copyright © 2003 t. trappenberg overview e 1 e1. security module 1 technology: gr01e - electronic...

Copyright © 2003 T. Trappenberg Overview E 1

E1. Security

Module 1 Technology:

GR01E - Electronic Commerce Overview


Data securityHacker resistanceFault ToleranceIntrusion control and detection

SSL

Policies …


What is SSL/TSL?

• Secure Socket Layer/Transport Layer Security• Runs commonly on top of TCP/IP• A protocol that implements - privacy against eavesdroppers through encryption of messages - message integrity trough hash function - authentication through digital signatures• e.g., connect to https, ssmtp, spop3 (each has a unique port number)


Netscape SSLSecure Socket Layer

Microsoft PCTPrivate Communication

Technology

IETF: TLSInternet Engineering Task force

Based on SSL 3.0

January 1999: Draft version 1.0 (http://www.ietf.org)

New standard for secure communication over the internet

Goals: • `Cryptographic security’ (including privacy and authentication • Interoperability• Extensibility• Relative efficiency


TLS Protocols:TLS handshake protocol: TLS record protocol: Negotiation of - Session identifier packaging of data to be transported

- Compression method - Cipher specification - Master key - Peer certificate


Authetication: either - both parties- server authentication

- no authentication


Security Analysis


However: -How secure is the cryptographic protocol? (e.g. key length, …)

- How is authentication handled (e.g. switched on?, signature verification, …)

- Implementation errors


E2. Cryptography

Module 1 Technology:

GR01E - Electronic Commerce Overview


Dear Jean,

I love you

George

This is $1000 Dollar (US!!)


• Ciphers

• Symmetric Key Algorithms

• Public Key Algorithms

• Message Digests

• Digital Signatures

• Trust networks

Cryptography Basics


•Confidentiality (how can I make sure that an eavesdropper can not read my message)

• Message integrity (how do I know that the message has not been modified on its travel?)

• Authentication (how do I know that the message is from a particular person?)


guvf zrffntr vf frperg

__is __ss___ is s_____


Relative frequency of letters in English text


this message is secret

guvf zrffntr vf frperg

__is _ess__e is se__e_

__is __ss___ is s_____

this _ess__e is se__et

abcdefghijklmnopqrstuvwxyz

nopqrstuvwxyzabcdefghijklm

ROT13 algorithm (cipher):


Definitions (Encryption, Decryption, Plaintext, Ciphertext)

Encryption DecryptionPlaintext Ciphertext

OriginalPlaintext

Types of cipher:• Stream cipher

– Each bit (or byte) is encrypted or decrypted individually– Simple substitution ciphers (ROT13, XOR)

• Block cipher– A sequence of bits (or bytes) is used at each step in the encryption and

decryption process (DES, AES)



OriginalPlaintext

Key


OriginalPlaintext

EncryptionKey

DecryptionKey

Key

Symmetric Key Algorithms

Public Key Cryptography


Symmetric Key Algorithms

General:• Substitution (ROT13, Cryptoquotes)• Transposition• XOR• One Time Pad

Specific algorithms:• DES (data encryption standard, 56-bit key , Triple-DES)

• IDEA (international data encryption algorithm, 128-bit key, patents)

• RC2, RC4, RC5 (Ronald Rivest RSA, variable key length)

• Rijndael (AES) (advanced encryption standard adapted in 2001)

} most practical algorithms use a combination of these


Rijndael: Iterated Block Cipher

• 10/12/14 times applying the same round function

• Round function: uniform and parallel, composed of 4 steps

• Each step has its own particular function:

- ByteSub: nonlinearity

- ShiftRow: inter-column diffusion

- MixColumn: inter-byte diffusion within columns

- Round key addition


What is an appropriate length for a key?


Comparison of cryptographic algorithms


Key distribution problem

Solutions:

• Doubly padlocked box exchange

• Diffie-Hellman key exchange

• Public-key cryptography (RSA, elliptic curve cryptography)


Alice Bob

Secret part generation

One-way function

Swap

Key generation


Alice Bob

Secret part generation

Choose a secret number

A=3

Choose a secret number

B=6

One-way function Use one-way function

a=7A(mod 11)=2

Use one-way function

b=7B(mod 11)=4

Swap

b=4 a=2

Key generation Another one-way function

k=bA(mod 11)=9

Another one-way function

k=aB(mod 11)=9


• The Diffie-Hellman key exchange was the first widely recognized solution to the key exchange problem

• Can only be used to exchange key. Symmetric key cryptographic methods can be used to exchange secret messages

• Fairly elaborate exchange of messages


Public Key Cryptography

A public key - private key pair are used, one for encryption and the other for decryption


Public Key:n - product of two primes, p and q (p and q are secret)e - relatively prime to (p-1)(q-1)

