cryptography in networking

7/27/2019 cryptography in networking

1/62

Chapter 3


2/62

Chapter 1 introduced the threat environment

Chapter 2 introduced the plan-protect-respond cycle and covered the planning

phase Chapters 3 through 8 will cover the

protection phase

Chapters 3 and 4 introduce cryptography,which is important in itself and which is usedin many other protections

Copyright Pearson Prentice-Hall 20092


3/62

Cryptography is the use of mathematicaloperations to protect messages travelingbetween parties or stored on a computer

Confidentiality means that someoneintercepting your communications cannotread them


???


4/62

Confidentiality is only one cryptographicprotection

Authentication means proving ones identity

to another so they can trust you more Integrity means that the message cannot be

changed or, if it is change, that this changewill be detected

Known as the CIA of cryptography

No, not thatCIA



5/62

Encryption for confidentiality needs a cipher(mathematical method) to encrypt anddecrypt

The cipher cannot be kept secret

The two parties using the cipher also need toknow a secret key or keys

A key is merely a long stream of bits (1s and 0s)

The key or keys mustbe kept secret

Cryptanalysts attempt to crack (find) the key



6/62


Party B

SameSymmetric

Key

Symmetric

Key

Party A

Plaintext:"Hello"

Cipher &Key

Ciphertext: 11010100

Plaintext:"Hello"

Cipher &Key

Ciphertext: 11010100

Eavesdropper(Cannot ReadMessages inCiphertext)

Network

Note:

A single key is used to encry pt and decry pt

in both directions


7/62Copyright Pearson Prentice-Hall 20097

Plaintext Key Ciphertext

n 4 r

o 8 w

w 15 l

i 16

s 23

t 16 h 3

e 9

t 12

i 20

m 6

e 25

n o p q r

+4

This is a very weak cipher

Real ciphers use complex math


8/62

Substitution Ciphers Substitute one letter (or bit) for another in each

place

The cipher we saw in Figure 3-2 is a substitution

cipher

Transposition Ciphers

Transposition ciphers do not change individual

letters or bits, but they change their order

Most real ciphers use both substitution andtransposition



9/62Copyright Pearson Prentice-Hall 20099

Key (Part 1)

Key (Part 2) 1 3 2

2 n o w

3 i s t

1 h e t

Key = 132 231


10/62

Ciphers can encrypt any message expressedin binary (1s and 0s)

This flexibility and the speed of computing makesthis ciphers dominant for encryption today

Codes are more specialized

They substitute one thing for another

Usually a word for another word or a number for aword

Codes are good for humans and may be included inmessages sent via encipherment



11/62


Message Code

From 17434

Akagi 63717

To 83971

Truk 11131

STOP 34058

ETA 53764

6 PM 73104

STOP 26733

Require 29798B 72135

N 54678

STOP 61552

Transmitted:

174346371783971


12/62


Key Length in

Bits

Number of Possible Keys

1 2

2 4

4 16

8 25616 65,536

40 1,099,511,627,776

56 72,057,594,037,927,900

112 5,192,296,858,534,830,000,000,000,000,000,000

112 5.1923E+33168 3.74144E+50

256 1.15792E+77

512 1.3408E+154

Each extra bitdoubles the

number of keys

Shaded keys areStrong symmetrickeys (>=100 bits)


13/62

Note:

Public key/private key pairs (discussed later in the

chapter) must be much longer than symmetric keys

to be considered to be strong because of the

disastrous consequences that could occur if a

private key is cracked and because private keys

cannot be changed frequently. Public keys and

private keys must be at least 512 to 1,024 bits long



14/62


RC4 DES 3DES AES

Key Length(bits)

40 bits ormore

56 112 or 168 128, 192, or256

Key Strength Very weak at

40 bits

Weak Strong Strong

ProcessingRequirements Low Moderate High Low

RAM

Requirements

Low Moderate Moderate Low

Remarks Can uses

keys ofvariable

length

Created in

the 1970s

Applies

DES threetimes with

two or three

different

DES keys

Todays gold

standard forsymmetric

key

encryption


15/62


DES Encry ption

Process

64-bit Plaintext Block

64-bit DES Sy mmetric Key(56 bits + 8 redundant bits)

64-bit Ciphertext Block

The DES cipherencrypts messages64 bits at a time.

