Transcript security2

Network Security
 Understand principles of network security:
 Cryptography
and its many uses beyond
“confidentiality”.
 Authentication.
 Message integrity
 Non-repudiation
 Key distribution.
 Security in practice:
 Firewalls
 Security and protocols in application, transport,
network, and link layers (NAT, IPSec, SSL,
Kerberos, etc)
1
Security in network layers
2
Common Security Attacks
 Packet sniffing: To gain access to cleartext network data and
passwords


Impersonation: To gain unauthorized access to data or to create
unauthorized e-mails by impersonating an authorized entity
Denial-of-service: To render network resources non-functional
 Replay of messages: To gain access to information and change it
in transit
 Guessing of keys: To gain access to encrypted data and
passwords (brute-force attack)
 Port scanning: To discover potential available attack points
3
What is Network Security?
Confidentiality: only sender, intended
receiver should “understand” message
contents
Authentication: sender, receiver want to
confirm identity of each other
Message Integrity: sender, receiver want to
ensure message not altered without
detection
Non-Repudiation: being able to prove that
the sender did send the message
4
A Security Example: Alice, Bob, Trudy
 Alice and Bob want to communicate “securely”.
 Trudy (intruder) may intercept, delete, add
messages, and so on to disrupt their communications.
5
Who Might Alice and Bob Be?
 Users
 Web browser/server for electronic
transactions (e.g., on-line purchases)
 On-line banking client/server
 DNS servers
 Routers exchanging routing table updates
6
Cryptography Definitions
 Encryption is a process by which a message
(called plaintext) is transformed into another
message (called ciphertext) using a
mathematical function and a special encryption
password (called a key).
 Decryption is the reverse process
7
Cryptography Definitions
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
8
Symmetric (Secret) Key Cryptography
 Same key decrypts and encrypts information.
 The encryption functions used need not be
secret, but the keys used must be secret
 Sender and receiver must agree on the key
before secured communication starts
 The encryption and decryption functions used
can be the same or different.
9
Symmetric Key Cryptography: Key Issues
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
Symmetric key cryptography: Bob and Alice
share the same (symmetric) key: K
 Question: How is the agreed upon key
distributed to both Bob and Alice in a secure
fashion?
10
Symmetric Key Cryptography: DES
DES: Data Encryption Standard
 US encryption standard
 56-bit symmetric key, 64-bit plaintext input
AES: Advanced Encryption Standard
 Newer (November 2001) symmetric key replacing DES.
 128, 192, or 256 bit keys, 128-bit plaintext input
 Brute force decryption (trying each key) would take 1
second on DES, but would take 149 trillion years for
AES.
IDEA: International Data Encryption Algorithm
 64-bit input, 128-bit keys
 Stronger, more efficient than DES.
11
Public Key Cryptography
Symmetric key
cryptography
 Requires both the
sender and receiver to
know the shared
secret key.
 Question: how do
they agree on the key
in the first place
(particularly if they
have never “met”)?
Public key cryptography
 Sender and receiver do
not share secret key.
 Public encryption key
known to all.
 Private decryption
key known only by
the owner.
12
Public (Assymetric) Key Cryptography
 Keys are generated in pairs.
 Public key is publicly registered so everyone knows it,
and private one is kept secret by the owner.
 Each key can decrypt what the other encrypts, but
not what it encrypts itself.
Important properties of key generation:
 There is a one-to-one correspondence in the
generated key pairs – if one key can decrypt a
message, it must have been encrypted by the other.
 It must be extremely difficult, if not impossible, to
deduce the private key when given a public key.
13
Public Key Cryptography
+ Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
14
Public Key Encryption Algorithms
 Diffie-Hellman: the first public key approach
proposed.
 RSA: the best known public key system,
developed by Rivest, Shamir, and Adleman
(hence RSA).
 DSA: Digital Signature Algorithm, developed by
the U.S. National Security Agency (NSA).
15
Symmetric vs. Public Key Cryptography
Which method provides stronger security?
Which method is more convenient?
Which method performs better?
 Ideally, we would like to combine the strengths
of symmetric and public key cryptography, and
avoid their weaknesses:
We want the efficiency of symmetric cryptography
combined with the ease of use and convenience of
public key cryptography.
16
Hybrid Secret-Public Key Cryptography
 When two parties want to communicate
securely, public key cryptography is used to
exchange a random symmetric session key.
 To communicate, symmetric cryptography is
used with the session key.
 When done, both parties destroy the session
key.
17
Hash functions/Message Digests
 Message digest is a special kind of checksum
produced using cryptographic means.
 Typically produced from a one-way hash
function that is difficult to reverse or predict.
 This function takes the entire input and reduces
it to a small value of fixed length, typically 128
to 512 bits in length.
 Must be collision-resistant: must be difficult
for 2 messages to produce the same digest
 Encrypted hash (MAC) is used to ensure
authentication and integrity
18
Message Digests: Hash Function Algorithms
 MD5 hash function widely used
 SHA-1 is also used.
 Issues in both MD5 and SHA-1 have been found in
recent years though
 These algorithms are now being phased out more
quickly in favour of other, newer approaches like
SHA-2.
19
Authentication and Integrity
 Authentication is the process of proving one’s
identity to someone else.
 There are three main ways of authenticating
an individual:
Something you know
 Something you own
 Something you are

