postech itec559 su 03 1 itec559 secure internet protocols lecture 1 postech prof. jong kim © 2003...
TRANSCRIPT
POSTECH ITEC559 Su ‘03 1
ITEC559Secure Internet Protocols
Lecture 1
POSTECH
Prof. Jong Kim© 2003 JKIM@POSTECH
POSTECH ITEC559 Su ‘03 2
Course Purpose
• Width– Know internet security protocols in the areas such as
access, email, web, e-commerce, and wireless.
– Know currently available protocols, software tools, and implementations
– Experience various tools
• Depth– Know the theory behind secure internet protocols
– Know the problems and future directions
– Know the applications of secure internet protocols
POSTECH ITEC559 Su ‘03 3
Course Management
• Course Grade Policy– Mid-term Exam : 30%
– Final Exam : 40%
– Homework assignment (6) : 30%
• Course Requirement– ITEC528 : Information security, or
– Equivalent courses
• Textbook– No major textbook
– Will announce lecture topics, relevant articles, books, and references.
POSTECH ITEC559 Su ‘03 4
Lecture Topics
• Week1 : Introduction, Authentication– Mon : Cryptography 101 – Public Key, Hash, Symmetry key
Digital Signature
Public Key Infrastructure (PKI) –
– Wed : X.509 - History, Relation to X.500, Structure, Content
Encoding method, Compatibility, Extensibility
Problems, future directions
– Fri : OpenSSL – functions, limitations, installations
Installation report
POSTECH ITEC559 Su ‘03 5
Lecture Topics
• Week 2 : Secure Remote Access– Sniffing, Secure Shell (SSH), VPN
• Week 3 : Secure E-mail– S/MIME, PGP, OpenPGP
• Week 4 : Secure Web Protocols– SHTTP, TCL, SSL, XML Encryption
• Week 5 : Secure E-commerce Protocols– XML Signature, SET, PCT
• Week 6 : Secure Wireless Internet– WEP, RADIUS, X802.1, EAP
POSTECH ITEC559 Su ‘03 6
Cryptography 101
POSTECH ITEC559 Su ‘03 7
Basic Definitions
• Definitions– Algorithm
» is the set of steps needed to solve a mathematical problems.
– Cryptographic algorithms
» Are mathematical algorithms and are designed so that the cryptographic algorithm can be called with different sets of data to be operated on.
– Cryptology
» The area that makes a new cryptographic algorithm.
– Cryptanalysis
» The area that analyzes a new cryptographic algorithm.
POSTECH ITEC559 Su ‘03 8
Basic Cryptology Principles
• Cryptology principles– Substitution
» Substitute input bit string to other predefined bit string.
» Purpose of substitution : confusion
– Permutation (Transposition)
» Replace input bit string from one place to the other place.
» Purpose of permutation : partial confusion
• Examples– Caesar, Affine, Transposition, DES, AES…
POSTECH ITEC559 Su ‘03 9
Required Encryption Properties
• Two properties of an encryption scheme that are desirable: – confusion -- the interceptor should not be able to predict
the effect of changing one character in the plaintext on the ciphertext.
– diffusion -- changes in the plaintext should affect many parts of the ciphertext. (Substitution and permutation do not exhibit diffusion.)
POSTECH ITEC559 Su ‘03 10
Basic Cryptology Principles
• Cryptology Methods– Stream cipher
» Every bit/character is replaced with other bit/string.
» E.g. : Substitution
– Block cipher
» A group of bits/strings are replaced with other bits/strings.
» E.g. : Transposition
POSTECH ITEC559 Su ‘03 11
Characteristics of “Good” Ciphers
• Shannon characteristics1. The amount of secrecy needed should determine the
amount of labor appropriate for the encryption and decryption.
2. The set of keys and the enciphering algorithm should be free from complexity.
3. The implementation of the process should be as simple as possible.
4. Errors in ciphering should not propagate and cause corruption of further information in the message.
5. The size of the enciphered text should be no larger than the text of the original message.
POSTECH ITEC559 Su ‘03 12
Secret Key Cryptography
• Working mechanism – encryption: E(key, message) -> enciphered text
» use the notation k{m}
– decryption: D(key, ciphertext) -> message. – message = D(key, E(key, message)).
• Usage
– Confidentiality
» transmitting secret messages
» storing information in encrypted form on insecure media
– Authentication
» determining who is involved in a given dialogue.
POSTECH ITEC559 Su ‘03 13
POSTECH ITEC559 Su ‘03 14
Text Sk Encrypted
Text
Encrypted
TextSk Original
TextInternet
Secret Key Method
Diagram of Secret Key
블록 암호 알고리즘 스트림 암호 알고리즘
암호알고리즘
n 비트 암호문
n 비트 평문
k 비트 키
암호알고리즘
n 비트초기값
k 비트 키
이진 평문 수열이진 암호문
수열
이진 키 수열
DES, FEAL, IDEA 등이 속함 RC4, SEAL 등이 속함
POSTECH ITEC559 Su ‘03 15
Data Encryption Standard (DES)
• History– DES is based on the IBM "Lucifer" algorithm of 1974.
– Became a U.S. standard in 1976.
– In 1993, Weinen at Bell Northern Research proposed a DES cracking machine.
» A chip costs $10.50 to manufacture and can try 50 million DES keys per second
• Spec– Takes in 64 bits of data, out 64 bits of data
– Key is a 56-bit key.
– Executes 16 cycles of substitution
and permutation (Feistel-structure)
DES
KeyScheduling
M
K
M’
56
64 752
64
POSTECH ITEC559 Su ‘03 16
DES Algorithm Structure
R0L0
f
R1=L0f(R0,K1)L1=R0
K1
K2
IP
Plain text
R2=L1 f(R1,K2)L2=R1
R15=L14 f(R14,K15)L15=R14
f
L16=R15R16=L15 f(R15,K16)
IP -1
Cipher text
f
S1 S2 S3 S4 S5 S6 S7 S8
P
E
R1K232
48
48
48
6
4
32
32
expansion
substitution
permutation
8x6 bits
8x4 bits
6432 32
48
K16
64
POSTECH ITEC559 Su ‘03 17
Key operations of DES
• Key Scheduling– Operation needed before encryption/decryption
– A 56-bit key is transformed to 16 48-bit sub-keys.
• Encryption– Use 64-bit plaintext and 16 48-bit sub-keys
– Generate a 64-bit ciphertext.
• Decryption– Use 64-bit ciphertext and 16 48-bit sub-keys
– Each sub-key is used in reverse order.
– Recover 64-bit plaintext.
POSTECH ITEC559 Su ‘03 18
Public Key Cryptography
• Properties– Asymmetric key cryptography : two keys, a private
(secret) key and a public key.
– Anyone can know the public key.
– Only the owner knows the private key.
– Plaintext to a principal B (or from a principal B) is encrypted using B's public key (or B’s private key).
– B (or receiving counterpart) decrypts the enciphered text using its private key (or its public key).
POSTECH ITEC559 Su ‘03 19
Public Key Cryptography (2)
• Common usage– Public key cryptography is usually much slower than secret
key cryptography.
– Rarely used to encrypt an entire message.
– Typically a message is encrypted using shared key cryptography (with a secret key).
– That secret key is then encrypted using public key cryptography, and the encrypted message and key are sent (hybrid encryption).
– This method can allow for complex structures in implementing our secrecy requirements (see Figure below) : e.g. "message is readable by A,B,C,D".
POSTECH ITEC559 Su ‘03 20
Usage of Public Key Cryptography
• Security functionality– Confidentiality
» Plaintext to a principal B is encrypted using B's public key.
» B decrypts the enciphered text using its private key.
– Authentication» Method A (Authenticating B)
• Random number is generated and encrypted with B’s public key.
• Decrypt the random number and retransmit it to the sender to identify itself.
» Method B
• Plaintext is encrypted using the sender’s private key.
• What is produced is referred to as signed text and it can be "deciphered" using the public key.
• The functionality of signed text cannot be replicated using secret key/symmetric cryptography.
POSTECH ITEC559 Su ‘03 21
POSTECH ITEC559 Su ‘03 22
Text Pk Encrypted
Text
Encrypted
TextUk Original
TextInternet
Public Key Method
Diagram of Public Key
POSTECH ITEC559 Su ‘03 23
Public Key : RSA
• RSA (Rivest, Shamir, Adelman)– Characteristics
» Used to encrypt a private key and then send that along with a message encrypted by the private key.
