Security 1

1
Framework for this subject

Applications

Web
Web System Programming/ Security Payment Others
Development

Business Model

2
Learning outcomes/objectives
n Security requirements
n Symmetric key encryption
n Public key encryption
n Message digest
n Digital signature
n Digital certificate
n Authentication protocol

3
The Internet is not secure !

n The Internet is an open and connectionless network.

n It allows information to be transferred freely but it is not
secure.

4
Security concerns

n Do you feel safe to buy something on the

Internet? If not, why not?

5
Some security concerns related to e-commerce

n Some worries:

q I transmit my credit card information over the Internet.

Will the sensitive information be kept secret?

q I agree to pay $300 dollars for the goods. Will this

payment information be captured and modified by
someone else on the Internet ?

q This company claims to be Company Y. Is this the

real Company Y?

6
Security requirements: CIA
n Confidentiality
q assure that data can be kept secret or confidential

q method: encryption

n Integrity
q assure that the received message has not been
altered/modified
q method: digital signature

n Authentication
q about verifying identities

q method: digital certificate

7
Encryption

n Encryption is for ensuring data privacy.

n Basically a message is turned into a secret message as
controlled by an “ encryption key”.

Encryption Key

Plaintext Encryption Secret text

8
Decryption

n The plaintext can be recovered through a decryption process

using the corresponding decryption key.

Decryption Key

Secret text Decryption Plaintext

9
A simple encryption method

n All A’s become B’s, B’s become C’s .... Z’s

become A’s.
n The general algorithm is: replace each letter by
another letter nth place(s) further down the letter.
n The key is n=1.
n Plain text: Hello
n Secret text: Ifmmp
n What is the decryption algorithm and what is the
decryption key?

10
How can we make it more secure?

n What are the disadvantages?

n Any suggestion to make it more secure?

11
Two basic principles

n Substitution
q THIS IS A SECRET (key n = 3)
q Example: turn T into W
q Result: WKLV LV D VHFUHW
n Transposition
q THIS IS A SECRET (key 4213)
q Example: move T, H, I and S to the fourth, second,
first and third positions, respectively
q Result: IHSTSI S EAERTC

12
Symmetric (private) key encryption

n Sender and receiver use the same key for

encryption and decryption.
n Examples: Data Encryption Standard (DES) and
Advanced Encryption Standard (AES)

Symmetric Key
Plaintext Encryption/ Ciphertext/
/Ciphertext Decryption Plaintext

Private Key

13
Asymmetric (public) key encryption

n Sender and receiver use different keys for encryption and

decryption.
n A popular one is RSA encryption.

Receiver’s
Public key

Asymmetric Key
Plaintext Encryption Method
Ciphertext

Asymmetric Key
Ciphertext Decryption Method
Plaintext

Receiver’s
Private key

14
DES & AES
n Data Encryption Standard (DES) is a popular symmetric (private)
key encryption method.
n It is based on research work by IBM and adopted by the USA
government in 1977.
n DES encrypts data through many stages of transposition and
substitution using a 56-bit key.
n A triple DES standard is available to further enhance the
security – there are three stages with two different keys. It is
also called DESede: encryption, decryption and encryption.
n New standard: Advanced Encryption Standard (AES)
q 128 to 256 bits keys, 128 bits data blocks
q Many stages of substitution, transposition, multiplication, and
addition (XOR)
q http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
q http://en.wikipedia.org/wiki/Brute-force_attack
15
How to distribute a key ?

n For symmetric key encryption, we need to distribute the key

secretly (say between X & Y). How?

n For example, X sends the key to Y by physical means.

16
How to distribute a key ? (cont’d)
n X and Y exchange the key by physical means.

n A key distribution center sends the key to X and Y through

a secure channel.

n X and Y can renew the key regularly by encrypting the

new key with the old key.

n Conclusion: It is difficult to deploy private key encryption in

an open E-commerce system because of the difficulties in
distributing a key securely.

Reference:
W. Stallings, Cryptography and Network Security: Principles and Practice,
7th Edition, Pearson, 2016.

