View
27
Download
1
Category
Preview:
Citation preview
1
Security Overview & Cryptography
Network Security Workshop
16-18 January 2018
Apia, Samoa
Overview
• Security Overview• Goal of Security
• Threat Pragmatics
• Cryptography Basics
2
Drawing some correlations
3
Why Security?
• The Internet was designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP
• The Internet has become fundamental to our daily activities (business, work, and personal)
• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources
4
Internet Evolution
Security (threats and challenges) changes as the Internet evolves!
LAN connectivity Content driven (email, web, music, video)
Data on the Cloud
5
Recent Incidents• Meltdown/Spectre (Jan 2018)
– Exploits processor vulnerabilities!• Intel, AMD, ARM
– Meltdown (CVE-2017-5754):• Breaks the isolation between programs & OS• An application could read kernel memory locations
– Spectre (CVE-2017-5753/CVE-2017-5715)• Breaks isolation between applications• An application could read other application
memory
– Patches available: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
6
Recent Incidents• (Not)Petya Ransomware/Wiper (June 2017)
– Exploited a backdoor in MeDoc accounting suite• Update pushed on June 22 from an update server (stolen credentials)• proxied to the attacker’s machine (176.31.182.167)
– Spread laterally across the network (June 27)• EternalBlue exploit (SMB exploit: MS17-010)• through PsExec/WMIC using clear-text passwords from memory• C:\Windows\perfc.dat hosted the post-exploit code (called by
rundll32.exe)
7
Recent Incidents• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit
• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017
8
Recent Incidents• SHA-1 is broken (Feb 23, 2017)
– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
9
shodan.io
10
• Find any internet connected device
haveibeenpwned.com
11
abc@test.com
• Have you been compromised?
THANKS
• Most of the content is from:
– Steven M.Bellovin’s “Thinking Security”– https://www.cs.columbia.edu/~smb/
12
Here we go….
• What are we protecting?, and
• Against whom?
13
• All security system designs should be based on these questions!
Threats, Vulnerability, and Risks
• Threat– circumstance or event with potential to cause harm to a
networked system
• Vulnerability– A weakness that can be exploited
• Software bugs• Design flaws• Configuration mistakes• Lack of encryption
• Risk– The likelihood that a particular vulnerability will be exploited
14
Attack Motivation (Who are your Enemies?)
• Nation states want SECRETS
• Organized criminals want MONEY
• Protesters or activists want ATTENTION
• Hackers and researchers want KNOWLEDGE
15
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
Who are your Enemies?
16
• Script kiddies: little real ability, but can cause damage if you’re careless
• Money makers: Hack into machines; turn them into spam engines; etc.
• Government intelligence agencies, AKA Nation State Adversaries
The Threat Matrix
17
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent Threats
Source: Thinking Security – Steve M. Bellovin
Joy Hacks
• For fun - with little skill using known exploits
• Minimal damage - especially unpatched machines
• Random targets – anyone they can hit
• Most hackers start this way – learning curve
18
Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry? Petya?
• Most phishers, virus writers, etc.
19
Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks– physical reconnaissance
• At worst, an insider (behind all your defenses)– Not-so happy employee L
• Watch for tools like “spear-phishing”
• May use 0-days
20
Advanced Persistent Threats
• Highly skilled (well funded) - specific targets– Mostly 0-days
• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)
• May use non-cyber means:– burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
21
Are you a Target?
• Biggest risk?– assuming you are not interesting enough!
• Vendors/System Integrators and their take on security:– Either underwhelming or Overwhelming L
22
Defense Strategies
• Depends on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive, and cause great inconvenience
23
What Are You Protecting?
• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?
• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value
• How much can you afford?
• Determine Likelihood of breaches– threats and vulnerabilities ?
24
Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known exploits:– Up to date system patches– Up to date antivirus database
• Ordinary enterprise-grade firewalls will also repel them
25
Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files
• Goal: to contain the attack!
26
Targeted Attacks
• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot
• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the car park?
• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden
27
Advanced Persistent Threats
• L VERY VERY hard to defend against!
• Use all of the previous defenses
• There are no sure answers
• Pay special attention to policies and procedures
• Investigate all oddities
28
Varying Defenses
• Don’t use the same defenses for everything– Keep them guessing J
• Layer them– protect valuable systems more carefully
• Maybe you can’t afford to encrypt everything– but you probably can encrypt all communications among
and to/from your high-value machines
29
However…
• Every machine (connected) is valuable
• They could be turned into bots– Send spam, launch DDoS, host phishing sites– Sniff your local traffic
• Defense: – watch outbound traffic from your network
30
Example of Security Controls
31
Category Example of Controls Purpose
Policy & Procedure
Cyber Security Policy, IncidentHandling Procedure
Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem
Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems
Prevent and detect potentialattacks, mitigate risk of breach
Physical CCTV, Locks, Biometrics, Secure working space
Prevent physical theft of information assets or unauthorized physicalaccess
Summary
• Use proper crypto
• Multi-layered security– Updated patches and Avs– Backup important data– Firewalls– IDS/IPS (anomaly detection)
• Strictly follow security procedures– Revise and audit frequently
32
Overview
• Security Overview
• Goal of Security• Threat Pragmatics
• Cryptography Basics
33
Goals of Information Security
Confidentiality Integrity Availability
SEC
UR
ITY
prevent unauthorized use or disclosure of
information
safeguard the accuracy and
completeness of information
authorized users have reliable and timely access to
information
34
Access Control
• To permit or deny the use of resource(s)
• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)
Authentication
• Verify a user’s identity• “User” may refer to:
– a person – an application or process– a machine or device
• Identification comes before authentication– Ex: username to establish user’s identity
• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,
signature or voice)
Strong Authentication
• An absolute requirement
• Two-factor authentication – Passwords (something only you know)– Tokens (something only you have)
• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates
Two-factor Authentication• At least two authentication ‘factors’ to prove user’s
identity– something you know
• Username/password
– something “only” you have• Token using a one-time password (OTP), or a SMS code
• OTP is generated using a device in physical possession of the user– generated each time and expires after some time– through applications on your device
• Authy/Google Authenticator
Authorization
• Defines the user’s rights and permissions on a system– Typically ‘if authenticated’
• Grants a user access to a particular resource and what actions they are permitted to perform on that resource
• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type
Authorization Concepts
• Authorization Creep– When users may possess unnecessarily high access
privileges within an organization
• Default to Zero– Start with zero access and build on top of that
• Need to Know Principle– Least privilege; give access only to information that the user
absolutely need
• Access Control Lists– List of users allowed to perform particular access to an
object (read, write, execute, modify)
Authorization - Single Sign On
• User logs in only once and gains access to all authorized resources within a system
• Benefits:– Ease of use– Reduces logon cycle (time spent re-entering passwords for the
same identity)
• Common SSO technologies:– Kerberos (prevents replays – T_REQ:timestamp/lifetime)– RADIUS– OTP Token– SAML/OpenID
• Disadvantage: Single point of attack– May need to mix with MFA
Accounting
• What did the user do with the resource?
• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
Types of Access Control
• Centralized Access Control– RADIUS (UDP1812/13)
• Encrypts the password
– TACACS+ (TCP49)• Encrypts the entire message
– Diameter (TCP)• Enhanced RADIUS (reliable and secure channel)
• Decentralized Access Control– User database maintained on the resource
• Not scalable– No method for consistent control
Overview
• Security Overview
• Goal of Security
• Threat Pragmatics • Cryptography Basics
44
Target
• Targets could be:– Network infrastructure– Network services– Application services– End user machines
Uneven Playing Field
• The defender has to think about the entire perimeter– all the weakness
• The attacker has to find only one weakness
• This is not good news for defenders
46
Attack Surface
• Entire Perimeter you have to Defend
47
Web ServerDNS
SMTP
Power Fiber
Application
Firewall
Soft Gooey Inside
• But it is not just the perimeter!