The DES cipher (incodebook mode)needs two inputs.


16/62

Cryptographic Systems

Encryption for confidentiality is only onecryptographic protection

Individual users and corporations cannot beexpected to master these many aspects ofcryptography

Consequently, crypto protections are organized into

complete cryptographic systems that provide abroad set of cryptographic protection



17/62

Cryptographic Systems

1. Two parties first agree upon a particularcryptographic system to use

2. Each cryptographic system dialogue begins withthree brief hand-shaking stages

3. The two parties then engage in cryptographicallyprotected communication

This ongoing communication stage usually constitutesnearly all of the dialogue



18/62


Handshaking Stage 1:Initial Negotiation of Security Parameters

Handshaking Stage 2:InitialAuthentication

(Usually mutual)

Handshaking Stage 3:Key ing

(Secure exchange of key s and other secrets)

Server

Client PC

Time


19/62


Ongoing Communication Stagewith Message-by -Message

Conf identiality, Authentication,and Message Integrity

Encry pted for Conf identiality

PlaintextElectronic Signature(Authentication, Integrity )


20/62

Selecting methods andparameters

Authentication

Keying (the secure exchangeof secrets)

Ongoing communication



21/62


Cipher Suite Key

Negotiation

Digital

Signature

Method

Symmetric

Key

Encryption

Method

Hashing

Method

for

HMAC

Strength

NULL_WITH_NULL_NULL None None None None None

RSA_EXPORT_WITH_

RC4_40_MD5

RSA

export

strength (40

bits)

RSA

export

strength

(40 bits)

RC4 (40-bit

key)

MD5 Weak

RSA_WITH_DES_CBC_

SHA

RSA RSA DES_CBC SHA-1 Stronger

but not

very

strong

DH_DSS_WITH_3DES_EDE_CBC_SHA

Diffie-Hellman

DigitalSignature

Standard

3DES_EDE_CBC

SHA-1 Strong

RSA_WITH_AES_256_CB

C_SHA256

RSA RSA AES

256 bits

SHA-256 Very

strong


22/62


Authentication





23/62


Supplicant:Wishes to prove

its identity

Verifier:Tests the

credentials,accepts or rejects

the supplicant

CredentialsProofs of identity(password, etc.)


24/62

Hashing A hashing algorithm is applied to a bit string of any

length

The result of the calculation is called the hash

For a given hashing algorithm, all hashes are thesame short length


Bit string of any length Hash: bit string ofsmall fixed length

HashingAlgorithm


25/62

Hashing versus Encryption


Characteristic Encryption Hashing

Result length About the same

length as the

plaintext

Short fixed length

regardless of

message length

Reversible? Yes. Decryption No. There is no way

to get from the shorthash back to the long

original message


26/62

Hashing lgorithms MD5 (128-bit hashes)

SHA-1 (160-bit hashes)

SHA-224, SHA-256, SHA-384, and SHA-512 (namegives hash length in bits)

Note: MD5 and SHA-1 should not be used because

have been shown to be unsecure



27/62



28/62


Supplicant sends Response Message in the clear(without encryption)

Transmitted Response Message


29/62



30/62


Authentication





31/62

There are two types of ciphers used forconfidentiality

In symmetric key encryption for confidentiality, thetwo sides use the same key

For each dialogue (session), a new symmetrickey is generated: the symmetric session key

In public key encryption, each party has a public

key and a private key that are never changed A persons public key is available to anyone

A person keeps his or her private key secret



32/62



33/62


Party B

1.Creates

SymmetricSession Key

3. Sends the SymmetricSession Key Encrypted

f or Conf identiality

5. Subsequent Encry ption with

Sy mmetric Session Key

2. EncryptsSession Key with

Party B's Public Key4. Decrypts

Session Key withParty B's Private Key

Party A


34/62

The two parties exchange parameters p and g

Each uses a number that is never sharedexplicitly to compute a second number

Each sends the other their second number

Each does another computation on thesecond computed number

Both get the third number, which is the key

All of this communication is sent in the clear



35/62


Party Y

6. Subsequent Encry ption withSy mmetric Session Key g (xy ) mod p

Party X

1.Exchange Keying Inf ormation:

Agree on D if f ie-Hellman Groupp (prime) and g (generator).