17
Need for Public Key Encryption

n Public key encryption solves the key distribution

problem automatically:
q Encrypt using a public key (pub_key)

q Decrypt using a private key (priv_key)

q pub_key can be made public and priv_key is

kept secret
q It is very difficult to deduce priv_key from
pub_key

18
RSA

n Named after its inventors, Rivest, Shamir Adleman, RSA is a

widely used asymmetric (public) key encryption standard.

n The algorithm is based on number theory (more specifically,

the difficulty in factorizing large numbers).

n The key length is variable: 512 - 2048 bits (the longer the key
length, the more secure the mechanism).

n It is used in the Secure Electronic Transaction (SET) protocol

for credit card payments.

19
Mod

n X = Y mod Z means: “When Y is divided by Z,

the remainder is X”
n 1 = 7 mod 3
n 2 = 2 mod 4, is it right or wrong?
n X = 18 mod 7, what is X?
n 5 = Y mod10, what is Y?

20
How RSA works

n Choose two large prime numbers p and q

n Multiply p and q to obtain n
n Choose d, such that d and w = (p-1)(q-1) are relatively prime (no
common factor)
n Choose e such that 1 = d x e mod w
n Public key is: <e, n>
n Private key is: <d, n>
n Message code m, secret code c
q c = me mod n (encryption process)

q m = cd mod n (decryption process)

21
How RSA works (cont’d)
¡ Choose two large prime numbers: p = 7, q = 19
¡ Multiply p by q to get n, n = pq = 133
¡ w = (p-1)(q-1) = 108, we choose d = 31 because 31 and 108 have no common
factor
¡ 1 = 31e mod 108, so e = 7
¡ The keys are: <e = 7, n = 133> and <d = 31, n = 133>
¡ Next we perform encryption for a message code m = 29
¡ Since c = me mod n, if m=29, c=15
¡ That means, the secret code is c=15
¡ Let’s check:
q m = cd mod n (Note that d = 31 and n = 133)
q m = 1531mod133 = 29
A good proof for the RSA algorithm can be found as follows:
https://www.cse.cuhk.edu.hk/~taoyf/course/bmeg3120/notes/rsa-proof.pdf
22
Are there infinite many prime numbers?
n Let’s prove by contradiction.
n Note that all non-prime numbers must be divisible by a
prime number.
n Suppose that there is the largest prime P.
n We compute N = 2 x 3 x 5 x …. x P + 1.
n Is N a prime number?
n If N is a prime number, it must be greater than P (i.e.,
cannot be true).
n If N is not a prime number, it must be divisible by a prime
number (i.e., cannot be true).
n Hence P cannot exist.

23
Stream cipher and block cipher

n Stream cipher - process one bit at a time.

q Data stream using combined with a pseudo-random cipher stream using
XOR
n Block cipher - process a block of data (usually 64 bits) at a time.
q require padding bits to fill up the last block

q operate in different modes e.g.,

n Electronic code book – each input data block is processed

independently.
n Cipher block chaining – the input for each stage is generated
by XORing the output of the previous stage and the respective
block of 64-bit plaintext.
n Asymmetric key encryption is block cipher only.

24
Hybrid encryption

n RSA encryption is slower than DES encryption.

n It is more effective to combine them. How?
n Suppose that A wants to send some messages to B securely.
n B generates a random session (DES) key.
n This session key is encrypted with A’s public key.
n The encrypted session key is sent to A.
n A can obtain the session key by means of decryption with the
private key.
n The session key is used for encrypting the messages (using
DES).

25
Question

n Suppose that a customer wants to send a large amount of

sensitive information to a merchant over the Internet.

n The merchant has obtained the customer’s public key.

n How can the information be transferred securely to the merchant

using hybrid encryption?

26
Answer

n The merchant generates a session key for DES encryption.

n The session key is encrypted by using the customer’s public

key.

n The encrypted session key is sent to the customer.

n The customer obtains the session key by means of

decryption using the private key.

n The customer can then encrypt the message for the

merchant using DES encryption with the session key.

27
Message digest

n Very often, data integrity rather than data secrecy is required.

n As the encryption process is slow, it is better to encrypt
sensitive messages only.
n A message digest algorithm can generate an almost unique
message digest (“fingerprint”) for each message.
n A popular message digest algorithm is MD5 (see RFC1321).

Message 1 Message digest 1

: Message :
Digest
: Algorithm
:
Message digest N
Message N
(different size) (same size)

28
Properties of an effective message digest algorithm
n Properties:
q The algorithm is open - everyone knows how to compute the
message digest of a message.
q Message digest process is irreversible - cannot find the

original message based on its message digest.

q A message digest is almost unique to the respective

message.
q Even if a message is changed slightly, the message digest

will be changed significantly.

n There are two commonly used message digest algorithms: MD5
(by Rivest) and SHA (Secure Hash Algorithm).

