Вы находитесь на странице: 1из 63

Chapter 3

Ô Chapter 1 introduced the threat environment


Ô Chapter 2 introduced the plan-protect-respond
cycle and covered the planning phase
Ô Chapters 3 through 8 will cover the protection
phase
Ô Chapters 3 and 4 introduce cryptography, which is
important in itself and which is used in many other
protections

2
Copyright Pearson Prentice-Hall 2010
Ô Cryptography is the use of mathematical
operations to protect messages traveling between
parties or stored on a computer

Ô Confidentiality means that someone intercepting


your communications cannot read them

???

Copyright Pearson Prentice-Hall 2010


Ô Confidentiality is only one cryptographic protection
Ô Authentication means proving one¶s identity to
another so they can trust you more
Ô Integrity means that the message cannot be
changed or, if it is change, that this change will be
detected
Ô Known as the CIA of cryptography
Ń o, not w w CIA

Copyright Pearson Prentice-Hall 2010


Ô Encryption for confidentiality needs a cipher
(mathematical method) to encrypt and decrypt
Ń ahe cipher cannot be kept secret

Ô ahe two parties using the cipher also need to


know a secret key or keys
Ń A key is merely a long stream of bits (1s and 0s)
Ń ahe key or keys 2 w be kept secret

Ô Cryptanalysts attempt to crack (find) the key

5
Copyright Pearson Prentice-Hall 2010
Sy etric
ey
a es ropper
Cannot Rea
Messages in
Plaintext: Cipher & Ciphertext: 11010100 Ciphertext
"Hello" ey

Net or Sa e
Sy etric
ey

Party Cipher & Plaintext:


Ciphertext: 11010100
ey "Hello"

Note:
single ey is se to encrypt an ecrypt
in oth irections
Party B
6
Copyright Pearson Prentice-Hall 2010
Y   
 

n 4 r
o 8 w
w 15 l
i 1 «
s 23 «
t 1 «
+4 h 3 «
e 9 «
n o p q r t 12 «
i 20 «
m «
ahis is a very weak cipher
e 25 «
eal ciphers use complex math
7
Copyright Pearson Prentice-Hall 2010
Ô ubstitution Ciphers
Ń ubstitute one letter (or bit) for another in each place
Ń ahe cipher we saw in Figure 3-2 is a substitution cipher

Ô aransposition Ciphers
Ń aransposition ciphers do not change individual letters or
bits, but they change their order

Ô 0ost real ciphers use both substitution and


transposition

Copyright Pearson Prentice-Hall 2010


 Y  

 Y     
 n o w
 i s t
 h e t
Key = 132 231

Copyright Pearson Prentice-Hall 2010


Ô Ciphers can encrypt any message expressed in
binary (1s and 0s)
Ń ahis flexibility and the speed of computing makes this
ciphers dominant for encryption today

Ô Codes are more specialized


Ń ahey substitute one thing for another
Ń Usually a word for another word or a number for a word
Ń Codes are good for humans and may be included in
messages sent via encipherment

Copyright Pearson Prentice-Hall 2010


0essage Code
From 1 434
Akagi 3 1
ao 839 1
aruk 11131
a P 
EaA 3 4
aransmitted P0 3104
1434 318391« a P 
equire 2998
213
 4 8
a P 
11
Copyright Pearson Prentice-Hall 2010
Key Length in umber of Possible Keys
its Each extra bit
doubles the number
1 of keys 2
2 4
4 1
8 2
1 ,3
40 1,099,11,2,
 2,0,94,03,92,900
112 ,192,29,88,34,830,000,000,000,000,000,000
112 1923E+33
18 haded keys are 34144E+0
2 trong symmetric 1192E+
12 keys (>=100 bits) 13408E+14
12
Copyright Pearson Prentice-Hall 2010
Ô ote
Ń Public key/private key pairs (discussed later in the
chapter) must be much longer than symmetric keys to be
considered to be strong because of the disastrous
consequences that could occur if a private key is cracked
and because private keys cannot be changed frequently
Public keys and private keys must be at least 12 to
1,024 bits long

