Network Security

Review

Secure channel

Communication securityConfidentiality

• Message• Traffic

AuthenticationIntegrity

How to achieve?Establish shared keyEncrypt MACLeft out: non-repudiation, etc.

Shared Key Establishment

“Trusted third party”

Kerberos

• Tickets

Public key methods

SSL

IPSEC

“Out-of-band”

Public Key Crypto

Public Key techniques

Diffie-Hellman RSAN=pq; ed 1 (mod (N))Public:e,N;Private:d,N

Encrypt M: CMemodN

Decrypt C: MCdmodN

Sign M: S Mdmod N

Verify S: Se M (modN)

Alice Boba b

p, g

magamod p mbgbmod p

ma mb

mbamod p ma

bmod p=gabmod p=

shared secret key!•Discrete log:

•Given y,p,b

•Find x: bxmod p = y

?

•Factoring:

•Given N=pq

•Find p,q

Discrete log based schemes

DH (key establishment)

DSS/DSA (signatures)

El-Gamal (signatures, encryption)Elliptic Curves Cryptography (ECC)

Why modulus (p) is so large?Little-step/giant-step attack

Factoring based

RSA

Square Roots (=Factoring)Rabin (Encryption, Signature)

Fiat-Shamir (ID scheme, Signature)

World mod N

How many objects?|Z*

N|= (N); for all z Z*

N, z (N) mod N=1

If N=pq, then (N)= (p-1)(q-1)[If N=p, then (N)= p-1]

Blum integers: N=pq, pq3 (mod 4)

Thenx(p+1)/4 mod p= y; y2x(p+1)/2x(p-1)/2 x±x mod p

Chinese Remainder Theorem (CRT)

Given y2 x mod p; z2 x mod q; N=pq;Find s: s2 x mod N

More generally:Given a,A, b,B;Find x: x a mod A, x b mod B

Let u, v be s.t. uA 1 mod B, vB 1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a;

x mod B = uAb+vBa = uAb = b]

How to find u,v?

Extended GCD

Euclid’s GCD algorithm(greatest common divisor):gcd(a,b) = gcd( b, a mod b) =…= gcd(a’,b’)=ca’=ib’+c, … , ax+by=c

If gcd(a,b)=1: ax 1 mod b

Summary (factoring-based)

RSAGiven p,q; Can compute (N), for N=pq;

With Extended gcd, can compute e, d 1/e mod (N);

• gcd(e, (N)) must be 1

RabinUsing Blum integers can compute SQRT mod p,q

Using CRT can combine them to SQRT mod N

Prime number generation

Why?

How?Exhaustive search

• Too long

Miller-Rabin• Little Fermat’s Theorem (again)

Prime Number Theorem#of primes between R and 2R is R/lnR

i.e. Prob[ random R is a prime ] 1/lnR

Efficiency for all

Exponentiation: Repetitive Squaring

bA mod N takes 1.5 lg A long multiplications

Cost of multiplication quadratic in length

Optimization: mod N (mod p) + (mod q) +CRT

Watch out!

Attacks on factoring

(N), N => factoring (quadratic equation)

Trick: obtain x, s.t. x0 mod p, x mod q 0

gcd(x, N)=p

SQRTmodN => Factoring

vy2mod N; zSQRTmodN(v)

If z ±y, then x y-z

Computing (mod p) + (mod q) + CRTRandom error mod p (or mod q) => factoring

Other Crypto

Encryption

Hashing

MACs

EncryptionOne time padBlock cipher

DES• Feistel approach

AES/RijndaelModes of operation

• EBC, CFB, CBC, etc.

Stream ciphersRC-4Pseudo-random generators

Hashing

Hashing algorithms

MD-5

SHA

Applications

Digital signatures

MAC

Systems

Certificates

SSL

IPSEC

Kerberos

Certificates

X-509

CA’s

Trust infrastructureHierarchical

• X.509

Networks of Trust• PGP

SSL

TCP level secure channelEstablish Shared Secret

• DH+Certificates [+signatures]• RSA+Certificates [+signatures]• Kerberos [TLS]

Do not confuse with Kerberos over SSL/TLS

Encrypt & MAC

Usually authenticates only serverClient authentication possible

Typical application: HTTPS

IPSEC

IP level secure channelSimilar tools to SSL

Some traffic confidentiality

Both ends authenticated

Tunneling

Typical application:VPN

Kerberos

Key-Distribution Centers approachTrusted Third Party – another term

Authentication Server

Ticket Granting Servers

Tickets

Realms

Other topics

Firewalls

Non-repudiation

SET

Final:

Tuesday May 10

9-11am

See you there!Best of Luck!!!