Networks Management and Control Standards
Networks Management and Control Standards TCN 6430
Popular in Course
Popular in Telecommunications
This 52 page Class Notes was uploaded by Bryce Zieme on Monday October 12, 2015. The Class Notes belongs to TCN 6430 at Florida International University taught by Niki Pissinou in Fall. Since its upload, it has received 39 views. For similar materials see /class/221763/tcn-6430-florida-international-university in Telecommunications at Florida International University.
Reviews for Networks Management and Control Standards
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 10/12/15
Cryptography and Network Security Dr Niki Pissinou Garth Crosby Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy39s not coming but on our own readiness to receive him not on the chance of his not attacking but rather on the fact that we have made our position unassailable The Art of War Sun Tzu Services Mechanisms Attacks consider three aspects of information security security attack security mechanism security service consider in reverse order Security Service is something that enhances the security of the data processing systems and the information transfers of an organization intended to counter security attacks make use of one or more security mechanisms to provide the service replicate functions normally associated with physical documents eg have signatures dates need protection from disclosure tampering or destruction be notarized or witnessed be recorded or licensed Security Mechanism a mechanism that is designed to detect prevent or recover from a security attack no single mechanism that will support all functions required however one particular element underlies many of the security mechanisms in use cryptographic techniques hence our focus on this area Security Services X800 Authentication assurance that the communicating entity is the one claimed Access Control prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity assurance that data received is as sent by an authorized entity NonRepudiation protection against denial by one of the parties in a communication Security Mechanisms X800 specific security mechanisms encipherment digital signatures access controls data integrity authentication exchange traffic padding routing control notarization pervasive security mechanisms trusted functionality security labels event detection security audit trails security recovery Classify Security Attacks as passive attacks eavesdropping on or monitoring of transmissions to obtain message contents or monitor traffic flows active attacks modification of data stream to masquerade of one entity as some other replay previous messages modify messages in transit denial of service Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers Two Fundamental Cryptographic Principles An Introduction to Cryptography The encryption model for a symmetrickey cipher Passive Active intruder 4 lntmder intruder just can alter listens messages Encryption Decryption Plaintext P gt method E method D gtPlaintext P I Ciphertext C EKP I Encryption Decryption key K key K Transposition Ciphers A transposition cipher Z m G gt w c O x OCC OQ DSD O H lt O39gtltO QEOUJ Piaintext pleasetransferonemilliondolIarsto myswissbankaccountsixtwotwo Ciphertext AFLLSKSOSELAWAIATOOSSCTCLNMOMANT ESILYNTWRNNTSOWDPAEDOBUOERIRICXB Principles of Cryptography Redundancy Encrypted message must contain information not needed to understand the message Freshness Some measures must be taken to ensure that the message is received was recently sent Prevent relay attacks Product Ciphers Basic elements of product ciphers a P box b Sbox C Product Pbox Product cipher P1 51 52 SS 54 P2 35 Se S7 Se 39 S10 S11 812 P4 C Data Encryption Standard The data encryption standard a General outline b Detail of one iteration The circled means exclusive OR llllllllllllyllll Z Li1 fRi1 Ki llllAllllllllAllll 64Bit ciphertext 32 bits 32 bits i a b A Little History DES was developed from a 128 bit cipher called Lucifer by IBM NSA talked with IBM to standardize a cipher for unclassified data This resulted in DES being adopted by the US government a 56 bits key cipher in January 1977 Cryptographers and the public suspected conspiracy by NSA DES design was secret possible to hide a backdoor Reduction of key length made it easier to break by NSA Later in 1977 Diffie amp Hellman designed a machine to break the DES It would cost 20 mil and take 1 day today it cost lt1 mill Method use was exhaustive search of 256 key space Triple DES As early as 1979 IBM realized DES key length was too short Vulnerable to brute