1
Copyright Pearson Prentice-Hall 2010
    
Key Length 0 bits or  112 or 18 128, 192, or
(bits) more 2
Key trength Very weak at Weak trong trong
0 bits
Processing Low 0oderate High Low
equirements
A0 Low 0oderate 0oderate Low
equirements
emarks Can uses Created in Applies aoday¶s gold
keys of the 190s DE three standard for
variable times with symmetric
length two or three key
different encryption
DE keys
1
Copyright Pearson Prentice-Hall 2010
- it D y etric ey
5 its re n ant its
- it Plainte t lock

ahe D cipher D ncryption


encrypts essages Process
its at a ti e
ahe D cipher in
co e ook o e nee s
- it Cipherte t lock
two inp ts

15
Copyright Pearson Prentice-Hall 2010
Ô Cryptographic ystems
Ń Encryption for confidentiality is only one cryptographic
protection
Ń Individual users and corporations cannot be expected to
master these many aspects of cryptography
Ń Consequently, crypto protections are organized into
complete cryptographic systems that provide a broad set
of cryptographic protection

6
Copyright Pearson Prentice-Hall 2010
Ô Cryptographic ystems
1 awo parties first agree upon a particular cryptographic
system to use
2 Each cryptographic system dialogue begins with three
brief hand-shaking stages
3 ahe two parties then engage in cryptographically
protected communication
½ ahis ongoing communication stage usually constitutes nearly
all of the dialogue

7
Copyright Pearson Prentice-Hall 2010
Handsha ing tage 1
Initial egotiation of ecurity Para eters

Handsha ing tage 2


Client PC Initial uthentication
Usually utual er er

Handsha ing tage 3


eying
ecure e change of eys and other secrets
ai e
ngoing Co unication tage
ai e with essage-by- essage
Confidentiality, uthentication,
and essage Integrity

lectronic ignature Plainte t


uthentication, Integrity

1 ncrypted for Confidentiality


Copyright Pearson Prentice-Hall 2010
nitial thentication
s ally m t al erver

Han shaking tage


eying
ec re e change o keys an other secrets

Ongoing Comm nication tage


e ith 0essage- y-0essage
Con i entiality thentication
an 0essage ntegrity

lectronic ignat re Plainte t


thentication ntegrity

ncrypte or Con i entiality

1
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication

20 Copyright Pearson Prentice-Hall 2010


Cipher uite Key Digital ymmetric Hashing trength
egotiation ignature Key 0ethod
0ethod Encryption for
0ethod H0AC
ULL_WIaH_ULL_ULL one one one one one
A_EXP a_WIaH_ A A C4 (40-bit 0D Weak
C4_40_0D export export key)
strength (40 strength
bits) (40 bits)
A_WIaH_DE_C C_ A A DE_C C HA-1 tronger
HA but not
very
strong
DH_D_WIaH_3DE_ Diffie- Digital 3DE_ HA-1 trong
EDE_C C_HA Hellman ignature EDE_C C
tandard
A_WIaH_AE_2_C A A AE HA-2 Very
C_HA2 2 bits strong

21
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication

22 Copyright Pearson Prentice-Hall 2010


upplicant Credentials Verifier
Wishes to prove its Proofs of identity aests the
identity (password, etc) credentials, accepts
or rejects the
supplicant

2
Copyright Pearson Prentice-Hall 2010
Ô „ 
Ń A hashing algorithm is applied to a bit string of any length
Ń ahe result of the calculation is called the hash
Ń For a given hashing algorithm, all hashes are the same
short length

