Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything!...

ì Computer Network Security COMP 178 | Spring 2021 | University of the Pacific | Jeff Shafer Cryptography: Key Exchange, Public Key Cryptography, Authen8ca8on

Transcript of Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything!...

Page 1: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

ìComputer Network SecurityCOMP 178 | Spring 2021 | University of the Pacific | Jeff Shafer

Cryptography:Key Exchange,

Public Key Cryptography,Authen8ca8on

Page 2: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

ìKey Exchange

Spring 2021Computer Network Security


Page 3: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Challenge – Exchanging Keys

Spring 2021Computer Network Security



👨⚕ 👳



👨🎤 𝐸𝑥𝑐ℎ𝑎𝑛𝑔𝑒𝑠 =𝑛 𝑛 − 1

2 =)6(6 − 1

2 = 15

The more par@es in communica@on, the more keys that need to be securely exchanged

Do we have to use out-of-band methods? (e.g., phone?)

Page 4: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Key Exchange

ì Insecure communica-ons channelì Eve can see everything!

ì Alice and Bob agree on a shared secret (“key”) that Eve doesn’t knowì Despite Eve seeing


Spring 2021Computer Network Security





Page 5: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Spring 2021Computer Network Security


Proposed public key cryptography.Diffie-Hellman key exchange.

Whitfield Diffie and Martin Hellman, “New directions in cryptography,” in IEEE Transactions on Information Theory, vol. 22, no. 6, Nov 1976.

Page 6: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Color Analogy

Spring 2021Computer Network Security


(1) It’s easy to mix two colors: + =

(2) Mixing two or more colors in a different order results in the same color:

+ + =

+ + =

(3) Mixing colors is one-way(Impossible to determine which colors went in to produce final result)

Page 7: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Color Analogy

Spring 2021Computer Network Security





(1) Start with public color ▇ – share across network(2) Alice picks secret color ▇ and mixes it to get ▇(3) Bob picks secret color ▇ and mixes it to get ▇







🔐 🔐

Page 8: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Color Analogy

Spring 2021Computer Network Security





(4) Alice and Bob exchange their mixed colors (▇,▇)(5) Eve will see the mixed colors too (▇,▇)(6) Alice adds her secret color ▇ to Bob’s mix ▇ = ▇(7) Bob adds his secret color ▇ to Alice’s mix ▇ = ▇

Mix Mix

🔐 🔐

==Eve can’t calculate ▇ !!

(secret keys were never shared)

Page 9: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Color Analogy

Spring 2021Computer Network Security





🔐 Mix




(order doesn’t matter)



Page 10: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Math

Spring 2021Computer Network Security


𝑦 ≡ (𝑔!) 𝑚𝑜𝑑 (𝑝)

y is defined as equal to gx modulo pp = prime number (modulus)g = base integerx = random integer

Assump&on: Compu&ng y is easy!But compu&ng x given y, g, and p is very hard!

Discrete Logarithm Problem

Page 11: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Math

Spring 2021Computer Network Security










🔐 🔐

(1) Public color ▇ is a large prime number p and base g(2) Alice secret color ▇ is random integer rA(3) Bob secret color ▇ is random integer rB(4) Alice mixed color ▇ is mA(5) Bob mixed color ▇ is mB(6) Exchange mA and mB

𝑚! ≡ (𝑔"!) 𝑚𝑜𝑑 (𝑝)𝑚# ≡ (𝑔"") 𝑚𝑜𝑑 (𝑝)

Page 12: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Math

Spring 2021Computer Network Security





🔐 Mix





𝑠# ≡ 𝑚!"" 𝑚𝑜𝑑 (𝑝)

𝑠* = 𝑠+

𝑠! ≡ 𝑚#"! 𝑚𝑜𝑑 (𝑝)

Page 13: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Diffie-Hellman Math

ì Doesn’t have to be modular divisionì Could be ellip,c curvesì Could be supersingular isogeny key exchangeì Could be <other math words>…

Spring 2021Computer Network Security


Page 14: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

ìPublic Key Cryptography

Spring 2021Computer Network Security


Page 15: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Public Key Cryptography

ì Asymmetric cryptography

ì Sending data to Alice?ì Use her public Key

ì Alice receives your data?ì She decrypts it with her private key

Spring 2021Computer Network Security


Page 16: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Spring 2021Computer Network Security


RSA encryp@on methodFirst public key method

Ron L. Rivest, Adi Shamir, and Leonard Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM (February 1978)

Page 17: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Public-Key Algorithms

ì Key exchange algorithmsì Allows two parties to agree on a shared secret across an

insecure mediumì Example: Diffie-Hellman

ì Encryption algorithmsì Allows sender to encrypt without having to agree first on

a shared secretì Example: RSA

ì Signature algorithmsì Allows sender to sign information using sender’s private

key and receiver to validate using sender’s public key

Spring 2021Computer Network Security


Page 18: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Public-Key Encryption

Spring 2021Computer Network Security


Public key encryption is awesome!

Should we use it everywhere?

Page 19: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Caveat – Performance

ì Rarely use public key encryption by itself

ì Reasons:ì Size (RSA can’t encrypt anything larger than its modulus,

i.e. 4096 bits)ì Performance

ì RSA 2048 encryption: 0.08 megacycles/operation (256B)ì RSA 2048 decryption: 3.25 megacycles/operationì AES-GCM: 2-4 cycles per byte


Spring 2021Computer Network Security


Hybrid cryptosystem – Use public-key algorithms to coordinate keys, and then use symmetric ciphers (shared key) for bulk opera@ons

Page 20: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

ìAuthenticated Encryption

Spring 2021Computer Network Security


Page 21: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


Spring 2021Computer Network Security


What if the a<acker ac)vely manipulatesdata instead of passively observing it?

