21 networksecurity 13-10-2011

7/23/2019 21 NetworkSecurity 13-10-2011

http://slidepdf.com/reader/full/21-networksecurity-13-10-2011 1/44

Md. Kamrul Hasan

Assistant Professor and Chairman

Computer and Communication Engineering Dept.

Network SecurityNetwork Security



Classifying security attacks:Passive Attacks & Active Attacks

A passive attack attempts to learn or make use of information from

the system but does not affect system resources. An active attack

attempts to alter system resources or affect their operation.

Passive attacks are in the nature of eavesdropping on, or

monitoring of, transmissions• eavesdropping on transmissions

• to otain information ! release of possily sensitive"confidential message contents

! traffic analysis #hich monitors fre$uency and length of messagesto get info on senders

• difficult to detect

• can e prevented using encryption: emphasis in dealing #ith

passive attacks is on prevention rather than detection



Passive Attacks



Active Attacks



Active Attacks

Active attacks involve some modification of the data streamor the creation of a false stream and can e sudivided intofour categories: mas$uerade, replay, modification ofmessages, and denial of service.

• mas$uerade ! pretending to e a different entity

• replay• modification of messages• denial of service

• easy to detect ! detection may lead to deterrent

• hard to prevent ! focus on detection and recovery



%ymmetric Encryption

%ymmetric encryption, also referred to as conventional encryption orsinglekey encryption, #as the only type of encryption in use prior tothe introduction of pulickey encryption



'e$uirements for %ecurity

• strong encryption algorithm

! even kno#n, unale to decrypt #ithout key

! even if many plainte(ts & cipherte(ts availale

• sender and receiver must otain secretkey securely

•once key is kno#n, all communicationusing this key is readale



Attacking Encryption

)here are t#o general approaches to attacking asymmetric encryption scheme:

• cryptanalysis ! relay on nature of algorithm plus some kno#ledge of

general characteristics of plainte(t

! attempt to deduce plainte(t or key

• rute force ! try every possile key until plainte(t is recovered

! rapidly ecomes infeasile as key si*e increases

! +it key is not secure



-lock Ciphers

• most common symmetric algorithms

• process plain te(t in fi(ed lock si*esproducing lock of cipher te(t of e$ual si*e

• most important current lock ciphers:

! Data Encryption %tandard DE%/

! Advanced Encryption %tandard



Data Encryption %tandard

• 0% standard

• 1 it plain te(t locks

• + it key• roken in 2334 y Electronic 5rontier5oundation ! special purpose 0%67+8,888 machine

! #ith detailed pulished description

! less than three days

! DE% no# #orthless



)riple DEA

)he life of DE% #as e(tended y the use oftriple DE% 9DE%/, #hich involvesrepeating the asic DE% algorithm three

times, using either t#o or three uni$uekeys, for a key si*e of 227 or 24 its.

• Dra#ack of 9DE% is that the algorithm is

relatively sluggish in soft#are.• A secondary dra#ack is that oth DE%and 9DE% use a 1it lock si*e.



Advanced Encryption %tandard

• ;%) issued call for proposals for an AdvancedEncryption %tandard AE%/ in 233< ! security strength e$ual to or etter than 9DE%

! significantly improved efficiency ! symmetric lock cipher #ith lock length 274 its

! key lengths 274, 237, and 7+ its

! evaluation include security, computational

efficiency, memory re$uirements, hard#are andsoft#are suitaility, and fle(iility

! AE% issued as 5;P% federal information processingstandard /23< in 7882



AE% Description

• assume key length 274 its

• input a 274it lock s$uare matri( of ytes/

! copied into state array, modified at each stage

! after final stage, state copied to output matri(

• 274it key s$uare matri( of ytes/

! e(panded into array of 11 97it key schedule

#ords• yte ordering y column

! 2st 1 ytes of 274it input occupy 2st column

! 2st 1 ytes of e(panded key occupy 2st column



AES Encryption and Decryption

1. )he key that is provided as

input is e(panded into an arrayof fortyfour 97it #ords.2. 5our different stages areused, one of permutation andthree of sustitutionSubstitute bytes: 0ses a tale,

referred to as an %o(, toperform a yteyytesustitution of the lockSi!t rows: A simplepermutation that is performedro# y ro#

Mi" columns: A sustitutionthat alters each yte in a column Add round key: A simpleit#ise =>' of the current lock#ith a portion of the e(pandedkey



AES Encryption and Decryption

#. )he structure is $uite

simple. 5or oth encryptionand decryption, the cipheregins #ith an Add 'ound?ey stage, follo#ed y ninerounds that each includes allfour stages, follo#ed y a

tenth round of three stages.$. >nly the Add 'ound ?eystage makes use of the key.5or this reason, the cipheregins and ends #ith an Add'ound ?ey stage.



