2. Security and Cryptography
• Security: all issues which make secure
communication (information transmission, two
(multiple) party interaction) over insecure channels.
• Cryptography: the science and art of manipulating
messages to make them secure.
• Classical cryptographic techniques.
• Along with the development of communication
networks and their broad applications, network
security is becoming a more serious problem.
• Thus, call for modern cryptography.
3. Network threats and attacks
Passive:
Active:
Eavesdropping
Traffic analysis
Masquerading
Replay
Modification
Denial of service
Client Server
Attacker Server
Client Servermodify
Clientclient ServerMan-in-middle
Client Server
4. Security Requirements
• Privacy or confidentiality: The information should
be readable only by the intended receiver. i.e.,
protect the information from eavesdropping.
• Integrity: The receiver can confirm that a message
has not been altered during transmission, i.e.,
protect the information from tampering.
• Authentication: Any party (sender or receiver) can
verify that the other party is who he or she claims
to be, i.e., validate the identity of the other party.
• Nonrepudiation: The sender can not deny having
sent a given message. i.e., if a transaction (e.g., a
purchase) has occurred between two parties, the
nonrepudiation service can prove that for any
party, he/she really performed the transaction
him/herself, not by any other person.
5. Approaches to implementing security
Confidentiality: By encryption (and decryption)
Sender: encrypts the message using a key and sends the encrypted message.
Receiver: decrypts the encrypted message using the same key as the
sender’s key or a key derivable from the sender’s key.
Integrity:By checksum or hash value/message digest.
Sender: computes checksum/hash value/message digest from the message
and sends the message along with the checksum/hash value/message digest.
Receiver: re-computes checksum/hash value/message digest from received message
and compares with the transmitted checksum/hash value/message digest.
In some sense, it likes error-detection.
Problem: the attacker, after intercepting the message, modifies the message,
computes the checksum for modified message, and resends them.
Solution: keyed checksum/hash value/message digest.
message checksum Both are transmitted
message checksumkey
Message + checksum
are transmitted
6. Approaches to implementing security (cont.)
Authentication:Traditional user ID and password.
Modern cryptography based authentication.
--Digital signature.
Nonrepudiation: Undeniable signature, i.e.,
Digital signature + verification protocol + disavowal protocol
7. Security requirements and their implementation
Confidentiality: encryption (and decryption)
Integrity:checksum or hash value/message digest or MAC.
Authentication: user ID and password or Digital signature.
Nonrepudiation: Undeniable signature
Availability: Intrusion detection and defense
Authorization: Access control
Accountability: Log, record, trace, system administration
Q: how to defense Replay attack?Timestamps and/or sequence numbers.
8. Classification of cryptosystems
• Secret key systems vs. public key systems
• Classical vs. modern
– Classical: secret key systems
• Shift, Affine, Vigenere, Hill, Permutation
(transposition) cipher, Stream cipher
– Modern:
• Secret key systems
– DES, AES, PGM
• Public key systems
– RSA, ElGamal, Elliptic Curve
9. Shift cipher--example
• Suppose a plaintext word: cryptography
• Change each letter by shifting the letter
three position rightward
• The cipherword is: FUBSWRJUDSKB
Question: if given the above cipherword, how to get original word?
Change each letter by shifting the letter three position leftward.
This kind of cryptosystem is called “Caesar Cipher”
10. Secret cryptosystem--DES
• Data Encryption Standard (DES)
• First version in 1975, developed by IBM.
• A type of iterated cipher.
• Plaintext block: 64 bits, key: 56 bits, ciphertext block:64 bits.
• Steps:
– Initial permutation (IP)
– 16 rounds of transformations
– Inverse permutation (IP-1)
11. Key management and exchange
• Key is the essential part in any
cryptosystem, especially in secret key
systems.
• How to distribute/exchange key/keys
between two users/any pair of multiple
users.
• Therefore key management and key
exchange come into play.
• Also public key systems appeared.
12. Why public-key cryptography
1. The two communicants in secret key system require
the prior communication of key, using a secure
channel. it is very difficult to achieve in practice.
Unless the two communicants meet together, phone
call, post mail, email etc., are not secure.
2. Suppose there are n users and every pair of users want
to communicate. In secret-key system, it is necessary
that the total number of keys is n(n-1)/2. Very difficult
to management and quite insecure. However, in public-
key system, every user selects his/her own private key
and public key, and publicizes the public key but keep
the private key secret. Quite easy and very secure.
