security overview & cryptography · cryptography network security workshop 3-5 october 2017 ......
TRANSCRIPT
1
Security Overview & Cryptography
Network Security Workshop
3-5 October 2017
Port Moresby, Papua New Guinea
Overview
• Security Overview• Goal of Security
• Threat Pragmatics
• Cryptography Basics
2
Drawing some correlations
3
Why Security?
• The Internet was designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP
• The Internet has become fundamental to our daily activities (business, work, and personal)
• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources
4
Internet Evolution
Security (threats and challenges) changes as the Internet evolves!
LAN connectivity Content driven (email, web, music, video)
Data on the Cloud
5
Recent Incidents• (Not)Petya Ransomware/Wiper (June 2017)
– Exploited a backdoor in MeDoc accounting suite• Update pushed on June 22 from an update server (stolen credentials)• proxied to the attacker’s machine (176.31.182.167)
– Spread laterally across the network (June 27)• EternalBlue exploit (SMB exploit: MS17-010)• through PsExec/WMIC using clear-text passwords from memory• C:\Windows\perfc.dat hosted the post-exploit code (called by
rundll32.exe)
6
Recent Incidents• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit
• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017
7
Recent Incidents• SHA-1 is broken (Feb 23, 2017)
– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
8
shodan.io
9
• Find any internet connected device
THANKS
• Most of the content is from:
– Steven M.Bellovin’s “Thinking Security”– https://www.cs.columbia.edu/~smb/
11
Here we go….
• What are we protecting?, and
• Against whom?
12
• All security system designs should be based on these questions!
Threats, Vulnerability, and Risks
• Threat– circumstance or event with potential to cause harm to a
networked system
• Vulnerability– A weakness that can be exploited
• Software bugs• Design flaws• Configuration mistakes• Lack of encryption
• Risk– The likelihood that a particular vulnerability will be exploited
13
Attack Motivation (Who are your Enemies?)
• Nation states want SECRETS
• Organized criminals want MONEY
• Protesters or activists want ATTENTION
• Hackers and researchers want KNOWLEDGE
14
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
Who are your Enemies?
15
• Script kiddies: little real ability, but can cause damage if you’re careless
• Money makers: Hack into machines; turn them into spam engines; etc.
• Government intelligence agencies, AKA Nation State Adversaries
The Threat Matrix
16
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent Threats
Source: Thinking Security – Steve M. Bellovin
Joy Hacks
• For fun - with little skill using known exploits
• Minimal damage - especially unpatched machines
• Random targets – anyone they can hit
• Most hackers start this way – learning curve
17
Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry? Petya?
• Most phishers, virus writers, etc.
18
Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks– physical reconnaissance
• At worst, an insider (behind all your defenses)– Not-so happy employee L
• Watch for tools like “spear-phishing”
• May use 0-days
19
Advanced Persistent Threats
• Highly skilled (well funded) - specific targets– Mostly 0-days
• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)
• May use non-cyber means:– burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
20
Are you a Target?
• Biggest risk?– assuming you are not interesting enough!
• Vendors/System Integrators and their take on security:– Either underwhelming or Overwhelming L
21
Defense Strategies
• Depends on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive, and cause great inconvenience
22
What Are You Protecting?
• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?
• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value
• How much can you afford?
• Determine Likelihood of breaches– threats and vulnerabilities ?
23
Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known exploits:– Up to date system patches– Up to date antivirus database
• Ordinary enterprise-grade firewalls will also repel them
24
Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files
• Goal: to contain the attack!
25
Targeted Attacks
• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot
• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the car park?
• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden
26
Advanced Persistent Threats
• L VERY VERY hard to defend against!
