ilab Lab 7 Basics of Cryptography / Security I Testate 2 nd Half - PowerPoint PPT Presentation

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München ilab Lab 7 Basics of Cryptography / Security I

Testate – 2 nd Half of Term � This lecture is divided into two halves: � Basics of Cryptography • Repetition/introduction to cryptography • Major part of this lecture � Security I • “Non-crypto concepts for network security”, e.g.: Firewalls • Minor part of this lecture � The understanding of “Basics of Cryptography” is mandatory for all oral exams in this half of the term. � You can either: � Do an oral exam exclusively about this lecture. � Do another oral exam. Here we do not ask questions about “BoC” but assume that you have the good understanding of cryptography. Internetpraktikum 2

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München First Part: Basics of Cryptography The following slides are relevant for all second oral exams about Labs 6 – 10.

Security Objectives � Confidentiality (“Vertraulichkeit”) � It should be impossible, that an attacker is able to eavesdrop (and understand) data sent � Integrity (“Integrität”) � It should be impossible that modifications to data remain undetected � Authenticity (“Authentizität”) � … of data: It should be possible to identify the sender of the data � … of the communication partner: It should be possible to identify the communication partner � Non-repudiation (“Nicht Abstreitbarkeit”) � It should be impossible, that the sender of a message repudiates that she has sent the message Internetpraktikum 4

Attack Vectors on Communication Alice Bob Active Passive (Modification) (Eavesdropping) Eavesdropping of data Replay/delay of messages sent/ user accounts Faked identities Modification of messages Passive Attacks Active Attacks Passive Attacks Active Attacks Insertion/deletion of Denial of service Traffic Analysis messages Internetpraktikum 5

(A)symmetric Cryptography � Symmetric Cryptograpy � Asymmetric (public key) Cryptography � Everybody has a key pair � All communication instances (public/private key) share the same symmetric key � Pros : � Pros : • Public keys can (should) be • Low computational costs made public • Short keys • Non-repudiation � Cons : � Cons : • Key exchange difficult (needs • High computational costs second channel) • Longer keys • No non-repudiation (as all have the same key) Internetpraktikum 6

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Symmetric Crypto

Symmetric Crypto � Alice and Bob exchanged a shared symmetric key k over a secure channel Alice Bob � Alice encrypts the message using k and some algorithm and sends the ciphertext to Bob. Encryption Message Ciphertext Alice � Bob decrypts the ciphertext using k and the same algorithm Decryption Ciphertext Message Bob Internetpraktikum 8

Data Encryption Standard (DES / 3DES) � Data Encryption Standard (DES) � Developed in the seventies by IBM and NSA. � Was official US encryption standard. � Block length 64 Bit � Key length 56 Bit � No working attacks known except brute force • Unfortunately today's machines are fast enough for brute force… ☺ � Slow � 3DES – Triple DES � DES is applied three times with different keys. � Usually: • Cyphertext = Encrypt K1 (Decrypt K2 (Encrypt K1 (Plaintext))) • Plaintext = Decrypt K1 (Encrypt K2 (Decrypt K1 (Cyphertext))) • Key length 2 x 56 = 112 Bit � Still safe � Triple slow Internetpraktikum 9

Advanced Encryption Standard (AES) � DES is not safe anymore, 3DES is too slow, so a successor is needed � NIST started a tendering procedure, lot‘s of candidates � After 5 years the Rijndael-Cipher was chosen to be the AES � Properties of AES (Rijndael): � Block cipher, Block size 128, 192 or 256 Bit � Key length 128, 192 or 256 Bit � Very efficient � Safe • No working attacks (publicly) known • But: Advancements in crypto analysis of AES could become problematic in future Internetpraktikum 10

Encryption Modes of Block Ciphers � Many symmetric crypto algorithms work on blocks of e.g. 128 bit length � Electronic Codebook (ECB) � Blockwise encryption CBC-Modus: � “Same input, same output” (critical IV Plaintext Cyphertext with padding) block block � As blocks do not depend on each other the attacker is able to 1 1 1 XOR exchange/delete/repeat blocks 2 2 XOR � Cipher Block Chaining (CBC) � Blocks depend on each other 3 3 XOR � Other modes: IV: Initialization vector Output feedback mode, Cipher feedback mode, … Internetpraktikum 11

