1

Security Overview & Cryptography

Network Security Workshop

16-18 January 2018

Apia, Samoa

Overview

• Security Overview• Goal of Security

• Threat Pragmatics

• Cryptography Basics

2

Drawing some correlations

3

Why Security?

• The Internet was designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP

• The Internet has become fundamental to our daily activities (business, work, and personal)

• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources

4

Internet Evolution

Security (threats and challenges) changes as the Internet evolves!

LAN connectivity Content driven (email, web, music, video)

Data on the Cloud

5

Recent Incidents• Meltdown/Spectre (Jan 2018)

– Exploits processor vulnerabilities!• Intel, AMD, ARM

– Meltdown (CVE-2017-5754):• Breaks the isolation between programs & OS• An application could read kernel memory locations

– Spectre (CVE-2017-5753/CVE-2017-5715)• Breaks isolation between applications• An application could read other application

memory

– Patches available: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

6

Recent Incidents• (Not)Petya Ransomware/Wiper (June 2017)

– Exploited a backdoor in MeDoc accounting suite• Update pushed on June 22 from an update server (stolen credentials)• proxied to the attacker’s machine (176.31.182.167)

– Spread laterally across the network (June 27)• EternalBlue exploit (SMB exploit: MS17-010)• through PsExec/WMIC using clear-text passwords from memory• C:\Windows\perfc.dat hosted the post-exploit code (called by

rundll32.exe)

7

Recent Incidents• WannaCry Ransomware (May 2017)

– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit

• TCP 445, or via NetBIOS (UDP/TCP 135-139)

– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

– Exploit released on 14 April 2017

8

Recent Incidents• SHA-1 is broken (Feb 23, 2017)

– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

9

shodan.io

10

• Find any internet connected device

haveibeenpwned.com

11

abc@test.com

• Have you been compromised?

THANKS

• Most of the content is from:

– Steven M.Bellovin’s “Thinking Security”– https://www.cs.columbia.edu/~smb/

12

Here we go….

• What are we protecting?, and

• Against whom?

13

• All security system designs should be based on these questions!

Threats, Vulnerability, and Risks

• Threat– circumstance or event with potential to cause harm to a

networked system

• Vulnerability– A weakness that can be exploited

• Software bugs• Design flaws• Configuration mistakes• Lack of encryption

• Risk– The likelihood that a particular vulnerability will be exploited

14

Attack Motivation (Who are your Enemies?)

• Nation states want SECRETS

• Organized criminals want MONEY

• Protesters or activists want ATTENTION

• Hackers and researchers want KNOWLEDGE

15

Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014

http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html

Who are your Enemies?

16

• Script kiddies: little real ability, but can cause damage if you’re careless

• Money makers: Hack into machines; turn them into spam engines; etc.

• Government intelligence agencies, AKA Nation State Adversaries

The Threat Matrix

17

Degree of Focus

Opportunistic hacks

Joy hacks Targeted attacks

Advanced Persistent Threats

Source: Thinking Security – Steve M. Bellovin

Joy Hacks

• For fun - with little skill using known exploits

• Minimal damage - especially unpatched machines

• Random targets – anyone they can hit

• Most hackers start this way – learning curve

18

Opportunistic Hacks

• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques

• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry? Petya?

• Most phishers, virus writers, etc.

19

Targeted Attacks

• Have a specific target!

• Research the target and tailor attacks– physical reconnaissance

• At worst, an insider (behind all your defenses)– Not-so happy employee L

• Watch for tools like “spear-phishing”

• May use 0-days

20

Advanced Persistent Threats

• Highly skilled (well funded) - specific targets– Mostly 0-days

• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)

• May use non-cyber means:– burglary, bribery, and blackmail

• Note: many lesser attacks blamed on APTs

21

Are you a Target?

• Biggest risk?– assuming you are not interesting enough!

• Vendors/System Integrators and their take on security:– Either underwhelming or Overwhelming L

22

Defense Strategies

• Depends on what you’re trying to protect

• Tactics that keep out teenagers won’t keep out a well-funded agency

• But stronger defenses are often much more expensive, and cause great inconvenience

23

What Are You Protecting?

• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets

• Hardware, software, data, people, documents

– Who would be interested?

• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value

• How much can you afford?

