fundamentals elements of network and cyber security hussein abdel-wahab hussein abdel-wahab, ph.d....
TRANSCRIPT
Fundamentals Elements of Network and Cyber
Security Hussein Abdel-WahabHussein Abdel-Wahab, Ph.D.Professor and Graduate Program Director Departmet of Computer Science Old Dominion UniversityOld Dominion University [email protected]/~wahab
General Concepts
Players: AliceAlice, BobBob and TrudyTrudy.
How to communicate securely over an insecure medium?
AliceAlice should be able to send a message to BobBob
That TrudyTrudy can't understand or modify
& Bob Bob is assured that AliceAlice is the sender.
Fundamental Tenet of Cryptography
If lots of smart people failed to solve a problem, then it probably won't be solved (soon).
The time required to break a code should be longer than the time the encrypted data must remain secret.
The value of most data decreases overtime.
Cryptographic System: Algorithm + Key
It is perfectly OK to let everyone know the algorithm. Knowledge of the algorithm without the key does not help unmangle the information.
Publishing the algorithm provides an enormous amount of free consulting to uncover weaknesses.
Traditional use of Cryptography
Plaintext >>> Ciphertext >>> Plaintext (Encryption) (Decryption)
Cryptographer: Invent clever secret codes.
Cryptanalyst: Attempt to break these codes.
Computational Difficulty
Example: combination lock
Typically require 3 numbers between 1 and 40. If it takes 10 seconds for a good guy,
it would take 10*(40**3) seconds or about 1 week for the bad guy.
By requiring 4 numbers: If it takes 13 seconds for the good guy, it would take 13*(40**4) seconds or about 1 year for the bad guy.
Secret Key Cryptography (Symmetric Cryptography)
(encryption) plaintext >>> ciphertext
| key |
ciphertext >>> plaintext (decryption)
Uses of Symmetric Cryptography
Transmission Over an Insecure Channel: An eavesdropper will only see unintelligible data.
Secure Storage on Insecure Media: Forgetting the key makes the data irrevocably lost!
Authentication: Alice authenticating Bob Alice Alice BobBob challenge: r >>>>>> r response: r= K{c} <<<<<<< c=K{r}
Public Key Cryptography (Asymmetric Cryptography)
Each individual has two keys: private key (not revealed to anyone) public key (make it known to everyone)
(encryption) plaintext >>>>>>>>>> ciphertext | public key
private key | ciphertext >>>>>>>>> plaintext (decryption)
Digital Signature
(signing) plaintext >>>>>>>>> ciphertext | private key
public key
| ciphertext >>>>>>>> plaintext (verification)
Uses of Public KeySecret Key establishment
Public key cryptographic algorithms are much slower than Secret key cryptographic algorithms.Thus they are normally used to establish temporary shared secret key for use during a given session.
AliceAlice BobBob
{K} eB >>>>>>>>> [K] dB
K{mB} >>>>>>>>> K{mB}
K{mA} <<<<<<<<< K{mA}
Uses of Public Key Authentication
AliceAlice authenticating BobBob:
AliceAlice BobBob
challenge: c = { r }eB >>>>> c
response: r <<<<< r = [c]dB
Hash Algorithmsmessage-digest, finger-print, one-way-function
The hash of a message m, h = H(m)
has the following properties: Given m, it is easy to compute h. Given h, it is hard to compute m. Given m, it is hard to find another m' such that H(m) = H(m'). It is hard to find m1 and m2 such that H(m1) = H(m2).
Message Authentication/Integrity Code
(MIC/MAC)
Using Secret Key:
AliceAlice BobBob
m,h, where h = H(m|K) >> m,h , OK if h = H (m|K)
Bob is sure that Alice sent m, since she knows K.
Bob can NOT prove to any one else that
Alice sent him m, since he also knows K!
Password Hashing
UNIX stores the hash of passwords.For each user U with password P, there is a
tuple:
<U, h>, where h = H(P)
When user U types a password P, UNIX computes: H(P) and the use is allowed to login if H(P) = h
The magic of XOR
0 ® 0 = 0 , 0 ® 1 = 1, 1 ® 0 = 1 & 1 ® 1 = 0
Note that: a ® a = 0 & a ® b®b = a (since b ® b = 0)
A Simple XOR symmetric algorithm: (P plain, C cipher, K key) Encrypt: C = P ® K* Decrypt:Decrypt: P = C ® K* (since (P ® K) ® K = P)
Secret Key CryptographyPrinciple
Secret key cryptographic systems takes: a key K and a data block M and
generate a one-one mapping that looks completely random.
I.e., any single bit change of K or M result in a totally independent random output.
