Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D - - PowerPoint PPT Presentation
Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for Secure Communications? The Internet offers: Virtually universal worldwide coverage. Access to anywhere from anywhere, stationary or mobile.
2
3
CONFIDENTIALITY - of the data: All communications must be private - no unauthorized persons or equipment should be allowed to view any information passed over the Internet. INTEGRITY - of the data: All information must be validated - it must be what it claims to be, what was originally sent. AUTHENTICATION - of the message source: Message recipients must know the true source of that message. AUTHENTICATION - of the network users: All persons and machines with which users or machines interact must be identified - they must be who or what they claim to be.
4
■ To ensure the CONFIDENTIALIY of data, we use: ■ CRYPTOGRAPHY ■ To ensure the INTEGRITY of data, we use: ■ MESSAGE DIGESTS ■ To AUTHENTICATE the source of data, we use: ■ DIGITAL SIGNATURES ■ To AUTHENTICATE the identity of network users, we use: ■ DIGITAL CERTIFICATES
5
E-Com- merce Virtual Private Secure Email Today, all browsers (Netscape, IE) come equipped with SSL (Secure Sockets Layer), which establishes encrypted channels for passing private information, such as credit card numbers, to E-commerce Web sites, such as Amazon.com. A Virtual Private Networks is a network in which computers at remote locations connect via the Internet – not via private leased lines (the way Wide Area Networks Network – WANs - have been implemented since 1960). VPNs encrypt their traffic to ensure that their communications remain secret. The encryption schemes covered in this talk allow Internet users to send encrypted email to each other. PGP (Pretty Good Privacy) is an example.
In the 5th Century BC, the Greeks used a military cryptographic device called a "scytale." The scytale consisted of a wooden staff around which was wound a strip of leather or parchment. The message was written on the strip in columns. The strip was then removed from the staff and the two carried to the message recipient. This technique used character TRANSPOSITION.
6
■ In the 1st Century BC, Julius Caesar used an encryption method, later called the "Caesar Cipher," in which every letter was replaced by the letter that followed 3 places later in the alphabet. This technique uses character SUBSTITUTION, rather than TRANSPOSITION. ■ In the 15th century, Italian Leon Battista Alberti, invented the cipher disk, which allowed the Caesar Cipher to have a KEY. They were used during the US Civil War and (to a lesser extent) WWI and WWII. The black disk rotates within the white disk.
7
The black disk rotates within the white disk.
8
Modern 1-key cryptographic schemes rely on 3 main concepts: TRANSPOSITION (shuffling) of characters, SUBSTITUTION (replacement) of characters with other characters, and a KEY that is used to select
transposition/ substitution
result yields the original plaintext message.
9
Good schemes use a 128-bit key, giving: 340,000,000,000,000,000,000,000,000,000,000,000,000 = 3 x 1038 possible keys If you had 1 billion computers trying 1 billion keys per second, it would take 1013 years to try them all. That’s at least 1,000 times longer than the age of the universe (which is 1010 years) The most popular encryption scheme today is DES…
10
11
13
14
15
In the so-called "one-time pad" (1-key) encryption scheme, the secret key is a string of random bits. that is the same size as is the message. To encrypt the plaintext message, we merely XOR it with the key. To decrypt the ciphertext, we merely XOR it again with the key.
As an example, say we want to identify a spy - Joe. Using 8- bit ASCII text, the message-length is 24 bits, so we use a random 24-bit key:
16
Note that there is NO WAY anyone can decrypt the ciphertext without the
(15,777,216) possibilities, he will get every possible 3-letter name there is, from AAA to ZZZ (Abe, Ann, Bob, Cal, Don, Ken, Kim, Ron, Sid, Tim, Tom, etc.). If a bad guy knows that "Joe" is a possible name, and is the
length of the message. So, of course, we would make the message the same length as that of the longest possible name by padding it with, say, space characters.
17
public-key pair. When one key (it doesn't matter which
message, ONLY the other key can decrypt the message.
his keys - called the public key - to ALICE. BOB keeps private key – a SECRET!!
with BOB's public key. € A LOCK!
18
her ciphertext to BOB.
using BOB’s private key. € A KEY!
Adleman) is the most popular public-key encryption algorithm.
two communicators to agree upon a session key.
