Network security
Foundations:
Copyright By PowCoder代写 加微信 powcoder
what is security?
cryptography
authentication
message integrity
Digital signatures
key distribution and certification
Security in practice:
secure e-mail system
Assignment #2: RSA with cipher block chaining
Insecure medium
Network Security
Network Entities: Friends and Enemies
well-known in network security world
Bob, Alice want to communicate ‘securely’
Trudy, the intruder may intercept, delete, add messages
Routers – exchange tables
Email applications – exchange secure emails Client-server – establish secure transport connection
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION
1 Secrecy: only sender, intended receiver should understand message contents
Authentication: sender, receiver want to confirm identity of each other
Message Integrity: sender, receiver want to be sure message did not get altered (in transit), or get altered without detection
sender encrypts messages receiver decrypts messages
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION
4 Operational Security:
communication can occur in the first place
Prevent Denial-of-Service attacks (DoS)
ensures network entities can gain access to resources if they have access rights and perform accesses in a well-defined manner
Firewall – controls packet access to and from the network by regulating which packet can pass into and out of the network
symmetric key crypto: sender, receiver keys are identical public-key crypto: encrypt key public, decrypt key secret
The language of cryptography
plaintext KA
ciphertext
KB plaintext
Figure 7.3 goes here
From Alice to Bob: (SENDER)
Public key systems: 1 key: known to the world
other key: known only by Alice or Bob (but not both)
Key: KA Plaintext
Encryption Algorithm
Ciphertext:
Message: m
Bob’s side: (RECEIVER)
Encrypted Message: KA
Decryption Algorithm
Plaintext: m
Cryptography
Symmetric key systems: KA=KB, kept secret
Symmetric Key
substitution cipher: substituting one thing for another
1. Ceasar cipher: pick a letter in the plain text, then substitute it with another letter that is k letters later (allowing wrap around).
k=3 (offset)
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: defghijklmnopqrstuvwxyzabc
Plaintext: bob, i love you. alice
ciphertext: ere, l oryh brx. dolfh
25 possible key values
Encryption key: mapping from a set of 26 letters to another set of 26 letters
Security 8-11
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Symmetric Key
substitution cipher: substituting one thing for another 2. Monoalphabetic cipher: substitute one letter for
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
26! (in the order 1026) possible pairings of values
Encryption key: mapping from set of 26 letters to set of 26 letters
Security 8-12
Symmetric Key
substitution cipher: substituting one thing for another 2. Monoalphabetic cipher: substitute one letter for
26! (in the order 1026) possible pairings of values
Knowledge about the language being used and some statistical analysis can help in reducing the efforts in breaking the code.
• Frequently occurring groups of letters: {in, it, the, ion, ing, etc. }
• Frequently occurring letters: (letter e and t account for 13% and 9%
of letter occurrences in the English language)
• Knowledge of people/place/context involved in the exchange of ciphertext: {Bob,Alice,etc.}
Security 8-13
Symmetric Key
substitution cipher: substituting one thing for another
3. Polyalphabetic cipher: apply multiple monoalphabetic
ciphers, according to some cyclic pattern
1. Use n monoalphabetic ciphers, M1,M2,…,Mn 2. cyclicpattern:
• e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..
Use a specific monoalphabetic cipher to encode a
letter in a specific position in the plaintext message.
• bob: b apply M1, o apply M3, b apply M4
Encryption key: n substitution ciphers, and cyclic pattern
Security 8-14
Use n monoalphabetic ciphers: 2 Ceasar ciphers(k=5, k=19) cyclic pattern: C1,C2,C2,C1,C2
Symmetric Key
Polyalphabetic cipher: apply multiple monoalphabetic ciphers, according to some cyclic pattern
C1 plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: fghijklmnopqrstuvwxyzabcde
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: tuvwxyzabcdefghijklmnopqrs
Plaintext: bob, i love you.
ciphertext: ghu, n etox dhz.
Security 8-15
Modern Techniques
Block Cipher
Block cipher is used in PGP (for secure e- mail), TLS (for securing TCP connections), and IPsec (for securing the network-layer transport)
Symmetric Key
Block cipher: the message is encrypted in blocks of k bits. k-bit block of clear text => k-bit block of cipher text
Original Message 3-bit blocks
010110001111 010 110 001 111
Encrypted form 101 000 111 001
Block Cipher
2^3 = 8 possible table entries
Even for moderate values of k, (e.g. k=64), the number of possible mappings is already astronomical! – a robust scheme
8! = 40,320 possible permutations
However, to implement, maintaining a table with (2^64) is an infeasible task
Brute force attack requires examining 40,320 possible mappings
Solution: use functions that simulate randomly permuted tables (e.g. 3DES)
Symmetric Key
Block cipher: the message is encrypted in blocks of k bits.
