NS20 Lecture 2 Cryptographic Techniques

Network Security: Lecture 2
300143 Network Security
2. Cryptographic Techniques
• Most of the cryptographic techniques are covered from

Chapter 2 to Chapter 4 in the textbook for this unit.
 Some materials in the text are covered in more details than required
for this unit.
• This lecture reviews some of these techniques, especially
 with regard to security issues of the techniques themselves and
other characteristics related to this unit
 those that will be used/mentioned in later lectures.
• More detailed materials are to be covered in tutorial
exercises.
© 2020.2 WSU Lecture No. 2-1

Cryptography
• Cryptography is the study of “hidden writing”.

• A cryptosystem or cryptographic system
 is a collection of cryptographic algorithms and protocols.
 provides security measures against various attacks:
Security Protection Against Cryptographic Methods Used

Confidentiality or Encryption and decryption
Passive attacks
privacy techniques
Integrity and Keyed-hash functions and public
Active attacks
authenticity key encryption techniques
• Other security services, which may make use of

cryptographic methods, include:
• Access control
• Key (or secret) management techniques

Encryption and Decryption
• A general encryption and decryption scenario:
Encryption Key, KE
Input to encryption Output from encryption
Assumed in other
Plaintext, P Encryption Ciphertext, C similar diagrams
if not shown
explicitly
Attacks Networks
Decryption Key, KD occur here.
Plaintext, P Decryption Ciphertext, C
Output from decryption Input to decryption

Modern Encryption (and Decryption) Algorithms

• Note: (and Decryption) is omitted if its presence is implied.
• Security relies on secrecy and complexity.
• Modern encryption techniques:
 do not rely on the secrecy of hiding techniques, e.g., encryption
methods, or of the existence of hidden information.
 rely on simple but strong (or complex) secrets which are usually
called keys, instead, and are easier and quicker to replace if a secret
is broken.
• In general, there are two types of encryption methods:
 Symmetric key (also known as secret key, shared key, or
preshared key) encryption:
 usesa single key (or a copy of it) for both the encryption and
decryption processes.
 Asymmetric key (also known as public key) encryption:
 uses a key-pair, one key for encryption and the other for
decryption.
Symmetric Key Encryption …
• [Figure 2.1 Simplified Model of Symmetric Encryption]

Symmetric Key, KAB
P Encryption, E C = E(KAB, P)
Alice
Symmetric Key, KAB

Bob
P = D(KAB, C) Decryption, D C
• Note: P, C, and KAB are just binary numbers or bits.

 C is a function of KAB and P in encryption.
 P is a function of KAB and C in decryption.
… Symmetric Key Encryption

• Some characteristics of symmetric key cryptographic
algorithms:
 Comparatively faster than public (or asymmetric) key algorithms
 More predictable in their computational performance
 Therefore used for protecting large messages
 Easier in generating the keys, as compared to public key methods
• An encryption algorithm or process is called a cipher.
• There are two types of symmetric key ciphers:
 Block cipher:
 Input to a block cipher is a fixed-length block of bits, usually
much larger than a byte.
 We’ll focus on the block cipher
 Stream cipher
 Input to a stream cipher is usually a smaller number of bits,
e.g. a byte, one by one

Symmetric Key Block Ciphers ...

• DES is a classical symmetric key block cipher:
 Input: a 64-bit plaintext and a 56-bit key
 Output: 64-bit ciphertext
• Plaintext block and ciphertext block:
 If the input data is longer than the block size, the data is split into
blocks which are encrypted using the same cipher and key.
 If the input data or the last block is smaller than the block size, the
last block is padded with extra bits.
K
Cipher
P PN ... P1 (Encrypt)
Cipher ... CN
P1 ... PN C1
(Decrypt)
K
P

