8: Network Security 81
Chapter 8Network Security
A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).They’re in PowerPoint form so you can add, modify, and delete slides(including this one) and slide content to suit your needs. They obviouslyrepresent a lot of work on our part. In return for use, we only ask thefollowing:q If you use these slides (e.g., in a class) in substantially unaltered form,that you mention their source (after all, we’d like people to use our book!)q If you post any slides in substantially unaltered form on a www site, thatyou note that they are adapted from (or perhaps identical to) our slides, andnote our copyright of this material.
Thanks and enjoy! JFK/KWR
All material copyright 19962004J.F Kurose and K.W. Ross, All Rights Reserved
Computer Networking:A Top Down ApproachFeaturing the Internet,
3rd edition.Jim Kurose, Keith RossAddisonWesley, July2004.
8: Network Security 82
Assuming that you’ve learned therest from the reading, in class wewill only cover slides with titles initalics.
8: Network Security 83
Chapter 8: Network SecurityChapter goals:
understand principles of network security:cryptography and its many uses beyond“confidentiality”authenticationmessage integritykey distribution
security in practice:firewallssecurity in application, transport, network, linklayers
8: Network Security 84
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 85
What is network security?
Confidentiality: only sender, intended receivershould “understand” message contents
sender encrypts messagereceiver decrypts message
Authentication: sender, receiver want to confirmidentity of each other
Message Integrity: sender, receiver want to ensuremessage not altered (in transit, or afterwards)without detection
Access and Availability: services must be accessibleand available to users
8: Network Security 86
Friends and enemies: Alice, Bob, Trudywellknown in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, controlmessages
data data
Alice Bob
Trudy
8: Network Security 87
Who might Bob, Alice be?
… well, reallife Bobs and Alices!Web browser/server for electronictransactions (e.g., online purchases)online banking client/serverDNS serversrouters exchanging routing table updatesother examples?
8: Network Security 88
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?A: a lot!
eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source addressin packet (or any field in packet)hijacking: “take over” ongoing connection byremoving sender or receiver, inserting himselfin placedenial of service: prevent service from beingused by others (e.g., by overloading resources)
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 89
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
8: Network Security 810
The language of cryptography
symmetric key crypto: sender, receiver keys identicalpublickey crypto: encryption key public, decryption key
secret (private), and, of course, different
plaintext plaintextciphertext
KA
encryptionalgorithm
decryptionalgorithm
Alice’sencryptionkey
Bob’sdecryptionkey
KB
8: Network Security 811
Symmetric key cryptographysubstitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?:q brute force (how hard?)q other?
8: Network Security 812
Symmetric key cryptography
symmetric key crypto: Bob and Alice share know same(symmetric) key: Ke.g., key is knowing substitution pattern in monoalphabetic substitution cipherQ: how do Bob and Alice agree on key value?
plaintextciphertext
KAB
encryptionalgorithm
decryptionalgorithm
AB
KAB
plaintextmessage, m
K (m)AB K (m)ABm = K ( )AB
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 813
Symmetric key crypto: DES
DES: Data Encryption StandardUS encryption standard [NIST 1993]56bit symmetric key, 64bit plaintext inputHow secure is DES?
DES Challenge: 56bitkeyencrypted phrase(“Strong cryptography makes the world a saferplace”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approach
making DES more secure:use three keys sequentially (3DES) on each datumuse cipherblock chaining
8: Network Security 814
Symmetric keycrypto: DES
initial permutation16 identical “rounds” of
function application,each using different48 bits of key
final permutation
DES operation
8: Network Security 815
AES: Advanced Encryption Standard
new (Nov. 2001) symmetrickey NISTstandard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key)taking 1 sec on DES, takes 149 trillionyears for AES
8: Network Security 816
Public Key Cryptography
symmetric key cryptorequires sender,receiver know sharedsecret keyQ: how to agree on keyin first place(particularly if never“met”)?
public key cryptographyradically differentapproach [DiffieHellman76, RSA78]sender, receiver donot share secret keypublic encryption keyknown to allprivate decryptionkey known only toreceiver
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 817
Public key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryptionalgorithm
Bob’s publickey
plaintextmessageK (m)B
+
KB+
Bob’s privatekey
K B
m = K (K (m))B+
B
8: Network Security 818
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should beimpossible to compute privatekey K B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+
K (K (m)) = mBB
+
+
8: Network Security 819
RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p1)(q1).