Hashing Hash bit string of


it string of any length Algorithm small fixed length

Copyright Pearson Prentice-Hall 2010


Ô „     ! 
"
 ! ! ! 
" „ 

esult length About the same hort fixed length


length as the regardless of
plaintext message length

eversible? Yes Decryption o ahere is no way


to get from the short
hash back to the long
original message

à5
Copyright Pearson Prentice-Hall 2010
Ô „   "  #
Ń 0D (128-bit hashes)
Ń HA-1 (10-bit hashes)
Ń HA-224, HA-2, HA-384, and HA-12 (name
gives hash length in bits)
Ń ote 0D and HA-1 should not be used because have
been shown to be unsecure

2
Copyright Pearson Prentice-Hall 2010
27
Copyright Pearson Prentice-Hall 2009
2010
upplicant sends esponse 0essage in the clear
(without encryption)

aransmitted esponse 0essage

2
Copyright Pearson Prentice-Hall 2010
2
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication

30 Copyright Pearson Prentice-Hall 2010


Ô ahere are two types of ciphers used for
confidentiality
Ń In symmetric key encryption for confidentiality, the two
sides use the same key
½ For each dialogue (session), a new symmetric key is
generated the symmetric session key
Ń In public key encryption, each party has a public key and
a private key that are never changed
½ A person¶s public key is available to anyone
½ A person keeps his or her private key secret

Copyright Pearson Prentice-Hall 2010


2
Copyright Pearson Prentice-Hall 2010
1.
Creates
Sy etric
Session ey

Party
Party B

2. ncrypts
Session ey ith . Sen s the Sy etric . ecrypts
Party B's P lic ey Session ey ncrypte Session ey ith
or Con i entiality Party B's Pri ate ey

. S se ent ncryption ith


Sy etric Session ey
Copyright Pearson Prentice-Hall 2010
Ô ahe two parties exchange parameters p and g
Ô Each uses a number that is never shared explicitly
to compute a second number
Ń Each sends the other their second number

Ô Each does another computation on the second


computed number
Ô oth get the third number, which is the key
Ô All of this communication is sent in the clear

Copyright Pearson Prentice-Hall 2010


1
E change Keying Infor ation
Party X Agree on Diffie-Hell an Group
ahe gory p (pri e) and g (generator) Party
details E change is in the clear
2 2
Party X Party
Generates ando Generates ando
u ber u ber y

Party X 4 Party
Co putes E change Keying Infor ation Co putes
=g^ od p E change and y  y =g^y od p
E change is in the clear

5 5
Party X Party
Co putes Key Co putes Key
=y ^ od p = ^y od p
=g^( y) od p =g^( y) od p
 ubsequent Encryption ith
y etric ession Key g^( y) od p

ote An ea esdropper intercepting the eying infor ation


ill still not no or y and so ill not be able to
5 co pute the sy etric session ey g^ y 0od P
Copyright Pearson Prentice-Hall 2010
electing methods and
parameters
Authentication
Keying (the secure exchange of
secrets)
ngoing communication

3 Copyright Pearson Prentice-Hall 2010


Ô Consumes nearly all of the dialogues
Ô 0essage-by-0essage Encryption
Ń early always uses symmetric key encryption
Ń Already covered
Ń Public key encryption is too inefficient
Ô 0essage-by-0essage Authentication
Ń Digital signatures
Ń 0essage authentication codes (0ACs)
Ń Also provide message-by-message integrity

7
Copyright Pearson Prentice-Hall 2010
o Create the Digital ignat re Plainte t

1 Hash the plainte t to create a Hash


rief essage igest; this is
 the Digital ignat re D
ign ncrypt ith
2 ign encrypt the essage en er s Pri ate ey
igest ith the sen er s pri ate D
key to create the igital signat re

Goal to sho that the s pplicant


kno s the r e Party s D Plainte t
pri ate key

D Plainte t Copyright Pearson Prentice-Hall 2010


ey to create the igital signat re

Goal to sho that the s pplicant


no s the Tr e Party s S Plainte t
pri ate ey

S Plainte t

 Trans it the plainte t + igital


Sen er signat re, encrypte ith ecei er
sy etric ey encryption

To Test the igital Signat


ncryption is one to protect the plainte t
 5  Hash the recei e plain
It is not nee e for essage- y- essage a thentication
ith the sa e hashing algo
ecei e Plainte t S the sen er se  This gi es
essage igest
ecrypt ith Copyright Pearson Prentice-Hall 2010
Hash Tr e Party s 5 ecrypt the igital signa
ith the Tr e Party s p lic
D Plainte t