• Determine Likelihood of breaches– threats and vulnerabilities ?

24

Against Joy Hacks

• By definition, joy hackers use known exploits

• Patches exist for known exploits:– Up to date system patches– Up to date antivirus database

• Ordinary enterprise-grade firewalls will also repel them

25

Opportunistic Hacks

• Sophisticated techniques used

• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files

• Goal: to contain the attack!

26

Targeted Attacks

• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot

• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the car park?

• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden

27

Advanced Persistent Threats

• L VERY VERY hard to defend against!

• Use all of the previous defenses

• There are no sure answers

• Pay special attention to policies and procedures

• Investigate all oddities

28

Varying Defenses

• Don’t use the same defenses for everything– Keep them guessing J

• Layer them– protect valuable systems more carefully

• Maybe you can’t afford to encrypt everything– but you probably can encrypt all communications among

and to/from your high-value machines

29

However…

• Every machine (connected) is valuable

• They could be turned into bots– Send spam, launch DDoS, host phishing sites– Sniff your local traffic

• Defense: – watch outbound traffic from your network

30

Example of Security Controls

31

Category Example of Controls Purpose

Policy & Procedure

Cyber Security Policy, IncidentHandling Procedure

Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem

Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems

Prevent and detect potentialattacks, mitigate risk of breach

Physical CCTV, Locks, Biometrics, Secure working space

Prevent physical theft of information assets or unauthorized physicalaccess

Summary

• Use proper crypto

• Multi-layered security– Updated patches and Avs– Backup important data– Firewalls– IDS/IPS (anomaly detection)

• Strictly follow security procedures– Revise and audit frequently

32

Overview

• Security Overview

• Goal of Security• Threat Pragmatics

• Cryptography Basics

33

Goals of Information Security

Confidentiality Integrity Availability

SEC

UR

ITY

prevent unauthorized use or disclosure of

information

safeguard the accuracy and

completeness of information

authorized users have reliable and timely access to

information

34

Access Control

• To permit or deny the use of resource(s)

• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)

Authentication

• Verify a user’s identity• “User” may refer to:

– a person – an application or process– a machine or device

• Identification comes before authentication– Ex: username to establish user’s identity

• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,

signature or voice)

Strong Authentication

• An absolute requirement

• Two-factor authentication – Passwords (something only you know)– Tokens (something only you have)

• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates

Two-factor Authentication• At least two authentication ‘factors’ to prove user’s

identity– something you know

• Username/password

– something “only” you have• Token using a one-time password (OTP), or a SMS code

• OTP is generated using a device in physical possession of the user– generated each time and expires after some time– through applications on your device

• Authy/Google Authenticator

Authorization

• Defines the user’s rights and permissions on a system– Typically ‘if authenticated’

• Grants a user access to a particular resource and what actions they are permitted to perform on that resource

• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type

Authorization Concepts

• Authorization Creep– When users may possess unnecessarily high access

privileges within an organization

• Default to Zero– Start with zero access and build on top of that

• Need to Know Principle– Least privilege; give access only to information that the user

absolutely need

• Access Control Lists– List of users allowed to perform particular access to an

object (read, write, execute, modify)

Authorization - Single Sign On

• User logs in only once and gains access to all authorized resources within a system

• Benefits:– Ease of use– Reduces logon cycle (time spent re-entering passwords for the

same identity)

• Common SSO technologies:– Kerberos (prevents replays – T_REQ:timestamp/lifetime)– RADIUS– OTP Token– SAML/OpenID

• Disadvantage: Single point of attack– May need to mix with MFA

Accounting

• What did the user do with the resource?

• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action

• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action

Source: NIST Risk Management Guide for Information Technology Systems

Types of Access Control

• Centralized Access Control– RADIUS (UDP1812/13)

• Encrypts the password

– TACACS+ (TCP49)• Encrypts the entire message

– Diameter (TCP)• Enhanced RADIUS (reliable and secure channel)

• Decentralized Access Control– User database maintained on the resource

• Not scalable– No method for consistent control

Overview

• Security Overview

• Goal of Security

• Threat Pragmatics • Cryptography Basics

44

Target

• Targets could be:– Network infrastructure– Network services– Application services– End user machines

Uneven Playing Field

• The defender has to think about the entire perimeter– all the weakness

• The attacker has to find only one weakness

• This is not good news for defenders

46

Attack Surface

• Entire Perimeter you have to Defend

47

Web ServerDNS

SMTP

Power Fiber

Application

Firewall

Soft Gooey Inside

• But it is not just the perimeter!