Algorithm) is the U.S. government standard public key algorithm.
19
The problem with 2-key cryptography is the necessary mathematical relationship between the public key and private key. This relationship prevents us from using just any old random key, which we can do with symmetric (private) cryptography. Therefore, to get the level of security provided by a 128- bit 1-key (secret) key size, we must use a 1024-bit key (about 10 times longer) when using 2-key (public)
the cryptanalyst need try only about 2128 of them.
20
OK, there are 21024 possible keys, but the cryptanalyst need try
is still left with: 340,000,000,000,000,000,000,000,000,000,000,000,000 possible keys However, use of such a large key (1024 bits), slows the requisite number-crunching and makes 2-key cryptography SLOW, SLOW, SLOW. Therefore public key cryptography is generally used only to send the secret (session) key in 1-key (private) key cryptography.
21
Pretty Good Privacy – PGP gives you secure pseudo- anonymous message service via your usual email service Alice creates a public key pair and gives Bob her public key. 1. Bob creates a random session key and 1-key-encrypts his email with it. 2. Bob 2-key-encrypts the session key with Alice’s public key. 3. Bob sends to Alice both the encrypted email and the encrypted session key. 4. Alice receives Bob’s email and reverses the process, retrieving the original text.
23
Again, 2-key cryptography is used primarily to distribute secret (session) keys that are then used with standard, old fashioned symmetric cryptography – it could be a military venue. This is the way E-commerce and VPNs work – but they also deal with the issue of authentication, which we have ignored here.
Assume Admiral Nimitz in Hawaii wants to send the USS Halibut (SSN-587) a message: 1. Nimitz radios the Halibut, "Send me a public key." 2. The Halibut generates and radios Nimitz a 1024-bit public key. 3. Nimitz radios the Halibut a 56-bit DES key, which he has encrypted with the Halibut's public key. 4. The Halibut decrypts Nimitz's DES key using its private key. 5. Both Nimitz and the Halibut now share the same secret key as though a courier had hand-carried it across thousands of mile
they can use all new keys every time they "talk."
24
25
The Man-in-the-Middle attack works like this: 1. BOB says to ALICE, “I have a message for you. Send me your public key." 2. ALICE sends her public key to BOB. 3. MAN gets ALICE's public key and then passes his own (MAN's) public key to BOB.
26
The Man-in-the-Middle attack works like this:
4. BOB gets MAN's public key and then passes his own (BOB's) public key to ALICE. 5. MAN gets BOB's public key and then passes his own (MAN's) public key to ALICE. Now, both ALICE and BOB have MAN's public key. MAN has both ALICE's and BOB's public keys.
27
The Man-in-the-Middle attack works like this:
6. ALICE encrypts her messages using MAN's public key - then sends them to BOB. 7. MAN decrypts those messages using his private key, reads them, re-encrypts them using BOB's public key, and then passes them on to BOB (changed or unchanged, as MAN pleases).
28
The Man-in-the-Middle attack works like this:
8. BOB encrypts his messages using MAN's public key - then sends them to ALICE. 9. MAN decrypts those messages using his private key, reads them, re-encrypts them using ALICE's public key, and then passes them on to ALICE (changed or unchanged, as MAN pleases).
the wiser.
29
30
■ To ensure the CONFIDENTIALIY of data, we use: ■ CRYPTOGRAPHY ■ To ensure the INTEGRITY of data, we use: ■ MESSAGE DIGESTS ■ To AUTHENTICATE the source of messages, we use: ■ DIGITAL SIGNATURES ■ To AUTHENTICATE the identity of network users, we use: ■ DIGITAL CERTIFICATES
31
For any given message (text, graphic, etc.), a computer program (1) computes the MD and (2) appends it to the end of the message. When BOB receives the message from ALICE, his software also computes an MD (does a "hash") of the message. BOB's software then compares its computed MD with ALICE's computed MD. A match verifies that the message is authentic - it has not changed since its creation. (Yes, a “man in the middle” can change the message and then create a new MD, but we handle that next.)
1.Software computes a message digest (MD) of ALICE's message.