• Use all of the previous defenses
• There are no sure answers
• Pay special attention to policies and procedures
• Investigate all oddities
27
Varying Defenses
• Don’t use the same defenses for everything– Keep them guessing J
• Layer them– protect valuable systems more carefully
• Maybe you can’t afford to encrypt everything– but you probably can encrypt all communications among
and to/from your high-value machines
28
However…
• Every machine (connected) is valuable
• They could be turned into bots– Send spam, launch DDoS, host phishing sites– Sniff your local traffic
• Defense: – watch outbound traffic from your network
29
Example of Security Controls
30
Category Example of Controls Purpose
Policy & Procedure
Cyber Security Policy, IncidentHandling Procedure
Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem
Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems
Prevent and detect potentialattacks, mitigate risk of breach
Physical CCTV, Locks, Biometrics, Secure working space
Prevent physical theft of information assets or unauthorized physicalaccess
Summary
• Use proper crypto
• Multi-layered security– Updated patches and Avs– Backup important data– Firewalls– IDS/IPS (anomaly detection)
• Strictly follow security procedures– Revise and audit frequently
31
Overview
• Security Overview
• Goal of Security• Threat Pragmatics
• Cryptography Basics
32
Goals of Information Security
Confidentiality Integrity Availability
SEC
UR
ITY
prevent unauthorized use or disclosure of
information
safeguard the accuracy and
completeness of information
authorized users have reliable and timely access to
information
33
Access Control
• To permit or deny the use of resource(s)
• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)
Authentication
• Verify a user’s identity• “User” may refer to:
– a person – an application or process– a machine or device
• Identification comes before authentication– Ex: username to establish user’s identity
• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,
signature or voice)
Strong Authentication
• An absolute requirement
• Two-factor authentication – Passwords (something only you know)– Tokens (something only you have)
• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates
Two-factor Authentication• At least two authentication ‘factors’ to prove user’s
identity– something you know
• Username/password
– something “only” you have• Token using a one-time password (OTP), or a SMS code
• OTP is generated using a device in physical possession of the user– generated each time and expires after some time– through applications on your device
• Multi-factor authentication is also common– required to confirm a set of things to verify their identity
Authorization
• Defines the user’s rights and permissions on a system
• Typically done after user has been authenticated• Grants a user access to a particular resource and
what actions they are permitted to perform on that resource
• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type
Authorization Concepts
• Authorization Creep– When users may possess unnecessarily high access
privileges within an organization
• Default to Zero– Start with zero access and build on top of that
• Need to Know Principle– Least privilege; give access only to information that the user
absolutely need
• Access Control Lists– List of users allowed to perform particular access to an
object (read, write, execute, modify)
Authorization - Single Sign On
• User logs in only once and gains access to all authorized resources within a system
• Benefits:– Ease of use– Reduces logon cycle (time spent re-entering passwords for the
same identity)
• Common SSO technologies:– Kerberos (prevents replays – T_REQ:timestamp/lifetime)– RADIUS– OTP Token– SAML/OpenID
• Disadvantage: Single point of attack– May need to mix with MFA
Accountability
• What did the user do with the resource?
• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
Types of Access Control
• Centralized Access Control– RADIUS (UDP)
• Encrypts the password• Single challenge-response (un+pw)
– TACACS+ (TCP)• Encrypts the entire message• Multiple challenge-responses (un and then pw)
– Diameter (TCP)• Enhanced RADIUS (reliable and secure channel)
• Decentralized Access Control– User database maintained on the resource
• Not scalable– No method for consistent control
Overview
• Security Overview
• Goal of Security
• Threat Pragmatics • Cryptography Basics
43
Target
• Targets could be:– Network infrastructure– Network services– Application services– End user machines
Uneven Playing Field
• The defender has to think about the entire perimeter– all the weakness
• The attacker has to find only one weakness
• This is not good news for defenders
45
Attack Surface
• Entire Perimeter you have to Defend
46
Web ServerDNS
SMTP
Power Fiber
Application
Firewall
Soft Gooey Inside
• But it is not just the perimeter!
47
Web Server DNS
SMTP
Power Fiber
Application
Firewall
USB SticksSpearfishingPasswords
Ex-EmployeesSysAdmins
Attacks on Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
48
Layer 2 Attacks
• ARP Spoofing
• MAC attacks
• DHCP attacks
• VLAN hopping
49
ARP Spoofing
ARP Cache poisoned. Machine A connects to Machine D (not C)
I want to connect to 10.0.0.3. I don’t know the
MAC address
10.0.0.1AA-AA-AA-AA-AA-AA
10.0.0.2BB-BB-BB-BB-BB-BB
10.0.0.3CC-CC-CC-CC-CC-CC
10.0.0.4DD-DD-DD-DD-DD-DD
ARP Request
ARP Reply
Wait, I am 10.0.0.3!
I am 10.0.0.3. This is my MAC address
50
MAC Flooding
• Exploits the limitation of all switches – CAM stores mapping of individual MAC addresses to source
ports– Finite memory
• Attacker floods the CAM table using spoofed source MAC addresses
51
DHCP Attacks
• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed
MAC address simultaneously.
• DHCP Spoofing– Rogue DHCP
52
Wireless Attacks- MITM
• Creates a fake access point and have clients authenticate to it instead of a legitimate one.
