Cryptography in Networking

Chapter 3
Chapter 1 introduced the threat environment Chapter 2 introduced the plan-protectrespond cycle and covered the planning phase Chapters 3 through 8 will cover the protection phase Chapters 3 and 4 introduce cryptography, which is important in itself and which is used in many other protections
Copyright Pearson Prentice-Hall 2009
Cryptography is the use of mathematical operations to protect messages traveling between parties or stored on a computer Confidentiality means that someone intercepting your communications cannot read them
???
3
Confidentiality is only one cryptographic protection Authentication means proving ones identity to another so they can trust you more Integrity means that the message cannot be changed or, if it is change, that this change will be detected Known as the CIA of cryptography
No, not that CIA
Encryption for confidentiality needs a cipher (mathematical method) to encrypt and decrypt
The cipher cannot be kept secret
The two parties using the cipher also need to know a secret key or keys
A key is merely a long stream of bits (1s and 0s) The key or keys must be kept secret
Cryptanalysts attempt to crack (find) the key

Sy mmetric Key
Plaintext: "Hello"
Cipher & Key
Ciphertext: 11010100
Eav esdropper (Cannot Read Messages in Ciphertext) Same Sy mmetric Key Cipher & Key Plaintext: "Hello"
Network
Party A
Ciphertext: 11010100
Note: A single key is used to encry pt and decry pt in both directions Party B
Plaintext
Key
Ciphertext
n 4 o 8 w 15 i 16 s 23 t 16 +4 h 3 e 9 p q r t 12 i 20 m 6 This is a very weak cipher e 25 Real ciphers use complex math
r w l
Substitution Ciphers
Substitute one letter (or bit) for another in each place The cipher we saw in Figure 3-2 is a substitution cipher
Transposition Ciphers
Transposition ciphers do not change individual letters or bits, but they change their order
Most real ciphers use both substitution and transposition

Key (Part 1)
Key (Part 2)
2 3 1 Key = 132 231
9
1
n i h
3
o s e
2
w t t
Ciphers can encrypt any message expressed in binary (1s and 0s)
This flexibility and the speed of computing makes this ciphers dominant for encryption today
Codes are more specialized

They substitute one thing for another
Usually a word for another word or a number for a word

Codes are good for humans and may be included in messages sent via encipherment
10
Message
Code
From
Akagi To Truk
17434
63717 83971 11131
STOP
ETA
34058
53764 73104 26733
Transmitted: 174346371783971
6 PM STOP
Require
B N
11
29798
72135 54678 61552
STOP
Key Length in Bits 1 2 4 8 16 40 56 112 112 168 256 512 12
2 4 16 256 65,536 1,099,511,627,776 72,057,594,037,927,900 5,192,296,858,534,830,000,000,000,000,000,000 5.1923E+33 Shaded keys are 3.74144E+50 Strong symmetric 1.15792E+77 keys (>=100 bits) 1.3408E+154
Each extra bit doubles the number of keys
Number of Possible Keys
Note:
Public key/private key pairs (discussed later in the
chapter) must be much longer than symmetric keys to be considered to be strong because of the disastrous consequences that could occur if a private key is cracked and because private keys
cannot be changed frequently. Public keys and

private keys must be at least 512 to 1,024 bits long
13
Key Length (bits) Key Strength Processing Requirements RAM Requirements Remarks
RC4 40 bits or more Very weak at 40 bits Low Low Can uses keys of variable length
DES 56 Weak Moderate Moderate Created in the 1970s
3DES 112 or 168 Strong High Moderate Applies DES three times with two or three different DES keys
AES 128, 192, or 256 Strong Low Low Todays gold standard for symmetric key encryption
14
64-bit DES Sy mmetric Key (56 bits + 8 redundant bits) 64-bit Plaintext Block
The DES cipher encrypts messages 64 bits at a time. The DES cipher (in codebook mode) needs two inputs.
15
DES Encry ption Process
64-bit Ciphertext Block
Cryptographic Systems
Encryption for confidentiality is only one cryptographic protection
Individual users and corporations cannot be expected to master these many aspects of cryptography
Consequently, crypto protections are organized into complete cryptographic systems that provide a broad set of cryptographic protection
16
Cryptographic Systems
1. Two parties first agree upon a particular cryptographic system to use
2. Each cryptographic system dialogue begins with three brief hand-shaking stages
3. The two parties then engage in cryptographically protected communication
This ongoing communication stage usually constitutes nearly all of the dialogue
17
Handshaking Stage 1: Initial Negotiation of Security Parameters Handshaking Stage 2: Initial Authentication (Usually mutual) Handshaking Stage 3: Key ing (Secure exchange of key s and other secrets) Ongoing Communication Stage with Message-by -Message Conf identialit y, Authentication, and Message Integrity Electronic Signature (Authentication, Integrity ) Plaintext Encry pted f or Conf identiality
Client PC
Serv er
Time
Time
18
(Usually mutual) Handshaking Stage 3: Key ing (Secure exchange of key s and other secrets) Ongoing Communication Stage with Message-by -Message Conf identialit y, Authentication, and Message Integrity Electronic Signature (Authentication, Integrity ) Plaintext Encry pted f or Conf identiality
Serv e
19
Selecting methods and parameters Authentication Keying (the secure exchange of secrets) Ongoing communication
20
Cipher Suite
Key Negotiation
Digital Signature Method None RSA export strength (40 bits)
Symmetric Key Encryption Method None RC4 (40-bit key)
Hashing Method for HMAC None MD5
Strength
NULL_WITH_NULL_NULL RSA_EXPORT_WITH_ RC4_40_MD5
None RSA export strength (40 bits)
None Weak
RSA_WITH_DES_CBC_ SHA
RSA
RSA
DES_CBC
SHA-1
Stronger but not very strong

Strong
DH_DSS_WITH_3DES_ EDE_CBC_SHA RSA_WITH_AES_256_CB C_SHA256
DiffieHellman RSA
Digital Signature Standard RSA
3DES_ EDE_CBC AES 256 bits
SHA-1
SHA-256
Very strong
21
22
Supplicant: Wishes to prove its identity
Credentials Proofs of identity (password, etc.)
Verifier: Tests the credentials, accepts or rejects the supplicant
23
Hashing
A hashing algorithm is applied to a bit string of any length The result of the calculation is called the hash For a given hashing algorithm, all hashes are the same short length
Bit string of any length
Hashing Algorithm
Hash: bit string of small fixed length
24
Hashing versus Encryption

Encryption About the same length as the plaintext
Yes. Decryption
Characteristic Result length
Hashing Short fixed length regardless of message length

No. There is no way to get from the short hash back to the long original message
Reversible?
25
Hashing Algorithms
MD5 (128-bit hashes) SHA-1 (160-bit hashes) SHA-224, SHA-256, SHA-384, and SHA-512 (name gives hash length in bits) Note: MD5 and SHA-1 should not be used because have been shown to be unsecure
26
27
Supplicant sends Response Message in the clear (without encryption) Transmitted Response Message
28
29
30
There are two types of ciphers used for confidentiality

In symmetric key encryption for confidentiality, the two sides use the same key For each dialogue (session), a new symmetric key is generated: the symmetric session key In public key encryption, each party has a public key and a private key that are never changed A persons public key is available to anyone
A person keeps his or her private key secret

31
32
1. Creates Sy mmetric Session Key
Party A
Party B
2. Encry pts Session Key with Party B's Public Key
3. Sends the Sy mmetric Session Key Encry pted f or Conf identiality
4. Decry pts Session Key with Party B's Priv ate Key
33
5. Subsequent Encry ption with Sy mmetric Session Key
The two parties exchange parameters p and g
Each uses a number that is never shared explicitly to compute a second number
Each sends the other their second number
Each does another computation on the second computed number Both get the third number, which is the key All of this communication is sent in the clear
34
The gory details
Party X 2. Party X Generates Random Number x 3 Party X Computes x'=g^x mod p
1. Exchange Key ing Inf ormation: Agree on Dif f ie-Hellman Group p (prime) and g (generator). Exchange is in the clear.
Party Y 2. Party Y Generates Random Number y 3 Party Y Computes y '=g^y mod p
4. Exchange Key ing Inf ormation: Exchange x' and y '. Exchange is in the clear.
5. Party X Computes Key =y '^x mod p =g^(xy ) mod p 6. Subsequent Encry ption with Sy mmetric Session Key g^(xy ) mod p
5. Party Y Computes Key =x'^y mod p =g^(xy ) mod p
35
Note: An eav esdropper intercepting the key ing inf ormation will still not know x or y and so will not be able to compute the sy mmetric session key g^xy Mod P
36
Consumes nearly all of the dialogues

Message-by-Message Encryption
Nearly always uses symmetric key encryption
Already covered
Public key encryption is too inefficient
Message-by-Message Authentication
Digital signatures Message authentication codes (MACs) Also provide message-by-message integrity
37
To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; this is NOT the Digital Signature. 2. Sign (encry pt) the message digest with the sender's priv ate key to create the digital signature Goal: to show that the supplicant knows the True Party 's priv ate key
Plaintext Hash MD Sign (Encry pt) with Sender's Priv ate Key DS
DS
Plaintext
38
DS
Plaintext Copyright Pearson Prentice-Hall 2009
Goal: to show that the supplicant knows the True Party 's priv ate key
DS
Plaintext
DS
Plaintext
Sender
3. Transmit the plaintext + digital signature, encry pted with sy mmetric key encry ption.
Receiv er
To Test the Digital Sign Encryption is done to protect the plaintext 4. 5. It is not needed for message-by-message 4. Hash the receiv ed p authentication with the same hashing a Receiv ed Plaintext DS the sender used. This gi message digest. 39 Decry pt with Copyright Pearson Prentice-Hall 2009 5. Decry pt the digital si Hash
Sender
3. Transmit the plaintext + digital signature, encry pted with sy mmetric key encry ption.
Receiv er
To Test the Digital Signature 4. Receiv ed Plaintext Decry pt with True Party 's Public Key 5. DS 4. Hash the receiv ed plaintext with the same hashing algorithm the sender used. This giv es the message digest. 5. Decry pt the digital signature with the True Party 's public key . This also will giv e the message digest if the sender has the True Party 's priv ate key . 6. If the two match, the message is authenticated.
Hash
MD 6. Are They Equal?
MD
40
Encryption Goal Public Key Encryption for Confidentiality Public Key Encryption for Authentication
Sender Encrypts with The receivers public key The senders private key Point of frequent confusion
Receiver Decrypts with The receivers private key The True Partys public key (not the senders public key)
41
Cannot use the senders public key

It would always validate the senders digital signature
Normally requires a digital certificate

File provided by a certificate authority (CA) The certificate authority must be trustworthy Digital certificate provides the subjects (True Partys) name and public key Dont confuse digital signatures and the digital certificates used to test digital signatures!
42
Field Version Number
Description
Serial number allows the receiver to Version number of the X.509 standard. Most certificates check ifversions the digital certificate has follow Version 3. Different have different fields. been revoked by the CA This figure reflects the Version 3 standard.
Issuer Serial Number Subject (True Party) Public Key Public Key Algorithm 43
Name of the Certificate Authority (CA). Unique serial number for the certificate, set by the CA. The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party. The public key of the subject (the true party). The algorithm the subject uses to sign messages with digital signatures. Certificate provides the True Partys public key
Field Digital Signature
Description The digital signature of the certificate, signed by the CA with the CAs own private key. For testing certificate authentication and integrity. User must know the CAs public key independently. The digital signature algorithm the CA uses to sign its certificates. The CA signs the cert with its own private key so that the certs validity can be checked for alterations.
Signature Algorithm Identifier Other Fields
44
Testing the Digital Signature

The digital certificate has a digital signature of its own
Signed with the Certificate Authoritys (CAs) private key Must be tested with the CAs well-known public key If the test works, the certificate is authentic and unmodified
45
Checking the Valid Period

Certificate is valid only during the valid period in the digital certificate (not shown in the figure) If the current time is not within the valid period, reject the digital certificate
46
Checking for Revocation

Certificates may be revoked for improper behavior or other reasons Revocation must be tested Cannot be done by looking at fields within the certificate Receiver must check with the CA
47
Checking for Revocation

Verifier may download the entire certificate revocation list from the CA See if the serial number is on the certificate revocation list
If so, do not accept the certificate

Or, the verifier may send a query to the CA Requires the CA to support the Online Certificate Status Protocol
48
Certif icate Authority Verif ier must know CA public key to test whether the digital certif icate has been altered; Rev ocation inf ormation
Digital Signature Digital Signature to be tested with the public key of the True Party Authentication
Digital Certif icate Public key of True Party
49
If the public key of the True Party v erif ies the digital signature, accept the supplicant
Also Brings Message Integrity

If the message has been altered, the authentication method will fail automatically
Digital Signature Authentication

Uses public key encryption for authentication Very strong but expensive
Key-Hashed Message Authentication Codes

An alternate authentication method using hashing Much less expensive than digital signature authentication Much more widely used
50
51
As in the case of digital signatures, confidentiality is done to protect the plaintext. It is not needed for authentication and has nothing to do with authentication.
52
53
Nonrepudiation means that the sender cannot deny that he or she sent a message With digital signatures, the sender must use his or her private key
It is difficult to repudiate that you sent something if you use your private key
With HMACs, both parties know the key used to create the HMAC
The sender can repudiate the message, claiming that the receiver created it
54
However, packet-level nonrepudiation is unimportant in most cases The application messagean e-mail message, a contract, etc., is the important thing If the application layer message has its own digital signature, you have nonrepudiation for the application message, even if you use HMACs at the internet layer for packet authentication
55
Replay Attacks
Capture and then retransmit an encrypted message later
May have a desired effect

Even if the attacker cannot read the message
56
Thwarting Replay Attacks

Time stamps to ensure freshness of each message Sequence numbers so that repeated messages can be detected Nonces Unique randomly generated number placed in each request message
Reflected in the response message If a request arrives with a previously used nonce, it is rejected
57
Quantum Mechanics
Describes the behavior of fundamental particles Complex and even weird results
58
Quantum Key Distribution

Transmits a very long keyas long as the message This is a one-time key that will not be used again
A one-time key as long as a message cannot be cracked by cryptanalysis

If an interceptor reads part of the key in transit, this will be immediately apparent to the sender and receiver
59
Quantum Key Cracking

Tests many keys simultaneously If quantum key cracking becomes capable of working on long keys, todays strong key lengths will offer no protection
60
Symmetric Key Encryption
Confidentiality Applicable. Sender encrypts with key shared with the receiver. Applicable. Sender encrypts with receivers public key. Receiver decrypts with the receivers own private key. Not applicable.
Authentication Not applicable.
Public Key Encryption
Applicable. Sender (supplicant) encrypts with own private key. Receiver (verifier) decrypts with the public key of the true party, usually obtained from the true partys digital certificate. Applicable. Used in MS-CHAP for initial authentication and in HMACs for message-bymessage authentication.
Hashing
61
62

Cryptography in Networking

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cryptography in Networking

Încărcat de

Drepturi de autor:

Formate disponibile

Chapter 3

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Cryptanalysts attempt to crack (find) the key

Cipher & Key

Copyright Pearson Prentice-Hall 2009

n 4 o 8 w 15 i 16 s 23 t 16 +4 h 3 e 9 p q r t 12 i 20 m 6 This is a very weak cipher e 25 Real ciphers use complex math

Copyright Pearson Prentice-Hall 2009

Most real ciphers use both substitution and transposition

Copyright Pearson Prentice-Hall 2009

Codes are more specialized

Usually a word for another word or a number for a word

Copyright Pearson Prentice-Hall 2009

Key Length in Bits 1 2 4 8 16 40 56 112 112 168 256 512 12

Each extra bit doubles the number of keys

Number of Possible Keys

cannot be changed frequently. Public keys and

DES 56 Weak Moderate Moderate Created in the 1970s

Copyright Pearson Prentice-Hall 2009

DES Encry ption Process

64-bit Ciphertext Block

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Digital Signature Method None RSA export strength (40 bits)

Symmetric Key Encryption Method None RC4 (40-bit key)

Hashing Method for HMAC None MD5

NULL_WITH_NULL_NULL RSA_EXPORT_WITH_ RC4_40_MD5

None RSA export strength (40 bits)

Stronger but not very strong

DH_DSS_WITH_3DES_ EDE_CBC_SHA RSA_WITH_AES_256_CB C_SHA256

Digital Signature Standard RSA

3DES_ EDE_CBC AES 256 bits

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Supplicant: Wishes to prove its identity

Credentials Proofs of identity (password, etc.)

Verifier: Tests the credentials, accepts or rejects the supplicant

Copyright Pearson Prentice-Hall 2009

Bit string of any length

Hash: bit string of small fixed length

Copyright Pearson Prentice-Hall 2009

Hashing versus Encryption

Characteristic Result length

Hashing Short fixed length regardless of message length

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

Copyright Pearson Prentice-Hall 2009

There are two types of ciphers used for confidentiality

A person keeps his or her private key secret

Copyright Pearson Prentice-Hall 2009

1. Creates Sy mmetric Session Key

2. Encry pts Session Key with Party B's Public Key

3. Sends the Sy mmetric Session Key Encry pted f or Conf identiality

5. Subsequent Encry ption with Sy mmetric Session Key

Copyright Pearson Prentice-Hall 2009

The two parties exchange parameters p and g

The gory details