chapter 7: network security

Chapter 9: Network SecurityChapter 7: Network securityFoundations: what is security?cryptographyauthenticationmessage integritykey distribution and certificationSecurity in practice:application layer: secure e-mailtransport layer: Internet commerce, SSL, SETnetwork layer: IP securityFirewallsJanuary 13, 2010*

Chapter 9: Network Security

Chapter 9: Network SecurityWhat is network security?Confidentiality: only sender, intended receiver should understand message contentssender encrypts messagereceiver decrypts messageAuthentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detectionAccess and Availability: services must be accessible and available to usersJanuary 13, 2010*


Chapter 9: Network SecurityInternet security threatsPacket sniffing: broadcast mediapromiscuous NIC reads all packets passing bycan read all unencrypted data (e.g. passwords)e.g.: C sniffs Bs packetsABCJanuary 13, 2010*


Chapter 9: Network SecurityInternet security threatsIP Spoofing: can generate raw IP packets directly from application, putting any value into IP source address fieldreceiver cant tell if source is spoofede.g.: C pretends to be BABCJanuary 13, 2010*


Chapter 9: Network SecurityInternet security threatsDenial of service (DOS): flood of maliciously generated packets swamp receiverDistributed DOS (DDOS): multiple coordinated sources swamp receivere.g., C and remote host SYN-attack AABCJanuary 13, 2010*


Cryptography Principles Chapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityFriends and enemies: Alice, Bob, Trudywell-known in network security worldBob, Alice (lovers!) want to communicate securelyTrudy (intruder) may intercept, delete, add messagessecuresendersecurereceiverchanneldata, control messagesdatadataAliceBobTrudyJanuary 13, 2010*


Chapter 9: Network SecurityWho might Bob, Alice be? well, real-life Bobs and Alices!Web browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?January 13, 2010*


Chapter 9: Network SecurityThe language of cryptographysymmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption key secret (private)plaintextplaintextciphertextencryptionalgorithmdecryption algorithmAlices encryptionkeyBobs decryptionkeyJanuary 13, 2010*


Symmetric Key CryptographyChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecuritySymmetric key cryptographysubstitution cipher: substituting one thing for anothermonoalphabetic cipher: substitute one letter for anotherplaintext: abcdefghijklmnopqrstuvwxyzciphertext: mnbvcxzasdfghjklpoiuytrewqPlaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbcE.g.:Q: How hard to break this simple cipher?:brute force (how hard?)other?January 13, 2010*Translation Table


Chapter 9: Network SecurityPerfect cipher [Shannon 1948]Definition:Let C = E[M]Pr[C=c] = Pr[C=c | M]Example: one time padGenerate random bits b1 ... bnE[M1 ... Mn] = (M1 b1 ... Mn bn )Cons: size Pseudo Random GeneratorG(R) = b1 ... bnIndistinguishable from random (efficiently)

January 13, 2010*


Chapter 9: Network SecuritySymmetric key crypto: DESDES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64 bit plaintext inputHow secure is DES?DES Challenge: 56-bit-key-encrypted phrase (Strong cryptography makes the world a safer place) decrypted (brute force) in 4 monthsno known backdoor decryption approachmaking DES more secureuse three keys sequentially (3-DES) on each datumuse cipher-block chainingJanuary 13, 2010*


Chapter 9: Network SecuritySymmetric key crypto: DESinitial permutation 16 identical rounds of function application, each using different 48 bits of keyfinal permutation

January 13, 2010*


Chapter 9: Network SecurityCipher Block ChainingHow do we encode a large messageWould like to guarantee integrityEncoding:Ci = E[Mi Ci-1]Decoding:Mi = D[Ci] Ci-1Malfunctions:LossReorder/ integrityQn: How can one change message unnoticed if it is encoded without chaining?January 13, 2010*


7: Network Security*Cipher Block Chaining ModeCipher block chaining. (a) Encryption. (b) Decryption.January 13, 2010*Chapter 9: Network Security


Chapter 9: Network SecurityDiffie-Hellman key exchange protocolGoal: Allow strangers establish a shared secret key for later communicationAssume two parties (Alice and Bob) want to establish a secret key. Alice and Bob agree on two large numbers, n and g usually, these are publicly known, and have some additional conditions applied (e.g., n must be prime)

January 13, 2010*


Chapter 9: Network SecurityDiffie-Hellman Key ExchangeAlice picks large x, Bob picks large y (e.g., 512 bits)January 13, 2010*


Chapter 9: Network SecurityMan in the middle attackEavesdropper cant determine secret key (gxy mod n) from (gx mod n) or (gy mod n)However, how does Alice and Bob know if there is a third party adversary in between?January 13, 2010*


Chapter 9: Network SecurityExponentiationCompute gx mod n Expg,n (x)Assume x = 2y + bLet z = Expg,n (y)R=z2 If (b=1) R = g R mod nReturn RComplexity: logarithmic in xJanuary 13, 2010*


Public Key CryptographyChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityPublic Key Cryptographysymmetric key cryptorequires sender, receiver know shared secret keyQ: how to agree on key in first place (particularly if never met)?

public key cryptographyradically different approach [Diffie-Hellman76, RSA78]sender, receiver do not share secret keyencryption key public (known to all) decryption key private (known only to receiver)

January 13, 2010*


Chapter 9: Network SecurityPublic key cryptographyplaintextmessage, mciphertextencryptionalgorithmdecryption algorithmBobs public key plaintextmessageK B+Bobs privatekey K B-January 13, 2010*


Chapter 9: Network SecurityPublic key encryption algorithmsneed d ( ) and e ( ) such thatBB..Two inter-related requirements:RSA: Rivest, Shamir, Adelman algorithmJanuary 13, 2010*private key not derivable from public key (practically)


Chapter 9: Network SecurityRSA: Choosing keys1. Choose two large prime numbers p, q. (e.g., 1024 bits each)2. Compute n = pq, z = (p-1)(q-1) = (n)3. Choose e (with e

Chapter 9: Network SecurityRSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above2. To decrypt received bit pattern, c, compute(i.e., remainder when c is divided by n)dJanuary 13, 2010*(1) Eulers theorem (Number Theory)


Chapter 9: Network SecurityRSA example:Bob chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z). lettermmel12152483217c1748196857210675091509141182522307200012letterlencrypt:decrypt:January 13, 2010*


Chapter 9: Network SecurityRSA: WhyNumber theory result:

IF pq = n, p and q primes then: x y mod n = x (y mod (p-1)(q-1) ) mod n

(m e)d mod n = m (ed mod (p-1)(q-1)) mod n

But ed 1 divisible by (p-1)(q-1) i.e., ed mod (p-1)(q-1) = 1

= m 1 mod n = mJanuary 13, 2010*


Chapter 9: Network Securitymodified Diffie-Hellman Key ExchangeEncrypt 1 with Bobs public key, 2 with Alices public keyPrevents man-in-the-middle attackActually, nonces and a third message are needed to fully complete this exchange (in a few slides) January 13, 2010*


AuthenticationChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityAuthenticationGoal: Bob wants Alice to prove her identity to himProtocol ap1.0: Alice says I am AliceFailure scenario??I am AliceJanuary 13, 2010*


Chapter 9: Network SecurityAuthenticationGoal: Bob wants Alice to prove her identity to himProtocol ap1.0: Alice says I am Alicein a network,Bob can not see Alice, so Trudy simply declaresherself to be AliceI am AliceJanuary 13, 2010*


Chapter 9: Network SecurityAuthentication: another tryProtocol ap2.0: Alice says I am Alice in an IP packetcontaining her source IP address Failure scenario??January 13, 2010*


Chapter 9: Network SecurityAuthentication: another tryProtocol ap2.0: Alice says I am Alice in an IP packetcontaining her source IP address Trudy can createa packet spoofingAlices addressJanuary 13, 2010*


Chapter 9: Network SecurityAuthentication: another tryProtocol ap3.0: Alice says I am Alice and sends her secret password to prove it.Failure scenario??January 13, 2010*


Chapter 9: Network SecurityAuthentication: another tryProtocol ap3.0: Alice says I am Alice and sends her secret password to prove it.playback attack: Trudy records Alices packetand laterplays it back to Bob Im AliceAlices IP addrAlices passwordJanuary 13, 2010*


Chapter 9: Network SecurityAuthentication: yet another tryProtocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it.Failure scenario??January 13, 2010*


Chapter 9: Network SecurityAuthentication: another tryProtocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it.recordandplaybackstill works!Im AliceAlices IP addrencryptedpasswordJanuary 13, 2010*


Chapter 9: Network SecurityAuthentication: yet another tryGoal: avoid playback attackFailures, drawbacks?Nonce: number (R) used only once in-a-lifetimeap4.0: to prove Alice live, Bob sends Alice nonce, R. Alicemust return R, encrypted with shared secret keyI am AliceRAlice is live, and only Alice knows key to encrypt nonce, so it must be Alice!January 13, 2010*


