GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
cabbba858a
quartz/content/notes/24-network-security.md
Jet Hughes cabbba858a vault backup: 2022-10-20 13:05:03
2022-10-20 13:05:03 +13:00

4.4 KiB
Raw Blame History

title aliases tags sr-due sr-interval sr-ease
24-network-security
cosc203
lecture
2022-10-23 3 250

what is it?

  • confidentiality
    • only sender and reciver should understand message contents
    • encryption
  • authentication
    • sender and reciever want to confirm identity of each other
  • message integrity
    • sender and reciever want to ensure message not altered (in transit, or afterwards) without detection
  • access and availablility
    • services must be accessible and availble to users

sender and recieves:

  • any king of onnline communication

what can trudy to

  • eavesdrop
  • insert messages into connection
  • impersonation: fake (spoof) source address (or any field)
  • hijacjking "take over" ongoing connection by removing sender or ereciever, inserting himself in place
  • denial of service: prevent others from using a service (e.g., by overloading it)

terminology

  • m: plaintext message
  • K_{A}(m): ciphertext, encrypted with key K_{A}
  • m = K_{B}(K_{A}(m))
  • key: secret data used to encrypt and decrypt messages

Symmetric key crypto

bob and alice share the same key K

  • e.g., key is knowing a substitution pattern in mono alphabetic substitution cipher
  • substiution cipher
    • map each letter to a different letter
    • key is a mapping from a set of 26 letters to another set of 26 letters
    • not secure: easy to decrypt using patterns etc

DES: data encryption standard

  • data is split into blocks of 64 bits
  • each block encrypted using 56-bit key
  • blocks are chained together
    • encryption of current block is based on the previous block
  • 56-bit symmetric key, 64 kit plaintext input
  • not very secure: short key- only 56 bits - less than a day to brute force
    • no known good analytic attack
    • 3DES: encrypt 3 times with 3 different keys: more secure

AES: advanced encryption standard

  • larger key 128, 192 or 256
  • 128-bit blocks
  • brute force taking 1 sec on DES takes 149 trillion years for AES

Public key crypto

symmetric requires sharing of key

process

  • sender and reciever do not share secret key

  • public key known to all

  • pricate key known ony to reciever

  • use public key to encrypt

  • use private key to decrypt

public key reqs

RSA

  • popular public key encruption algorithm
  • how to generate keys
    • choose two large prime numbers (1024 bits each)
    • compute n=pq, z=(p-1)(q-1)
    • choose e (with e<n) that has no common factors with z (e, z, are "relatively prime")
    • choose d such that ed-1 is exactly divisible by z. (i.e., ed mod z = 1)
    • public key is (n, e) private key in (n, d)
  • encrypt message m (<n)
    • c = m^e\mod n
  • decrypt recieved c
    • m = c^d\mod n
  • magic
    • m = (m^e \mod n)^d \mod n
    • where c = m^e\mod n

example

Authentication of devices

  • AP2.0 athenticate based on IP: bad because can spoof IP
  • AP3.0 put secret password into each packet: bad because trudy can get a message and see the password
    • replay attack
    • can find password without decrypting
  • AP4.0 avoid replay attack:
    • nonce: number R used only once-in-a-lifetime
    • prove alice "live", Bob sends alice nonce, R
      • alice must return R, encrypted with shared key
    • problems
      • must choose a key in a secure way before they communicate
  • AP5.0: use nonce but with public key techniques
    • problem: man in the middle attack: trudy poses as alice to bob, and as bob to alice
    • need a better way to get public key

digital signature

  • Digital signatures
    • analogous to hand-signatures
    • sender digitally signs a document
    • verifiable, nonforgeable
    • simple digital signature
      • bob signs with his private key: creating signed message
      • alice uses publc key to verify
    • issue
      • lots of computation on long messages
  • hash function
    • apply hash function to get fixed size message digest, H(m)
    • then sign on the digest not the full message

diagram

certification authorities

  • binds public key to particular entity, E
  • entity registers its public key with CE provides proof of identity to CA
    • CA creates cert binding id E to E's public key
    • cert containing E's public key digitally signed by CA
  • when alice wants bobs public key
    • get bobs cert
    • apply CAs public key to bobs certificate, get bobs public key