EEC-484/584 Computer Networks - PowerPoint PPT Presentation

Loading...

PPT – EEC-484/584 Computer Networks PowerPoint presentation | free to download - id: 714a15-NjJlM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

EEC-484/584 Computer Networks

Description:

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao wenbing_at_ieee.org – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 26
Provided by: Wenb71
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: EEC-484/584 Computer Networks


1
EEC-484/584Computer Networks
  • Lecture 16
  • Wenbing Zhao
  • wenbing_at_ieee.org

2
Outline
  • Reminder
  • Quiz5 (take home exam) will be emailed to you
    around noon 5/13 or earlier. It is due by noon
    5/14. Email submission of a scanned or typed copy
    is encouraged
  • Final Revised Wiki Page due 5/13 midnight
  • Cipher modes
  • Public key algorithm
  • Digital signature
  • Message digest and secure hash functions
  • Public key infrastructure

3
Cipher Block Chaining Mode
  • To avoid the ECB mode problem replacing a block
    will cause the plaintext decrypted starting at
    the replaced to become garbage
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.

4
Cipher Block Chaining Mode
  • Exclusive OR the encrypted text with the next
    block of plaintext before encryption C0 E(P0
    XOR IV), C1 E(P1 XOR C0), etc.

Initialization Vector
Encryption
Decryption
5
Stream Cipher Mode
  • To be insensitive to transmission error, an
    arbitrarily large sequence of output blocks,
    called the keystream, is treated like a one-time
    pad and XORed with the plaintext to get the
    ciphertext
  • It works by encrypting an IV, using a key to get
    an output block
  • The output block is then encrypted, using the key
    to get a second output block
  • This block is then encrypted to get a third
    block, and so on

6
Stream Cipher Mode
  • The keystream is independent of the data
  • It can be computed in advance
  • It is completely insensitive to transmission
    errors

Encryption
Decryption
7
Stream Cipher Mode
  • It is essential never to use the same (key, IV)
    pair twice with a stream cipher because doing so
    will generate the same keystream each time
  • Using the same keystream twice exposes the
    ciphertext to a keystream reuse attack
  • Stream cipher mode is also called output feedback
    mode

8
Keystream Reuse Attack
  • Plaintext block, P0, is encrypted with the
    keystream to get P0 XOR K0
  • Later, a second plaintext block, Q0, is encrypted
    with the same keystream to get Q0 XOR K0
  • An intruder who captures both ciphertext blocks
    can simply XOR them together to get P0 XOR Q0,
    which eliminates the key
  • The intruder now has the XOR of the two plaintext
    blocks
  • If one of them is known or can be guessed, the
    other can also be found
  • In any event, the XOR of two plaintext streams
    can be attacked by using statistical properties
    of the message

9
Public-Key Algorithms
  • Distributing keys gt the weakest link in most
    cryptosystems
  • No matter how strong a cryptosystem was, if an
    intruder could steal the key, the system was
    worthless
  • Cryptologists always took for granted that the
    encryption key and decryption key were the same
  • Diffie and Hellman (1976) proposed a radically
    new kind of cryptosystem encryption and
    decryption keys were different
  • D(E(P)) P
  • It is exceedingly difficult to deduce D from E
  • E cannot be broken by a chosen plaintext attack

10
Public-Key Algorithms
  • Public-key cryptography
  • Encryption algorithm and the encryption key can
    be made public
  • How to establish a secure channel
  • Alice and Bob have never had previous contact
  • Alice sends Bob EB(P) (message P encrypted using
    Bobs public encryption key EB)
  • Bob receives the encrypted message and retrieves
    the plaintext by using his private key P
    DB(EB(P))
  • Bobs then sends a reply EA(R) to Alice

