Embed Size (px)
Citation preview
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 11
Lecture 4:Lecture 4:
Message Confidentiality and Message Confidentiality and Message Integrity Message Integrity
Prof. Sead MufticProf. Sead Muftic
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 22
Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity
Subjects / Topics :Subjects / Topics :
1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 33
Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity
Subjects / Topics :Subjects / Topics :
1. Basic principles of message protection1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 44
Some confidential text (message) in clear (readable) form
Network Aspects :Network Aspects : * selection of algorithms* selection of algorithms * format of messages * format of messages * message filtering * message filtering
Message ConfidentialityMessage Confidentiality
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 55
Aspects :Aspects :
1. Algorithms: 3DES, 3DES-CBC, 1. Algorithms: 3DES, 3DES-CBC, IDEA, ...IDEA, ... 2. Mode, padding 2. Mode, padding 3. Filtering of cryptograms 3. Filtering of cryptograms 4. Integrity of cryptograms 4. Integrity of cryptograms 5. Exchange of keys5. Exchange of keys
Significant Aspects Significant Aspects
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 66
Solutions (standards) :Solutions (standards) :
* algorithm: * algorithm: 3DES, AES3DES, AES * mode: * mode: CBCCBC, padding: , padding: Fx, …, FxFx, …, Fx * filtering of cryptograms: * filtering of cryptograms: base64base64 * integrity of cryptograms: * integrity of cryptograms: MD2MD2 * exchange of keys: * exchange of keys: KE protocolsKE protocols
Algorithms – Defaults Algorithms – Defaults
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 77
AA BB
Alg-2Alg-1
Negotiation protocol
Algorithms – Negotiations Algorithms – Negotiations
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 88
Algorithms – OIDsAlgorithms – OIDs
RC2-CBC OBJECT IDENTIFIER ::= {iso(1) member-body(2) US(840) rsadsi(113549) encryptionAlgorithm(3) 2}
1 2 840 113549 3 2
RC2 – CBC :RC2 – CBC :
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 99
ENCRYPTED {ToBeEnciphered} ::= HASHED {ToBeHashed} ::=
BIT STRING (CONSTRAINED BY { OCTET STRING (CONSTRAINED BY {
-- must be the result of -- must be the result of -- applying an encipherment -- applying a hashing
-- procedure to the BER-encoded -- procedure to the DER-encoded
-- octects of the value of -- -- octetcs of the value --
ToBeEnciphered }) ToBeHashed })
SIGNATURE {OfSignature} ::=
SEQUENCE {
AlgorithmIdentifier,
ENCRYPTED {
HASHED {OfSignature}}}
Algorithms – Coding Algorithms – Coding
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1010
Network Topology Network Topology
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1111
Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity
Subjects / Topics :Subjects / Topics :
1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality2. Message confidentiality 3. Message integrity 3. Message integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1212
MessageMessage
Encrypted messageEncrypted message
DESDES
8 8 8 8 8 8 8 8
KK KK KK KK
8 8 8 8 8 8 8 8
IVIV
Message Confidentiality – Encryption Message Confidentiality – Encryption
DESDES DESDES DESDES
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1313
Message Confidentiality – CiphersMessage Confidentiality – Ciphers
Symmetric:
• DES• AES• 3DES• Blowfish / Twofish• IDEA• RC2• RC4• etc...
Asymmetric:
• RSA• Elliptic Curve• ElGamal
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1414
Input messageInput message
Output message Output message 8 8 8 8 8 8 8 8
KK KK KK KK
8 8 8 8 8 8 5 5
IVIV
Message Confidentiality – Padding Message Confidentiality – Padding
DESDES DESDES DESDES DESDES
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1515
Block Cipher Modes – Electronic Codebook (ECB)Block Cipher Modes – Electronic Codebook (ECB)
MessageMessage
Encrypted messageEncrypted message8 8 8 8 8 8 8 8
KK KK KK KK
8 8 8 8 8 8 8 8
DESDES DESDES DESDES DESDES
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1616
Block Cipher Modes – Cipher Block Chaining (CBC)Block Cipher Modes – Cipher Block Chaining (CBC)
MessageMessage
Encrypted messageEncrypted message8 8 8 8 8 8 8 8
KK KK KK KK
8 8 8 8 8 8 8 8
IVIV
DESDES DESDES DESDES DESDES
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1717
Block Cipher Modes – Cipher Feedback (CFB)Block Cipher Modes – Cipher Feedback (CFB)
MessageMessage
Encrypted messageEncrypted message8 8 8 8 8 8 8 8
8 8 8 8 8 8 8 8
IVIV DESDES
KK DESDES
KK DESDES
KK DESDES
KK
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1818
Block Cipher Modes – Counter (CTR)Block Cipher Modes – Counter (CTR)
MessageMessage
Encrypted messageEncrypted message
8 8 8 8 8 8 8 8
DES
KK
8 8 8 8 8 8 8 8
DES
KK DES
KK DES
KK
nonce + counter
nonce + counter
nonce + counter
nonce + counter
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 1919
Message Confidentiality – Important ParametersMessage Confidentiality – Important Parameters
• Key• Algorithm• Padding Mode• Cipher Mode• IV• Nonce + Counter Initial Value
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2020
Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity
Subjects / Topics :Subjects / Topics :
1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity3. Message integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2121
Some confidential text (message) in clear (readable) form
E n c r y p t i o n E n c r y p t i o n
D e c r y p t i o n D e c r y p t i o n
Destruction of Cryptograms Destruction of Cryptograms
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2222
Some confidential text (message) in clear (readable) form
1101 0011 1010 10011101 0011 1010 1001
MAC MAC
General Data IntegrityGeneral Data Integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2323
1101 0011 1010 10011101 0011 1010 1001
MAC MAC
Integrity of Cryptograms Integrity of Cryptograms
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2424
MessageMessage
MACMAC
KK KK KK KK
8 8 8 8 8 8 8 8
IVIV
8 8 8 8 8 8 8 8
Hashing Algorithms Hashing Algorithms
DESDES DESDES DESDES DESDES
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2525
AA BB
MAC
MACMAC
Verification Procedure Verification Procedure
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2626
Message Authentication based on MAC Message Authentication based on MAC
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2727
Some confidential
in clear (readable) form
1101 0011 1010 10011101 0011 1010 1001
MAC MAC
Modification of Message + Hash Modification of Message + Hash
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2828
Some confidential
in clear (readable) form
1101 0011 1010 10011101 0011 1010 1001
MAC MAC
Prevention Prevention
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 2929
AA BB
Some confidential text (message) in clear (readable) form
MAC
Some confidential text (message) in clear (readable) form
MAC
MAC
Encryption of MAC Encryption of MAC
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3030
Encryption of MAC – using Shared Secret Encryption of MAC – using Shared Secret
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3131
Encryption of MAC – using Secret Key Encryption of MAC – using Secret Key
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3232
Encryption of MAC – using Private Key Encryption of MAC – using Private Key
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3333
Lecture 4 :Lecture 4 : Message Confidentiality and IntegrityMessage Confidentiality and Integrity
Subjects / Topics :Subjects / Topics :
1. Basic principles of message protection 1. Basic principles of message protection 2. Message confidentiality 2. Message confidentiality 3. Message integrity 3. Message integrity
S. Muftic Computer Networks SecurityS. Muftic Computer Networks Security 3434
??Questions Questions