3. arans it the plainte t + digital


ender signature encrypted ith ecei er
sy etric key encryption.

ao aest the Digital ignature


. . . Hash the recei ed plainte t
ith the sa e hashing algorith
ecei ed Plainte t D the sender used. ahis gi es the
essage digest.
Decrypt ith
Hash arue Party s . Decrypt the digital signature
Public Key ith the arue Party s public key.
ahis also ill gi e the
essage digest i the sender
has the arue Party s pri ate key.
0D 0D
. . the t o atch the essage
Are ahey Equal? is authenticated.

0
Copyright Pearson Prentice-Hall 2010
Encryption Goal ender Encrypts eceiver
with Decrypts with
Public Key ahe receiver¶s ahe receiver¶s
Encryption for public key private key
Confidentiality
Public Key ahe sender¶s ahe arue Party¶s
Encryption for private key public key
Authentication (not the sender¶s
public key)
Point of frequent
confusion
1
Copyright Pearson Prentice-Hall 2010
Ô Cannot use the sender¶s public key
Ń It would  Ëvalidate´ the sender¶s digital signature

Ô ormally requires a digital certificate


Ń File provided by a certificate authority (CA)
½ ahe certificate authority must be trustworthy
Ń Digital certificate provides the subject¶s (arue Party¶s)
name and public key
Ń Don¶t confuse digital signatures and the digital certificates
used to test digital signatures!


Copyright Pearson Prentice-Hall 2010
Field Description
Version Version number of theerial number
X09 allows the
standard receiver
0ost to
certificates
umber check if the
follow Version
 Different digital certificate
versions has been
have different fields
revoked
ahis figure reflects the Version by the CA

standard

Issuer ame of the Certificate Authority (CA)


erial Unique serial number for the certificate, set by the CA
umber
ubject ahe name of the person, organization, computer, or
(arue Party) program to which the certificate has been issued ahis
is the true party
Public Key ahe public key of the subject (the true party)
Public Key ahe algorithm the subject uses to sign messages with
Algorithm digital signatures
Certificate provides the arue

Party¶s public key
Copyright Pearson Prentice-Hall 2010
Field Description
Digital ahe digital signature of the certificate, signed by the CA
ignature with the CA¶s own private key
For testing certificate authentication and integrity
User must know the CA¶s public key independently

ignature ahe digital signature algorithm the CA uses to sign its


Algorithm certificates
Identifier

ahe CA signs the cert with its own


ther Fields «
private key so that the cert¶s validity can
be checked for alterations


Copyright Pearson Prentice-Hall 2010
Ô a     
Ń ahe digital certificate has a digital signature of its own
Ń igned with the Certificate Authority¶s (CA¶s) private key
Ń 0ust be tested with the CA¶s well-known public key
Ń If the test works, the certificate is authentic and
unmodified

5
Copyright Pearson Prentice-Hall 2010
Ô !$   % & Y "&
Ń Certificate is valid only during the valid period in the
digital certificate (not shown in the figure)
Ń If the current time is not within the valid period, reject the
digital certificate

6
Copyright Pearson Prentice-Hall 2010
Ô !$ '" "!"
Ń Certificates may be revoked for improper behavior or
other reasons
Ń evocation must be tested
Ń Cannot be done by looking at fields within the certificate
Ń eceiver must check with the CA

7
Copyright Pearson Prentice-Hall 2010
Ô !$ '" "!"
Ń Verifier may download the entire certificate revocation list
from the CA
½ ee if the serial number is on the certificate
revocation list
½ If so, do not accept the certificate
Ń r, the verifier may send a query to the CA
½ equires the CA to support the nline Certificate
tatus Protocol