force Exhaustive key search Problem fixed by using triple encryption The reason for this approach is mainly economics backward compatibility Triple DES a Triple encryption using DES b Decryption K1 K2 K1 K1 K2 K1 Pwac a ep a b 99 F AES The Advanced Encryption Standard Rules for AES proposals request in 1997 by NIST The algorithm must be a symmetric block cipher The full design must be public Key lengths of 128 192 and 256 bits supported Both software and hardware implementations required The algorithm must be public or licensed on nondiscriminatory terms AES Submissions 15 serious proposals were made Public conferences were planned and submissions were publicly scrutinized In 1998 The finalist were Rijndael Joan Daemon Vincent Rijmen 86 votes Serpent Ross Anderson Eli Biham amp Lars Knudsen 59 votes Twofish a team headed by Bruce Schneier 31 votes RC6 RSA Laboratories 23 votes MARS IBM 13 votes Cryptanalysis Some common symmetrickey cryptographic algorithms Cipher Author Key length Comments Blowfish Bruce Schneier 1 448 bits Old and slow DES IBM 56 bits Too weak to use now IDEA Massey and Xuejia 128 bits Good but patented RC4 Ronald Rivest 1 2048 bits Caution some keys are weak RC5 Ronald Rivest 128 256 bits Good but patented Rijndael Daemen and Rijmen 128 256 bits Best choice Serpent Anderson Biham Knudsen 128 256 bits Very strong Triple DES IBM 168 bits Second best choice Twofish Bruce Schneier 128 256 bits Very strong widely used PublicKey Algorithms RSA Other PublicKey Algorithms PublicKey Algorithm In 1976 Diffie amp Hellman propose a new kind of cryptosystem Three requirement must be met DEP P It is exceedingly difficult to deduce D from E E cannot be broken by a chosen plaintext attack Eencryption algorithm D decryption algorithm Introduction to Number Theory Prime Numbers prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers note 1 is prime but is generally not of interest eg 235 are prime 468910 are not prime numbers are central to number theory list of prime number less than 200 is 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 Prime Factorisation to factor a number n is to write it as a product of other numbers na x b x c note that factoring a number is relatively hard compared to multiplying the factors together to generate the number the prime factorisation of a number n is when its written as a product of primes eg917x13 360024x32x52 n Igna pEl39 Relatively Prime Numbers amp GCD two numbers a b are relatively prime if have no common divisors apart from 1 eg 8 amp 15 are relatively prime since factors of 8 are 1248 and of 15 are 13515 and 1 is the only common factor conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers eg30021gtlt31gtlt52 182lgtlt32 hence GCD 18300 21x31x506 Fermat39s Theorem 0 atp l mod p l where p is prime and god a p 1 also known as Fermat s Little Theorem useful in public key and primality testing Euler Totient Function z 1 when doing arithmetic modulo n complete set of residues is o n l reduced set of residues is those numbers residues which are relatively prime to n eg for n10 complete set of residues is 01 23456789 reduced set of residues is 1 379 number of elements in reduced set of residues is called the Euler Totient Function on Euler Totient Function z n to compute on need to count number of elements to be excluded in general need prime factorization but kwpppnme p l torpqpxim nezpq p lq l eg 37 36 21 3 lx7 l 2x6 12 Euler39s Theorem a generalisation of Fermat39s Theorem Gammmod N l where gcdaNl eg a3nlO lO4 hence 34 81 1 mod 10 a2nll lllO hence 210 1024 1 mod 11 Chinese Remainder Theorem used to speed up modulo computations working modulo a product of numbers eg mod M m1m2mk Chinese Remainder theorem lets us work in each moduli mi separately since computational cost is proportional to size this is faster than working in the full modulus M Chinese Remainder Theorem can implement CRT in several ways to compute A mod M can firstly compute all ai mod mi separately and then combine results to get answer using quot 3 ii E i illII J l lZlijliLj 1quot i2 39 l 5 l i I l a i in m It 39339 9 IEIH Illk Ll in fl in h M Primitive Roots from Euler s theorem have ammmod nl consider ammoo39l nl GCD a n 1 must exist for m on but may be smaller once powers reach m cycle will repeat if smallest is m on then a is called a primitive root if p is prime then successive powers of a quotgeneratequot the group mod p these are useful but relatively hard to find Discrete Logarithms or lndices the inverse problem to exponentiation is to find the discrete logarithm of a number modulo p that is to find x where ax b