IS414 Business Networks Technology

Network Security Techniques

Lecture Week 12

IS414 Semester 1 2020 1

 Announcements
• Last group to present from next week.
• Sample questions during tutorial sessions from next
week.
• Problem-based questions: need to understand
concepts and their application to real life problems.
• The case studies should help a lot as they provide
similar types of questions!
• Assignment 2 discussion.

IS414 Semester 1 2020 2

 Last Time…

• Introduction to network security?

• Security objectives – Confidentiality, Integrity and Availability
o Added objectives – Authenticity and Accountability
• Security Threats and Attacks, services and mechanisms
• Security Requirements – services needed to achieve security objectives.
• Intrusion Prevention – stopping intruders
o Firewalls at entry/exit points
o Introduction to Cryptography – Symmetric and Public (Asymmetric)

3
Symmetric Cipher Model
 Symmetric Encryption Requirements

• two requirements for secure use of symmetric encryption:

o a strong encryption algorithm (but this is known!)
o a secret key known only to sender / receiver
• mathematically have:
Y = E(K, X)
• Where E- encryption; K- key; X- plaintext message
X = D(K, Y)
• Where D – decryption; Y- Ciphertext

• Since algorithm is known – implies a secure channel to distribute key

Lets look at a few symmetric encryption schemes

IS414 Semester 1 2020 6

Simple encryption scheme – Substitution Ciphers

substitution cipher: substituting one thing for another randomly

according to encryption key
Monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

e.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

Encryption key: mapping from set of 26

letters
to set of 26 letters Security 8-7
A more sophisticated encryption approach
• n substitution ciphers, M1,M2,…,Mn
• cycling pattern:
o e.g., n=4: M1,M3,M4,M3,M2; M1,M3,M4,M3,M2; ..
• for each new plaintext symbol, use subsequent
substitution pattern in cyclic pattern
o dog: d from M1, o from M3, g from M4

Encryption key: n substitution ciphers, and cyclic

pattern
o key need not be just n-bit pattern

Security 8-8
 Symmetric key crypto: DES
DES: Data Encryption Standard
• US encryption standard [NIST 1993]
• 56-bit symmetric key, 64-bit plaintext input
• block cipher with cipher block chaining
• how secure is DES?
o DES Challenge: 56-bit-key-encrypted phrase decrypted
(brute force) in less than a day
o no known good analytic attack
• making DES more secure:
o 3DES: encrypt 3 times with 3 different keys

Security 8-9
 AES: Advanced Encryption Standard

• symmetric-key NIST standard, replaced DES (Nov 2001)

• processes data in 128 bit blocks
• 128, 192, or 256 bit keys
• brute force decryption (try each key) taking 1 sec on DES, takes 149
trillion years for AES

Security 8-10
The Diffie-Hellman Algorithm
 Overview

• Introduction

• Implementation

• Example

• Applications

• Conclusion
 Introduction

• Discovered by Whitfield Diffie and Martin Hellman

o “New Directions in Cryptography”

• Diffie-Hellman key agreement protocol

o Exponential key agreement
o Allows two users to exchange a secret key
o Requires no prior secrets
o Real-time over an untrusted network
 Introduction

• Security of transmission is critical for many network

and Internet applications
• Requires users to share information in a way that
others can’t decipher the flow of information

“It is insufficient to protect ourselves with laws; we

need to protect ourselves with mathematics.”
-Bruce Schneier
 Implementation

• P and G are both publicly available numbers

o P is at least 512 bits
• Users pick private values a and b
• Compute public values
o x = ga mod p
o y = gb mod p
• Public values x and y are exchanged
 Implementation

Copyright, 2001 by NetIP, Inc. and Keith Palmgren, CISSP.

 Implementation

• Compute shared, private key

o ka = ya mod p
o kb = xb mod p

• Algebraically it can be shown that ka = kb

o Users now have a symmetric secret key to encrypt
 Implementation

Copyright, 2001 by NetIP, Inc. and Keith Palmgren, CISSP.