3.When this encrypted MD has been appended to the original message, the message is then considered "signed" by ALICE. Using ALICE's public key, BOB's software decrypts the digital signature, thus retrieving the MD of ALICE's message. Then BOB's software computes its own MD of the original message.
If BOB's MD is identical to ALICE's MD, BOB knows 2 things: Note that ALICE could have also encrypted her signed message using BOB's public key. Then, BOB would (1) decrypt the message using his private key, and then (2) proceed as he did above, authenticating the message. Furthermore, ALICE cannot later claim she did not send the message - non-repudiation.
Alice gains privacy.
35
Most servers consider a correct Username and Password proof enough that the client is who she claims to be. However, how can the client be sure that the server is who it claims to be? Many client applications (e.g. browsers) use Digital Certificates to authenticate the server before passing on to it sensitive information, such as credit card numbers. (Note, however, that Digital Certificates can just as easily be used to authenticate a client to a server.)
A Digital Certificate is like a driver's license. It identifies its
certificate after verifying the information contained in it. The CA signs (appends a digital signature to) the certificate before issuing it to its owner, normally a server, person, or company. The CA’s digital signature is an encrypted message digest of the certificate, the encryption being done using the CA's private key. THIS IS CRUCIAL: The Digital Certificate (and therefore public keys) of all major CAs are installed in all major browsers (such as Internet Explorer and Firefox) so that the browsers can verify the signatures on all certificates it receives.
36
There are over 100 CAs, whose digital certificates (including their public keys) are installed on your browser. In IE, click on Tools/Internet Options/Content/ Certificates to see the list.
37
Here is Verisign’s certificate. It was signed by Verisign because there is no higher authority than it. All of the CA certificates in your browser were signed by the companies they identify. There is no higher authority to trust. So, ultimately, we trust Microsoft, or Netscape, or whoever wrote the browser we use! But what if someone hacks our browser….?
38
In Internet Explorer, you can view the digital certificate of any SSL-enabled Web site by double-clicking on the little yellow lock. Here is Amazon.com’s (abbreviated) certificate:
39
Certificate Owner: Certificate Issuer: Valid From: Valid To: www.amazon.com, Seattle, WA, USA RSA Data Security, Inc. Tuesday, March 19, 2006 8:00:00 PM Thursday, March 20, 2007 7:59:59 PM Public Key Algorithm: RSA (1024-bit) Server’s Public Key: 30 81 87 02 81 81 00 c8 1b 8b fa 40 c3 5b … (1024 bits) Signature Algorithm: MD5 (128-bit) CA’s Signature: 62 89 a8 52 c0 e6 80 10 51 74 3a 43 43 f0 c6 0e
The browser and server negotiate the 1-key encryption algorithm (e.g. RC4, 3DES, etc.) used to encrypt the actual information passed between them.
Double-click on the green lock to get this.
40
Secure Sockets Layer (SSL) uses it all: 1-key crypto, 2-key crypto, Digests, Signatures, and Certificates. SSL is the industry-standard method for protecting Internet
encryption, server authentication, message integrity, and
Browsers, such as IE and Netscape, not only include the SSL protocol, they also include the public keys of all major Certificate Authorities (CAs – there’s over 100 of them), such as Verisign and Thawte. Any server (or person) – such as Amazon.com or your broker - that will have to authenticate itself to your browser must possess a digital certificate signed by one of these CAs.
41
1. ALICE goes to Amazon, giving it her username and password. 2. Amazon's server gives its digital certificate to ALICE's browser. 3. ALICE’s browser reads the Certificate Authority (CA) listed in the certificate. 4. ALICE’s browser uses that CA's public key (included in the browser) to decrypt the certificate's digital signature – a message digest encrypted using the CA’s private key.
42
5. ALICE’s browser compares the MD with its own MD of the certificate. 6. If the certificate is okay, the browser sends the server a random session (secret) key, public-key-encrypted (e.g. RSA) using the server's public key (found in its certificate). 7. Amazon's server decrypts the session key using its private key. 8. The browser and server now use 1-key (e.g. RC4) cryptography.
43
9. Aclosed yellowlock appears to let you know an SSL (Secure Sockets Layer) channel is up! NOTE: A session key is a secret key that is used only once, in a single 1-key cryptographic communication session. AGAIN: SSL uses it all – 1-key crypto, 2-key crypto, message digests, digital signatures, and digital certificates.