Secret Key Cryptography
Transformation
Substitution: For small blocks of size k bits, specify for each of the 2k possible values of the input, the k-bit output.
Permutation: Specify for each input bit, the output position to which it goes.
Example:Example: DES (Data Encryption Standard)
Hashes/Message-DigestsPrinciple
Major Algorithms: Ron Rivest Message Digest (MD2, MD4 and MD5): 128-bit. NIST Secure Hash Algorithm SHA-1: 160-bit.
Both takes an arbitrary-length string and map it to a fixed-length quantity that appears to be randomly chosen.
They are easy to compute and are computed in rounds.
It is computationally infeasible to find: • A message that has a given message digest. • A different message with the same message digest. • Two messages that have the same message digest.
Things to do with a Hash
Authentication:
Alice Alice BobBob challenge: r >> r response: d << d=MD{K|r}
Alice computes MD{K|r} and if equal d, then Bob knows K.
Computing a MAC: AliceAlice BobBob m,d where d = MD(K|m) >> m,d, OK if d = MD (K|m)
Encryption using Hash
Generating one-time pad: Both AliceAlice and BobBob knows he shared secret K and generates:
b1= MD(K) bi = MD(K|bi-1), i=2,3, ....
AliceAlice BobBob ci = mi ® bi >>>> mi= ci ® bi
Public Key CryptographyPrinciple
Secret key algorithms & Hash algorithms similar.Public key algorithms are different from each other.
What is common among all public key algorithms is: each participant has two keys, public and private, & most of them are based on modular arithmetic:
x mod n is the remainder of x when divided by n. Example: 24 mod 10 = 4
Multiplication mod 10
Multiplication by 1, 3, 7 and 9 works as cipher since it performs 1-1 mapping.
Each "1" is the intersection of k and k-1, e.g. k = 7, then k-1 is 3.
Example: if k = 7, then 1987 is encrypted to 7369
Totient Function
What is so special about the set {1,3,7,9} ? These numbers are relatively prime to 10, i.e., they do not share with 10 any common factors other than 1.
How many numbers < n are relatively prime to n? This quantity is referred to as Ø(n) and is called the totient function: If n is prime: then {1,2, ..., n-1} are all relatively prime and Ø(n) = n-1. If n = p.q where p and q are two distinct primes, then Ø(n) = (p-1)(q-1).
Example: for n = 10 = 2.5, Ø(10) =(2-1).(5-1)=1.4=4, which is the set {1,3,7,9}.
Exponentiation mod 10
Examples: 4 2 = 6, 8 8 = 6, 76 = 9
An exponentiative inverse of e is the number d such that:
e.d = 1 mod Ø(n) Example: For n= 10, Ø(10)=4:
e=3 and d=7 are exponentiative inverses since 3.7=21= 1 mod 4
In public cryptography: <e, n> is public key & <d,n> is private key
Encrypt / Decrypt Sign / Verify
Encrypt / Decrypt:To encrypt m: compute c = me mod n To decrypt c: compute m = cd mod nExample:
encrypt m = 8: c = 83 = 2 decrypt c=2: m = 27 = 8
Sign / Verify:To sign m: compute s = md mod n To verify s: compute m = se mod nExample:
sign m = 8: s = 87 = 2 verify s=2: m = 23 = 8
RSA works
Encrypt/Decrypt: To encrypt a message m (<n): c = me mod n& To decrypt c: m = cd mod n This works since:
cd mod n = (me)d mod n = me.d mod n = m mod n // since e.d = 1 mod Ø(n) = m // since m < n
Sign/Verify:
To sign a message m (<n): s = md mod n& To verify s: m = se mod n This also works since:
se mod n = me.d mod n = m mod n = m
Diffie-Hellman: Key agreement Protocol
AliceAlice and BobBob agree on: p (large prime) & g < p. AliceAlice BobBob
Pick SA (512-bit random number) Pick SB (512-bit random number)
Compute TA = ( gSA) mod p Compute TB = (gSB) mod p send TA
>>>>>>>> <<<<<<<<< send TB
Compute X = TB SA mod p Compute Y = TA
SB mod p
X is the same as Y, why?
X = TBSA = gSBSA
Y = TASB = gSASB
No one can compute g (SASB ) by knowing g (SA ) & g (SB )
Email Security Protocols
PEM (Privacy Enhanced Mail):
Add encryption, authentication and integrity to ordinary text messages.
MIME (Multipurpose Internet Mail Extensions):
Is a standard for encoding arbitrary data in email (images, video, etc.).
S/MIME: Incorporated many principles of PEM into MIME.
