Fundamentals of Security
description
Transcript of Fundamentals of Security
![Page 1: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/1.jpg)
04/22/23 1
Fundamentals of Security
![Page 2: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/2.jpg)
04/22/23 2
Security Attacks
Passive Attacks Active Attacks
![Page 3: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/3.jpg)
04/22/23 3
Passive Attacks
Interception (confidentiality)
![Page 4: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/4.jpg)
04/22/23 4
Interception
Release Of Message Contents Traffic Analysis
• learn sensitive information
•Determine the identity and location of the host
![Page 5: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/5.jpg)
04/22/23 5
Active Attacks
Interruption
(availability)
Modification
(integrity)
Fabrication
(authenticity)
![Page 6: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/6.jpg)
04/22/23 6
Modification (integrity)
Modify the contents of the message or a file. It is an attack on integrity
![Page 7: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/7.jpg)
04/22/23 7
Interruption (availability)
Try to break the system to make it out of service. It is an attack on Availability.
![Page 8: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/8.jpg)
04/22/23 8
Fabrication (Authenticity)
Insert messages into system or objects into files. Try to fool the system. It is attack on authenticity.
![Page 9: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/9.jpg)
04/22/23 9
Security Service
Confidentiality Authentication Integrity
Nonrepudiation Availability
![Page 10: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/10.jpg)
04/22/23 10
Confidentiality
Is the protection of transmission from passive attacks
444-21-8888 444-21-8888
***-**-****
![Page 11: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/11.jpg)
04/22/23 11
Authentication
The authentication service assures that the recipient receives information from reliable
source.
I am friendOk-let us talk
![Page 12: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/12.jpg)
04/22/23 12
Integrity
Buy 1000 stocks
Buy 1000 stocks,
Buy 1000 stocks
Broker He/She
Make sure that the message is received as it is sent without modification, duplication,
insertion, reordering,or replay.
![Page 13: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/13.jpg)
04/22/23 13
Nonrepudiation
I am John, buy 1000 stocks
You are not john, I can’t do that.
Broker He/She
Nonrepudiation prevents either sender or receiver from denying a transaction.
![Page 14: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/14.jpg)
04/22/23 14
Availability
Protect against Denial Of Service attacks.
![Page 15: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/15.jpg)
04/22/23 15
Cryptography Definition
• A process associated with scrambling plaintext (ordinary text, or clear text) into cipher text (a process called encryption), then back again (known as decryption). Cryptography concerns itself with four objectives:
1. Confidentiality (the information cannot be understood by anyone for whom it was unintended)
2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected).
3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information).
4. Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information) Procedures and protocols that meet some or all of the above criteria are known as cryptosystems.
![Page 16: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/16.jpg)
04/22/23 16
Encryption Model
PlainText
Encryption Algorithm
Decryption Algorithm
PlainText
cryptanalyst
X
X’
K’
XY
Key Secure Channel
CipherText
![Page 17: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/17.jpg)
04/22/23 17
Cryptography Classification
Cryptographic systems are generally classified along three independent dimensions:
• The type of operation used for transforming plaintext to ciphertext:: all encryption algorithms are based on two general principles:
1. Substitution: in which each element in the plain text (bit, letter, group of bits or letters) is mapped into another elements.
2. Transposition: in which elements in the plaintext are rearranged.
The fundamental requirements that all operations must be reversible. Most system involves multiple stages of substitution and transposition.
• The number of keys used:
1. Symmetric: If both sender and receiver use the same key, the system referred to be symmetric, single-key, secret-key, or conventional encryption.
2. Asymmetric: if both sender and receiver each uses a different key, the system is referred to be as asymmetric, two-key, or public-key encryption.
• The way in which the plaintext is processed:
1. Block ciphering: processes the input one block of elements at a time, producing an output block for each input block.
2. Stream ciphering: processes the input elements continuously, producing output one elements at a time.
![Page 18: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/18.jpg)
04/22/23 18
Encryption techniques: Caesar Cipher
Substitution cipher:
Plain: meet me after the party
Cipher: PHHW PH DIWHU WKH SDUMB
C = E(p) = (p+3) % 26
p = D(C) = (C-3) % 26
![Page 19: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/19.jpg)
04/22/23 19
Encryption techniques: Caesar Cipher
Cryptanalysis :p = D(C) = (C-i) % 26Try all the different 25 keys.
![Page 20: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/20.jpg)
04/22/23 20
Encryption techniques: Mono-alphabetic Cipher
Substitution cipher:Plain:
a b c d e f g h I j k l m n o p q r s t u v w x y z
Cipher:
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
The cipher line could be any permutation of the 26 characters, so there are 26! Or greater
than 4 x 1026 Possible keys.
![Page 21: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/21.jpg)
04/22/23 21
Encryption techniques: Mono-alphabetic Cipher
Cryptanalysis
Construct a table of frequency of one, two etc letters in a very long English text. Construct another table of frequency of one, two etc letters based on the encrypted text. From the relationship of both tables we can figure out the encryption key.
![Page 22: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/22.jpg)
04/22/23 22
Encryption techniques: Hill Cipher
Substitution cipher:
The encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. The substitution is determined by m linear equations in which each character is assigned a numerical value determined by m linear equations in which each character is assigned a numerical value (a=0,b=1,….z=25). For m = 3, the system can be described as follows:
26mod)(
26mod)(
26mod)(
3332321313
3322221212
3132121111
pkpkpkC
pkpkpkC
pkpkpkC
![Page 23: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/23.jpg)
04/22/23 23
Encryption techniques: Hill Cipher
3
2
1
333231
232221
131211
3
2
1
ppp
kkkkkkkkk
CCC
PKPKCKCDP
KPPEC
k
k
11)(
)(
![Page 24: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/24.jpg)
04/22/23 24
Encryption Techniques
Secret Key Public Key
![Page 25: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/25.jpg)
04/22/23 25
Block Cipher Modes of Operations
•The Electronic Code Mode (ECB).
