Network systems security by mort anvari lecture6

Placement of Symmetric Encryption  Two major placement alternatives  Link encryption  encryption occurs independently on every link  implies must decrypt traffic between links  requ

Points of Vulnerability

Network Systems Security

Mort Anvari

Points of Vulnerability

 Adversary can eavesdrop from a

machine on the same LAN

 Adversary can eavesdrop by dialing into communication server

 Adversary can eavesdrop by gaining physical control of part of external

links

 twisted pair, coaxial cable, or optical fiber

 radio or satellite links

Placement of Symmetric

Encryption

 Two major placement alternatives

 Link encryption

 encryption occurs independently on every link

 implies must decrypt traffic between links

 requires many devices, but paired keys

 End-to-end encryption

 encryption occurs between original source

and final destination

 need devices at each end with shared keys

Characteristics of

Link and End-to-End

Encryption

Placement of Encryption

 Can place encryption function at various layers in OSI Reference Model

 link encryption occurs at layers 1 or 2

 end-to-end can occur at layers 3, 4, 6, 7

 If move encryption toward higher layer

 less information is encrypted but is more

secure

 application layer encryption is more complex, with more entities and need more keys

Scope of Encryption

Traffic Analysis

 When using end-to-end encryption,

must leave headers in clear so network can correctly route information

 Hence although contents are protected, traffic patterns are not protected

 Ideally both are desired

 end-to-end protects data contents over

entire path and provides authentication

 link protects traffic flows from monitoring

Key Distribution

 Symmetric schemes require both parties to share a common secret key

 Need to securely distribute this key

 If key is compromised during

distribution, all communications

between two parties are

compromised

Key Distribution Schemes

 Various key distribution schemes for two parties

 A can select key and physically deliver to B

 third party C can select and deliver key to A and B

 if A and B have shared a key previously, can use previous key to encrypt a new key

 if A and B have secure communications with third party C, C can relay key between A and B

Key Distribution Scenario

Key Distribution Issues

 Hierarchies of KDC’s are required for

large networks, but must trust each other

 Session key lifetimes should be limited for greater security

 Use of automatic key distribution on

behalf of users, but must trust system

 Use of decentralized key distribution

 Controlling purposes keys are used for

Summary of

Symmetric Encryption

 Traditional symmetric cryptography

uses one key shared by both sender

and receiver

 If this key is disclosed,

communications are compromised

 Symmetric because parties are equal

 Provide confidentiality, but does not provide non-repudiation

Insufficiencies with

Symmetric Encryption

 Symmetric encryption is not enough

to address two key issues

 key distribution – how to have secure

communications in general without

having to trust a KDC with your key?

 digital signatures – how to verify that

a received message really comes from the claimed sender?

How Asymmetric Encryption

Works

 Asymmetric encryption uses two keys

that are related to each other

 a public key, which may be known to

anybody, is used to encrypt messages, and

verify signatures

 a private key, known only to the owner, is

used to decrypt messages encrypted by the matching public key, and create signatures

 the key used to encrypt messages or verify signatures cannot decrypt messages or

create signatures

Asymmetric Encryption for Confidentiality

Asymmetric Encryption for Authentication

Applications for Asymmetric

 Digital signature: sender “signs” a

message with its private key

 Key exchange: two sides exchange

a session key

Security of Asymmetric

Encryption

 Like symmetric schemes brute-force exhaustive search attack is always theoretically possible, but keys used are too large (>512bits)

 Not more secure than symmetric encryption,

dependent on size of key

 Security relies on a large enough difference in difficulty between easy (en/decrypt) and hard

(cryptanalyse) problems

 Generally the hard problem is known, just made too hard to do in practice

 Require using very large numbers, so is slow

compared to symmetric schemes

 Invented by Rivest, Shamir & Adleman of MIT in

1977

 Best known and widely used public-key scheme

 Based on exponentiation in a finite (Galois) field over integers modulo a prime

 exponentiation takes O((log n)3) operations (easy)

 Use large integers (e.g 1024 bits)

 Security due to cost of factoring large numbers

 factorization takes O(e log n log log n) operations (hard)

RSA Key Setup

 Each user generates a public/private key pair by

 select two large primes at random: p, q

 compute their system modulus n=p·q

 note ø(n)=(p-1)(q-1)

 select at random the encryption key e

 where 1<e<ø(n), gcd(e,ø(n))=1

 solve following equation to find decryption key d

 e·d=1 mod ø(n) and 0≤d≤n

 publish their public encryption key: KU= {e,n}

 keep secret private decryption key: KR= {d,n}

RSA Usage

 To encrypt a message M:

 sender obtains public key of receiver

KU={e,n}

 computes: C=Me mod n, where 0≤M<n

 To decrypt the ciphertext C:

 receiver uses its private key KR={d,n}

 computes: M=Cd mod n

 Message M must be smaller than the modulus n (cut into blocks if needed)

Why RSA Works

 carefully chosen e and d to be inverses mod ø(n)

 hence e·d=1+k·ø(n) for some k

 Hence :

Cd = (Me)d = M1+k·ø(n) = M1·(Mø(n))k = M1·(1)k

= M1 = M mod n

RSA Example: Computing

6. Publish public key KU={7,187}

7. Keep secret private key KR={23,187}

 Use a property of modular arithmetic

[(a mod n)(b mod n)]mod n = (ab)mod n

 Use the Square and Multiply Algorithm to multiply the ones that are needed to

compute the result

 Look at binary representation of exponent

 Only take O(log2 n) multiples for number n

 e.g 75 = 74·71 = 3·7 = 10 (mod 11)

 e.g 3129 = 3128·31 = 5·3 = 4 (mod 11)

RSA Key Generation

 Users of RSA must:

 determine two primes at random - p,q

 select either e or d and compute the other

 Primes p,q must not be easily derived from modulus n=p·q

 means p,q must be sufficiently large

 typically guess and use probabilistic test

 Exponents e, d are multiplicative

inverses, so use Inverse algorithm to compute the other

Security of RSA

 brute force key search (infeasible

given size of numbers)

 mathematical attacks (based on

difficulty of computing ø(n), by

factoring modulus n)

 timing attacks (on running of

decryption)

Factoring Problem

 Mathematical approach takes 3 forms:

 Currently believe all equivalent to factoring

to “Special Number Field Sieve”

Timing Attacks

 Developed in mid-1990’s

 Exploit timing variations in operations

 e.g multiplying by small vs large number

 Infer operand size based on time taken

 RSA exploits time taken in

exponentiation

 Countermeasures

 use constant exponentiation time

 add random delays

 blind values used in calculations