Network Encryption - University of St. Thomas

Download Report

Transcript Network Encryption - University of St. Thomas

CISC 210 - Class Today
•
•
•
•
•
Project Schedule
Upcoming Lab
Recap
Protocols and Layering
Network Encryption
– Link vs Network vs Application
March 2005
R. Smith - University of St Thomas - Minnesota
1
Project Schedule
• April 22: 1 week after Easter
– Project Proposal DUE
– You want to start working on the project NOW
– You want to have your team in place ASAP
• April 27: 1 week later
–
–
–
–
Project OUTLINE Due
The outline is a bit of work
It counts for a chunk of the assignment (20% or so)
DON’T MESS IT UP
March 2005
R. Smith - University of St Thomas - Minnesota
2
The Lab
• Lab Objective: map the lab machines
• Lab Groups
– I’ve assigned groups via e-mail – I’ll also post groups
– Do the labs as a group (this one and future ones)
– If you want to trade group members, talk to me FIRST
• Where to do it
– Lab down the hall – OSS 428
• When to do it
– I’ll set up a schedule
– OR – do it on your own time if you have card access
3/28/2016
R. Smith - University of St Thomas - Minnesota
3
Recap
•
•
•
•
•
•
Wireless LANs - recap
Link Encryption – book style
Link encryption – LAN style
WEP
WPA
Clipper and Escrowed Encryption
March 2005
R. Smith - University of St Thomas - Minnesota
4
Protocols and Layers
• We use layering for several things
– Organize the software
– Format the packets
• What it really does:
Establish a relationship between software
components on different computers
– Layers communicate with each other at same layer
• IP – IP or TCP – TCP or HTTP – HTTP
– They ‘use’ the lower layers to carry their messages
March 2005
R. Smith - University of St Thomas - Minnesota
5
Protocol Layering Examples
• Network class –
bear with me
• Pizza delivery
example
– How do we order
pizza at a party?
March 2005
R. Smith - University of St Thomas - Minnesota
6
Network Protocol Layering
Usually a ‘funnel’ shape
• Top level = Applications
– Lots of choices: e-mail, web, file exchange,
– Uses ‘socket interface’ to talk to networks
• Mid levels = “The Protocol Stack”
– Transport layer: UDP/TCP
– Internet layer: IP
– Link layer: LAN protocols
• Bottom level = device driver connections
– Hardware-specific software, configuration
– Uses device driver interface to link to the protocol stack
– Uses a cable or antenna to link to the network
March 2005
R. Smith - University of St Thomas - Minnesota
7
Packets follow the layers
• Upper layer data = innermoust
• Lower layer data = outermost
• Innermost data usually travels the network
unchanged
• Outermost data gets swapped with each hop
through a router
March 2005
R. Smith - University of St Thomas - Minnesota
8
Addressing
• Reachability => what address you have
• Layer 2 addresses can’t traverse Layer 3
March 2005
R. Smith - University of St Thomas - Minnesota
9
A Routing Exercise
•
•
•
•
LAN 1: hosts A, B, C
LAN 2: hosts D, E, F
LAN 3: hosts G, H, I
Layer 3 Router connects LANs 1 and 2
• Given MAC addresses
– Can A reach: C, D, F, H
– Can G reach I, D, A
• Given IP addresses
– Answer above questions again
March 2005
R. Smith - University of St Thomas - Minnesota
10
The Network Security Problem
• Protection is usually local
• Network data travels to remote locations
March 2005
R. Smith - University of St Thomas - Minnesota
11
Risk: Eavesdropping
• An established social tradition (“party lines”)
March 2005
R. Smith - University of St Thomas - Minnesota
12
Risk: Forgery
• Who really sent the message?
March 2005
R. Smith - University of St Thomas - Minnesota
13
Risk: Replay
• If a message worked once, why not again,
• and again?
March 2005
R. Smith - University of St Thomas - Minnesota
14
How do we fix this?
• Again, it depends on policy
– What are we really trying to achieve (“the big picture”)
– What are the real risks to that big picture?
• Practical networking choices
– Should/must the users control the defenses?
• Can/should they choose what gets protected?
– Can we isolate the users in a safe but restrictive “bubble”?
• If not, what access do they need to the ‘outside’?
– What external, secure connections do we need?
• Are they ad-hoc, or can we anticipate them?
• Risk Assessment
– Which threats matter: eavesdropping, forgery, replay?
March 2005
R. Smith - University of St Thomas - Minnesota
15
Security and the Protocol Stack
• We get different
results by putting
protection in
different places
in the protocol
architecture
Application
TCP/UDP Layer
IP Layer
Protocol
Stack
Link Layer
Device Driver
March 2005
R. Smith - University of St Thomas - Minnesota
16
Security and the Protocol Stack
Classic layer-oriented
examples of crypto
protocols
• Application: PGP
PGP
Application
SSL
TCP/UDP Layer
– encrypts application data
• Trans->App: SSL
– encrypts the connection
Protocol
Stack
• IP->Transport: IPSEC
– encrypts routable packets
• Link Level: WEP/WPA
– encrypts LAN packets
March 2005
R. Smith - University of St Thomas - Minnesota
IPSEC
IP Layer
Link Layer
Device Driver
WEP/WPA
17
How Crypto works in the stack
• “Above” a crypto layer
– Data is assumed to be in plaintext form
• “At” a crypto layer
–
–
–
–
We convert between plaintext and ciphertext
We have access to some keys
We generate some plaintext headers
Some header info may be encrypted or protected otherwise
• “Below” the crypto layer
– New network headers are added in plaintext
March 2005
R. Smith - University of St Thomas - Minnesota
18
How it works Geographically
• Application layer encryption
– “End to end security” – routable, and inaccessible to others
– Defeats intermediate virus scans, intrusion detection
– Applied at the discretion of the end user (usually)
• Socket layer encryption
– Application-application security – similar to application layer
– Often applied automatically under control of the server
– Sometimes it is a user-level option
• IPSEC – IP Security Protocols
– Internet layer security – protects routable packets, per-packet
– Protects all Internet application traffic equally
– Often a substitute for inter-site leased lines
March 2005
R. Smith - University of St Thomas - Minnesota
19
Diagramming the Crypto
• Elements
–
–
–
–
Protocol stack elements
Where the crypto goes
What is encrypted
What is plaintext
March 2005
R. Smith - University of St Thomas - Minnesota
20
Let’s visit the lab
• It’s down the hall
3/28/2016
R. Smith - University of St Thomas - Minnesota
21
That’s it
• Questions?
Creative Commons License
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United
States License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative
Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.
March 2005
R. Smith - University of St Thomas - Minnesota
22