The main problem with public-key system is that it is very slow.
13. Public-key cryptosystem
• Secret-key cryptosystem:
– eK & dK: dK is the same as or derived
from eK.
– Called symmetric-key cryptosystem.
– Problem: how to distribute eK & dK to
Alice & Bob securely.
• Public-key cryptosystem:
– Computationally infeasible to compute
dK from eK.
– Called asymmetric-key cryptosystem.
– eK is made public, called public key
– But dK is kept secret, called private key.
14. Public-key system: how it works
• Everybody selects its own public key P
and private key S, and publicizes P.
• Therefore Alice has (Pa , Sa), and Bob
has (Pb , Sb).
• Everybody knows Pa, Pb, …
• Suppose Alice wants to send a
message to Bob.
– Alice encrypts the message with Bob’s
public key Pb and sends out.
– (only) Bob can decrypt the message
using his private key Sb. Nobody else
can.
15. Two party key management
• By public key cryptosystems:
– Alice selects a random value k as a key
– Alice encrypts the key k with Bob’s public key
and sends to Bob
– Bob decrypts the key using his private key
– Alice and Bob encrypt/decrypt messages using
secret key systems such as DES with the key k.
– This is a typical combination of secret and public
key systems.
• By Diffie-Hellman key agreement
– Based on Discrete Logarithm Problem
16. DLP (Discrete Logarithm Problem)
– Suppose p is an odd prime.
– Zp={0,1,…,p-1} is a finite field.
– Zp
* : the set of integers which are relatively prime to p.
• {a Zp | gcd(a, p)=1}={1,…,p-1}
• it is a cyclic multiplicative group.
– g is a generator of Zp
* ,
• i.e. , Zp
* ={g 0 mod p, g 1mod p, …, g p-2 mod p}.
– DLP problem
• Given any a, compute b=g a (mod p) is easy.
• given any b, find an a such that b = g a (mod p) is difficult.
– Denoted as a = log g b. Omit: mod p for simplicity.
17. (Two-party) Diffie-Hellman (DH) key exchange
Suppose p and g are publicly known:
g a
g b
(a (b g b mod p)
K=(gb) a=g ab K=(ga) b=g ab
Alice Bob
g a mod p)
Anyone else can compute g a g b = g a+b but not g ab
19. Kerckhoff principle and attack levels
• Kerckhoff principle: the cryptosystem is publicly
known, but only the key is secret. Breaking a
cryptosystem (i.e., cryptanalysis) means figuring out
the key currently used.
• Attack levels:
– Ciphertext-only: the attacker possesses a string of
ciphertext, y.
– Known plaintext: the attacker possesses a string of
plaintext, x, and the corresponding ciphertext, y.
– Chosen plaintext: the attacker has obtained
temporary access to the encryption machinery.
Hence, he can choose a plaintext string, x, and
construct the corresponding ciphertext string, y.
– Chosen ciphertext: the attacker has obtained
temporary access to the decryption machinery.
Hence, he can choose a ciphertext string, y, and
construct the corresponding plaintext string, x.
20. Internet security protocols
• The Internet has implemented a
suite of security protocols combining
secret-key, public-key, digital
signature, message digest, etc.
– IPSec (IP security): i.e., IP layer /
network layer
– SSL (Secure Socket Layer) & TLS
(Transport Layer Security): transport
layer
– SSH (Secure Shell), SFTP, HTTPS, PGP
(Pretty Good Privacy): application layer
21. IPSec key agreement
Entity A Entity B
Crypto suites I support
Crypto suite I choose
ga mod p
gb mod p
gab mod p{“Alice”, proof I am Alice}
gab mod p{“Bob”, proof I am Bob}
23. SSL functionality
• Server authentication (by public certificate)
• Client authentication (Optional)
• Data encryption (by secret key system)
• Integrity protection by (MAC)
24. SSL handshake
Client Server
I want to talk, ciphers I support, RC
Certificate (PS), cipher I choose, RS
{S}PS, {keyed hash of handshake MSG}
{keyed hash of handshake MSG}
Data protected by keys derived from K
K=f(S,RC,RS) K=f(S,RC,RS)
compute compute
There are total six keys, three keys (encryption key, IV, integrity key) in each direction.