Network Security

Cryptography Overview

10/19/07 

 

Privacy – can mean different things

            -different levels

            - loose term

            - what is private is based on context

            - more than just encryption

 

Authentication – verifying you are who you claim to be

 

Authorization – granting access privileges

 

Integrity – preserving the message in 1 piece

 

Non repudiability (non – deniability) guarantee that the sender created the message and it wasn’t forged

 

Cryptography

-secrecy of communication

-secure storage

 

2 kinds of cryptography – public key and private key

 

Secret key – used before 1975

-         relies on prior agreement of the parties concerned

 

rot13

example:           a <->n

                        b <->o

                        c <-> p

                        etc….

 

Random substitution cipher

A -> 26 possibilities

B -> 25 possibilities

Total = 26! = (26/2.78)^26 ~= 10^26

 

Stirling’s approx n! -> sqrt(2(pi)n) (n/e)^n

 

Breaking substitution ciphers

-frequency analysis

-e, t, a, o, i, n, s, h

-substitute highest known frequency for highest frequency in document

 

Secret key properties

-one key for both encryption and decryption

-both parties have the key

-key picked randomly from a large space 2^t t=security parameter, e.g. 2^128

 

Scheme vs. key

-Schemes are published

-Keys are secret

(military typically hides both)

 

Use tried and tested schemes

 

Applications

-communication

E(plaintext)  -> send to recipient ->  D(ciphertext)

 

-storage E(plaintext) -> write to disk. Read from disk -> D(ciphertext)

 

- authentication

           

-challenge-response schemes

            P(rover)                                              V(erifier)

                                    Hi I am P à

                                    ß E(Challenge)

                                    Challenge à

 

- Mutual Authentication

                A                                                     B

                              I’m A, C1 à                               

   D(E(C1))?=C1   ß I’m B, E(C1), C2

                              E(C2)  à                       D(E(C2))?=C2

- Can be broken

 

-Man in the middle attack.

            A                                            I                                                 B

                                                                        I’m A, C1  à 

                    ß  I’m B, C2                               ß  I’m B, E(C1), C2

                    I’m A, E(C2), C3 à                   E(C2) à

 

 

 

 

 

 

 

-Connection Attack

            I                                               B

                        I’m A, C1 à 

                        ß I’m B E(C1), C2

                                    .

                                    .

                                    .

                      I’m C, C2 à

                      ß I’m B E(C2), C3

 

                      E(C2)  à

 

Fix:

            A                                             B

                        I’m A à  

                       ß I’m B, C1

                      àE(C1), C2

                       ß E(C2)  

Security rule of thumb – Initiator always to get (not make) first challenge

 

Public key cryptograpy

2 keys – each person

public key

private key

 

communication

A     EBpubkey(message)  à  B

 

Digital signatures

Ecommerce

 

1974 Diffie & Hellman

1977 RSA Rivest, Shamir, Adleman

1971 US NSA invented  RSA

1969 British NSA invented RSA

Codebreakers – Simon Singh