... Symmetric Key Block Ciphers P
• DES’s 56-bit key is too short, i.e., not 3DES

complex enough. E
• Triple DES (also called 3DES) K1 168-bit
 [Figure 2.3 Triple DES] D K2 K
 Using 3 DES keys, K1, K2 and K3: K3
 The key length is effectively increased to
356 = 168 bits. E
 3DES is backward compatible with DES,
by using the same 56-bit keys, logically,
for the three keys and a description D as C
the second cryptographic process.
• Advanced Encryption Standard (AES)
 One of the most commonly used symmetric key encryption
algorithms today.
 It uses a block size of 128 bits and a variable key length.
 Key length can be 128, 192, or 256 bits.
 It is gradually replacing (or actually has replaced) DES and 3DES.
Block Cipher: Modes of Operation …

• If the input data is larger than the size of a block cipher, it
has to be split into M-bit blocks, where M is the size of the
block cipher.
• ECB (Electronic CodeBook) mode of operation:
 Encrypt each block using the same key and the same block cipher.
P= P1 P2 C= C1 C2
K Encrypt K Encrypt … K Decrypt K Decrypt …
C1 C2 P1 P2
where Pi and Ci are plaintext and ciphertext blocks, respectively.

… Block Cipher: Modes of Operation
• In ECB mode, the blocks are independently encrypted, but

they:
 Consist of small blocks which may have regular patterns
 Are encrypted using the same key and the same algorithm
 Are usually transmitted at the same time
• The above characteristics introduces several security
weaknesses into the ciphertext blocks.
 Attackers would be able to take advantages of these weaknesses:
 Block contents may be predictable;
 Blocks are not linked to each other.
• To strengthen the security of the ciphertext blocks, the
plaintext blocks are randomized and the ciphertext blocks
are logically chained together.
 One of the methods is CBC, which is the simplest chaining method.

CBC (Cipher Block Chaining) Mode
• [Figure 2.9 Cipher Block Chaining (CBC) Mode]

Randomize input P block Link encryption of
Pi-1 adjacent blocks Pi
C0 = IV ... Ci-2 Ci-1
... K encrypt K encrypt ...

Initial Value, IV, usually
a random number, for C0
due to the iterative nature Ci-1 Ci
of the algorithm
Security attacks occur here
C0 = IV
... Ci-2 Ci-1 Ci-1 Ci
IV may also be decrypt K decrypt K

called Initial Vector.
... ...
is exclusive OR Pi-1 Pi
Asymmetric Key Encryption …

• Asymmetric key encryption, also known as public key
encryption.
• To provide confidentiality protection:
Public-Key Ciphertext, C =
Plaintext, P
Encryption, E E(KBob_Public, P)
Alice
Public Key,
KBob_Public
Different, but very closely

mathematically related keys
Private Key,
KBob_Private
Bob
Plaintext, P = Public-Key
Ciphertext, C
D(KBob_Private, C) Decryption, D

… Asymmetric Key Encryption

• Both public and private keys belong to the same owner.
 Copies of the public key are distributed to those who want to use it.
 The usual way to distribute a public key reliably on the Internet is
to use a digital certificate (to be discussed later).
• The other key is called the private key
 Usually there is only one copy and it is kept by the owner.
• Asymmetric key encryption is less efficient than symmetric
encryption due to reasons including:
 Its performance is less predictable.
 Much more computationally expensive in the encryption process
and generation of the keys
 Therefore, it is usually used to encrypt a small amount of data
• RSA is one of the popular asymmetric key encryption
algorithms.

Diffie-Hellman Key Exchange …

• A shared symmetric key agreement protocol
 It allows two end-entities to establish a shared secret key using a
public communication channel, e.g., the Internet.
• [Figure 3.13 The Diffie-Hellman Key Exchange]
XA is a XB is a
Two number  and q accessible to A and B secret.
secret.
•  and q have some mathematical properties
Choose XA < q Choose XB < q
YA
YA  α XA YB  α X B
Alice Bob
YB
XA XB
K AB  α X BX A  YB K AB  α X A X B  YA
All arithmetic is in mod q.

KAB is the established shared symmetric or secret key.
… Diffie-Hellman Key Exchange

• The security of the method relies on the fact that:
 One cannot calculate KAB in a reasonable amount of time,
only knowing q, , YA, and YB:
K AB  α X A X B mod q
• It is computationally infeasible to compute XA, even

knowing YA, and similarly for XB.
 Note that YA, and YB look like random binary numbers seen by an
observer during transmission.
• Diffie-Hellman algorithm is widely used in the establishment

of session keys, which are short-term secret keys.
• However, DH (key) Exchange is vulnerable to MiM attack
without end-entity and message authentications.

