S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity...

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 11

Lecture 4:Lecture 4:

Message Confidentiality and Message Confidentiality and Message Integrity Message Integrity

Prof. Sead MufticProf. Sead Muftic

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 22

Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity

Subjects / Topics :Subjects / Topics :

1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 33

Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity

Subjects / Topics :Subjects / Topics :

1. Basic principles of message protection1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 44

Some confidential text (message) in clear (readable) form

Network Aspects :Network Aspects : * selection of algorithms* selection of algorithms * format of messages * format of messages * message filtering * message filtering

Message ConfidentialityMessage Confidentiality

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 55

Aspects :Aspects :

1. Algorithms: 3DES, 3DES-CBC, 1. Algorithms: 3DES, 3DES-CBC, IDEA, ...IDEA, ... 2. Mode, padding 2. Mode, padding 3. Filtering of cryptograms 3. Filtering of cryptograms 4. Integrity of cryptograms 4. Integrity of cryptograms 5. Exchange of keys5. Exchange of keys

Significant Aspects Significant Aspects

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 66

Solutions (standards) :Solutions (standards) :

* algorithm: * algorithm: 3DES, AES3DES, AES * mode: * mode: CBCCBC, padding: , padding: Fx, …, FxFx, …, Fx * filtering of cryptograms: * filtering of cryptograms: base64base64 * integrity of cryptograms: * integrity of cryptograms: MD2MD2 * exchange of keys: * exchange of keys: KE protocolsKE protocols

Algorithms – Defaults Algorithms – Defaults

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 77

AA BB

Alg-2Alg-1

Negotiation protocol

Algorithms – Negotiations Algorithms – Negotiations

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 88

Algorithms – OIDsAlgorithms – OIDs

RC2-CBC OBJECT IDENTIFIER ::= {iso(1) member-body(2) US(840) rsadsi(113549) encryptionAlgorithm(3) 2}

1 2 840 113549 3 2

RC2 – CBC :RC2 – CBC :

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 99

ENCRYPTED {ToBeEnciphered} ::= HASHED {ToBeHashed} ::=

BIT STRING (CONSTRAINED BY { OCTET STRING (CONSTRAINED BY {

-- must be the result of -- must be the result of -- applying an encipherment -- applying a hashing

-- procedure to the BER-encoded -- procedure to the DER-encoded

-- octects of the value of -- -- octetcs of the value --

ToBeEnciphered }) ToBeHashed })

SIGNATURE {OfSignature} ::=

SEQUENCE {

AlgorithmIdentifier,

ENCRYPTED {

HASHED {OfSignature}}}

Algorithms – Coding Algorithms – Coding

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1010

Network Topology Network Topology

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1111

Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity

Subjects / Topics :Subjects / Topics :

1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality2. Message confidentiality 3. Message integrity 3. Message integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1212

MessageMessage

Encrypted messageEncrypted message

DESDES

8 8 8 8 8 8 8 8

KK KK KK KK

8 8 8 8 8 8 8 8

IVIV

Message Confidentiality – Encryption Message Confidentiality – Encryption

DESDES DESDES DESDES

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1313

Message Confidentiality – CiphersMessage Confidentiality – Ciphers

Symmetric:

• DES• AES• 3DES• Blowfish / Twofish• IDEA• RC2• RC4• etc...

Asymmetric:

• RSA• Elliptic Curve• ElGamal

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1414

Input messageInput message

Output message Output message 8 8 8 8 8 8 8 8

KK KK KK KK

8 8 8 8 8 8 5 5

IVIV

Message Confidentiality – Padding Message Confidentiality – Padding

DESDES DESDES DESDES DESDES

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1515

Block Cipher Modes – Electronic Codebook (ECB)Block Cipher Modes – Electronic Codebook (ECB)

MessageMessage

Encrypted messageEncrypted message8 8 8 8 8 8 8 8

KK KK KK KK

8 8 8 8 8 8 8 8

DESDES DESDES DESDES DESDES

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1616

Block Cipher Modes – Cipher Block Chaining (CBC)Block Cipher Modes – Cipher Block Chaining (CBC)

MessageMessage

Encrypted messageEncrypted message8 8 8 8 8 8 8 8

KK KK KK KK

8 8 8 8 8 8 8 8

IVIV

DESDES DESDES DESDES DESDES

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1717

Block Cipher Modes – Cipher Feedback (CFB)Block Cipher Modes – Cipher Feedback (CFB)

MessageMessage

Encrypted messageEncrypted message8 8 8 8 8 8 8 8

8 8 8 8 8 8 8 8

IVIV DESDES

KK DESDES

KK DESDES

KK DESDES

KK

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1818

Block Cipher Modes – Counter (CTR)Block Cipher Modes – Counter (CTR)

MessageMessage

Encrypted messageEncrypted message

8 8 8 8 8 8 8 8

DES

KK

8 8 8 8 8 8 8 8

DES

KK DES

KK DES

KK

nonce + counter

nonce + counter

nonce + counter

nonce + counter

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1919

Message Confidentiality – Important ParametersMessage Confidentiality – Important Parameters

• Key• Algorithm• Padding Mode• Cipher Mode• IV• Nonce + Counter Initial Value

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2020

Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity

Subjects / Topics :Subjects / Topics :

1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity3. Message integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2121

Some confidential text (message) in clear (readable) form

E n c r y p t i o n E n c r y p t i o n

D e c r y p t i o n D e c r y p t i o n

Destruction of Cryptograms Destruction of Cryptograms

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2222

Some confidential text (message) in clear (readable) form

1101 0011 1010 10011101 0011 1010 1001

MAC MAC

General Data IntegrityGeneral Data Integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2323

1101 0011 1010 10011101 0011 1010 1001

MAC MAC

Integrity of Cryptograms Integrity of Cryptograms

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2424

MessageMessage

MACMAC

KK KK KK KK

8 8 8 8 8 8 8 8

IVIV

8 8 8 8 8 8 8 8

Hashing Algorithms Hashing Algorithms

DESDES DESDES DESDES DESDES

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2525

AA BB

MAC

MACMAC

Verification Procedure Verification Procedure

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2626

Message Authentication based on MAC Message Authentication based on MAC

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2727

Some confidential

in clear (readable) form

1101 0011 1010 10011101 0011 1010 1001

MAC MAC

Modification of Message + Hash Modification of Message + Hash

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2828

Some confidential

in clear (readable) form

1101 0011 1010 10011101 0011 1010 1001

MAC MAC

Prevention Prevention

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2929

AA BB

Some confidential text (message) in clear (readable) form

MAC

Some confidential text (message) in clear (readable) form

MAC

MAC

Encryption of MAC Encryption of MAC

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3030

Encryption of MAC – using Shared Secret Encryption of MAC – using Shared Secret

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3131

Encryption of MAC – using Secret Key Encryption of MAC – using Secret Key

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3232

Encryption of MAC – using Private Key Encryption of MAC – using Private Key

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3333

Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity

Subjects / Topics :Subjects / Topics :

1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity

S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3434

??Questions Questions