Chapter 9: Network SecurityAuthentication: ap5.0ap4.0 requires shared symmetric key can we authenticate using public key techniques?ap5.0: use nonce, public key cryptographyI am AliceRBob computes

send me your public keyand knows only Alice could have the private key, that encrypted R such thatJanuary 13, 2010*


Chapter 9: Network Securityap5.0: security holeMan (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)I am AliceI am AliceRSend me your public keySend me your public keyTrudy getssends m to Alice encrypted with Alices public keyRJanuary 13, 2010*


Chapter 9: Network Securityap5.0: security holeMan (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well! January 13, 2010*


Message Integrity (Signatures etc)Chapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityDigital Signatures Cryptographic technique analogous to hand-written signatures.Sender (Bob) digitally signs document, establishing he is document owner/creator. Verifiable, nonforgeable: recipient (Alice) can verify that Bob, and no one else, signed document.Assumption:eB(dB(m)) = dB(eB(m))RSA

Simple digital signature for message m:Bob decrypts (signs) m with his private key dB, creating signed message, dB(m).Bob sends m and dB(m) to Alice.

January 13, 2010*


Chapter 9: Network SecurityDigital Signatures (more)Suppose Alice receives msg m, and digital signature dB(m)Alice verifies m signed by Bob by applying Bobs public key eB to dB(m) then checks eB(dB(m) ) = m.If eB(dB(m) ) = m, whoever signed m must have used Bobs private key.

Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m.Non-repudiation:Alice can take m, and signature dB(m) to court and prove that Bob signed m.

January 13, 2010*


Chapter 9: Network SecurityMessage DigestsComputationally expensive to public-key-encrypt long messages Goal: fixed-length,easy to compute digital signature, fingerprintapply cryptographic hash function H to m, get fixed size message digest, H(m).

Hash function properties:Many-to-1Produces fixed-size msg digest (fingerprint)Given message digest x, computationally infeasible to find m such that x = H(m)computationally infeasible to find any two messages m and m such that H(m) = H(m).

January 13, 2010*


Chapter 9: Network SecurityHash Function AlgorithmsInternet checksum would make a poor message digest.Too easy to find two messages with same checksum.

MD5 hash function widely used. Computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x.SHA-1 is also used.US standard160-bit message digestJanuary 13, 2010*


Chapter 9: Network SecurityH(m)Bobs privatekey Bob sends digitally signed message:Alice verifies signature and integrity of digitally signed message:Bobs publickey equal ?Digital signature = signed message digestJanuary 13, 2010*


Key Distribution CentersChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityProblems with Public-Key EncryptionA way for Trudy to subvert public-key encryption.January 13, 2010*


Chapter 9: Network SecurityTrusted IntermediariesProblem:How do two entities establish shared secret key over network?Solution:trusted key distribution center (KDC) acting as intermediary between entities

Problem:When Alice obtains Bobs public key (from web site, e-mail, diskette), how does she know it is Bobs public key, not Trudys?Solution:trusted certification authority (CA)

January 13, 2010*


Chapter 9: Network SecurityKey Distribution Center (KDC)Alice,Bob need shared symmetric key.KDC: server shares different secret key with each registered user. Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. Alice communicates with KDC, gets session key R1, and KB-KDC(A,R1)Alice sends Bob KB-KDC(A,R1), Bob extracts R1Alice, Bob now share the symmetric key R1.

January 13, 2010*


Chapter 9: Network SecurityCertification AuthoritiesCertification authority (CA) binds public key to particular entity. Entity (person, router, etc.) can register its public key with CA.Entity provides proof of identity to CA. CA creates certificate binding entity to public key.Certificate digitally signed by CA, using CAs private keyWhen Alice wants Bobs public key:gets Bobs certificate (Bob or elsewhere).Apply CAs public key to Bobs certificate, get Bobs public keyJanuary 13, 2010*


Chapter 9: Network SecurityX.509 is the standard for certificatesThe basic fields of an X.509 certificate.January 13, 2010*


Chapter 9: Network SecurityPublic-Key InfrastructuresPKIs are a way to structure certificates(a) A hierarchical PKI. (b) A chain of certificates.January 13, 2010*


Chapter 9: Network SecurityExample revisited (solved with certificates)Trudy presents Alice a certificate, purporting to be Bob, but Alice is unable to trace Trudys certificate back to a trusted rootBe wary if your browser warns about certs!January 13, 2010*


Secure emailChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecuritySecure e-mail Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob. Alice wants to send confidential e-mail, m, to Bob.January 13, 2010*


