Chapter 31 - Cryptography and Network Security PDF

Preview

Summary

Cryptography and Network Security...

Description

CHAPTER 31

Cryptography and Network Security

T

he topic of cryptography and network security is very broad and involves some specific areas of mathematics such as number theory. In this chapter, we try to give a very simple introduction to this topic to prepare the background for more study. We have divided this chapter into three sections.

฀

The first section introduces the subject. It first describes security goals such as confidentiality, integrity, and availability. The section shows how confidentiality is threatened by attacks such as snooping and traffic analysis. The section then shows how integrity is threatened by attacks such as modification, masquerading, replaying, and repudiation. The section mentions one attack that threatens availability, denial of service. This section ends with describing the two techniques used in security: cryptography and steganography. The chapter concentrates on the first.

฀

The second section discusses confidentiality. It first describes symmetric-key ciphers and explains traditional symmetric-key ciphers such as substitution and transposition ciphers. It then moves to modern symmetric-key ciphers and explains modern block and stream ciphers. The section then shows that denial of service is an attack to availability.

฀

The third section discusses other aspects of security: message integrity, message authentication, digital signature, entity authentication. These aspects today are part of the security system that complements confidentiality. The section also describes the topic of key management including the distribution of keys for both symmetrickey and asymmetric-key ciphers.

1077

1078

PART VII

TOPICS RELATED TO ALL LAYERS

31.1 INTRODUCTION We are living in the information age. We need to keep information about every aspect of our lives. In other words, information is an asset that has a value like any other asset. As an asset, information needs to be secured from attacks. To be secured, information needs to be hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity), and available to an authorized entity when it is needed (availability). During the last three decades, computer networks created a revolution in the use of information. Information is now distributed. Authorized people can send and retrieve information from a distance using computer networks. Although the three abovethey now have some new dimensions. Not only should information be confidential when it is stored; there should also be a way to maintain its confidentiality when it is transmitted from one computer to another. In this section, we first discuss the three major goals of information security. We then see how attacks can threaten these three goals. We then discuss the security services in relation to these security goals. Finally we define two techniques to implement the security goals and prevent attacks.

31.1.1 Security Goals Let us first discuss three security goals: confidentiality, integrity, and availability. Confidentiality Confidentiality is probably the most common aspect of information security. We need to protect our confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. Confidentiality not only applies to the storage of information, it also applies to the transmission of information. When we send a piece of information to be stored in a remote computer or when we retrieve a piece of information from a remote computer, we need to conceal it during transmission. Integrity Information needs to be changed constantly. In a bank, when a customer deposits or withdraws money, the balance of her account needs to be changed. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. Integrity violation is not necessarily the result of a malicious act; an interruption in the system, such as a power surge, may also create unwanted changes in some information. Availability The third component of information security is availability. The information created and stored by an organization needs to be available to authorized entities. Information is useless if it is not available. Information needs to be constantly changed, which means it must be accessible to authorized entities. The unavailability of information is just as harmful for an organization as the lack of confidentiality or integrity. Imagine

CHAPTER 31 CRYPTOGRAPHY AND NETWORK SECURITY

1079

what would happen to a bank if the customers could not access their accounts for transactions.

31.1.2 Attacks by security attacks. Although the literature uses different approaches to categorizing the attacks, we divide them into three groups related to the security goals. Figure 31.1 shows the taxonomy. Figure 31.1 Taxonomy of attacks with relation to security goals

Security Attacks

Snooping

Modification

Traffic analysis

Masquerading

Threat to confidentiality

Denial of service Threat to availability

Replaying

Repudiation

Threat to integrity

Attacks Threatening Confidentiality In general, two types of attacks threaten the confidentiality of information: snooping and traffic analysis. Snooping Snooping refers to unauthorized access to or interception of data. For example, a file transferred through the Internet may contain confidential information. An unauthorized entity may intercept the transmission and use the contents for her own benefit. To prevent snooping, the data can be made nonintelligible to the intercepter by using encipherment techniques, discussed later. Traffic Analysis Although encipherment of data may make it nonintelligible for the intercepter, she can obtain some other types of information by monitoring online traffic. For example, she can find the electronic address (such as the e-mail address) of the sender or the receiver. She can collect pairs of requests and responses to help her guess the nature of the transaction.