 Example

• Two Internet users, Alice and Bob wish to have a

secure conversation.
o They decide to use the Diffie-Hellman protocol
 Example

• Alice and Bob get public numbers

o P = 23, G = 9

• Alice and Bob compute public values

o X = 94 mod 23 = 6561 mod 23 = 6
o Y = 93 mod 23 = 729 mod 23 = 16

• Alice and Bob exchange public numbers

 Example

• Alice and Bob compute symmetric keys

o ka = ya mod p = 164 mod 23 = 9
o kb = xb mod p = 63 mod 23 = 9
• Alice and Bob now can talk securely!
 Applications

• Diffie-Hellman is currently used in many protocols,

namely:
o Secure Sockets Layer (SSL)/Transport Layer Security
(TLS)
o Secure Shell (SSH)
o Internet Protocol Security (IPSec)
o Public Key Infrastructure (PKI)
Public Key Cryptography
symmetric key crypto public key crypto
• requires sender, receiver  radically different
know shared secret key approach [Diffie-
• Q: how to agree on key in Hellman76, RSA78]
first place (particularly if  sender, receiver do not
never “met”)? share secret key
 public encryption key
known to all
 private decryption key
known only to receiver

Security 8-23
 Public key encryption - Algorithms

requirements:

1 need K B
+
.-
( ) and K ( B) such that
- + Where:
K (K (m)) = m KB+  public key
B B
KB-  private key
2 given public key K +, it should be m  message
B
impossible to compute private
-
key K
B

RSA: Rivest, Shamir, Adelson algorithm

Security 8-24
 What is RSA?

• RSA is an algorithm used by modern computers to

encrypt and decrypt messages. It is an asymmetric
cryptographic algorithm.

• Asymmetric means that there are two different

keys. This is also called public key cryptography,
because one of them can be given to everyone. The
other key must be kept private.

Security 8-25
 Prerequisite: modular arithmetic

• x mod n = remainder of x when divide by n

• facts:
[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n
[(a mod n) * (b mod n)] mod n = (a*b) mod n
• thus
(a mod n)d mod n = ad mod n
• example: a=14, n=10, d=2:
(a mod n)d mod n = 42 mod 10 = 6
ad = 142 = 196 ad mod 10 = 6
Security 8-26
 RSA: getting ready

• message: just a bit pattern

• bit pattern can be uniquely represented by an integer number
• thus, encrypting a message is equivalent to encrypting a number
example:
• m= 10010001 . This message is uniquely represented by the decimal number 145.
• to encrypt m, we encrypt the corresponding number, which gives a new number
(the ciphertext).

Security 8-27
 RSA: Creating public/private key pair

1. choose two large prime numbers p, q.

(e.g., 1024 bits each)
2. compute n = pq, z = (p-1)(q-1)
3. choose e (with e<n) that has no common factors
with z (e, z are “relatively prime”).
4. choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. public key is (n,e). private key is (n,d).
+ -
KB KB
Security 8-28
 RSA: encryption, decryption

0. given (n,e) and (n,d) as computed above

1. to encrypt message m (<n), compute
c = me mod n

2. to decrypt received bit pattern, c, compute

m = cd mod n

magic m = (me mod n) d mod n

happens!
c

Security 8-29
 RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
encrypting 8-bit messages.

e
bit pattern m m c = me mod n
encrypt:
0000l000 12 24832 17

d
c c m = cd mod n
decrypt:
17 481968572106750915091411825223071697 12

Security 8-30
 A Simple RSA Example

• A very simple example of RSA encryption

• Select primes p=11, q=3.
• n = pq = 11.3 = 33. phi = (p-1)(q-1) = 10.2 = 20.
• Choose e=3. Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no
common factors except 1), ...
• Compute d such that ed ≡ 1 (mod phi) i.e. compute d = (1/e) mod phi
= (1/3) mod 20. ...
• Public key = (n, e) = (33, 3)

Security 8-31
RSA: another important property
The following property will be very useful later:

- + + -
K (K (m)) = m = K (K (m))
B B B B

use public key use private key

first, followed by first, followed by
private key public key

result is the same!

Security 8-32
 End.

IS414 Semester 1 2020 33