CIS3360: Security in Computing Supplement to Chapter 4 : Spam and Phishing Cliff Zou Spring 2012
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou...
-
Upload
eustacia-lamb -
Category
Documents
-
view
229 -
download
1
Transcript of Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou...
Network Security 7-1
CIS3360: Chapter 8: CryptographyApplication of Public Cryptography
Cliff Zou
Spring 2012
Network Security 7-2
Acknowledgement
Some slides are modified from the slides provided by textbook: Computer Networking: A Top Down
Approach Featuring the Internet, J. Kurose & K. Ross, Addison Wesley, 4rd ed., 2007
Network Security 7-3
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
sender (Bob) digitally signs document, establishing he is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
Network Security 7-4
Digital Signatures
Simple digital signature for message m: Bob signs m by encrypting with his private
key KB, creating “signed” message, KB(m)--
Dear Alice
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Bob’s message, P
Public keyencryptionalgorithm
Bob’s privatekey
K B-
Bob’s message, P, signed
(encrypted) with his private key
EK ¡B
(P )
Network Security 7-5
Digital Signatures (more) Suppose Alice receives:
msg P’, and its digital signature
Alice verifies P’ signed by Bob by applying Bob’s public key to checks if
Alice thus verifies that: Bob signed P. No one else signed P. Bob signed P and not a different P’.
Non-repudiation: Alice can take P, and its signature to court and
prove that Bob signed P.
EK ¡B
(P )
K +B
EK ¡B
(P )DK +
B(EK ¡
B(P )) = P 0
Network Security 7-6
Message Digests
Computationally expensive to public-key-encrypt long messages
Goal: fixed-length, easy- to-compute digital “fingerprint”
apply hash function H to m, get fixed size message digest, H(m).
Hash function properties: many-to-1 produces fixed-size msg
digest (fingerprint) given message digest x,
computationally infeasible to find m such that x = H(m)
large message
P
H: HashFunction
H(m)
Network Security 7-7
Hash Function Algorithms
MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step
process. arbitrary 128-bit string x, appears difficult to
construct msg m whose MD5 hash is equal to x.
SHA-1 is also used. US standard [NIST, FIPS PUB 180-1]
160-bit message digest
Network Security 7-8
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s private
key K B-
+
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
encrypted msg digest
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
Digital signature = signed message digest
No confidentiality !No confidentiality !
EK ¡B
(H (m))
EK ¡B
(H (m))
Network Security 7-9
Trusted Intermediaries
Public key problem: When Alice obtains Bob’s public key (from web
site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?
Solution: trusted certification authority (CA)
Network Security 7-10
Certification Authorities
Certification authority (CA): binds public key to particular entity, E.
E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by
CA – CA says “this is E’s public key”Bob’s public
key K B+
Bob’s identifying informatio
n
digitalsignature(encrypt)
CA private
key K CA-
K B+
certificate for Bob’s public
key, signed by CA
EK ¡C A
(K +B )
Network Security 7-11
Certification Authorities When Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate,
get Bob’s public key
Bob’s public
key K B+
digitalsignature(decrypt)
CA public
key K CA+
K B+
EK ¡C A
(K +B )
Network Security 7-12
A certificate contains: Serial number (unique to issuer) info about certificate owner, including
algorithm and key value itself (not shown) info about
certificate issuer
valid dates digital
signature by issuer
Network Security 7-13
Internet Web Security Architecture
Client A
CAWeb Server B
EK+B(KAB, R)
EKAB(R)
EKAB(m)
Cert Request
K+B
EK ¡C A
(K +B )
EK ¡C A
(K +B )
Network Security 7-14
Internet Web Security Conditions
Clients’ web browsers have built-in CAs. CAs are trustable Web servers have certificates in CAs.
Q: What if a server has no certificate? Example: SSH servers
Network Security 7-15
SSH Example
Initial setup: Trust the first-time connection Save the server’s public key
Still vulnerable due to the update of server’s key
Client A Web Server B
EKAB(R)
EKAB(m)
EK+B(KAB, R)
Network Security 7-16
Secure Message
Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and to Bob.
Assumption: Public keys are pre-distributed securely E.g: through CA, or pre-established like SSH
Alice wants to send confidential message, m, to Bob.
KS( ).
KB( ).+
+
KS(m
)m
KS
KB+
Internet
KSEK +
B(K S )
EK +B
(K S )
Network Security 7-17
Secure Message
Bob: uses his private key to decrypt and recover KS
uses KS to decrypt EKS(m) to recover m
Alice wants to send confidential message, m, to Bob.
E()
E()
+ -
EKS(m )m
KS
KS
KB+
Internet
D()
D()
KB-
KS
mEKS(m )
EK +B
(K S ) EK +B
(K S )
Network Security 7-18
Secure Message (continued)
• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
H( ). KA( ).-
+ -
H(m )m
KA-
Internet
m
KA( ).+
KA+
mH( ). H(m )
compare