•The Cipher Block Chaining Mode (CBC).
•The Cipher Feedback Mode (CFB).
•The Output Feedback Mode (OFB)
•The Counter Mode (CTR).
![Page 26: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/26.jpg)
04/22/23 26
Electronic Code Mode (ECB)
)(
)(1
jkj
jkj
CCIPHP
PCIPHC
ECB Encryption:
ECB Decryption:
for j=1..n
for j=1..n
PLAINTEXT
OUTPUT BLOCK
INPUT BLOCK
CIPHk
CIPHERTEXT
CIPHERTEXT
OUTPUT BLOCK
INPUT BLOCK
CIPH-1k
PLAINTEXT
ECB Encryption ECB Decryption
![Page 27: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/27.jpg)
04/22/23 27
Cipher Block Chaining Mode (CBC)PLAINTEXT1
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
CIPHERTEXT1
CIPHERTEXT1
OUTPUT BLOCK1
INPUT BLOCK1
CIPH-1k
PLAINTEXT1
+ECB
Encryption
ECB
Decryption
PLAINTEXT2
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
CIPHERTEXT2
CIPHERTEXT2
+
PLAINTEXTn
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
CIPHERTEXTn
CIPHERTEXTn
+
IV
IV
+
OUTPUT BLOCK2
INPUT BLOCK2
CIPH-1k
PLAINTEXT2
+
OUTPUT BLOCKn
INPUT BLOCKn
CIPH-1k
PLAINTEXTn
+
![Page 28: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/28.jpg)
04/22/23 28
Cipher Block Chaining Mode (CBC) (continue)
11
11
1
1
11
)(
)(
)(
)(
jjkj
k
jjkj
k
CCCIPHP
IVCCIPHP
CPCIPHC
IVPCIPHCCBC Encryption:
CBC Decryption:
for j=1..n
for j=1..n
Initial Vector (IV):•Need not be secret.•It should be generated for each encryption/decryption operation.•Must be available for each party in the communication.•It is very difficult to generate IV from the plaintext.
![Page 29: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/29.jpg)
04/22/23 29
Output Feedback Mode (OFB)
IV
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
CIPHERTEXT1
IV
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
PLAINTEXT1
ECB
Encryption
ECB
Decryption
+
+
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
CIPHERTEXT2
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
PLAINTEXT2
+
+
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
CIPHERTEXTn
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
PLAINTEXTn
+
+
PLAUNTEXT1 PLAUNTEXT2 Plaintextn
![Page 30: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/30.jpg)
04/22/23 30
Output Feedback Mode (OFB)-Encryption
)(
)(
1
1
nunn
jjj
jkj
jj
OMSBPC
OPC
ICIPHO
OI
IVI
for j=2,….n
for j=1,2…..n-1
for j=1,2…..n-1
![Page 31: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/31.jpg)
04/22/23 31
Output Feedback Mode (OFB)-Decryption
)(
)(
1
1
nunn
jjj
jkj
jj
OMSBCP
OCP
ICIPHO
OI
IVI
for j=2,….n
for j=1,2…..n-1
for j=1,2…..n-1
![Page 32: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/32.jpg)
04/22/23 32
Cipher Feedback Mode (CFB)
IV
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
INPUT BLOCK1
CIPHk
CIPHERTEXT1S bits
IV
INPUT BLOCK1
CIPHk
PLAINTEXT1S bits
ECB
Encryption
ECB
Decryption
+
+
PLAUNTEXT1S bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
INPUT BLOCK(b-s)bits|sbits
CIPHk
INPUT BLOCKn(b-s)bits|sbits
CIPHk
PLAINTEXT1S bits
+
+
PLAUNTEXT1S bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
CIPHERTEXT1S bits
![Page 33: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/33.jpg)
04/22/23 33
Cipher Feedback Mode (OFB)-Encryption
#
#
##
#11
1
)(
)(
|)(
j
j
jsjj
jkj
jjsbj
P
C
OMSBPC
ICIPHO
CILSBI
IVI
for j=2,….n
for j=1,2…..n
for j=1,2…..n
Ciphertext segment consists of s bits
Plaintext segment consists of s bits
![Page 34: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/34.jpg)
04/22/23 34
Cipher Feedback Mode (OFB)-Decryption
#
#
##
#11
1
)(
)(
|)(
j
j
jsjj
jkj
jjsbj
P
C
OMSBCP
ICIPHO
CILSBI
IVI
for j=2,….n
for j=1,2…..n
for j=1,2…..n
Ciphertext segment consists of s bits
Plaintext segment consists of s bits
![Page 35: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/35.jpg)
04/22/23 35
Counter Mode (CTR)
Counter1
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
CIPHERTEXT1
Counter1
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
PLAINTEXT1
ECB
Encryption
ECB
Decryption
+
+
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
CIPHERTEXT2
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
PLAINTEXT2
+
+
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
CIPHERTEXTn
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
PLAINTEXTn
+
+
PLAUNTEXT1 PLAUNTEXT2 Plaintextn
Counter2
Counter1Countern
Countern
![Page 36: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/36.jpg)
04/22/23 36
Counter Mode (CTR) (continue)
)(
)(
)(
)(
1
1
nnnn
jjj
jk
nnnn
jjj
jk
OMSBCP
OCP
TCIPHO
OMSBPC
OPC
TCIPHO
CTR Encryption:
CTR Decryption:
for j=1..n
for j=1..n-1
for j=1..n
for j=1..n-1
![Page 37: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/37.jpg)
04/22/23 37
Secret Key Data Encryption Standard (DES)
K (56 bits)
Plain DataE Cipher Data
Cipher DataD Plain Data
K (56 bits)
![Page 38: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/38.jpg)
04/22/23 38
K1 (56 bits)
Plain DataE
K2 (56 bits)
ECipher Data
K2 (56 bits)
D
K1 (56 bits)
D
Plain Data
Cipher Data
2DES
![Page 39: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/39.jpg)
04/22/23 39
K1 (56 bits)
Plain DataE
3DES
K2 (56 bits)
E E
K1 (56 bits)
Cipher Data
K1 (56 bits)
D
K2 (56 bits)
D D
K1 (56 bits)
Cipher Data
Plain Data
![Page 40: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/40.jpg)
04/22/23 40
Public Key RSA (Rivest- Chamir Adelman)
KU (Alice)
