postech itec559 su 03 1 itec559 secure internet protocols lecture 1 postech prof. jong kim © 2003...

POSTECH ITEC559 Su ‘03 1

ITEC559Secure Internet Protocols

Lecture 1

POSTECH

Prof. Jong Kim© 2003 JKIM@POSTECH


Course Purpose

• Width– Know internet security protocols in the areas such as

access, email, web, e-commerce, and wireless.

– Know currently available protocols, software tools, and implementations

– Experience various tools

• Depth– Know the theory behind secure internet protocols

– Know the problems and future directions

– Know the applications of secure internet protocols


Course Management

• Course Grade Policy– Mid-term Exam : 30%

– Final Exam : 40%

– Homework assignment (6) : 30%

• Course Requirement– ITEC528 : Information security, or

– Equivalent courses

• Textbook– No major textbook

– Will announce lecture topics, relevant articles, books, and references.


Lecture Topics

• Week1 : Introduction, Authentication– Mon : Cryptography 101 – Public Key, Hash, Symmetry key

Digital Signature

Public Key Infrastructure (PKI) –

– Wed : X.509 - History, Relation to X.500, Structure, Content

Encoding method, Compatibility, Extensibility

Problems, future directions

– Fri : OpenSSL – functions, limitations, installations

Installation report


Lecture Topics

• Week 2 : Secure Remote Access– Sniffing, Secure Shell (SSH), VPN

• Week 3 : Secure E-mail– S/MIME, PGP, OpenPGP

• Week 4 : Secure Web Protocols– SHTTP, TCL, SSL, XML Encryption

• Week 5 : Secure E-commerce Protocols– XML Signature, SET, PCT

• Week 6 : Secure Wireless Internet– WEP, RADIUS, X802.1, EAP


Cryptography 101


Basic Definitions

• Definitions– Algorithm

» is the set of steps needed to solve a mathematical problems.

– Cryptographic algorithms

» Are mathematical algorithms and are designed so that the cryptographic algorithm can be called with different sets of data to be operated on.

– Cryptology

» The area that makes a new cryptographic algorithm.

– Cryptanalysis

» The area that analyzes a new cryptographic algorithm.


Basic Cryptology Principles

• Cryptology principles– Substitution

» Substitute input bit string to other predefined bit string.

» Purpose of substitution : confusion

– Permutation (Transposition)

» Replace input bit string from one place to the other place.

» Purpose of permutation : partial confusion

• Examples– Caesar, Affine, Transposition, DES, AES…


Required Encryption Properties

• Two properties of an encryption scheme that are desirable: – confusion -- the interceptor should not be able to predict

the effect of changing one character in the plaintext on the ciphertext.

– diffusion -- changes in the plaintext should affect many parts of the ciphertext. (Substitution and permutation do not exhibit diffusion.)


Basic Cryptology Principles

• Cryptology Methods– Stream cipher

» Every bit/character is replaced with other bit/string.

» E.g. : Substitution

– Block cipher

» A group of bits/strings are replaced with other bits/strings.

» E.g. : Transposition


Characteristics of “Good” Ciphers

• Shannon characteristics1. The amount of secrecy needed should determine the

amount of labor appropriate for the encryption and decryption.

2. The set of keys and the enciphering algorithm should be free from complexity.

3. The implementation of the process should be as simple as possible.

4. Errors in ciphering should not propagate and cause corruption of further information in the message.

5. The size of the enciphered text should be no larger than the text of the original message.


Secret Key Cryptography

• Working mechanism – encryption: E(key, message) -> enciphered text

» use the notation k{m}

– decryption: D(key, ciphertext) -> message. – message = D(key, E(key, message)).

• Usage

– Confidentiality

» transmitting secret messages

» storing information in encrypted form on insecure media

– Authentication

» determining who is involved in a given dialogue.


Text Sk Encrypted

Text

Encrypted

TextSk Original

TextInternet

Secret Key Method

Diagram of Secret Key

블록 암호 알고리즘 스트림 암호 알고리즘

암호알고리즘

n 비트 암호문

n 비트 평문

k 비트 키

암호알고리즘

n 비트초기값

k 비트 키

이진 평문 수열이진 암호문

수열

이진 키 수열

DES, FEAL, IDEA 등이 속함 RC4, SEAL 등이 속함


Data Encryption Standard (DES)

• History– DES is based on the IBM "Lucifer" algorithm of 1974.

– Became a U.S. standard in 1976.

– In 1993, Weinen at Bell Northern Research proposed a DES cracking machine.

» A chip costs $10.50 to manufacture and can try 50 million DES keys per second

• Spec– Takes in 64 bits of data, out 64 bits of data

– Key is a 56-bit key.