» It uses a variable key length (usually 512 bits) and a variable block size that is not greater than the key length.
POSTECH ITEC559 Su ‘03 24
Public Key : RSA
• RSA Operations– Making Keys
» Choose two large primes (say, 256 bits each) p and q. (secret)
» Compute n = p*q. (not secret)
» This systems works under the assumption that factoring n is computationally intractable.
» Choose e such that e is relatively prime to (has no common factors other than 1 with) (p-1)*(q-1).
» The number e is usually chosen to be small. 3 and 64437 are popular.
» The public key is the pair (e, n). Note that e doesn't have to be secret.
» The private key is (d, n) where d is the multiplicative inverse of e mod (p-1)(q-1).
POSTECH ITEC559 Su ‘03 25
Public Key : RSA (2)
• RSA Operations (con’d) – Encryption
» For a message m, compute me mod n
» Send the result as ciphertext.
– Decryption» For a ciphertext c, compute m = cd mod n.
– Digital signatures» To sign a message m, compute s = md mod n.
» To check a signature: m = se mod n.
POSTECH ITEC559 Su ‘03 26
Public Key : RSA (3)
• RSA (Rivest, Shamir, Adelman) (cont’d)– Necessary math theorem :
» Choose large prime numbers p and q (n) = (p-1)(q-1)
» Choose e such that e becomes a relative prime of (p-1)(q-1) and select d such that e * d mod (n) = 1
» e * d = 1 mod (p-1)(q-1) = k * (n) + 1
» P^p-1 mod p = 1 mod p where (p-1) is a factor of (n).
» P^(n)*k mod p = 1 mod p
» P^(n)*k+1 mod p = P mod p
» P^(n)*k+1 mod q = P mod q
Therefore» m = (me mod n)d mod n.
POSTECH ITEC559 Su ‘03 27
Computing Inverses
• Fermat’s theorem– a^p mod p = a for any prime p and a < p.
– a^(p-1) mod p = 1
• Inverse– ax mod p = 1 = a^(p-1) mod p
– x = a^(p-2) mod p
– works for only prime p
POSTECH ITEC559 Su ‘03 28
Hash Function• What is hash function?
– A function that digests information.
– Takes a message as input and outputs a short bit string (say, 128 bits).
– An example of a 1-bit hash would be a function that returns the parity of the message.
• Properties of hash function– computationally infeasible to determine the input
message m based on the digest of that message hash(m).
– Infeasible to find any message with a given digest value.
– Infeasible to find 2 messages with a given hash.
– Changing even 1-bit of the input gets completely different output, so that syntactically similar messages generate very different outputs.
POSTECH ITEC559 Su ‘03 29
POSTECH ITEC559 Su ‘03 30
Types of Hash functions• Unkeyed Hash Functions (MDCs)
– Used in MDC : Manipulation Detection Codes
– Well-known functions : MD5, SHA1, RipeMD160
• Keyed Hash Functions (MACs)– Used in MAC: Message Authentication Codes
– Further classified depending on implementation mechanism
» Based on block cipher algorithm : CBC-MAC, RIPE-MAC
» Based on hash functions : MD5-MAC, SHA1-MAC » Based on stream cipher algorithm : CRC-based MAC
POSTECH ITEC559 Su ‘03 31
SHA
• History– Developed by NIST on 1993 to be used in digital
signature
– Revised on 1995 to utilize the principle of MD4 and named SHA-1
– Standardized to FIPS180-1
• Characteristics– Input : Arbitrary length
– Output : 160-bit message
– For every iteration
» Input 512-bit message
» Internally repeat 80 times the same step
POSTECH ITEC559 Su ‘03 32
Structure of SHA
ai-1
bi-1
ci-1
di-1
ei-1
ai
bi
ci
di
ei
<<<30
<<<5
L
Wi Ki
L : Nonlinear functions Ft(X,Y,Z)=(XY)((X) Z), for t=0 to 19 Ft(X,Y,Z)=XYZ, for t=20 to 39 Ft(X,Y,Z)=(XY)(X Z)(Y Z), for t=40 to 59 Ft(X,Y,Z)= XYZ, for t=60 to 79
