EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao [email protected] 2 Outline • Reminder – Quiz#5 12/8 4-6pm – Final Revised Wiki Page due 12/8 midnight • • • • • Stream cipher mode Public key algorithm Digital signature Message digest and secure hash functions Public key infrastructure Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 3 Stream Cipher Mode • To be insensitive to transmission error, an arbitrarily large sequence of output blocks, called the keystream, is treated like a one-time pad and XORed with the plaintext to get the ciphertext – It works by encrypting an IV, using a key to get an output block – The output block is then encrypted, using the key to get a second output block – This block is then encrypted to get a third block, and so on Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 4 Stream Cipher Mode • The keystream is independent of the data – It can be computed in advance – It is completely insensitive to transmission errors Decryption Encryption Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 5 Stream Cipher Mode • It is essential never to use the same (key, IV) pair twice with a stream cipher because doing so will generate the same keystream each time • Using the same keystream twice exposes the ciphertext to a keystream reuse attack • Stream cipher mode is also called output feedback mode Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 6 Keystream Reuse Attack • Plaintext block, P0, is encrypted with the keystream to get P0 XOR K0 • Later, a second plaintext block, Q0, is encrypted with the same keystream to get Q0 XOR K0 • An intruder who captures both ciphertext blocks can simply XOR them together to get P0 XOR Q0, which eliminates the key • The intruder now has the XOR of the two plaintext blocks • If one of them is known or can be guessed, the other can also be found • In any event, the XOR of two plaintext streams can be attacked by using statistical properties of the message Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 7 Public-Key Algorithms • Distributing keys => the weakest link in most cryptosystems – No matter how strong a cryptosystem was, if an intruder could steal the key, the system was worthless – Cryptologists always took for granted that the encryption key and decryption key were the same • Diffie and Hellman (1976) proposed a radically new kind of cryptosystem: encryption and decryption keys were different – D(E(P)) = P – It is exceedingly difficult to deduce D from E – E cannot be broken by a chosen plaintext attack Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 8 Public-Key Algorithms • Public-key cryptography: – Encryption algorithm and the encryption key can be made public • How to establish a secure channel – Alice and Bob have never had previous contact – Alice sends Bob EB(P) (message P encrypted using Bob’s public encryption key EB) – Bob receives the encrypted message and retrieves the plaintext by using his private key P = DB(EB(P)) – Bobs then sends a reply EA(R) to Alice Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 9 RSA • Rivest, Shamir, Adleman, 1978: a good method for public-key cryptography • RSA method: – – – – • • • • Choose two large primes, p and q (typically 1024 bits) Compute n = p q and z = (p-1) (q-1) Choose a number relatively prime to z and call it d Find e such that e d = 1 mod z To encrypt a message, P, Compute C = Pe (mod n) To decrypt C, compute P = Cd (mod n) The public key consists of the pair (e, n) The private key consists of the pair (d, n) Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 10 RSA • An example of the RSA algorithm – P = 3, q = 11 => n = 33 and z = 20 – A suitable value for d = 7 – e can be found by solving the eq. 7e = 1 (mod 20) => e = 3 – C = P3 (mod 33), P = C7 (mod 33) Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 11 Digital Signatures • Requirement on digital signatures: one party can send a signed message to another party in such a way that the following conditions hold: – The receiver can verify the claimed identity of the sender – The sender cannot later repudiate the contents of the message – The receiver cannot possibly have concocted the message himself Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 12 Symmetric-Key Signatures • Big Brother (BB): a central authority that knows everything and whom everyone trusts – Each user chooses a secret key and shares it with BB • Digital signatures with Big Brother Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 13 Public-Key Signatures • Digital signatures using public-key cryptography – Requires E(D(P)) = P (in addition to D(E(P)) = P) Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 14 Message Digests • Message digest (MD): using a one-way hash function that takes an arbitrarily long piece of plaintext and from it computes a fixed-length bit string – – – – Given P, it is easy to compute MD(P) Given MD(P), it is effectively impossible to find P Given P no one can find P’ such that MD(P’) = MD(P) A change to the input of even 1 bit produces a very different output Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 15 Hash Functions: MD5 and SHA-1 • Hash function: mangling bits in a sufficiently complicated way that every output bit is affected by every input bit • MD5 is the fifth in a series of message digests designed by Ronald Rivest (1992) – MD5 generates a 128-bit fixed value • SHA-1: Secure Hash Algorithm 1, developed by National Security Agency (NSA) and blessed by NIST – SHA-1 generates 160-bit message digest Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 16 Digital Signatures Using Message Digests Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 17 Message Authentication Code • MACs are used between two parties that share a secret key in order to validate information transmitted between these parties • The MAC mechanism that is based on cryptographic hash functions is called HMAC. Basic idea: – Append the key to the plaintext and generate a digest using a hash function – Ship the plaintext together with the digest Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 18 Management of Public Keys • • • • Problem statement Certificates X.509 Public key infrastructure Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao Problems with Public-Key Management • If Alice and Bob do not know each other, how do they get each other’s public keys to start the communication process ? – It is essential Alice gets Bob’s public key, not someone else’s • A way for Trudy to subvert public-key encryption Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 19 20 Certificates • Certification Authority (CA): an organization that certifies public keys – It certifies the public keys belonging to people, companies, or even attributes – CA does not need to be on-line all the time (in ideal scenarios) • A possible certificate and its signed hash Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 21 X.509 • Devised and approved by ITU • The basic fields of an X.509 certificate Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 22 Public-Key Infrastructures • A Public-Key Infrastructure (PKI) is needed for reasons of – Availability, Scalability, Ease of management • A PKI has multiple components – Users, CAs, Certificates, Directories • A PKI provides a way of structuring these components and define standards for the various documents and protocols – A simple form of PKI is hierarchical CAs Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 23 Public-Key Infrastructures • Hierarchical PKI • A chain of trust/certification path: A chain of certificates going back to the root Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao 24 Public-Key Infrastructures • Revocation: sometimes certificates can be revoked, due to a number of reasons • Reinstatement: a revoked certificate could conceivably be reinstated • Each CA periodically issues a CRL (Certificate Revocation List) giving the serial numbers of all certificates that it has revoked – A user who is about to use a certificate must now acquire the CRL to see if the certificate has been revoked • Having to deal with revocation (and possibly reinstatement) eliminates one of the best properties of certificates, namely, that they can be used without having to contact a CA Fall Semester 2008 EEC-484/584: Computer Networks Wenbing Zhao
© Copyright 2025 Paperzz