Network Security 7-1

CIS3360: Chapter 8: CryptographyApplication of Public Cryptography

Cliff Zou

Spring 2012

Network Security 7-2

Acknowledgement

Some slides are modified from the slides provided by textbook: Computer Networking: A Top Down

Approach Featuring the Internet, J. Kurose & K. Ross, Addison Wesley, 4rd ed., 2007

Network Security 7-3

Digital Signatures

Cryptographic technique analogous to hand-written signatures.

sender (Bob) digitally signs document, establishing he is document owner/creator.

verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

Network Security 7-4

Digital Signatures

Simple digital signature for message m: Bob signs m by encrypting with his private

key KB, creating “signed” message, KB(m)--

Dear Alice

Oh, how I have missed you. I think of you all the time! …(blah blah blah)

Bob

Bob’s message, P

Public keyencryptionalgorithm

Bob’s privatekey

K B-

Bob’s message, P, signed

(encrypted) with his private key

EK ¡B

(P )

Network Security 7-5

Digital Signatures (more) Suppose Alice receives:

msg P’, and its digital signature

Alice verifies P’ signed by Bob by applying Bob’s public key to checks if

Alice thus verifies that: Bob signed P. No one else signed P. Bob signed P and not a different P’.

Non-repudiation: Alice can take P, and its signature to court and

prove that Bob signed P.

EK ¡B

(P )

K +B

EK ¡B

(P )DK +

B(EK ¡

B(P )) = P 0

Network Security 7-6

Message Digests

Computationally expensive to public-key-encrypt long messages

Goal: fixed-length, easy- to-compute digital “fingerprint”

apply hash function H to m, get fixed size message digest, H(m).

Hash function properties: many-to-1 produces fixed-size msg

digest (fingerprint) given message digest x,

computationally infeasible to find m such that x = H(m)

large message

P

H: HashFunction

H(m)

Network Security 7-7

Hash Function Algorithms

MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step

process. arbitrary 128-bit string x, appears difficult to

construct msg m whose MD5 hash is equal to x.

SHA-1 is also used. US standard [NIST, FIPS PUB 180-1]

160-bit message digest

Network Security 7-8

large message

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’s private

key K B-

+

Bob sends digitally signed message:

Alice verifies signature and integrity of digitally signed message:

encrypted msg digest

encrypted msg digest

large message

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bob’s public

key K B+

equal ?

Digital signature = signed message digest

No confidentiality !No confidentiality !

EK ¡B

(H (m))

EK ¡B

(H (m))

Network Security 7-9

Trusted Intermediaries

Public key problem: When Alice obtains Bob’s public key (from web

site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?

Solution: trusted certification authority (CA)

Network Security 7-10

Certification Authorities

Certification authority (CA): binds public key to particular entity, E.

E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by

CA – CA says “this is E’s public key”Bob’s public

key K B+

Bob’s identifying informatio

n

digitalsignature(encrypt)

CA private

key K CA-

K B+

certificate for Bob’s public

key, signed by CA

EK ¡C A

(K +B )

Network Security 7-11

Certification Authorities When Alice wants Bob’s public key:

gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate,

get Bob’s public key

Bob’s public

key K B+

digitalsignature(decrypt)

CA public

key K CA+

K B+

EK ¡C A

(K +B )

Network Security 7-12

A certificate contains: Serial number (unique to issuer) info about certificate owner, including

algorithm and key value itself (not shown) info about

certificate issuer

valid dates digital

signature by issuer

Network Security 7-13

Internet Web Security Architecture

Client A

CAWeb Server B

EK+B(KAB, R)

EKAB(R)

EKAB(m)

Cert Request

K+B

EK ¡C A

(K +B )

EK ¡C A

(K +B )

Network Security 7-14

Internet Web Security Conditions

Clients’ web browsers have built-in CAs. CAs are trustable Web servers have certificates in CAs.

Q: What if a server has no certificate? Example: SSH servers

Network Security 7-15

SSH Example

Initial setup: Trust the first-time connection Save the server’s public key

Still vulnerable due to the update of server’s key

Client A Web Server B

EKAB(R)

EKAB(m)

EK+B(KAB, R)

Network Security 7-16

Secure Message

Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and to Bob.

Assumption: Public keys are pre-distributed securely E.g: through CA, or pre-established like SSH

Alice wants to send confidential message, m, to Bob.

KS( ).

KB( ).+

+

KS(m

)m

KS

KB+

Internet

KSEK +

B(K S )

EK +B

(K S )

Network Security 7-17

Secure Message

Bob: uses his private key to decrypt and recover KS

uses KS to decrypt EKS(m) to recover m

Alice wants to send confidential message, m, to Bob.

E()

E()

+ -

EKS(m )m

KS

KS

KB+

Internet

D()

D()

KB-

KS

mEKS(m )

EK +B

(K S ) EK +B

(K S )

Network Security 7-18

Secure Message (continued)

• Alice wants to provide sender authentication message integrity.

• Alice digitally signs message.• sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )m

KA-

Internet

m

KA( ).+

KA+

mH( ). H(m )

compare

Network Security 7-19

Secure Message (continued)

• Alice wants to provide secrecy, sender authentication, message integrity.

Alice uses three keys: her private key, Bob’s public key, newly created symmetric session key

H( ). KA( ).-

+

m

KA-

m

KS( ).

KB( ).+

+

KS

KB+

Internet

KS EK +B

(K S )