PEM: MIC-CLEAR
From: Alice To: Bob Subject: Colloquium Date: Tue Oct 26, 2005
-----BEGIN PRIVACY ENHANCED MESSAGE----- Originator-ID-Asymmetric: <certificate> MIC-Info: RSA-MD5, RSA, <MIC>
Dear Bob: I would like to invite you to give a colloquium next Fall, If you accept, let us talk about the details. Alice -----END PRIVACY ENHANCED MESSAGE-----
PEM: ENCRYPTED
From: Alice To: Bob Subject: Colloquium Date: Tue Oct 26, 2005
-----BEGIN PRIVACY ENHANCED MESSAGE----- DEK-Info: DES-CBC, IV MIC-Info: RSA-MD5, RSA, <MIC> Recipient-ID-Asymmetric: <Recipient certificate> Key-Info: RSA, <key encrypted with recipient public key>
<encoded encrypted message using DES-CBC>
-----END PRIVACY ENHANCED MESSAGE-----
SSL/TLSSecure Socket Layer, Netscape Transport Layer Security, IETF
Run as a user-level processes on top of TCP/IP.
AliceAlice BobBob
I want to talk, ciphers I support, Ra --------------------- > < ---------------------------- crtificate, cipher I choose, Rb choose secret S, compute K= f (S,Ra,Rb): {S}Bob , {keyed hash of handshake msgs} -------------- > compute K= f(S,Ra,Rb): <------------------------ {keyed hash of handshake msgs}
<-- data protected with keys derived from K -->
Ra and Rb are 32 octets long, the first 4 are the time This ensures that Rs are always different.
Authentication SystemsPassword-based
It’s not who you are, It’s what you knowIt’s not who you are, It’s what you know
On-line Password attack: Easy to defend, e.g., limit and slow down the number of guesses.
Off-line Password attack: Capture a quantity X derived from the password and take your time to guess the password that produces X.
(e.g., use a dictionary)
Authentication SystemsAddress-based
It's not what you know. It's where you areIt's not what you know. It's where you are
In Unix /etc/hosts.equiv: Contains a list of computers that have identical user accounts
to allow users on these hosts to rlogin without providing passwords.
Trusted Intermediaries
For N entities, if each keeps N -1 secrets, then adding a new entity involves adding N new secrets. Clearly
not practical for large N.
KDC (Key Distribution Center):KDC (Key Distribution Center): Keeps N keys, and adding one key for each new entity.
AliceAlice KDC KDC BobBob Need to talk to Bob --------------> generate random R, R= KA[X] <--------- X= KA{R} , Y= KB{R} -------> R= KB[Y]
C1 = R{M1} --------------------------------------> M1 = R[C1] M2 = R[C2] <------------------------------------ C2 = R{M2}
Disadvantages of KDC: If compromised, all Keys are compromised. Single point of failure Performance bottleneck.
CA Certificate Authority
Each entity keeps its private key. The CA certifies (sign) that the public key belong
to the entity.All public key certificates may be kept in one place
or each entity keeps its own. Certifies expire after a reasonable period (1 year).
It can be revoked and the CA periodically publish a CRL (certificate revocation list) .
Clients should check the latest CRL before trusting a certificate.
Delegation
It's not who you are. It's who you're working forIt's not who you are. It's who you're working for
Sometime it is necessary to have some entity act on your behave.This is achieved using delegation
Generate a special message, signed by you (using public key cryptography, or through KDC), specifying:
To whom you are delegating the rights, Which rights are being delegated & For how long.
Mutual Authentication
Shared Secret
Alice Alice BobBob I'm Alice --------------------------------------->
< ------------------------------------------------ Rb f(K, Rb) ----------------------------------------> Ra ----------------------------------------------> <------------------------------------------ f(K, Ra)
Reducing number of Messages
Packing more information into each message:
AliceAlice BobBob I'm Alice, Ra ------------------------------------->
<------------------------------------------ Rb, f(K, Ra) f(K, Rb) -------------------------------------------->
Reflection Attack!TrudyTrudy can impersonate AliceAlice to BobBob by opening a second connection to BobBob
Session1:Session1: TrudyTrudy BobBob I'm Alice, Ra ------------------------------------------------> <------------------------------------------------------ Rb, f(K, Ra) suspend session 1......
Session 2:Session 2: TrudyTrudy BobBob
I'm Alice, Rb ----------------------------------------------> <------------------------------------------------ Rb', f(K, Rb) abort session 2.......
continue session 1...... f(K, Rb) --------------------------------------------------------->
Using Time Stamps
We can use time stamps to reduce the number of messages to two:
AliceAlice BobBob
I'm Alice, f(K, timestamp) -------------------------> <-------------------------------------- f(K, timestamp++)