Professional Documents
Culture Documents
Cryptography
2
11/1/2022
Alice Bob
channel data, control
messages
secure secure
data data
sender receiver
Trudy
4
11/1/2022
A: a lot!
• eavesdrop: intercept messages
• actively insert messages into connection
• impersonation: can fake (spoof) source address in
packet (or any field in packet)
• hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place
• denial of service: prevent service from being used by
others (e.g., by overloading resources)
Alice’s Bob’s
K
A encryption K decryption
key B key
6
11/1/2022
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
K K
A-B A-B
8
11/1/2022
+ Bob’s public
K
B key
- Bob’s private
K
B key
10
11/1/2022
Requirements:
+
. -
.
1 need KB ( ) and K B ( ) such that
- +
K B (KB (m)) = m
+
2 given public key KB , it should be
impossible to- compute
private key KB
11
12
11/1/2022
13
13
Bezout’s Identity
14
14
11/1/2022
Definition. Cosequences
x1 = 1, x2 = 0, xi+2 = xi - qi xi+1
y1 = 0, y2 = 1, yi+2 = yi - qi yi+1
15
15
• 8 mod 11 x = -4, y = 3
Step 0: 11= 8(1) + 3 3 = 11 − 8(1)
Step 1: 8 = 3(2) + 2 2 = 8 − 3(2)
Step 2: 2(1) + 1 1 = 3 − 2(1)
1 ≡ 8(−4) mod 11
Step 3: 2 = 1(2)
1 ≡ 8(7) mod 11
1 = 3 − 2(1)
1 = 3 − (8 − 3(2))(1) = 3 − (8 − (3(2)) = 3(3) − 8
1 = (11 − 8(1))(3) − 8 = 11(3) − 8(4) = 11(3) + 8(−4)
16
11/1/2022
• a = 102, b = 38
x = 8, y = -17
• a = 81, b = 57
x = 3, y = -8
• a = 42823, b = 6409
x = 10, y = -7
x = -22, y = 147
17
• 240x ≡ 1(mod17)
1 = 240x + 17y
18
11/1/2022
Fermat’s Theorem
If a 0 Zp, then ap-1 1 (mod p)
More generally, if a Zp, then ap a (mod p)
Also, since a*i a*j (mod p) i j (mod p), the numbers a, 2a, …, (p-
1)a are distinct elements of Zp. Therefore, they are equal to 1,2,…,(p-1)
and their product is equal to
(p-1)! mod p. This implies that
19
19
20
11/1/2022
• Examples:
21
Euler’s Identity
• The number of elements in Zn that have
multiplicative inverses is equal to phi(n).
22
22
11/1/2022
23
Authentication
Goal: Bob wants Alice to “prove” her identity to
him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
24
11/1/2022
Authentication
Goal: Bob wants Alice to “prove” her identity to
him
Protocol ap1.0: Alice says “I am Alice”
in a network,
Bob can not “see” Alice, so
Trudy simply declares
herself to be Alice
“I am Alice”
25
Alice’s
IP address
“I am Alice”
Failure scenario??
26
11/1/2022
27
Alice’s Alice’s
“I’m Alice”
IP addr password
Failure scenario??
Alice’s
OK
IP addr
28
11/1/2022
Alice’s Alice’s
“I’m Alice”
IP addr password
playback attack: Trudy
Alice’s records Alice’s packet
OK
IP addr and later
plays it back to Bob
Alice’s Alice’s
“I’m Alice”
IP addr password
29
Alice’s encrypted
“I’m Alice”
IP addr password
Failure scenario??
Alice’s
OK
IP addr
30
11/1/2022
Alice’s encrypted
“I’m Alice” record
IP addr password
and
playback
Alice’s
OK still works!
