11

Security and Cryptography: basic aspectsSecurity and Cryptography: basic aspects

Ortal AraziOrtal Arazi

College of EngineeringCollege of EngineeringDept. of Electrical & Computer EngineeringDept. of Electrical & Computer Engineering

The University of TennesseeThe University of Tennessee

22

OutlineOutline

What is network security?What is network security?

Principles of CryptographyPrinciples of Cryptography

AuthenticationAuthentication

IntegrityIntegrity

33

What is network security?What is network security?

Confidentiality:Confidentiality: only sender, intended receiver should only sender, intended receiver should “understand” message contents“understand” message contents sender encrypts messagesender encrypts message receiver decrypts messagereceiver decrypts message

Authentication:Authentication: sender, receiver want to confirm sender, receiver want to confirm identity of each other identity of each other

Message Integrity and non-repudiation:Message Integrity and non-repudiation: sender, sender, receiver want to ensure message not altered (in receiver want to ensure message not altered (in transit, or afterwards)transit, or afterwards)

Access Control and Availability:Access Control and Availability: services must be services must be accessible and available to legitimate users (no DoS accessible and available to legitimate users (no DoS attacks)attacks)

44

Friends and foes: Alice, Bob, TrudyFriends and foes: Alice, Bob, Trudy

Well-known fixtures in network security worldWell-known fixtures in network security world

Bob, Alice want to communicate “securely”Bob, Alice want to communicate “securely”

Trudy (intruder) may intercept, delete, add messagesTrudy (intruder) may intercept, delete, add messages

securesender

securereceiver

channel data, control messages

data data

Alice Bob

Trudy

55

What can the “enemy” do ?What can the “enemy” do ?

Q:Q: What can a “bad guy” do? What can a “bad guy” do?

A:A: a lot! a lot! Eavesdrop:Eavesdrop: intercept messages intercept messages actively actively insertinsert messages into connection messages into connection Impersonation:Impersonation: can fake (spoof) source address can fake (spoof) source address

in packet (or any field in packet)in packet (or any field in packet) Hijacking:Hijacking: “take over” ongoing connection by “take over” ongoing connection by

removing sender or receiver, inserting himself removing sender or receiver, inserting himself in placein place

Denial of serviceDenial of service:: prevent service from being prevent service from being used by others (e.g., by overloading used by others (e.g., by overloading resources)resources)more on this later ……

66

The language of cryptographyThe language of cryptography

Symmetric keySymmetric key crypto: sender, receiver keys crypto: sender, receiver keys identicalidentical

Public-keyPublic-key crypto: encryption key crypto: encryption key publicpublic, decryption , decryption key key secret (secret (private)private)

plaintext plaintextciphertext

KA

encryptionalgorithm

decryption algorithm

Alice’s encryptionkey

Bob’s decryptionkey

KB

77

Symmetric key cryptographySymmetric key cryptography

Symmetric keySymmetric key crypto: Bob and Alice share know same crypto: Bob and Alice share know same (symmetric) key: (symmetric) key: KK

e.g., key is knowing substitution pattern in mono e.g., key is knowing substitution pattern in mono alphabetic substitution cipheralphabetic substitution cipher

Substitution cipher:Substitution cipher: substituting one thing for another substituting one thing for another monoalphabetic cipher: substitute one letter for monoalphabetic cipher: substitute one letter for

anotheranotherplaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

Question: How hard is it to break this simple cipher?:- brute force (how hard?)- other?

88

Symmetric key crypto: DESSymmetric key crypto: DES

DES: Data Encryption StandardDES: Data Encryption StandardUS encryption standard [NIST 1993- US encryption standard [NIST 1993- National Institute of National Institute of

Standard and TechnologyStandard and Technology]]

56-bit symmetric key, 64-bit plaintext input56-bit symmetric key, 64-bit plaintext input

How secure is DESHow secure is DES?? DES Challenge: 56-bit-key-encrypted phrase (“Strong DES Challenge: 56-bit-key-encrypted phrase (“Strong

cryptography makes the world a safer place”) decrypted cryptography makes the world a safer place”) decrypted (brute force) in 4 months(brute force) in 4 months

no known “backdoor” decryption approachno known “backdoor” decryption approach

making DES more secure:making DES more secure: use three keys sequentially (3-DES) on each datumuse three keys sequentially (3-DES) on each datum AES (Advanced Encryption Standard) – Next generation AES (Advanced Encryption Standard) – Next generation

standard (NIST 2001)standard (NIST 2001)