1080

PART VII

TOPICS RELATED TO ALL LAYERS

Attacks Threatening Integrity The integrity of data can be threatened by several kinds of attacks: modification, masquerading, replaying, and repudiation. Modification After intercepting or accessing information, the attacker modifies the information to make it beneficial to herself. For example, a customer sends a message to a bank to initiate some transaction. The attacker intercepts the message and changes the type of transaction to benefit herself. Note that sometimes the attacker simply deletes or delays the message to harm the system or to benefit from it. Masquerading Masquerading, or spoofing, happens when the attacker impersonates somebody else. For example, an attacker might steal the bank card and PIN of a bank customer and pretend that she is that customer. Sometimes the attacker pretends instead to be the receiver entity. For example, a user tries to contact a bank, but another site pretends that it is the bank and obtains some information from the user. Replaying In replaying, the attacker obtains a copy of a message sent by a user and later tries to replay it. For example, a person sends a request to her bank to ask for payment to the attacker, who has done a job for her. The attacker intercepts the message and sends it again to receive another payment from the bank. Repudiation This type of attack is different from others because it is performed by one of the two parties in the communication: the sender or the receiver. The sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message. An example of denial by the sender would be a bank customer asking her bank to send some money to a third party but later denying that she has made such a request. An example of denial by the receiver could occur when a person buys a product from a manufacturer and pays for it electronically, but the manufacturer later denies having received the payment and asks to be paid. Attacks Threatening Availability We mention only one attack threatening availability: denial of service. Denial of Service Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system. The attacker can use several strategies to achieve this. She might send so many bogus requests to a server that the server crashes because of the heavy load. The attacker might intercept and delete a server’s response to a client, making the client believe that the server is not responding. The attacker may also intercept requests from the clients, causing the clients to send requests many times and overload the system.

CHAPTER 31 CRYPTOGRAPHY AND NETWORK SECURITY

1081

31.1.3 Services and Techniques ITU-T defines some security services to achieve security goals and prevent attacks. Each of these services is designed to prevent one or more attacks while maintaining security goals. The actual implementation of security goals needs some techniques. Two techniques are prevalent today: one is very general (cryptography) and one is specific (steganography). Cryptography Some security services can be implemented using cryptography. Cryptography, a word with Greek origins, means “secret writing.” However, we use the term to refer to the science and art of transforming messages to make them secure and immune to attacks. Although in the past cryptography referred only to the encryption and decryption of messages using secret keys, today it is defined as involving three distinct mechanisms: symmetric-key encipherment, asymmetric-key encipherment, and hashing. We will discuss all these mechanisms later in the chapter. Steganography Although this chapter and the next are based on cryptography as a technique for implementing security mechanisms, another technique that was used for secret communication in the past is being revived at the present time: steganography. The word steganography, with origins in Greek, means “covered writing,” in contrast with cryptography, which means “secret writing.” Cryptography means concealing the contents of a message by enciphering; steganography means concealing the message itself by covering it with something else. We leave the discussion of steganography to some books dedicated to this topic.

31.2 CONFIDENTIALITY We now look at the first goal of security, confidentiality. Confidentiality can be achieved using ciphers. Ciphers can be divided into two broad categories: symmetrickey and asymmetric-key.

31.2.1 Symmetric-Key Ciphers A symmetric-key cipher uses the same key for both encryption and decryption, and the key can be used for bidirectional communication, which is why it is called symmetric. Figure 31.2 shows the general idea behind a symmetric-key cipher. In Figure 31.2, an entity, Alice, can send a message to another entity, Bob, over an insecure channel with the assumption that an adversary, Eve, cannot understand the contents of the message by simply eavesdropping over the channel. The original message from Alice to Bob is called plaintext; the message that is sent through the channel is called ciphertext. To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a shared secret key. To create the plaintext from ciphertext, Bob uses a decryption algorithm and the same secret key. We refer to encryption and decryption algorithms as ciphers. A key is a set of values (numbers) that the cipher, as an algorithm, operates on.

1082

PART VII

TOPICS RELATED TO ALL LAYERS

Figure 31.2

General idea of a symmetric-key cipher

Alice

Bob Plaintext

Plaintext

Encryption algorithm

Shared secret key

Secure key-exchange channel

Ciphertext

Shared secret key

Decryption algorithm

Ciphertext Insecure channel

Symmetric-key ciphers are also called secret-key ciphers.

Note that the symmetric-key encipherment uses a single key (the key itself may be a set of values) for both encryption and decryption. In addition, the encryption and decryption algorithms are inverses of each other. If P is the plaintext, C is the ciphertext, and K is the key, the encryption algorithm E k(x) creates the ciphertext from the plaintext; the decryption algorithm Dk(x) creates the plaintext from the ciphertext. We assume that Ek(x) and Dk(x) are inverses of each other: they cancel the effect of each other if they are applied one after the other on the same input. We have

encryption and decryption public but keep the shared key secret. This means that Alice and Bob need another channel, a secured one, to exchange the secret key. Alice and Bob can meet once and exchange the key personally. The secured channel here is the face-to-face exchange of the key. They can also trust a third party to give them the same key. They can create a tempor ar y secr et key usin g an other kin d of Encryption can be thought of as locking the message in a box; decryption can be thought of as unlocking the box. In symmetric-key encipherment, the same key locks and unlocks, as shown in Figure 31.3. Later sections show that the asymmetric-key encipherment needs two keys, one for locking and one for unlocking. Figure 31.3 Symmetric-key encipherment as locking and unlocking with the same key

Encryption

Decryption

CHAPTER 31 CRYPTOGRAPHY AND NETWORK SECURITY

1083

The symmetric-key ciphers can be divided into traditional ciphers and modern ciphers. Traditional ciphers are simple, character-oriented ciphers that are not secure based on today’s standard. Modern ciphers, on the other hand, are complex, bitoriented ciphers that are more secure. We briefly discuss the traditional ciphers to pave the way for discussing more complex modern ciphers. Traditional Symmetric-Key Ciphers Traditional ciphers belong to the past. However, we briefly discuss them here because they can be thought of as the components of the modern ciphers. To be more exact, we can divide traditional ciphers into substitution ciphers and transposition ciphers. Substitution Ciphers A substitution cipher replaces one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another. For example, we can replace letter A with letter D and letter T with letter Z. If the symbols are digits (0 to 9), we can replace 3 with 7 and 2 with 6. A substitution cipher replaces one symbol with another.

