Lecture 1.

Introduction of Network Security and Cryptography

Security Issues in Networking

(1) Interruption: An asset of the system is destroyed or becomes unavailable or

unusable.
An attack on the availability.

Examples: Cutting of a communication link.

Systems services (web, ftp) unavailable

1
(2) Interception: An unauthorized party gains access to an asset.
An attack on confidentiality.

Examples: wiretapping to capture data in a network.

the illicit copying of files or programs.

2
(3) Modification: An unauthorized party not only gains access to but tampers
with an asset.
This is an attack on the integrity.

Examples: changing values in a data file, altering a program so that it

performs differently, and modifying the content of a message
being transmitted in a network.

3
Network Security?
 Data accessibility - contents accessible
 Data integrity - contents remain unchanged
 Data confidentiality - contents not revealed

What Cryptography can do?

 Encryption algorithms: only the authorized party can understand the
encrypted message.
 Digital signature: allow people to verify the authenticity of the message.

Encryption Algorithms?
Scrambling of message such that only intended receiver can unscramble them
 Encrypting function - produces encrypted message
 Decrypting function - extracts original message
 Key - parameter that controls encryption/decryption

4
Key
A sequence of numbers control the operation of an encryption algorithm.
 Each key has value from 0 to 255 bytes. Length of key is determined by the
encryption algorithm. 16 bytes (IDEA algorithm) and 255 bytes (RC-6
algorithm).
 To prevent a key from being guessed, the key must be truly randomly and
long enough so that an attacker cannot try all possible combinations.
-- A key length of 80 bits is generally considered the minimum for strong
security.
-- 128-bit keys are commonly used and considered very strong.

Two Broad Classes of Encryption Algorithms:

 Symmetric key algorithms: same key for both encryption and decryption.
 Asymmetric key algorithms: a pair of keys, one to encrypt and one to
decrypt. It allows one key to be made public while retaining the private key
in only one location.

5
Symmetric Encryption Algorithm
 Block cipher
 Stream cipher
Block cipher: A shared secret key operates on fixed-length groups of bits, termed blocks, with an
unvarying transformation.
 The message is broken into blocks, each of which is then encrypted
 Encrypting: a block cipher takes a (for example) 128-bit block of plaintext as input, and output
a corresponding 128-bit block of ciphertext.

 The exact transformation is controlled using the shared secret key.

 Decryption: the decryption algorithm takes, in this example, a 128-bit block of ciphertext
together with the secret key, and yields the original 128-bit block of plaintext.

Alice Bob

6
Example Symmetric Encryption Algorithms:
 Data Encryption Standard (DES)
 Triple Data Encryption Standard (3DES)
 Advanced Encryption Standard (AES)

Original Image Encrypted Image Decrypted Image

Decryption

car.raw car_enc.raw car_dec.raw

Decryption

rocket.raw rocket_enc.raw rocket_dec.raw

Examples of image data (raw data), encrypted and decrypted data

7
Asymmetric Encryption Algorithm

 Public/private key pair

 Only the owner knows the private key, but everyone knows the public key
 If the message is encrypted with the private key, then everyone with the
public key can recover the message, but only the owner can generate the
encrypted message
 If the message is encrypted with the public key, only the owner can
decrypted it using its private key

8
The Asymmetric Encryption Algorithms:
 Rivest-Shamir-Adelman (RSA)
 Diffie-Hellman (DH)
Example: RSA
Select two large prime numbers, a and b (each will be roughly 256 bits long).
n = a×b.

Choose public-key: a number e is chosen so that e and (a-1)×(b-1) are relatively prime. Two
numbers are relatively prime if they have no common factor greater than 1.

The public-key is then <e, n> and results in a key which is 512 bits long.