Private Key:d - e-1mod ((p-1)(q-1))

Encrypting:c = me mod n

Decrypting:m = cd mod n

Public Key Cryptography (a la RSA)

• A public key - private key pair are used, one for encryption and the other for decryption

• Let p=3, q=11• n=pq=33• e must be relatively prime to (p-1)(q-1)=20• choose e = 7, then d = 7-1 mod 20 = 3• Plaintext is 3,4,2 (m1=3, m2=4, m3=2)• c1=m1

e mod n = 37 mod 33 = 9• c2 = m2e mod n = 47 mod 33 = 15• c3 = m3e mod n = 27 mod 33 = 29• Ciphertext is 9,15,29• m1=c1

d mod n = 93 mod 33 = 3• m2=c2

d mod n = 153 mod 33 = 4• m3=c3

d mod n = 293 mod 33 = 2• Plaintext is 3,4,2

Example:


PGP: Pretty Good Privacy

Philip Zimmermann

• Implementation of best available cryptographic algorithms for confidentiality and authentication and integration into a freely available general-purpose application

• Package, source code, and documentation available on the web

•Low-cost commercial version from Network Associates

•Includes AES, 3DES, CAST, IDEA; RSA DSS, Diffie-Hellman; SHA1; key management, …


Message Digests & Hash function

• A message digest is a one-way function which maps the information contained in a (small or large) file to a single large number, typically between 128 bits and 256 bits in length.

• A good message digest function should have the following properties:– Every bit of the output is influenced by every bit of the input– Changing a single bit in the input results in every output bit having

a 50% chance of changing– Given an input file, its corresponding digest, and the digest

function, it is computationally infeasible to produce another input file which maps to the same digest


http://ciips.ee.uwa.edu.au/~morris/Year2/PLDS210/hash_tables.html


Message Digests (continued)

• Standard encryption algorithm• e.g. use last block in cipher feedback mode• Provide good message digest code• Computationally more demanding than other specialized functions

• MD5• One widely used message digest algorithm from a series of algorithms

developed by Ronald Rivest• Does not rely on a secrete key and is therefore not suitable as MAC

without further provisions

• HMAC• The Hashed Message Authentication Code uses a shared secret key in

combination with a message digest function to produce a secret message authentication code

• Since an attacker doesn’t know the secret, the attacker cannot produce a correct authentication code if they alter the message

• Fast to calculate, can be used as digital signature. However, a shared secret key is used.

• SHA-1• Developed by the NSA for use with the Digital Signature Standard


Message

DigestAlgorithm

Hash

BlockCipher

Message Authentication

Code

MAC Message

Secret Key

Operation of a message digest function to produce a message authentication code


Private Key

Message

Hash Function

Digest

Encrypt

Signature

Message

Signature

Hash Function

Decrypt

Public Key

Message

ActualDigest

ExpectedDigest

If actual and expected match, the signature is verified

Originator RecipientTransmitted Message

RSA Digital Signature


Types of authentication

• What you know (username and password)

• What you have (token, smart card)

• What you are (biometrics)

• Where you are (location security)


Digital Certificates

• Need a system for pairing public keys to identification information

• Certification authority (or trusted third party) issues a certificate which pairs identification information with a public key, signed with the certification authority’s private key

• User must trust the certification authority, and have a valid copy of the certification authority’s public key


Digital Certificates (continued)

Subject Identification Information

Certification AuthorityName

Certification Authority’sDigital Signature

Subject PublicKey Value

CertificateCertificate Authority’s Private Key

GenerateDigital

Signature


Certification Paths

• More than one Certification Authority will be required

• If CAs trust one another, they can issue certificates for each other’s public keys

• This leads to a recursively defined path from a user under one CA to a user under another CA


Certification Paths (continued)

Root Public Key(Certification Authority A)Subject = Certification

Authority B

Subject Public Key

Issuer = Certification Authority A

Public – Private Key Pair

Bob

Certificate 1

Subject = CertificationAuthority C

Subject Public Key

Issuer = Certification Authority B

Certificate 2

Subject = Bob

Subject Public Key

Issuer = Certification Authority C

Certificate 3

Public Key user


X.509 Certificate FormatVersions 1 and 2

Version (of certificate format)

Certification Authority’sDigital Signature

Certificate

Certificate Authority’s Private Key

GenerateDigital

Signature

Certificate Serial Number

Signature Algorithm Identifier

Issuer’s X.500 Name

Validity Period

Subject’s X.500 Name

Subject’sPublic KeyInformation

Algorithm Identifier

Public KeyValue

Issuer Unique Identifier

Subject Unique Identifier

Not in Version 1

copyright © 2003 t. trappenberg overview e 1 e1. security module 1 technology: gr01e - electronic...

Documents