DH Exchange and Man-in-the-Middle Attack
• Assuming there is an attacker U who is performing a MiM

attack, during a Diffie-Hellman key exchange.
 U is capable of interrupting and modifying messages between A
and B.
A U B
YA =  X A  YU =  X U 
 YU =  X U  YB =  X B
 A generates a key KAU = (YU)XA All arithmetic is in mod q.

 B generates a key KBU = (YU)XB
 But U will have the two keys generated as well
 U can therefore obtain the plaintexts from A and B.
 A and B cannot detect the presence of U.
• Authenticity of YA and YB therefore needs to be protected.

Hash …
• Hash function: a cryptographic technique to transform an

input value or several input values to an output value of a
much smaller and fixed size.
 The output is called a hash value, or simply a hash, or a message
digest
• The hash value is computationally unique to the input
value(s).
 Used as a small fingerprint to represent the large input value(s).
• A good hash function is not easily reversible, i.e.,
 It is computationally infeasible to transform a hash back to the
original input.
 Given some data, it is computationally infeasible to find other data,
the hash of which is the same as that of the given data.
 It is computationally infeasible to find two different data giving the
same hash value.

… Hash
• Integrity protection using hash:

A piece of data or a Hash of M
concatenation of data items
Entity A M Hash Function hash(M)
Secure and
M may be modified reliable
here by an attacker. channel
Entity B
M Hash Function hash(M) =? hash(M)
If hash(M), received by Entity B, is the same as hash(M), created from

the received M, it means that both sides have the same (exact copies of)
M; otherwise, M received by Entity B has been modified or corrupted.

Authentications
• (End entity) authentication
 To verify the ID of a remote user or machine
• Message or data (origin) authentication.
 To verify if a message does come from an authenticated origin
 Message integrity is also and usually checked at the same time.
• Authentication methods include:
 Address-based
 password- or secret-based
• Message authentication includes the use of
 MAC (Message authentication code) or keyed-hash
 The result of hashing a secret key and the message together.
 Digital signature
 The result of encrypting a hash of the message (often referred
to as signing the message) using a private key.

Address-Based Authentication
• An IP address, in an IP packet, can be used to represent the

sending computer’s identity, e.g., source IP address
 Mostly used at the network layer
 Usually used by firewalls or other monitoring/inspection devices
• IP addresses can easily be spoofed.
• Defence against network address impersonation, i.e., IP
spoofing
 Use a packet filter to block obvious IP spoofed packets
 Disable source routing
 Other monitoring methods
• MAC addresses may be used for access control to a
network, especially in wireless network devices.
 Similarly, MAC addresses can easily be spoofed.

Secret-Based Authentication
• Authentication: to show the other side that you have the
secret, by a number of secure handshake messages.
• Three-message authentication:
N is usually a nonce, Pre-arranged securely beforehand,
(NumberONCE) both sides have the same (copies of
the) shared secret, KAB
Hello
Entity A Entity B
(1) B creates a
N challenge N and sends
A a copy.
(3) B creates hash(KAB,N) from his
hash(KAB,N) copies of KAB and N, and compare it
(2) A uses the shared to the received hash from A.
secret, KAB and the
received N to create a If they are the same, that means:
keyed-hash • A has the same shared secret,
hash(KAB,N) and • the received hash(KAB,N) is not a
sends it to B. replay if N is unique w.r.t. time.

Shared Secret Authentication Variants
• Secure handshake variant:

A  Hello  B
 A sends a hello to B
A  encrypt(KAB, NB)  B
 B sends encrypt(KAB, N) to A
A  NB  B
 A sends N to B
• One-message secure handshake:
A  Hello, encrypt(KAB, TimestampA)  B
OR
A  Hello, hash(KAB, TimestampA), TimestampA  B
 There is a timer on both sides, more or less synchronized.