Copyright Pearson Prentice-Hall 2010
Certi icate thority

eri ier st no C p lic ey to test


hether the igital certi icate has een altere
e ocation in or ation

igital ignat re igital Certi icate

igital ignat re P lic ey o


to e teste ith r e Party
the p lic ey o
the r e Party

thentication

the p lic ey o the r e Party


eri ies the igital signat re
accept the s pplicant

Copyright Pearson Prentice-Hall 2010
Ô Also rings 0essage Integrity
Ń If the message has been altered, the authentication method
will fail automatically

Ô Digital ignature Authentication


Ń Uses public key encryption for authentication
Ń Very strong but expensive

Ô Key-Hashed 0essage Authentication Codes


Ń An alternate authentication method using hashing
Ń 0uch less expensive than digital signature authentication
Ń 0uch more widely used

5
Copyright Pearson Prentice-Hall 2010
51
Copyright Pearson Prentice-Hall 2010
As in the case of digital signatures, confidentiality is
done to protect the plaintext
It is not needed for authentication and has nothing to
do with authentication

52
Copyright Pearson Prentice-Hall 2010
5

Copyright Pearson Prentice-Hall 2010


Ô onrepudiation means that the sender cannot
deny that he or she sent a message
Ô With digital signatures, the sender must use his or
her private key
Ń It is difficult to repudiate that you sent something if you
use your private key

Ô With H0ACs, both parties know the key used to


create the H0AC
Ń ahe sender can repudiate the message, claiming that the
receiver created it
5
Copyright Pearson Prentice-Hall 2010
Ô However, packet-level nonrepudiation is
unimportant in most cases
Ô ahe application message²an e-mail message, a
contract, etc, is the important thing
Ô If the application layer message has its own digital
signature, you have nonrepudiation for the
application message, even if you use H0ACs at
the internet layer for packet authentication

55
Copyright Pearson Prentice-Hall 2010
Ô 
 !$
Ń Capture and then retransmit an encrypted message later
Ń 0ay have a desired effect
Ń Even if the attacker cannot read the message

56
Copyright Pearson Prentice-Hall 2010
Ô a (  
 !$
Ń aime stamps to ensure freshness of each message
Ń equence numbers so that repeated messages can be
detected
Ń onces
½ Unique randomly generated number placed in each
request message
½ eflected in the response message
½ If a request arrives with a previously used nonce, it is
rejected

57
Copyright Pearson Prentice-Hall 2010
Ô   # )! !
Ń Describes the behavior of fundamental particles
Ń Complex and even weird results

5
Copyright Pearson Prentice-Hall 2010
Ô   #   * "
Ń aransmits a very long key²as long as the message
Ń ahis is a one-time key that will not be used again
Ń A one-time key as long as a message cannot be cracked
by cryptanalysis
Ń If an interceptor reads part of the key in transit, this will
be immediately apparent to the sender and receiver

5
Copyright Pearson Prentice-Hall 2010
Ô   #  !$
Ń aests many keys simultaneously
Ń If quantum key cracking becomes capable of working
on long keys, today¶s strong key lengths will offer no
protection

6
Copyright Pearson Prentice-Hall 2010
"'&    !"
## !  Applicable ender ot applicable
! 
" encrypts with key
shared with the
receiver

Y * !  Applicable ender Applicable ender (supplicant)


! 
" encrypts with encrypts with own private key
receiver¶s public key eceiver (verifier) decrypts with
eceiver decrypts the public key of the true party,
with the receiver¶s usually obtained from the true
own private key party¶s digital certificate

„  ot applicable Applicable Used in 0-CHAP


for initial authentication and in
H0ACs for message-by-
message authentication
61
Copyright Pearson Prentice-Hall 2009
2010
2
All rights reserved o part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior written
permission of the publisher Printed in the United tates of America