Reference:
A. S. Tanenbaum, Computer Networks, 3rd edition, Prentice Hall, 1996.

29
Question

n Is there any problem with the following?

n A sends a message and the corresponding message digest to B.

n B checks that the message digest is valid so B concludes that

the message has not been changed by anyone.

30
Answer

n No, don’t just rely on message digest!

n C may capture the message, change the content and generate a
new message digest.
n Any suggestion to guarantee message integrity?

31
Message authentication code (MAC)

n Basic idea (using symmetric key encryption):

q Suppose that the sender and receiver share a secret key (a
large random number).
q The secret key is attached to the message.

q The message digest (or checksum) is calculated based on the

message plus the secret key.
q The message digest and the original message are sent to the
receiver.
q How can the receiver validate the message?

Attach the secret key to the message and then compute the
message digest. If the computed message digest is the same as
the received message digest, the message has not been altered.

32
Digital signature - generation

n An important application of message digest is ‘Digital

Signature’ which combines message digest and encryption
q Generate the message digest for a file

q Generate the signature by encrypting the message digest

with the sender’s private key

Step 1 :
Compute the message
digest of the file File

Message
Digest

Digital
Step 2 : Step 3 :
Signature File + Digital Signature
Encrypt the message Send the file and
(signed file)
digest with sender’s digital signature
private key (signed file)

33
Digital signature - verification
n Get the message digest by decrypting the signature with sender’s
public key
n Generate the message digest from the received file
n Compare the two message digests to verify the signature

Signed file Receiver

Sender
File Digital
Signature

Step 1a : Step 1b :
Find the message Decrypt the digital
digest of the file signature with
sender’s public key

Message Message
Digest Digest

Step 2 :
Compare the Same
two message Accept
digests

Different

Reject

34
Question

n Let’s say A wants to send a long message to B.

n Method 1: Encryption
q A encrypts the message by using B’s public key.

n Method 2: Digital Signature

q A generates the digital signature for the message.

n Compare the advantage and disadvantage of the two

methods.

35
Answer

n Encryption
q Advantage:

q Disadvantage:

n Digital signature
q Advantage:

q Disadvantage:

36
Authentication by using passwords

n Authentication is for verifying identities.

n The simplest type of authentication method is by means of
passwords.
n What are the disadvantages? Any enhancements?

User name + password

Database

37
Answer

n Some disadvantages:
q “Replay attack”
q Forget the password
q Not possible if the sender and receiver have not met
before

38
Two-factor Authentication

n Authentication based on not one (e.g., password) but

two factors (typically the first three):
q Knowledge factor (e.g., password)

q Possession factor (e.g., identity card)

q Biometric factor (e.g., fingerprint)

q Location factor (e.g., based on GPS)

q Time factor (e.g., within a certain time period)

Source/Reference:
https://www.techtarget.com/searchsecurity/definition/two-factor-authentication

39
Authentication based on digital certificates

n Our focus is the public-key encryption system.

n Key question:
q “How can I obtain and verify the public key of other
people?”

n The answer is by using a digital certificate.

40
What is a digital certificate?

n Digital certificate functions like your identity cards.

n It verifies your identity.
n It contains the owner’s information and his/her public
key.
n The content is digitally signed by a certificate
authority (CA).
n ITU’s recommendation X.509 defines the digital
certificate framework.

41
Question

n Each digital certificate is signed by a

CA’s private key.

n What can it ensure?

n What do you need in order to verify

the digital signature?

42
Fields in a X509 certificate
n Version: The version number
n Serial number: A unique number for identifying the certificate
n Signature algorithm identifier: Information on the signature algorithm
n Issuer: The CA that issues the certificate
n Validity period: The period of time during which the certificate is valid
n Subject name: The entity (or subject) whose public key is certified
n Subject public key information: Subject’s public key and associated information
n Issuer unique identifier: Optional field for identifying the issuer uniquely
n Subject unique identifier: Optional field for identifying the subject uniquely
n Extension fields: This is for including additional data
n Digital signature: The digital signature for the above fields

43
Extension fields

n Extension type
q Meaning of the extension
n Criticality indicator
q Whether it is important (i.e., can it be ignored?)
n Extension field value
q The corresponding value(s)

44
This is how a digital certificate system basically works

n There is a trusted organization called the certificate authority

(CA).

n Everyone keeps CA’s public key.

n You can apply a digital certificate from the CA.

n The CA will verify your identity and then issue a digital

certificate to you.

n The digital certificate contains your personal information and

your public key and the content is signed by the CA’s private
key.