AES Encryption %ound

&. )he Add 'ound ?ey stage yitself #ould not e formidale. )he

other three stages togetherscramle the its, ut ythemselves #ould provide nosecurity ecause they do not usethe key. @e can vie# the cipher asalternating operations of =>'

encryption Add 'ound ?ey/ of alock, follo#ed y scramling of thelock the other three stages/,follo#ed y =>' encryption, and soon. )his scheme is oth efficientand highly secure.

'. Each stage is easily reversile.5or the %ustitute -yte, %hift 'o#,and i( Columns stages, aninverse function is used in thedecryption algorithm. 5or the Add'ound ?ey stage, =>' is its o#n

inverse.




(. As #ith most lockciphers, the decryptionalgorithm makes use of thee(panded key in reverseorder. Bo#ever, thedecryption algorithm is notidentical to the encryptionalgorithm. )his is a

conse$uence of theparticular structure of AE%.). >nce it is estalished thatall four stages arereversile, it is easy to verifythat decryption does

recover the plainte(t. 5igure72.7 lays out encryption anddecryption going in oppositevertical directions. At eachhori*ontal point %tate is thesame for oth encryption

and decryption.




*. )he final round of oth encryptionand decryption consists of only threestages. Again, this is a conse$uenceof the particular structure of AE%and is re$uired to make the cipherreversile.



ocation of Encryption Devices

Encryption can e done in t#o fundamental alternatives:

ink encryption and

Endtoend encryption.



ink Encryption

• @ith link encryption each communication link e$uippedat oth ends• all traffic secure• high level of security although it re$uires lots of

encryption devices

Disadvantage:• message must e decrypted at each s#itch to read

address virtual circuit numer/ to route the packet.• security vulnerale at s#itches

! particularly on pulic s#itched net#ork



End to End Encryption

• encryption done at ends of system• data in encrypted form crosses net#ork

unaltered

• destination shares key #ith source to decrypt@eak %pot:• host can only encrypt user data

! other#ise s#itching nodes could not read header or

route packet• hence traffic pattern not secure

• solution is to use oth link and end to end



?ey Distriution

• symmetric encryption needs key distriution ! protected for access y others

! changed fre$uently

• possiilities for key distriution2. key selected y A and delivered to -

7. third party selects key and delivers to A and -

9. use old key to encrypt & transmit ne# key from A to -1. use old key to transmit ne# key from third party to A

and -



Automatic ?ey Distriution



essage Authentication

• protection against active attacks #ith

! falsification of data

! falsification of source

• authentication allo#s receiver to verify thatmessage is authentic

! has not een altered

! is from claimed"authentic source

! timeliness



Authentication 0sing %ymmetricEncryption

• assume sender & receiver only kno# key

• only sender could have encryptedmessage for other party

• message must include one of:

! error detection code

! se$uence numer

! time stamp



Authentication @ithoutEncryption

• authentication tag generated and appended toeach message

• message not encrypted

• useful #hen dont #ant encryption ecause: ! messages roadcast to multiple destinations

• have one destination responsile for authentication

! one side heavily loaded

• encryption adds to #orkload• can authenticate random messages

! programs authenticated #ithout encryption can ee(ecuted #ithout decoding



essage Authentication Code

• generate authentication code ased on sharedkey and message

• common key shared et#een A and -

• if only sender and receiver kno# key and codematches:

! receiver assured message has not altered

! receiver assured message is from alleged sender ! if message has se$uence numer, receiver assured

of proper se$uence

• can use various algorithms, eg. DE%



essage Authentication Code



>ne @ay Bash 5unction

• accepts variale si*e message and producesfi(ed si*e tag message digest/ ! ut #ithout use of a secret key

• send digest #ith message• in manner that validates authenticity

• advantages of authentication #ithout encryption ! encryption is slo#

! encryption hard#are e(pensive

! encryption hard#are optimi*ed for large data sets

! algorithms covered y patents

! algorithms suect to e(port controls from 0%A/



+sin, -ne ay Has /unctions

)he message digest can also e encrypted using pulic

key encryption part /F )he pulickey approach has t#oadvantages:it provides a digital signature as #ell as messageauthentication, andit does not re$uire the distriution of keys tocommunicating parties.

A hash function ut no encryption for messageauthentication. )his techni$ue assumes that t#ocommunicating parties, say A and -, share a commonsecret value SAB. @hen A has a message to send to -,it calculates the hash function over the concatenation of

the secret value and the message: DM G BSABHHM /. ;tthen sends IM HHDM J to -. -ecause - possesses SAB, itcan recompute BSABHHM / and verify DM . -ecause thesecret value itself is not sent, it is not possile for anattacker to modify an intercepted message. As long asthe secret value remains secret, it is also not possile for

an attacker to generate a false message.



