Chap-7

Confidentiality Using Symmetric Encryption

7.1 Placement of Encryption

• If encryption is to be used to counter attacks on confidentiality, we need to decide what to encrypt and
where the encryption function should be located.

• Have many locations where attacks can occur in a typical scenario such as:

• workstations on LANs access other workstations & servers on LAN

• LANs interconnected using switches/routers

• with external lines or radio/satellite links or router

• use dial-in to LAN

• physically tap line in wiring closet

• monitor and/or modify traffic one external links

• Now examine potential locations of security attacks and then look at the two major approaches to
encryption placement: link encryption and end to end encryption

• link encryption

– encryption occurs independently on every link

– implies must decrypt traffic between links

– requires many devices

– each vulnerable communications link is equipped on both ends with an encryption device.

– But all the potential links in a path from source to destination must use link encryption.

– Each pair of nodes that share a link should share a unique key, with a different key used on each
link. Thus, many keys must be provided.

end-to-end encryption
 – encryption occurs between original source and final destination so we can say that the
encryption process is carried out at the two end systems.

– need devices at each end

– Thus end-to-end encryption relieves the end user of concerns about the degree of security of
networks and links that support the communication.

– The user data is secure, but the traffic pattern is not because packet headers are transmitted in
the clear.

Placement of Encryption

• With end-to-end encryption, user data are secure, but the traffic pattern is not because packet headers
are transmitted in the clear.

• However end-to-end encryption does provide a degree of authentication, since a recipient is assured that
any message that it receives comes from the alleged sender, because only that sender shares the relevant
key.

• Such authentication is not inherent in a link encryption scheme.

• To achieve greater security, both link and end-to-end encryption are needed.

• ideally want both at once

– end-to-end protects data contents over entire path and provides authentication

– link protects traffic flows from monitoring

Logical Placement of Encryption

• can place encryption function at various layers in OSI Reference Model

– end-to-end can occur at layers 3, 4, 6, 7 (network layer ,Transport layer, Presentation and
Application layer.

– as move higher less information is encrypted but it is more secure though more complex with
more entities and keys

Encryption vs Protocol Level

7.3 Key Distribution

• issue is how to securely distribute this key

• often secure system failure due to a break in the key distribution scheme

• given parties A and B have various key distribution alternatives:

• A can select key and physically deliver to B

• third party can select & deliver key to A & B

• if A & B have communicated previously can use previous key to encrypt a new key

• if A & B have secure communications with a third party C, C can relay key between A & B

Key Hierarchy
 • typically have a hierarchy of keys

• session key

– temporary key

– used for encryption of data between users

– for one logical session then discarded

• master key

– used to encrypt session keys

– shared by user & key distribution center

Key Distribution Scenario

Key Distribution Issues

• hierarchies of KDC’s required for large networks, but must trust each other

• session key lifetimes should be limited for greater security

• use of automatic key distribution on behalf of users, but must trust system

• use of decentralized key distribution

7.4 Random Numbers

– nonces in authentication protocols to prevent replay

– session keys
 • in all cases its critical that these values be

– uniform distributiaon, independent

– unpredictability of future values from previous values

Pseudorandom Number Generators (PRNGs)

• often use deterministic algorithmic techniques to create “random numbers”

– although are not truly random

– can pass many tests of “randomness”

• known as “pseudorandom numbers”

• created by “Pseudorandom Number Generators (PRNGs)”

Linear Congruential Generator

• common iterative technique using:

Xn+1 = (aXn + c) mod m

• given suitable values of parameters can produce a long random-like sequence

• suitable criteria to have are:

– function generates a full-period

– generated sequence should appear random

– efficient implementation with 32-bit arithmetic

• note that an attacker can reconstruct sequence given a small number of values

Using Block Ciphers as PRNGs

• for cryptographic applications, can use a block cipher to generate random numbers

• often for creating session keys from master key

• Counter Mode

Xi = EKm[i]
ANSI X9.17 PRG

Blum Blum Shub Generator

• based on public key algorithms

• use least significant bit from iterative equation:

– xi = xi-12 mod n

– where n=p.q, and primes p,q=3 mod 4

• Unpredictable (passes next-bit test)

• slow, since very large numbers must be used, but has a very high level of security.

