5a.1 security i – general principles copyright b. wilkinson, 2008. this material is the property...
Post on 20-Dec-2015
215 views
TRANSCRIPT
5a.1
Security
I – General principles
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students enrolled in the Fall 2008 Grid computing course broadcast on the North Carolina
Research and Education Network (NCREN) to universities across North Carolina. Sept 8A, 2008
5a.2
• Here, we will look at general methods of making a secure connection, which are widely applicable.
• Later, look at the specifics for Grid computing, which has additional security requirements and constraints.
5a.3
Secure Connections• Secure connections needed in many
computer related activities, including e-business and Grid computing.
• Fundamental purpose:– To able to send confidential information from
one point to another in a network without information being accessible by others not authorized to receive information along the path or at the end of the connection.
5a.4
Data Confidentiality
• Term is used to describe an information exchange protected against eavesdroppers.
5a.5
Data Integrity
• The term used to describe assurance that message was not modified in transit (intentionally or by accident).
• Unfortunate reality that there are those that would try to access information not meant for them.
5a.6
Authentication
Secure connections imply that information is only sent by one that is identifiable by destination and the destination is identifiable by source.
• Authentication– Process of deciding whether a particular
identity is who he says he is (applies to humans and systems)
5a.7
Authorization
• Coupled with authentication is allowing access.
• Authorization– Process of deciding whether a particular
identity can access with particular resource
– Access control : Controlling specific types of access.
– We will deal with authorization later
5a.8
Password-Based Authentication
• User enters a user name and password.
• User name and password sent through network to server.
• Server validates name and password and responds.
5a.9
Name and Password• Typical sequence:
login% abwpassword% ******
• where user enters his username (abw above) and password, shown here as ********.
• Password not displayed so that no one can see it.• Server validates name and password and
responds. • If username and password valid, access granted.
5a.10
Name and Password
• Consider a login prompt:
login% abwThere is no such userlogin%
5a.11
Name and Password
• A different login prompt behavior:
login% abwpassword% ******authentication failedlogin%
• Second version a little more secure because it reveals less information to a potential intruder, but ...
5a.12
Name and Password
• If name and password sent in plain text, vulnerable to interference and being stolen.
• Need to send information in a way it cannot be read by others during transmission.
5a.13
Basic idea:
Encryption• Convert the original message (clear text, or
plain text) to the encrypted message (ciphertext)
Decryption• Reverse process of retrieving plaintext from
encrypted text
• Term Cryptography used to describe process
5a.14
Can either:
• Make encryption/decryption algorithm(s) hidden, so that an intruder cannot know it,
or, better:
• Use known algorithm and use a hidden key with the algorithm.
5a.15
Cryptography algorithms with keys
• Converts data into scrambled binary patterns, using a large binary number called a key.
• A key is also used to convert the scrambled patterns back to the original data.
• Algorithms are well-known - it is a specific key(s) that must be kept secure.
5a.16
Secret Key Cryptography• Sender and receiver has a same secret key in
their possession.
• Sender uses secret key to encrypt data.
• Receiver uses same key to decrypt data.
• Known as symmetric cryptography. Key is called a symmetric key.
5a.17
Encryption and Decryption
My message that must be kept secret
Original data
Cipher data Original
data
Same key
1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE
My message that must be kept secret
Simple Secret-Key ExampleUsing Exclusive-OR operation
5a.19
Example
Data (“abra”) has binary representation:
01100001011000100111001001100001
Choose random string of bits as key:
10011101010010001111010101011100
Exclusive-OR patterns to get encrypted message:
11111100001010101000011100111101
To get original message back, use same algorithm and key. (Don't use this algorithm!)
5a.20
Common Symmetric Key Cryptography Systems
• Data Encryption Standard (DES) 56-bit key plus 8 parity bits - IBM 1970’s.
• Triple-DES 112 bit key plus 16 parity bits or 168-bit plus 24 parity bits.
• RC2 and RC4 use variable sized keys, often between 40 to 128 bits. Designed by Ron Rivest in 1987– RC 2 - 64-bit block algorithm. – RC 4 is stream algorithm that accepts a stream of bits
and modifies that stream to create output bits. Has been used in wireless computer connections but shown to be vulnerable to attack.
5a.21
Problemswith Symmetric Key Cryptography
• Need a way of both sender and receiver to obtain secret key without anyone else knowing the key.
• Need a different key for each receiver that a sender may communicate with.
5a.22
Advantageof Symmetric Key Cryptography
• Fast encryption/decryption (compared to asymmetric key cryptography (see next).
5a.23
Asymmetric Key Cryptography Diffie-Hellman key exchange
• Uses two keys.
• Enables two parties each having a private key to obtain each other’s private key in a secure fashion. Once in possession of the other’s private key, can be used to encrypt messages
• First public invention -- Whitfield Diffie, Martin Hellman, and Ralph C. Merkle in 1976.
• Patent granted in 1980. • However, method already known in UK classified
community in early 1970s.
Diffie-Hellman key exchange
Site A Site B
ga mod p
gb mod p
Prime number, p and base, g, (not secret)
Private key, a Private key, b
Compute(gb mod p)a mod p
Compute (ga mod p)b mod p
Both same(ga mod p)b mod p = (gb mod p)a mod p
Becomes shared secret key Used to encrypt messages using symmetric cryptography.
5a.24
5a.25
Asymmetric Key CryptographyPublic-Key Cryptography
RSA algorithm• Devised in 1977, by Rivest, Shamir, and Adleman
shortly after Diffie-Hellman key exchange.
• Widely adopted.
• Also known UK classified community in early 1970s but again not publicly disclosed.
• Described in a classified report in 1970 by James Ellis (UK). Declassified in 1987.
• Interestingly, in classified documents, RSA discovered first, and then Diffie-Hellman, which was opposite to order of public discovery.
5a.26
Public Key Cryptography(Asymmetric key pair)
Two keys formed:
• Public key• Private key
Public and private keys are pairs such that a message encrypted with the public key can only be decrypted with the private key (and vice versa).
5a.27
Encryption and Decryption
My message that must be kept secret
Original data
Cipher data
Original data
1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE
My message that must be kept secretPublic
keyPrivate
Key
Receiver’s
5a.28
Public Key and Private Key
• Public key, as name suggests, is available to all.
• Private key only known by it’s owner.
• Not possible to find the private key from the public key for all practical purposes.
5a.29
RSA Algorithm• Find P and Q, two large prime numbers
(e.g., 1024-bit).
• Choose E such that:
1. E is greater than 1,2. E is less than PQ, and3. E and (P-1)(Q-1) have no prime factors in
common (relatively prime).
E does not have to be prime, but it must be odd. (P-1)(Q-1) can't be prime because it's an even number.
5a.30
RSA Algorithm (cont.)
• Compute D such that (DE - 1) is evenly divisible by (P-1)(Q-1) (Leave no remainder with divided by, i.e. (DE - 1) / (P-1)(Q-1) is an integer.)
5a.31
RSA Algorithm (cont.)
Encryption function is:
C = (TE) mod PQwhere:– C is the encrypted message (ciphertext)
a positive integer),– T is the message being encrypted
plaintext (a positive integer).
T must be less than the modulus, PQ.
5a.32
RSA Algorithm (cont.)Decryption function is:
T = (CD) mod PQwhere:
– C is the encrypted message (ciphertext) a positive integer),
– T is the message being encrypted plaintext (a positive integer).
5a.33
RSA Algorithm (cont.)
• Public key is the pair (PQ, E).• Private key is the number D
• No known easy methods of calculating D, P, or Q given only (PQ, E) if P and Q are very large (1024 bit or more).
• If P and Q could be obtained from PQ, i.e. PQ factorized, private key D could easily be obtained
5a.34
• Though it is widely suspected to be true, it is not yet proven that no easy methods of factoring exist.
• It is not yet proven that the only way to crack RSA is to factor PQ.
• See http://en.wikipedia.org/wiki/RSA for interesting attempts to break code.
5a.35
Example of the RSA AlgorithmChoose first prime number: P = 19Choose second prime number Q = 13
Modulus: PQ = 247
Choose E such that 1 < E < 247 and no factors with 216. Let E = 17
Choose D. Simplest: DE - 1 = (P - 1)(Q - 1), i.e. DE = 217. Then with E = 7, D = 31
Destroy P and Q after computing E and D.
5a.36
Example of the RSA Algorithm (cont.)
Your public key is (E, PQ) = 7, 247 Your private key is D = 31.
Encryption function
(T17) mod 3233
Decryption function
(C2753) mod 3233
5a.37
Example of the RSA Algorithm (cont.)
To encrypt the plaintext value 123, do this:
encrypt(123) = (12317) mod 3233 = 855
To decrypt the ciphertext value 855, do this:
decrypt(855) = (8552753) mod 3233 = 123
5a.38
How secure is public key encryption?
• Like secret key schemes, brute force exhaustive search attack is always theoretically possible
but
• Requires the use of very large numbers• Hence slower than secret key schemes
5a.39
Non-repudiation
• Public key cryptography can provide for non-repudiation
– Sender cannot deny they sent out a message if encrypted with their private key. Can be read with their public key.
5a.40
Non-repudiation
My message that must be kept secret
Original data
Cipher data
Original data
1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE
My message that must be kept secretPrivate
key
Public Key
Sender’s
5a.41
Question - Why is it not sufficient to simply encrypt with receiver’s public key and decrypt with receiver’s private key:
My message that must be kept secret
Original data
Cipher data
Original data
1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE
My message that must be kept secretPublic
keyPrivate
Key
Receiver’s
5a.42
Answer
• Anyone has access access to the public key and could send the message.
5a.43
Public Key CryptographyDouble Encryption
My message that must be kept secret
My message that must be kept secret
yuicfhkh[pa2354mghdas67f
Receiver’s public key
Receiver’s private Key
Original data
Transmitted data
Original data
Sender Receiver
Sender’s public
key
Sender’s private
Key
Slow but secure.
5a.44
Problem with Public Key Cryptography used alone
• Public keys actually must being truly from the owners and the private keys must only held by their owners.
• Public key cryptography is slow.
• If receiver’s public key used to encrypt message, anyone can do that as public key available to all, so there has to be an additional method to ensure the identity of the sender – see next.
5a.45
Problem with Symmetric (Secret) Key Cryptography used alone
• It requires that key be know by both parties a head of time or transmitted over a secure channel.
• But how can a channel be secured if the keys have not yet been exchanged?
5a.46
• So what is the solution?
• Public key infrastructure (PKI) provides a solution.– Use public key cryptography to establish identity
and exchange secret key and then use symmetric Cryptography to encrypt messages
• See next section.
QuestionIn security, what is meant by the term "Authentication"?
Answer(a)The process of deciding whether a particular identity can access a particular resource.
(b) The process of giving authority to another identity.
(c) The process of deciding whether a particular identity is who he says he is.
(d) None of the other answers.
5a.47
QuestionWhat is a Public-Key Cryptography?
Answer(a) Cryptography that uses a single key called a public key
(b) Cryptography that must use double encryption
(c) Cryptography that uses a pair of keys
(d) Cryptography that uses keys held in a public library
5a.48