11
RSA
  • Rivest, Shamir, Adleman, 1978 a good method for
    public-key cryptography
  • RSA method
  • Choose two large primes, p and q (typically 1024
    bits)
  • Compute n p ? q and z (p-1) ? (q-1)
  • Choose a number relatively prime to z and call it
    d
  • Find e such that e ? d 1 mod z
  • To encrypt a message, P, Compute C Pe (mod n)
  • To decrypt C, compute P Cd (mod n)
  • The public key consists of the pair (e, n)
  • The private key consists of the pair (d, n)

12
RSA
  • An example of the RSA algorithm
  • P 3, q 11 gt n 33 and z 20
  • A suitable value for d 7
  • e can be found by solving the eq. 7e 1 (mod 20)
    gt e 3
  • C P3 (mod 33), P C7 (mod 33)

13
Digital Signatures
  • Requirement on digital signatures one party can
    send a signed message to another party in such a
    way that the following conditions hold
  • The receiver can verify the claimed identity of
    the sender
  • The sender cannot later repudiate the contents of
    the message
  • The receiver cannot possibly have concocted the
    message himself

14
Public-Key Signatures
  • Digital signatures using public-key cryptography
  • Requires E(D(P)) P (in addition to D(E(P)) P)

15
Message Digests
  • Message digest (MD) using a one-way hash
    function that takes an arbitrarily long piece of
    plaintext and from it computes a fixed-length bit
    string
  • Given P, it is easy to compute MD(P)
  • Given MD(P), it is effectively impossible to find
    P
  • Given P no one can find P such that MD(P)
    MD(P)
  • A change to the input of even 1 bit produces a
    very different output

16
Secure Hash Functions
  • Hash function mangling bits in a sufficiently
    complicated way that every output bit is affected
    by every input bit
  • MD5 is the fifth in a series of message digests
    designed by Ronald Rivest (1992)
  • MD5 generates a 128-bit fixed value
  • SHA-1 Secure Hash Algorithm 1, developed by
    National Security Agency (NSA) and blessed by
    NIST
  • SHA-1 generates 160-bit message digest

17
Digital Signatures Using Message Digests
18
Message Authentication Code
  • MACs are used between two parties that share a
    secret key in order to validate information
    transmitted between these parties
  • The MAC mechanism that is based on cryptographic
    hash functions is called HMAC. Basic idea
  • Append the key to the plaintext and generate a
    digest using a hash function
  • Ship the plaintext together with the digest

19
Management of Public Keys
  • Problem statement
  • Certificates
  • X.509
  • Public key infrastructure

20
Problems with Public-Key Management
  • If Alice and Bob do not know each other, how do
    they get each others public keys to start the
    communication process ?
  • It is essential Alice gets Bobs public key, not
    someone elses
  • A way for Trudy to subvert public-key encryption

21
Certificates
  • Certification Authority (CA) an organization
    that certifies public keys
  • It certifies the public keys belonging to people,
    companies, or even attributes
  • CA does not need to be on-line all the time (in
    ideal scenarios)
  • A possible certificate and its signed hash

22
X.509
  • Devised and approved by ITU
  • The basic fields of an X.509 certificate

23
Public-Key Infrastructures
  • A Public-Key Infrastructure (PKI) is needed for
    reasons of
  • Availability, Scalability, Ease of management
  • A PKI has multiple components
  • Users, CAs, Certificates, Directories
  • A PKI provides a way of structuring these
    components and define standards for the various
    documents and protocols
  • A simple form of PKI is hierarchical CAs

24
Public-Key Infrastructures
  • Hierarchical PKI
  • A chain of trust/certification path A chain of
    certificates going back to the root

25
Public-Key Infrastructures
  • Revocation sometimes certificates can be
    revoked, due to a number of reasons
  • Reinstatement a revoked certificate could
    conceivably be reinstated
  • Each CA periodically issues a CRL (Certificate
    Revocation List) giving the serial numbers of all
    certificates that it has revoked
  • A user who is about to use a certificate must now
    acquire the CRL to see if the certificate has
    been revoked
  • Having to deal with revocation (and possibly
    reinstatement) eliminates one of the best
    properties of certificates, namely, that they can
    be used without having to contact a CA
About PowerShow.com