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
KB+ KB
8: Network Security 820
RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, computec = m mod ne (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, computem = c mod nd (i.e., remainder when c is divided by n)d
m = (m mod n)e mod ndMagichappens!
c
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 821
RSA example:Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).d=29 (so ed1 exactly divisible by z.
letter m me c = m mod ne
l 12 1524832 17
c m = c mod nd17 481968572106750915091411825223071697 12
cd letterl
encrypt:
decrypt:
8: Network Security 822
RSA: Why is that m = (m mod n)e mod nd
(m mod n)e mod n = m mod nd ed
Useful number theory result: If p,q prime andn = pq, then:
x mod n = x mod ny y mod (p1)(q1)
= m mod ned mod (p1)(q1)
= m mod n1
= m
(using number theory result above)
(since we chose ed to be divisible by(p1)(q1) with remainder 1 )
8: Network Security 823
RSA: another important property
The following property will be very useful later:
K (K (m)) = mBB +
K (K (m))BB+
=
use public keyfirst, followedby private key
use private keyfirst, followedby public key
Result is the same!
8: Network Security 824
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 825
Authentication
Goal: Bob wants Alice to “prove” her identityto him
Protocol ap1.0: Alice says “I am Alice”
Failure scenario??“I am Alice”
8: Network Security 826
Authentication
Goal: Bob wants Alice to “prove” her identityto him
Protocol ap1.0: Alice says “I am Alice”
in a network,Bob can not “see”
Alice, so Trudy simplydeclares
herself to be Alice“I am Alice”
8: Network Security 827
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address
Failure scenario??
“I am Alice”Alice’sIP address
8: Network Security 828
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address
Trudy can createa packet
“spoofing”Alice’s address“I am Alice”Alice’s
IP address
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 829
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’sIP addr
Alice’spassword
OKAlice’sIP addr
8: Network Security 830
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
playback attack: Trudyrecords Alice’s packet
and laterplays it back to Bob
“I’m Alice”Alice’sIP addr
Alice’spassword
OKAlice’sIP addr
“I’m Alice”Alice’sIP addr
Alice’spassword
8: Network Security 831
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’sIP addr
encryptedpassword
OKAlice’sIP addr
8: Network Security 832
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.
recordand
playbackstill works!
“I’m Alice”Alice’sIP addr
encryptedpassword
OKAlice’sIP addr
“I’m Alice”Alice’sIP addr
encryptedpassword
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 833
Authentication: yet another tryGoal: avoid playback attack
Failures, drawbacks?
Nonce: number (R) used only once –inalifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R.
Alicemust return R, encrypted with shared secret key
“I am Alice”
R
K (R)ABAlice is live, andonly Alice knowskey to encrypt
nonce, so it mustbe Alice!
8: Network Security 834
Authentication: ap5.0
ap4.0 requires shared symmetric keycan we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”R
Bob computes
K (R)A
“send me your public key”
KA+
(K (R)) = RAKA
+
and knows only Alicecould have the privatekey, that encrypted R
such that(K (R)) = RA
KA
+
8: Network Security 835
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice I am AliceR
TK (R)
Send me your public key
TK+
AK (R)
Send me your public key
AK+
TK (m)+
Tm = K (K (m))+
T
Trudy gets
sends m to Aliceencrypted with
Alice’s public key
AK (m)+
Am = K (K (m))+
A
R
8: Network Security 836
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Difficult to detect:q Bob receives everything that Alice sends, and viceversa. (e.g., so Bob, Alice can meet one week later andrecall conversation)q problem is that Trudy receives all messages as well!
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 837
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Message integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
8: Network Security 838
Digital Signatures
Cryptographic technique analogous to handwritten signatures.sender (Bob) digitally signs document,establishing he is document owner/creator.verifiable, nonforgeable: recipient (Alice) canprove to someone that Bob, and no one else(including Alice), must have signed document
8: Network Security 839
Digital Signatures
Simple digital signature for message m:Bob signs m by encrypting with his private keyKB, creating “signed” message, KB(m)
Dear AliceOh, how I have missedyou. I think of you all thetime! … (blah blah blah)
Bob
Bob’s message, m
Public keyencryptionalgorithm
Bob’s privatekey
KB
Bob’s message,m, signed
(encrypted) withhis private key
KB(m)
8: Network Security 840
Digital Signatures (more)Suppose Alice receives msg m, digital signature KB(m)Alice verifies m signed by Bob by applying Bob’spublic key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m, whoever signed m must have usedBob’s private key.
