CS 332 Computer Networks Security

Similar documents
CSC 8560 Computer Networks: Network Security

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Ref:

Welcome to CS 395/495 Internet Security: A Measurement-based Approach

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Computer Communication Networks Network Security

14. Internet Security (J. Kurose)

Encryption. INST 346, Section 0201 April 3, 2018

SECURITY IN NETWORKS

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

SECURITY IN NETWORKS 1

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Public Key Algorithms

Internet and Intranet Protocols and Applications

Kurose & Ross, Chapters (5 th ed.)

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Symmetric Cryptography. CS4264 Fall 2016

Chapter 9 Public Key Cryptography. WANG YANG

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

CS Computer Networks 1: Authentication

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

CSC 474/574 Information Systems Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public Key Algorithms

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

EEC-484/584 Computer Networks

CRYPTOGRAPHY & DIGITAL SIGNATURE

Security in Distributed Systems. Network Security

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

CSE 127: Computer Security Cryptography. Kirill Levchenko

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Cryptography (Overview)

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Key Exchange. Secure Software Systems

Lecture 6 - Cryptography

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Cryptography Intro and RSA

Lecture 1 Applied Cryptography (Part 1)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Overview. Public Key Algorithms I

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

CSCE 813 Internet Security Symmetric Cryptography

Recovery. Independent Checkpointing

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS61A Lecture #39: Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Garantía y Seguridad en Sistemas y Redes

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Computer Security 3/23/18

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

PROTECTING CONVERSATIONS

Some Stuff About Crypto

Activity Guide - Public Key Cryptography

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Chapter 8 Security. Computer Networking: A Top Down Approach

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Network Security Chapter 8

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Cryptography Functions

APNIC elearning: Cryptography Basics

Public Key Cryptography

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Computers and Security

Lecture 2 Applied Cryptography (Part 2)

Chapter 9. Public Key Cryptography, RSA And Key Management

Introduction to Cryptography. Vasil Slavov William Jewell College

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

EEC-682/782 Computer Networks I

CIS 4360 Secure Computer Systems Applied Cryptography

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Making and Breaking Ciphers

A Tour of Classical and Modern Cryptography

1.264 Lecture 28. Cryptography: Asymmetric keys

Security: Cryptography

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Computer Security: Principles and Practice

Lecture 6: Overview of Public-Key Cryptography and RSA

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

What did we talk about last time? Public key cryptography A little number theory

Cryptography Introduction to Computer Security. Chapter 8

CS 161 Computer Security

Network Security. Chapter 8. MYcsvtu Notes.

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Transcription:

CS 332 Computer Networks Security Professor Szajda

Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your drive down I-64 at 70 MPH? Core routers in the Internet could support mobility. Why don t we do this? What are the tradeoffs between direct and indirect routing schemes? What are the equivalents of HAs and FAs in a cellular network? 2

Chapter 8: Network Security Chapter goals: understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key distribution security in practice: firewalls security in application, transport, network, link layers 3

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers 4

What is network security? Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users 5

Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages Alice channel data, control messages Bob data secure sender secure receiver data Trudy 6

Who might Bob, Alice be? well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples? 7

There are bad guys (and girls) out there! Q: What can a bad guy do? A: a lot! eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) more on this later 8

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers 9

Notes on Cryptography Cryptography in and of itself is not security. It is a tool that helps us achieve security. Think of this as the difference between using a hammer and designing a building (an architect probably needs to be skilled in both). Do not, under any circumstances, attempt to roll your own crypto. In the last 40 years, cryptography has become a science. Most work before this time can be broken with ease. You must assume that your enemy knows the algorithm you are using. 10

The language of cryptography K A Alice s encryption key K B Bob s decryption key plaintext encryption algorithm ciphertext decryption algorithm plaintext symmetric key crypto: sender, receiver keys identical public-key crypto: encryption key public, decryption key secret (private) 11

Caesar Cipher The earliest know encryption scheme, this cipher simply shifts all letters in the alphabet to the right by 3 places. abcdefghijklmnopqrstuvwxyz defghijklmnopqrstuvwxyzabc KRZ ZHOO GRHV WKLV ZRUN? This example belongs to a basic class of rotation substitution ciphers. e.g., ROT3, ROT13 12

Caesar Cipher The earliest know encryption scheme, this cipher simply shifts all letters in the alphabet to the right by 3 places. abcdefghijklmnopqrstuvwxyz defghijklmnopqrstuvwxyzabc KRZ ZHOO GRHV WKLV ZRUN? This example belongs to a basic class of rotation substitution ciphers. e.g., ROT3, ROT13 13