99

Symmetric key crypto: DESSymmetric key crypto: DES

Initial permutation Initial permutation

16 identical “rounds” of 16 identical “rounds” of function application, function application, each using different each using different 48 bits of key48 bits of key

Final permutationFinal permutation

DES operation – Substitution and Permutation

1010

Public Key CryptographyPublic Key Cryptography

SymmetricSymmetric key crypto key crypto

requires sender, receiver know shared secret requires sender, receiver know shared secret keykey

Q: how to agree on key in first place (particularly Q: how to agree on key in first place (particularly if never “met”)?if never “met”)?

PublicPublic key cryptography key cryptography

radically different approach [Diffie-Hellman76, radically different approach [Diffie-Hellman76, RSA78]RSA78]

Sender, receiver do Sender, receiver do notnot share secret key share secret key

publicpublic encryption keyencryption key known toknown to allall

privateprivate decryption key known only to receiver decryption key known only to receiver

1111

Diffie-Hellman Key GenerationDiffie-Hellman Key Generation

Uncovered an entire new approach to cryptographyUncovered an entire new approach to cryptographyW. Diffie and M.E. Hellman's W. Diffie and M.E. Hellman's New Directions in New Directions in CryptographyCryptography from IEEE transactions on Information from IEEE transactions on Information Theory, IT 22:644-654, 1976.Theory, IT 22:644-654, 1976.

A B

(X - private key) (X - private key) (Y - private key) (Y - private key)

a,p: known numbersa,p: known numbers(p - prime number)(p - prime number)

aaX X mod pmod paay y mod pmod p

[a[ay y mod p]mod p]x x mod p = mod p = aaXY XY mod pmod p = [a = [ax x mod p]mod p]y y mod p mod p

• x,y,a,p x,y,a,p typically 1024 bits longtypically 1024 bits long• The The Discreet Log Discreet Log problem: by knowing problem: by knowing aax x mod p, a and p, one mod p, a and p, one can notcan not obtain x obtain x

1212

Diffie-Hellman Key Generation- using ECCDiffie-Hellman Key Generation- using ECC

Why use ECC?Why use ECC?We use 160 bits (instead of1024) and still get the same complexityWe use 160 bits (instead of1024) and still get the same complexityWe use multiplications instead of exponentiationWe use multiplications instead of exponentiationAll mathematical calculations are without carryAll mathematical calculations are without carry

Calculations take less time, less memory and Calculations take less time, less memory and less hardwareless hardware

A B

X- private keyX- private key(scalar) (scalar)

y- private key y- private key (scalar)(scalar)

P- a known point on P- a known point on the elliptic curvethe elliptic curve

X X xx P P

(Y (Y xx P) P) x x X= X= XY XY x x PP = (X = (X xx P) P) x x YY

Y Y xx P P

The discreet Log problem: by knowing X The discreet Log problem: by knowing X xx P and P P and P, one can not know x, one can not know x

1313

What is an Elliptic Curve?What is an Elliptic Curve?

In (2) an ordinary elliptic curve suitable for elliptic curve cryptography is defined by the set of points () that satisfy the equation :

)GF(2 b a; m b; ax xy xy : E 232

Example:

)1000()1100( 232 xxxyy

1000

1100

4

)2(,,, 4

b

a

m

GFbayx

(1001)

(0101)

(1110)

(0111)

(1111)

(1011)

(0100)

(0010)

(0001)

(1100)

(0110)

(0011)

(1101)

(1010)

(0000)

(1000)(0

000)

(001

1)

(011

0)

(110

0)

(000

1)

(001

0)

(010

0)

(100

0)

(111

1)

(011

1)

(111

0)

(010

1)

(101

0)

(110

1)

(100

1)

(101

1)

1414

Public Key CryptographyPublic Key Cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

Bob’s public key

plaintextmessageK (m)

