Professional Documents
Culture Documents
Given h very hard to compute M greater than 0.5 that two of them
have the same birthday? 23
One-bit change in M changes many bits in h
1 2
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Divide M into blocks, generate hash value iteratively Pad M with string of 1 and many zeros so that it is
64 bit short of multiple of 512
Mi
H hi Concatenate original length as 64-bit number
hi-1
3 4
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
5 6
1
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
7 8
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Only someone with a correct key can verify the contents of a document
hash value
Signature is authentic (noone but Alice could
Easy way to turn one-way hash function into have signed a document with her signature)
MAC is to encrypt hash value with symmetric
Signature is unforgeable
algorithm
Signature is not reusable
Signed document in unalterable
Signature cannot be repudiated
9 10
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
2
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
u1 = ( H ( M ) * w) mod q
DSA is public, RSA used to be patented
u 2 = (r * w) mod q
u1 u2
v = (( g * y ) mod p ) mod q
If v = r then signature is verified
15 16
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
3
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
he knows that Alice has sent the message (Symmetric and public key cryptography)
Alice and Bob are shouting messages in a crowded room
(authenticity)
No guest can understand what they are saying
If Alice added timestamps he can also verify that Integrity (Message digests)
Bob can verify that message has not been modified
19 20
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Man-in-the-middle attack
21 22
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Mallory captures this and sends to Alice Pub(M) Mallory captures this and sends to Alice Pub(M)
Alice encrypts a message in Pub(M) but sends
4
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
25 26
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
this against list of passwords passwords, apply one-way function to each and
If computer is broken into, hackers can learn store them in a table – dictionary attack
everybody’s passwords Host adds random salt to password, applies
Use one-way functions, store the result for every one-way function to that and stores result and
valid password salt value
Perform one-way function on input, compare result
against the list
27 28
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
5
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
31 32
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Name, network address, organization Bob decrypts the message, generates a random
Trent is known as Certificate Authority (CA) number RB and sends to Alice EK(RB)
Alice decrypts the message, sends to Bob EK(RB-1)
33 34
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
6
CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03 CIS 659 – Introduction to Network Security – Fall 2003 – Class 5 – 9/23/03
Ticket Granting Server (TGS) to Kerberos TGS, encrypted with KATGS, accompanied with TGT and
(TGT)
encrypts TGT with TGS’s secret key, sends both to Alice TGT, and compare timestamps
Alice retrieves KATGS and saves it and TGT If everything matches he generates a session key KAS to be
Server decrypts TAS with his secret key and retrieves KAS
39