CSC/ECE 774 Advanced Network Security

Similar documents
CSC 774 Network Security

CSC 474/574 Information Systems Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CSC 474/574 Information Systems Security

Encryption and Forensics/Data Hiding

Cryptographic Concepts

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Public Key Algorithms

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Encryption. INST 346, Section 0201 April 3, 2018

Cryptographic Checksums

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Introduction to Cryptography

Computer Security: Principles and Practice

Chapter 9 Public Key Cryptography. WANG YANG

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Security. Communication security. System Security

UNIT - IV Cryptographic Hash Function 31.1

Security: Cryptography

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Study Guide for the Final Exam

CSC 474/574 Information Systems Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

1.264 Lecture 28. Cryptography: Asymmetric keys

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Kurose & Ross, Chapters (5 th ed.)

CIS 6930/4930 Computer and Network Security. Final exam review

CSE 127: Computer Security Cryptography. Kirill Levchenko

Public Key Algorithms

(2½ hours) Total Marks: 75

Spring 2010: CS419 Computer Security

Lecture 2 Applied Cryptography (Part 2)

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Lecture 1 Applied Cryptography (Part 1)

Other Topics in Cryptography. Truong Tuan Anh

Public Key Cryptography

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CS Computer Networks 1: Authentication

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

T Cryptography and Data Security

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

APNIC elearning: Cryptography Basics

Public Key Cryptography

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Information Security CS 526

CS 161 Computer Security

T Cryptography and Data Security

Cryptographic Systems

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Verteilte Systeme (Distributed Systems)

Introduction to Cryptography. Vasil Slavov William Jewell College

Ref:

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Chapter 9: Key Management

Appendix A: Introduction to cryptographic algorithms and protocols

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

PROTECTING CONVERSATIONS

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Cryptography and Network Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

David Wetherall, with some slides from Radia Perlman s security lectures.

Lecture 6 - Cryptography

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Chapter 10: Key Management

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Public-key Cryptography: Theory and Practice

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Chapter 9. Public Key Cryptography, RSA And Key Management

What did we talk about last time? Public key cryptography A little number theory

14. Internet Security (J. Kurose)

COMPUTER & NETWORK SECURITY

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Authentication Handshakes

CPSC 467b: Cryptography and Computer Security

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

1. Diffie-Hellman Key Exchange

Security: Focus of Control. Authentication

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

CSC 474/574 Information Systems Security

Transcription:

Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Pseudo random functions; traditional key distribution techniques Review of CSC 574 Primitives based on hash functions One-way hash chain, Merkle hash tree, client puzzles Bloom filters (a different type of hash functions) Secret sharing Rabin s information dispersal algorithms Secret handshake Computer Science CSC/ECE 774 Dr. Peng Ning 2 Computer Science CSC/ECE 774 Advanced Network Security Topic 2.1 Absolute Basics CSC/ECE 774 Dr. Peng Ning 3

Encryption/Decryption encryption ciphertext decryption key key Plaintext: a message in its original form Ciphertext: a message in the transformed, unrecognized form Encryption: the process that transforms a into a ciphertext Decryption: the process that transforms a ciphertext to the corresponding Key: the value used to control encryption/decryption. Computer Science CSC/ECE 774 Dr. Peng Ning 4 Cryptanalysis Ciphertext only: Analyze only with the ciphertext Example: Exhaustive search until recognizable Smarter ways available Known : Secret may be revealed (by spy, time), thus <ciphertext, > pair is obtained Great for mono-alphabetic ciphers Computer Science CSC/ECE 774 Dr. Peng Ning 5 Cryptanalysis (Cont d) Chosen : Choose text, get encrypted Useful if limited set of messages Chosen ciphertext: Choose ciphertext Get feedback from decryption, etc. Computer Science CSC/ECE 774 Dr. Peng Ning 6

Secret Key Cryptography encryption ciphertext decryption key Same key key Same key is used for encryption and decryption Also known as Symmetric cryptography Conventional cryptography Computer Science CSC/ECE 774 Dr. Peng Ning 7 Public Key Cryptography encryption ciphertext decryption Public key Private key Invented/published in 1975 A public/private key pair is used Public key can be publicly known Private key is kept secret by the owner of the key Much slower than secret key cryptography Also known as Asymmetric cryptography Computer Science CSC/ECE 774 Dr. Peng Ning 8 Public Key Cryptography (Cont d) message Sign Digital signature Verify Yes/No Private key Public key Another mode: digital signature Only the party with the private key can create a digital signature. The digital signature is verifiable by anyone who knows the public key. The signer cannot deny that he/she has done so. Computer Science CSC/ECE 774 Dr. Peng Ning 9

