cos 461 fall 1997 todays lecture u intro to security in networking –confidentiality –integrity...
TRANSCRIPT
COS 461Fall 1997
Today’s Lecture
intro to security in networking– confidentiality– integrity– authentication– authorization
orientation for assignment 3
COS 461Fall 1997
Security Goals
confidentiality: Who can read this data? integrity: Who can modify this data?
authentication: Who am I talking to? authorization: Is this person allowed to do
this operation?
COS 461Fall 1997
Network Security Challenges
on the net, often communicate indirectly, through intermediaries– intermediaries can eavesdrop or corrupt
messages interact with unlimited number of parties frequent interactions with untrusted people
COS 461Fall 1997
Private Communication
encrypt
key
decrypt
key
ciphertextplaintext plaintext
Practical issues:- security of end systems- how to establish a shared secret key
COS 461Fall 1997
In Assignment 3...
use AcmeNet.Util.AcmeCipher cipher– constructor
» cipher = new AcmeCipher(long key);
– to encrypt a byte» ciphertext = cipher.crypt(plaintext);
» same to decrypt
– 64-bit (Java long) key
COS 461Fall 1997
Key Establishment
use armed courier– slow and expensive
use face-to-face meeting– doesn’t scale
use cryptographic tricks– good: no face-to-face meeting required– bad: hard to get right
COS 461Fall 1997
Diffie-Hellman Algorithm
the big picture– two strangers have a public conversation– result is a secret shared between them– eavesdroppers can’t learn the secret
patented; patent expired in September relies on difficulty of finding “discrete log”
– assume g and p are chosen cleverly– given gx mod p, very hard to determine x
COS 461Fall 1997
Diffie-Hellman in ActionAlice Bob
generate random A generate random B
Ma = gA mod p Mb = gB mod p
MaMb
compute K = MbA mod p
= gBA mod pcompute K = Ma
B mod p = gAB mod p
agree on g and p
COS 461Fall 1997
But Wait...Alice Dr. Evil Bob
Ma
Ea
Mb
Eb
encrypted data encrypted data
COS 461Fall 1997
What’s Going On?
Diffie-Hellman gives you a private connection to somebody
but you don’t know who is at the other end need to take separate steps to prevent man-
in-the-middle attack– digitally sign Diffie-Hellman messages, or– do separate authentication phase later
COS 461Fall 1997
In Assignment 3...
AcmeNet.Util.DiffieHellman class implements the math– built-in choice of g, p– to do an exchange
» make a new DiffieHellman object
» read its gx field and send it across
» get arriving message and pass it to the gotMessage method of your Diffie-Hellman object
» use the key field of the Diffie-Hellman object
COS 461Fall 1997
In Assignment 3...
PrivateConnection class extends Connection, adding privacy– start with an ordinary Connection– do a Diffie-Hellman exchange on the
connection to generate a private key– encrypt subsequent data on the connection with
the DH-generated key– no guarantees about who is on the other end
COS 461Fall 1997
Authentication
How can we protect against impersonation? two approaches
– digital signatures (and similar schemes)– trusted third party
usual approach: claim identity, then prove it sometimes, authenticate and exchange keys
in a single protocol
COS 461Fall 1997
Digital Signatures
everybody has two keys– a private key for signing– a public key for verifying signatures
need a secure way to find the keys of others– trusted certification authority signs “key
certificates”, or– “letter of introduction” approach
COS 461Fall 1997
Using Signatures (First Try)
challenge/response protocol how Alice proves her identity to Bob
– Bob sends a random “challenge” to Alice– Alice signs the challenge and sends it back– Bob verifies the signature
prone to man-in-the-middle attack
COS 461Fall 1997
Signatures and Diffie-Hellman
after D-H exchange, each side concatenates the message it sent and the message it received, and signs the pair
verify the other side’s signature nice synergy
– message sent by D-H acts as a challenge– signatures protect D-H from man-in-the-middle
COS 461Fall 1997
Trusted Third Party Auth.
Alice and Bob have a three-way conversation with a third party (“Trent”)
result is a key that only Alice and Bob know no need for signatures or public-key crypto Trent must be completely trustworthy or all
is lost each party must share a key with Trent
COS 461Fall 1997
Needham-Schroeder Protocol
steps– Alice and Bob state their identities
» they could be lying!
– Alice sends to Trent (“Alice”, “Bob”, na)– Trent generates a key K, creates a “ticket”
(“Alice”, K) and encrypts it with Bob’s key– Trent sends to Alice (na, “Bob”, K, encrypted-
ticket), all encrypted with Alice’s key– Alice sends the encrypted ticket to Bob
COS 461Fall 1997
Needham-Schroeder
in the end, either– Both parties are telling the truth about their
identities, and both know the key K, or– at least one party is lying, and the liar doesn’t
know K do a challenge-response handshake to
verify knowledge of K in both directions if handshake works, use K to encrypt data
COS 461Fall 1997
Key Verification Handshake
steps– set up encryption using the new key K
» actually, use K in one direction, K+1 in the other
– send a random challenge to the other side– receive the other side’s challenge, and add one
to it; send the result back– verify the other side’s response
COS 461Fall 1997
In Assignment 3...
use a modified version of Needham-Schroeder protocol– set up PrivateConnection– do key-exchange/auth protocol– switch to newly generated shared key
trusted AuthenticationService lives at a well-known location– talk to AuthService via PrivateConnection
COS 461Fall 1997
In Assignment 3...
each student has his/her own identity– String identity equal to Unix userid
each student shares a key with the AuthService– 64-bit value– think of it as a password– stored in protected file accessible to
AuthService
COS 461Fall 1997
Generating Your Key
can use AcmeNet.Util.Login to translate a String or byte-array into a Java long– can use text passphrase rather than a number
email exchange to set up keys please don’t
– use a serious secret as your key– use an easily guessable key– use the Assn 3 algorithms for high security
applications
COS 461Fall 1997
More About Security
public-key cryptography key management issues tamper-proof devices authorization logging, auditing and post-mortem repair intrusion detection policy creation and enforcement etc.