network security review. secure channel communication security confidentiality message traffic...
Post on 20-Dec-2015
225 views
TRANSCRIPT
![Page 1: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/1.jpg)
Network Security
Review
![Page 2: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/2.jpg)
Secure channel
Communication securityConfidentiality
• Message• Traffic
AuthenticationIntegrity
How to achieve?Establish shared keyEncrypt MACLeft out: non-repudiation, etc.
![Page 3: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/3.jpg)
Shared Key Establishment
“Trusted third party”
Kerberos
• Tickets
Public key methods
SSL
IPSEC
“Out-of-band”
![Page 4: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/4.jpg)
Public Key Crypto
![Page 5: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/5.jpg)
Public Key techniques
Diffie-Hellman RSAN=pq; ed 1 (mod (N))Public:e,N;Private:d,N
Encrypt M: CMemodN
Decrypt C: MCdmodN
Sign M: S Mdmod N
Verify S: Se M (modN)
Alice Boba b
p, g
magamod p mbgbmod p
ma mb
mbamod p ma
bmod p=gabmod p=
shared secret key!•Discrete log:
•Given y,p,b
•Find x: bxmod p = y
?
•Factoring:
•Given N=pq
•Find p,q
![Page 6: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/6.jpg)
Discrete log based schemes
DH (key establishment)
DSS/DSA (signatures)
El-Gamal (signatures, encryption)Elliptic Curves Cryptography (ECC)
Why modulus (p) is so large?Little-step/giant-step attack
![Page 7: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/7.jpg)
Factoring based
RSA
Square Roots (=Factoring)Rabin (Encryption, Signature)
Fiat-Shamir (ID scheme, Signature)
![Page 8: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/8.jpg)
World mod N
How many objects?|Z*
N|= (N); for all z Z*
N, z (N) mod N=1
If N=pq, then (N)= (p-1)(q-1)[If N=p, then (N)= p-1]
Blum integers: N=pq, pq3 (mod 4)
Thenx(p+1)/4 mod p= y; y2x(p+1)/2x(p-1)/2 x±x mod p
![Page 9: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/9.jpg)
Chinese Remainder Theorem (CRT)
Given y2 x mod p; z2 x mod q; N=pq;Find s: s2 x mod N
More generally:Given a,A, b,B;Find x: x a mod A, x b mod B
Let u, v be s.t. uA 1 mod B, vB 1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a;
x mod B = uAb+vBa = uAb = b]
How to find u,v?
![Page 10: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/10.jpg)
Extended GCD
Euclid’s GCD algorithm(greatest common divisor):gcd(a,b) = gcd( b, a mod b) =…= gcd(a’,b’)=ca’=ib’+c, … , ax+by=c
If gcd(a,b)=1: ax 1 mod b
![Page 11: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/11.jpg)
Summary (factoring-based)
RSAGiven p,q; Can compute (N), for N=pq;
With Extended gcd, can compute e, d 1/e mod (N);
• gcd(e, (N)) must be 1
RabinUsing Blum integers can compute SQRT mod p,q
Using CRT can combine them to SQRT mod N
![Page 12: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/12.jpg)
Prime number generation
Why?
How?Exhaustive search
• Too long
Miller-Rabin• Little Fermat’s Theorem (again)
Prime Number Theorem#of primes between R and 2R is R/lnR
i.e. Prob[ random R is a prime ] 1/lnR
![Page 13: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/13.jpg)
Efficiency for all
Exponentiation: Repetitive Squaring
bA mod N takes 1.5 lg A long multiplications
Cost of multiplication quadratic in length
Optimization: mod N (mod p) + (mod q) +CRT
Watch out!
![Page 14: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/14.jpg)
Attacks on factoring
(N), N => factoring (quadratic equation)
Trick: obtain x, s.t. x0 mod p, x mod q 0
gcd(x, N)=p
SQRTmodN => Factoring
vy2mod N; zSQRTmodN(v)
If z ±y, then x y-z
Computing (mod p) + (mod q) + CRTRandom error mod p (or mod q) => factoring
![Page 15: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/15.jpg)
Other Crypto
Encryption
Hashing
MACs
![Page 16: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/16.jpg)
EncryptionOne time padBlock cipher
DES• Feistel approach
AES/RijndaelModes of operation
• EBC, CFB, CBC, etc.
Stream ciphersRC-4Pseudo-random generators
![Page 17: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/17.jpg)
Hashing
Hashing algorithms
MD-5
SHA
Applications
Digital signatures
MAC
![Page 18: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/18.jpg)
Systems
Certificates
SSL
IPSEC
Kerberos
![Page 19: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/19.jpg)
Certificates
X-509
CA’s
Trust infrastructureHierarchical
• X.509
Networks of Trust• PGP
![Page 20: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/20.jpg)
SSL
TCP level secure channelEstablish Shared Secret
• DH+Certificates [+signatures]• RSA+Certificates [+signatures]• Kerberos [TLS]
Do not confuse with Kerberos over SSL/TLS
Encrypt & MAC
Usually authenticates only serverClient authentication possible
Typical application: HTTPS
![Page 21: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/21.jpg)
IPSEC
IP level secure channelSimilar tools to SSL
Some traffic confidentiality
Both ends authenticated
Tunneling
Typical application:VPN
![Page 22: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/22.jpg)
Kerberos
Key-Distribution Centers approachTrusted Third Party – another term
Authentication Server
Ticket Granting Servers
Tickets
Realms
![Page 23: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/23.jpg)
Other topics
Firewalls
Non-repudiation
SET
![Page 24: Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared](https://reader036.vdocuments.site/reader036/viewer/2022062516/56649d415503460f94a1c581/html5/thumbnails/24.jpg)
Final:
Tuesday May 10
9-11am
See you there!Best of Luck!!!