 TimestampA is a snapshot from A’s timer.
 B decrypts to obtain TimestampA to compare with his timer.
 If the difference is small, that means A has the shared secret and the
message is not a replay.
 Exercises: describe how the hash variant works.

Mutual Authentication
• Both sides authenticate each other in one communication

session.
 Could be done by both sides doing the 3 secure handshake
messages, i.e. 6 messages in total.
 Obviously, the second hello message is not needed.
• Mutual secure handshake: 5 messages
 Message 1: A sends a hello to B. A  Hello  B
 Message 2: B sends A a challenge NB A  NB  B
 Message 3: A sends hash(KAB, NB) to B A  hash(KAB, NB)  B
 Message 4: A sends B a challenge NA A  NA  B
 Message 5: B sends hash(KAB, NA) to A A  hash(KAB, NA)  B
• Similarly, variants are possible.

Three-Message Mutual Authentication & Reflection Attack

• Mutual secure handshake: 3 messages
 Message 1: A sends a hello and NA to B
 Message 2: B sends hash(KAB, NA) and NB to A
 Message 3: A sends hash(KAB, NB) to B
A  Hello, NA  B
A  hash(KAB, NA), NB  B
A  hash(KAB, NB)  B
• Reflection attack:
• The above handshake is vulnerable to a reflection
attack.
• An attacker can successfully authenticate him/herself to
B without the shared secret, KAB.
• More details will be discussed in tutorial exercises.

Authentication Using Private Key
Hello
Entity B
Entity A
N
(1) B creates a
challenge N and
encrypt(KA_Private, N) sends A a copy.
(2) A encrypts
the received N
with her private • (3) B uses a copy of A’s trusted public key KA_Public to decrypt
key and sends it encrypt(KA_Private, N) to recover the copy of N
to B.
• Matches the copy with the one he has.
• If they match, this proves that
• A is the owner of the trusted public key.
• the received encrypt(KA_Private, N) is not a replay if N is
unique w.r.t. time.
• There is another way in using the private key in authentication. (To be

discussed in a tutorial)

Message Authentication using Keyed-Hash
• Keyed-hash is also called message authentication code

(MAC).
KAB Keyed-hash of M
Message
Entity A
M Hash Function hash(KAB, M)
M or hash may be modified

here by an attacker.
Entity B M
Hash Function hash(KAB, M) =? hash(KAB, M)
KAB
If hash(KAB, M), received from Entity A, is the same as hash(KAB, M) created

from the received M, it proves that both sides have the same shared secret KAB
and the same (exact copies of) M.

Message Authentication using Digital Signature

For a large amount of data M, the hash of the data is used,
i.e. H = hash(M), to create the digital signature of M. Digital Signature of M
by Entity A
Entity A
Hash H Public-Key
M encrypt(KA_Private, H)
Function KA_Private Encryption
Modification or masquerade
attacks may occur here.
Hash Public-Key encrypt(KA_Private, H)

M H =? H Decryption
Function KA_Public
Entity B
If H created by Entity B from the received M is the same as H decrypted from

the received digital signature, encrypt(KA_Private, H), using A’s trusted public key,
• this proves that Entity A is the owner of the trusted public key and both sides
have the same M.

Digital Certificate …
• [Figure 4.4 Public-Key Certificate Use]
• Digital certificate is also called public-key certificate (in
the text)
• It is used to distribute an owner’s public key on the Internet
securely, i.e., integrity and origin of the key can be verified
by the user of the key.
 On the Internet this is usually carried out by a Certificate Authority
(CA).
 A user usually has at least a trust public key from a CA, i.e.,
KCA_Public, which usually comes with the OS of the user’s computing
device.
• The trusted public key can be used to verify the CA’s
signature in a digital certificate issued by the CA directly,
 Or indirectly, using a PKI, which is outside the scope of this unit.

… Digital Certificate …
Public key is sent to the Digital certificate,

CA, usually by a secure containing KA_Public
method.
Public key
user, B
A CA known to
Internet users
Public key B, who has the CA’s
owner, A Encrypted message by KA_Public trusted public key,
OR KCA_Public, can verify
A’s digital signature, signed by the digital certificate
KA_Private to prove KA_Public is
genuine.
 Note that a public key should only be used either for encryption or
for decrypting/verifying a digital signature.