Bob’s Plain DataE Cipher Data
Cipher DataD Plain Data
KP (Alice)
![Page 41: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/41.jpg)
04/22/23 41
Authentication Techniques
Secret Key Public Key
![Page 42: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/42.jpg)
04/22/23 42
Authentication With Secret Key
K (Alice-Bob secret key)
Bob’s NameE Cipher Data
Cipher DataD
K (Alice-Bob-secret key) Bob’s Name
Bob
Alice
![Page 43: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/43.jpg)
04/22/23 43
Authentication With Public Key
KP (Bob’s Private Key)
Bob’s NameE Cipher Data
Cipher DataD
KU (Bob’s Public Key) Bob’s Name
Bob
Alice
![Page 44: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/44.jpg)
04/22/23 44
Integrity Hashing Algorithms
512 bit Blocks MD5
Message Digest of 128 bits
512 bit Blocks SHA-1
Message Digest of 160 bits
![Page 45: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/45.jpg)
04/22/23 45
Hash Function Requirements
H(x) = h x is any sizeh is fixed
![Page 46: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/46.jpg)
04/22/23 46
Hash Function Requirements (continue)
H is easy to implement
using hardware or software
![Page 47: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/47.jpg)
04/22/23 47
Hash Function Requirements (continue)
One way property : given h it is Computationally infeasible to find Xsuch that H(x) = h
![Page 48: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/48.jpg)
04/22/23 48
Hash Function Requirements (continue)
Week Collision Resistance : for anygiven x it is computationally infeasible to find y <> x withH(x) = H(y)
Strong Collision Resistance : for any given(x,y) it is computationallyinfeasible to find H(x) = H(y)for x<>y
![Page 49: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/49.jpg)
04/22/23 49
Hash Function Requirements (continue)
bit1 bit2 …. bitn
b11 b21 bn1
b21 b22 b2n
b1m b2m bnm
C1 C2 Cn
block1
block2
blockm
Ci = bi1 + bi2 + …….. bim
![Page 50: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/50.jpg)
04/22/23 50
Problem with simple hash function.
Doesn’t provide collision resistance
![Page 51: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/51.jpg)
04/22/23 51
IV = CV0 Fn
b
Y0
n
CV1
F
b
Y1
n F
b
Y L-1
nn
CV2 CV L-1
General Structure Of Secure Hash Function
IV = Initial ValueCV = Chaining ValueYi = ith input blockF = Compression FunctionL = Number of input blocksn = Number of Hash codeb = length input block
![Page 52: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/52.jpg)
04/22/23 52
Hash Function Summary
CV0 = IV = Initial ValueCVi = F(CVi-1,Yi-1) , 1=<i<= LH(M) = CVL
The compression function F has to be collision resistant, then the resultant iteration will have
more collision resistance.
![Page 53: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/53.jpg)
04/22/23 53
MAC
Authentication
HASH
![Page 54: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/54.jpg)
04/22/23 54
MAC Authentication
![Page 55: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/55.jpg)
04/22/23 55
Message Authentication Code (MAC)
MAC is an authentication technique involves using a shared secret key to generate a small fixed size block of
data known as cryptographic checksum
MAC = Ck(M)
![Page 56: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/56.jpg)
04/22/23 56
Message Authentication Code Based on DES
D1:64 bits
DES
64 bitO1
K
+
DES
64 bitO2
K
D2:64 bits
+
DES
64 bitOn
K
Dn:64 bits
DAC16-64 bitsDAC- Data Authentication Code
![Page 57: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/57.jpg)
04/22/23 57
Source
Destination
K
Ck
N
Y
Ck
Message Authentication
![Page 58: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/58.jpg)
04/22/23 58
Source
Destination
K1
Ck
N
Y
Message Authentication and confidentiality. Authentication tied to plain text
EK2
CkD
K2
![Page 59: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/59.jpg)
04/22/23 59
Source
Destination
K1
Ck
N
Y
Message Authentication and confidentiality. Authentication tied to plain text
K2
CkD
K2
E
![Page 60: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/60.jpg)
04/22/23 60
Source
Destination
K1
Ck
N
Y
Message Authentication and confidentiality. Authentication tied to cipher text
EK2
CkD
K2
![Page 61: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/61.jpg)
04/22/23 61
HASH Authentication
![Page 62: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/62.jpg)
04/22/23 62
K
Source
H
KDestination
N
Y
EH
D
Message Authentication using secret key
![Page 63: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/63.jpg)
04/22/23 63
Source
Destination
H
N
Y
Message Authentication and confidentiality using secret key
K
HD
K
E
![Page 64: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/64.jpg)
04/22/23 64
Kra
Source
H
DestinationN
Y
EH
Message Authentication and Digital signature using public/private keys
Kua
D
![Page 65: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/65.jpg)
04/22/23 65
Kra
Source
H
Destination N
Y
EH
Message Authentication, confidentiality and Digital signature using both public/private keys and secret key
Kua
D
E
K
D
K
![Page 66: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/66.jpg)
04/22/23 66
Kra
Source
H
Destination N
Y
EH
Message Authentication, confidentiality and Digital signature using public/private keys.
Kua
D
E
Kub
D
Krb
![Page 67: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/67.jpg)
04/22/23 67
Source
Destination
H
N
Y
Message Authentication using secret key (e.g. Mobile IP)
H
||
||
K
![Page 68: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/68.jpg)
04/22/23 68
Source
Destination
H
N
Y
Message Authentication and confidentiality using secret key
K
HD
K
E||
K
||
![Page 69: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/69.jpg)
04/22/23 69
IKEv2 (RFC 4306)
![Page 70: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/70.jpg)
04/22/23 70
Diffie-Hellman algorithm
Node A1.Private key A2.Public key gA
3.Secret key = gAB Node B
1.Private Key B2.Public key gB
3.Secret key = gBA
Secret key = gAB = gBA
Diffie-Hellman group g
![Page 71: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/71.jpg)
04/22/23 71
IKEv2-IKE_SA-Phase 1
IKE_SA_INIT
IKE_AUTH
![Page 72: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/72.jpg)
04/22/23 72
IKEv2-IKE_SA_INIT (Phase 1)
(1) HDR, SAi1, KEi, Ni
(2) HDR, SAr1,KEr,Nr, [CERTREQ]
Negotiate•Cryptographic Algorithms•Exchange nonce•Diffie-Helman exchange
![Page 73: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/73.jpg)
04/22/23 73
IKEv2-IKE_AUTH (Phase 1)
(3) HDR, SK(IDi, [CERT,][CERTREQ][IDr,],AUTH,SAi2,TSi,TSr)
(4) HDR, SK(IDr, [CERT,],AUTH,SAr2,TSi,TSr)
![Page 74: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/74.jpg)
04/22/23 74
IKEv2-CREATE_CHILD_SA (Phase 2)
(5) HDR, SK ([N], SA, Ni, [KEi], (TSi,TSr))
(6) HDR, SK (SA, Nr, [KEr],[ TSi,TSr]))
![Page 75: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/75.jpg)
04/22/23 75
IKE_SA-Generating Keying Material
four cryptographic algorithms parameters are negotiated
1. An encryption algorithm: the algorithms used in the encryption, such as DES, 3DES etc.
2. Integrity protection algorithm: hashing functions such as MD5, SHA-1 etc.3. pseudo-random function (prf(K,S)): is the keyed pseudo-random function-- often a
keyed hash function-- used to generate a deterministic output that appears pseudo-random. prf's are used both for key derivations and for authentication (i.e. as a keyed MAC )
4. Diffie-Hellman group: g^xy is the Diffie-Hellman shared secret, g is the Diffie-Hellman group and g^xi, and g^yr are the public keys for the initiator and responder.
![Page 76: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/76.jpg)
04/22/23 76
IKE_SA-Generating Keying Material (continue)
prf+ (K,S) = T1 | T2 | T3 | T4 | ...
where:
T1 = prf (K, S | 0x01)
T2 = prf (K, T1 | S | 0x02)
T3 = prf (K, T2 | S | 0x03)
T4 = prf (K, T3 | S | 0x04)
![Page 77: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/77.jpg)
04/22/23 77
IKE_SA-Generating Keying Material (continue)
SKEYSEED = prf(Ni | Nr, g^ir)
{SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr } =
prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr )
1. SK_d: used for deriving new keys for the CHILD_SAs established with this IKE_SA.
2. SK_ai and SK_ar: used as a key to the integrity protection algorithm for authenticating the component messages of subsequent exchanges.
3. SK_ei and SK_er: used for encrypting (and of course decrypting) all subsequent exchanges.
4. SK_pi and SK_pr: which are used when generating an AUTH payload.
![Page 78: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/78.jpg)
04/22/23 78
IKE Header Format
IKE_SA Initiator’s SPI
IKE_SA Responder’s SPI
Next Payload MjVer MnVer Exchange type Flags
Message ID
Length
![Page 79: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/79.jpg)
04/22/23 79
Traffic Selector Payload
Traffic Selector Payload allows peers to identify packet flows for processing by IPSec security services.
IP Protocol ID: UDP/TCP/ICMP etc.
Start Port: the smallest port number.
End Port: the largest port number.
Starting Address: The smallest address (IP4 or IP6).
Ending Address: The largest address (IP4 or IP6).
•TSi = (0, 0-65535,192.0.2.202-192.0.2.202)•TSr = (0, 0-65535,192.0.2.0-192.0.2.255)
![Page 80: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/80.jpg)
04/22/23 80
Authentication of IKE_SA
Digital Signature:
AUTHr= <msg octets>,Ni, prf(SK_pr,IDr_p)
DSr = RSAPrKr(SHA-1(AUTHr))
AUTHi= <msg octets>),Nr, prf(SK_pi,IDr_p)
DSi = RSAPrKi(RSA-1(AUTHi))
PrK Private Key.
DS Digital Signature.Secret Key:
AUTH = prf(prf (SrK, ”Key Pad for IKv2”),<msg octets>))
SrK Shared Secret Key
![Page 81: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/81.jpg)
04/22/23 81
IKEv2- Authentication with EAP
(1) HDR, SAi1, KEi, Ni
(2) HDR, SAr1, KEr, Nr, [CERTREQ]
(3) HDR, SK [IDi, [CERTREQ,] [IDr,] SAi2, TSi, TSr]
(4) HDR, SK [IDr, [CERT,] AUTH, EAP]
(5) HDR, SK (EAP)
(6) HDR, SK (EAP (success))
(7) HDR, SK (AUTH)
(8) HDR, SK (AUTH, SAr2, TSi, TSr)
• Initiate or declare its desire for EAP authentication by leaving out the AUTH payload at message 3. The initator will declare it identity but not proven it.
• The responder includes EAP payload in massage 4 and defer sending SAr2, TSi, TSr. The AUTH payload will be generated using public key.
• For EAP that creates shared secret key (MSK) as a side effect, this key will be used in generating AUTH payload in 7,8 messages.
![Page 82: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/82.jpg)
04/22/23 82
(1) HDR, SK ([N], SA, Ni, [KEi])
(2) HDR, SK (SA, Nr, [KEr])
SKEYSEED = prf(SK_d (old), Ni | Nr| g^ir)
{SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr } =
prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr )
Renewing Security Association when it is about to expire. Include N payload with REKEY_SA
Unlike IKEv1, IKEv2 provides the optional feature to rekey SAs without restarting the entire IKE_SA.
IKEv2-Rekeying using CREATE_CHILD_SA
![Page 83: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/83.jpg)
04/22/23 83
(1) HDR, SK (SA, Ni, [KEi], [TSi,TSr])
(2) HDR, SK (SA, Nr, [KEr], [TSi,TSr])
SKEYSEED = prf(SK_d (old), Ni | Nr| g^ir)
{SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr } =
prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr )
Renewing Security
Association when it is about to
expire.
IKEv2-creating new CHILS_SA with CREATE_CHILD_SA
The first CHILD_SA is created by IKE_AUTH exchange and additional CHILD_SAs can be optionally created in CREATE_CHILD_SA. Unlike IKEv1, IKEv2 provides the optional feature to create CHILD_SAs without
restarting the entire IKE_SA.
![Page 84: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/84.jpg)
04/22/23 84
IKEv2- Requesting an Internal Address on Remote Network
(3) HDR, SK (IDi, [CERT,] [CERTREQ,] [IDr] AUTH CP[CFG_REQUEST), SAi2, TSi, TSr]
(4) HDR, SK (IDr, [CERT,] AUTH, CP[CFG_REPLY), SAr2, TSi, TSr))
IKE_AUTH exchange
CF[CFG_REQUEST]=INTERNAL_IPV4_ADDRRSS(0.0.0.0)INTERNAL_IPV4_NETMASK(0.0.0.0)
CF[CFG_REPLY]=INTERNAL_IPV4_ADDRRSS(192.0.2.202)INTERNAL_IPV4_NETMASK(255.255.255.0)
![Page 85: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/85.jpg)
04/22/23 85
IPSec
![Page 86: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/86.jpg)
04/22/23 86
Encryption Algorithm
IP Security Architecture
Architecture
ESP Protocol AH Protocol
Encryption Algorithm
DOI Domain of Interpretation
Key Management
Encryption Algorithm
Authentication Algorithm
![Page 87: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/87.jpg)
04/22/23 87
IP Security Services
AH ESP
(Encryption Only)
ESP
(Encryption + Authentication)
x x
x x
x x x
x x
Connection Less Integrity
Data Origin Authentication
Replay Protection
Confidentiality
![Page 88: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/88.jpg)
04/22/23 88
IPSec Security Protocols
• The IP Authentication Header (AH): offers integrity and data origin authentication, with optional anti-replay features in the direction of the receiver.
• The Encapsulating Security Payload (ESP): protocol offers the same set of services as (AH), and also offers confidentiality.
![Page 89: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/89.jpg)
04/22/23 89
Where IPsec Can Be Implemented
• IPsec Part of IP Stack: may be integrated into the native IP stack. This requires access to the IP source code and is applicable to both hosts and security gateways.
• In a "bump-in-the-stack" (BITS) implementation: IPsec is implemented "underneath" an existing implementation of an IP protocol stack, between the native IP and the local network drivers. Source code access for the IP stack is not required in this context.
• In a "bump-in-the-Wire" (BITW) implementation: The use of a dedicated, inline security protocol.
![Page 90: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/90.jpg)
04/22/23 90
Security Association
A Security Association (SA) is a simplex "connection" that provides security services to the traffic carried by it.
![Page 91: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/91.jpg)
04/22/23 91
Security Association (continue)
Security services are provided by the use of AH, or ESP, but not both.
SA using ESP
SA using AH
If both AH and ESP protection is applied to a traffic stream, then two (or more) SAs are created to provide protection to the traffic
stream.
![Page 92: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/92.jpg)
04/22/23 92
Security Association (continue)
SA1
SA2
To secure bi-directional communication between two nodes, two Security Associations (one in each
direction) are required
![Page 93: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/93.jpg)
04/22/23 93
IPSec Transport Mode
Transport Mode refers to applying more than one security protocol to the same IP datagram, without invoking tunneling. This approach to combining AH and ESP allows for only one level of combination; further nesting yields no added benefit (assuming use of adequately strong algorithms in each protocol) since the processing is performed at one IPsec instance at the (ultimate) destination.
Internet
Security Association 1 (ESP transport)
Security Association 2 (AH transport)
![Page 94: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/94.jpg)
04/22/23 94
IPv4-Transport Mode
DataTCPIPv4 Hdr
DataTCPIPv4 Hdr AH
Authentication Except for Mutable fields
![Page 95: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/95.jpg)
04/22/23 95
IPv6-Transport Mode
DataTCPIPv6 Hdr
DataTCPIPv6 Hdr AH
Authentication Except for Mutable fields
EH
DHHbyH,DH,RH,FH
HbyH : Hope by Hope extension.DH : Destination Header.RH : Routing Header.FH : Fragmentation Header.
![Page 96: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/96.jpg)
04/22/23 96
IPSec Tunnel Mode
Tunneling is the process of encapsulating one protocol
inside another one
![Page 97: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/97.jpg)
04/22/23 97
IPSec Tunnel Mode-case 1
both endpoints for the SAs are the same -- The inner and outer tunnels could each be either AH or ESP, though it is unlikely that Host 1 would specify both
to be the same, i.e., AH inside of AH or ESP inside of ESP.
Internet
Security Association 1 (tunnel)
Security Association 2 (tunnel)
Security Gwy1
Security Gwy2
Host Host
![Page 98: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/98.jpg)
04/22/23 98
IPSec Tunnel Mode-case 2
one endpoint of the SAs is the same. The inner and outer tunnels could each be either AH or ESP.
Internet
Security Association 1 (tunnel)
Security Association 2 (tunnel)
Security Gwy1
Security Gwy2
Host Host
![Page 99: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/99.jpg)
04/22/23 99
neither endpoint is the same. The inner and outer tunnels could each be either AH or ESP.
Internet
Security Association 1 (tunnel)
Security Association 2 (tunnel)
Security Gwy1
Security Gwy2
Host Host
IPSec Tunnel Mode-case 3
![Page 100: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/100.jpg)
04/22/23 100
IPv4-Tunnel Mode
DataTCPIPv4 Hdr
DataTCPIPv4 HdrAH
Authentication Except for Mutable fields in new IP Header
New IPv4 Hdr
![Page 101: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/101.jpg)
04/22/23 101
IPv6-Tunnel Mode
AH
Authentication Except for Mutable fields in new IP header and its extension header
DataTCPIPv6 Hdr EHNew IPv6 Hdr EH
DataTCPIPv6 Hdr EH
![Page 102: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/102.jpg)
04/22/23 102
IPsec Data Bases
• The Security Policy Database (SPD): A SA is a management construct used to enforce security policy for traffic:
![Page 103: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/103.jpg)
04/22/23 103
SPD Processing Choices
• DISCARD: The first choice refers to traffic that is not allowed to traverse the IPsec boundary
• BYPASS: The second choice refers to traffic that is allowed to cross the IPsec boundary without IPsec protection.
• PROTECT: traffic that is afforded IPsec protection, and for such traffic the SPD must specify the security protocols to be employed, their mode, security service options, and the cryptographic algorithms to be used.
SPDOutbound Traffic Inbound Traffic
![Page 104: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/104.jpg)
04/22/23 104
SPD Policy Entries
• SPD-I: For inbound traffic that is to be bypassed or discarded, the entry consists of the values of the selectors that apply to the traffic to be bypassed or discarded.
• SPD-O: For outbound traffic that is to be bypassed or discarded, the entry consists of the values of the selectors that apply to the traffic to be bypassed or discarded.
• SPD-S: For traffic that is to be protected using IPsec, the entry consists of the values of the selectors that apply to the traffic to be protected via AH or ESP, controls on how to create SAs based on these selectors, and the parameters needed to effect this protection (e.g., algorithms, modes, etc.).
![Page 105: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/105.jpg)
04/22/23 105
SPD Selector
• Remote IP Address(es) (IPv4 or IPv6): this is a list of ranges of IP addresses (unicast, anycast, broadcast (IPv4 only), or multicast group).
• Local IP Address(es) (IPv4 or IPv6): this is a list of ranges of IP addresses (unicast, anycast, broadcast (IPv4 only), or multicast group).
• Next Layer Protocol: Obtained from the IPv4 "Protocol" or the IPv6 "Next Header" fields.
• Port numbers: If the Next Layer Protocol uses two ports (e.g., TCP, UDP, SCTP, ...), then there are selectors for Local and Remote Ports.
• Mobility Header Message Type (MH type): If the Next Layer Protocol is a Mobility Header, then there is a selector for IPv6 Mobility Header Message Type (MH type).
![Page 106: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/106.jpg)
04/22/23 106
Outbound IP Traffic Processing (Cache Hit)
SPD Selection
SPD Cache Process (AH/ESP)
Forwarding
Protected
bypass
discard
![Page 107: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/107.jpg)
04/22/23 107
Outbound IP Traffic Processing (Cache Miss)
•Create inbound CE•Create Outbound CE
•Invoke IKE•Create SA
Check SPD-O,SPD-S
protected Bypass
•Create outbound CE
discard
discard Forwarding Process (AH/ESP)
![Page 108: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/108.jpg)
04/22/23 108
inbound IP Traffic Processing
Process (AH/ESP)
IPSec Protected
No
Yes
Verify SelectorWith SAD Selector
SPD-I
Forward
bypass
discard
packet
![Page 109: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/109.jpg)
04/22/23 109
Appendix
![Page 110: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/110.jpg)
04/22/23 110
MD5
![Page 111: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/111.jpg)
04/22/23 111
128 bit digestIV
Y0
512 bits
Y1
512 bits
Yq
512 bits
YL-1
512 bits
128 128
CV1
128
CVq CV L-1
128
K bits
L x 512 bits
Padding 1-512 bits Length
MD5 MD5 MD5 MD5
![Page 112: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/112.jpg)
04/22/23 112
K bits
L x 512 bits
Step 1 Appending padding bits Padding:1-512
The length of the padding is 64 bits less than an integer multiple of
512 bits.
M = 448 bits, pad = 512 bits
![Page 113: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/113.jpg)
04/22/23 113
K bits
L x 512 bits
Step 2 Adding Length Length
A 64 bit representation of the length in bits of the original message is appended to the result of step 1 (least significant byte first). If length is grater than 2^64, then only the low order 64 bits of the
length is used.
Length = K mod 2 ^ 64
![Page 114: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/114.jpg)
04/22/23 114
Step 3 Initialize MD buffer
128 bit buffer is used to hold intermediate and final result of the hash function. The buffer is presented as four 32-bit registers
(A,B,C,D). The initial values are stored in little-endian, which least significant byte is in the lowest address
A = 01 33 45 57B = 89 AB CD EFC = FE DC BA 98D = 76 54 32 10
IV
![Page 115: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/115.jpg)
04/22/23 115
Step 4 Process message in 512 blocks CVq
F,T[1..16], 16 steps
A B C D
G,T[16..32], 16 steps
A B C D
H,T[32..48], 16 steps
A B C D
I,T[49..64], 16 steps
A B C D
Yq
+ + + +
CVq+1
![Page 116: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/116.jpg)
04/22/23 116
0 71 122 173 224 75 12
6 17
7 228 79 12
10 1711 2212 713 12
14 17
15 22
F,T[1..16], 16 steps
A B C D
Round 1
![Page 117: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/117.jpg)
04/22/23 117
a b +((a+g(b,c,d)+X[k]+T[i]) <<<s)
A B C D
A B C D
+++cls
+
gX[k]
T[i]
MD5 compression function
![Page 118: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/118.jpg)
04/22/23 118
Block 512
Word 0-32 bits
Word 16-32 bits
![Page 119: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/119.jpg)
04/22/23 119
round Primitive function g G(b,c,d)
1 F(b,c,d) (b^c)v(b^d)
2 G(b,c,d) (b^d)v(c^d)
3 H(b,c,d) (b+c+d)
4 I(b,c,d) (c+(b v d))
![Page 120: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/120.jpg)
04/22/23 120
Round 1 X[i] = i
Round 2 X[i] = (1+5i) mod16
Round 3 X[i] = (5+3i) mod16
Round 4 X[i] = 7i mod16
![Page 121: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/121.jpg)
04/22/23 121
T[ i] = 2^32 x abs (sin(i))
sin table
![Page 122: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/122.jpg)
04/22/23 122
SHA-1
![Page 123: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/123.jpg)
04/22/23 123
160 bit digestIV
Y0
512 bits
Y1
512 bits
Yq
512 bits
YL-1
512 bits
160 160
CV1
160
CVq CV L-1
160
K bits
L x 512 bits
Padding 1-512 bits Length
SHA-1 SHA-1 SHA-1 SHA-1
![Page 124: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/124.jpg)
04/22/23 124
K bits
L x 512 bits
Step 1 Appending padding bits Padding:1-512
The length of the padding is 64 bits less than an integer multiple of
512 bits.
M = 448 bits, pad = 512 bits
![Page 125: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/125.jpg)
04/22/23 125
K bits
L x 512 bits
Step 2 Adding Length Length
A 64 bit representation of the length in bits of the original message is appended to the result of step 1 (least significant byte first). If length is grater than 2^64, then only the low order 64 bits of the
length is used.
Length = K mod 2 ^ 64
![Page 126: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/126.jpg)
04/22/23 126
Step 3 Initialize ID buffer
160 bit buffer is used to hold intermediate and final result of the hash function. The buffer is presented as four 32-bit registers (A,B,C,D,E). The initial values are stored in big-endian, which
least significant byte is in the hightest address
A = 67 45 23 01B = EF CD AB 89C = 98 BA DC FED = 10 32 54 76E = C3 D2 E1 F0
IV
![Page 127: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/127.jpg)
04/22/23 127
Step 4 Process Message in 512-bits blocks CVq
F1,,W[0..19], 20 steps
A B C D
F2,,W[20..39], 20 steps
A B C D
H,W[40..59], 20 steps
A B C D
I,T[60..79], 20 stepsA B C D
Yq
+ + + +
CVq+1
E
E
E
E
+
![Page 128: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/128.jpg)
04/22/23 128
Wt
Kt
A B C D E
+S5 +
S30 +
f
A B C D E
+
SHA-1 compression function
![Page 129: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/129.jpg)
04/22/23 129
Step Function Name Function Value
0<= t <=19 F1=f(t,b,c,d) (b^c)v(b^d)
20=<t<=29 F2=f(t,b,c,d) (b+c+d)
40=<t<=59 F3=f(t,b,c,d) (b^c)v(b^d)v(c^d)
60=<t<=79 F4=f(t,b,c,d) (b+c+d)
f for different rounds
![Page 130: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/130.jpg)
04/22/23 130
Step Hexadecimal Take Integer Part of
0<= t <=19 Kt = 0x5A827999 2^30 x sqrt(2)
20=<t<=29 Kt = 0x6ED9EBA1 2^30 x sqrt(3)
40=<t<=59 Kt = 0x8F1BBCDC 2^30 x sqrt(5)
60=<t<=79 Kt = 0xCA62C1D6 2^30 x sqrt(10)
Kt
![Page 131: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/131.jpg)
04/22/23 131
Brute Force Attack:
If we have a message x such that H(x) = h, the difficulty of finding y such as H(y) = H(x) is on the order of 2^128 operations to MD5 and 2^160 operations for SHA-1.
Security Of MD5 and RSA-1
![Page 132: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/132.jpg)
04/22/23 132
•An attacker is generating k different inputs trying to find at least one message y, where H(x) = H(y)
•What is the size of k such that the probability of H(x) = H(y) = .5
Mathematical Basis Of Brute Force Attack
Problem Statement
![Page 133: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/133.jpg)
04/22/23 133
Output Feedback Mode (OFB)
IV
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
CIPHERTEXT1
IV
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
PLAINTEXT1
ECB
Encryption
ECB
Decryption
+
+
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
CIPHERTEXT2
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
PLAINTEXT2
+
+
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
CIPHERTEXTn
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
PLAINTEXTn
+
+
PLAUNTEXT1 PLAUNTEXT2 Plaintextn
![Page 134: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/134.jpg)
04/22/23 134
Output Feedback Mode (OFB)-Encryption
)(
)(
1
1
nunn
jjj
jkj
jj
OMSBPC
OPC
ICIPHO
OI
IVI
for j=2,….n
for j=1,2…..n-1
for j=1,2…..n-1
![Page 135: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/135.jpg)
04/22/23 135
Output Feedback Mode (OFB)-Decryption
)(
)(
1
1
nunn
jjj
jkj
jj
OMSBCP
OCP
ICIPHO
OI
IVI
for j=2,….n
for j=1,2…..n-1
for j=1,2…..n-1
![Page 136: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/136.jpg)
04/22/23 136
Cipher Feedback Mode (CFB)
IV
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
INPUT BLOCK1
CIPHk
CIPHERTEXT1S bits
IV
INPUT BLOCK1
CIPHk
PLAINTEXT1S bits
ECB
Encryption
ECB
Decryption
+
+
PLAUNTEXT1S bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
INPUT BLOCK(b-s)bits|sbits
CIPHk
INPUT BLOCKn(b-s)bits|sbits
CIPHk
PLAINTEXT1S bits
+
+
PLAUNTEXT1S bits
OUTPUT BLOCK1Select s bits
Discard (b-s)bits
CIPHERTEXT1S bits
![Page 137: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/137.jpg)
04/22/23 137
Cipher Feedback Mode (OFB)-Encryption
#
#
##
#11
1
)(
)(
|)(
j
j
jsjj
jkj
jjsbj
P
C
OMSBPC
ICIPHO
CILSBI
IVI
for j=2,….n
for j=1,2…..n
for j=1,2…..n
Ciphertext segment consists of s bits
Plaintext segment consists of s bits
![Page 138: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/138.jpg)
04/22/23 138
Cipher Feedback Mode (OFB)-Decryption
#
#
##
#11
1
)(
)(
|)(
j
j
jsjj
jkj
jjsbj
P
C
OMSBCP
ICIPHO
CILSBI
IVI
for j=2,….n
for j=1,2…..n
for j=1,2…..n
Ciphertext segment consists of s bits
Plaintext segment consists of s bits
![Page 139: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/139.jpg)
04/22/23 139
Counter Mode (CTR)
Counter1
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
CIPHERTEXT1
Counter1
OUTPUT BLOCK1
INPUT BLOCK1
CIPHk
PLAINTEXT1
ECB
Encryption
ECB
Decryption
+
+
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
CIPHERTEXT2
OUTPUT BLOCK2
INPUT BLOCK2
CIPHk
PLAINTEXT2
+
+
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
CIPHERTEXTn
OUTPUT BLOCKn
INPUT BLOCKn
CIPHk
PLAINTEXTn
+
+
PLAUNTEXT1 PLAUNTEXT2 Plaintextn
Counter2
Counter1Countern
Countern
![Page 140: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/140.jpg)
04/22/23 140
Cryptography And Network SecurityWilliam Stallings
![Page 141: Fundamentals of Security](https://reader033.fdocuments.net/reader033/viewer/2022061604/5681581b550346895dc58031/html5/thumbnails/141.jpg)
04/22/23 141
CHILD_SA-Generating Keying Material
CHILD_SA are created by:
1. Piggybacked on the IKE_AUTH exchange.
KYEMAT = prf+ (SK_d ,Ni |Nr)
Where Ni, Nr are nonces from the IKE_SA_INIT exchange if request is the first CHILD_SA create.
2. CREATE_CHILD_SA exchange
KEYMAT = prf+(Sk_d,g^ir (new) | Ni | Nr)
Ni, Nr are fresh nonces from the CREATE_CHILD_SA exchange; g^ir (new) is the shared secret from the ephemeral Diffie - Hellman exchange of this CREATE_CHILD_SA exchange