EE 122: (More) Network Security

Katz, Stoica F04

EE 122: (More) Network Security

November 5, 2003

Katz, Stoica F04

EECS 122: Introduction to Computer Networks

Network Security II

Computer Science Division

Department of Electrical Engineering and Computer Sciences

University of California, Berkeley

Berkeley, CA 94720-1776

3Katz, Stoica F04

Today’s Lecture: 20

Network (IP)

Application

Transport

Link

Physical

2

7, 8, 9

10,11

14, 15, 16

21, 22, 23

25

6

17,18

19,

20

4Katz, Stoica F04

Security Requirements

Authentication - Ensures that the sender and the receiver are who they are

claiming to be

Data integrity - Ensure that data is not changed from source to destination

Confidentiality - Ensures that data is red only by authorized users

Non-repudiation- Ensures that the sender has strong evidence that the

receiver has received the message, and the receiver has strong evidence of the sender identity, strong enough such that the sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message (not discussed in this lecture)

5Katz, Stoica F04

Outline

Cryptographic Algorithms (Confidentiality and Integrity)

Authentication System examples

6Katz, Stoica F04

Cryptographic Algorithms

Security foundation: cryptographic algorithms- Secret key cryptography, Data Encryption Standard

(DES)

- Public key cryptography, RSA algorithm

- Message digest, MD5

7Katz, Stoica F04

Symmetric Key

Both the sender and the receiver use the same secret keys

InternetEncrypt withsecret key

Decrypt withsecret key

Plaintext Plaintext

Ciphertext

8Katz, Stoica F04

Data Encryption Standard (DES)

DES encrypts a 64-bit block of plain text using a 64-bit key

Three phases1. Permute the 64 bits in the

block

2. Apply a given operation 16 times on the 64 bits

3. Permute the 64 bits using the inverse of the original permutation

Round 1

Round 16

... key

1st phaseIP(input)

3rd phaseIP-1(input)

2nd phase

9Katz, Stoica F04

Initial Permutation (IP)

IP: bit 58 of input becomes 1st bit, it 50 becomes 2nd bit, etc

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 462 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7

IP-1: inverse of IP, e.g., IP(1) = 58, IP-1 (58) = 1

40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

10Katz, Stoica F04

2nd Phase: Operation In Each Round

Key K is 64 bits 16 rounds Each round i select a 48

bit key Ki from the original 64 bit key K. Perform (F is a given function): +

F

63 0

63 32 31 0

Ki

Li-1 Ri-1

Li Ri

),( 11

1

iiii

ii

KRFLR

RL

11Katz, Stoica F04

Encrypting Larger Messages

Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext

+

Block1

Cipher1

DES

+

Block2

DES

+

Block3

DES

+

Block4

DES

Cipher2 Cipher3 Cipher4

IV

12Katz, Stoica F04

DES Properties

Provide confidentiality- No mathematical proof, but practical evidence suggests

that decrypting a message without knowing the key requires exhaustive search

- To increase security use triple-DES, i.e., encrypt the message three times

13Katz, Stoica F04

Public-Key Cryptography: RSA (Rivest, Shamir, and Adleman)

Sender uses a public key- Advertised to everyone

Receiver uses a private key

InternetEncrypt withpublic key

Decrypt withprivate key

Plaintext Plaintext

Ciphertext

14Katz, Stoica F04

Generating Public and Private Keys

Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q

Chose encryption key e such that e and (p-1)*(q-1) are relatively prime

Compute decryption key d, where

d = e-1 mod ((p-1)*(q-1))

(equivalent to d*e = 1 mod ((p-1)*(q-1))) Public key consist of pair (n, e) Private key consists of pair (d, n)

15Katz, Stoica F04

RSA Encryption and Decryption

Encryption of message block m: - c = me mod n

Decryption of ciphertext c: - m = cd mod n

16Katz, Stoica F04

Example (1/2)

Choose p = 7 and q = 11 n = p*q = 77 Compute encryption key e: (p-1)*(q-1) = 6*10 = 60

chose e = 13 (13 and 60 are relatively prime numbers) Compute decryption key d such that 13*d = 1 mod 60

d = 37 (37*13 = 481)

17Katz, Stoica F04

Example (2/2)

n = 77; e = 13; d = 37 Send message block m = 7 Encryption: c = me mod n = 713 mod 77 = 35 Decryption: m = cd mod n = 3537 mod 77 = 7

18Katz, Stoica F04

RSA Proof Sketch (1/4)

mod properties. Suppose a = b mod k, and c = d mod k. Then

1) a + c = (b + d) mod k

2) a*c = (b*d) mod k

19Katz, Stoica F04


Theorem: Assume a and d are relatively primes, (a, d) = 1. Then a*b = a*c mod d implies b = c mod d

Proof:Since (a, d) = 1, there exists m and n such that a*m + d*n = 1 a*m = -d*n + 1 a*m = 1 mod d (1)Then, we have a*b = (a*c) mod d (a*m*b) = (a*m*c) mod d (using mod additive property) a = c mod d (from (1))

20Katz, Stoica F04


Euler Theorem: Let Φ(d) be the number of numbers less than d relative prime to d, and suppose (a, d) = 1. Then aΦ(d) = 1 mod d.

Proof:Let a1, a2, .., aΦ(d) by the prime numbers to a. Then for all i(ai, 1) = 1, (a, d) = 1, and (a*ai, d) = 1.

Note that (a*ai mod d) are Φ(d) relatively prime numbers (< d) to d.

Thus, lists a1, a2, …, aΦ(d) and (a*a1) mod n, (a*a2) mod n, …, (a*aΦ(d)) mod d,contain the same numbers!

Using mod properties we have: (a*a1)*(a*a2)* .. *(a*aΦ(d)) = (a1*a2*… *aΦ(d)) mod d aΦ(d) (a1*a2*… *aΦ(d)) = (a1*a2*… *aΦ(d)) mod d (from prev. Theorem) aΦ(d) = 1 mod d

21Katz, Stoica F04


Theorem: Suppose (1) p and q are primes, (2) n = pq, (3) e*d = 1 mod (p-1)(q-1), and (4) c = me mod n. Then m = cd mod n

Proof:Assume m = 1 mod p and m = 1 mod q (Otherwise much longer proof)

Since p and q are primes Φ(p) = p -1, Φ(q) = q -1, and Φ(p*q) = (p-1)*(q-1). Since m = 1 mod (p*q) = 1 mod n, from Euler Theorem mΦ(n) = 1 mod n m(p-1)(q-1) = 1 mod pq

ce mod n = m(e*d) mod n = c(k*(p-1)(q-1) + 1) mod pq = mk*(p-1)(q-1))* m mod pq = m mod pq = m (since m < p*q)

22Katz, Stoica F04

Properties

Confidentiality A receiver A computes n, e, d, and sends out (n, e)

- Everyone who wants to send a message to A uses (n, e) to encrypt it

How difficult is to recover d ? (Someone that can do this can decrypt any message sent to A!)

Recall that

d = e-1 mod ((p-1)*(q-1)) So to find d, you need to find primes factors p and q

- This is provable very difficult

23Katz, Stoica F04

Message Digest (MD) 5

Can provide data integrity- Used to verify the authentication of a message

Idea: compute a hash on the message and send it along with the message

Receiver can apply the same hash function on the message and see whether the result coincides with the received hash

24Katz, Stoica F04

MD 5 (cont’d)

Basic property: digest operation very hard to invert- In practice someone cannot alter the message without

modifying the digest

InternetDigest(MD5)

Plaintext

digest

Digest(MD5)

=

digest’

NO

corrupted msg Plaintext

25Katz, Stoica F04

Message Digest Operation

Transformation contains complex operations (see textbook)

512 bits 512 bits 512 bits

Message (padded)

Initial digest(constant)

Transformation

Transformation

Transformation

...

Message digest

26Katz, Stoica F04

Outline



27Katz, Stoica F04

Authentication

Goal: Make sure that the sender an receiver are the ones they claim to be

Two solutions based on secret key cryptography (e.g., DES)

- Three-way handshaking

- Trusted third party

One solution based on public key cryptography (e.g., RSA)

- Public key authentication

28Katz, Stoica F04

Simple Three-Way Handshaking

E(m,k) – encrypt message m with key k

D(m,k) – decrypt m with key k

CHK and SHK – client and server shared secrete keys

SK – session key used for data communication

- This reduces the number of messages containing CHK and SHK

Question: how are CHK and SHK communicated in the first place?

clientId, E(x, CHK)

E(x+1, SHK), E(y,SHK)

E(y+1, CHK)

E(SK,SHK)

client server

29Katz, Stoica F04

Trusted Third Party

Trust a third party entity, authentication server Scenario: A wants to communicate with B Assumption: both A and B share secrete keys with S:

KA and KB

Notations:- T: timestamp (also serves the purpose of a random number)

- L: lifetime of the session

- K: session’s key

30Katz, Stoica F04

Trusted Third Party (cont’d)

A,B

E(T+1,K)

E((T,L,K,B),KA)E((T,L,K,A),K

B) E((A,T),KA)E((T,L,K,A),K

B)

S A B

31Katz, Stoica F04

Public Key Authentication

Based on public key cryptography Each side need only to know the

other side’s public key- No secrete key need to be shared

A encrypts a random number x and B proves that it knows x

A can authenticate itself to be in the same way

E(x, PublicB)

x

A B

32Katz, Stoica F04

Outline



33Katz, Stoica F04

Public Key Infrastructure (PKI)

System managing public key distribution on a wide-scale

Trust distribution mechanism Allow any arbitrary level of trust

34Katz, Stoica F04

PKI Properties

Authentication via Digital Certificates Confidentiality via Encryption Integrity via Digital Signatures Non–Repudiation via Digital Signatures

35Katz, Stoica F04

Components of a PKI

36Katz, Stoica F04

Digital Certificate

Signed data structure that binds an entity with its corresponding public key

- Signed by a recognized and trusted authority, i.e., Certification Authority (CA)

- Provide assurance that a particular public key belongs to a specific entity

37Katz, Stoica F04

Certification Authority

People, processes responsible for creation, delivery and management of digital certificates

Organized in an hierarchy

CA-1 CA-2

Root CA

38Katz, Stoica F04

Registration Authority

People, processes and/or tools that are responsible for

- Authenticating the identity of new entities (users or computing devices)

- Requiring certificates from CA’s.

39Katz, Stoica F04

Certificate Repository

A database which is accessible to all users of a PKI, contains:

- Digital certificates,

- Certificate revocation information

- Policy information

40Katz, Stoica F04

Example

Alice generates her own key pair.

public keyAlice

private keyAlice

Bob generates his own key pair.

Both sent their public key to a CA and receive a digital certificate

public keyBob

private keyBob

41Katz, Stoica F04

Example

Alice gets Bob’s public key from the CA

private keyAlice

public key

Bob

private keyBob

public keyAlice

Bob gets Alice’s public key from the CA

42Katz, Stoica F04

Example

Message

Alice Bob

Hash MessageHash

Encryption Decryption

AlicePrivate

AlicePublic

Hash=?

Alice use private key to sign: use public key cryptography to provide integrity

43Katz, Stoica F04

Certificate Revocation

Process of publicly announcing that a certificate has been revoked and should no longer be used.

Approaches:- Use certificates that automatically time out

- Use certificate revocation list

- Use list that itemizes all revoked certificates in an on-line directory

44Katz, Stoica F04

Pretty Good Privacy (PGP)

Provide- Authentication

- Confidentiality

Application examples: file transfers, e-mail Authentication weaker than PKI, but

- Freely available

- Not controlled by a government or standard organization

45Katz, Stoica F04

PGP Services

Authentication Digital signature; uses DSS/SHA or RSA/SHA

Confidentiality Encryption, e.g., three-key triple DES or RSA

Also provides- Compression Zip

- E-mail compatibility Radix-64 conversion

- Segmentation

46Katz, Stoica F04

PGP: Public Key Management

No rigid public key management scheme Problem: how to get public key reliable

- Possible solution: physically or by phone. Secure but unpractical

PGP solution: build a ”web of trust” - Assume you know several variably trusted users

- Each of these indvidual can sign certificates for other users

- Each signature has asociated a trust field indicating the level of trust in the certificate

47Katz, Stoica F04

48Katz, Stoica F04

What do You Need To Know

Security requirements Cryptographic algorithms

- How does DES and RSA work (no proof for RSA)

Authentication algorithms Public key management, digital certificates (high

level)

EE 122: (More) Network Security

Documents

Transcript of EE 122: (More) Network Security