Documente Academic
Documente Profesional
Documente Cultură
Chapter 1 introduced the threat environment Chapter 2 introduced the plan-protectrespond cycle and covered the planning phase Chapters 3 through 8 will cover the protection phase Chapters 3 and 4 introduce cryptography, which is important in itself and which is used in many other protections
Copyright Pearson Prentice-Hall 2009
Cryptography is the use of mathematical operations to protect messages traveling between parties or stored on a computer Confidentiality means that someone intercepting your communications cannot read them
???
3
Confidentiality is only one cryptographic protection Authentication means proving ones identity to another so they can trust you more Integrity means that the message cannot be changed or, if it is change, that this change will be detected Known as the CIA of cryptography
No, not that CIA
Encryption for confidentiality needs a cipher (mathematical method) to encrypt and decrypt
The cipher cannot be kept secret
The two parties using the cipher also need to know a secret key or keys
A key is merely a long stream of bits (1s and 0s) The key or keys must be kept secret
Sy mmetric Key
Plaintext: "Hello"
Ciphertext: 11010100
Eav esdropper (Cannot Read Messages in Ciphertext) Same Sy mmetric Key Cipher & Key Plaintext: "Hello"
Network
Party A
Ciphertext: 11010100
Note: A single key is used to encry pt and decry pt in both directions Party B
Plaintext
Key
Ciphertext
r w l
Substitution Ciphers
Substitute one letter (or bit) for another in each place The cipher we saw in Figure 3-2 is a substitution cipher
Transposition Ciphers
Transposition ciphers do not change individual letters or bits, but they change their order
Key (Part 1)
Key (Part 2)
2 3 1 Key = 132 231
9
1
n i h
3
o s e
2
w t t
Ciphers can encrypt any message expressed in binary (1s and 0s)
This flexibility and the speed of computing makes this ciphers dominant for encryption today
Message
Code
From
Akagi To Truk
17434
63717 83971 11131
STOP
ETA
34058
53764 73104 26733
Transmitted: 174346371783971
6 PM STOP
Require
B N
11
29798
72135 54678 61552
STOP
2 4 16 256 65,536 1,099,511,627,776 72,057,594,037,927,900 5,192,296,858,534,830,000,000,000,000,000,000 5.1923E+33 Shaded keys are 3.74144E+50 Strong symmetric 1.15792E+77 keys (>=100 bits) 1.3408E+154
Copyright Pearson Prentice-Hall 2009
Note:
Public key/private key pairs (discussed later in the
chapter) must be much longer than symmetric keys to be considered to be strong because of the disastrous consequences that could occur if a private key is cracked and because private keys
Key Length (bits) Key Strength Processing Requirements RAM Requirements Remarks
RC4 40 bits or more Very weak at 40 bits Low Low Can uses keys of variable length
3DES 112 or 168 Strong High Moderate Applies DES three times with two or three different DES keys
AES 128, 192, or 256 Strong Low Low Todays gold standard for symmetric key encryption
14
64-bit DES Sy mmetric Key (56 bits + 8 redundant bits) 64-bit Plaintext Block
The DES cipher encrypts messages 64 bits at a time. The DES cipher (in codebook mode) needs two inputs.
15
Cryptographic Systems
Encryption for confidentiality is only one cryptographic protection
Individual users and corporations cannot be expected to master these many aspects of cryptography
Consequently, crypto protections are organized into complete cryptographic systems that provide a broad set of cryptographic protection
16
Cryptographic Systems
1. Two parties first agree upon a particular cryptographic system to use
2. Each cryptographic system dialogue begins with three brief hand-shaking stages
3. The two parties then engage in cryptographically protected communication
This ongoing communication stage usually constitutes nearly all of the dialogue
17
Handshaking Stage 1: Initial Negotiation of Security Parameters Handshaking Stage 2: Initial Authentication (Usually mutual) Handshaking Stage 3: Key ing (Secure exchange of key s and other secrets) Ongoing Communication Stage with Message-by -Message Conf identialit y, Authentication, and Message Integrity Electronic Signature (Authentication, Integrity ) Plaintext Encry pted f or Conf identiality
Copyright Pearson Prentice-Hall 2009
Client PC
Serv er
Time
Time
18
(Usually mutual) Handshaking Stage 3: Key ing (Secure exchange of key s and other secrets) Ongoing Communication Stage with Message-by -Message Conf identialit y, Authentication, and Message Integrity Electronic Signature (Authentication, Integrity ) Plaintext Encry pted f or Conf identiality
Serv e
19
Selecting methods and parameters Authentication Keying (the secure exchange of secrets) Ongoing communication
20
Cipher Suite
Key Negotiation
Strength
None Weak
RSA_WITH_DES_CBC_ SHA
RSA
RSA
DES_CBC
SHA-1
DiffieHellman RSA
SHA-1
SHA-256
Very strong
21
Selecting methods and parameters Authentication Keying (the secure exchange of secrets) Ongoing communication
22
23
Hashing
A hashing algorithm is applied to a bit string of any length The result of the calculation is called the hash For a given hashing algorithm, all hashes are the same short length
Hashing Algorithm
24
Reversible?