45
This is how a digital certificate system basically works
(cont’d)

n When someone wants to verify your identity, you pass your

digital certificate to him/her.

n The content of the digital certificate can be verified by checking

the digital signature.

n Upon successful verification, the public key can be extracted

from the digital certificate

n Finally he/she can use the verified public key to encrypt data for
you or to verify the digital signatures of your electronic
documents.

46
Question

n In reality, there are many CAs.

n If X’s and Y’s certificates are issued by CA1 and

CA2, respectively, how can X read Y’s certificate,
and vice versa?

n Please think about the possible ways to solve the

problem.

47
Answer – Certificate chain

n If CA1 and CA2 have issued a digital certificate to

each other, the following procedures can be used:
q X gets CA2’s certificate issued by CA1.

q With CA1’s public key, X can validate the

certificate and get CA2’s public key.
q X can then validate Y’s certificate with CA2’s public
key and gets Y’s public key.
q CA1=>CA2=>Y

n How can we establish a global CA system?

Reference:
W. Stallings, Cryptography and network security, Prentice Hall, 1999.

48
A hierarchical certificate authority structure

Root CA

Regional CA ... Regional CA

Local CA ... Local CA Local CA ... Local CA

49
Example: Secure Electronic Transaction
(SET) certificate system

Root CA

Brand CA
(e.g. Visa
or Master)

Geopolitical CA
(e.g. Visa Asia)

User level Payment

Merchant CA Cardholder CA
CA gateway CA

50
Certificate verification path

n Meaning of the arrow-heads : the

source CA has verified the target CA or
CA 1 subscriber (by issuing a certificate
signed by the source CA).
n So, CA1 has verified CA2, vice versa.
CA 2 CA 3
n U1 wants to verify the certificate of U3.
U1 U2 U3 n U1 needs to go through the following
U4
certificate verification path:
(a) CA1’s certificate issued by CA2
(b) CA3’s certificate issued by CA1
(c) U3’s certificate issued by CA3
References:
J. Feghhi, J. Feghhi and P. Williams, Digital Certificates, Addison-Wesley, 1998.
W. Ford and M. S. Baum, Secure Electronic Commerce, Prentice Hall, 1997.

51
Question

n How can U4 verify U1’s

certificate?
CA 1

CA 2 CA 3

U1 U2 U3 U4

References:
J. Feghhi, J. Feghhi and P. Williams, Digital Certificates, Addison-Wesley, 1998.
W. Ford and M. S. Baum, Secure Electronic Commerce, Prentice Hall, 1997.

52
Answer

CA 1 n U4 needs to go through the following

certificate verification path:
CA 2 CA 3 (a) CA1’s certificate issued by CA3
(b) CA2’s certificate issued by CA1
U1 U2 U3 U4 (c) U1’s certificate issued by CA2

References:
J. Feghhi, J. Feghhi and P. Williams, Digital Certificates, Addison-Wesley, 1998.
W. Ford and M. S. Baum, Secure Electronic Commerce, Prentice Hall, 1997.

53
Revocation of certificates

n Like a credit card, each certificate is assigned a validity period.

n However, a certificate may be revoked (e.g., the user’s private

key is lost).

n Each CA maintains a certificate revocation list (CRL) to

provide information on the revoked certificates.

n The CRL is signed by the corresponding CA and is usually

stored in a public directory.

n Before accepting a certificate, a user should check the CRL to

ensure that a certificate has not been revoked.

54
Challenge and response authentication
protocol (I)
n X and Y have a shared secret key K.
n X sends a challenge C to Y.
n Y computes the message digest R of C
concatenated with K.
n Y sends the response R to X. (It can be
encrypted with the shared secret key.)
n X verifies the response R (i.e., message
digest) based on C and K.
55
Challenge and response authentication
protocol (II)
n X encrypts a challenge with Y’s public key
and sends it to Y.
n Y decrypts it with the private key (i.e., to
obtain the challenge).
n Y encrypts the challenge/response with X’s
public key and sends it to X.
n X decrypts it with the private key and verifies
the response.

56