Friday, August 11, 2006

Introduction to Cryptography and Secure Communication

Last Friday I had a test in "Introduction to cryptography and secure communication" course (By Prof. Amir Herzberg) in collage of management (I study there B.Sc in computer science).

I learned a few interesting things in this course that I want to share with you:

  • Message Authentication:
    • Goal: The ability to check if the message is the real message or somebody changed the message over the net.
    • How does it work: We send an "extra" text (with the real message).We got it from the hash functions (MD5, SHA-1…) or from the block ciphers functions (DES, AES, CBC…). The function name is MACk (m) function (the k is a random number).
    • Disadvantage: May not secure the message (there is no trust that the message won't cover).
    • Conclusion: Use MAC to authenticate communication.
  • IP-Sec:
    • Goal: The ability to encryption and authenticate messages over networks. IP-Sec is working over the internet layer.
    • How does it work: It has two operation modes:
      • Transport (end to end): Change the protocol field in the IP-Header to AH or ESP. End to end – encapsulation by source host, decapsulation by destination host.
      • Tunnel(gateway to gateway or end to end): Entire original IP packet is payload (including header). Allows secure Virtual Private Network (VPN). We can activate these modes with one of these header protocols:
        • AH (Authentication Header) is used to authenticate the all IP packet.
        • ESP (Encapsulating Security Payload) is used to encrypt the message.
    • Conclusion:
      • IP-Sec is a protocol that protects all internet traffic.
      • Requires no changes in applications.
  • Principles of cryptography:
    • Assume that there are restrictions on adversary's capacities, but not on adversary's strategies.
    • Keys can be secret, but encryption design is known (Kerckhoff).
    • Limit the secret key usage and always refresh your keys.
    • The number of possible keys should be large enough.

  • SSL(Secure Socket Layer) & TLS(Transport Layer Security, the improved version for SSL):
    • Goal: Provides a secure tunnel (Confidentiality, message & connection integrity, server and client authentication) between the client and the server. The original goal was to secure credit card number transfer. Today, SSL/TLS are implemented in almost all web clients and servers. SSL/TLS are working over the transport layer.
    • Pros:
      • Easy to implement and use.
      • Deployed in most clients and servers.
    • Cons:
      • Protects only if there is an active use by the application.
      • Doesn't protect in DoS (Denial of Service) attacks.
      • Can be use only in end-to-end mode.
    • How does it work: It has 4 phases:
      • Establish Parameters – initiating data between the client and the server.
      • Server Authentication – the server sends its certificate to the client.
      • Client Key-Exchange – The client verifies the server's certificate and sends its part in the key exchange process (shared key in Diffie Hellman, encryption of random string in RSA).
      • Finish – Client and server send the finish messages (with HMAC code on the entire headshake message).
      • SSL Session Resumption: Use it when the client makes many connections to the same server (reduces overhead in handshake phases).
    • Conclusions:
      • SSL/TLS is the most widely deployed security protocol standard:
        • Easy to implement, deploy and use.
        • Very flexible.
        • Mature cryptographic design.

Posted by Avi Wortzel at 8/11/2006 12:39:00 PM 0 comments

Labels:

Subscribe to: Posts (Atom)