• Capture traffic (usernames, passwords)
53
Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless security
• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)
• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES
54
Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007
Link-Layer Defense
• Dynamic ARP Inspection– Protects against ARP spoofing
– uses DHCP Snooping
– forward ARP packets on Trusted interfaces without checks
– intercept all ARP packets on Untrusted ports and check against IP-to-MAC binding• Drop (and log) if no valid binding
55
Link-Layer Defense
• Port Security– Protects the MAC table
– Limit the number of MACs per port (static or sticky learning)• Forwards valid frames (valid source MACs), and drops invalid frames
– Violation could trigger:• Dropping of invalid frames and port shutdown, or• Drop frames with/without notification
56
Link-Layer Defense
• 802.1X– Identity based network access control– Protection against rogue devices (DHCP or AP) attaching to
a LAN
57
Client Authenticator AAA Server
Access-Request
Access-Challenge
Access-Request
EAP-Request/Id
EAP-Response/Id
EAP-Request/pw
EAP-Response/pw
Access-AcceptEAP-Success
Port Authorized
Image Source: www.en.wikipedia.org/wiki/IEEE_802.1X
Layer 3 Attacks
• ICMP Attacks– ICMP Smurf/Flood– Ping of death
• Routing (control plane) attacks
58
ICMP Flood/Smurf
NetworkBroadcast Address
Victim
Other forms of ICMP attack:-Ping of death
Attacker
Echo request Echo request
Echo reply to actual destination
59
• Defense:– Disable directed broadcast
• #no ip directed-broadcast
Routing Protocol Attacks
• Malicious route insertion– Poison routing table– To divert traffic and eavesdrop
• Analyse/Modify/Drop packets
• BGP attacks– hijack prefixes– Tamper the path information
60
Defense- Routing Attacks
• Authenticate source of routing updates– Peer authentication
• Origin Validation– Rolled out today as RPKI– ROA (resource certificate) signed by
the owner• Verifies the origin AS (signed route
announcement)
• Path Validation– Sign the full path (ASNs traversed)
• In IETF process as BGPsec
61
X.509 Cert
RFC 3779Extension
IP Resources (Addr & ASN)
SIA – URI (repository) for where this Publishes
Subject Public Key (algorithm and key)
CA
Sign
ed b
y Pa
rent
’s P
rivat
e Ke
y
SYN Flooding
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets • No ACK
• Retains state for bogus half-open connections – Finite SYN_RECV queue size– no more resources (memory) to for new legitimate
connections – drops!
Server(Victim)
Attacker
SYN
SYN+ACK
ACK?
62
SYN Flood - Defense
• SYN Cookies– MD5 hash (src IP, src port, dst IP, dst port, and ISN in SYN)
• Sent back as ISN in its SYN-ACK
– no states for half-open connections in memory• until valid ACK: SEQ = ISN+1• Store state after valid ACK
63
Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1
Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies
Application Layer Attacks
• Very common:– Scripting vulnerabilities
– Buffer overflow
– Cookie poisoning• Tamper session information
– X-site scripting• Client-side code injection
– SQL injection
64
Application Layer - Defense
• User input validation– SQL injection, X-site scripting
• Pen-test or vulnerability scan by experts– Scripting vulnerabilities– Buffer overflow (bounds checking)
65
Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4
• On L7, DoS attack targets applications disguised as legitimate packets – exhaust application resources (bandwidth, ports, protocol
weakness)
• Includes:– Slowloris– RUDY (R-U-Dead Yet)
• POST request with long content length and write forms slowly
– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)
66
Layer 7 DDoS – Slowloris
• Incomplete HTTP requests– No blank line (\r\n) in request header
• Properties– Low bandwidth– Keep threads active
• Only affects threaded web servers (Apache)• Doesn’t work through load balancers
– Keepalives to reset timeout
67
Layer 7 DDoS – Defense
• Load balancers– Delayed binding– Perform HTTP Request header completeness check
• Request not sent to server until the final \r\n (CRLF) received from client
• Non-threaded webservers– IIS is not vulnerable to slow header attacks
• ModSecurity– Open source WAF plugin for Apache– embedded or reverse proxy mode
• In front of the web server
68
DNS Changer
• Anyone who controls your DNS controls what you see!