Symmetric key cryptography substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another E.g.: plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq ciphertext: nkn. s gktc wky. mgsbc Plaintext: bob. i love you. alice Q: How hard to break this simple cipher?: brute force (how hard?) other? 14

Symmetric key cryptography K A-B K A-B plaintext message, m encryption algorithm ciphertext K A-B (m) decryption algorithm plaintext -1 m = K ( K (m) ) A-B A-B symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? 15

Symmetric key crypto: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase ( Strong cryptography makes the world a safer place ) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining 16

Symmetric key crypto: DES DES operation initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation 17

AES: Advanced Encryption Standard new (Nov. 2001) symmetric-key NIST standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES 18

Block Cipher 64-bit input loop for n rounds 8bits T 1 8bits 8bits 8bits 8bits 8bits 8bits 8bits T 2 T 3 T 4 T 5 T 6 T 7 T 8 One pass through: one input bit affects eight output bits 8 bits 8 bits 8 bits 8 bits 8 bits 8 bits 64-bit scrambler 8 bits 8 bits 64-bit output Multiple passes: each input bit affects all output bits. Block ciphers: DES, 3DES, AES 19

Cipher Block Chaining Cipher block: if input block repeated, will produce same cipher text: Cipher block chaining: XOR i th input block, m(i), with previous block of ciphertext, c(i-1) c(o) transmitted to receiver in clear what happens in HTTP/1.1 scenario from above? t=1 m(1) = HTTP/1.1 block cipher t=17 m(17) = HTTP/1.1 block cipher c(i-1) m(i) + block cipher c(i) c(1) c(17) = k329am02 = k329am02 20

Public Key Cryptography symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never met )? public key cryptography radically different approach [Diffie- Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver 21

Public key cryptography K B + Bob s public key K B - Bob s private key plaintext message, m encryption algorithm ciphertext + K (m) B decryption algorithm plaintext message - + m = K (K (m)) B B 22

Public key encryption algorithms Requirements: 1 2.. need K + - ( ) and K ( ) such that B B - + B B K (K (m)) = m given public key K, it should be B impossible to compute private - key K B RSA: Rivest, Shamir, Adelson algorithm + 23

RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are relatively prime ). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B - 24

RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m e mod n (i.e., remainder when m e is divided by n) 2. To decrypt received bit pattern, c, compute m = c d mod n (i.e., remainder when c d is divided by n) Magic happens! m = (m e mod n) c d mod n 25

RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). letter m m e c = m e mod n encrypt: decrypt: l 12 248832 17 c c d m = c dmod n 17 481968572106750915091411825223071697 12 letter l 26

Now You Try Choosing Keys p = 7 and q = 11 n = pq =? ; z = (p-1)(q-1) =? Choose e (no common factors with z): 7 Choose d such that 7 x d = 1 mod z : 43 Our message is 9, what is the ciphertext? Our ciphertext is 37, what is the message? c = m e mod n m = c d mod n 27

e RSA: Why is it that m = (m mod n) d mod n Useful number theory result: If p,q prime and n = pq, then: x y mod n = x y mod (p-1)(q-1) mod n e (m mod n) d mod n = m ed mod n = m ed mod (p-1)(q-1) mod n = m 1 mod n = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) 28

RSA: another important property The following property will be very useful later: - + K (K (m)) = m B B = + - K (K (m)) B B use public key first, followed by private key use private key first, followed by public key Result is the same! 29

Diffie-Hellman Encrypting data with RSA is computationally expensive Much faster to use a symmetric cipher Later, we will see examples where a symmetric key is choosen by sender and encrypted by RSA... but, what about network communications? We want two hosts to agree on a symmetric key Public key crypto was really started by Diffie and Hellman Goal: negotiate a secret over an insecure (e.g., public) medium seems impossible 30

Diffie-Hellman Protocol We have two participants: Alice (A) and Bob (B) Setup: pick a prime number p and a base g (<p) This information is public, e.g., p=13, g=4 Step 1: Each principal picks a private value x (<p-1) Step 2: Each principle generates and communicates a new value: y = g x mod p (e.g., Alice computes g a mod p, Bob g b mod p) Step 3: Each principle generates the secret shared key z z = g ab mod p z is used as the symmetric key for communication 31

Diffie-Hellman: Exchange Public Info: p = 17, g = 5 Everyone choose an x Alice picks her x: SA TA=g SA mod p TB=g SB mod p Bob picks his x: SB Alice computes: K = TB SA mod p TB SA = (g SB ) SA = g SB SA = g SA SB = (g SA ) SB = TA SB mod p Encrypted communication with K Alice computes: K = TA SB mod p How does Alice know Bob sent TA? Stay tuned tomorrow 32

Next Time Read Section 8.3 Authentication Start working on the homework and the last project. 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback