Chapter 11 Slides

Slides for Chapter 11:
Security
From Coulouris, Dollimore, Kindberg and Blair
Distributed Systems:
Concepts and Design
Edition 5, Addison-Wesley 2012
Figure 11.1
Familiar names for the protagonists in security protocols
Alice
Firstparticipant
Bob
Secondparticipant
Carol
Participantinthreeandfourparty
protocols
Participantinfourparty
Dave
Eve
protocols
Eavesdropper
Mallory
Maliciousattacker
Sara
Aserver
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.2
Cryptography notations
KA
Alicessecretkey
KB
Bobssecretkey
KAB
SecretkeysharedbetweenAliceandBob
KApriv
Alicesprivatekey(knownonlytoAlice)
KApub
Alicespublickey(publishedbyAliceforalltoread)
{M}K
MessageMencryptedwithkeyK
[M]K
MessageMsignedwithkeyK
Figure 11.3
Alices bank account certificate
1.Certificatetype:
2.Name:
3.Account:
4.Certifyingauthority:
5.Signature:
Accountnumber
Alice
6262626
BobsBank
{Digest(field2+field3)}KBpriv
Figure 11.4
Public-key certificate for Bobs Bank
1.Certificatetype:
Publickey
2.Name:
BobsBank
3.Publickey:
KBpub
4.Certifyingauthority:
FredTheBankersFederation
{Digest(field2+field3)}KFpriv
5.Signature:
Figure 11.5
Cipher block chaining
n+3
plaintext blocks
n+2
n+1
XOR
E(K, M)
ciphertext blocks
n-3
n-2
n-1
Figure 11.6
Stream cipher
number
generator
keystream
n+3
n+2
n+1
E(K, M)
buffer
XOR
ciphertext
stream
plaintext
stream
Figure 11.7
TEA encryption function
voidencrypt(unsignedlongk[],unsignedlongtext[]){
unsignedlongy=text[0],z=text[1];
unsignedlongdelta=0x9e3779b9,sum=0;intn;
for(n=0;n<32;n++){
sum+=delta;
y+=((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
z+=((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
}
text[0]=y;text[1]=z;
}
1
2
3
4
5
6
7
Figure 11.8
TEA decryption function
voiddecrypt(unsignedlongk[],unsignedlongtext[]){
unsignedlongy=text[0],z=text[1];
unsignedlongdelta=0x9e3779b9,sum=delta<<5;intn;
for(n=0;n<32;n++){
z=((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
y=((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
sum=delta;
}
text[0]=y;text[1]=z;
}
Figure 11.9
TEA in use
voidtea(charmode,FILE*infile,FILE*outfile,unsignedlongk[]){
/*modeiseforencrypt,dfordecrypt,k[]isthekey.*/
charch,Text[8];inti;
while(!feof(infile)){
i=fread(Text,1,8,infile);
/*read8bytesfrominfileintoText*/
if(i<=0)break;
while(i<8){Text[i++]='';} /*padlastblockwithspaces*/
switch(mode){
case'e':
encrypt(k,(unsignedlong*)Text);break;
case'd':
decrypt(k,(unsignedlong*)Text);break;
}
fwrite(Text,1,8,outfile);
/*write8bytesfromTexttooutfile*/
}
}
RSA Encryption - 1
Tofindakeypaire,d:
1.Choosetwolargeprimenumbers,PandQ(eachgreaterthan10100),andform:
N=PxQ
Z=(P1)x(Q1)
2.FordchooseanynumberthatisrelativelyprimewithZ(thatis,suchthatdhasno
commonfactorswithZ).
WeillustratethecomputationsinvolvedusingsmallintegervaluesforPandQ:
P=13,Q=17>N=221,Z=192
d=5
3. Tofindesolvetheequation:
exd=1modZ
Thatis,exdisthesmallestelementdivisiblebydintheseriesZ+1,2Z+1,3Z+1,....
exd=1mod192=1,193,385,...
385isdivisiblebyd
e=385/5=77
RSA Encryption - 2
ToencrypttextusingtheRSAmethod,theplaintextisdividedintoequalblocksoflengthk
bitswhere2k<N(thatis,suchthatthenumericalvalueofablockisalwayslessthanN;in
practicalapplications,kisusuallyintherange512to1024).
k=7,since27=128
ThefunctionforencryptingasingleblockofplaintextMis:
E'(e,N,M)=MemodN
foramessageM,theciphertextisM77mod221
Thefunctionfordecryptingablockofencryptedtextctoproducetheoriginalplaintextblock
is:
D'(d,N,c)=cdmodN
Rivest,ShamirandAdelmanprovedthatE'andD'aremutualinverses
(thatis,E'(D'(x))=D'(E'(x))=x)forallvaluesofPintherange0PN.
Thetwoparameterse,Ncanberegardedasakeyfortheencryptionfunction,andsimilarlyd,N
representakeyforthedecryptionfunction.
SowecanwriteKe=<e,N>andKd=<d,N>,andwegettheencryptionfunction:
E(Ke,M)={M}K(thenotationhereindicatingthattheencryptedmessagecanbedecryptedonly
bytheholderoftheprivatekeyKd)andD(Kd,={M}K)=M.
Figure 11.10
Digital signatures with public keys
M
signed doc
H(M)
Signing
E(K pri , h)
128 bits
{h}Kpri
Verifying
D(Kpub ,{h})
{h}Kpri
h'
h = h'?
H(doc)
Figure 11.11
Low-cost signatures with a shared secret key
signed doc
H(M+K)
Signing
h
M
M
h
Verifying
h = h'?
K
H(M+K)
h'
Figure 11.12
X509 Certificate format
Subject
DistinguishedName,PublicKey
Issuer
DistinguishedName,Signature
Periodofvalidity
NotBeforeDate,NotAfterDate
Administrativeinformation
Version,SerialNumber
ExtendedInformation
Figure 11.13
Performance of symmetric encryption and secure digest algorithms
Figure 11.14
The NeedhamSchroeder secret-key authentication protocol
Header
Message
Notes
1.A>S:
A,B,NA
ArequestsStosupplyakeyforcommunication
withB.
2.S>A:
{NA,B,KAB,
{KAB,A}KB}KA
3.A>B:
{KAB,A}KB
4.B>A:
{NB}KAB
5.A>B:
{NB1}KAB
SreturnsamessageencryptedinAssecretkey,
containinganewlygeneratedkeyKABanda
ticketencryptedinBssecretkey.ThenonceNA
demonstratesthatthemessagewassentinresponse
totheprecedingone.AbelievesthatSsentthe
messagebecauseonlySknowsAssecretkey.
AsendsthetickettoB.
BdecryptstheticketandusesthenewkeyKABto
encryptanothernonceNB.
AdemonstratestoBthatitwasthesenderofthe
previousmessagebyreturninganagreed
transformationofNB.
Figure 11.15
System architecture of Kerberos
Kerberos Key Distribution Centre
Step A
1. Request for
TGS ticket
Authentication
service A
Authentication
database
Ticketgranting
service T
2. TGS
ticket
Client
C
Login
session setup
Server
session setup
DoOperation
Step B
3. Request for
server ticket
4. Server ticket
Step C
5. Service
request
Request encrypted with session key
Service
function
Reply encrypted with session key
Server
S
Figure 11.16
SSL protocol stack
SSL
Handshake SSL Change
Cipher Spec
protocol
SSL Alert
Protocol
HTTP
Telnet
SSL Record Protocol

Transport layer (usually TCP)
Network layer (usually IP)
SSL protocols:
Other protocols:
Figure 11.17
TLS handshake protocol
Establish protocol version, session ID,

cipher suite, compression method,
exchange random values
ClientHello
ServerHello
Certificate
Optionally send server certificate and
Certificate Request
request client certificate
ServerHelloDone
Client
Certificate
Certificate Verify
Change Cipher Spec

Finished
Server
Send client certificate response if

requested
Change cipher suite and finish

handshake
Change Cipher Spec

Finished
Figure 11.18
TLS handshake configuration options
Component
Description
Example
Keyexchange
method
themethodtobeusedfor
exchangeofasessionkey
RSAwithpublickey
certificates
Cipherfordata
transfer
theblockorstreamciphertobe IDEA
usedfordata
Messagedigest
function
forcreatingmessage
authenticationcodes(MACs)
SHA1
Figure 11.19
TLS record protocol
abcdefghi
Application data
Fragment/combine
Record protocol units
abc
def
Compress
Compressed units
Hash
MAC
Encrypt
Encrypted
Transmit
TCP packet
ghi
Figure 11.20
Use of RC4 stream cipher in IEEE 802.11 WEP
Decryption
Encryption
Increment
IV
IV
RC4
RC4
keystream
plaintext
XOR
cipher textIV
cipher textIV
XOR
plaintext
IV: initial value

K: shared key

Chapter 11 Slides

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Chapter 11 Slides

Încărcat de

Drepturi de autor:

Formate disponibile

Slides for Chapter 11:

From Coulouris, Dollimore, Kindberg and Blair

Request encrypted with session key

Reply encrypted with session key

SSL Record Protocol

Establish protocol version, session ID,

Optionally send server certificate and

request client certificate

Change Cipher Spec

Send client certificate response if

Change cipher suite and finish

Change Cipher Spec

IV: initial value

S-ar putea să vă placă și