Digital Certificate - Verification

Digital Certificate The public key, KA_Public, carried by this digital
Data Section, DS certificate, needs to be verified before it is
Owner’s name, A used.
KA_Public
Public key crypto algorithm, E1/D1 This step was done by the CA
. when the certificate was
. Hash created. This key is with the CA
.
hash(DS) KCA_Private
CA’s name, CA
E2
This is done by the user of this
Signature Section digital certificate to verify DS
and hence the public key.
Digital signature of Data Section, D2 hash(DS) = ? User

encrypt(KCA_Private, hash(DS)) created hash(DS)
Public key crypto algorithm, E2/D2 KCA_Public The user must have a
trusted copy of this key
to do the verifying.
*** End ***


NS20 Lecture 2 Cryptographic Techniques

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NS20 Lecture 2 Cryptographic Techniques

Uploaded by

Copyright:

Available Formats

Network Security: Lecture 2

300143 Network Security

• Most of the cryptographic techniques are covered from

© 2020.2 WSU Lecture No. 2-1

• Cryptography is the study of “hidden writing”.

Security Protection Against Cryptographic Methods Used

• Other security services, which may make use of

© 2020.2 WSU Lecture No. 2-2

Encryption and Decryption

• A general encryption and decryption scenario:

Plaintext, P Decryption Ciphertext, C

Output from decryption Input to decryption

© 2020.2 WSU Lecture No. 2-3

Modern Encryption (and Decryption) Algorithms

Symmetric Key Encryption …

• [Figure 2.1 Simplified Model of Symmetric Encryption]

Symmetric Key, KAB

• Note: P, C, and KAB are just binary numbers or bits.

… Symmetric Key Encryption

© 2020.2 WSU Lecture No. 2-6

Symmetric Key Block Ciphers ...

© 2020.2 WSU Lecture No. 2-7

... Symmetric Key Block Ciphers P

• DES’s 56-bit key is too short, i.e., not 3DES

Block Cipher: Modes of Operation …

K Encrypt K Encrypt … K Decrypt K Decrypt …

where Pi and Ci are plaintext and ciphertext blocks, respectively.

© 2020.2 WSU Lecture No. 2-9

… Block Cipher: Modes of Operation

• In ECB mode, the blocks are independently encrypted, but

© 2020.2 WSU Lecture No. 2-10

CBC (Cipher Block Chaining) Mode

• [Figure 2.9 Cipher Block Chaining (CBC) Mode]

C0 = IV ... Ci-2 Ci-1

... K encrypt K encrypt ...

IV may also be decrypt K decrypt K

Asymmetric Key Encryption …

Different, but very closely

© 2020.2 WSU Lecture No. 2-12

… Asymmetric Key Encryption

© 2020.2 WSU Lecture No. 2-13

Diffie-Hellman Key Exchange …

All arithmetic is in mod q.

… Diffie-Hellman Key Exchange

• It is computationally infeasible to compute XA, even

• Diffie-Hellman algorithm is widely used in the establishment

© 2020.2 WSU Lecture No. 2-15

DH Exchange and Man-in-the-Middle Attack

• Assuming there is an attacker U who is performing a MiM

 A generates a key KAU = (YU)XA All arithmetic is in mod q.

 A and B cannot detect the presence of U.

• Authenticity of YA and YB therefore needs to be protected.

• Hash function: a cryptographic technique to transform an

© 2020.2 WSU Lecture No. 2-17

• Integrity protection using hash:

Entity A M Hash Function hash(M)

If hash(M), received by Entity B, is the same as hash(M), created from

© 2020.2 WSU Lecture No. 2-18

© 2020.2 WSU Lecture No. 2-19

• An IP address, in an IP packet, can be used to represent the

© 2020.2 WSU Lecture No. 2-20

© 2020.2 WSU Lecture No. 2-21

Shared Secret Authentication Variants

• Secure handshake variant:

* End *