Chapter 9: Network SecuritySecure e-mail Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m Alice wants to send confidential e-mail, m, to Bob.January 13, 2010*


Chapter 9: Network SecuritySecure e-mail (continued) Alice wants to provide sender authentication message integrity. Alice digitally signs message. sends both message (in the clear) and digital signature.January 13, 2010*


Chapter 9: Network SecurityPretty good privacy (PGP)Internet e-mail encryption scheme, a de-facto standard.Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described.Provides secrecy, sender authentication, integrity.Inventor, Phil Zimmerman, was target of 3-year federal investigation.---BEGIN PGP SIGNED MESSAGE---Hash: SHA1

Bob:My husband is out of town tonight.Passionately yours, Alice

---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2---END PGP SIGNATURE---

A PGP signed message:January 13, 2010*


Secure Socket layer (SSl)Chapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecuritySecure sockets layer (SSL)PGP provides security for a specific network app.SSL works at transport layer. Provides security to any TCP-based app using SSL services. SSL: used between WWW browsers, servers for E-commerce (https).SSL security services:server authenticationdata encryption client authentication (optional)Server authentication:SSL-enabled browser includes public keys for trusted CAs.Browser requests server certificate, issued by trusted CA.Browser uses CAs public key to extract servers public key from certificate. Visit your browsers security menu to see its trusted CAs.January 13, 2010*


Chapter 9: Network SecurityInternet Explorer:Tools Internet options Content CertificatesJanuary 13, 2010*


Chapter 9: Network SecurityInternet Explorer: Error MessageJanuary 13, 2010*


Chapter 9: Network SecuritySSL (continued)Encrypted SSL session:Browser generates symmetric session key, encrypts it with servers public key, sends encrypted key to server.Using its private key, server decrypts session key.Browser, server agree that future msgs will be encrypted.All data sent into TCP socket (by client or server) is encrypted with session key.SSL: basis of IETF Transport Layer Security (TLS).SSL can be used for non-Web applications, e.g., IMAP.Client authentication can be done with client certificates.January 13, 2010*


SSL basicsJanuary 13, 2010Chapter 9: Network Security*


Access Control in the NetworkChapter 9: Network SecurityJanuary 13, 2010*


Chapter 9: Network SecurityFirewallsTwo firewall types:packet filterapplication gatewaysTo prevent denial of service attacks:SYN flooding: attacker establishes many bogus TCP connections. Attacked host allocs TCP buffers for bogus connections, none left for real connections. To prevent illegal modification of internal data.e.g., attacker replaces CIAs homepage with something elseTo prevent intruders from obtaining secret info.isolates organizations internal net from larger Internet, allowing some packets to pass, blocking others.January 13, 2010*


Chapter 9: Network SecurityPacket FilteringInternal network is connected to Internet through a router.Router manufacturer provides options for filtering packets, based on:source IP addressdestination IP addressTCP/UDP source and destination port numbersICMP message typeTCP SYN and ACK bitsExample 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.All incoming and outgoing UDP flows and telnet connections are blocked.Example 2: Block inbound TCP segments with ACK=0.Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.January 13, 2010*


Chapter 9: Network SecurityVirtual Private NetworksUsing firewalls and IPsec encryption to provide a leased-line like connection over the Internet(a) A leased-line private network. (b) A virtual private network.January 13, 2010*


Chapter 9: Network SecurityApplication gatewaysFilters packets on application data as well as on IP/TCP/UDP fields.Example: allow select internal users to telnet outside.1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections3. Router filter blocks all telnet connections not originating from gateway.January 13, 2010*


Chapter 9: Network SecurityLimitations of firewalls and gatewaysIP spoofing: router cant know if data really comes from claimed sourceIf multiple apps. need special treatment, each has own app. gateway.Client software must know how to contact gateway.e.g., must set IP address of proxy in Web browserFilters often use all or nothing policy for UDP.Tradeoff: degree of communication with outside world, level of securityMany highly protected sites still suffer from attacks.January 13, 2010*


Chapter 9: Network SecurityNetwork Security (summary)Basic techniques...cryptography (symmetric and public)authenticationmessage integrity. used in many different security scenariossecure emailsecure transport (SSL)IP secFirewallsJanuary 13, 2010*


*******Advanced Encryption Standard (AES)********Always there is a solution, and satisfies (Chinese Remainder)

*****************

chapter 7: network security

Documents

network securitychapter

network securityjanuary

network securityfriends

network securitywhat

network securityfoundations

network securitywho

network security worldbob

encryption key public