Upload
sienna
View
52
Download
0
Embed Size (px)
DESCRIPTION
Security: Cryptography. I206 Spring 2012 John Chuang. Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig. Eavesdropping passwords, credit card numbers, etc. Tampering of data Birthday attack Impersonation Replay attack - PowerPoint PPT Presentation
Citation preview
Security: Cryptography
I206 Spring 2012
John Chuang
Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig
John Chuang 2
Attacks
Eavesdropping - passwords, credit card
numbers, etc. Tampering of data
- Birthday attack Impersonation
- Replay attack- Man-in-the-middle attack
(e.g., IP address spoofing)- Phishing attack
Unauthorized access- System vulnerabilities- Social engineering (e.g.,
bribe, black-mail)- Password guessing (e.g.,
dictionary attack) Denial-of-Service attack Spam Trojan horses, viruses,
worms …
Wide ranging scope Some common attacks:
John Chuang 3
Security Properties “CIA” and “AAA”
Confidentiality- Prevents eavesdropping
Integrity- Prevents modification of data
Authentication- Proves your identity to another party; prevents impersonation
Accountability (non-repudiation)- Enables failure analysis; serves as deterrent
Authorization- Prevents misuse
Availability- Safeguards against denial-of-service
John Chuang 4
Cryptography Cryptographic primitives:
- Encryption- Symmetric-key (e.g., DES, AES) - Asymmetric-key (e.g., RSA)
- Cryptographic hash (message digest)- e.g., MD5, SHA-1
- Digital signature- e.g., PKCS
John Chuang 5
The Principals Alice Bob Carol …and… Eve (eavesdropper -- passive attacker) Mallory (active attacker -- can intercept,
modify, and forward messages) Trent/Trudy (trusted 3rd party)
John Chuang 7
Encryption
Encryption/decryption algorithms are published Encryption/decryption keys are kept secret Symmetric cryptography
- e-key = d-key- Principals need to share the symmetric key, and keep it secret
Asymmetric (public-key) cryptography- e-key != d-key- One key made public; the other kept private
encryption decryptionplaintext plaintext
e-key d-key
ciphertext
John Chuang 8
Symmetric Cryptography Many schemes are available: DES, 3DES, AES,
RC4, IDEA, … In general, the strength of an encryption scheme
is a function of the key length (because of exhaustive key search)
Moving target as hardware capabilities improve over time- DES (data encryption standard, 1975) uses 56 bit key
length; became vulnerable to exhaustive key search- Replaced in 2002 by AES (advanced encryption
standard, 1998) which uses key lengths of 128, 192, or 256 bits
John Chuang 9
Each principal has public key K and private key K-1
K-1 is kept secret, and cannot be deduced from K K is made available to all Encryption and decryption with K and K-1 are commutative: {{D}K-1}K =
{{D}K}K-1 = D
Challenge: how to choose K and K-1?
Asymmetric Cryptography
encryption
private key public key
document D document Ddecryption
encryption
private keypublic key
document D document Ddecryption
John Chuang 10
RSA Algorithm by Rivest, Shamir, Adleman (1977) for
generating K and K-1 based on the fact that factoring is hard
RSA key generation:- Choose n, e, d such that:
- n=p*q where p and q are two large and distinct prime numbers
- e*d = k(p-1)(q-1)+1 where k is a positive integer Public key: {n,e}; Private key: {n,d}
- RSA key lengths 1024 bits or 2048 bits (256 or 512 bits no longer secure)
- n and e are published; p, q, and d are kept private Given document D:
- encryption: ciphertext = c = D e (mod n)- decryption: plaintext = D = c d (mod n)
John Chuang 11
Performance Asymmetric cryptography 3-5 orders of
magnitude slower than symmetric cryptography
Use asymmetric cryptography to exchange symmetric key; data encrypted using symmetric cryptography:
A B: {KAB}KB, {D}KAB
Asymmetric cryptography has other important uses as well …
John Chuang 12
Authentication Based on one or more of the following:
- Something you are (e.g., fingerprint, pattern on iris, DNA sample)
- Something you know (e.g., password, PIN, mother’s maiden name)
- Something you have (e.g., ATM card, Driver’s License, private key K-1)
John Chuang 13
Digital Signature (Version 0.1) Alice signs document by encrypting it with her own private
keyA B: {D}KA
-1
Bob verifies the signature by decrypting it using A’s public key, i.e., compute D = {{D}KA
-1 }KA
Two outcomes: - digital signature provides integrity and accountability (non-
repudiation)- Alice is authenticated to Bob. (How?)
There is another problem -- performance
encryption
private key public key
Document D Document Ddecryption
John Chuang 14
Cryptographic Hash/ Message Digest
Hash function maps arbitrary length message D to fixed length digest H(D)
- MD5 (128 bit digest) and SHA-1 (160 bit digest) are commonly used
One-way function: given H(D), can't find D
Collision-free: infeasible for attacker to generate D and D' such that H(D) = H(D’)
John Chuang 15
Digital Signature (Version 1.0)
A B: D, {H(D)}KA-1
Bob:- Computes hash of message, H(D)- “Decrypts” signature: {{H(D)}KA
-1 }KA- Verifies H(D) = {{H(D)}KA
-1 }KA
signature
Sender: Alice
Alice's Private Key Alice's Public Key
verifysignature
computesignature
computedigest
computedigest
Receiver: Bob
D D
signature