Public Key Cryptography (Cont d) Example algorithms RSA DSA Diffie-Hellman Computer Science CSC/ECE 774 Dr. Peng Ning 10 Digital Signature Algorithm (DSA) Generate public parameters p (512 to 1024 bit prime) q (160 bit prime): q p-1 g = h (p -1)/q mod p, where 1 < h < (p 1) such that g > 1. g is of order q mod p. User s private key x Random integer with 0 < x < q User s public key y y = g x mod p User s per message secret number k = random integer with 0 < k < q. Computer Science CSC/ECE 774 Dr. Peng Ning 11 DSA (Cont d) Signing r = (g k mod p) mod q s = [k -1 (H(M)+xr)] mod q Signature = (r, s) Verifying M, r, s = received versions of M, r, s. w = (s ) -1 mod q u 1 = [H(M )w] mod q u 2 = (r )w mod q v = [(g u1 y u2 ) mod p] mod q if v = r then the signature is verified Computer Science CSC/ECE 774 Dr. Peng Ning 12

Hash Algorithms Message of arbitrary length Hash H A fixed-length short message Also known as Message digests One-way transformations One-way functions Hash functions Length of H(m) much shorter then length of m Usually fixed lengths: 128 or 160 bits Computer Science CSC/ECE 774 Dr. Peng Ning 13 Hash Algorithms (Cont d) Desirable properties of hash functions Performance: Easy to compute H(m) One-way property: Given H(m) but not m, it is computationally infeasible to find m Weak collision free: Given H(m), it is computationally infeasible to find m such that H(m ) = H(m). Strong collision free: Computationally infeasible to find m 1, m 2 such that H(m 1 ) = H(m 2 ) Example algorithms MD5 SHA-1 SHA-256 Computer Science CSC/ECE 774 Dr. Peng Ning 14 Applications of Hash Functions Primary application Generate/verify digital signature Message m H H(m) Sign Signature Sig(H(m)) Private key Message m H Signature Sig(H(m)) H(m) Verify Public key Yes/No Computer Science CSC/ECE 774 Dr. Peng Ning 15

Applications of Hash Functions (Cont d) Password hashing Doesn t need to know password to verify it Store H(password+salt) and salt, and compare it with the user-entered password Salt makes dictionary attack more difficult Message integrity Agree on a secrete key k Compute H(m k) and send with m Doesn t require encryption algorithm, so the technology is exportable Computer Science CSC/ECE 774 Dr. Peng Ning 16 Applications of Hash Functions (Cont d) Authentication Give H(m) as an authentication token Later release m Computer Science CSC/ECE 774 Dr. Peng Ning 17 Pseudo Random Generator Definition A cryptographically secure pseudorandom bit generator is an efficient algorithm that will expand a random n-bit seed to a longer sequence that is computationally indistinguishable from a truly random sequence. Theorem [Levin] A one-way function can be used to construct a cryptographically secure pseudo-random bit generator. Computer Science CSC/ECE 774 Dr. Peng Ning 18

Pseudo Random Functions Definition A cryptographically secure pseudorandom function is an efficient algorithm that given an n-bit seed s, and an n-bit argument x, returns an n-bit string f s (x) such that it is infeasible to distinguish f s (x) for random seed s from a truly random function. Theorem [Goldreich, Goldwasser, Micali] Cryptographically secure pseudorandom functions can be constructed from cryptographically secure pseudorandom bit generators. Computer Science CSC/ECE 774 Dr. Peng Ning 19 Key Agreement Establish a key between two or among multiple parties Classical algorithm Diffie-Hellman Computer Science CSC/ECE 774 Dr. Peng Ning 20 Key Exchange Key exchange Between two parties A special case of key agreement Use public key cryptography Examples: RSA, DH Use symmetric key cryptography Usually requires a pre-shared key Computer Science CSC/ECE 774 Dr. Peng Ning 21

Key Distribution Involves a (trusted) third party to help establish keys. Based on Symmetric key cryptography, or Public key cryptography Computer Science CSC/ECE 774 Dr. Peng Ning 22 Center-Based Key Management Key Distribution Center (KDC) Communication parties depend on KDC to establish a pair-wise key. The KDC generates the cryptographic key Pull based Alice communicates with the KDC before she communicates with Bob Push based Alice communicates with Bob, and it s Bob s responsibility to contact the KDC to get the pair-wise key. Computer Science CSC/ECE 774 Dr. Peng Ning 23 An Example of KDC: Kerberos 1. Request TGT 2. TGT + session key 3. Request SGT 4. Ticket + session key Keberos Authentication Server (AS) Ticket-Granting Server (TGS) 5. Request service 6. Server authenticator Server Computer Science CSC/ECE 774 Dr. Peng Ning 24

When Public Key Cryptography is Used Need to authenticate public keys Public key certificate Bind an identity and a public key together Verify the authenticity of a party s public key Computer Science CSC/ECE 774 Dr. Peng Ning 25 Attacks Replay attacks Man-in-the-middle attacks Resource clogging attacks Denial of service attacks Meet-in-the-middle attacks Dictionary attacks Others specific to protocols Computer Science CSC/ECE 774 Dr. Peng Ning 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback