Upload
ed3uzacoi1zy
View
219
Download
0
Embed Size (px)
Citation preview
7/27/2019 cryptography in networking
1/62
Chapter 3
7/27/2019 cryptography in networking
2/62
Chapter 1 introduced the threat environment
Chapter 2 introduced the plan-protect-respond cycle and covered the planning
phase Chapters 3 through 8 will cover the
protection phase
Chapters 3 and 4 introduce cryptography,which is important in itself and which is usedin many other protections
Copyright Pearson Prentice-Hall 20092
7/27/2019 cryptography in networking
3/62
Cryptography is the use of mathematicaloperations to protect messages travelingbetween parties or stored on a computer
Confidentiality means that someoneintercepting your communications cannotread them
Copyright Pearson Prentice-Hall 20093
???
7/27/2019 cryptography in networking
4/62
Confidentiality is only one cryptographicprotection
Authentication means proving ones identity
to another so they can trust you more Integrity means that the message cannot be
changed or, if it is change, that this changewill be detected
Known as the CIA of cryptography
No, not thatCIA
Copyright Pearson Prentice-Hall 20094
7/27/2019 cryptography in networking
5/62
Encryption for confidentiality needs a cipher(mathematical method) to encrypt anddecrypt
The cipher cannot be kept secret
The two parties using the cipher also need toknow a secret key or keys
A key is merely a long stream of bits (1s and 0s)
The key or keys mustbe kept secret
Cryptanalysts attempt to crack (find) the key
Copyright Pearson Prentice-Hall 20095
7/27/2019 cryptography in networking
6/62
Copyright Pearson Prentice-Hall 20096
Party B
SameSymmetric
Key
Symmetric
Key
Party A
Plaintext:"Hello"
Cipher &Key
Ciphertext: 11010100
Plaintext:"Hello"
Cipher &Key
Ciphertext: 11010100
Eavesdropper(Cannot ReadMessages inCiphertext)
Network
Note:
A single key is used to encry pt and decry pt
in both directions
7/27/2019 cryptography in networking
7/62Copyright Pearson Prentice-Hall 20097
Plaintext Key Ciphertext
n 4 r
o 8 w
w 15 l
i 16
s 23
t 16 h 3
e 9
t 12
i 20
m 6
e 25
n o p q r
+4
This is a very weak cipher
Real ciphers use complex math
7/27/2019 cryptography in networking
8/62
Substitution Ciphers Substitute one letter (or bit) for another in each
place
The cipher we saw in Figure 3-2 is a substitution
cipher
Transposition Ciphers
Transposition ciphers do not change individual
letters or bits, but they change their order
Most real ciphers use both substitution andtransposition
Copyright Pearson Prentice-Hall 20098
7/27/2019 cryptography in networking
9/62Copyright Pearson Prentice-Hall 20099
Key (Part 1)
Key (Part 2) 1 3 2
2 n o w
3 i s t
1 h e t
Key = 132 231
7/27/2019 cryptography in networking
10/62
Ciphers can encrypt any message expressedin binary (1s and 0s)
This flexibility and the speed of computing makesthis ciphers dominant for encryption today
Codes are more specialized
They substitute one thing for another
Usually a word for another word or a number for aword
Codes are good for humans and may be included inmessages sent via encipherment
Copyright Pearson Prentice-Hall 200910
7/27/2019 cryptography in networking
11/62
Copyright Pearson Prentice-Hall 200911
Message Code
From 17434
Akagi 63717
To 83971
Truk 11131
STOP 34058
ETA 53764
6 PM 73104
STOP 26733
Require 29798B 72135
N 54678
STOP 61552
Transmitted:
174346371783971
7/27/2019 cryptography in networking
12/62
Copyright Pearson Prentice-Hall 200912
Key Length in
Bits
Number of Possible Keys
1 2
2 4
4 16
8 25616 65,536
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000
112 5.1923E+33168 3.74144E+50
256 1.15792E+77
512 1.3408E+154
Each extra bitdoubles the
number of keys
Shaded keys areStrong symmetrickeys (>=100 bits)
7/27/2019 cryptography in networking
13/62
Note:
Public key/private key pairs (discussed later in the
chapter) must be much longer than symmetric keys
to be considered to be strong because of the
disastrous consequences that could occur if a
private key is cracked and because private keys
cannot be changed frequently. Public keys and
private keys must be at least 512 to 1,024 bits long
Copyright Pearson Prentice-Hall 200913
7/27/2019 cryptography in networking
14/62
Copyright Pearson Prentice-Hall 200914
RC4 DES 3DES AES
Key Length(bits)
40 bits ormore
56 112 or 168 128, 192, or256
Key Strength Very weak at
40 bits
Weak Strong Strong
ProcessingRequirements Low Moderate High Low
RAM
Requirements
Low Moderate Moderate Low
Remarks Can uses
keys ofvariable
length
Created in
the 1970s
Applies
DES threetimes with
two or three
different
DES keys
Todays gold
standard forsymmetric
key
encryption
7/27/2019 cryptography in networking
15/62
Copyright Pearson Prentice-Hall 200915
DES Encry ption
Process
64-bit Plaintext Block
64-bit DES Sy mmetric Key(56 bits + 8 redundant bits)
64-bit Ciphertext Block
The DES cipherencrypts messages64 bits at a time.
