cs 356 – lecture 3 cryptographic tools - cs csu … 356 – lecture 3 cryptographic tools spring...
TRANSCRIPT
Review • Chapter 1: Basic Concepts and Terminology
– Integrity, Confidentiality, Availability, Authentication, and Accountability
– Types of threats: active vs. passive, insider/outsider
– Lots of terminology and general concepts • Chapter 2: Basic Cryptographic Tools
– Symmetric key encryption and secure hashing
publicly proposed by
Diffie and Hellman in
1976
based on mathematical functions
asymmetric • uses two
separate keys • public key
and private key
• public key is made public for others to use
some form of protocol
is needed for distribution
• **
l plaintext l readable message or
data that is fed into the algorithm as input
l encryption algorithm l performs
transformations on the plaintext
l public and private key l pair of keys, one for
encryption, one for decryption
l ciphertext l scrambled message
produced as output
l decryption key l produces the original
plaintext
• ***directed toward providing confidentiality
computationally easy to create key
pairs
computationally easy for sender
knowing public key to encrypt messages
computationally easy for receiver knowing private key to decrypt
ciphertext computationally
infeasible for opponent to
determine private key from public key
computationally infeasible for opponent to
otherwise recover original message
useful if either key can be used for
each role
RSA (Rivest, Shamir,
Adleman) developed in 1977
most widely accepted and implemented approach to
public-key encryption
block cipher in which the plaintext and ciphertext are integers between 0 and n-1
for some n.
Diffie-Hellman key exchange
algorithm
enables two users to securely reach agreement about a shared secret that
can be used as a secret key for subsequent symmetric encryption of messages
limited to the exchange of the keys
Digital Signature Standard
(DSS)
provides only a digital signature function with
SHA-1 cannot be used for
encryption or key exchange
Elliptic curve cryptography
(ECC) security like RSA, but with
much smaller keys
Digital Signatures
l used for authenticating both source and data integrity
l created by encrypting hash code with private key
l does not provide confidentiality l even in the case of complete encryption l message is safe from alteration but not
eavesdropping
Digital Envelopes
l protects a message without needing to first arrange for sender and receiver to have the same secret key
• ***equates to the same thing as a sealed envelope containing an unsigned letter
Random Numbers
l keys for public-key algorithms
l stream key for symmetric stream cipher
l symmetric key for use as a temporary session key or in creating a digital envelope
l handshaking to prevent replay attacks
l session key
• Uses include generation of:
Summary • introduced cryptographic algorithms • symmetric encryption algorithms for
confidentiality • message authentication & hash
functions • public-key encryption • digital signatures and key management • random numbers
14
Cryptography is like magic fairy dust, we just sprinkle it on our protocols and its makes everything secure
15
A Simple DNS Attack
Caching DNS Server
Eric’s Laptop
www.ucla.edu A?
www.ucla.edu A 128.9.128.127
Root DNS Server
edu DNS Server
ucla.edu DNS Server
Dan’s Laptop
Easy to observe UDP DNS query sent to well known server on well known port.
www.ucla.edu A 169.232.33.135
First response wins. Second response is silently dropped.
And of course much more complex attacks…. (Bellovin 95 Kaminsky 08)
16
Secure DNS Query and Response
• Caching DNS Server
• End-user
• www.ucla.edu
• www.ucla.edu = 169.232.33.135 • Plus (RSA) signature by the ucla.edu private key
• Authoritative DNS Servers
• Follow the DNS tree to authenticate the response: 1) Assume root public key is well known 2) Root key signs edu key 3) edu key signs ucla.edu key 4) ucla.edu key signs the data