CSCE 790 - Ontology Development Lecture 1 - Overview CSCE 790C June 3, 2013 Parmenides.
CSCE 790: Computer Network Security
description
Transcript of CSCE 790: Computer Network Security
9/11/2003 2
Key Management
Asymmetric encryption helps address key distribution problems
Two aspects distribution of public keys use of public-key encryption to
distribute secret keys
9/11/2003 3
Distribution of Public Keys
Four alternatives of public key distribution Public announcement Publicly available directory Public-key authority Public-key certificates
9/11/2003 4
Public Announcement Users distribute public keys to
recipients or broadcast to community at large eg. append PGP keys to email messages
or post to news groups or email list Major weakness is forgery
anyone can create a key claiming to be someone else and broadcast it
can masquerade as claimed user before forgery is discovered
9/11/2003 5
Publicly Available Directory Achieve greater security by registering
keys with a public directory Directory must be trusted with
properties: contains {name,public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically
Still vulnerable to tampering or forgery
9/11/2003 6
Public-Key Authority Improve security by tightening control
over distribution of keys from directory Has properties of directory Require users to know public key for the
directory Users can interact with directory to
obtain any desired public key securely require real-time access to directory when
keys are needed
9/11/2003 7
Public-Key Authority
9/11/2003 8
Public-Key Certificates Certificates allow key exchange without
real-time access to public-key authority A certificate binds identity to public
key usually with other info such as period of
validity, authorized rights, etc With all contents signed by a trusted
Public-Key or Certificate Authority (CA) Can be verified by anyone who knows
the CA’s public key
9/11/2003 9
Public-Key Certificates
9/11/2003 10
Distribute Secret KeysUsing Asymmetric Encryption
Can use previous methods to obtain public key of other party
Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow
So usually want to use symmetric encryption to protect message contents
Can use asymmetric encryption to set up a session key
9/11/2003 11
Simple Secret Key Distribution Proposed by Merkle in 1979
A generates a new temporary public key pair A sends B the public key and A’s identity B generates a session key Ks and sends
encrypted Ks (using A’s public key) to A A decrypts message to recover Ks and both use
9/11/2003 12
Problem with Simple Secret Key Distribution
An adversary can intercept and impersonate both parties of protocol
A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B
Adversary E intercepts this message and sends KUe || IDa to B
B generates a session key Ks and sends encrypted Ks (using E’s public key)
E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A
A decrypts message to recover Ks and both A and B unaware of existence of E
9/11/2003 13
Distribute Secret KeysUsing Asymmetric Encryption if A and B have securely exchanged public-keys
9/11/2003 14
Diffie-Hellman Key Exchange
First public-key type scheme proposed
By Diffie and Hellman in 1976 along with advent of public key concepts
A practical method for public exchange of secret key
Used in a number of commercial products
9/11/2003 15
Diffie-Hellman Key Exchange Use to set up a secret key that can be used for
symmetric encryption cannot be used to exchange an arbitrary message
Value of key depends on the participants (and their private and public key information)
Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
9/11/2003 16
Primitive Roots From Euler’s theorem: aø(n) mod n=1 Consider am mod n=1, GCD(a,n)=1
must exist for m= ø(n) but may be smaller once powers reach m, cycle will repeat
If smallest is m= ø(n) then a is called a primitive root
if p is prime, then successive powers of a “generate” the group mod p
Not every integer has primitive roots
9/11/2003 17
Primitive Root Example: Power of Integers Modulo 19
9/11/2003 18
Discrete Logarithms Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p Namely find x where ax = b mod p Written as x=loga b mod p or x=inda,p(b) If a is a primitive root then always exists,
otherwise may not 3x = 4 mod 13 has no answer 2x = 3 mod 13 has an answer 4
while exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
9/11/2003 19
Diffie-Hellman Setup
All users agree on global parameters large prime integer or polynomial q α a primitive root mod q
Each user (eg. A) generates its key choose a secret key (number): xA < q
compute its public key: yA = αxA mod q
Each user publishes its public key
9/11/2003 20
Diffie-Hellman Key Exchange Shared session key for users A and B is
KAB: KAB = α
xA.xB mod q
= yA
xB mod q (which B can compute)
= yB
xA mod q (which A can compute) KAB is used as session key in symmetric
encryption scheme between A and B Attacker needs xA or xB, which requires
solving discrete log
9/11/2003 21
Diffie-Hellman Example Given Alice and Bob who wish to swap keys Agree on prime q=353 and α=3 Select random secret keys:
A chooses xA=97, B chooses xB=233 Compute public keys:
yA=397 mod 353 = 40 (Alice)
yB=3233 mod 353 = 248 (Bob)
Compute shared session key as:KAB= yB
xA mod 353 = 24897 = 160 (Alice)
KAB= yA
xB mod 353 = 40233 = 160 (Bob)
9/11/2003 22
Next Class
Hashing functions Message digests Read Chapters 11 and 12