Documente Academic
Documente Profesional
Documente Cultură
Principles of Cryptography
Section 8.2 Ali Erkan & John Barr Ithaca College
Chapter Outline
8.1: What is network security? 8.2: Principles of cyrptography 8.3: Message Integrity and End-Point Authentication 8.4: Securing e-mail 8.5: Securing TCP connections: SSL 8.6: Network layer security: IPsec and VPNs 8.7: Securing wireless LANs 8.8: Operational Security: Firewalls and Intrusion Detection Systems
Alice
Bob
Trudy
Web browser/server for electronic transactions On-line banking client/server Surveillance systems DNS servers Routers exchanging routing 02-068 table updates
Alice
Bob
Trudy
Intercept messages Actively insert messages into connection Spoof source address (or any eld in packet) in packet Take over ongoing connection by removing sender or receiver, inserting himself in place Overload: Prevent service from being02-068 used by others (DoS)
AW/Kurose and Ross Computer Networking KR 07.01 ar1
KA Alice Bob
KB
Key:
Trudy
Key
m: KA : KA(m): KB : KB (KA(m)):
A A A A A
02-068 AW/Kurose and Ross Computer Networking KR 07.02 ar1
KA Alice Bob
KB
Key:
Trudy
Key
With brute force, it takes 26 tries to gure out mapping Monoalphabetic cipher:
plaintext ciphertext a b c d e f g h i j k l m n o p q r s t u v w x y z m n b v c x z a s d f g h j k l p o i u y t r e w q
With brute force, it takes 26! tries to gure out mapping With statistical observations, much easier to crack Polyalphabetic cipher:
plaintext C1(k = 5) C2(k = 19) pattern a b c d e f g h i j k l m n o p q r s t u v w x y z f g h i j k l m n o p q r s t u v w x y z a b c d e t u v w x y z a b c d e f g h i j k l m n o p q r s C1 , C2 , C2 , C1 , C2
10
11
f(L1,R1,K1)
L2
R2 48-bit K2
f(L2,R2,K2)
L3
R3
What happens in f ()? The 64-bit input and the 48-bit key for the ith round are taken as input to f () that involves expansion of 4-bit input chunks into 6-bit chunks, XOR-ing with the expanded 6-bit chunks of the 48-bit key Ki, a substitution, XOR-ing with the leftmost 32 bits of the input. How does decryption work? By reversing the steps of the operation.
48-bit K16
L17
R17 permute
64-bit output
12
13
14
15
Plaintext message, m
Encryption algorithm
Decryption algorithm
m = KB (KB+ (m))
02-068 AW/Kurose and Ross Computer Networking KR 07.06 ar2 28p2 Wide x 12p10 Deep 2/c 05/15/02SC 6/04/02GM
16
How is this possible? A The RSA algorithm (Rivest, Shamir, Adelson) does exactly that.
17
What?
18
19
RSA Example
Bob chooses p = 5, q = 7. Therefore, n = 5 7 = 35 Therefore z = (5 1) (7 1) = 24 Let e be 5; therefore e and z are relatively prime. Choose d so that ed 1 is exactly divisible by z : ed 1 = kz ed = kz + 1 kz + 1 d= e Let k = 6 6 24 + 1 d= = 29 5
20
RSA Example
Transmit letter l (i.e. lower case L): m = 12 me = 125 = 248832 me mod n = 125 mod 35 = 17 Receive 17: c = 17 cd = 1729 = 481968572106750915091411825223071697 cd mod n = 1729 mod 35 = 12