%ecure Bash 5unctions

• produce a KfingerprintL of message"file• must have the follo#ing properties:

! can e applied to any si*e data lock

! produce fi(ed length output ! easy to compute

! not feasile to reverse

! not feasile to find t#o messages #ith thesame hash

• giving K#eakL & KstrongL hash functions

• also used for data integrity



%ecure Bash Algorithm

• %ecure Bash Algorithm %BA/ ! %BA defined in 5;P% 248 2339/, 28it hash

! %BA2 defined in 5;P% 2482 233+/

! %BA7+, %BA941, %BA+27 defined in 5;P%2487 7887/, 7+"941"+27it hashes

• %BA2 eing phased out, attack kno#n

• %BA+27 processes input message ! #ith total si*e less than 7274 its

! in 2871 it locks

! to produce a +27it digest



%BA+27 Bash 5unction



%BA+27

)he processing consists of the follo#ing steps:• Step 1: Append paddin, bits. )he message is paddedso that its length is congruent to 43 modulo 2871Ilength mod 2871 G 43/.

• Step 2: Append len,t. A lock of 274 its is appended

to the message. )his lock is treated as an unsigned274it integer most significant yte first/ and containsthe length of the original message efore the padding/

• Step #: 0nitialie MD bu!!er. A +27it uffer is used tohold intermediate and final results of the hash function.

• Step $: rocess messa,e in &123bit 41'3word5 blocks.)he heart of the algorithm is a module that consists of 48rounds of processing. )he 48 rounds have a the samestructure, ut vary some constants and logical functions.

• Step &: -utput. After all N 2871it locks have een

processed, the output from theN

th stage is the +27itmessage digest.



Pulic ?ey Encryption

A pulickey encryption scheme has si( ingredients:• lainte"t: the readale message or data fed into the algorithm as input.• Encryption al,oritm: performs various transformations on the plainte(t.• ublic and pri6ate key: a pair of keys #here one is used for encryption and theother for decryption. )he pulic key of the pair is made pulic for others to use, #hilethe private key is kno#n only to its o#ner.• 7iperte"t: the scramled message produced as output, #hich depends on theplainte(t and key.• Decryption al,oritm: accepts the cipherte(t and the matching key and producesthe original plainte(t.



Pulic ?ey Encryption >peration

• pulic key is used for encryption

• private key is used for decryption

• infeasile to determine decryption key given

encryption key and algorithm

• steps: ! user generates pair of keys

! user places one key in pulic domain ! to send a message to user, encrypt using pulic key

! user decrypts using private key



Digital %ignatures

;n this case -o uses his o#n private key to encrypt the message. @hen Alice

receives the cipherte(t, she finds that she can decrypt it #ith -oMs pulic key, thusproving that the message must have een encrypted y -o. o one else has-oMs private key and therefore no one else could have created a cipherte(t thatcould e decrypted #ith -oMs pulic key. )herefore, the entire encrypted messageserves as a di,ital si,nature. ;n addition, it is impossile to alter the message#ithout access to -oMs private key, so the message is authenticated oth in terms

of source and in terms of data integrity.



Digital %ignatures

• sender encrypts message #ith private key

• receiver decrypts #ith senders pulic key

• authenticates sender • does not give privacy of data

! must send oth original and encrypted copies

• more efficient to sign authenticator ! a secure hash of message

! send signed hash #ith message



'%A Algorithm



'%A E(ample

% % "



%ecure %ockets ayer ")ransport ayer %ecurity

• %ecure %ockets ayer %%/ is a #idely used setof general purpose security protocols

! use )CP to provide reliale endtoend service

• )ransport ayer %ecurity )%/ in '5C 771• t#o implementation options

! incorporated in underlying protocol suite

! emedded in specific packages• minor differences et#een %%v9 and )%



%% Connection and %ession

• %% Connection ! a transport connection providing suitale service

! are peertopeer, transient

! associated #ith one session

! multiple secure connections et#een parties possile• %% session

! an association et#een client and server

! created y Bandshake Protocol

! define set of cryptographic security parameters ! to avoid negotiation of ne# security parameters for eachconnection

! multiple simultaneous sessions et#een parties possileut not used in practice



Bandshake Protocol

• most comple( protocol

• allo#s parties to authenticate each other

• and negotiate encryption and ACalgorithm and cryptographic keys

• series of messages #ith four phases:

! phase 2 ;nitiate Connection ! phase 7 Certificate"?ey E(change

! phase 9 Client Nerifies Certificate, Parameters

! phase 1 Complete %ecure Connection %etup



%%Bandshake

Protocol

21 networksecurity 13-10-2011

Documents