4-1.1

Security

I – General principles

© 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification date: Jan 27, 2010

4-1.2

• Here, we will look at general methods of making a secure connection, which are widely applicable.

• Later, look at the specifics for Grid computing, which has additional security requirements and constraints.

4-1.3

Secure Connections• Secure connections needed in many

computer related activities, including e-business and Grid computing.

• Fundamental purpose:– To able to send confidential information from

one point to another in a network without information being accessible by others not authorized to receive information along the path or at the end of the connection.

4-1.4

Data Confidentiality

• Term is used to describe an information exchange protected against eavesdroppers.

• Unfortunate reality that there are those that would try to access information not meant for them.

4-1.5

Data Integrity

• The term used to describe assurance that message was not modified in transit (intentionally or by accident).

• Unfortunate reality that there are those that would try to modify information in transit.

4-1.6

Authentication

Secure connections imply that information is only sent by one that is identifiable by destination and the destination is identifiable by source.

• Authentication– Process of deciding whether a particular

identity is who he says he is (applies to humans and systems)

4-1.7

Authorization

• Coupled with authentication is allowing access.

• Authorization– Process of deciding whether a particular

identity can access with particular resource

– Access control : Controlling specific types of access.

– We will deal with authorization later

4-1.8

Password-Based Authentication

• User enters a user name and password.

• User name and password sent through network to server.

• Server validates name and password and responds.

4-1.9

Name and Password• Typical sequence:

login% abwpassword% ******

• where user enters his username (abw above) and password, shown here as ********.

• Password not displayed so that no one can see it.• Server validates name and password and

responds. • If username and password valid, access granted.

4-1.10

Name and Password

• Consider a login prompt:

login% abwThere is no such userlogin%

4-1.11

Name and Password

• A different login prompt behavior:

login% abwpassword% ******authentication failedlogin%

• Second version a little more secure because it reveals less information to a potential intruder, but ...

4-1.12

Name and Password

• If name and password sent in plain text, vulnerable to interference and being stolen.

• Need to send information in a way it cannot be read by others during transmission.

4-1.13

Basic idea:

Encryption• Convert the original message (clear text, or

plain text) to the encrypted message (ciphertext)

Decryption• Reverse process of retrieving plaintext from

encrypted text

• Term Cryptography used to describe process

4-1.14

Can either:

• Make encryption/decryption algorithm(s) secret, so that an intruder cannot know it,

or, better:

• Use known algorithm and use a secret number called a key with the algorithm.

4-1.15

Cryptography algorithms with keys

• Converts data into scrambled binary patterns, using a large binary number called a key.

• A key is also used to convert the scrambled patterns back to the original data.

• Algorithms are well-known - it is a specific key(s) that must be kept secure.

4-1.16

Secret Key Cryptography• Sender and receiver has a same secret key in

their possession.

• Sender uses secret key to encrypt data.

• Receiver uses same key to decrypt data.

• Known as symmetric cryptography. Key is called a symmetric key.

4-1.17

Encryption and Decryption

Fig 4-1

Simple Secret-Key ExampleUsing Exclusive-OR operation

4-1.19

Example

Data (“abra”) has binary representation:

01100001011000100111001001100001

Choose random string of bits as key:

10011101010010001111010101011100

Exclusive-OR patterns to get encrypted message:

11111100001010101000011100111101

To get original message back, use same algorithm and key. (Don't use this algorithm!)

4-1.20

Common Symmetric Key Cryptography Systems

• Data Encryption Standard (DES) 56-bit key plus 8 parity bits - IBM 1970’s.

• Triple-DES 112 bit key plus 16 parity bits or 168-bit plus 24 parity bits.

• RC2 and RC4 use variable sized keys, often between 40 to 128 bits. Designed by Ron Rivest in 1987– RC 2 - 64-bit block algorithm. – RC 4 is stream algorithm that accepts a stream of bits

and modifies that stream to create output bits. Has been used in wireless computer connections but shown to be vulnerable to attack.

4-1.21

Problemswith Symmetric Key Cryptography

• Need a way of both sender and receiver to obtain secret key without anyone else knowing the key.

• Need a different key for each receiver that a sender may communicate with.

4-1.22

Advantageof Symmetric Key Cryptography

• Fast encryption/decryption (compared to asymmetric key cryptography, see next).

4-1.23

Asymmetric Key Cryptography Diffie-Hellman key exchange

• Uses two keys.• Enables two parties each having a private key to

obtain each other’s private key in a secure fashion.• Once in possession of the other’s private key, a

common key can be formed to be used to encrypt/decryt messages

• First public invention -- Whitfield Diffie, Martin Hellman, and Ralph C. Merkle in 1976.

• Patent granted in 1980. • However, method already known in UK classified

community in early 1970s.

Diffie-Hellman key exchange

Site A Site B

ga mod p

gb mod p

Prime number, p and base, g, (not secret)

Private key, a Private key, b

Compute(gb mod p)a mod p

Compute (ga mod p)b mod p

Both same(ga mod p)b mod p = (gb mod p)a mod p

Becomes shared secret key Used to encrypt messages using symmetric cryptography.

4-1.24

4-1.25

Asymmetric Key CryptographyPublic-Key Cryptography

RSA algorithm• Devised in 1977, by Rivest, Shamir, and Adleman

shortly after Diffie-Hellman key exchange.

• Widely adopted.

• Also known UK classified community in early 1970s but again not publicly disclosed.

• Described in a classified report in 1970 by James Ellis (UK). Declassified in 1987.

• Interestingly, in classified documents, RSA discovered first, and then Diffie-Hellman, which was opposite to order of public discovery.

4-1.26

Public Key Cryptography(Asymmetric key pair)

Two keys formed:

• Public key• Private key

Public and private keys are pairs such that a message encrypted with the public key can only be decrypted with the private key (and vice versa).

4-1.27

Encryption and Decryption

Fig 4-2

4-1.28

Public Key and Private Key

• Public key, as name suggests, is available to all.

• Private key only known by it’s owner.

• Not possible to find the private key from the public key for all practical purposes.

4-1.29

RSA Algorithm1. Find P and Q, two large prime numbers

(e.g., 1024-bit).

2. Choose E such that:

(a) E is greater than 1,(b) E is less than PQ, and(c) E and (P-1)(Q-1) have no prime factors in

common (relatively prime).

E does not have to be prime, but it must be odd. (P-1)(Q-1) can't be prime because it's an even number.

4-1.30

RSA Algorithm (cont.)

3. Compute D such that (DE - 1) is evenly divisible by (P-1)(Q-1)

That is, leave no remainder when (DE - 1) is divided by (P-1)(Q-1)

i.e. (DE - 1) / (P-1)(Q-1) is an integer.

4-1.31

RSA Algorithm (cont.)

• Public key is the pair (PQ, E)

• Private key is the number D

• No known practical method of calculating D, P, or Q given only (PQ, E) if P and Q are very large (1024 bit or more).

4-1.32

RSA Algorithm (cont.)

Encryption function is:

C = (TE) mod PQwhere:– C is the encrypted message (ciphertext)

a positive integer),– T is the message being encrypted

plaintext (a positive integer).

T must be less than the modulus, PQ.

Public key

4-1.33

RSA Algorithm (cont.)Decryption function is:

T = (CD) mod PQwhere:

– C is the encrypted message (ciphertext) a positive integer),

– T is the message being encrypted plaintext (a positive integer).

Private key

Part of public key

4-1.34

Breaking the encryptionFactorizing PQ

• If P and Q could be obtained from PQ, i.e. PQ factorized, private key D could easily be obtained

• Though it is widely suspected to be true, it is not yet proven that no easy methods of factoring exist.

• It is not yet proven that the only way to crack RSA is to factor PQ.

• See http://en.wikipedia.org/wiki/RSA for interesting attempts to break code.

4-1.35

Example of the RSA Algorithm1. Choose first prime number: P = 19 Choose second prime number Q = 13 Modulus: PQ = 247

2. Choose E such that 1 < E < 247 and no factors with 216. Let E = 17

3. Choose D. Simplest: DE - 1 = (P - 1)(Q - 1), i.e. DE = 217. Then with E = 7, D = 31

Destroy P and Q after computing E and D.

4-1.36

Example of the RSA Algorithm (cont.)

Your public key is (E, PQ) = 7, 247 Your private key is D = 31.

Encryption function

(T17) mod 3233

Decryption function

(C2753) mod 3233

4-1.37

Example of the RSA Algorithm (cont.)

To encrypt the plaintext value 123, do this:

encrypt(123) = (12317) mod 3233 = 855

To decrypt the ciphertext value 855, do this:

decrypt(855) = (8552753) mod 3233 = 123

4-1.38

How secure is public key encryption?

• Like secret key schemes, brute force exhaustive search attack is always theoretically possible

• Need to use very large numbers for the keys to reduce this possibility

• Hence slower than secret key schemes

4-1.39

Question - Why is it not sufficient to simply encrypt with receiver’s public key and decrypt with receiver’s private key:

My message that must be kept secret

Original data

Cipher data

Original data

1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE

My message that must be kept secretPublic

keyPrivate

Key

Receiver’s

4-1.40

Answer

• Anyone has access access to the public key and could send the message.

4-1.41

Non-repudiation• Means sender cannot deny they sent out a

message

• Public key cryptography can provide for non-repudiation

• Sender cannot deny they sent a message if message encrypted with sender’s private key. Message can be read with sender’s public key.

4-1.42

Non-repudiation

Fig 4-3

4-1.43

Public Key CryptographyDouble Encryption

Slow but secure.Fig 4-4

4-1.44

Problem with Public Key Cryptography used alone

• The public key actually must be truly from the owner and the private key must be held securely by the owner.

• If the receiver’s public key is used to encrypt the message, anyone can do that as the public key is available to all, so there has to be an additional method to ensure the identity of the sender.

• Public key cryptography is slow.• Double encryption is even slower.

4-1.45

Problem with Symmetric (Secret) Key Cryptography used alone

• It requires the key be known by both parties ahead of time or transmitted over a secure channel.

(Diffie-Hellman key exchange algorithm could be used.)

• Each pair of communicating sites needs its own secret key.

4-1.46

• So what is the solution?

• Public key infrastructure (PKI) provides a solution.– Use public key cryptography to establish identity

and exchange secret key and then use symmetric Cryptography to encrypt messages

• See next section.

QuestionIn security, what is meant by the term "Authentication"?

Answer(a)The process of deciding whether a particular identity can access a particular resource.

(b) The process of giving authority to another identity.

(c) The process of deciding whether a particular identity is who he says he is.

(d) None of the other answers.

4-1.47

QuestionWhat is a Public-Key Cryptography?

Answer(a) Cryptography that uses a single key called a public key

(b) Cryptography that must use double encryption

(c) Cryptography that uses a pair of keys

(d) Cryptography that uses keys held in a public library

4-1.48