mod p written as Xloga b mod p or Xindalp b if a is a primitive root then always exists othenNise may not x log3 4 mod 13 x st 3X 4 mod 13 has no answer x log2 3 mod 13 4 by trying successive powers whilst exponentiation is relatively easy finding discrete logarithms is generally a hard problem Summary have considered prime numbers Fermat s and Euler s Theorems Chinese Remainder Theorem Discrete Logarithms Public Key Cryptography RSA PrivateKey Cryptography traditional privatesecretsingle key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric parties are equal hence does not protect sender from receiver forging a message amp claiming is sent by sender PublicKey Cryptography probably most significant advance in the 3000 year history of cryptography uses two keys a public amp a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function complements rather than replaces private key crypto PublicKey Cryptography publickeytwokeyasymmetric cryptography involves the use of two keys a publickey which may be known by anybody and can be used to encrypt messages and verify signatures a privatekey known only to the recipient used to decrypt messages and sign create signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures PublicKey Cryptography monum ohumpxim Pluiulcu gt out In ulgm ilhmi 1 PublicKey Characteristics PublicKey algorithms rely on two keys with the characteristics that it is computationally infeasible to find decryption key knowing only algorithm amp encryption key computationally easy to endecrypt messages when the relevant endecrypt key is known either of the two related keys can be used for encryption with the other used for decryption in some schemes PublicKey Algorithm In 1976 Diffie amp Hellman propose a new kind of cryptosystem Three requirement must be met DEP P It is exceedingly difficult to deduce D from E E cannot be broken by a chosen plaintext attack Eencryption algorithm D decryption algorithm Security of Public Key Schemes like private key schemes brute force exhaustive search attack is always theoretically possible but keys used are too large gt512bits security relies on a large enough difference in difficulty between easy endecrypt and hard cryptanalyse problems more generally the hard problem is known its just made too hard to do in practise requires the use of very large numbers hence is slow compared to private key schemes RSA by Rivest Shamir amp Adleman of MIT in 1977 best known amp widely used publickey scheme based on exponentiation in a finite Galois field over integers modulo a prime nb exponentiation takes Olog n3 operations easy uses large integers eg 1024 bits security due to cost of factoring large numbers nb factorization takes Oe 3909 n 3909 3909 n operations hard RSA Key Setup each user generates a publicprivate key pair by selecting two large primes at random p q computing their system modulus Np q note N p l q l selecting at random the encryption key e where 1lteltz N gcd e a N 1 solve following equation to find decryption key d edl mod N and OSdSN publish their public encryption key KUeN keep secret private decryption key KRdpq RSA Use to encrypt a message M the sender obtains public key of recipient KU e N computes CMe mod N where o MltN to decrypt the ciphertext C the owner uses their private key KR d p q computes MC01 mod N note that the message M must be smaller than the modulus N block if needed Why RSA Works because of Euler39s Theorem 0 amnlmod N l where gcdaN 1 in RSA have Npq Npl ql carefully chosen e amp d to be inverses mod a N hence edlk N for some k hence Cd Med Mlk N M1 M Nq 1Vlllq M3L M mod N U PWN NF RSA Example Select primes p17 amp qll Compute n pq 17x11187 Compute onp 1q116xlo16o Selecte39gcdel60l choose e7 Determine d del mod 160 and d lt 160 Value is d23 since 23x7161 10x1601 Publish public key KU 7 187 Keep secret private key KR 23 17 11 RSA Example cont sample RSA encryptiondecryption is given message M 88 nb 88lt187 encryption C 887 mod 187 11 decryption M 1123 mod 187 88 RSA Key Generation users of RSA must determine two primes at random p q select either e or d and compute the other primes p q must not be easily derived from modulus Np q means must be sufficiently large typically guess exponents e d are inverses SO use Inverse algorithm to compute the other RSA Security three approaches to attacking RSA brute force key search infeasible given size of numbers mathematical attacks based on difficulty of computing oN by factoring modulus N timing attacks on running of decryption Summary have considered principles of publickey cryptography RSA algorithm implementation security