 Message integrity: ensuring that a message not
altered without detection.
20
Digital Signatures
We would like to have a cryptographic technique
analogous to hand-written signatures.
 This digital signature is verifiable and not forgeable:
recipient (Alice) can prove to someone that Bob, and
no one else (including Alice), must have signed the
document.
 Hash encrypted by a private key is a digital signature
that is then attached to the original message
 By signing only the digest, we have the same level of
security, as the digest is tied to the message, with
less encryption and decryption overhead.
21
Signed Message Digests as Digital Signatures
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
22
Signed Message Digests as Digital Signatures
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
KB(H(m))
Bob’s
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
23
Certification Authorities
 With public key cryptography there’s a danger of a
“man-in-the-middle attacks”
 How do we make sure that a particular public key
belongs to a certain entity?
 How can we avoid impersonation?
 The International Telecommunication Union (ITU)
specifies an authentication service and specific
syntax for certificates in X.509.
24
Certification Authorities
 Certification Authority (CA): binds a public key to
particular entity, E.
 E (person, router) registers its public key with CA.



E provides “proof of identity” to CA.
CA creates certificate binding E to its public key.
Certificate containing E’s public key digitally signed by CA
– CA says “this is E’s public key”
Bob’s
public
key
Bob’s
identifying
information
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
+
KB
certificate for
Bob’s public key,
signed by CA
25
Certification Authorities
 When Alice wants Bob’s public key:
Gets Bob’s certificate (Bob or elsewhere).
 Apply CA’s public key to Bob’s certificate, get
Bob’s public key.

+
KB
digital
signature
(decrypt)
CA
public
key
Bob’s
public
+
key
KB
+
K CA
26
Firewalls
firewall
isolates an organization’s internal network
from a larger external network, allowing some
packets to pass, blocking others
27
Packet Filtering Firewalls
All incoming and outgoing packets are examined
according to some parameters (such as
source/destinations IP address and/or port number)
28
Application Layer
Gateway/Firewalls
An application gateway (proxy) is an application-specific server
through which all application data (inbound and outbound) must
pass.
29
IPsec: Network Layer Security
 Network-layer secrecy:
Sending host encrypts the
data in IP datagram.
 TCP and UDP segments;
ICMP and SNMP
messages.
 Network-layer authentication
 Destination host can
authenticate source IP
addresses.
 Two principle protocols:
 Authentication header
(AH) protocol
 Encapsulation security
payload (ESP) protocol

 For both AH and ESP
protocols, the source and
destination handshake:
 Create network-layer
logical channel called a
security association (SA).
30
Authentication Header (AH) Protocol
 Provides source
authentication, data
integrity, but not
confidentiality.
 AH header inserted
between IP header,
data field.
IP header
AH header
data (e.g., TCP, UDP segment)
31
Encapsulation Security Payload (ESP) Protocol
 Provides secrecy, host
authentication, and data
integrity.
 Packet data and the ESP
trailer are encrypted.
authenticated
encrypted
IP header
ESP
ESP
ESP
TCP/UDP segment
header
trailer authent.
32
Secure Sockets Layer (SSL)
 Transport layer
security to any TCPbased application using
SSL services.
 Used between Web
browsers, servers for
e-commerce (shttp).
 Security services:



Server authentication.
Data encryption.
Client authentication
(optional).
 Server authentication:
 SSL-enabled browser
includes public keys for
trusted CAs.
 Browser requests
server certificate,
issued by trusted CA.
 Browser uses CA’s
public key to extract
server’s public key from
certificate.
33
SSL (Continued)
Encrypted SSL session:
 Browser generates
symmetric session key,
encrypts it with server’s
public key, sends
encrypted key to server.
 Using private key, server
decrypts session key.
 Only the browser and
server know session key.

 SSL can be used for
non-Web applications,
e.g., IMAP.
 Client authentication
can be done with client
certificates which
have also been issued
by CAs.
 SSL serves as a basis
for TLS protocol
All data sent into TCP
socket (by client or server)
encrypted with session key.
34
VPN
 A virtual private network is an extension of an
enterprise's private intranet across a public network
such as the Internet, creating a secure private
connection, through a private tunnel.
35
Kerberos
 an encryption-based security system that
provides mutual authentication between the
users and the servers in a network
environment.
 Authorization can be implemented
independently from the authentication
 a ticket-granting server (key distribution
center) acts as a mutually trusted third
party
36
Key Distribution Centers (KDCs)
 Alice, Bob need shared symmetric key.
 KDC: server shares different secret key with each
registered user (many users).
 Alice, Bob know own their symmetric keys, KA-KDC and
KB-KDC , for communicating with KDC.
KDC
KA-KDC KP-KDC
KB-KDC
KX-KDC
KY-KDC
KA-KDC
KB-KDC
KZ-KDC
37
Key Distribution Centers (KDCs)
Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC
generates
R1
KA-KDC(A,B)
Alice
knows
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
Bob knows to
use R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as
session key for shared symmetric encryption
38