The DES cipher (incodebook mode)needs two inputs.
7/27/2019 cryptography in networking
16/62
Cryptographic Systems
Encryption for confidentiality is only onecryptographic protection
Individual users and corporations cannot beexpected to master these many aspects ofcryptography
Consequently, crypto protections are organized into
complete cryptographic systems that provide abroad set of cryptographic protection
Copyright Pearson Prentice-Hall 200916
7/27/2019 cryptography in networking
17/62
Cryptographic Systems
1. Two parties first agree upon a particularcryptographic system to use
2. Each cryptographic system dialogue begins withthree brief hand-shaking stages
3. The two parties then engage in cryptographicallyprotected communication
This ongoing communication stage usually constitutesnearly all of the dialogue
Copyright Pearson Prentice-Hall 200917
7/27/2019 cryptography in networking
18/62
Copyright Pearson Prentice-Hall 200918
Handshaking Stage 1:Initial Negotiation of Security Parameters
Handshaking Stage 2:InitialAuthentication
(Usually mutual)
Handshaking Stage 3:Key ing
(Secure exchange of key s and other secrets)
Server
Client PC
Time
7/27/2019 cryptography in networking
19/62
Copyright Pearson Prentice-Hall 200919
Ongoing Communication Stagewith Message-by -Message
Conf identiality, Authentication,and Message Integrity
Encry pted for Conf identiality
PlaintextElectronic Signature(Authentication, Integrity )
7/27/2019 cryptography in networking
20/62
Selecting methods andparameters
Authentication
Keying (the secure exchangeof secrets)
Ongoing communication
Copyright Pearson Prentice-Hall 200920
7/27/2019 cryptography in networking
21/62
Copyright Pearson Prentice-Hall 200921
Cipher Suite Key
Negotiation
Digital
Signature
Method
Symmetric
Key
Encryption
Method
Hashing
Method
for
HMAC
Strength
NULL_WITH_NULL_NULL None None None None None
RSA_EXPORT_WITH_
RC4_40_MD5
RSA
export
strength (40
bits)
RSA
export
strength
(40 bits)
RC4 (40-bit
key)
MD5 Weak
RSA_WITH_DES_CBC_
SHA
RSA RSA DES_CBC SHA-1 Stronger
but not
very
strong
DH_DSS_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman
DigitalSignature
Standard
3DES_EDE_CBC
SHA-1 Strong
RSA_WITH_AES_256_CB
C_SHA256
RSA RSA AES
256 bits
SHA-256 Very
strong
7/27/2019 cryptography in networking
22/62
Selecting methods andparameters
Authentication
Keying (the secure exchangeof secrets)
Ongoing communication
Copyright Pearson Prentice-Hall 200922
7/27/2019 cryptography in networking
23/62
Copyright Pearson Prentice-Hall 200923
Supplicant:Wishes to prove
its identity
Verifier:Tests the
credentials,accepts or rejects
the supplicant
CredentialsProofs of identity(password, etc.)
7/27/2019 cryptography in networking
24/62
Hashing A hashing algorithm is applied to a bit string of any
length
The result of the calculation is called the hash
For a given hashing algorithm, all hashes are thesame short length
Copyright Pearson Prentice-Hall 200924
Bit string of any length Hash: bit string ofsmall fixed length
HashingAlgorithm
7/27/2019 cryptography in networking
25/62
Hashing versus Encryption
Copyright Pearson Prentice-Hall 200925
Characteristic Encryption Hashing
Result length About the same
length as the
plaintext
Short fixed length
regardless of
message length
Reversible? Yes. Decryption No. There is no way
to get from the shorthash back to the long
original message
7/27/2019 cryptography in networking
26/62
Hashing lgorithms MD5 (128-bit hashes)
SHA-1 (160-bit hashes)
SHA-224, SHA-256, SHA-384, and SHA-512 (namegives hash length in bits)
Note: MD5 and SHA-1 should not be used because
have been shown to be unsecure
Copyright Pearson Prentice-Hall 200926
7/27/2019 cryptography in networking
27/62
Copyright Pearson Prentice-Hall 200927
7/27/2019 cryptography in networking
28/62
Copyright Pearson Prentice-Hall 200928
Supplicant sends Response Message in the clear(without encryption)
Transmitted Response Message
7/27/2019 cryptography in networking
29/62
Copyright Pearson Prentice-Hall 200929
7/27/2019 cryptography in networking
30/62
Selecting methods andparameters
Authentication
Keying (the secure exchangeof secrets)
Ongoing communication
Copyright Pearson Prentice-Hall 200930
7/27/2019 cryptography in networking
31/62
There are two types of ciphers used forconfidentiality
In symmetric key encryption for confidentiality, thetwo sides use the same key
For each dialogue (session), a new symmetrickey is generated: the symmetric session key
In public key encryption, each party has a public
key and a private key that are never changed A persons public key is available to anyone
A person keeps his or her private key secret
Copyright Pearson Prentice-Hall 200931
7/27/2019 cryptography in networking
32/62
Copyright Pearson Prentice-Hall 200932
7/27/2019 cryptography in networking
33/62
Copyright Pearson Prentice-Hall 200933
Party B
1.Creates
SymmetricSession Key
3. Sends the SymmetricSession Key Encrypted
f or Conf identiality
5. Subsequent Encry ption with
Sy mmetric Session Key
2. EncryptsSession Key with
Party B's Public Key4. Decrypts
Session Key withParty B's Private Key
Party A
7/27/2019 cryptography in networking
34/62
The two parties exchange parameters p and g
Each uses a number that is never sharedexplicitly to compute a second number
Each sends the other their second number
Each does another computation on thesecond computed number
Both get the third number, which is the key
All of this communication is sent in the clear
Copyright Pearson Prentice-Hall 200934
7/27/2019 cryptography in networking
35/62
Copyright Pearson Prentice-Hall 200935
Party Y
6. Subsequent Encry ption withSy mmetric Session Key g (xy ) mod p
Party X
1.Exchange Keying Inf ormation:
Agree on D if f ie-Hellman Groupp (prime) and g (generator).
Exchange is in the clear.2.
Party Xenerates Random
Number x
3Party X
Computesx'=g^x mod p
2.Party Y
Generates RandomNumber y
3Party Y
Computesy '=g y mod p
4.Exchange Keying Inf ormation:Exchange x' and y '.
Exchange is in the clear.
5.Party X
Computes Key=y ' x mod p
=g (xy ) mod p
5.Party Y
Computes Key=x' y mod p
=g (xy ) mod p
Note: An eav esdropper intercepting the key ing inf ormationwill st ill not know x or y and so will not be able tocompute the sy mmetric session key g xy Mod P
The gorydetails
7/27/2019 cryptography in networking
36/62
Selecting methods andparameters
Authentication
Keying (the secure exchangeof secrets)
Ongoing communication
Copyright Pearson Prentice-Hall 200936
7/27/2019 cryptography in networking
37/62
Consumes nearly all of the dialogues
Message-by-Message Encryption
Nearly always uses symmetric key encryption
Already covered
Public key encryption is too inefficient
Message-by-Message Authentication
Digital signatures Message authentication codes (MACs)
Also provide message-by-message integrity
Copyright Pearson Prentice-Hall 200937
7/27/2019 cryptography in networking
38/62
Copyright Pearson Prentice-Hall 200938
MD
DS
Plaintext
DS Plaintext
To Create the Digital Signature:
1. Hash the plaintext to create abrief message digest; this isNOT the Digital Signature.
2. Sign (encrypt) the messagedigest with the sender's private
key to create the digital signature
Sign (Encry pt) withSender's Priv ate Key
Hash
Goal: to show that the supplicantknows the True Party 's
priv ate key
7/27/2019 cryptography in networking
39/62
Copyright Pearson Prentice-Hall 200939
ReceiverSender
DS Plaintext
3. Transmit the plaintext + digitalsignature, encry pted withsy mmetric key encry ption.
Encryption is done to protect the plaintextIt is not needed for message-by-message
authentication
7/27/2019 cryptography in networking
40/62
Copyright Pearson Prentice-Hall 200940
MD MD
DSReceiv ed Plaintext
To Test the Digital Signature
4. Hash the receiv ed plaintextwith the same hashing algorithmthe sender used. This giv es the
message digest.
5. Decry pt the digital signaturewith the True Party 's public key .
This also will give themessage digest if the sender
has the True Party 's priv ate key .
6. If the two match, the messageis authenticated.
4. 5.
HashDecrypt withTrue Party 'sPublic Key
6.Are They Equal?
7/27/2019 cryptography in networking
41/62
Copyright Pearson Prentice-Hall 200941
Encryption Goal Sender Encrypts
with
Receiver
Decrypts with
Public Key
Encryption forConfidentiality
The receivers
public key
The receivers
private key
Public Key
Encryption for
Authentication
The senders
private key
The True Partys
public key
(not the senderspublic key)
Point of frequentconfusion
7/27/2019 cryptography in networking
42/62
Cannot use the senders public key It would alwaysvalidate the senders digital
signature
Normally requires a digital certificate
File provided by a certificate authority (CA)
The certificate authority must be trustworthy
Digital certificate provides the subjects (True
Partys) name and public key Dont confuse digital signatures and the digital
certificates used to test digital signatures!
Copyright Pearson Prentice-Hall 200942
7/27/2019 cryptography in networking
43/62
Copyright Pearson Prentice-Hall 200943
Field Description
VersionNumber Version number of the X.509 standard. Most certificatesfollow Version 3. Different versions have different fields.
This figure reflects the Version 3 standard.
Issuer Name of the Certificate Authority (CA).
SerialNumber
Unique serial number for the certificate, set by the CA.
Subject
(True Party)
The name of the person, organization, computer, or
program to which the certificate has been issued. This
is the true party.
Public Key The public key of the subject (the true party).Public Key
Algorithm
The algorithm the subject uses to sign messages with
digital signatures.
Certificate provides the TruePartys public key
Serial number allows the receiver tocheck if the digital certificate has
been revoked by the CA
7/27/2019 cryptography in networking
44/62
Copyright Pearson Prentice-Hall 200944
Field Description
Digital
Signature
The digital signature of the certificate, signed by the CA
with the CAs own private key.
For testing certificate authentication and integrity.
User must know the CAs public key independently.
Signature
Algorithm
Identifier
The digital signature algorithm the CA uses to sign its
certificates.
Other Fields The CA signs the cert with its ownprivate key so that the certs validity
can be checked for alterations.