Exchange is in the clear.2.

Party Xenerates Random

Number x

3Party X

Computesx'=g^x mod p

2.Party Y

Generates RandomNumber y

3Party Y

Computesy '=g y mod p

4.Exchange Keying Inf ormation:Exchange x' and y '.

Exchange is in the clear.

5.Party X

Computes Key=y ' x mod p

=g (xy ) mod p

5.Party Y

Computes Key=x' y mod p

=g (xy ) mod p

Note: An eav esdropper intercepting the key ing inf ormationwill st ill not know x or y and so will not be able tocompute the sy mmetric session key g xy Mod P

The gorydetails


36/62


Authentication





37/62

Consumes nearly all of the dialogues

Message-by-Message Encryption

Nearly always uses symmetric key encryption

Already covered

Public key encryption is too inefficient

Message-by-Message Authentication

Digital signatures Message authentication codes (MACs)

Also provide message-by-message integrity



38/62


MD

DS

Plaintext

DS Plaintext

To Create the Digital Signature:

1. Hash the plaintext to create abrief message digest; this isNOT the Digital Signature.

2. Sign (encrypt) the messagedigest with the sender's private

key to create the digital signature

Sign (Encry pt) withSender's Priv ate Key

Hash

Goal: to show that the supplicantknows the True Party 's

priv ate key


39/62


ReceiverSender

DS Plaintext

3. Transmit the plaintext + digitalsignature, encry pted withsy mmetric key encry ption.

Encryption is done to protect the plaintextIt is not needed for message-by-message

authentication


40/62


MD MD

DSReceiv ed Plaintext

To Test the Digital Signature

4. Hash the receiv ed plaintextwith the same hashing algorithmthe sender used. This giv es the

message digest.

5. Decry pt the digital signaturewith the True Party 's public key .

This also will give themessage digest if the sender

has the True Party 's priv ate key .

6. If the two match, the messageis authenticated.

4. 5.

HashDecrypt withTrue Party 'sPublic Key

6.Are They Equal?


41/62


Encryption Goal Sender Encrypts

with

Receiver

Decrypts with

Public Key

Encryption forConfidentiality

The receivers

public key

The receivers

private key

Public Key

Encryption for

Authentication

The senders

private key

The True Partys

public key

(not the senderspublic key)

Point of frequentconfusion


42/62

Cannot use the senders public key It would alwaysvalidate the senders digital

signature

Normally requires a digital certificate

File provided by a certificate authority (CA)

The certificate authority must be trustworthy

Digital certificate provides the subjects (True

Partys) name and public key Dont confuse digital signatures and the digital

certificates used to test digital signatures!



43/62


Field Description

VersionNumber Version number of the X.509 standard. Most certificatesfollow Version 3. Different versions have different fields.

This figure reflects the Version 3 standard.

Issuer Name of the Certificate Authority (CA).

SerialNumber

Unique serial number for the certificate, set by the CA.

Subject

(True Party)

The name of the person, organization, computer, or

program to which the certificate has been issued. This

is the true party.

Public Key The public key of the subject (the true party).Public Key

Algorithm

The algorithm the subject uses to sign messages with

digital signatures.

Certificate provides the TruePartys public key

Serial number allows the receiver tocheck if the digital certificate has

been revoked by the CA


44/62


Field Description

Digital

Signature

The digital signature of the certificate, signed by the CA

with the CAs own private key.

For testing certificate authentication and integrity.

User must know the CAs public key independently.