B+

K B+

Bob’s privatekey

K B-

m = K (K (m))B+

B-

Given a public key it should be impossible to Given a public key it should be impossible to compute the private keycompute the private key

Requirements:

1

2

K (K (m)) = m BB

- +

1515

Public Key Cryptography - RSAPublic Key Cryptography - RSA

plaintextmessage, m

ciphertextRSAf(x)

RSAf-1

(x)

Bob’s public key

plaintextmessage

K B+

Bob’s privatekey

K B-

f(m) m=f-1(f(m))

Algorithm using a public key

Algorithm using a private key

1616

RSA (Rivest-Shamir-Adelman): Choosing KeysRSA (Rivest-Shamir-Adelman): Choosing Keys

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).

4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).

5. Public key is (n,e). Private key is (n,d).

K B+ K B

-

1717

RSA: Encryption, decryptionRSA: Encryption, decryption

Given (n,e) and (n,d) as computed above:

1. To encrypt bit pattern, m (m<n), compute

c = m mod n

e (i.e., remainder when m is divided by n)e

2. To decrypt received bit pattern, c, compute

m = c mod n

d (i.e., remainder when c is divided by n)d

m = (m mod n)

e mod n

dMagichappens!

c

1818

RSA: Why is that ?RSA: Why is that ?m = (m mod n)

e mod nd

(m mod n)

e mod n = m mod n

d ed

Useful number theory result: If p,q prime and n = pq, then:

x mod n = x mod n(Fermat's Small Equation)

y y mod (p-1)(q-1)

= m mod n

ed mod (p-1)(q-1)

= m mod n1

C – the encrypted message

(using number theory result above)

(since we chose ed to be divisible by(p-1)(q-1) with remainder 1 )

= m (since m<n)

1919

OutlineOutline

What is network security?What is network security?

Principles of CryptographyPrinciples of Cryptography

AuthenticationAuthentication

IntegrityIntegrity

2020

AuthenticationAuthentication

There is a clear need to “prove” the identity of a There is a clear need to “prove” the identity of a sendersender

Insufficient options:Insufficient options: ID by IP # ?ID by IP # ? Send secret password along with message ?Send secret password along with message ? Choose a random number, R …Choose a random number, R …

“I am Alice”

RBob computes

K (R)A-

“send me your public key”

K A+

(K (R)) = RA

-K A

+

and knows only Alice could have the

private key, that encrypted R such that

(K (R)) = RA-

K A+

2121

Man-in-the-middle AttackMan-in-the-middle Attack

Man (woman) in the middle attack:Man (woman) in the middle attack: Trudy poses as Alice Trudy poses as Alice (to Bob) and as Bob (to Alice)(to Bob) and as Bob (to Alice)

I am Alice I am Alice

R

TK (R)

-

Send me your public key

TK

+A

K (R)-

Send me your public key

AK

+

TK (m)+

Tm = K (K (m))+

T-

Trudy gets

sends m to Alice encrypted

with Alice’s public key

AK (m)+

Am = K (K (m))+

A-

R

2222

Certification AuthoritiesCertification Authorities

Question:Question: How do you “prove” that a key is really your How do you “prove” that a key is really your key ?key ?

Solutions: Solutions: Certification authority (CA) -Certification authority (CA) - binds public binds public key to particular entity (for example: Bob).key to particular entity (for example: Bob).

Bob registers its public key with CA.Bob registers its public key with CA. Bob provides “proof of identity” to CA. Bob provides “proof of identity” to CA. CA creates certificate binding Bob to its public key.CA creates certificate binding Bob to its public key. certificate containing Bob’s public key digitally signed by certificate containing Bob’s public key digitally signed by

CA – CA says “this is Bob’s public key”CA – CA says “this is Bob’s public key”Bob’s public

key K B+

Bob’s identifying informatio

n

digitalsignature(encrypt)

CA private

key K CA-

K B+

certificate for Bob’s public

key, signed by CA

2323

Certification Authorities (cont.)Certification Authorities (cont.)

When Alice wants Bob’s public key:When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere).gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate, get apply CA’s public key to Bob’s certificate, get

Bob’s public keyBob’s public key

Bob’s public

key K B+

digitalsignature(decrypt)

CA public

key K CA+

K B+

2424

Questions?Questions?