SEHH2238: Computer Networking
Lecture 10 Introduction to Network Security
Textbook: Ch. 31
SEHH2238 Lecture 10 1
Copyright By PowCoder代写 加微信 powcoder
SEHH2238: Computer Networking
Security Goal (31.1) Cryptography (31.2)
Security Aspects (31.3)
Message Integrity (31.3.1)
Message Authentication (31.3.2)
Digital Signature (31.3.3)
Symmetric-Key Cryptography (31.2.1)
Asymmetric-key cryptography (31.2.2)
Monoalphabetic Substitution
Polyalphabetic Substitution
Transpositional Encryption
Requirements for Public Key
Main Topics
SEHH2238 Lecture 10 2
SEHH2238: Computer Networking
A. Security Goals
Information needs to be secured from attacks.
To be secured, information needs to be
hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity),
available to an authorized entity when it is needed (availability).
SEHH2238 Lecture 10 3
SEHH2238: Computer Networking
Figure 31.1: Taxonomy of attacks with relation to security goals SEHH2238 Lecture 10
SEHH2238: Computer Networking
B. Cryptography
Network security is mostly achieved through the use of cryptography.
Cryptography is the science of transforming messages to make them secure and immune to attack.
Aim Confidentiality Integrity Authentication
SEHH2238 Lecture 10 5
SEHH2238: Computer Networking
Concept of Encryption and Decryption
Ke is the encryption key
Kd is the decryption key
SEHH2238 Lecture 10 6
SEHH2238: Computer Networking
Encryption/Decryption Methods
• In traditional encryption (symmetric), the encrypting algorithm is known to everyone but the key is secret except to the sender and receiver
• In public key encryption (asymmetric), both the encrypting algorithm and the encryption key are known to everyone but the decryption key is known only to the receiver
SEHH2238 Lecture 10 7
SEHH2238: Computer Networking
Comparison
The same key is used
Different keys are used
SEHH2238 Lecture 10 8
SEHH2238: Computer Networking
I. Symmetric-Key Cryptography
— The same key (called shared key) is used by the sender (for encryption) and the receiver (for decryption)
— e.g. the methods in the following slides
— Each pair of users must have a unique symmetric key
SEHH2238 Lecture 10 9
SEHH2238: Computer Networking
Traditional Ciphers (Symmetric-Key)
Figure 30.7
SEHH2238 Lecture 10 10
SEHH2238: Computer Networking
1. Monoalphabetic Substitution
• Map every alphabet to another (unique) alphabet. OR • Shift the plaintext alphabet by n places (n is the key)
• In monoalphabetic substitution, the relationship between a character in the plaintext to the character in the ciphertext is always one-to-one.
SEHH2238 Lecture 10 11
SEHH2238: Computer Networking
Example of monoalphabetic substitution
— can be attacked easily
— cannot hide natural frequencies of characters
SEHH2238 Lecture 10 12
SEHH2238: Computer Networking
2. Polyalphabetic Substitution
Use different monoalphabetic substitutions as one proceeds through the plaintext message.
e.g. use the position of the character in the text as the key (of substitution).
e.g. define a table which maps every plaintext
alphabet to a ciphertext alphabet.
SEHH2238 Lecture 10 13
SEHH2238: Computer Networking
According to this table, A is encrypted as W if it is in position 0 and as M if it is in position 25.
SEHH2238 Lecture 10 14
SEHH2238: Computer Networking
3. Transpositional Encryption
Re-order the positions of the characters in the plaintext
e.g. Organize the plaintext into a table of n columns (n is
the key length)
The columns are interchanged according to the key, which is a series of numbers
After exchanging the columns, the “encrypted” data is outputted “row by row”
e.g. The key in the following slide is 6,9,3,10,5,1,2,4,8,7,11 (andthekeylengthis11)
Means column 1 becomes column 6,
column 2 becomes column 9 and so on
SEHH2238 Lecture 10 15
SEHH2238: Computer Networking
Transpositional Encryption
SEHH2238 Lecture 10 16
SEHH2238: Computer Networking
II. Asymmetric-key cryptography
It is also called Public Key Cryptography
Encryption uses the key E called public key, while decryption uses another key D called private key
i.e. encryption and decryption use different keys (this is an asymmetric method)
(Here E(P) represents the ciphertext formed by encrypting the plaintext P using the key E)
SEHH2238 Lecture 10 17
SEHH2238: Computer Networking
1. Requirements for Public Key
1) The encryption key (called public key) is made public, while the decryption key (called private key) is kept by the user securely
2) D(E(P)) = P ,i.e. using D to decrypt a ciphertext message which is encrypted by E can get back the original message P
3) It is very, very difficult to deduce D from E
e.g. The RSA method
Each user creates a pair of keys (E & D), which can be used to communicate with any other users
SEHH2238 Lecture 10 18
SEHH2238: Computer Networking
Public-key cryptography
(Asymmetric-key cryptography)
Sender uses the receiver’s public key to encrypt the message
Receiver uses its own private key to decrypt the ciphertext SEHH2238 Lecture 10 19
SEHH2238: Computer Networking
2. RSA Cryptosystem
RSA is named for its inventors Rivest, Shamir, and Adleman.
