cs242 computer networks department of computer science wellesley college what me worry? an...
TRANSCRIPT
CS242 Computer Networks
Department of Computer ScienceWellesley College
What me worry?
An introduction to cryptography
Intro to cryptology 1-2
Cryptology
o This course is about secrets.
o Making secrets (cryptography), and breaking them (cryptanalysis).
o But, who are we keeping secrets from?
Intro to cryptology 1-3
The woods are full of noises
You can get further with a kind word and a gun than you can with a kind word alone.
Willy Sutton, bank robber
Recommended reading: Secrets and Lies: Digital Security in a Networked World. by Bruce Schneier.
Intro to cryptology 1-4
Maxim No. 1: One should never underrate the
adversary
Intro to cryptology 1-5
Maxim No. 1’. One should neveroverrate one’s allies
o Encryption security is no better than the crypto clerk.
o Simplicity is essential for cryptosystems used by many, often in difficult circumstances.
Intro to cryptology 1-6
Maxim No. 2
o “Il faut qu’il puisse sans inconvenient tomber entre les mains de l’ennemi.” Auguste Kerckhoffs
o “The enemy knows the system being used.”
Claude Shannono “No security by
obscurity.” Scott Anderson
Intro to cryptology 1-7
Confidentiality and beyond
o Historically, the focus cryptology has been on the use of conventional encryption to provide confidentiality.
o More recently, we have seen cryptology used to address a number of other considerations.
Intro to cryptology 1-8
Security servicesConfidentiality
Protection of data from unauthorized disclosure.
AuthenticationAssurance that the
origin of a communication is correctly identified.
IntegrityOnly authorized entities are able to modify resources.
NonrepudiationProtection again denial
by one of the parties.Access control
Prevention of unauthorized use of a resource.
Intro to cryptology 1-9
Thwarting the snooper
o If encryption is to be used to counter attacks on confidentiality, we need to decide what to encrypt and where the encryption function should be located.
o In other words, we need to understand where we are vulnerable.
Intro to cryptology 1-10
Points of vulnerability
TelcoCentralOffice
Workstation
LAN
CommunicationsServer
Wiring Closet
Packet-SwitchingNetwork
A good placeto start
Intro to cryptology 1-11
John the Ripper
o People are usually the weakest link.
o Access to etc/passwd was a humongous security breach that existed in the CS Department for many years.
o Social engineering is often easier still.
QuickTime™ and aH.263 decompressor
are needed to see this picture.
Intro to cryptology 1-12
Fluffy meets server security
ImpersonationUser gains access to
workstation & pretends to be another
Address spoofingUser alters network address of workstation so that request appears to come from impersonated machine.
Replay attacksUser eavesdrops on
exchange and uses replay attack to gain entrance to server (or distrupt operations).
Login: Alice
Login: Carol
Login: Bob
Network
Intro to cryptology 1-13
Broadcast networks and wiring closets
TelcoCentralOffice
Workstation
LAN
CommunicationsServer
Wiring Closet
Packet-SwitchingNetwork
Workstations onthe same link cansniff with impunity.
Switched LANs mayrequire access to the wiring closet.
Intro to cryptology 1-14
Telnet application over TCP
Intro to cryptology 1-15
Sniffing a password
Intro to cryptology 1-16
The great outdoors
TelcoCentralOffice
Workstation
LAN
CommunicationsServer
Wiring Closet
Packet-SwitchingNetwork
Communications tothe outside world are especially vulnerable
Intro to cryptology 1-17
Datagram networks*
A datagram network sends a packet by stamping it with the address of the destination and dropping it into the network.
*End-to-end encryption ensures user data is secure. However, packet headers are transmitted in the clear.
Intro to cryptology 1-18
Traffic analysiso Sometimes it is enough
just to know that the communication is taking place.
o Traffic analysis may be used to
o Identify communication partners;
o frequency of communication;
o message pattern;o length, or quantity;o correlate traffic with
events.
Intro to cryptology 1-19
Model of conventional cryptosystem
Intro to cryptology 1-20
Fundamentals of conventional ciphers
SubstitutionThe pigpen cipher
was used by the Society of Freemasons and Confederate soldiers during the civil war.
TranspositionSpartans spirally
wrapped a strip of parchment around a tapered rod called a scytale before writing on it.
Intro to cryptology 1-21
Traditional symmetric-key encryption has a big
problem
Intro to cryptology 1-22
The protagonists
Alice Bob
Carol
Intro to cryptology 1-23
1. Alice chooses a number Bob chooses a numberA=3 B=6
and keeps it a secret and keeps it a secret
2. Alice calculates 7A (mod 11) Bob calculates 7B (mod 11) 73 = 343 = 2 (mod 11)
76 = 117,649 = 4 (mod 11)3. Alice sends 2 to Bob Bob sends 4 to Alice
4. Alice takes Bob’s result, Bob takes Alice’s result, and works out 4A (mod 11)and works out 2B (mod 11) 43 = 64 = 9 (mod 11) 26 = 64 = 9 (mod 11)
Diffie-Hellman-Merkle key exchange
Alice Bob
Carol
Carol listens intently
Intro to cryptology 1-24
Problem solved?
Alice Bob
Carol
Carol negotiates with both sides from the middle.
*Carol-in-the-middle is capable of intercepting, interrupting, modifying, or even fabricating messages. Carol isn’t very nice.
Intro to cryptology 1-25
Public-key systems fair no better
This whole business of protecting public keys from tampering is the single most difficult problem in practical public key application. It is the “Achilles heel” of public key cryptography, and a lot of software is tied up in solving this one problem.
PGP Documentation
*That’s job security for us.