– Executes 16 cycles of substitution

and permutation (Feistel-structure)

DES

KeyScheduling

M

K

M’

56

64 752

64


DES Algorithm Structure

R0L0

f

R1=L0f(R0,K1)L1=R0

K1

K2

IP

Plain text

R2=L1 f(R1,K2)L2=R1

R15=L14 f(R14,K15)L15=R14

f

L16=R15R16=L15 f(R15,K16)

IP -1

Cipher text

f

S1 S2 S3 S4 S5 S6 S7 S8

P

E

R1K232

48

48

48

6

4

32

32

expansion

substitution

permutation

8x6 bits

8x4 bits

6432 32

48

K16

64


Key operations of DES

• Key Scheduling– Operation needed before encryption/decryption

– A 56-bit key is transformed to 16 48-bit sub-keys.

• Encryption– Use 64-bit plaintext and 16 48-bit sub-keys

– Generate a 64-bit ciphertext.

• Decryption– Use 64-bit ciphertext and 16 48-bit sub-keys

– Each sub-key is used in reverse order.

– Recover 64-bit plaintext.


Public Key Cryptography

• Properties– Asymmetric key cryptography : two keys, a private

(secret) key and a public key.

– Anyone can know the public key.

– Only the owner knows the private key.

– Plaintext to a principal B (or from a principal B) is encrypted using B's public key (or B’s private key).

– B (or receiving counterpart) decrypts the enciphered text using its private key (or its public key).


Public Key Cryptography (2)

• Common usage– Public key cryptography is usually much slower than secret

key cryptography.

– Rarely used to encrypt an entire message.

– Typically a message is encrypted using shared key cryptography (with a secret key).

– That secret key is then encrypted using public key cryptography, and the encrypted message and key are sent (hybrid encryption).

– This method can allow for complex structures in implementing our secrecy requirements (see Figure below) : e.g. "message is readable by A,B,C,D".


Usage of Public Key Cryptography

• Security functionality– Confidentiality

» Plaintext to a principal B is encrypted using B's public key.

» B decrypts the enciphered text using its private key.

– Authentication» Method A (Authenticating B)

• Random number is generated and encrypted with B’s public key.

• Decrypt the random number and retransmit it to the sender to identify itself.

» Method B

• Plaintext is encrypted using the sender’s private key.

• What is produced is referred to as signed text and it can be "deciphered" using the public key.

• The functionality of signed text cannot be replicated using secret key/symmetric cryptography.


Text Pk Encrypted

Text

Encrypted

TextUk Original

TextInternet

Public Key Method

Diagram of Public Key


Public Key : RSA

• RSA (Rivest, Shamir, Adelman)– Characteristics

» Used to encrypt a private key and then send that along with a message encrypted by the private key.

» It uses a variable key length (usually 512 bits) and a variable block size that is not greater than the key length.


Public Key : RSA

• RSA Operations– Making Keys

» Choose two large primes (say, 256 bits each) p and q. (secret)

» Compute n = p*q. (not secret)

» This systems works under the assumption that factoring n is computationally intractable.

» Choose e such that e is relatively prime to (has no common factors other than 1 with) (p-1)*(q-1).

» The number e is usually chosen to be small. 3 and 64437 are popular.

» The public key is the pair (e, n). Note that e doesn't have to be secret.

» The private key is (d, n) where d is the multiplicative inverse of e mod (p-1)(q-1).


Public Key : RSA (2)

• RSA Operations (con’d) – Encryption

» For a message m, compute me mod n

» Send the result as ciphertext.

– Decryption» For a ciphertext c, compute m = cd mod n.

– Digital signatures» To sign a message m, compute s = md mod n.

» To check a signature: m = se mod n.


Public Key : RSA (3)

• RSA (Rivest, Shamir, Adelman) (cont’d)– Necessary math theorem :

» Choose large prime numbers p and q (n) = (p-1)(q-1)

» Choose e such that e becomes a relative prime of (p-1)(q-1) and select d such that e * d mod (n) = 1

» e * d = 1 mod (p-1)(q-1) = k * (n) + 1

» P^p-1 mod p = 1 mod p where (p-1) is a factor of (n).

» P^(n)*k mod p = 1 mod p

» P^(n)*k+1 mod p = P mod p

» P^(n)*k+1 mod q = P mod q

Therefore» m = (me mod n)d mod n.


Computing Inverses

• Fermat’s theorem– a^p mod p = a for any prime p and a < p.

– a^(p-1) mod p = 1

• Inverse– ax mod p = 1 = a^(p-1) mod p

– x = a^(p-2) mod p

– works for only prime p


Hash Function• What is hash function?

– A function that digests information.

– Takes a message as input and outputs a short bit string (say, 128 bits).

– An example of a 1-bit hash would be a function that returns the parity of the message.

• Properties of hash function– computationally infeasible to determine the input

message m based on the digest of that message hash(m).

– Infeasible to find any message with a given digest value.

– Infeasible to find 2 messages with a given hash.

– Changing even 1-bit of the input gets completely different output, so that syntactically similar messages generate very different outputs.