• How: – infect computers with
malware – malware changes the user’s
DNS settings • Points to attacker’s DNS
resolvers (specific address blocks)
69
Countries affected by DNSChanger (2012):
Image Source: Kaspersky
DNS Changer - Defense
• Find out if you are infected– FBI:
• forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS• 64.28.176.0/20; 67.210.0.0/20; 77.67.83.0/24; 85.255.112.0/20;
93.188.160.0/23; 213.109.64.0/20
– DNSChanger Working Group:• www.dcwg.org/fix/
• Clean up:– Run free anti-malware tools
• DNSChanger WG site maintains clean-up guides and list of free tools to remove the malware
– firewall rules to only allow queries to legitimate servers
70
DNS Cache Poisoning
• Resolvers caching incorrect records that did not originate from authoritative DNS servers
• Result: – redirect to sites (controlled by the attacker)
71
DNS Cache Poisoning
(pretending to be the authoritative
zone)
ns.tashi.comWebServer(192.168.1.1)
DNS Caching Server
Client
I want to access www.tashi.com
1
QID=645712
QID=64569
QID=64570
QID=64571
www.tashi.com 192.168.1.1
match!
www.tashi.com 192.168.1.993
3
Root/GTLD
QID=64571
72
Cache Poisoning - Defense• DNSSEC – DNS security extensions
– Uses public-key crypto• Records (RRset) signed with private key (authenticity and integrity)• Signatures (RRSIG) published in DNS responses• Public key also published (DNSKEY) to verify signatures• Child zones also sign their records with their pvt key• Parent sings the hash of child’s public key - DS (chain-of-trust)
73
Where is www.tashi.com?
www.tashi.comis on 192.168.1.1
Key query
DS, DNSKEYsigned
Root Server
.com TLD
tashi.comDNS Server
Recursive DNS
1
2
3
4
5
Amplification Attacks
• Exploiting UDP protocol to return large amplified amounts of data– small request, LARGE reply
• Examples:– DNS– NTP
74
DNS Amplification Attack
• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by
the attacker
• UDP packet’s source address is spoofed
75
DNS Amplification
Bots
76
Attacker
ns.example.com
Victim
Open DNS Resolvers
Root/GTLD
www.example.com 192.168.1.1
Queries (ANY) withspoofed (victim’s) IP
dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
Source IP spoofing – Defense • BCP38 (RFC2827)
– Since 1998!– https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to– Leave your network
• Only from your own address space
– To enter/transit your network• Only from downstream customer address space
77
uRPF – Unicast Reverse Path• Unicast Reverse Path Forwarding (uRPF)
– Router verifies if the source address of any packets received is in the FIB table and reachable (routing table)• Drop if not valid!
– Recommended on customer facing interfaces
78
• Operation:• Strict: verifies both
source address and incoming interface with FIB entries
• Loose: verifies existence of route to source address
pos0/0ge0/0Src = 172.16.16.2
Src = 192.168.1.1FIB:172.16.16.0/24 ge0/0192.168.1.0/24 fa0/0
pos0/0ge0/0Src = 172.16.16.2
Src = 192.168.1.1
(config-if)#ip/ipv6 verify unicast source reachable-via {rx | any}
NTP Amplification
• UDP 123
• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack (CVE-2013-5211)
– made easier by Open NTP servers (time.google.com)
– Monlist fetches the MRU list of NTP (600) associationsntpdc -c -n monlist <NTP-Server-IP>
• Several incidents in 2014– 400Gbps attack on cloud provider
79
NTP Amplification - Defense
• BCP38
• Upgrade NTP (ntpd) server– to v4.2.7p26 or later– Removes/disables “monlist” command; replaced with
“mrulist”• Requires proof that the command came from the address in the NTP
packet
• In older versions:– disable ntp monitor and do not answer ntpq/ntpdc queries
• in /etc/ntp.conf
80
disable monitorrestrict default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery
Transport Layer Security
• SSL/TLS
• Secure Shell (SSH)
81
Application Layer Security -Encryption
• HTTPS– PKI/centralised trust
• PGP (Pretty Good Privacy)– Web of trust (decentralised trust)
• SMIME (Secure Multipurpose Internet Mail Extensions)– Chain of trust (centralised trust/CA)
82
Overview
• Security Overview
• Goal of Security
• Threat Pragmatics
• Cryptography Basics
83
Cryptography
84
• All about hiding information in plain sight!
Cryptography Basics
• At its core is the aim to change ordered data into a seemingly random string– Using a secret key
C = F(P,k)
85
P – plain textC – cipher textk – cryptographic key
Terminology
• Encryption/Decryption– the method of transforming data (plain text) into an
unreadable format (cipher text) & vice-versa
• Plaintext– Unencrypted data
• Cipher text– the scrambled data after encryption
• Key– Information/value used to encrypt or decrypt a message
• Algorithm– Rules describing how to encrypt and decrypt messages
86
Key is the key
• key length is a measure in bits
• key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
87
• Assume everyone knows your encryption/decryption algorithm– Security of encryption lies in the secrecy of the keys, not the
algorithm! • Kerckhoff’s Principle (1883)
• How do we keep them safe and secure?
88
Key is the key
Work Factor
• The amount of processing power and time to break a crypto system– No system is unbreakable!