48
Web Server DNS
SMTP
Power Fiber
Application
Firewall
USB SticksSpearfishingPasswords
Ex-EmployeesSysAdmins
Attacks on Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
49
Layer 2 Attacks
• ARP Spoofing
• MAC attacks
• DHCP attacks
• VLAN hopping
50
ARP Spoofing
ARP Cache poisoned. Machine A connects to Machine D (not C)
I want to connect to 10.0.0.3. I don’t know the
MAC address
10.0.0.1AA-AA-AA-AA-AA-AA
10.0.0.2BB-BB-BB-BB-BB-BB
10.0.0.3CC-CC-CC-CC-CC-CC
10.0.0.4DD-DD-DD-DD-DD-DD
ARP Request
ARP Reply
Wait, I am 10.0.0.3!
I am 10.0.0.3. This is my MAC address
51
MAC Flooding
• Exploits the limitation of all switches – CAM stores mapping of individual MAC addresses to source
ports– Finite memory
• Attacker floods the CAM table using spoofed source MAC addresses
52
DHCP Attacks
• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed
MAC address simultaneously.
• DHCP Spoofing– Rogue DHCP
53
Wireless Attacks- MITM
• Creates a fake access point and have clients authenticate to it instead of a legitimate one.
• Capture traffic (usernames, passwords)
54
Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless security
• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)
• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES
55
Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007
Link-Layer Defense
• Dynamic ARP Inspection– Protects against ARP spoofing
– uses DHCP Snooping
– forward ARP packets on Trusted interfaces without checks
– intercept all ARP packets on Untrusted ports and check against IP-to-MAC binding• Drop (and log) if no valid binding
56
Link-Layer Defense
• Port Security– Protects the MAC table
– Limit the number of MACs per port (static or sticky learning)• Forwards valid frames (valid source MACs), and drops invalid frames
– Violation could trigger:• Dropping of invalid frames and port shutdown, or• Drop frames with/without notification
57
Link-Layer Defense
• 802.1X– Identity based network access control– Protection against rogue devices (DHCP or AP) attaching to
a LAN
58
Client Authenticator AAA Server
Access-Request
Access-Challenge
Access-Request
EAP-Request/Id
EAP-Response/Id
EAP-Request/pw
EAP-Response/pw
Access-AcceptEAP-Success
Port Authorized
Image Source: www.en.wikipedia.org/wiki/IEEE_802.1X
Layer 3 Attacks
• ICMP Attacks– ICMP Smurf/Flood– Ping of death
• Routing (control plane) attacks
59
ICMP Flood/Smurf
NetworkBroadcast Address
Victim
Other forms of ICMP attack:-Ping of death
Attacker
Echo request Echo request
Echo reply to actual destination
60
• Defense:– Disable directed broadcast
no ip directed-broadcast
Routing Protocol Attacks
• Malicious route insertion– Poison routing table– To divert traffic and eavesdrop
• Analyse/Modify/Drop packets
• BGP attacks– hijack prefixes– Tamper the path information
61
Defense- Routing Attacks
• Authenticate source of routing updates– Peer authentication
• Origin Validation– Rolled out today as RPKI– ROA (resource certificate) signed by
the owner• Verifies the origin AS (signed route
announcement)
• Path Validation– Sign the full path (ASNs traversed)
• In IETF process as BGPsec
62
X.509 Cert
RFC 3779Extension
IP Resources (Addr & ASN)
SIA – URI (repository) for where this Publishes
Subject Public Key (algorithm and key)
CA
Sign
ed b
y Pa
rent
’s P
rivat
e Ke
y
SYN Flooding
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets • No ACK
• Retains state for bogus half-open connections – Finite SYN_RECV queue size– no more resources (memory) to for new legitimate
connections – drops!