In general, given k bits, there are (2^k)! possible mappings
k=64 => (2^64)! factorial
key-dependent table
output chunk
Publicly known
Symmetric Key
Block Cipher use functions that simulate randomly permuted tables
Block cipher: the message is encrypted in blocks of k bits.
After n cycles, a 64-bit block of ciphertext is produced Modern block ciphers: DES (Data Encryption Standard), 3DES, AES
AES: Advanced Encryption Standard
new (Nov. 2001) symmetric-key NIST standard, replacing DES (64-bit blocks, 56-bit
TOP SECRET information will require use of either the 192 or 256 key lengths.
processes data in 128 bit blocks
128, 192, or 256 bit keys
The keys determine the mini-table mappings and
permutations within the algorithm’s internals
Assuming that one can break DES in one second (trying 2^56 keys in one second)), then, trying 2^128 keys requires would take 149 trillion years for AES
Network Security
Block Cipher
Brute force attack requires examining 40,320 possible mappings
plaintext = 010 010 010 ciphertext = 101 101 101
Symmetric Key
Block cipher: the message is encrypted in blocks of k bits.
Identical plaintext blocks produce the same ciphertext blocks
Modern Techniques
• Avoid generating the same ciphertext for identical plaintext blocks
Let us consider the following definitions:
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
m(i) = ith plaintext block
c(i) = ith ciphertext block
a ⊕ b = XOR of two bit strings
Ks= block-cipher encryption algorithm with key S.
plaintext = 010 010 010
m(1) m(2) m(3)
plaintext block
c(i) = ith ciphertext block
a ⊕ b = XOR of two bit strings
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
To encrypt: XOR, Ks( )
m(i) = ith plaintext block
Ks= block-cipher encryption algorithm with key S.
plaintext = 010 010 010
Step 1. Generate a random k-bit number r(i) for each block i. r(i) = random number to be used by ith ciphertext block
m(1) m(2) m(3)
r(1)=001 r(2)=111
To encrypt: XOR, Ks( )
m(i) = ith plaintext block
c(i) = ith ciphertext block
a ⊕ b = XOR of two bit strings
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
Ks= block-cipher encryption algorithm with key S.
plaintext = 010 010 010
Step 1. Generate a random k-bit number r(i) for each block i. r(i) = random number to be used by ith ciphertext block
m(1) m(2) m(3)
Step 2. Calculate the ciphertext for each block i. c(i) = Ks (m(i) ⊕ r(i) )
c(1)=Ks (m(1) ⊕ r(1) )= Ks (010 ⊕ 001 )= Ks (011) = 100
r(2)=111 r(3)=100
To encrypt: XOR, Ks( )
Example: k=3
m(i) = ith plaintext block
c(i) = ith ciphertext block
a ⊕ b = XOR of two bit strings
plaintext = 010 010 010
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
Ks= block-cipher encryption algorithm with key S.
Step 1. Generate a random k-bit number r(i) for each block i. r(i) = random number to be used by ith ciphertext block
m(1) m(2) m(3) r(1)=001
Step 2. Calculate the ciphertext for each block i.
