L13. Reviews

Rocky K. C. Chang, April 10, 2015

1

Foci of this course

Understand the 3 fundamental cryptographic functions

and how they are used in network security.

Understand the main elements in securing today’s

Internet infrastructure.

Exposed to some current Internet security problems.

2

Types of attacks

Passive attacks (eavesdropping), e.g.,

ciphertext-only attacks (recognizable plaintext attacks)

Fred has seen some ciphertext.

known-plaintext attacks

Fred has obtained some <plaintext, ciphertext> pairs.

chosen-plaintext attacks

Fred can choose any plaintext he wants.

Active attacks, e.g.,

pretend to be someone else (impersonation)

introduce new messages in the protocol

delete existing messages

substituting one message for another

replay old messages

3

Three cryptographic functions

Hash functions: require 0 key

Secret key functions: require 1 key

Public key functions: require 2 keys

4

5

Symmetric cryptography

Secret key functions

Stream cipher vs block cipher

Symmetric cryptography based on substitution (confusion) and diffusion

64-bit DES and 128/192/256-bit AES

Secrecy service

Encrypting data of any size: cipher block chaining (CBC)

Security problems with CBC, e.g., identical and nonidentical ciphertext

blocks.

6

7

Cryptographic hash functions and

MAC

Hash functions 3 properties: pre-image resistance, collision resistance, and mixing

transformation

The birthday problem and attack

k 1.774q, where q is the number of distinct hash outputs

The length of a secure hash output ≥ 256 bits

Hash function standards (MDx, SHA-x)

2 problems: length extension and partial message collision

Message authentication codes A successful attack on MAC

CBC-MAC and HMAC

8

9

The public-key cryptography

Prime numbers, modulo a prime

A group for the set of numbers modulo a prime p without 0 under multiplication

Compute the multiplicative inverse using the extended Euclid algorithm.

Generate a large prime number. The Rabin-Miller test determines whether an odd integer is prime.

Each party involved in a public-key cryptographic system is one secret and one public “key”.

10

The Diffie-Hellman (DH) protocol

The DH protocol uses the multiplicative group modulo p, where p is a very large prime. A generator g generates a set of numbers 1, g, g2, …, gt-1 (gt = 1 again).

Subgroups (t < p-1) and group (t = p-1)

The basic Diffie-Hellman (DH) protocol (g, p) and a random number in (1, 2, …, p-1)

The discrete logarithm problem

Security problems Using a smaller subgroup ({1}, {1, p-1}) and a safe prime

Squares and nonsquares

Man in the middle attack

11

Alice Bob

X = gx

Y = gy

Randomly pick x

from {1, …, q-1}

Randomly pick y

from Z*p

k Yx mod p k Xy mod p

Check (p, q, g) Check (p, q, g)

Check 1 < X < p

and Xq = 1

Check 1 < Y < p

and Yq = 1

12

The RSA algorithm

In RSA, we perform modulo a composite number n = p q, where p and q are large primes. Use 2 different exponents e (public) and d (private), such that e d = 1

mod t, where t = lcm(p – 1, q – 1).

To encrypt m, compute c = me mod n; to decrypt c, compute cd mod n = m.

To sign m, compute s = m1/e mod n; to verify the signature, compute se = m mod n.

Choices of e, p, and q

Pitfalls of using RSA, e.g., encrypting a small message, message signing.

13

14

Authentication

Network-based, password-based

Cryptographic authentication Symmetric and asymmetric

Challenge and response

Mutual authentication 2 x one-way authentication.

Reflection attack and man in the middle attack

Principles:

One-way: Have the responder influence on what she encrypts or hashes.

Have both parties have some influence over the quantity signed.

15

Authenticated key exchange

Authenticated Diffie-Hellman exchange

Perfect forward secrecy

Allow both sides to agree on the crypto. algorithms and

the DH parameters.

A partial solution to denial-of service attacks using

cookies

It is prudent to couple the key exchange with

authentication.

16

Alice Bob

(p, q, g), X = gx, AUTHB

Y = gy, AUTHA

Randomly pick Na

from {0, …,2256-1}

Randomly pick x

from {1, …, q-1}

k h(Yx mod p)

k h(Xy mod p)

s min p size

Choose (p, q, g)

Check (p, g, q), X,

AUTHB

s, Na

Check Y, AUTHA

Randomly pick y

from {1, …, q-1}

17

Secure network protocols

in practice

18

PKI

Alice generates her public/private key pair. Keep the private key.

Take the public key to the CA, say k

The CA has to verify that Alice is who she says she is.

The CA then issues a digital statement stating that k belongs to Alice.

There will never be a single CA for all or most of all. There are going to be a large number of PKIs.

Use different key pairs in different PKIs.

Choose between a key server approach and a PKI approach.

19

IPSec

Unicast, unidirectional security association at the IP layer

Authentication Header and Encapsulation Security Payload

Partial solution to the replay attack

Tunnel mode and transport mode

Encryption without authentication is useless.

Outbound and inbound packet processing

20

IKEv.1

IKE phase 1 (ISAKMP association) and phase 2

The main mode consists of 3 message pairs. 1st pair: ISAKMP SA negotiation

2nd pair: a D-H exchange and an exchange of nonces

3rd pair: Peer authentication

The phase 1 is protected with encryption and authentication. Establish IPSec associations and the necessary keys.

A new issue here is hiding the identities of the end points

21

TLS 1.2

Pros and cons of providing security services at the

transport layer instead of the IP layer.

The TLS Handshake and Record layers.

Session states and connection states

The session states can be reused to establish a new connection.

Server and client authentication

22

Network security is more than the

above

Wireless security: IEEE 802.11i, RFID, Bluetooth, IP

telephony, etc

Worms and buffer overflow attacks

Denial-of-service and degradation-of-service attacks

Data security

Covert channel, privacy protection

23

Network security is more than the

above Security policies

Operational issues

Human issues

Vulnerability analysis

Auditing

Intrusion detection

System security

Program security

etc

24

“Security is a chain; it’s only as

secure as the weakest link.”

“Security is not a product; it itself is a

process.”

Bruce Schneier

25