Embed Size (px)
DESCRIPTION
L8. Reviews. Rocky K. C. Chang, May 2011. Foci of this course. Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing today ’ s Internet infrastructure. Exposed to some current Internet security problems. - PowerPoint PPT Presentation
Citation preview
L8. Reviews
Rocky K. C. Chang, May 2011
Foci of this course
2Rocky K. C. Chang
Understand the 3 fundamental cryptographic functions and how they are used in network security.
Understand the main elements in securing today’s Internet infrastructure.
Exposed to some current Internet security problems.
Types of attacks
3Rocky K. C. Chang
Passive attacks (eavesdropping), e.g., ciphertext-only attacks (recognizable plaintext attacks)
Fred has seen some ciphertext. known-plaintext attacks
Fred has obtained some <plaintext, ciphertext> pairs. chosen-plaintext attacks
Fred can choose any plaintext he wants. Active attacks, e.g.,
pretend to be someone else (impersonation) introduce new messages in the protocol delete existing messages substituting one message for another replay old messages
4Rocky K. C. Chang
Three cryptographic functions Hash functions: require 0 key Secret key functions: require 1 key Public key functions: require 2 keys
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
5Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
Symmetric cryptography
6Rocky K. C. Chang
Secret key functions Stream cipher vs block cipher Symmetric cryptography based on substitution
(confusion) and diffusion 64-bit DES and 128/192/256-bit AES
Secrecy service Encrypting data of any size: cipher block chaining (CBC) Security problems with CBC, e.g., identical and
nonidentical ciphertext blocks.
7Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
Cryptographic hash functions and MAC
8Rocky K. C. Chang
Hash functions 3 properties: pre-image resistance, collision resistance,
and mixing transformation The birthday problem and attack
k 1.774q, where q is the number of distinct hash outputs The length of a secure hash output ≥ 256 bits
Hash function standards (MDx, SHA-x) 2 problems: length extension and partial message
collision Message authentication codes
A successful attack on MAC CBC-MAC and HMAC
9Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
The public-key cryptography
10Rocky K. C. Chang
Prime numbers, modulo a prime A group for the set of numbers modulo a prime p
without 0 under multiplication Compute the multiplicative inverse using the
extended Euclid algorithm. Generate a large prime number.
The Rabin-Miller test determines whether an odd integer is prime.
Each party involved in a public-key cryptographic system is one secret and one public “key”.
The Diffie-Hellman (DH) protocol
11Rocky K. C. Chang
The DH protocol uses the multiplicative group modulo p, where p is a very large prime. A generator g generates a set of numbers 1, g, g2, …, gt-1
(gt = 1 again). Subgroups (t < p-1) and group (t = p-1)
The basic Diffie-Hellman (DH) protocol (g, p) and a random number in (1, 2, …, p-1) The discrete logarithm problem
Security problems Using a smaller subgroup ({1}, {1, p-1}) and a safe prime Squares and nonsquares Man in the middle attack
12Rocky K. C. Chang
Alice Bob
X = gx
Y = gy
Randomly pick xfrom {1, …, q-1}
Randomly pick yfrom Z*
p
k Yx mod p k Xy mod p
Check (p, q, g) Check (p, q, g)
Check 1 < X < pand Xq = 1
Check 1 < Y < pand Yq = 1
The RSA algorithm
13Rocky K. C. Chang
In RSA, we perform modulo a composite number n = p q, where p and q are large primes. Use 2 different exponents e (public) and d (private), such
that e d = 1 mod t, where t = lcm(p – 1, q – 1). To encrypt m, compute c = me mod n; to decrypt
c, compute cd mod n = m. To sign m, compute s = m1/e mod n; to verify the
signature, compute se = m mod n. Choices of e, p, and q Pitfalls of using RSA, e.g., encrypting a small
message, message signing.
14Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
Authentication
15Rocky K. C. Chang
Network-based, password-based Cryptographic authentication
Symmetric and asymmetric Challenge and response Mutual authentication 2 x one-way authentication. Reflection attack and man in the middle attack
Principles: One-way: Have the responder influence on what she
encrypts or hashes. Have both parties have some influence over the quantity
signed.
16Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
Authenticated key exchange
17Rocky K. C. Chang
Authenticated Diffie-Hellman exchange Perfect forward secrecy
Allow both sides to agree on the crypto. algorithms and the DH parameters.
A partial solution to denial-of service attacks using cookies
It is prudent to couple the key exchange with authentication.
18Rocky K. C. Chang
Alice Bob
(p, q, g), X = gx, AUTHB
Y = gy, AUTHA
Randomly pick Nafrom {0, …,2256-1}
Randomly pick xfrom {1, …, q-1}
k h(Yx mod p)k h(Xy mod p)
s min p size
Choose (p, q, g)
Check (p, g, q), X,AUTHB
s, Na
Check Y, AUTHA
Randomly pick yfrom {1, …, q-1}
Secure network protocols in practice
20Rocky K. C. Chang
Secret keyfunctions
Public keyfunctions
Hashfunctions
Secrecyservice
Authenticationservice
Messageintegrity service
Nonrepudiationservice
PKI
21Rocky K. C. Chang
Alice generates her public/private key pair. Keep the private key. Take the public key to the CA, say k The CA has to verify that Alice is who she says she is. The CA then issues a digital statement stating that k
belongs to Alice. There will never be a single CA for all or most of
all. There are going to be a large number of PKIs. Use different key pairs in different PKIs.
Choose between a key server approach and a PKI approach.
IPSec
22Rocky K. C. Chang
Unicast, unidirectional security association at the IP layer
Authentication Header and Encapsulation Security Payload
Partial solution to the replay attack Tunnel mode and transport mode Encryption without authentication is useless. Outbound and inbound packet processing
IKEv.1
23Rocky K. C. Chang
IKE phase 1 (ISAKMP association) and phase 2 The main mode consists of 3 message pairs.
1st pair: ISAKMP SA negotiation 2nd pair: a D-H exchange and an exchange of nonces 3rd pair: Peer authentication
The phase 1 is protected with encryption and authentication. Establish IPSec associations and the necessary keys.
A new issue here is hiding the identities of the end points
TLS 1.0/ SSL 3.0
24Rocky K. C. Chang
Pros and cons of providing security services at the transport layer instead of the IP layer.
The TLS Handshake and Record layers. Session states and connection states
The session states can be reused to establish a new connection.
Server and client authentication
Network security is more than the above
25Rocky K. C. Chang
Wireless security: IEEE 802.11i, RFID, Bluetooth, IP telephony, etc
Worms and buffer overflow attacks Denial-of-service and degradation-of-service
attacks Data security Covert channel, privacy protection
Network security is more than the above
26Rocky K. C. Chang
Security policies Operational issues Human issues Vulnerability analysis Auditing Intrusion detection System security Program security etc
27Rocky K. C. Chang
“Security is a chain; it’s only as secure as the weakest link.”
“Security is not a product; it itself is a process.”
Bruce Schneier
