PROTECTING CONVERSATIONS

Similar documents
APNIC elearning: Cryptography Basics

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptographic Concepts

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptographic Systems

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

CSE 127: Computer Security Cryptography. Kirill Levchenko

Public Key Cryptography

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Computer Security: Principles and Practice

Ref:

Encryption. INST 346, Section 0201 April 3, 2018

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography MIS

Chapter 9 Public Key Cryptography. WANG YANG

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Key Establishment and Authentication Protocols EECE 412

CSC 774 Network Security

CSC/ECE 774 Advanced Network Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

UNIT - IV Cryptographic Hash Function 31.1

1.264 Lecture 28. Cryptography: Asymmetric keys

Security. Communication security. System Security

David Wetherall, with some slides from Radia Perlman s security lectures.

Public Key Algorithms

CS 161 Computer Security

Cryptographic Checksums

Kurose & Ross, Chapters (5 th ed.)

n-bit Output Feedback

Lecture 2 Applied Cryptography (Part 2)

Cryptography Introduction to Computer Security. Chapter 8

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Introduction to Cryptography. Vasil Slavov William Jewell College

Security: Cryptography

CIS 4360 Secure Computer Systems Applied Cryptography

CSC 474/574 Information Systems Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Topics. Number Theory Review. Public Key Cryptography

Grenzen der Kryptographie

18-642: Cryptography 11/15/ Philip Koopman

CS Computer Networks 1: Authentication

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

2.1 Basic Cryptography Concepts

CIS 4360 Secure Computer Systems Symmetric Cryptography

CCNA Security 1.1 Instructional Resource

(2½ hours) Total Marks: 75

CSC 474/574 Information Systems Security

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public Key Algorithms

18-642: Cryptography

Internet security and privacy

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Network Security Chapter 8

Lecture 6 - Cryptography

Cryptography. Intercepting Information Scenario 1. Tuesday, December 9, December 9, Wireless broadcasts information using radio signals

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Computer Security 3/23/18

Chapter 9. Public Key Cryptography, RSA And Key Management

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CS61A Lecture #39: Cryptography

Cryptography and Network Security

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Authentication CHAPTER 17

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Classical Cryptography. Thierry Sans

CS 332 Computer Networks Security

1. Diffie-Hellman Key Exchange

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

CS 161 Computer Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Spring 2010: CS419 Computer Security

S. Erfani, ECE Dept., University of Windsor Network Security

Public Key Algorithms

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Overview. Public Key Algorithms I

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Some Stuff About Crypto

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Summary on Crypto Primitives and Protocols

Transcription:

PROTECTING CONVERSATIONS Basics of Encrypted Network Communications

Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading

Basic Definitions Authentication Act of confirming the integrity of a message and the identity of the person who sent it Encryption Process of encoding messages so that eavesdroppers cannot read it, but authorized parties can

Early Attempts at Protection Wax seals authenticated a message Caesar ciphers encrypted the contents of the message the quick fox becomes WKH TXLFN IRA

More Advanced Protection WWII German Enigma machine produced uncrackable ciphers Signatures or watermarks, combined with shared secrets, give confidence in the identity of the sender

P A Step Backwards Early networked computers seemed to forget the lessons of the past Underpowered Mainly for research purposes SNMP Telnet rcp FTP IMAP SMTP POP3

Cryptography to the Rescue Symmetric Ciphers Asymmetric Ciphers Cryptographic Hashes

Symmetric Ciphers Single key is used for both encryption and decryption Key is a shared secret between the two parties Generally speedy Popular algorithms are moved into hardware for more speed 3DES and AES are common (AES is preferable)

Asymmetric Ciphers Two separate, mathematically-linked, keys for encryption and decryption One is secret, the other is public Anyone can encrypt using the public key; only secret (private) key can decrypt Typically slower than symmetric ciphers RSA and ECC are common

Cryptographic Hashes Algorithm that takes an arbitrarily-long block of data and returns a fixed-sized bit string Designed such that changes in the data will very likely change the hash Used with symmetric and asymmetric ciphers to produce HMAC (Hash-based Message Authentication Code) HMAC protect message integrity and authenticity MD5, SHA-1, and SHA-256 are common

Pre-shared Keys Prevents captured traffic from being deciphered Anyone who could read message could have sent it Time consuming to set up Keys often reused

Public Key Encryption Packets are limited to the size of the key pair Due to padding, 1024-bit RSA key yields a maximum message size of about 111 bytes (instead of the expected 128 bytes) Arbitrary message lengths would likely require multiple RSA ciphers per message Signing messages with the key pairs gives authenticity to the messages

RSA-Encrypted Symmetric Key Symmetric-Encrypted Ciphertext RSA-Signed Message Hash GPG Model of Encryption Random symmetric keys protected by Public Key Crypto

Diffie-Hellman Key Exchange Two parties without knowledge of each other can jointly establish a shared secret key over an insecure channel No authentication is provided key exchange is anonymous Discrete logarithm problem provides security Best known algorithms cannot retrieve secret data

Diffie-Hellman Key Exchange Alice Bob Secret Public Calc. Send Calc. Public Secret a p, g p,g» b a p, g, A g^a mod p = A A» p, g b a p, g, A «B g^b mod p = B p, g, A, B b a, s p, g, A, B B^a mod p = s A^b mod p = s p, g, A, B b, s

Diffie-Hellman Key Exchange B^a mod p = A^b mod p (g^b)^a mod p = (g^a)^b mod p Computationally hard to figure out large secret exponent from the public data

Station to Station Protocol Adds authentication to Diffie-Hellman Key Exchange Basic Protocol: Alice» Bob : g, p, A Alice «Bob : B, Cert_B, E_s(S_B(B, A)) Alice» Bob : Cert_A, E_s(S_A(A, B)) Encrypted signatures can be verified by the certificates

Enhancing Basic Protection Protocol like Station to Station generates a symmetric cipher between known hosts Can be used to securely transmit data between hosts Still vulnerable to several attacks Replay attacks Data modification Side-channel attacks

Replay Attacks Attacker does not know the contents of the message, but can see it effects Attacker intercepts messages and replays them in the future to replicate the observed effects Example: if a message seen to cause a missile to fire, can replaying cause more missiles to fire? Sequence numbered messages allow the receiver to track received messages

Data Modification Corrupting messages can cause issues in poorly written software Desirable to prevent message modification HMAC of encrypted message contents Hash of the contents of the encrypted message Signed by the message sender

Side-Channel Attacks Attack based on information gained from the implementation of the crypto-system, rather than brute force of weakness of the algorithms Message length analysis could be one form of sidechannel attack Encrypted messages can be padded to random lengths to hide the real length of the plaintext

Encrypted Protocols Insufficient Only protects data in transit Example: Email communication Encrypted session to SMTP server Encrypted session to IMAP/POP3 server No guarantees about security between SMTP servers No guarantees about storage of messages on intermediate servers (caching, store-and-forward) Solution: Use GPG to protect data end-to-end

Summary Authentication and Encryption secure the transmission of messages between two parties Prevents attackers from reading them and ensures the sender identity Simply providing encryption is not enough to secure messages Need to think about data at rest as well as data in transit

QUESTIONS?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback