inha university jiang hong rui mobile research on network security 장홍예 2001. 12. 19

Inha UniversityJiang Hong Rui

Mobile Research on Network Security

장홍예2001. 12. 19

2 Inha UniversityJiang Hong Rui

Contents

1. Introduction

2. Traditional Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads

3. Secret-Key Algorithms DES DES Chaining Breaking DES


Contents (cont.)

4. Public-Key Algorithms The RSA Algorithm

5. Authentication Protocols Authentication Based on a Shared Secret Key Establishing a Shared Key: The Diffie-Hellman Key Exchange Authentication Using a Key distribution Center Authentication Using Kerberos Authentication Using public-Key Cryptography

6. Digital Signatures Secret-Key Signatures Public-Key Signatures Message Digests


Contents (cont.)

7. IPv4 and IPv6 Security Applications of IPSec The Scope of IPSec Security Associations Transport and Tunnel Modes Authentication Header Encapsulating Security Payload Key Management

Reference


1. Introduction

Nonrepudiation

Secrecy

Authentication Network security

Integrity control


1. Introduction (cont.)

Plaintext: the message to be encrypted.

It is transformed by a function that is parametrized by a key.

Ciphertext: the output of the encryption process.

Intruder: passive intruder and active intruder.

Cryptanalysis: the art of breaking ciphers.

Cryptology: the art of devising ciphers and breaking them.



E n c r y p t i o nm e t h o d

D e c r y p t i o nm e t h o dP l a i n t e x t , P P l a i n t e x t

E n c r y p t i o nK e y , k

D e c r y p t i o nk e y

I n t r u d e r

P a s s i v ei n t r u d e r

j u s tl i s t e n s

A c t i v ei n t r u d e rc a n a l t e rm e s s a g e s

F i g . 1 . T h e e n c r y p t i o n m o d e l

C i p h e r t e x t

)( PEC K



It means that the encryption of the plaintext P using key K gives the ciphertext C.

It represents of decryption of C to get the plaintext again.

)(PEC K

)(CDP K

PPED KK ))((


2. Traditional Cryptography

2.1 Substitution Ciphers

2.1.1 Caesar cipher

In this method, a becomes D, b becomes E, c becomes F, …, and z becomes C.

Example:

jiang hong rui

MLDQJ KRQJ UXL


2.1.2 Monoalphabetic substitution

Example:

2. Traditional Cryptography (cont.)

jiang hong rui

POQFU IGFU KXO

Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z

Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM


2.2 Transposition Ciphers

MEGABUCK is the key. The purpose of the key is to number the columns, column 1 being under the key letter closet to the start of the alphabet, and so on. The plaintext is written horizontally, in rows. The ciphertext is read out by columns, starting with the column whose key letter is the lowest.



2.3 One-Time Pads

First choose a random bit string as the key. Then convert the plaintext into a bit string, for example by using its ASCII representation. Finally, compute the EXCLUSIVE OR of these two strings, bit by bit.

Disadvantages:

To start with, the key cannot be memorized, so both sender and receiver must carry a written copy with them.

The total amount of data that can be transmitted is limited by the amount of key available.

Another problem is the sensitivity of the method to lost or inserted characters.



3. Secret-Key Algorithms

Two principles:

Encrypted messages must contain some redundancy, that is, information not needed to understand the message.

Some measures must be taken to prevent active intruders from playing back old messages.


3. Secret-Key Algorithms (cont.)

P-box: used to effect a transposition on an 8-bit input.

S-box: Substitutions are performed.



3.1 DES Data encryption standard General outline

Encrypted Plaintext is encrypted in blocks of 64 bits, yielding 64 bits of ciphertext.

It is parametrized by a 56-bit key, has 19 distinct stages.

The first stage is a key independent transposition on the 64-bit plaintext. The last stage is the exact inverse of this transposition.

The stage prior to the last one exchanges the leftmost 32 bits with the rightmost 32 bits. The remaining 16 stages are functionally identical but are parametrized by different functions of the key.



Detail of one iteration: First, a 48-bit number, E, is

constructed by expanding the 32-bit according to a fixed transposition and duplication rule.

Second, E and Ki are EXCLUSIVE

ORed together. This output is then partitioned into eight groups of 6 bits each, each of which is fed into a different S-box. Each of the 64 possible inputs to an S-box is mapped onto a 4-bit output.

Finally, these 8 x 4 bits are passed through a P-box.



3.2 DES Chaining

Electronic code book mode

Cipher block chaining

Each plaintext block is EXCLUSIVE ORed (#) with the previous ciphertext block no longer maps onto the same ciphertext block.

The encryption is no longer a big monoalphabetic substitution cipher.

The first block is EXCLUSIVE ORed with a randomly chosen initialization vector, IV, that is transmitted along with the ciphertext.



(a) (b)

Note: the contents of the shift repeats multiple times in the plaintext will be encrypted differently each time in the ciphertext.

Cipher feedback mode:



3.3 Breaking DES

Chinese lottery

Meet-in-the middle attack

Conclusion:

DES should no longer be used for anything important.


Triple encryption

Advantages: Much more secure. A computer using triple encryption can speak to one using

single encryption by just setting K1=K2.




IDEA International Data Encryption Algorithm

The basic structure of the algorithm resembles DES in that 64-bit plaintext input blocks are mangled in a sequence of parameterized iterations to produce 64-bit ciphertext output blocks.

Given the extensive bit mangling (for every iteration, every output bit depends on every input bit), eight iterations are sufficient.


4. Public-Key Algorithms

The (keyed) encryption algorithm, E, and the (keyed) decryption algorithm, D, have to meet the following three requirements:

D(E(P))=P.

It is exceedingly difficult to deduce D from E.

E cannot be broken by a chosen plaintext attack.


4. Public-Key Algorithms (cont.)

4.1 The RSA Algorithm Procedure:

Choose two large primes, p and q.

Compute n=p x q and z=(p-1) x (q-1).

Choose a number relatively prime to z and call it d.

Find e such that e x d =1 mode z.

Divide the plaintext into blocks, so that each plaintext message, P, falls in the interval 0<P<n.

To encrypt a message, P, compute C=Pe (mod n).


4. Public-Key Algorithms (cont.)

Example: Parameters:

• p=3, q=11, n=33, z=20, d=7, e=3


5. Authentication Protocols

Authentication Technique by which a process verifies that its communication

partner is who it is supposed to be and not an imposter.

Differentiate authentication and authorization: Authentication deals with the question of whether or not you

are actually communicating with a specific process.

Authorization is concerned with what that process is permitted to do.


5. Authentication Protocols (cont.) The general model

An initiating user, A, wants to establish a secure connection with a second user, B. A and B are sometimes called principals.

B is a banker with whom A would like to do business.

A starts out by sending a message either to B, or to a trusted key distribution center (KDC), which is always honest.

When the protocol has been completed, A is sure she is talking to B and B is sure he is talking to A.

Furthermore, the two of them will also have established a secret session key for use in the upcoming conversation.


5. Authentication Protocols (cont.)

5.1 Authentication Based on a Shared Secret Key

Challenge-response protocol:

A and B are principals, and C is a nasty intruder.

Ri’s are the challenges, where the subscript identifies the challenger.

Ki are keys, where i indicates the owner; Ks is the session key.



5.2 Establishing a Shared Key: The Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange: The protocol that allows strangers to establish a shared

secret key.

It works as follows: A and B have to agree on two large prime numbers, n, and g,

where (n-1)/2 is also a prime and certain conditions apply to g.

These numbers may be public, so either one of them can just pick n and g and tell the other openly.

Now A picks a large number, x, and keeps it secret. Similarly, B picks a large secret number, y.



A initiates the key exchange protocol by sending B a message containing (n, g, gx mod n), as shown in Fig. 12.

B responds by sending A a message containing gy mod n.

Now A takes the number B sent her and raises it to the xth power to get (gy mod n)x. B performs a similar operation to get (gx mod n)y.

By the laws of modular arithmetic, both calculations yield gxy mod n.

A and B now share a secret key, gxy mod n.



5.3 Authentication Using a Key distribution Center (KDC)

The simplest known KDC authentication protocol is wide-mouth frog.



Principle:

A picks a session key, KS, and tells the KDC that she wants to talk to B using KS.

This message is encrypted with the secret key A shares (only) with the KDC, KA. The KDC decrypts this message, extracting B’s identity and the session key.

It then constructs a new message containing A’s identity and the session key and sends this message to B.

This encryption is done with KB, the secret key B shares with the KDC. When B decrypts the message, he learns that A wants to talk to him, and which key she wants to use.



5.4 Authentication Using Kerberos

Kerberos involves three servers in addition to A (a client workstation):

Authentication Server (AS): verifies users during login.

Ticket-Granting Server (TGS): issues “proof of identity tickets”.

B the server: actually does the work A wants performed.



5. 5 Authentication Using public-Key Cryptography

Assume A and B already know each other’s public keys.


6. Digital Signatures

Basically, what is needed is a system by which one party can send a “signed” message to another party in such a way that

The receiver can verify the claimed identity of the sender.

The sender cannot later repudiate the contents of the message.

The receiver cannot possibly have concocted the message himself.


6. Digital Signatures (cont.)

6.1 Secret-Key Signatures One approach to digital signatures is to have a central

authority that knows everything and whom everyone trusts, say Big Brother (BB).

Each user then chooses a secret key and carries it by hand to BB’s office. Thus only A and BB know A’s secret, KA.



6.2 Public-Key Signatures

Fortunately, public-key cryptography can make an important contribution.



6.3 Message Digests This scheme is based on the idea of a one-way hash

function that takes an arbitrarily long piece of plaintext and from it computes a fixed-length bit string. This hash function, often called a message digest, has three important properties:

Given P, it is easy to compute MD (P).

Given MD (P), it is effectively impossible to find P.

No one can generate two messages that have the same message digest.


7. IPv4 and IPv6 Security

7.1 Applications of IPSec

IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet.

Secure branch office connectivity over the Internet.

Secure remote access over the Internet.

Establishing extranet and intranet connectivity with partners.

Enhancing electronic commerce security.


7. IPv4 and IPv6 Security (cont.)

7.2 The Scope of IPSec

IPSec provides three main facilities:

An authentication-only function referred to as Authentication Header (AH).

A combined authentication/encryption function called Encapsulating Security Payload (ESP).

A key exchange function.



7.3 Security Associations

A key concept that appears in both the authentication and confidentiality mechanisms for IP is the security association (SA).

A security association is uniquely identified by three parameters:

Security parameters index (SPI).

IP destination address.

Security protocol identifier.



7.4 Transport and Tunnel Modes

Transport Mode.

Transport mode provides protection primarily for upper-layer protocols.

Tunnel Mode.

Tunnel mode provides protection to the entire IP packet.



7.5 Authentication Header

The authentication header consists of the following fields:

Next Header (8 bits).

Payload Length (8 bits).

Reserved (16 bits).

Security Parameters Index (32 bits).

Sequence Number (32 bits).

Authentication Data (variable).



Fig. 19. IPSec Authentication Header



7.6 Encapsulating Security Payload (ESP) IPSec ESP Format .



7.7 Key Management

The key management portion of IPSec involves the determination and distribution of secret keys.

The IPSec Architecture document mandates support for two types of key management: Manual. Automated.

• Oakley Key Determination Protocol.• Internet Security Association and Key Management Protocol.

inha university jiang hong rui mobile research on network security 장홍예 2001. 12. 19

Documents