Server(Victim)
Attacker
SYN
SYN+ACK
ACK?
63
SYN Flood - Defense
• SYN Cookies– MD5 hash (src IP, src port, dst IP, dst port, and ISN in SYN)
• Sent back as ISN in its SYN-ACK
– no states for half-open connections in memory• until valid ACK: SEQ = ISN+1• Store state after valid ACK
64
Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1
Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies
Application Layer Attacks
• Very common:– Scripting vulnerabilities
– Buffer overflow
– Cookie poisoning• Tamper session information
– X-site scripting• Client-side code injection
– SQL injection
65
Application Layer - Defense
• User input validation– SQL injection, X-site scripting
• Pen-test or vulnerability scan by experts– Scripting vulnerabilities– Buffer overflow (bounds checking)
66
Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4
• On L7, DoS attack targets applications disguised as legitimate packets – exhaust application resources (bandwidth, ports, protocol
weakness)
• Includes:– Slowloris– RUDY (R-U-Dead Yet)
• POST request with long content length and write forms slowly
– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)
67
Layer 7 DDoS – Slowloris
• Incomplete HTTP requests– No blank line (\r\n) in request header
• Properties– Low bandwidth– Keep threads active
• Only affects threaded web servers (Apache)• Doesn’t work through load balancers
– Keepalives to reset timeout
68
Layer 7 DDoS – Defense
• Load balancers– Delayed binding– Perform HTTP Request header completeness check
• Request not sent to server until the final \r\n (CRLF) received from client
• Non-threaded webservers– not vulnerable to slow header attacks
• ModSecurity– Open source WAF plugin for Apache– embedded or reverse proxy mode
• In front of the web server
69
DNS Changer
• Anyone who controls your DNS controls what you see!
• How: – infect computers with
malware – malware changes the user’s
DNS settings • to attacker’s resolvers (specific
address blocks)
70
Countries affected by DNSChanger (2012):
Image Source: Kaspersky
DNS Changer - Defense
• Find out if you are infected– FBI:
• forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS• 64.28.176.0/20; 67.210.0.0/20; 77.67.83.0/24; 85.255.112.0/20;
93.188.160.0/23; 213.109.64.0/20
– DNSChanger Working Group:• www.dcwg.org/fix/
• Clean up:– Run free anti-malware tools
• DNSChanger WG site maintains clean-up guides and list of free tools to remove the malware
– firewall rules to only allow queries to legitimate servers
71
DNS Cache Poisoning
• Resolvers caching incorrect records that did not originate from authoritative DNS servers
• Result: – redirect to sites (controlled by the attacker)
72
DNS Cache Poisoning
(pretending to be the authoritative
zone)
ns.tashi.comWebServer(192.168.1.1)
DNS Caching Server
Client
I want to access www.tashi.com
1
QID=645712
QID=64569
QID=64570
QID=64571
www.tashi.com 192.168.1.1
match!
www.tashi.com 192.168.1.993
3
Root/GTLD
QID=64571
73
Cache Poisoning - Defense• DNSSEC – DNS security extensions
– Uses public-key crypto• Records (RRset) signed with private key (authenticity and integrity)• Signatures (RRSIG) published in DNS responses• Public key also published (DNSKEY) to verify signatures• Child zones also sign their records with their pvt key• Parent sings the hash of child’s public key - DS (chain-of-trust)
74
Where is www.tashi.com?
www.tashi.comis on 192.168.1.1
Key query
DS, DNSKEYsigned
Root Server
.com TLD
tashi.comDNS Server
Recursive DNS
1
2
3
4
5
Amplification Attacks
• Exploiting UDP protocol to return large amplified amounts of data– small request, LARGE reply
• Examples:– DNS– NTP
75
DNS Amplification Attack
• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by
the attacker
• UDP packet’s source address is spoofed
76
DNS Amplification
Bots
77
Attacker
ns.example.com
Victim
Open DNS Resolvers
Root/GTLD
www.example.com 192.168.1.1
Queries (ANY) withspoofed (victim’s) IP
dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
Source IP spoofing – Defense • BCP38 (RFC2827)
– Since 1998!– https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to– Leave your network
• Only from your own address space
– To enter/transit your network• Only from downstream customer address space
78
uRPF – Unicast Reverse Path• Unicast Reverse Path Forwarding (uRPF)
– Router verifies if the source address of any packets received is in the FIB table and reachable (routing table)• Drop if not valid!