Stream Cipher � Stream ciphers XORs a data stream with a generated key stream � The major problem is the generation of a non predictable (and endless) keystream with a short key as seed � If the key stream is predictable, the cipher is weak � Stream ciphers are based on pseudo random number generators � Stream ciphers often are used close to hardware, e.g. inside mobile phones or WLAN (RC4) Internetpraktikum 12

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Asymmetric Cryptography

Asymmetric Encryption Bob has a private and public key. Bob gives the public key to Alice. � Alice Bob Alice encrypts a message using Bobs public key . � Encryption Message Ciphertext Alice Bob decrypts the ciphertext using his private key . � Idea: Nobody except Bob is able to decrypt the message � Decryption Ciphertext Message Bob Internetpraktikum 14

Asymmetric Signature (1) Some asymmetric crypto algorithms can be used for signature purposes. � Bob signs (encrypts) a message using his private key � „Signed“ Encryption Message Message Bob Everybody that knows Bobs public key is able to decrypt (verify) the � ciphertext „Signed“ Decryption Message Message Alice Idea: As only Bob has Bob‘s private key, nobody else is able to generate the � signature Provides authenticity of messages and non-repudiation � (Works a little different in real life) � Internetpraktikum 15

RSA � Developed 1977 by Ronald R ivest, Adi S hamir and Leonard A dleman. Steps: � � Select p, q: prime (p != q; p, q big. (The bigger, the better)) � Compute N = p * q (RSA modulus) Compute phi(N) = (p-1) * (q-1) (Euler‘s totient function) � � Select e (1 < e < phi(N)); e and phi(N) have no common divisor � Compute d with d * e ≡ 1 mod phi (N) � Public Key: N, e Private Key: N, d � Security of RSA is closely related to the prime factorization problem: N (and e) is publicly known. N can not be factorized to p and q efficiently (=quickly). If one had p and q, he could easily can compute d the valued Internetpraktikum 16

Encryption (asymmetric) � Asymmetric Encryption algorithms are some magnitudes slower than symmetric algorithms � The currently smallest key length still regarded as safe is 1024 bit 09.11.2005: RSA-640 broken A workgroup at the BSI has solved the “RSA-640 Challenge” using the “General Number Field Sieve (GNFS) method. The researchers used for the factorization of both 320 bit long prime factors of a 193 digit long number about 5 months of computational time on a 80 dual-core 2,2ghz Opteron cluster. Source: http://www.heise.de/newsticker/meldung/65957 � Used in real life: hybrid encryption systems � Step one: User authentication and exchange of a symmetric session key using public key cryptography � Step two: Encryption of data using the symmetric session key • Long sessions might need to perform re-keying, e.g. every one hour Internetpraktikum 17

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München (Cryptographic) Hash Functions

Hash Functions � Hash Functions map an input of arbitrary length to a value inside a hash space � Size of this hash space: e.g. 160bit � This value is referred to as Hash Value (“fingerprint”) Message (arbitrary length) Hash function 00 00 … 8f 7d 35 .. FF FF … Internetpraktikum 19

Hash Functions - Collisions � A cryptographic hash function needs to be collision resistant � It must be practically infeasible to generate a collision: m1, m2 with H(m1) = H(m2) with m1 != m2 Message 1 (arbitrary length) Same Hash Value Message 2 (arbitrary length) � Note: As hash functions map a long string to a short one it is not possible to avoid collisions � BUT: it must not be possible to efficiently (quickly) find such collisions � Simple method: 1. Create (randomly) a message, create hash of this message 2. Check if desired hash value equals hash value created above 3. If not, start at 1. For a good 160 bit hashing function one needs in average 2 159 tries � Internetpraktikum 20

Hash Functions � MD5 � Must be considered broken � SHA-1 (160 bit) � Currently often used as “default hash function” � Not broken yet, but significant advancements in cryptoanalysis of SHA-1 � In future, SHA-1 needs to be replaced, NIST recommends to use SHA-1 with more output bits, e.g. SHA-256 � Currently NIST started a tendering procedure for finding a SHA-1 successor Internetpraktikum 21