1 / 24

Network Security

Network Security. Review. Secure channel. Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared key Encrypt MAC Left out: non-repudiation, etc. Shared Key Establishment. “Trusted third party” Kerberos Tickets

dillan
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Review

  2. Secure channel • Communication security • Confidentiality • Message • Traffic • Authentication • Integrity • How to achieve? • Establish shared key • Encrypt • MAC • Left out: non-repudiation, etc.

  3. Shared Key Establishment • “Trusted third party” • Kerberos • Tickets • Public key methods • SSL • IPSEC • “Out-of-band”

  4. Public Key Crypto

  5. Diffie-Hellman RSAN=pq; ed  1 (mod (N))Public:e,N;Private:d,N Encrypt M: CMemodN DecryptC:MCdmodN Sign M: SMdmod N VerifyS: Se M (modN) Public Key techniques p, g Alice Bob a b magamod p mbgbmod p ma mb mbamod p =gabmod p= mabmod p ? shared secret key! • Discrete log: • Given y,p,b • Find x: bxmod p = y • Factoring: • Given N=pq • Find p,q

  6. Discrete log based schemes • DH (key establishment) • DSS/DSA (signatures) • El-Gamal (signatures, encryption) • Elliptic Curves Cryptography (ECC) • Why modulus (p) is so large? • Little-step/giant-step attack

  7. Factoring based • RSA • Square Roots (=Factoring) • Rabin (Encryption, Signature) • Fiat-Shamir (ID scheme, Signature)

  8. World mod N • How many objects?|Z*N|= (N); for all z Z*N, z (N) mod N=1 • If N=pq, then (N)= (p-1)(q-1)[If N=p, then (N)= p-1] • Blum integers: N=pq, pq3 (mod 4) • Thenx(p+1)/4mod p= y; y2x(p+1)/2x(p-1)/2 x±x mod p

  9. Chinese Remainder Theorem (CRT) • Given y2=x mod p; z2=x mod q; N=pq;Find s: s2=x mod N • More generally:Given a,A, b,B;Find x: x=a mod A, x=b mod B • Let u, v be s.t. uA=1 mod B, vB=1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a; x mod B = uAb+vBa = uAb = b] • How to find u,v?

  10. Extended GCD • Euclid’s GCD algorithm(greatest common divisor):gcd(a,b) = gcd( b, a mod b) =…= gcd(a’,b’)=ca’=ib’+c, … , ax+by=c • If gcd(a,b)=1: ax=1 mod b

  11. Summary • RSA • Given p,q; Can compute (N), for N=pq; • With Extended gcd, can compute e, d = 1/e mod (N); [ gcd(e, (N)) must be 1 ] • Rabin • Using Blum integers can compute SQRT mod p,q • Using CRT can combine them to SQRT mod N

  12. Prime number generation • Why? • How? • Exhaustive search • Too long • Miller-Rabin • Little Fermat’s Theorem (again) • Prime Number Theorem

  13. Efficiency for all • Exponentiation: Repetitive Squaring • bA mod N takes 1.5 lg A long multiplications • Cost of multiplication • quadratic in length • Optimization: mod N  mod p + mod q +CRT • Watch out!

  14. Attacks on factoring • (N), N => factoring (quadratic equation) • Trick: • obtain x, s.t. x=0 mod p, x0 mod q • gcd(x, N)=p • SQRTmodN => Factoring • vy2mod N; zSQRTmodN(v) • If z  ±y, then x  y-z • Computing mod p + mod q + CRT • Random error mod p (or mod q) => factoring

  15. Other Crypto Encryption Hashing MACs

  16. Encryption • One time pad • Block cipher • DES • Feistel approach • AES/Rijndael • Modes of operation • EBC, CFB, CBC, etc. • Stream ciphers • RC-4 • Pseudo-random generators

  17. Hashing • Hashing algorithms • MD-5 • SHA • Applications • Digital signatures • MAC

  18. Systems Certificates SSL IPSEC Kerberos

  19. Certificates • X-509 • CA’s • Trust infrastructure • Hierarchical • X.509 • Networks of Trust • PGP

  20. SSL • TCP level secure channel • Establish Shared Secret • DH+Certificates [+signatures] • RSA+Certificates [+signatures] • Kerberos • Encrypt & MAC • Usually authenticates only server • Client authentication possible • Typical application: HTTPS

  21. IPSEC • IP level secure channel • Similar tools to SSL • Some traffic confidentiality • Both ends authenticated • Tunneling • Typical application:VPN

  22. Kerberos • Authentication Server • Ticket Granting Servers • Tickets • Realms

  23. Other topics • Firewalls • Non-repudiation • SET

  24. Final: Tuesday May 5 9-11am See you there! Best of Luck!!!

More Related