44
46
Why Crypto Is Harder Than It Looks: http://www.counterpane.com/whycrypto.html Bruce Schneier's Applied Cryptography: http://www.counterpane.com/applied.html Handbook of Applied Cryptography: http://www.cacr.math.uwaterloo.ca/hac/ Cryptologic History and the NSA: http://www.nsa.gov/docs/history/index.html RSA Security, Inc.: http://www.rsa.com SSL - Secure Sockets Layer: http://www.e-greenstar.com/SSL/SSL-how.htm PGP - Pretty Good Privacy: http://www.pgp.com One Time Pads: http://world.std.com/~franl/crypto/one-time-pad.html ■ Cryptography: The Study of Encryption: ■ http://world.std.com/~franl/crypto.html
■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
The Cypherpunks Home Page: http://www.csua.berkeley.edu/cypherpunks/Home.html
1-KEY CRYPTOGRAPHY ALGORITHMS
■ DES: The Data Encryption Standard, a block cipher with 64-bit blocks and a 56-bit key . Probablythe most widely used symmetric cipher ever devised. DES has been a US government standard for use on unclassified data since the late 70's. It is seriously unsecure against current attacks. ■ 3DES: DES using three DES encryptions on a single data block, with at least two different
■ RC4: Rivest Cipher four, designed by Ron Rivest of RSA(Rivest-Shamir-Adelman) and widely
■ IDEA: International Data Encryption Algorithm, developed in Europe as an alternative to exportable American ciphers such as DES that were too weak for serious use; designed for high data throughput for use in real-time communications systems; a block cipher using 64-bit blocks and 128-bit keys; used in PGP (Pretty Good Privacy). ■ IPsec: Internet Protocol Security; uses 3DES with three different keys.
■
MPPE: Microsoft Point to Point Encryption, proprietary algorithm built into Microsoft products, not all that popular. ■ Blowfish: Ablock cipher with 64-bit blocks and variable length keys (up to 448 bits).
■
Skipjack: Developed by the NSAfor use with Clipper and Capstone; released in 1990; uses an 80-bit keyand 32 rounds of processing; uses a secret algorithm (all other algorithms listed here are in the public domain, making their security dependent entirelyon keeping the secret key secret.) ■ CAST: In its current form as CAST-128, this standard's main advantages over DES are the flexibilityin key size and a larger block size that allows for higher security . CAST-256 supports several key sizes (128, 160, 192, 224 and 256 bits) and a block size of 128 bits. CAST is several times faster than DES.
2-KEY CRYPTOGRAPHY ALGORITHMS
■ RSA: The Rivest-Shamir-Adleman public key encryption scheme w as developed by RSAData Security , Inc. Named for its three inventors, the RSAalgorithm is based on the fact that there is no efficient w ay to factor very large numbers. Deducing an RSAkey , therefore, requires an extraordinary amount of computer processing power and time. The RSAalgorithm has become the de facto standard for industrial-strength encryption of session keys sent over the
are products, including Netscape Navigator and Microsoft Internet Explorer. ■ DH: The Diffie-Hellman (DH) algorithm is actually a key-exchange mechanism, developed by Whitfield Diffie and Martin Hellman to create a shared session key , which then used in normal, 1-key cryptography . It w as the first openly published public key system, preceding the
Hellman.) ElGamal, a public key encryption scheme based on the DH algorithm is built into the PGP (Pretty Good Privacy) email encryption program. The success of DH is based upon the assumption that it is infeasible to compute g^(ab) knowing only g^a and g^b. That is, no
ay of passing from g^a and g^b to g^(ab) without first being able to determine a or b (but it is conceivable that such a w ay might exist). ■ DSA: Acrucial component of secure communication is the ability of a sender to affix a digital signature to a message to allowthe recipient to verify that the message w as sent bythe sender. This is especiallyimportant with public-key cryptosystems, which are susceptible to a Man-in- the-middle attack. The Digital Signature Algorithm (DSA) fills this role. It is designed to serve
difficulty of solving the discrete logarithm problem. Apublicly available implementation of
DSA is included in the GnuPG package, which is an open-source version of PGP.