7/27/2019 cryptography in networking
45/62
Testing the Digital Signature The digital certificate has a digital signature of its
own
Signed with the Certificate Authoritys (CAs) privatekey
Must be tested with the CAs well-known public key
If the test works, the certificate is authentic and
unmodified
Copyright Pearson Prentice-Hall 200945
7/27/2019 cryptography in networking
46/62
Checking the Valid Period Certificate is valid only during the valid period in
the digital certificate (not shown in the figure)
If the current time is not within the valid period,reject the digital certificate
Copyright Pearson Prentice-Hall 200946
7/27/2019 cryptography in networking
47/62
Checking for Revocation Certificates may be revoked for improper behavior
or other reasons
Revocation must be tested
Cannot be done by looking at fields within thecertificate
Receiver must check with the CA
Copyright Pearson Prentice-Hall 200947
7/27/2019 cryptography in networking
48/62
Checking for Revocation Verifier may download the entire certificate
revocation list from the CA
See if the serial number is on the certificaterevocation list
If so, do not accept the certificate
Or, the verifier may send a query to the CA
Requires the CA to support the OnlineCertificate Status Protocol
Copyright Pearson Prentice-Hall 200948
7/27/2019 cryptography in networking
49/62
Copyright Pearson Prentice-Hall 200949
Digital Certif icateDigital Signature
Authentication
Public key of
True Party
Digital Signature
to be tested with
the public key of
the True Party
If the public key of the True Party
v erif ies the digital signature,
accept the supplicant
Certif icate Authority
Verif ier must know CA public key to test
whether the digital certif icate has been altered;
Rev ocation inf ormation
7/27/2019 cryptography in networking
50/62
Also Brings Message Integrity
If the message has been altered, the authenticationmethod will fail automatically
Digital Signature Authentication
Uses public key encryption for authentication
Very strong but expensive
Key-Hashed Message Authentication Codes
An alternate authentication method using hashing
Much less expensive than digital signatureauthentication
Much more widely used
Copyright Pearson Prentice-Hall 200950
7/27/2019 cryptography in networking
51/62
Copyright Pearson Prentice-Hall 200951
7/27/2019 cryptography in networking
52/62
Copyright Pearson Prentice-Hall 200952
As in the case of digital signatures,confidentiality is done to protect the plaintext.
It is not needed for authentication and hasnothing to do with authentication.
7/27/2019 cryptography in networking
53/62
Copyright Pearson Prentice-Hall 200953
7/27/2019 cryptography in networking
54/62
Nonrepudiation means that the sender cannotdeny that he or she sent a message
With digital signatures, the sender must usehis or her private key
It is difficult to repudiate that you sent something ifyou use your private key
With HMACs, both parties know the key used
to create the HMAC The sender can repudiate the message, claiming
that the receiver created it
Copyright Pearson Prentice-Hall 200954
7/27/2019 cryptography in networking
55/62
However, packet-level nonrepudiation isunimportant in most cases
The application messagean e-mailmessage, a contract, etc., is the importantthing
If the application layer message has its owndigital signature, you have nonrepudiation for
the application message, even if you useHMACs at the internet layer for packetauthentication
Copyright Pearson Prentice-Hall 200955
7/27/2019 cryptography in networking
56/62
Replay ttacks Capture and then retransmit an encrypted message
later
May have a desired effect
Even if the attacker cannot read the message
Copyright Pearson Prentice-Hall 200956
7/27/2019 cryptography in networking
57/62
Thwarting Replay ttacks Time stamps to ensure freshness of each message
Sequence numbers so that repeated messages canbe detected
Nonces
Unique randomly generated number placed ineach request message
Reflected in the response message If a request arrives with a previously used
nonce, it is rejected
Copyright Pearson Prentice-Hall 200957
7/27/2019 cryptography in networking
58/62
Quantum Mechanics Describes the behavior of fundamental particles
Complex and even weird results
Copyright Pearson Prentice-Hall 200958
7/27/2019 cryptography in networking
59/62
Quantum Key Distribution Transmits a very long keyas long as the message
This is a one-time key that will not be used again
A one-time key as long as a message cannot becracked by cryptanalysis
If an interceptor reads part of the key in transit,this will be immediately apparent to the sender and
receiver
Copyright Pearson Prentice-Hall 200959
7/27/2019 cryptography in networking
60/62
Quantum Key Cracking Tests many keys simultaneously
If quantum key cracking becomes capable ofworking on long keys, todays strong key lengths
will offer no protection
Copyright Pearson Prentice-Hall 200960
7/27/2019 cryptography in networking
61/62
Copyright Pearson Prentice-Hall 200961
Confidentiality uthenticationSymmetric KeyEncryption
Applicable. Sender
encrypts with keyshared with thereceiver.
Not applicable.
Public KeyEncryption Applicable. Senderencrypts withreceivers publickey. Receiverdecrypts with thereceivers ownprivate key.
Applicable. Sender(supplicant) encrypts with
own private key. Receiver(verifier) decrypts with thepublic key of the true party,usually obtained from thetrue partys digital certificate.
Hashing Not applicable. Applicable. Used in MS-CHAPfor initial authentication andin HMACs for message-by-message authentication.
7/27/2019 cryptography in networking
62/62
C i ht P P ti H ll 200962