Types of Hash functions• Unkeyed Hash Functions (MDCs)

– Used in MDC : Manipulation Detection Codes

– Well-known functions : MD5, SHA1, RipeMD160

• Keyed Hash Functions (MACs)– Used in MAC: Message Authentication Codes

– Further classified depending on implementation mechanism

» Based on block cipher algorithm : CBC-MAC, RIPE-MAC

» Based on hash functions : MD5-MAC, SHA1-MAC » Based on stream cipher algorithm : CRC-based MAC


SHA

• History– Developed by NIST on 1993 to be used in digital

signature

– Revised on 1995 to utilize the principle of MD4 and named SHA-1

– Standardized to FIPS180-1

• Characteristics– Input : Arbitrary length

– Output : 160-bit message

– For every iteration

» Input 512-bit message

» Internally repeat 80 times the same step


Structure of SHA

ai-1

bi-1

ci-1

di-1

ei-1

ai

bi

ci

di

ei

<<<30

<<<5

L

Wi Ki

L : Nonlinear functions Ft(X,Y,Z)=(XY)((X) Z), for t=0 to 19 Ft(X,Y,Z)=XYZ, for t=20 to 39 Ft(X,Y,Z)=(XY)(X Z)(Y Z), for t=40 to 59 Ft(X,Y,Z)= XYZ, for t=60 to 79

Kt=0x5a827999, for t=0 to 19Kt=0x6ed9eba1, for t=20 to 39Kt=0x8f1bbcdc, for t=40 to 59Kt=0xca62c1d6, for t=60 to 79

Wt=Mt , for t=0 to 15Wt=(Wt-3 Wt-8 Wt-14 Wt-16 )<<<1, for t=16 to 79

Initial Vectors a0 = A = 0x67452301 b0 = B = 0xefcdab89 c0 = C = 0x98badcfe d0 = D = 0x10325476 e0 = E = 0x3d2e1f0

Output Message D = a80 b80 c80 d80 e80

Input Message M=M0 M1 M15

(each Mi is a 32 bit word)


Examples of Keyed MAC algorithms

• CBC-MAC (Block cipher based MAC Algorithm)– Input : Message X = x1x2x3 … xt, Key k– E : any block cipher

E

x1

0

k E

x2

H1

E

x3

H2 H3

E

xt

Ht-1

H

• MD5-MAC (Hash based MAC Algorithm)– Input : Message X, Key k– p1, p2 : padding data

MD5

k

p2 p1

H1HX

k||p2||X MD5 k||p1||H1


MACMAC함수함수

MACMAC함수함수

Message authentication using MAC

메시지

MAC

Internet

MAC MAC=?

MACMAC함수함수

MACMAC함수함수

메시지 메시지MACMAC


Digital Signature

• Purpose and Operation– Used to prove that a message was generated by a

particular principal.

– To create a signed message, A will encrypt a message using its own private key and send that encrypted message to B.

– B looks up A's public key and uses it to decrypt the message.

– This is not completely practical since it requires running the decryption on an entire message, which can be expensive.

– A solution is to compute a hash of the message and sign that.


Digital Signature

• Required functions– authentic : able to determine whether the sign is authenti

c

– unforgeable : able to make it impossible to forge the same one

– not reusable : impossible to reuse

– unalterable : impossible to alter the signed one

– non-repudiation : once signed, it is impossible to deny it

• Functional summary– DS = User authentication + Message authentication


Text SkEncrypted

textSk

Encrypted

text

Original textInternet

MD MD

compare

Pka

Uka

Diagram of Digital Signature


Electronic Envelope

• Idea– Maintaining the secrecy of public key and exploit the

efficiency of secret key

• Method– Generate a random secret key and encrypt a message with the

secret key

– Encrypt the secret key with the recipient’s public key

– Send the encrypted message with the encrypted secret key

OriginalText Sk

Encrypted

text Sk

Original

textInternet

EncryptedkeyPkb Ukb

Encrypted

text

Encryptedkey


Diffie-Hellman Key Agreement Protocol• Purpose

– A protocol to share a secret key between two members located far away in the network

– A protocol based on discrete differential mathematic

– Consist of One-time Setup and Protocol Action

• One-time Setup– Choose a big prime number p and a generator in Zp

* and make them public

• Protocol Action

1) 난수 x 를 생성 2) M ( = x mod p) 를 전송 4) N 을 수신 5) 비밀키 K 계산

K= (x)y mod p = (y)x mod = p xy mod p

1) 난수 y 를 생성 2) N ( = y mod p) 를 전송 4) M 을 수신 5) 비밀키 K 계산


Summary

• Secret key (symmetric key)– Principle, Example : DES

• Public key (asymmetric key)– Principle, Example : RSA

• Hash function– Principle, Example : SHA

• Digital signature

• Electronic envelope

• Diffie-Hellman key agreement


Homework #1

• Read PKCS#12

• Read X.509 RFC 2459

• Due date 7/2

• Have one machine installed linux and Install OpenSSL

• Generate a certificate for root and for you

• Submit generated certificates

• Demonstrate the process on Friday class (7/4)

• Due date 7/7

postech itec559 su 03 1 itec559 secure internet protocols lecture 1 postech prof. jong kim © 2003...

Documents

postech itec559 su

postech slide

transposition slide

seal slide

aes slide

eap slide

bits of data key

secret key cryptography