48

Web Server DNS

SMTP

Power Fiber

Application

Firewall

USB SticksSpearfishingPasswords

Ex-EmployeesSysAdmins

Attacks on Different LayersApplication

Presentation

Session

Transport

Network

Data Link

Physical

Application

Transport

Internet

Network Access (Link Layer)

Layer 2: Ethernet, PPP, ARP, NDP, OSPF

Layer 4: TCP, UDP, SCTP

Layer 5: NFS, Socks

Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP

DNS Poisoning, Phishing, SQL injection, Spam/Scam

ARP spoofing, MAC flooding

OSI Reference Model TCP/IP Model

Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP

TCP attacks, Routing attack, SYN flooding

Ping/ICMP Flood, Sniffing

49

Layer 2 Attacks

• ARP Spoofing

• MAC attacks

• DHCP attacks

• VLAN hopping

50

ARP Spoofing

ARP Cache poisoned. Machine A connects to Machine D (not C)

I want to connect to 10.0.0.3. I don’t know the

MAC address

10.0.0.1AA-AA-AA-AA-AA-AA

10.0.0.2BB-BB-BB-BB-BB-BB

10.0.0.3CC-CC-CC-CC-CC-CC

10.0.0.4DD-DD-DD-DD-DD-DD

ARP Request

ARP Reply

Wait, I am 10.0.0.3!

I am 10.0.0.3. This is my MAC address

51

MAC Flooding

• Exploits the limitation of all switches – CAM stores mapping of individual MAC addresses to source

ports– Finite memory

• Attacker floods the CAM table using spoofed source MAC addresses

52

DHCP Attacks

• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed

MAC address simultaneously.

• DHCP Spoofing– Rogue DHCP

53

Wireless Attacks- MITM

• Creates a fake access point and have clients authenticate to it instead of a legitimate one.

• Capture traffic (usernames, passwords)

54

Wireless Attacks

• WEP (wired equivalent privacy) – first go at wireless security

• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)

• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES

55

Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007

Link-Layer Defense

• Dynamic ARP Inspection– Protects against ARP spoofing

– uses DHCP Snooping

– forward ARP packets on Trusted interfaces without checks

– intercept all ARP packets on Untrusted ports and check against IP-to-MAC binding• Drop (and log) if no valid binding

56

Link-Layer Defense

• Port Security– Protects the MAC table

– Limit the number of MACs per port (static or sticky learning)• Forwards valid frames (valid source MACs), and drops invalid frames

– Violation could trigger:• Dropping of invalid frames and port shutdown, or• Drop frames with/without notification

57

Link-Layer Defense

• 802.1X– Identity based network access control– Protection against rogue devices (DHCP or AP) attaching to

a LAN

58

Client Authenticator AAA Server

Access-Request

Access-Challenge

Access-Request

EAP-Request/Id

EAP-Response/Id

EAP-Request/pw

EAP-Response/pw

Access-AcceptEAP-Success

Port Authorized

Image Source: www.en.wikipedia.org/wiki/IEEE_802.1X

Layer 3 Attacks

• ICMP Attacks– ICMP Smurf/Flood– Ping of death

• Routing (control plane) attacks

59

ICMP Flood/Smurf

NetworkBroadcast Address

Victim

Other forms of ICMP attack:-Ping of death

Attacker

Echo request Echo request

Echo reply to actual destination

60

• Defense:– Disable directed broadcast

no ip directed-broadcast

Routing Protocol Attacks

• Malicious route insertion– Poison routing table– To divert traffic and eavesdrop

• Analyse/Modify/Drop packets

• BGP attacks– hijack prefixes– Tamper the path information

61

Defense- Routing Attacks

• Authenticate source of routing updates– Peer authentication

• Origin Validation– Rolled out today as RPKI– ROA (resource certificate) signed by

the owner• Verifies the origin AS (signed route

announcement)

• Path Validation– Sign the full path (ASNs traversed)

• In IETF process as BGPsec

62

X.509 Cert

RFC 3779Extension

IP Resources (Addr & ASN)

SIA – URI (repository) for where this Publishes

Subject Public Key (algorithm and key)

CA

Sign

ed b

y Pa

rent

’s P

rivat

e Ke

y

SYN Flooding

• Exploits the TCP 3-way handshake

• Attacker sends a series of SYN packets • No ACK

• Retains state for bogus half-open connections – Finite SYN_RECV queue size– no more resources (memory) to for new legitimate

connections – drops!