Kt=0x5a827999, for t=0 to 19Kt=0x6ed9eba1, for t=20 to 39Kt=0x8f1bbcdc, for t=40 to 59Kt=0xca62c1d6, for t=60 to 79
Wt=Mt , for t=0 to 15Wt=(Wt-3 Wt-8 Wt-14 Wt-16 )<<<1, for t=16 to 79
Initial Vectors a0 = A = 0x67452301 b0 = B = 0xefcdab89 c0 = C = 0x98badcfe d0 = D = 0x10325476 e0 = E = 0x3d2e1f0
Output Message D = a80 b80 c80 d80 e80
Input Message M=M0 M1 M15
(each Mi is a 32 bit word)
POSTECH ITEC559 Su ‘03 33
Examples of Keyed MAC algorithms
• CBC-MAC (Block cipher based MAC Algorithm)– Input : Message X = x1x2x3 … xt, Key k– E : any block cipher
E
x1
0
k E
x2
H1
E
x3
H2 H3
E
xt
Ht-1
H
• MD5-MAC (Hash based MAC Algorithm)– Input : Message X, Key k– p1, p2 : padding data
MD5
k
p2 p1
H1HX
k||p2||X MD5 k||p1||H1
POSTECH ITEC559 Su ‘03 34
MACMAC함수함수
MACMAC함수함수
Message authentication using MAC
메시지
MAC
Internet
MAC MAC=?
MACMAC함수함수
MACMAC함수함수
메시지 메시지MACMAC
POSTECH ITEC559 Su ‘03 35
Digital Signature
• Purpose and Operation– Used to prove that a message was generated by a
particular principal.
– To create a signed message, A will encrypt a message using its own private key and send that encrypted message to B.
– B looks up A's public key and uses it to decrypt the message.
– This is not completely practical since it requires running the decryption on an entire message, which can be expensive.
– A solution is to compute a hash of the message and sign that.
POSTECH ITEC559 Su ‘03 36
Digital Signature
• Required functions– authentic : able to determine whether the sign is authenti
c
– unforgeable : able to make it impossible to forge the same one
– not reusable : impossible to reuse
– unalterable : impossible to alter the signed one
– non-repudiation : once signed, it is impossible to deny it
• Functional summary– DS = User authentication + Message authentication
POSTECH ITEC559 Su ‘03 37
Text SkEncrypted
textSk
Encrypted
text
Original textInternet
MD MD
compare
Pka
Uka
Diagram of Digital Signature
POSTECH ITEC559 Su ‘03 38
Electronic Envelope
• Idea– Maintaining the secrecy of public key and exploit the
efficiency of secret key
• Method– Generate a random secret key and encrypt a message with the
secret key
– Encrypt the secret key with the recipient’s public key
– Send the encrypted message with the encrypted secret key
OriginalText Sk
Encrypted
text Sk
Original
textInternet
EncryptedkeyPkb Ukb
Encrypted
text
Encryptedkey
POSTECH ITEC559 Su ‘03 39
Diffie-Hellman Key Agreement Protocol• Purpose
– A protocol to share a secret key between two members located far away in the network
– A protocol based on discrete differential mathematic
– Consist of One-time Setup and Protocol Action
• One-time Setup– Choose a big prime number p and a generator in Zp
* and make them public
• Protocol Action
1) 난수 x 를 생성 2) M ( = x mod p) 를 전송 4) N 을 수신 5) 비밀키 K 계산
K= (x)y mod p = (y)x mod = p xy mod p
1) 난수 y 를 생성 2) N ( = y mod p) 를 전송 4) M 을 수신 5) 비밀키 K 계산
POSTECH ITEC559 Su ‘03 40
POSTECH ITEC559 Su ‘03 41
Summary
• Secret key (symmetric key)– Principle, Example : DES
• Public key (asymmetric key)– Principle, Example : RSA
• Hash function– Principle, Example : SHA
• Digital signature
• Electronic envelope
• Diffie-Hellman key agreement
POSTECH ITEC559 Su ‘03 42
Homework #1
• Read PKCS#12
• Read X.509 RFC 2459
• Due date 7/2
• Have one machine installed linux and Install OpenSSL
• Generate a certificate for root and for you
• Submit generated certificates
• Demonstrate the process on Friday class (7/4)
• Due date 7/7