25
Hashing Algorithms
MD5 (128-bit hashes) SHA-1 (160-bit hashes) SHA-224, SHA-256, SHA-384, and SHA-512 (name gives hash length in bits) Note: MD5 and SHA-1 should not be used because have been shown to be unsecure
26
27
Supplicant sends Response Message in the clear (without encryption) Transmitted Response Message
28
29
Selecting methods and parameters Authentication Keying (the secure exchange of secrets) Ongoing communication
30
32
Party A
Party B
4. Decry pts Session Key with Party B's Priv ate Key
33
Each uses a number that is never shared explicitly to compute a second number
Each sends the other their second number
Each does another computation on the second computed number Both get the third number, which is the key All of this communication is sent in the clear
Copyright Pearson Prentice-Hall 2009
34
1. Exchange Key ing Inf ormation: Agree on Dif f ie-Hellman Group p (prime) and g (generator). Exchange is in the clear.
4. Exchange Key ing Inf ormation: Exchange x' and y '. Exchange is in the clear.
5. Party X Computes Key =y '^x mod p =g^(xy ) mod p 6. Subsequent Encry ption with Sy mmetric Session Key g^(xy ) mod p
35
Note: An eav esdropper intercepting the key ing inf ormation will still not know x or y and so will not be able to compute the sy mmetric session key g^xy Mod P
Selecting methods and parameters Authentication Keying (the secure exchange of secrets) Ongoing communication
36
Already covered
Public key encryption is too inefficient
Message-by-Message Authentication
Digital signatures Message authentication codes (MACs) Also provide message-by-message integrity
37
To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; this is NOT the Digital Signature. 2. Sign (encry pt) the message digest with the sender's priv ate key to create the digital signature Goal: to show that the supplicant knows the True Party 's priv ate key
Plaintext Hash MD Sign (Encry pt) with Sender's Priv ate Key DS
DS
Plaintext
38
DS
Goal: to show that the supplicant knows the True Party 's priv ate key
DS
Plaintext
DS
Plaintext
Sender
3. Transmit the plaintext + digital signature, encry pted with sy mmetric key encry ption.
Receiv er
To Test the Digital Sign Encryption is done to protect the plaintext 4. 5. It is not needed for message-by-message 4. Hash the receiv ed p authentication with the same hashing a Receiv ed Plaintext DS the sender used. This gi message digest. 39 Decry pt with Copyright Pearson Prentice-Hall 2009 5. Decry pt the digital si Hash
Sender
3. Transmit the plaintext + digital signature, encry pted with sy mmetric key encry ption.
Receiv er
To Test the Digital Signature 4. Receiv ed Plaintext Decry pt with True Party 's Public Key 5. DS 4. Hash the receiv ed plaintext with the same hashing algorithm the sender used. This giv es the message digest. 5. Decry pt the digital signature with the True Party 's public key . This also will giv e the message digest if the sender has the True Party 's priv ate key . 6. If the two match, the message is authenticated.
Hash
MD
40
Encryption Goal Public Key Encryption for Confidentiality Public Key Encryption for Authentication
Sender Encrypts with The receivers public key The senders private key Point of frequent confusion
Receiver Decrypts with The receivers private key The True Partys public key (not the senders public key)
41
42
Description
Serial number allows the receiver to Version number of the X.509 standard. Most certificates check ifversions the digital certificate has follow Version 3. Different have different fields. been revoked by the CA This figure reflects the Version 3 standard.
Issuer Serial Number Subject (True Party) Public Key Public Key Algorithm 43
Name of the Certificate Authority (CA). Unique serial number for the certificate, set by the CA. The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party. The public key of the subject (the true party). The algorithm the subject uses to sign messages with digital signatures. Certificate provides the True Partys public key
Copyright Pearson Prentice-Hall 2009
Description The digital signature of the certificate, signed by the CA with the CAs own private key. For testing certificate authentication and integrity. User must know the CAs public key independently. The digital signature algorithm the CA uses to sign its certificates. The CA signs the cert with its own private key so that the certs validity can be checked for alterations.
44
45
46
47
Certif icate Authority Verif ier must know CA public key to test whether the digital certif icate has been altered; Rev ocation inf ormation
Digital Signature Digital Signature to be tested with the public key of the True Party Authentication
49
If the public key of the True Party v erif ies the digital signature, accept the supplicant
Copyright Pearson Prentice-Hall 2009
50
51
As in the case of digital signatures, confidentiality is done to protect the plaintext. It is not needed for authentication and has nothing to do with authentication.
52
53
Nonrepudiation means that the sender cannot deny that he or she sent a message With digital signatures, the sender must use his or her private key
It is difficult to repudiate that you sent something if you use your private key
With HMACs, both parties know the key used to create the HMAC
The sender can repudiate the message, claiming that the receiver created it
54
However, packet-level nonrepudiation is unimportant in most cases The application messagean e-mail message, a contract, etc., is the important thing If the application layer message has its own digital signature, you have nonrepudiation for the application message, even if you use HMACs at the internet layer for packet authentication
Copyright Pearson Prentice-Hall 2009
55
Replay Attacks
Capture and then retransmit an encrypted message later
56
Reflected in the response message If a request arrives with a previously used nonce, it is rejected
57
Copyright Pearson Prentice-Hall 2009
Quantum Mechanics
Describes the behavior of fundamental particles Complex and even weird results
58
59
60
Confidentiality Applicable. Sender encrypts with key shared with the receiver. Applicable. Sender encrypts with receivers public key. Receiver decrypts with the receivers own private key. Not applicable.
Applicable. Sender (supplicant) encrypts with own private key. Receiver (verifier) decrypts with the public key of the true party, usually obtained from the true partys digital certificate. Applicable. Used in MS-CHAP for initial authentication and in HMACs for message-bymessage authentication.
Copyright Pearson Prentice-Hall 2009
Hashing
61
62