IP addr
Alice’s encrypted
“I’m Alice”
IP addr password
31
“I am Alice”
32
11/1/2022
Authentication: ap5.0
“I am Alice”
Bob computes
R + -
K (K (R)) = R
-
K (R) A A
A and knows only Alice
“send me your public key”
could have the private
+ key, that encrypted R
K such that
A + -
K (K (R)) = R
A A
33
I am Alice I am Alice
R -
K (R)
T
R - Send me your public key
K (R) +
A K
T
Send me your public key
+
K
A +
K (m)
Trudy gets T
- +
+ m = K (K (m))
K (m) T
sends m toTAlice
A
- + encrypted with
m = K (K (m))
A A Alice’s public key
34
11/1/2022
Difficult to detect:
Bob receives everything that Alice sends, and vice versa. (e.g., so Bob,
Alice can meet one week later and recall conversation)
problem is that Trudy receives all messages as well!
35
Digital Signatures
36
11/1/2022
Digital Signatures
-
Bob’s message, m K B Bob’s private -
K B(m)
key
Dear Alice
Bob’s message,
Oh, how I have missed Public key m, signed
you. I think of you all the
time! …(blah blah blah) encryption (encrypted) with
algorithm his private key
Bob
37
38
11/1/2022
Message Digests
large
H: Hash
message
Function
m
Computationally expensive
to public-key-encrypt long
messages H(m)
Goal: fixed-length, easy-
to-compute digital Hash function properties:
“fingerprint” • produces fixed-size msg
• apply hash function H to digest (fingerprint)
m, get fixed size
message digest, H(m). • given message digest x,
computationally infeasible
to find m such that x =
H(m)
39
40
11/1/2022
41
Trusted Intermediaries
42
11/1/2022
KA-KDC KP-KDC
KX-KDC
KP-KDC KB-KDC
KY-KDC
KZ-KDC
KA-KDC KB-KDC
43
Certification Authorities
• Certification authority (CA): binds public key to
particular entity, E.
• E (person, router) registers its public key with CA.
• E provides “proof of identity” to CA.
• CA creates certificate binding E to its public key.
• certificate containing E’s public key digitally signed by CA –
CA says “this is E’s public key”
Bob’s digital
+
public +
signature KB
key KB (encrypt)
CA
private - certificate for
Bob’s K CA
identifying key Bob’s public key,
information signed by CA
44
11/1/2022
Certification Authorities
• When Alice wants Bob’s public key:
• gets Bob’s certificate (Bob or elsewhere).
• apply CA’s public key to Bob’s certificate, get
Bob’s public key
+ digital Bob’s
KB signature public
+
(decrypt) KB key
CA
public +
K CA
key
45
A certificate contains:
46
11/1/2022
47
SSL (continued)
Client Server
Open secure socket
•Verify CA trusted
•Extract Server Pub Key
•Generate symmetric Session Key
•Encrypt Session Key with Server Pub Key
Encrypted Session Key
•Extract Session Key
(using Private Key)
48
11/1/2022
SSL Observations
• Previous example does not
• Show how public/private key pairs are generated
• Manually
• Enable the Server to authenticate the client
• Client can use trusted certificate, or another scheme such
as passwords
• Show how the Server receives a signed certificate
• CA!
49
Firewalls
firewall
isolates organization’s internal net from larger Internet,
allowing some packets to pass, blocking others.
administered public
network Internet
firewall
50
11/1/2022
51
Packet Filtering
52
11/1/2022
Application gateways
gateway-to-remote
host telnet session
host-to-gateway
telnet session
• Filters packets on
application data as well as application router and filter
gateway
on IP/TCP/UDP fields.
• Example: allow select
internal users to telnet
outside.
53
Mapping:
• before attacking: “case the joint” – find out what
services are implemented on network
• Use ping to determine what hosts have
addresses on network
• Port-scanning: try to establish TCP connection to
each port in sequence (see what happens)
• nmap (http://www.insecure.org/nmap/) mapper:
“network exploration and security auditing”
Countermeasures?
54
11/1/2022
Mapping: countermeasures
• record traffic entering network
• look for suspicious activity (IP addresses, pots
being scanned sequentially)
55
A C
Countermeasures?
56
11/1/2022
A C
57
A C
B
Countermeasures?
58
11/1/2022
A C
59
Q&A
60