• too slow for cipher use, good for key generation

True Random Numbers

• best source is natural randomness in real world

• This technique uses a nondeterministic source to produce randomness.

• this technique is rarely used.

8.1 Prime Numbers

• Prime numbers play a critical role both in number theory and cryptography.

• An integer p>1 is a prime number if and only if its divisor are +- 1 and +- p.

• Any integer a > 1 can be factored in a unique way as

– a = p1^a1 p2^a2 …… pt^at

where p1 < p2 < ……. < pt are prime numbers and each a(i) is a positive integer. This is fundamental
theorem of arithmetic.

– For eg. 91 = 7 * 13

3600 = 24 x 32 x 52

• It can be express in another way. If P is the set of all prime numbers, then any positive integer a can be
written uniquely in the following form :

• two numbers a, b are relatively prime if have no common divisors apart from 1

– eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the
only common factor

• conversely can determine the greatest common divisor by comparing their prime factorizations and using
least powers

– eg. 300=21x31x52 18=21x32 hence GCD(18,300)=21x31x50=6

• Two theorem that play a important role in the Symmetric key (public key) cryptography.

– Fermat’s theorem

– Euler’s theorem
Fermat's Theorem

• If p is prime and a is a positive integer not divisible by p , then

– ap-1 = 1 (mod p)

• also known as Fermat’s Little Theorem

• also ap = a (mod p)

• useful in public key and primality testing

Euler Totient Function ø(n)

• when doing arithmetic modulo n

• complete set of residues is: 0..n-1

• reduced set of residues is those numbers (residues) which are relatively prime to n

– eg for n=10 = (2 * 5)

– complete set is {1,2,3,4,5,6,7,8,9}

– reduced set is {1,3,7,9}

• number of elements is reduced in a given complete set is called the Euler Totient Function ø(n)

• to compute ø(n) need to count number of residues( what is left over) to be excluded

• in general need prime factorization, but

– for p (p prime) ø(p) = p-1

– for p.q (p,q prime) ø(pq) =(p-1)x(q-1)

• eg.

ø(37) = 36

ø(21) = (3–1)x(7–1) = 2x6 = 12

Euler's Theorem

• a generalisation of Fermat's Theorem

• aø(n) = 1 (mod n)
 – for any a,n where gcd(a,n)=1

• eg.

a=3;n=10; ø(10)=4;

hence 34 = 81 = 1 mod 10

a=2;n=11; ø(11)=10;

hence 210 = 1024 = 1 mod 11

Primality Testing

• For many cryptography algorithm , it is necessary to select one or more very large prime numbers at
random.

• Thus we are faced with the task of determining whether a given no is prime.

• We have a one popular algorithm that produce a number that is not necessarily a prime but almost
certainly a prime.

Miller Rabin Algorithm

• This Algo is typically used to test a large number.

• Any positive odd integer n>= 3 can be expressed as

n-1 = 2kq with k >0, q is odd

• n-1 is even integer then divide (n-1) by 2 until result is an odd number q, for total of k divisions.

• If n is a binary number, then the result is achieved by shifting the number to the right until the right most
digit is 1, for total of k shift.

• Two property of prime number.

• First property:

• If p is prime and a is positive integer less than p, then a2 mod p = 1 if and only if either a mod p = 1 or a
mod p = -1 and p=p-1.

• (a mod p) (a mod p) = 1 * -1 implies

a2 mod p =1

Second property:
 • let p is prime number greater than 2 then

p-1 = 2kq with k>0,q is odd

• Let a be any integer in the range 1<a<p-1 then one of the condition is true :

1. aq is congruent to 1 mod p, that is

aq mod p = 1 or aq = 1(mod p).