– Recommended on customer facing interfaces
79
NTP Amplification
• UDP 123
• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack (CVE-2013-5211)
– made easier by Open NTP servers (time.google.com)
– Monlist fetches the MRU list of NTP (600) associationsntpdc -c -n monlist <NTP-Server-IP>
• Several incidents in 2014– 400Gbps attack on cloud provider
80
NTP Amplification - Defense
• BCP38
• Upgrade NTP (ntpd) server– to v4.2.7p26 or later– Removes/disables “monlist” command; replaced with
“mrulist”• Requires proof that the command came from the address in the NTP
packet
• In older versions:– disable ntp monitor and do not answer ntpq/ntpdc queries
81
vi /etc/ntp.conf
disable monitorrestrict default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery
Transport Layer Security
• SSL/TLS
• Secure Shell (SSH)
82
Application Layer Security -Encryption
• HTTPS– PKI/centralised trust
• PGP (Pretty Good Privacy)– Web of trust (decentralised trust)
• SMIME (Secure Multipurpose Internet Mail Extensions)– Chain of trust (centralised trust/CA)
83
Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics
84
Cryptography
85
• All about hiding information in plain sight!
Cryptography Basics
• At its core is the aim to change ordered data into a seemingly random string– Using a secret key
C = F(P,k)
86
P – plain textC – cipher textk – cryptographic key
Key is the key
• key length is a measure in bits
• key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
87
• Assume everyone knows your encryption/decryption algorithm– Security of encryption lies in the secrecy of the keys, not the
algorithm! • Kerckhoff’s Principle (1883)
• How do we keep them safe and secure?
88
Key is the key
Work Factor
• The amount of processing power and time to break a crypto system– No system is unbreakable!
• The idea is to make it “expensive” to break/guess
89
Encryption and Decryption
Plaintext (P) Cipher Text (C) Plaintext (P)
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Encryption Key Decryption Key
90
Symmetric & Asymmetric keys
• Two categories of cryptographic methods– Symmetric and Asymmetric key encryption
91
Symmetric Encryption
• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key
• Also called shared secret-key cryptography– The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits
• Widely used examples:– DES/3DES, AES, RC4/6
92
Same shared secret-key
Plain text
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Cipher text Plaintext
Encryption Key Decryption Key
Symmetric Encryption
93
Symmetric Encryption
• Advantages– fast computation since the algorithms require small number
of operations
• Disadvantages:– The sender and receiver needs to know the shared secret
key before any encrypted conversation starts• How do we securely distribute the shared secret-key between the sender
and receiver?
– What if you want to communicate with multiple people, and each communication needs to be confidential?• How many keys do we have to manage? A key for each!• Key EXPLOSION!
94
Symmetric Key AlgorithmsSymmetric Algorithm Key SizeDES 56-bit keys (8 bits parity)
Triple DES (3DES) 112-bit and 168-bit keys
AES 128, 192, and 256-bit keys
Software Encryption (SEAL) 160-bit keys
RC2 40 and 64-bit keys
RC4 1 to 256-bit keys
RC5 0 to 2040-bit keys
RC6 128, 192, and 256-bit keys
Blowfish 32 to 448-bit keys
Note: • Longer keys are more difficult to crack, but more
computationally expensive.