Signature

Algorithm

Identifier

The digital signature algorithm the CA uses to sign its

certificates.

Other Fields The CA signs the cert with its ownprivate key so that the certs validity

can be checked for alterations.


45/62

Testing the Digital Signature The digital certificate has a digital signature of its

own

Signed with the Certificate Authoritys (CAs) privatekey

Must be tested with the CAs well-known public key

If the test works, the certificate is authentic and

unmodified



46/62

Checking the Valid Period Certificate is valid only during the valid period in

the digital certificate (not shown in the figure)

If the current time is not within the valid period,reject the digital certificate



47/62

Checking for Revocation Certificates may be revoked for improper behavior

or other reasons

Revocation must be tested

Cannot be done by looking at fields within thecertificate

Receiver must check with the CA



48/62

Checking for Revocation Verifier may download the entire certificate

revocation list from the CA

See if the serial number is on the certificaterevocation list

If so, do not accept the certificate

Or, the verifier may send a query to the CA

Requires the CA to support the OnlineCertificate Status Protocol



49/62


Digital Certif icateDigital Signature

Authentication

Public key of

True Party

Digital Signature

to be tested with

the public key of

the True Party

If the public key of the True Party

v erif ies the digital signature,

accept the supplicant

Certif icate Authority

Verif ier must know CA public key to test

whether the digital certif icate has been altered;

Rev ocation inf ormation


50/62

Also Brings Message Integrity

If the message has been altered, the authenticationmethod will fail automatically

Digital Signature Authentication

Uses public key encryption for authentication

Very strong but expensive

Key-Hashed Message Authentication Codes

An alternate authentication method using hashing

Much less expensive than digital signatureauthentication

Much more widely used



51/62



52/62


As in the case of digital signatures,confidentiality is done to protect the plaintext.

It is not needed for authentication and hasnothing to do with authentication.


53/62



54/62

Nonrepudiation means that the sender cannotdeny that he or she sent a message

With digital signatures, the sender must usehis or her private key

It is difficult to repudiate that you sent something ifyou use your private key

With HMACs, both parties know the key used

to create the HMAC The sender can repudiate the message, claiming

that the receiver created it



55/62

However, packet-level nonrepudiation isunimportant in most cases

The application messagean e-mailmessage, a contract, etc., is the importantthing

If the application layer message has its owndigital signature, you have nonrepudiation for

the application message, even if you useHMACs at the internet layer for packetauthentication



56/62

Replay ttacks Capture and then retransmit an encrypted message

later

May have a desired effect

Even if the attacker cannot read the message



57/62

Thwarting Replay ttacks Time stamps to ensure freshness of each message

Sequence numbers so that repeated messages canbe detected

Nonces

Unique randomly generated number placed ineach request message

Reflected in the response message If a request arrives with a previously used

nonce, it is rejected



58/62

Quantum Mechanics Describes the behavior of fundamental particles

Complex and even weird results



59/62

Quantum Key Distribution Transmits a very long keyas long as the message

This is a one-time key that will not be used again

A one-time key as long as a message cannot becracked by cryptanalysis

If an interceptor reads part of the key in transit,this will be immediately apparent to the sender and

receiver



60/62

Quantum Key Cracking Tests many keys simultaneously

If quantum key cracking becomes capable ofworking on long keys, todays strong key lengths

will offer no protection



61/62


Confidentiality uthenticationSymmetric KeyEncryption

Applicable. Sender

encrypts with keyshared with thereceiver.

Not applicable.

Public KeyEncryption Applicable. Senderencrypts withreceivers publickey. Receiverdecrypts with thereceivers ownprivate key.

Applicable. Sender(supplicant) encrypts with

own private key. Receiver(verifier) decrypts with thepublic key of the true party,usually obtained from thetrue partys digital certificate.

Hashing Not applicable. Applicable. Used in MS-CHAPfor initial authentication andin HMACs for message-by-message authentication.


62/62

C i ht P P ti H ll 200962

Documents

cryptography in networking