+ +
+
Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.
Nonrepudiation:ü Alice can take m, and signature KB(m) to
court and prove that Bob signed m.
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 841
Message Digests
Computationally expensiveto publickeyencryptlong messages
Goal: fixedlength, easytocompute digital“fingerprint”apply hash function Hto m, get fixed sizemessage digest, H(m).
Hash function properties:manyto1produces fixedsize msgdigest (fingerprint)given message digest x,computationallyinfeasible to find m suchthat x = H(m)
largemessage
m
H: HashFunction
H(m)
8: Network Security 842
Internet checksum: poor crypto hashfunction
Internet checksum has some properties of hash function:produces fixed length digest (16bit sum) of messageis manytoone
But given message with given hash value, it is easy to findanother message with same hash value:
I O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 D2 42
message ASCII format
B2 C1 D2 AC
I O U 90 0 . 19 B O B
49 4F 55 3930 30 2E 3139 42 D2 42
message ASCII format
B2 C1 D2 ACdifferent messagesbut identical checksums!
8: Network Security 843
largemessage
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’sprivate
key KB
+
Bob sends digitally signedmessage:
Alice verifies signature andintegrity of digitally signedmessage:
KB(H(m))encryptedmsg digest
KB(H(m))encryptedmsg digest
largemessage
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’spublic
key KB+
equal ?
Digital signature = signed message digest
8: Network Security 844
Hash Function AlgorithmsMD5 hash function widely used (RFC 1321)
computes 128bit message digest in 4stepprocess.arbitrary 128bit string x, appears difficult toconstruct msg m whose MD5 hash is equal to x.
SHA1 is also used.US standard [NIST, FIPS PUB 1801]
160bit message digest
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 81
Chapter 8Network Security
A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).They’re in PowerPoint form so you can add, modify, and delete slides(including this one) and slide content to suit your needs. They obviouslyrepresent a lot of work on our part. In return for use, we only ask thefollowing:q If you use these slides (e.g., in a class) in substantially unaltered form,that you mention their source (after all, we’d like people to use our book!)q If you post any slides in substantially unaltered form on a www site, thatyou note that they are adapted from (or perhaps identical to) our slides, andnote our copyright of this material.
Thanks and enjoy! JFK/KWR
All material copyright 19962004J.F Kurose and K.W. Ross, All Rights Reserved
Computer Networking:A Top Down ApproachFeaturing the Internet,
3rd edition.Jim Kurose, Keith RossAddisonWesley, July2004.
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 82
Assuming that you’ve learned therest from the reading, in class wewill only cover slides with titles initalics.
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 83
Chapter 8: Network SecurityChapter goals:
understand principles of network security:cryptography and its many uses beyond“confidentiality”authenticationmessage integritykey distribution
security in practice:firewallssecurity in application, transport, network, linklayers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 84
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 85
What is network security?
Confidentiality: only sender, intended receivershould “understand” message contents
sender encrypts messagereceiver decrypts message
Authentication: sender, receiver want to confirmidentity of each other
Message Integrity: sender, receiver want to ensuremessage not altered (in transit, or afterwards)without detection
Access and Availability: services must be accessibleand available to users
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 86
Friends and enemies: Alice, Bob, Trudywellknown in network security worldBob, Alice (lovers!) want to communicate “securely”Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, controlmessages
data data
Alice Bob
Trudy
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 87
Who might Bob, Alice be?
… well, reallife Bobs and Alices!Web browser/server for electronictransactions (e.g., online purchases)online banking client/serverDNS serversrouters exchanging routing table updatesother examples?
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 88
There are bad guys (and girls) out there!Q: What can a “bad guy” do?A: a lot!
eavesdrop: intercept messagesactively insert messages into connectionimpersonation: can fake (spoof) source addressin packet (or any field in packet)hijacking: “take over” ongoing connection byremoving sender or receiver, inserting himselfin placedenial of service: prevent service from beingused by others (e.g., by overloading resources)
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 89
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 810
The language of cryptography
symmetric key crypto: sender, receiver keys identicalpublickey crypto: encryption key public, decryption key
secret (private), and, of course, different
plaintext plaintextciphertext
KA
encryptionalgorithm
decryptionalgorithm
Alice’sencryptionkey
Bob’sdecryptionkey
KB
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 811
Symmetric key cryptographysubstitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?:q brute force (how hard?)q other?