Calculate the private key d:

d=e–1mod[(a-1)×(b-1)] or de mod [(a-1)×(b-1)]1 mod [(a-1)×(b-1)]

Encryption: process to ciphertext, c:

c=memod n

The message, m, is then decrypted with: m=cd mod n

9
The security of a cryptographic system depends on its computational difficulty: how
much work it is for the bad guy to break it.
RSA is secure because of the great mathematical difficulty of finding the two prime
factors of a large number (factoring problem), and of finding the private key d from
the public key n.
n = a×b
d=e–1mod[(a-1)×(b-1)]
The only known method of finding the two prime factors of a large number is to check all
the possibilities one by one, which isn't practical because there are so many prime
numbers.
For example, a 128 bit public key n would be a number between 1 and
340,282,366,920,938,000,000,000,000,000,000,000,000
There are about:
3,835,341,275,459,350,000,000,000,000,000,000,000 different prime numbers in a 128
bit key.

10
Example of RSA encryption and decryption:
Choose two prime numbers p = 61 and q = 53
1. Compute
n = 61 * 53 = 3233
2. Compute the totient
φ(n) = (61 − 1)(53 − 1) = 3120
3. Choose e > 1 coprime to 3120
e = 17
4. Compute such that
(d is uniquely determined by e and φ(n))
d = 2753
17 * 2753 = 46801 = 1 + 15 * 3120.
The public key is (n = 3233, e = 17). For message
the encryption function is:
.
The private key is (d = 2753). The decryption
function is:
.
For example, to encrypt m = 123, we calculate

To decrypt c = 855, we calculate

.

11
Key exchange
Generation, exchange, and replacement of shared secret keys for symmetric encryption
algorithm.

• Manual key exchange - two parties verbally communicate the key string either over
the phone or in person.

• Shared secret key exchange - two-key system: a public key, which is exchanged
between end users, and a private key, which is kept secret by the original owners.
(using Asymmetric encryption algorithm)

Diffie-Hellman Key Exchange Protocol (DH)



Allows two parties that have no prior knowledge of each other to jointly establish a shared secret key
over an insecure communications channel.

This key can then be used to encrypt subsequent communications using a symmetric key algorithm.

 Implements key exchange without exchanging the actual private keys.

 The most widely used algorithm for establishing symmetric keys to encrypt data.

12
Using a clear channel, A and B agree on two prime numbers, g and P.

Alice Bob

 The security of DH is based on the difficulty of solving the Discrete Logarithm

Problem

It is hard to derive XA from gXA mod p

13
Example:

Alice and Bob pick p=541, g=2.

Alice chooses x=137 and sends gx mod p = 2137  208(mod 541) to Bob.

Bob picks y=193 and sends gy mod p = 2193  195(mod 541) to Alice.

Alice compute the shared secret key K = (gy)x mod 541 (2193)137 486 (mod 541)

They compute the shared secret key K = (gx)y mod 541 (2137)193 486 (mod 541)

Symmetric vs. Asymmetric Encryption

 Symmetric encryption is fast but not as safe as asymmetric encryption. But because
of its speed, it's commonly used for multimedia, e-commerce transactions.
 Asymmetric encryption is more complex--and more secure. More computation is
required, so the process takes longer.

We use hybrid systems

 Get started with public key
 Switch to secret key

14
Data Integrity:
 Hash function
 Digital Signature

Hash function:
A reproducible method of turning data into a small number that may serve as a digital "fingerprint"
of the data (Message Digest).

Y=H(X)=X mod 11

 It is infeasible to find two different messages with the same hash value
 One bit of data is changed, a hash function usually produces a completely different hash value.
 One way
 The hash is made to be a definite size, 160 bits (SHA-1), through the use of modular division.
 Two most-commonly used hash functions are MD5 and SHA-1.

15
Hash Function for Data Integrity

To guard against interception/modification, each message has a hash attached to it.

If the two hashes do not match, the message was altered.

16
Digital Signature
A number attached to a message, when other people receive the message, he can simply verify the
attached number to confirm whether the message has been changed or not.

17
Digital Signature for Data Integrity

Alice sign a document

18
Bob verify the signature:

Digital Signature:

• Data integrity
• Sender authenticity
• Non repudiation

19