Page 22: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


Spring 2021Computer Network Security





pretending to be bob)

How do we protect against this scenario?


pretending to be alice)

DH Exchange DH Exchange




Cease fire!


Cease fire! Attack at Dawn!


Attack at Dawn!

Page 23: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


Spring 2021Computer Network Security


Encryption without authentication is almost certainly wrong…

Attackers don’t need to decrypt to modify ciphertext

Page 24: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


ì Goal: Add information to message that only the real sender (not Eve!) could have computed

ì Authentication for symmetric-key encryptionì “Message Authentication Codes”ì MACs are generated and verified with the same key

ì Authentication for public-key encryptionì “Signatures”ì Signatures are generated with private key and

verified with public key

Spring 2021Computer Network Security


Page 25: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Message Authentication Code (MAC)

ì Small piece of information used to verify message integrity / authenticity (“Tag”)

ì Key is shared secret between Alice and Bob

Spring 2021Computer Network Security


Message(arbitrarylength ciphertextor plaintext)



(Secret key)

Tag(fixed length)




(Secret key)





Page 26: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Message Authentication Code (MAC)

ì Authen2cate and Encryptì Used by SSHì Authen?cate and

encrypt plaintext separately

ì C = E(KC ,P) and t=MAC(KM ,P)

ì Send C and t

Spring 2021Computer Network Security


How to combine ciphertext with a MAC?

Page 27: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Message Authentication Code (MAC)

ì Authenticate, then Encryptì Used by TLSì Authenticate plaintext, then

encrypt {plaintext, tag}ì t=MAC(KM ,P) thenì C = E(KC , {P|t})ì Send C (t is part of C)

Spring 2021Computer Network Security


How to combine ciphertext with a MAC?

Page 28: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Message Authentication Code (MAC)

ì Encrypt, then Authen2cate ì Used by IPSecì Standard ISO/IEC 19772:2009ì Encrypt plaintext, then

authen?cate ciphertextì C = E(KC , P) then

t=MAC(KM ,C)ì Send C and t

Spring 2021Computer Network Security


How to combine ciphertext with a MAC?

Page 29: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Message Authentication Code (MAC)

ì Which to choose?ì Authen?cate and Encryptì Authen?cate, then Encryptì Encrypt, then Authen?cate

ì Consider what the receiver does to reverse process

ì When you receive a message, the very first thingyou do should be to authenJcate itì Anything else risks CERTAIN DOOM (eventually)

Spring 2021Computer Network Security


How to combine ciphertext with a MAC?

– Modern Best Practice


Page 30: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


ì We can do beKer sJll! What if authenJcaJon was part of our encrypJon scheme, and not a separate step?

ì Authen2cated Encryp2on with Associated Data (AEAD)ì Messages have two parts – example: emails

ì Content (encrypt!)ì Metadata (authenMcate, but plaintext)

Spring 2021Computer Network Security




Page 31: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

AEAD Modes

ì Galois Counter Mode (GCM) – Good!ì Not patent encumberedì SSH, TLS 1.2, OpenVPNì Standardized in ISO/IEC 19772:2009ì Can be used by itself (authentication-only): GMAC

ì Many other AEAD modesì EAX, OCB 2.0, CCM, Key Wrap, …

Spring 2021Computer Network Security


Page 32: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Modes of Operation

Encryp'on-OnlyNo Authen'ca'on

ì Counter (CTR) – Best!

ì Cipher Block Chaining (CBC) – Good

ì Electronic Code Book (ECB)– Don’t use!

ì Also ran: CFB, OFB, XTS, …

MACs – Message Integrity Only, No Encryp'on

ì GMAC - Good

ì HMAC – Goodì But why are you just

authenticating and not encrypting?

ì Also ran: ALG1-6, CMAC

Spring 2021Computer Network Security


Remember our Block Cipher Modes of Operation?

Page 33: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Modes of Operation

Authenticated Encryption (Encrypt + Auth)

ì GCM – Good!

ì CCM – Good!

ì Also-ran: EAX, OCB 2.0, Key Wrap, …

Spring 2021Computer Network Security


Remember our Block Cipher Modes of Operation?

Page 34: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì

Repeating the Warning…

Spring 2021Computer Network Security


Encryption without authentication is almost certainly wrong…

A8ackers don’t need to decrypt to modify ciphertext

Page 35: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


ì Goal: Add information to message that only the real sender (not Eve!) could have computed

ì Authentication for symmetric-key encryptionì “Message Authentication Codes”ì MACs are generated and verified with the same key

ì Authentication for public-key encryptionì “Signatures”ì Signatures are generated with private key and

verified with public key

Spring 2021Computer Network Security


Page 36: Computer Network Security...Key Exchange ìInsecure communica-ons channel ì Eve can see everything! ìAlice and Bob agree on a shared secret (“key”) that Eve doesn’t know ì


ì RSA-based signatures

ì Digital Signal Algorithm (DSA)

ì Elliptic Curve Digital Signature Algorithm (ECSDA)

Spring 2021Computer Network Security