Lecture 2 crypto and basics of protocols

S-38.3153
Mikko Särelä

keskiviikkona 28. maaliskuuta 2012

Today’s plan

• Learn about protocols
• Remote login
• How to solve security problems?
• How can cryptography help?


Remote login

• A simple protocol to remotely login to a
computer as if you were physically present


Remote login
Alice Hi Hal! I’m Alice Hal

What’s your password?

It’s BobAteMyCat

Access granted

> run emacs mythesis.txt


What kind of security
problems do you see?


Remote login
Mallory
Alice Hi Hal! I’m Alice Hal

What’s your password?

It’s BobAteMyCat

Access granted

> run emacs mythesis.txt


How would you ﬁx the
security problems?


Secure Shell
• Use public key cryptography to
authenticate remote end
• Leap of faith for ﬁrst time connections
• User is authenticated with password or
public key crypto
• This communication is encrypted


Cryptography basics
Mikko Särelä, Dr. Tech
20 March 2012


Security and cryptology
The same thing?


Crypto overview

• Public key cryptography
• Key exchange
• Symmetric key cryptography
• Secure hash


Crypto basics

• Plaintext message m
• Crypto-algorithm
• Key k
• Encrypted text


Public key cryptography


Two keys -
private and public


Some math

• RSA and Difﬁe-Hellman based on modulo
arithmetics
• the difﬁculty of division operation,
logarithm, and factoring


Modulo
0
1
12
2
11
3

10
4

9
5
8 6
7

Addition and
multiplication easy


Division is hard
Factoring is hard


Example: RSA
• n = p*q, p and q large primes
• Choose public key e as relative prime for
(p-1)(q-1)
• Private key d = e-1 mod ((p-1)(q-1))
• Encrypting c = m mod n e

• Decrypting m = c mod n d


Problem

• p = 11, q = 3
• e=3
• What is d?
• Encrypt message m = 7
• Decrypt the result


Solution

• c = me mod n = 73 mod 33 = 343 mod 33
= 13.
• c = 13
• To check decryption:
• m’ = c = 13 mod 33 = 7
d 7


Cipher text for all m

m 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
c 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4

m 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
c 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32


Depends on
Factoring being hard!


Usage
• Use public key to encrypt data
• Private key is used to decrypt it
• Or use private key to sign data
• Public key can be used to verify the
signature
• Only owner of private key can sign
• Basis for certiﬁcates


Difﬁe-Hellman


(A B)C =A b*c = (A C) B


Difﬁe-Hellman
http://upload.wikimedia.org/wikipedia/commons/a/a3/Difﬁe-Hellman-Schlüsselaustausch.png

Symmetric key
cryptography


Block cipher
Stream cipher


Block cipher
Plaintext

Key Block cipher
encryption

Ciphertext


Stream cipher
K
IV A
Kstream

Plaintext Ciphertext

K
IV A
Kstream

Ciphertext Plaintext
XOR

Ciphers overview


• Symmetric ciphers
• Fast
• require separate key exchange
• Public key ciphers
• Slow
• No key exchange required
• usage: signatures, certiﬁcates, encrypt
symmetric cipher key inside a message
• How to get random keys?


Cryptographic hashes


Ideal hash-function
• easy to compute the hash value for any
given message
• infeasible to generate a message that has a
given hash
• infeasible to modify a message without
changing the hash
• infeasible to ﬁnd two different messages
with the same hash


Keyed hash


Applications
• Verifying integrity of a message using keyed
hash function
• ﬁle or data identiﬁer
• pseudorandom number generation and key
generation
• hash chains


Cryptographic Hash
functions
• SHA-256 as an example
• Birthday attack
• Keyed hash is usually marked as
• h(k, M)


Secure Shell


What is SSH?
• A set of protocols that is designed to
provide a secure communication channel
between host and a server
• Covers authentication, encryption, and data
integrity
• Originally replacement for telnet/rlogin/rsh
• SFTP also

History

• Tatu Ylönen developed the ﬁrst version in
1995
• SSH protocol version 2 in 1998 because of
protocol vulnerabilities
• Many open and commercial versions
available for all operating systems


Protocol details

• Client/server architecture
• Server listens to port 22
• Client wanting to connect executes an ssh
command
• port forwarding


SSH Protocol Stack
SSH User Authentication protocol SSH Connection Protocol
Authenticates client-side user to the Multiplexes encrypted tunnel into several
server logical channels

SSH Transportation protocol
TCP
IP


Transport layer
• Initial key exchange
• Server authentication
• Data conﬁdentiality
• Data Integrity
• Compression (optional)
• key re-exchange

Transport layer

• Server authenticates itself to client
• No man-in-the-middle attacks


SSH Protocol
Client Server
TCP connection setup
SSH version string exchange
SSH Key exchange
SSH data exchange
Termination of the TCP connection


SSH key exchange
• Client and server send kex_init packet, containing a list
of crypto algorithms they support
• First common key exchange algorithm supported by
server is chosen
• Used to negotiate server authentication, encryption,
MAC, and compression
• Opportunistic guess allowed
• Establish shared secret k and
• Authenticate server
• with public key signature or shared key authentication
with MAC


User authentication

• Client authentication
• password
• public key cryptography
• host based authentication


Connection layer

• Deﬁnes logical channels
• Requests for TCP port forwarding, X11
forwarding etc.


Lecture 2 crypto and basics of protocols

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Lecture 2 crypto and basics of protocols