c(i) = Ks (m(i) ⊕ r(i) ) Note: random numbers are sent in cleartext c(2)=010
Step 3. Send c(1), r(1), c(2), r(2), … 100, 001, 010, 111, 000, 100
c(1)=100 r(2)=111r(3)=100
100, 001, 010, 111, 000, 100
Apply Ks (c(i)) to each ciphertext c(i)
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
To decrypt: Ks( ) , XOR
Step 1. Given c(1), r(1), c(2), r(2), …
Ks (100), 001, Ks (010), 111, Ks (000), 100
m(1) m(2) m(3)
c(1) r(1) c(2) r(2) c(3)
plaintext = 010 010 010
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
To decrypt: Ks( ) , XOR
Step 1. Given c(1), r(1), c(2), r(2), …
Apply Ks (c(i)) to each ciphertext c(i)
Ks (100), 001, Ks (010), 111, Ks (000), 100
Ks (100)=011 Ks (010)=101 Ks (000)=110
plaintext = 010 010 010
In this simple example, we use the table to perform the decryption step
m(1) m(2) m(3)
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
To decrypt: Ks( ) , XOR
Step 1. Given c(1), r(1), c(2), r(2), …
Apply Ks (c(i)) to each ciphertext c(i)
Ks (100), 001, Ks (010), 111, Ks (000), 100
Ks (100)=011, Ks (010)=101, Ks (000)=110 Step 2. 𝐦 𝐢 Ks(c(i)) ⊕ r(i)
plaintext = 010 010 010
m(1) = Ks (100) ⊕ 001
m(2) = Ks (010) ⊕ 111
m(3) = Ks (000) ⊕ 100
m(1) m(2) m(3)
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
To decrypt: Ks( ) , XOR
Step 1. Given c(1), r(1), c(2), r(2), …
Apply Ks (c(i)) to each ciphertext c(i)
Ks (100), 001, Ks (010), 111, Ks (000), 100
Ks (100)=011, Ks (010)=101, Step 2. 𝐦 𝐢 Ks(c(i)) ⊕ r(i)
Ks (000)=110
plaintext = 010 010 010
m(1) = Ks (100) ⊕ 001 = 010
m(2) = Ks (010) ⊕ 111= 010
m(3) = Ks (000) ⊕ 100= 010
011 xor 001
m(1) m(2) m(3)
Symmetric Key
Avoid generating the same ciphertext for identical plaintext blocks
Block cipher + rand number: the message is encrypted in blocks of k bits XOR random number.
Step 1. Generate a random k-bit number r(i) for each block i. r(i) = random number to be used by ith ciphertext block
Step 2. Calculate the ciphertext for each block i. c(i) = Ks (m(i) ⊕ r(i) )
Step 3. Send c(1), r(1), c(2), r(2), … Drawbacks
Due to the required sending of r(i)s, the sender must transmit twice as many bits as the number of cipher bits, doubling the required bandwidth.
Modern Techniques
• Avoid generating the same ciphertext for identical plaintext blocks
• Avoid sending twice the number of ciphertext bits by applying a formula to calculate the sequence of random numbers automatically, except for the very first random number.
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
To encrypt: XOR, Ks( )
m(i) = ith plaintext block
c(i) = ith ciphertext block
a ⊕ b = XOR of two bit strings
Ks= block-cipher encryption algorithm with key S c(0) = IV (Initialisation Vector) = random k-bit string
plaintext = 010 010 010
Step 1. Generate a random k-bit number, store as IV and c(0). c(0) = IV = random number to be used by 1st ciphertext block
r(1)=c(0)= IV r(2)=c(1)
Step 2. Calculate the ciphertext for block 1.
c(1) = Ks (m(1) ⊕ c(0) ) c(i) = Ks ( m(i) ⊕ c(i-1) )
m(1) m(2) m(3)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(0) = IV = random number to be used by 1st ciphertext block
Step 2. Calculate the ciphertext for block 1. c(1) = Ks (m(1) ⊕ c(0) )
plaintext = 010 010 010
Step 3. Calculate the remaining ciphertext for block i.
r(1)=c(0)= IV
c(i) = Ks (m(i) ⊕ c(i-1) )
r(2)=c(1) r(3)=c(2)
m(1) m(2) m(3)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(0) = IV = r0a0n1dom number to be used by 1st ciphertext block
plaintext = 010 010 010
r(1)=c(0)= IV
m(1) m(2) m(3)
r(2)=c(1) r(3)=c(2)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(0) = IV = r0a0n1dom number to be used by 1st ciphertext block
Step 2. Calculate the ciphertext for block 1.
c(1) = Ks (m(1) ⊕ c(0) ) = Ks (010 ⊕ 001 ) =100
plaintext = 010 010 010
010 xor 001
r(1)=c(0)= IV
011 Ks(011)=100
r(2)=c(1) r(3)=c(2)
m(1) m(2) m(3)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(0) = IV = r0a0n1dom number to be used by 1st ciphertext block
Step 2. Calculate the ciphertext for block 1.
c(1) = Ks (m(1) ⊕ c(0) ) = Ks (010 ⊕ 001 ) =100
plaintext = 010 010 010
Step 3. Calculate the remaining ciphertext for 010 block i. c(i) = Ks (m(i) ⊕ c(i-1) ) xor 100
r(1)=c(0)= IV
c(i2))==KKs(m(0(1i)0⊕⊕c(1i-010) ) = 000 110 ss
K (110)=000 r(3)=c(2)
m(1) m(2) m(3)
c(0) = IV = 001
Step 2. Calculate the ciphertext for block 1.