SEHH2238 Lecture 10
P= Cd mod n
SEHH2238: Computer Networking
Selecting Key for RSA
Bob uses the following steps to select the private and public keys:
1. Chooses two very large prime numbers p and q.
2. GetnandΦbyn=pxqandΦ=(p-1)x(q-1)
3. Choose a random integer e and calculate d so that d x e mod Φ =1.
4. e and n are announced to the public; d and Φ are kept secret.
In RSA, e and n are announced to the public; d and Φ are kept secret.
SEHH2238 Lecture 10 21
SEHH2238: Computer Networking
Example 31.7
Encryption C =Pe (mod n)
Bob chooses 7 and 11 as p and q
andcalculates =7·11=77 =n.
The value of Φ = (7 − 1) (11 − 1) or 60.
Now he chooses two keys, e and d. If he chooses e to be 13,
then d is 37.
Now imagine Alice sends the plaintext 5 to Bob. She uses the public key 13 to encrypt 5.
Plaintext: 5
C=513 mod77 =26 Ciphertext: 26
SEHH2238 Lecture 10 22
37 x 13 mod 60 = 1
SEHH2238: Computer Networking
to decipher the ciphertext:
Decryption P=Cd (modn)
Example 31.7 (continued)
Bob receives the ciphertext 26 and uses the private key 37
Ciphertext: 26 P=2637 mod77=5 Plaintext: 5
The plaintext 5 sent by Alice is received as plaintext 5 by Bob. SEHH2238 Lecture 10 23
SEHH2238: Computer Networking
How many keys are needed?
N users in a network
a) Total number of keys?
b) Each user needs to know/store how many keys?
Symmetric-key System a) N(N-1)/2 b) N-1
Asymmetric-keySystem a) 2N b) N+1
SEHH2238 Lecture 10
SEHH2238: Computer Networking
C. Security Aspects
1. Message Integrity
There are occasions where we may not even need secrecy but instead must have integrity: the message should remain unchanged.
For example, Alice may write a will to distribute her estate upon her death. The will does not need to be encrypted. After her death, anyone can examine the will.
The integrity of the will, however, needs to be preserved. Alice does not want the contents of the will to be changed.
SEHH2238 Lecture 10
SEHH2238: Computer Networking
Message Digest
A miniature version (digest) of the message (like a fingerprint)
Created by a one-way hash function: the digest can only be created from the message, not vice versa
Common hash functions: MD5 and SHA-1
long short
SEHH2238 Lecture 10
SEHH2238: Computer Networking
Message and Digest for checking the Integrity
Figure 31.16
SEHH2238 Lecture 10
Insecurechannel
Channel immunetochange
SEHH2238: Computer Networking
2. Message Authentication
Means verifying the identity of a sender
One method called digital signature is
based on public key cryptography
To prevent a user from repudiating the message that he has sent
Additional Requirement: E(D(P)) = P
(Both encryption and decryption are just
transformation algorithms)
SEHH2238 Lecture 10 28
SEHH2238: Computer Networking
Signing the whole document
“signed document”
——————————————–
Sender uses its own private key to sign (/encrypt)
Receiver uses the sender’s public key to verify (/decrypt)
Digital signature does not provide privacy (i.e. secret of the
SEHH2238 Lecture 10 29
Figure 31.11
SEHH2238: Computer Networking
Signing the Digest DigitalSignature-SigningtheDigestOnly
Sender site
SEHH2238 Lecture 10 30
SEHH2238: Computer Networking
Receiver site (verify)
SEHH2238 Lecture 10 31
SEHH2238: Computer Networking
3. Digital Signature together with Encryption
For user A, denote
EA = public key
DA = private key
EA (P) = encrypt message P using the key EA DA (P) = decrypt message P using the key DA
The encryption and decryption algorithms should have the property that
D(E(P)) = P E(D(P)) = P
SEHH2238 Lecture 10 32
SEHH2238: Computer Networking
Digital Signature together with Encryption
UserAsendsamessagePtouserBby transmitting EB (DA (P))
B decrypts the ciphertext using its own private key: DB (EB (DA (P))) = DA (P)
User B stores DA (P) in a safe place and then decrypts it (check A’s signature) using the public key EA of user A to get the original message P
Message Nonrepudiation
When A denies having sent the message P to B
User B can show both P and DA (P) as evidence (since DA (P) can only be produced by user A)
SEHH2238 Lecture 10 33
SEHH2238: Computer Networking
Cryptography Symmetric-Key Cryptography Asymmetric-key cryptography
Security Aspects Message Integrity Message Authentication Digital Signature
SEHH2238 Lecture 10 34
SEHH2238: Computer Networking
References
Video on Distributed Denial of Service (DDOS) Attacks
http://www.youtube.com/watch?v=NogCN78XN2w http://www.youtube.com/watch?v=SCcpauJp63c
Revision Quiz
http://highered.mheducation.com/sites/0073376221/stud
ent_view0/chapter31/quizzes.html
SEHH2238 Lecture 10 35
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com