Server(Victim)

Attacker

SYN

SYN+ACK

ACK?

63

SYN Flood - Defense

• SYN Cookies– MD5 hash (src IP, src port, dst IP, dst port, and ISN in SYN)

• Sent back as ISN in its SYN-ACK

– no states for half-open connections in memory• until valid ACK: SEQ = ISN+1• Store state after valid ACK

64

Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1

Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies

Application Layer Attacks

• Very common:– Scripting vulnerabilities

– Buffer overflow

– Cookie poisoning• Tamper session information

– X-site scripting• Client-side code injection

– SQL injection

65

Application Layer - Defense

• User input validation– SQL injection, X-site scripting

• Pen-test or vulnerability scan by experts– Scripting vulnerabilities– Buffer overflow (bounds checking)

66

Layer 7 DDoS Attack

• Traditional DoS attacks focus on L3 and L4

• On L7, DoS attack targets applications disguised as legitimate packets – exhaust application resources (bandwidth, ports, protocol

weakness)

• Includes:– Slowloris– RUDY (R-U-Dead Yet)

• POST request with long content length and write forms slowly

– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)

67

Layer 7 DDoS – Slowloris

• Incomplete HTTP requests– No blank line (\r\n) in request header

• Properties– Low bandwidth– Keep threads active

• Only affects threaded web servers (Apache)• Doesn’t work through load balancers

– Keepalives to reset timeout

68

Layer 7 DDoS – Defense

• Load balancers– Delayed binding– Perform HTTP Request header completeness check

• Request not sent to server until the final \r\n (CRLF) received from client

• Non-threaded webservers– not vulnerable to slow header attacks

• ModSecurity– Open source WAF plugin for Apache– embedded or reverse proxy mode

• In front of the web server

69

DNS Changer

• Anyone who controls your DNS controls what you see!

• How: – infect computers with

malware – malware changes the user’s

DNS settings • to attacker’s resolvers (specific

address blocks)

70

Countries affected by DNSChanger (2012):

Image Source: Kaspersky

DNS Changer - Defense

• Find out if you are infected– FBI:

• forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS• 64.28.176.0/20; 67.210.0.0/20; 77.67.83.0/24; 85.255.112.0/20;

93.188.160.0/23; 213.109.64.0/20

– DNSChanger Working Group:• www.dcwg.org/fix/

• Clean up:– Run free anti-malware tools

• DNSChanger WG site maintains clean-up guides and list of free tools to remove the malware

– firewall rules to only allow queries to legitimate servers

71

DNS Cache Poisoning

• Resolvers caching incorrect records that did not originate from authoritative DNS servers

• Result: – redirect to sites (controlled by the attacker)

72

DNS Cache Poisoning

(pretending to be the authoritative

zone)

ns.tashi.comWebServer(192.168.1.1)

DNS Caching Server

Client

I want to access www.tashi.com

1

QID=645712

QID=64569

QID=64570

QID=64571

www.tashi.com 192.168.1.1

match!

www.tashi.com 192.168.1.993

3

Root/GTLD

QID=64571

73

Cache Poisoning - Defense• DNSSEC – DNS security extensions

– Uses public-key crypto• Records (RRset) signed with private key (authenticity and integrity)• Signatures (RRSIG) published in DNS responses• Public key also published (DNSKEY) to verify signatures• Child zones also sign their records with their pvt key• Parent sings the hash of child’s public key - DS (chain-of-trust)

74

Where is www.tashi.com?

www.tashi.comis on 192.168.1.1

Key query

DS, DNSKEYsigned

Root Server

.com TLD

tashi.comDNS Server

Recursive DNS

1

2

3

4

5

Amplification Attacks

• Exploiting UDP protocol to return large amplified amounts of data– small request, LARGE reply