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 812
Symmetric key cryptography
symmetric key crypto: Bob and Alice share know same(symmetric) key: Ke.g., key is knowing substitution pattern in monoalphabetic substitution cipherQ: how do Bob and Alice agree on key value?
plaintextciphertext
KAB
encryptionalgorithm
decryptionalgorithm
AB
KAB
plaintextmessage, m
K (m)AB K (m)ABm = K ( )AB
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 813
Symmetric key crypto: DES
DES: Data Encryption StandardUS encryption standard [NIST 1993]56bit symmetric key, 64bit plaintext inputHow secure is DES?
DES Challenge: 56bitkeyencrypted phrase(“Strong cryptography makes the world a saferplace”) decrypted (brute force) in 4 monthsno known “backdoor” decryption approach
making DES more secure:use three keys sequentially (3DES) on each datumuse cipherblock chaining
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 814
Symmetric keycrypto: DES
initial permutation16 identical “rounds” of
function application,each using different48 bits of key
final permutation
DES operation
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 815
AES: Advanced Encryption Standard
new (Nov. 2001) symmetrickey NISTstandard, replacing DESprocesses data in 128 bit blocks128, 192, or 256 bit keysbrute force decryption (try each key)taking 1 sec on DES, takes 149 trillionyears for AES
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 816
Public Key Cryptography
symmetric key cryptorequires sender,receiver know sharedsecret keyQ: how to agree on keyin first place(particularly if never“met”)?
public key cryptographyradically differentapproach [DiffieHellman76, RSA78]sender, receiver donot share secret keypublic encryption keyknown to allprivate decryptionkey known only toreceiver
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 817
Public key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryptionalgorithm
Bob’s publickey
plaintextmessageK (m)B
+
KB+
Bob’s privatekey
K B
m = K (K (m))B+
B
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 818
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should beimpossible to compute privatekey K B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+
K (K (m)) = mBB
+
+
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 819
RSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p1)(q1).
3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).
4. Choose d such that ed1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
KB+ KB
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 820
RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, computec = m mod ne (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, computem = c mod nd (i.e., remainder when c is divided by n)d
m = (m mod n)e mod ndMagichappens!
c
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 821
RSA example:Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).d=29 (so ed1 exactly divisible by z.
letter m me c = m mod ne
l 12 1524832 17
c m = c mod nd17 481968572106750915091411825223071697 12
cd letterl
encrypt:
decrypt:
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 822
RSA: Why is that m = (m mod n)e mod nd
(m mod n)e mod n = m mod nd ed
Useful number theory result: If p,q prime andn = pq, then:
x mod n = x mod ny y mod (p1)(q1)
= m mod ned mod (p1)(q1)
= m mod n1
= m
(using number theory result above)
(since we chose ed to be divisible by(p1)(q1) with remainder 1 )
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 823
RSA: another important property
The following property will be very useful later:
K (K (m)) = mBB +
K (K (m))BB+
=
use public keyfirst, followedby private key
use private keyfirst, followedby public key
Result is the same!
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 824
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 825
Authentication
Goal: Bob wants Alice to “prove” her identityto him
Protocol ap1.0: Alice says “I am Alice”
Failure scenario??“I am Alice”
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 826
Authentication
Goal: Bob wants Alice to “prove” her identityto him
Protocol ap1.0: Alice says “I am Alice”
in a network,Bob can not “see”
Alice, so Trudy simplydeclares
herself to be Alice“I am Alice”
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 827
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address
Failure scenario??
“I am Alice”Alice’sIP address
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 828
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packetcontaining her source IP address
Trudy can createa packet
“spoofing”Alice’s address“I am Alice”Alice’s
IP address
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 829
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’sIP addr
Alice’spassword
OKAlice’sIP addr
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 830
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
playback attack: Trudyrecords Alice’s packet
and laterplays it back to Bob
“I’m Alice”Alice’sIP addr
Alice’spassword
OKAlice’sIP addr
“I’m Alice”Alice’sIP addr
Alice’spassword
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 831
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’sIP addr
encryptedpassword
OKAlice’sIP addr
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 832
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends herencrypted secret password to “prove” it.
recordand
playbackstill works!