Substitution ciphers can be categorized as either monoalphabetic ciphers or polyalphabetic ciphers. Monoalphabetic Ciphers In a monoalphabetic cipher, a character (or a symbol) in the plaintext is always changed to the same character (or symbol) in the ciphertext regardless of its position in the text. For example, if the algorithm says that letter A in the plaintext is changed to letter D, every letter A is changed to letter D. In other words, the relationship between letters in the plaintext and the ciphertext is one-to-one. The simplest monoalphabetic cipher is the additive cipher (or shift cipher). Assume that the plaintext consists of lowercase letters (a to z), and that the ciphertext consists of uppercase letters (A to Z). To be able to apply mathematical operations on the plaintext and ciphertext, we assign numerical values to each letter (lowercase or uppercase), as shown in Figure 31.4. Figure 31.4 Representation of plaintext and ciphertext characters in modulo 26 Plaintext

a b c d e f g h i

j k l m n o p q r s

Ciphertext

A B C D E F G H I

J K L M N O P Q R S T U V W X Y Z

Value

t u v w x y z

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

In Figure 31.4 each character (lowercase or uppercase) is assigned an integer in modulo 26. The secret key between Alice and Bob is also an integer in modulo 26. The encryption algorithm adds the key to the plaintext character; the decryption algorithm subtracts the key from the ciphertext character. All operations are done in modulo 26.

1084

PART VII

TOPICS RELATED TO ALL LAYERS

In additive cipher, the plaintext, ciphertext, and key are integers in modulo 26.

Historically, additive ciphers are called shift ciphers because the encryption algorithm can be interpreted as “shift key characters down” and the encryption algorithm can be interpreted as “shift key characters up.” Julius Caesar used an additive cipher, with a key of 3, to communicate with his officers. For this reason, additive ciphers are sometimes referred to as the Caesar cipher. Example 31.1 Solution We apply the encryption algorithm to the plaintext, character by character:

The result is “WTAAD”. Note that the cipher is monoalphabetic because two instances of the same plaintext character (l) are encrypted as the same character (A).

Example 31.2

Solution We apply the decryption algorithm to the plaintext character by character:

The result is “hello”. Note that the operation is in modulo 26, which means that we need to add

Additive ciphers are vulnerable to attacks using exhaustive key searches (bruteforce attacks). The key domain of the additive cipher is very small; there are only 26 keys. However, one of the keys, zero, is useless (the ciphertext is the same as the plaintext). This leaves only 25 possible keys. Eve can easily launch a brute-force attack on the ciphertext. A better solution is to create a mapping between each plaintext character and the corresponding ciphertext character. Alice and Bob can agree on a table showing the mapping for each character. Figure 31.5 shows an example of such a mapping. Example 31.3 We can use the key in Figure 31.5 to encrypt the message

CHAPTER 31 CRYPTOGRAPHY AND NETWORK SECURITY

1085

Figure 31.5 An example key for a monoalphabetic substitution cipher Plaintext Ciphertext

a b c d e f g h i j k l m n o p q r s t u v w x y z N O A T R B E C F U X D Q G Y L K H V I J M P Z S W

Plaintext:

this message is easy to encrypt but hard to find the key

Ciphertext:

ICFVQRVVNERFVRNVSIYRGAHSLIOJICNHTIYBFGTICRXRS

Polyalphabetic Ciphers In a polyalphabetic cipher, each occurrence of a character may have a different substitute. The relationship of a character in the plaintext to a character in the ciphertext is one-to-many. For example, “a” could be enciphered as “D” at the beginning of the text, but as “N” in the middle. Polyalphabetic ciphers have the advantage of hiding the letter frequency of the underlying language. Eve cannot use single-letter frequency statistics to break the ciphertext. To create a polyalphabetic cipher, we need to make each ciphertext character dependent on both the corresponding plaintext character and the position of the plaintext character in the message. This implies that our key should be a stream of subkeys, in which each subkey depends somehow on the position of the plaintext character that

the ith character in the ciphertext. To see the position dependency of the key, let us discuss a simple polyalphabetic cipher called the autokey cipher. In this cipher, the key is a stream of subkeys, in which each subkey is used to encrypt the corresponding character in the plaintext. The first subkey is a predetermined value secretly agreed upon by Alice and Bob. The second subkey is the value of the first plaintext character (between 0 and 25). The third subkey is the value of the second plaintext character, and so on.

The name of the cipher, ...