• Examples:– DNS– NTP

75

DNS Amplification Attack

• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by

the attacker

• UDP packet’s source address is spoofed

76

DNS Amplification

Bots

77

Attacker

ns.example.com

Victim

Open DNS Resolvers

Root/GTLD

www.example.com 192.168.1.1

Queries (ANY) withspoofed (victim’s) IP

dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec

Source IP spoofing – Defense • BCP38 (RFC2827)

– Since 1998!– https://tools.ietf.org/html/bcp38

• Only allow traffic with valid source addresses to– Leave your network

• Only from your own address space

– To enter/transit your network• Only from downstream customer address space

78

uRPF – Unicast Reverse Path• Unicast Reverse Path Forwarding (uRPF)

– Router verifies if the source address of any packets received is in the FIB table and reachable (routing table)• Drop if not valid!

– Recommended on customer facing interfaces

79

NTP Amplification

• UDP 123

• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack (CVE-2013-5211)

– made easier by Open NTP servers (time.google.com)

– Monlist fetches the MRU list of NTP (600) associationsntpdc -c -n monlist <NTP-Server-IP>

• Several incidents in 2014– 400Gbps attack on cloud provider

80

NTP Amplification - Defense

• BCP38

• Upgrade NTP (ntpd) server– to v4.2.7p26 or later– Removes/disables “monlist” command; replaced with

“mrulist”• Requires proof that the command came from the address in the NTP

packet

• In older versions:– disable ntp monitor and do not answer ntpq/ntpdc queries

81

vi /etc/ntp.conf

disable monitorrestrict default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery

Transport Layer Security

• SSL/TLS

• Secure Shell (SSH)

82

Application Layer Security -Encryption

• HTTPS– PKI/centralised trust

• PGP (Pretty Good Privacy)– Web of trust (decentralised trust)

• SMIME (Secure Multipurpose Internet Mail Extensions)– Chain of trust (centralised trust/CA)

83

Overview

• Security Overview

• Goal of Security

• Threat Pragmatics

• Cryptography Basics

84

Cryptography

85

• All about hiding information in plain sight!

Cryptography Basics

• At its core is the aim to change ordered data into a seemingly random string– Using a secret key

C = F(P,k)

86

P – plain textC – cipher textk – cryptographic key

Key is the key

• key length is a measure in bits

• key space is the number of possibilities that can be generated by a specific key length

• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776

87

• Assume everyone knows your encryption/decryption algorithm– Security of encryption lies in the secrecy of the keys, not the

algorithm! • Kerckhoff’s Principle (1883)

• How do we keep them safe and secure?

88

Key is the key

Work Factor

• The amount of processing power and time to break a crypto system– No system is unbreakable!

• The idea is to make it “expensive” to break/guess

89

Encryption and Decryption

Plaintext (P) Cipher Text (C) Plaintext (P)

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Encryption Key Decryption Key

90

Symmetric & Asymmetric keys

• Two categories of cryptographic methods– Symmetric and Asymmetric key encryption

91

Symmetric Encryption

• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key

• Also called shared secret-key cryptography– The key must be kept a “secret” to maintain security

• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits

• Widely used examples:– DES/3DES, AES, RC4/6

92

Same shared secret-key

Plain text

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Cipher text Plaintext

Encryption Key Decryption Key

Symmetric Encryption

93

Symmetric Encryption

• Advantages– fast computation since the algorithms require small number

of operations

• Disadvantages:– The sender and receiver needs to know the shared secret

key before any encrypted conversation starts• How do we securely distribute the shared secret-key between the sender

and receiver?

– What if you want to communicate with multiple people, and each communication needs to be confidential?• How many keys do we have to manage? A key for each!• Key EXPLOSION!

94

Symmetric Key AlgorithmsSymmetric Algorithm Key SizeDES 56-bit keys (8 bits parity)

Triple DES (3DES) 112-bit and 168-bit keys

AES 128, 192, and 256-bit keys

Software Encryption (SEAL) 160-bit keys

RC2 40 and 64-bit keys

RC4 1 to 256-bit keys

RC5 0 to 2040-bit keys

RC6 128, 192, and 256-bit keys

Blowfish 32 to 448-bit keys

Note: • Longer keys are more difficult to crack, but more

computationally expensive.