2. one of the numbers aq,a2q,a4q …… a2k-1q is

congruent to -1 mod p.

• a test based on Fermat’s Theorem

• algorithm is:

TEST (n) is:

1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq

2. Select a random integer a, 1<a<n–1

3. if aq mod n = 1 then return (“maybe prime or inconclusive");

4. for j = 0 to k – 1 do

5. if (a2jq mod n = n-1)

then return(" maybe prime ")

6. return ("composite")

Probabilistic Considerations
• if Miller-Rabin returns “composite” the number is definitely not prime

• otherwise is a prime or a pseudo-prime

• chance it detects a pseudo-prime is < 1/4

• Develop by Rivest, Shamir & Adleman of MIT in 1977 and published in 1978.

• It is general-purpose approach to public-key encryption.

• best known & most widely used public-key cryptosystem.

• RSA scheme is a block cipher in which the plaintext and cipher text are integers between 0 and n-1 for
some n. So typical size for n is 1024 bits or 309 decimal digits. That is n is less than 2 1024 .

Description of the RSA

• Encryption and decryption are of the following form, for some plaintext block M and cipher text C.

• Plaintext M= Cd mod n

• Cipher text C= Me mod n

• Both Sender and receiver must know the value of n.

• The sender only knows the value of e and the receiver only know the value of d. Thus this is a public-key
encryption algorithm with a public key PU = { e,n} and a private key PR = { d, n}

RSA

• each user generates a public/private key pair by:

• selecting two large primes at random : p, q

• computing their system modulus n=p.q

– note ø(n)=(p-1)(q-1)

• selecting at random the encryption key e

• where 1<e<ø(n), gcd(e,ø(n))=1

• solve following equation to find decryption key d

– e.d=1 mod ø(n) and 0≤d≤n

• publish their public encryption key: PU={e,n}

• keep secret private decryption key: PR={d,n}

RSA Use
 • to encrypt a message M the sender:

– obtains public key of receiver PU={e,n}

– computes: C = Me mod n, where 0≤M<n

• to decrypt the cipher text C the owner:

– uses their private key PR={d,n}

– computes: M = Cd mod n

RSA Example - Key Setup

1. Select primes: p=17 & q=11

2. Compute n = pq =17 x 11=187

3. Compute ø(n)=(p–1)(q-1)=16 x 10=160

4. Select e: gcd(e,160)=1; choose e=7

5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23x7=161= 10x160+1

6. Publish public key PU={7,187}

7. Keep secret private key PR={23,187}

RSA Example - En/Decryption

• sample RSA encryption/decryption is:

• given message M = 88 ( 88<187)

• encryption:

C = 887 mod 187 = 11

• decryption:

M = 1123 mod 187 = 88

RSA Key Generation

– determine two primes at random p, q

– select either e or d and compute the other

• primes p,q must not be easily derived from modulus n=p.q

– means must be sufficiently large

– typically guess and use probabilistic test

• exponents e, d are inverses, so use Inverse algorithm to compute the other

RSA Security

• possible approaches to attacking RSA are:

– brute force attack

• Trying to find all possible private key

– mathematical attacks

• Trying to find factoring the product of to primes

– timing attacks

• These depends on the running time of the decryption algorithm

– chosen cipher text attacks

• This type of attack exploits properties of the RSA Algo.

Factoring Problem

• We can identify three mathematical approaches to attacking RSA:

– factor n=p.q, hence compute ø(n) and then d

– determine ø(n) directly and compute d

– find d directly

• For large N with large prime factors, factoring is a hard problem.

• currently assume 1024-2048 bit RSA is secure

• This attacks are applicable not to RSA but to other public-key cryptography system.