95
Diffie-Hellman key ‘exchange’
• DH algorithm– secure way to generate a shared secret between two
parties– There is NO key exchange J– The key is NEVER exchanged or transmitted
96
DH key ‘exchange’
– Alice and Bob agree on two random primes (x and y)
– Alice and Bob pick a secret number each (a and b)• they don’t share
– Alice computes and sends to Bob
– Bob computes and sends to Alice
– Alice then computes:
– Bob also computes:
97
A = xa mod y
B = xb mod y
S = Ba mod y
S = Ab mod y
= (xb mod y)a mod y = xba mod y
= (xa mod y)b mod y = xab mod y
DH in Colour J
98
+ +
+ +
Diffie-Hellman key ‘exchange’
• Without even knowing what secret each used, Alice and Bob generated the same result!
• The shared-secret
– Even if evil “Eve” is listening on the wire • Can see x, y, A, B
– She cannot compute the same result since she would not know Bob and Alice’s secret
99
• Unlike normal exponentiation, which we can compute by
• modular exponentiation or modular log(x) is difficult to compute!
ey=logey
Asymmetric Encryption
• Also called public-key cryptography
• Use of Public-Private key pair– The key pairs are mathematically linked– Messages encrypted with one key can only be decrypted by
the other key of the key pair
• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa
100
Asymmetric Encryption
101
Public KeyPrivate Key🗝 🔑
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
🔑
🗝🔑
🗝
Asymmetric Encryption
• Advantages:– Solves the key explosion and distribution problem– No exchange of confidential information before
communication• Public key is published (everyone knows)• Private key is kept secret (only the owner knows)
• Disadvantages– Much slower than symmetric algorithms
102
Asymmetric Key Algorithms
103
Algorithm Key Size (bits)
Description
RSA 512-2048 - Rivest-Shamir-Adlemen- Based on factoring 100 to 200 digit prime numbers- Base on the assumption that while it is easy to compute products of two large
numbers, it is very difficult to factor a large number to be a product of two primes
DSA 512-1024 - Digital signature algorithm- Provides capability for authenticating messages
DH 512, 1024, 2048
- Diffie-Hellman- Allows two parties to agree on a key to encrypt messages (used for secret key
exchange)- Security based on the assumption that while it is easy to raise a number to a
certain power, it is difficult to find out which power was used
ElGamal 512-1024 - Based on DH key agreement- Used in GPG/PGP- Encrypted message becomes twice the size of the original (hence used only for
sharing secret keys)
Elliptical curve
160 - Keys are much smaller- Can adapt many algorithms – DH or ElGamal
Hash Functions
• Takes a message of arbitrary length and outputs a small fixed-length code– called the hash or message digest, or digital fingerprint
• One-way mathematical function– Easy to compute, difficult to reverse
• Single bit change in input => large indeterminate change in output
• Uses: – Verifying integrity – Digitally signing documents– Authentication (Hashing passwords)
104
Hash Functions
• A form of signature that uniquely represents a data
105
Hash Function
Arbitrary lengthdata
a88997dfha234 Fixed-lengthHash value
Well-known Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5
• Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec) L
– SHA-256, SHA-384, SHA-512 produce longer hash values
106
Digital Signature
• Electronic documents can be signed– to prove the identity of the sender, and – the integrity of the message
• Encrypted hash of the message– Hash the data – Encrypt the hash with the sender’s private key
107
Hash Digital Signature
DocumentEncryption
(Sender’s Private Key)
🗝Hashing
Digital Signature Validation• Sender
– Appends the signature to the original document– Sends to receiver
• Receiver– Computes the hash of the received data
• Using same hash function
– Decrypts the encrypted hash (signature) using sender’s public key• Authentication
– Compares the hashes• If match, the data was not modified (integrity) and signed by the sender
108
Digital Signature Validation
109
Digital Signature
Document
SENDER RECEIVER
Document HashHash
Function Equal?Digital
SignatureDecryption
(Sender's Public Key)
Hash🔑
Example
110
https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)
PKI Recap
• 🔑 Public Key
• 🗝 Private Key
• 📝 Message
• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted
• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated
111
112
Recommended