95

Diffie-Hellman key ‘exchange’

• DH algorithm– secure way to generate a shared secret between two

parties– There is NO key exchange J– The key is NEVER exchanged or transmitted

96

DH key ‘exchange’

– Alice and Bob agree on two random primes (x and y)

– Alice and Bob pick a secret number each (a and b)• they don’t share

– Alice computes and sends to Bob

– Bob computes and sends to Alice

– Alice then computes:

– Bob also computes:

97

A = xa mod y

B = xb mod y

S = Ba mod y

S = Ab mod y

= (xb mod y)a mod y = xba mod y

= (xa mod y)b mod y = xab mod y

DH in Colour J

98

+ +

+ +

Diffie-Hellman key ‘exchange’

• Without even knowing what secret each used, Alice and Bob generated the same result!

• The shared-secret

– Even if evil “Eve” is listening on the wire • Can see x, y, A, B

– She cannot compute the same result since she would not know Bob and Alice’s secret

99

• Unlike normal exponentiation, which we can compute by

• modular exponentiation or modular log(x) is difficult to compute!

ey=logey

Asymmetric Encryption

• Also called public-key cryptography

• Use of Public-Private key pair– The key pairs are mathematically linked– Messages encrypted with one key can only be decrypted by

the other key of the key pair

• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa

100

Asymmetric Encryption

101

Public KeyPrivate Key🗝 🔑

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Ciphertext Plaintext

Encryption Key Decryption Key

🔑

🗝🔑

🗝

Asymmetric Encryption

• Advantages:– Solves the key explosion and distribution problem– No exchange of confidential information before

communication• Public key is published (everyone knows)• Private key is kept secret (only the owner knows)

• Disadvantages– Much slower than symmetric algorithms

102

Asymmetric Key Algorithms

103

Algorithm Key Size (bits)

Description

RSA 512-2048 - Rivest-Shamir-Adlemen- Based on factoring 100 to 200 digit prime numbers- Base on the assumption that while it is easy to compute products of two large

numbers, it is very difficult to factor a large number to be a product of two primes

DSA 512-1024 - Digital signature algorithm- Provides capability for authenticating messages

DH 512, 1024, 2048

- Diffie-Hellman- Allows two parties to agree on a key to encrypt messages (used for secret key

exchange)- Security based on the assumption that while it is easy to raise a number to a

certain power, it is difficult to find out which power was used

ElGamal 512-1024 - Based on DH key agreement- Used in GPG/PGP- Encrypted message becomes twice the size of the original (hence used only for

sharing secret keys)

Elliptical curve

160 - Keys are much smaller- Can adapt many algorithms – DH or ElGamal

Hash Functions

• Takes a message of arbitrary length and outputs a small fixed-length code– called the hash or message digest, or digital fingerprint

• One-way mathematical function– Easy to compute, difficult to reverse

• Single bit change in input => large indeterminate change in output

• Uses: – Verifying integrity – Digitally signing documents– Authentication (Hashing passwords)

104

Hash Functions

• A form of signature that uniquely represents a data

105

Hash Function

Arbitrary lengthdata

a88997dfha234 Fixed-lengthHash value

Well-known Hash Functions

• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used

• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5

• Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec) L

– SHA-256, SHA-384, SHA-512 produce longer hash values

106

Digital Signature

• Electronic documents can be signed– to prove the identity of the sender, and – the integrity of the message

• Encrypted hash of the message– Hash the data – Encrypt the hash with the sender’s private key

107

Hash Digital Signature

DocumentEncryption

(Sender’s Private Key)

🗝Hashing

Digital Signature Validation• Sender

– Appends the signature to the original document– Sends to receiver

• Receiver– Computes the hash of the received data

• Using same hash function

– Decrypts the encrypted hash (signature) using sender’s public key• Authentication

– Compares the hashes• If match, the data was not modified (integrity) and signed by the sender

108

Digital Signature Validation

109

Digital Signature

Document

SENDER RECEIVER

Document HashHash

Function Equal?Digital

SignatureDecryption

(Sender's Public Key)

Hash🔑

Example

110

https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)

PKI Recap

• 🔑 Public Key

• 🗝 Private Key

• 📝 Message

• 📝+🔑 = 🔒✉ Encrypted

• 🔒✉+🗝 = 🔓📝 Decrypted

• 📝+🗝 = 🔏✉ Signed

• 🔏✉ + 🔑 = 👤 Authenticated

111

112