plaintext = 010 010 010
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(1) = Ks (m(1) ⊕ c(0) ) = Ks (010 ⊕ 001 ) =100 Step 3. Calculate the remaining ciphertext for
m(1) m(2) m(3)
c(2) = Ks (010 ⊕ 100 ) = 000 c(3) = Ks (010 ⊕ 000 ) = 101
r(1)=c(0)=IV r(2)=c(1)
c(0) = IV = 001
Step 2. Calculate the ciphertext for block 1.
plaintext = 010 010 010
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Step 1. Generate a random k-bit number, and
store as the Initialisation Vector (IV) and c(0).
c(1) = Ks (m(1) ⊕ c(0) ) = Ks (010 ⊕ 001 ) =100
Step 3. Calculate the remaining ciphertext for block i.
m(1) m(2) m(3)
Initialisation Vector
c(2) = Ks (010 ⊕ 100 ) = 000 c(3) = Ks (010 ⊕ 000 ) = 101
r(1)=c(0)=IV r(2)=c(1)
Step 4. Send c(0),c(1),c(2),c(3)=001,100,000,101
plaintext = 010 010 010
The encrypted message (ciphertext) doesn’t have any repeating pattern.
Initialisation Vector
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To encrypt: XOR, Ks( )
Message to send: c(0),c(1),c(2),c(3)=001,100,000,101
m(1) m(2) m(3)
Cipher Block Chaining (CBC):
Example: To decrypt: Ks( ) , XOR
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Step 1. Given c(0),c(1),c(2),c(3),…
For each ciphertext block, calculate Ks (c(i)), starting
Given c(0),c(1),c(2),c(3)=001,100,000,101
Ks (c(1))= Ks (100)=011
m(1) m(2) m(3)
c(1) c(2) c(3)
plaintext = 010 010 010
r(1)=c(0)=IV r(2)=c(1)
Example: To decrypt: Ks( ) , XOR
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Step 1. Given c(0),c(1),c(2),c(3),…
For each ciphertext block, calculate Ks (c(i)), starting
Given c(0),c(1),c(2),c(3)=001,100,000,101
Ks (c(1))= Ks (100)=011
Ks (c(2))= Ks (000)=110
m(1) m(2) m(3)
c(1) c(2) c(3)
Ks (c(3))= Ks (101)=010
r(1)=c(0)=IV r(2)=c(1)
plaintext = 010 010 010
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To decrypt: Ks( ) , XOR
Step 1. Given c(0),c(1),c(2),c(3),…
For each ciphertext block, calculate Ks (c(i)), starting
Given c(0),c(1),c(2),c(3)=001,100,000,101
Ks (c(1))= Ks(100)=011 Ks(c(2))=110 Ks(c(3))=010
plaintext = 010 010 010
Step 2. For each ciphertext block, calculate m(i)=Ks(c(i)) ⊕ r(i) m(1)=Ks(c(1)) ⊕ r(1) = 011 ⊕ 001=010
m(1) m(2) m(3)
011 xor 001 010
r(1)=c(0)=IV r(2)=c(1)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To decrypt: Ks( ) , XOR
Step 1. Given c(0),c(1),c(2),c(3),…
For each ciphertext block, calculate Ks (c(i)), starting
Given c(0),c(1),c(2),c(3)=001,100,000,101
Ks (c(1))= Ks(100)=011 Ks(c(2))=110 Ks(c(3))=010
plaintext = 010 010 010
Step 2. For each ciphertext block, calculate m(i)=Ks(c(i)) ⊕ r(i) m(1)=Ks(c(1)) ⊕ r(1) = 011 ⊕ 001=010
m(1) m(2) m(3)
m(2)=Ks(c(2)) ⊕ r(2) = 110 ⊕ 100=010 110 xor 100 010
r(1)=c(0)=IV r(2)=c(1)
Symmetric Key
Avoid sending twice the number of ciphertext bits
Cipher Block Chaining (CBC): the message is encrypted in blocks of k bits XOR random number.
Example: To decrypt: Ks( ) , XOR
Step 1. Given c(0),c(1),c(2),c(3),…
For each ciphertext block, calculate Ks (c(i)), starting
Given c(0),c(1),c(2),c(3)=001,100,000,101
Ks (c(1))= Ks(100)=011 Ks(c(2))=110 Ks(c(3))=010
plaintext = 010 010 010
Step 2. For each ciphertext block, calculate m(i)=Ks(c(i))
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com