = 1
Y = gy
Randomly pick y
from Z*p
Check 1 < Y < p
and Yq = 1
k Yx mod p
12
Rocky K. C. Chang
k Xy mod p
The RSA algorithm
In RSA, we perform modulo a composite number n = p q,
where p and q are large primes.
Use 2 different exponents e (public) and d (private), such that e d = 1
mod t, where t = lcm(p – 1, q – 1).
To encrypt m, compute c = me mod n; to decrypt c, compute
cd mod n = m.
To sign m, compute s = m1/e mod n; to verify the signature,
compute se = m mod n.
Choices of e, p, and q
Pitfalls of using RSA, e.g., encrypting a small message, message
signing.
13
Rocky K. C. Chang
Secret key
functions
Secrecy
service
14
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
Authentication
Network-based, password-based
Cryptographic authentication
Symmetric and asymmetric
Challenge and response
Mutual authentication 2 x one-way authentication.
Reflection attack and man in the middle attack
Principles:
One-way: Have the responder influence on what she encrypts or hashes.
Have both parties have some influence over the quantity signed.
15
Rocky K. C. Chang
Secret key
functions
Secrecy
service
16
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
Authenticated key exchange
Authenticated Diffie-Hellman exchange
Perfect forward secrecy
Allow both sides to agree on the crypto. algorithms and
the DH parameters.
A partial solution to denial-of service attacks using
cookies
It is prudent to couple the key exchange with
authentication.
17
Rocky K. C. Chang
Alice
Bob
s min p size
Randomly pick Na
from {0, …,2256-1}
s, Na
Choose (p, q, g)
Randomly pick x
from {1, …, q-1}
(p, q, g), X = gx, AUTHB
Check (p, g, q), X,
AUTHB
Randomly pick y
from {1, …, q-1}
k h(Xy mod p)
Y = gy, AUTHA
Check Y, AUTHA
k h(Yx mod p)
18
Rocky K. C. Chang
Secure network protocols
in practice
Secret key
functions
Secrecy
service
20
Rocky K. C. Chang
Public key
functions
Authentication
service
Hash
functions
Message
integrity service
Nonrepudiation
service
PKI
Alice generates her public/private key pair.
There will never be a single CA for all or most of all.
Keep the private key.
Take the public key to the CA, say k
The CA has to verify that Alice is who she says she is.
The CA then issues a digital statement stating that k belongs to Alice.
There are going to be a large number of PKIs.
Use different key pairs in different PKIs.
Choose between a key server approach and a PKI approach.
21
Rocky K. C. Chang
IPSec
Unicast, unidirectional security association at the IP layer
Authentication Header and Encapsulation Security
Payload
Partial solution to the replay attack
Tunnel mode and transport mode
Encryption without authentication is useless.
Outbound and inbound packet processing
22
Rocky K. C. Chang
IKEv.1
IKE phase 1 (ISAKMP association) and phase 2
The main mode consists of 3 message pairs.
The phase 1 is protected with encryption and authentication.
1st pair: ISAKMP SA negotiation
2nd pair: a D-H exchange and an exchange of nonces
3rd pair: Peer authentication
Establish IPSec associations and the necessary keys.
A new issue here is hiding the identities of the end points
23
Rocky K. C. Chang
TLS 1.0/ SSL 3.0
Pros and cons of providing security services at the
transport layer instead of the IP layer.
The TLS Handshake and Record layers.
Session states and connection states
The session states can be reused to establish a new connection.
Server and client authentication
24
Rocky K. C. Chang
Network security is more than the
above
Wireless security: IEEE 802.11i, RFID, Bluetooth, IP
telephony, etc
Worms and buffer overflow attacks
Denial-of-service and degradation-of-service attacks
Data security
Covert channel, privacy protection
25
Rocky K. C. Chang
Network security is more than the
above
Security policies
Operational issues
Human issues
Vulnerability analysis
Auditing
Intrusion detection
System security
Program security
etc
26
Rocky K. C. Chang
“Security is a chain; it’s only as
secure as the weakest link.”
“Security is not a product; it itself is a
process.”
Bruce Schneier
27
Rocky K. C. Chang