• This attack is alarming for two reasons:

– It comes from a completely unexpected direction

– It attack only the cipher text.

• This attack is simplest to understand.

• Countermeasures

– constant exponentiation time

• Ensure that all exponentiations take the same amount of time before returning a value.

– random delays

• Better performance could be achieved by adding a random delay to the exponentiation

– blind values used in calculations

• Multiply the cipher text by a random number before performing exponentiation.

Chosen Ciphertext Attack and optimal Asymmetric Encryption

• RSA is vulnerable to a Chosen Ciphertext Attack (CCA)

• attackers chooses ciphertexts & gets decrypted plaintext back

• choose ciphertext to full use of properties of RSA to provide info to help cryptanalysis

• can counter with random pad of plaintext

• or use Optimal Asymmetric Encryption Padding (OASP)

Intruders
• A significant security problem for networked systems is unfriendly, or at least unwanted, being
unauthorized login or use of a system, by local or remote users; or by software such as a virus, worm, or
Trojan horse.
• All these attacks relate to network security because system entry can be achieved by means of network.
All attacks are not confined to network based attacks.

– For eg

– A virus or Trojan Horse may be introduced in to system by means of a disk.

– Worm is network based virus.

• Someone who intrudes on the privacy or property of another without permission is known as Intruders

• One of the two most publicized threats to security is the intruder

• Three classes of intruders (hackers or crackers):

– Masquerader

• An unauthorized user who penetrates a computer system’s access control and gains
acccess to user accounts.

• Masquerader is likely to be an outsider.

– Misfeasor

• A legitimate user who accesses resources he is not authorized to access. Who is

• Misfeasor generally is an insider.

– Clandestine user

• A user who seizes the supervisory control of the system and uses it to evade auditing
and access control.

• Clandestine user can be either an outsider or an insider.

– The intruder threat has been well publicized,particularly because of the famous “Wily Hacker”incident of
1986–1987.

– intruders might be tolerable, although they do consume resources and may slow performance for
legitimate users.

– Intruders may use compromised systems to launch attacks on other systems, further degrading
performance.

– Eg is the threat occurred at texas A&M University .In August 1992 , the computer center there was
notified that one of its machine was being used to attack computers at another location via the Internet.

– By Monitoring activity , the computer center personnel learned that there were several outsider
intruders involved , who were running password-cracking routine on various computer.
 – A few days letter, one of the local system manager detected that the intruder attack had
resumed.

– Files were found containing hundreds of captured passwords, including some on major and
secure servers. In addition , one local machine had been set up as a hacker bulletin board, which
the hackers used to contact each other and to discuss techniques and progress.

Intrusion Techniques

Objective: An intruder wants to gain access to a system or to increase the range of priviliges accessible on the
system.

• With knowledge of some other user’s password,an intruder can log in to a system and exercise all the
priviliges to the legitimate user.

• Access is generally protected by passwords.

• System maintains a file that associates a password with each authorized user.

• If such a file is stored with no protection, then it is easy matter to gain access to it and learn password.

• Password file can be protected with:

– One-way function and Access control

(1) One-way Function:

• The system stores only the value of a function based on the user’s password. When the
user presents a password, the system transforms that password and compares it with
the stored value.

• The system usually performs a one-way transforms .

(2) Access Control:

• Access to the passwd file is limited to very few people.

• If one or both of these countermeasure are in place, some efforts is needed for intruder to learn
password.

• Techniques for guessing passwords:

• Try default passwords.

• Try all short words, 1 to 3 characters long.

• Try all the words in an electronic dictionary (60,000).

• Collect information about the user’s hobbies, family names, birthday, etc.
• Try user’s phone no, Social Security no and room no.

• Try all legitimate license no for this state.

• Use a Trojan Horse to bypass restriction on access.

• Tap the line between a remote user and the host system.

• Intruders can also get access to a system by exploiting attacks such as buffer overflows on a
program that runs some privileges.