• The idea is to make it “expensive” to break
89
Encryption and Decryption
Plaintext (P) Cipher Text (C) Plaintext (P)
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Encryption Key Decryption Key
90
Symmetric & Asymmetric keys
• Two categories of cryptographic methods– Symmetric and Asymmetric key encryption
91
Symmetric Encryption
• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key
• Also called shared secret-key cryptography– The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits
• Widely used examples:– DES/3DES, AES, RC4/6
92
Same shared secret-key
Plain text
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Cipher text Plaintext
Encryption Key Decryption Key
Symmetric Encryption
93
Symmetric Encryption
• Advantages– fast computation since the algorithms require small number
of operations
• Disadvantages:– The sender and receiver needs to know the shared secret
key before any encrypted conversation starts• How do we securely distribute the shared secret-key between the sender
and receiver?
– What if you want to communicate with multiple people, and each communication needs to be confidential?• How many keys do we have to manage? A key for each!• Key EXPLOSION!
94
Symmetric Key AlgorithmsSymmetric Algorithm Key SizeDES 56-bit keys (8 bits parity)
Triple DES (3DES) 112-bit and 168-bit keys
AES 128, 192, and 256-bit keys
Software Encryption (SEAL) 160-bit keys
RC2 40 and 64-bit keys
RC4 1 to 256-bit keys
RC5 0 to 2040-bit keys
RC6 128, 192, and 256-bit keys
Blowfish 32 to 448-bit keys
Note: • Longer keys are more difficult to crack, but more
computationally expensive.
95
Asymmetric Encryption
• Also called public-key cryptography
• Use of Public-Private key pair– The key pairs are mathematically linked– Messages encrypted with one key can only be decrypted by
the other key of the key pair
• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa
96
Asymmetric Encryption
97
Public KeyPrivate Key🗝 🔑
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
🔑
🗝🔑
🗝
Asymmetric Encryption
• Advantages:– Solves the key explosion and distribution problem– No exchange of confidential information before
communication• Public key is published (everyone knows)• Private key is kept secret (only the owner knows)
• Disadvantages– Much slower than symmetric algorithms
98
Asymmetric Key Algorithms
99
Algorithm Key Size (bits)
Description
RSA 512-2048 - Rivest-Shamir-Adlemen- Based on factoring 100 to 200 digit prime numbers- Base on the assumption that while it is easy to compute products of two large
numbers, it is very difficult to factor a large number to be a product of two primes
DSA 512-1024 - Digital signature algorithm- Provides capability for authenticating messages
DH 512, 1024, 2048
- Diffie-Hellman- Allows two parties to agree on a key to encrypt messages (used for secret key
exchange)- Security based on the assumption that while it is easy to raise a number to a
certain power, it is difficult to find out which power was used
ElGamal 512-1024 - Based on DH key agreement- Used in GPG/PGP- Encrypted message becomes twice the size of the original (hence used only for
sharing secret keys)
Elliptical curve
160 - Keys are much smaller- Can adapt many algorithms – DH or ElGamal
Hash Functions
• Takes a message of arbitrary length and outputs a small fixed-length code– called the hash or message digest, or digital fingerprint
• One-way mathematical function– Easy to compute, difficult to reverse
• Single bit change in input => large indeterminate change in output
• Uses: – Verifying integrity – Digitally signing documents– Authentication (Hashing passwords)
100
Hash Functions
• A form of signature that uniquely represents a data
101
Hash Function
Arbitrary lengthdata
a88997dfha234 Fixed-lengthHash value
Well-known Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5
• Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec) L
– SHA-256, SHA-384, SHA-512 produce longer hash values
102
Digital Signature
• Electronic documents can be signed– to prove the identity of the sender, and – the integrity of the message
• Encrypted hash of the message– Hash the data – Encrypt the hash with the sender’s private key
103
Hash Digital Signature
DocumentEncryption
(Sender’s Private Key)
🗝Hashing
Digital Signature Validation• Sender
– Appends the signature to the original document– Sends to receiver
• Receiver– Computes the hash of the received data
• Using same hash function
– Decrypts the encrypted hash (signature) using sender’s public key• Authentication
– Compares the hashes• If match, the data was not modified (integrity) and signed by the sender
104
Digital Signature Validation
105
Digital Signature
Document
SENDER RECEIVER
Document HashHash
Function Equal?Digital
SignatureDecryption
(Sender's Public Key)
Hash🔑
Example
106
https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)
PKI Recap
• 🔑 Public Key
• 🗝 Private Key
• 📝 Message
• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted
• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated
107
108