Professional Documents
Culture Documents
Security?
r Think about…
The most private, embarrassing or valuable
15:
m
piece of information you’ve ever stored on a
computer
Network Security Basics m How much you rely on computer systems to be
available when you need them
m The degree to which you question whether a
piece of email really came from the person
Last Modified: listed in the From field
4/21/2003 8:30:27 PM m How convenient it is to be able to access
private information online (e.g. buy without
entering all data, look up your transcript
without requesting a copy,…)
7: Network Security 1 7: Network Security 2
1
What makes a good cipher? Ciphers
substitution cipher: substituting one thing for another
r The security of a cipher (like a substitution
monoalphabetic cipher: substitute one letter for another
m
cipher) may rest in the secrecy of its restricted
plaintext: abcdefghijklmnopqrstuvwxyz algorithm .
m Whenever a user leaves a group, the algorithm must
change.
ciphertext: mnbvcxzasdfghjklpoiuytrewq m Can’t be scrutinized by people smarter than you.
m But, secrecy is a popular approach :(
E.g.: Plaintext: bob. i love you. alice r Modern cryptography relies on secret keys, a
ciphertext: nkn. s gktc wky. mgsbc selected value from a large set (a keyspace), e.g., a
1024 -bit number. 21024 values!
Security is based on secrecy of the key, not the details
Q: How hard to break this simple cipher?: m
of the algorithm.
•brute force (how hard?) m Change of authorized participants requires only a change
•other? in key.
7: Network Security 7 7: Network Security 8
2
RSA RSA in a nutshell
1. Choose two large prime numbers p, q.
r Ronald L. Rivest, Adi Shamir and Leonard
(e.g., 1024 bits each)
M. Adleman
m Won 2002 Turing award for this work! 2. Compute n = pq, z = (p-1)(q -1 )
r Want a function eB that is easy to do, but 3. Choose e (with e< n) that has no common factors
hard to undo without a special decryption with z. (e, z are “relatively prime”).
key
4. Choose d such that ed-1 is exactly divisible by z.
r Based on the difficulty of factoring large (in other words: ed mod z = 1 ).
numbers (especially ones that have only
large prime factors) 5. Public key is (n,e). Private key is (n,d).
d
decrypt:
c c m = cd mod n letter
Magic d
m = (m e mod n) mod n 17 12
happens!
481968572106750915091411825223072000
l
= m
7: Network Security 17 7: Network Security 18
3
Practical matters Storing your keys
r Big primes like 5 and 7 (J) already r For both symmetric and asymmetric
generated big numbers like 481968572106750915091411825223072000 cryptography how do you store the keys?
m What would happen with 1024 bit keys? m Typical key lengths are 512, 1024, 2048
m Costly operations! r Can’t exactly memorize it
r Finding big primes? r Ok to store in on your computer? In a
shared file system? No!
r Normally stored in a file encrypted with a
pass phrase
r Pass phrase != your key
4
The language of cryptography Digital Signatures
plaintext K K plaintext Cryptographic technique Simple digital signature
A B
analogous to hand- for message m:
ciphertext written signatures. r Bob encrypts m with his
Figure 7.3 goes here r Sender (Bob) digitally signs private key d B, creating
document, establishing he signed message, d B(m).
is document owner/creator. r Bob sends m and d B(m) to
r Verifiable, nonforgeable : Alice.
recipient (Alice) can verify
that Bob, and no one else,
signed document.
5
Authentication Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
Goal: Bob wants Alice to “prove” her identity
secret password to “prove” it.
to him
Protocol ap1.0: Alice says “I am Alice”
Failure scenario?
Failure scenario??
Failures, drawbacks?
7: Network Security 33 7: Network Security 34
6
Trusted Intermediaries Key Distribution Center (KDC)
r Alice,Bob need shared
Problem: Problem: symmetric key.
m How do two entities m When Alice obtains r KDC: server shares
establish shared Bob’s public key different secret key
secret key over (from web site, e- with each registered
network? mail, diskette), how user.
Solution: does she know it is r Alice, Bob know own
r Alice communicates with
m trusted key
Bob’s public key, not symmetric keys, KA-KDC KDC, gets session key R1, and
distribution center Trudy’s? K B-KDC , for KB-KDC(A,R1)
(KDC) acting as Solution: communicating with r Alice sends Bob
intermediary m trusted certification KDC. KB-KDC(A,R1), Bob extracts R1
between entities authority (CA) r Alice, Bob now share the
symmetric key R1.