“I’m Alice”Alice’sIP addr
encryptedpassword
OKAlice’sIP addr
“I’m Alice”Alice’sIP addr
encryptedpassword
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 833
Authentication: yet another tryGoal: avoid playback attack
Failures, drawbacks?
Nonce: number (R) used only once –inalifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R.
Alicemust return R, encrypted with shared secret key
“I am Alice”
R
K (R)ABAlice is live, andonly Alice knowskey to encrypt
nonce, so it mustbe Alice!
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 834
Authentication: ap5.0
ap4.0 requires shared symmetric keycan we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”R
Bob computes
K (R)A
“send me your public key”
KA+
(K (R)) = RA
KA+
and knows only Alicecould have the privatekey, that encrypted R
such that(K (R)) = RA
KA
+
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 835
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice I am AliceR
TK (R)
Send me your public key
TK+
AK (R)
Send me your public key
AK+
TK (m)+
Tm = K (K (m))+
T
Trudy gets
sends m to Aliceencrypted with
Alice’s public key
AK (m)+
Am = K (K (m))+
A
R
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 836
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Difficult to detect:q Bob receives everything that Alice sends, and viceversa. (e.g., so Bob, Alice can meet one week later andrecall conversation)q problem is that Trudy receives all messages as well!
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 837
Chapter 8 roadmap
8.1 What is network security?8.2 Principles of cryptography8.3 Authentication8.4 Message integrity8.5 Key Distribution and certification8.6 Access control: firewalls8.7 Attacks and counter measures8.8 Security in many layers
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 838
Digital Signatures
Cryptographic technique analogous to handwritten signatures.sender (Bob) digitally signs document,establishing he is document owner/creator.verifiable, nonforgeable: recipient (Alice) canprove to someone that Bob, and no one else(including Alice), must have signed document
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 839
Digital Signatures
Simple digital signature for message m:Bob signs m by encrypting with his private keyKB, creating “signed” message, KB(m)
Dear AliceOh, how I have missedyou. I think of you all thetime! … (blah blah blah)
Bob
Bob’s message, m
Public keyencryptionalgorithm
Bob’s privatekeyKB
Bob’s message,m, signed
(encrypted) withhis private key
KB(m)
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 840
Digital Signatures (more)Suppose Alice receives msg m, digital signature KB(m)Alice verifies m signed by Bob by applying Bob’spublic key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m, whoever signed m must have usedBob’s private key.
+ +
+
Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.
Nonrepudiation:ü Alice can take m, and signature KB(m) to
court and prove that Bob signed m.
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 841
Message Digests
Computationally expensiveto publickeyencryptlong messages
Goal: fixedlength, easytocompute digital“fingerprint”apply hash function Hto m, get fixed sizemessage digest, H(m).
Hash function properties:manyto1produces fixedsize msgdigest (fingerprint)given message digest x,computationallyinfeasible to find m suchthat x = H(m)
largemessage
m
H: HashFunction
H(m)
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 842
Internet checksum: poor crypto hashfunction
Internet checksum has some properties of hash function:produces fixed length digest (16bit sum) of messageis manytoone
But given message with given hash value, it is easy to findanother message with same hash value:
I O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 D2 42
message ASCII format
B2 C1 D2 AC
I O U 90 0 . 19 B O B
49 4F 55 3930 30 2E 3139 42 D2 42
message ASCII format
B2 C1 D2 ACdifferent messagesbut identical checksums!
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 843
largemessage
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’sprivate
key KB
+
Bob sends digitally signedmessage:
Alice verifies signature andintegrity of digitally signedmessage:
KB(H(m))encryptedmsg digest
KB(H(m))encryptedmsg digest
largemessage
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’spublic
key KB+
equal ?
Digital signature = signed message digestClick t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com
8: Network Security 844
Hash Function AlgorithmsMD5 hash function widely used (RFC 1321)
computes 128bit message digest in 4stepprocess.arbitrary 128bit string x, appears difficult toconstruct msg m whose MD5 hash is equal to x.
SHA1 is also used.US standard [NIST, FIPS PUB 1801]160bit message digest
Click t
o buy NOW!
PDFXCHANGE
www.docutrack.com Clic
k to buy N
OW!PDFXCHANGE
www.docutrack.com